Let me setup the scenario for you. You've been using a golden image vDisk assigned to several target devices for a while and everything is working without issues. Sooner or later, the time comes when you have to update your hardware drivers on the golden image vDisk.

No problem, right?

You simply boot up your master target device that you used to capture the golden image, apply the updates, take a snapshot of the disk to your golden image vDisk, and all is well.

This would be true expect for one issue. What if the master target device you used was no longer available along with the disk that you took the snapshot from?

Why not have make copy of the vDisk, change the vDisk image mode to private, assign it to a new master target device, and apply your updates? Well, if you're like me and use virtual hardware, then the update will include network drivers. If you update your network drivers while attached to any vDisk, you will disconnect your network connection which in turn disconnects your vDisk. I'll be the first to admit, I've done this before and quickly realized the error of my ways

So what do you do? Fortunately there is a way to recover and it's an easy one.

1. Create a guest VM on your hypervisor using a template that contains the same operating system as your golden image vDisk. This will insure the disk is already formated, for example, to NTFS. You will also want to make sure the disk is the same size or larger then your golden image vDisk
2. Change the primary boot device on the guest VM to boot from the network card
3. Add the guest VM as a target device within the Provision Server console
4. Assign the golden image vDisk to the target device and set the boot order to vDisk
5. Once the guest VM is booted, double check that your primary disk is your vDisk and the secondary is your disk assigned within the guest VM
6. Run the Provisioning Server Image Builder to create a snapshot of the vDisk. Make sure your Source drive is your golden image vDisk and your Destination drive is your formatted guest VM disk
7. Once the snapshot completes, you now have an exact copy of the golden image vDisk on your guest VM disk
8. Within the Provision Server console, change the boot order of your guest VM to Hard disk, and reboot it
9. When the guest VM comes up, it should be booting from the snapshot of the golden vDisk.

Congratulations, you've just officially recovered your golden image vDisk to a local disk. You're now free to update when needed without issue.

Let me know if you have any questions. Just post a comment and I'll reply back.

Kind Regards,
Matt

As with my previous blog post, UNOFFICIAL means UNSUPPORTED!

Do not contact Citrix Technical Support with questions/issues with this post. Please submit your questions/comments below.

With the recent launch of the Citrix Receiver for the iPhone 1.0 at Synergy, I've had several customers ask me how to configure it for the Access Gateway Enterprise. In version 1.0, only the Access Gateway Standard Edition is supported, but this will soon be addressed in future versions of the client. Is there a way to address this now? The answer is yes, but it's unsupported! If you are using the Secure Gateway functionality within the Access Gateway Enterprise, there is a way to get this to work.

First, take a look at the following articles to familiarize yourself with what is supported today:

Getting Started with Citrix Receiver for the iPhone
http://support.citrix.com/article/ctx120601

Citrix Access Gateway Standard Edition Setup for Citrix Receiver for the iPhone 1.0
http://support.citrix.com/article/CTX121093

So how do you get this to work on the Access Gateway Enterprise edition? In a nutshell, you configure a virtual server with a session policy that mimics the Secure Gateway/ICA Proxy configuration. Instead of pointing your session profile to your Web Interface site, you point it to your XenApp Services (AKA PNAgent) site. Configuring XenApp Services for Secure Gateway (Gateway Direct mode) can be found in the Web Interface 5.1 Administrators guide located here:http://support.citrix.com/article/CTX118984
You'll have to disable authentication on the virtual server and allow Web Interface/XenApp Services to handle the authentication. This is not a best practice since you are allowing unauthenticated (this does not mean unencrypted) traffic to be proxied to your Web Interface site. The best practice recommendation is to authenticate at the Access Gateway and pass the credentials to the Web Interface landing page. That functionality is not supported today in the 1.0 client.

My Lab Environment
XenApp 4.5 with HFRU2 on Windows 2003 32bit Sevice Pack 2
Web Interface 5.1 on Windows 2003 32bit Service Pack 2
Access Gateway 9.0 build 66.12
Firewall with a single hop DMZ

Assumptions

• You're familiar on how to properly setup a virtual server on an Access Gateway Enterprise for Secure Gateway/ICA proxy mode. If you're not, take a look the following documents: http://support.citrix.com/product/ag/eev9.0/#tab-doc

• You have a working Access Gateway and XenApp deployment already in place for external access

Nuts and Bolts
The quickest way to get the environment up and running is to copy your current session profile for Secure Gateway/ICA Proxy and make some modifications. Simply select the existing session profile from your session profile list, right click and select copy. Then click on Add and a copy of your profile will appear.

Below are the screen shots of my session profile that I created:

In the "Published Applications" tab, make sure the URL is pointing to the same URL that is configured in the XenApp Services site. Do not include the 'config.xml' in this path.

Assign the newly created session profile to your existing session policy. Disable authentication on the virtual server.

On your iPhone, open the Citrix Receiver 1.0 and configure the following:

Address:
https://hostname.domain.root/Citrix/PNAgent#/config.xml
Example: https://webinterface.company.com/Citrix/PNAgent1/config.xml
Use the same path that you specified under your "Published Applications" session profile, but include the config.xml

User Name
Enter your domain user name

Password
Enter your domain password

Domain
Enter you Active Directory domain name

Citrix Access Gateway
Leave this set to OFF

Here is a screen shot:

Once you have everything configured, click on Next in the upper right hand corner and your list of applications should appear. If it doesn't go through the first time, try a submitting a second time. Most of the time it goes through on the first attempt, but sometimes it takes two attempts.

Let me know if you have any questions in regards to this post. I didn't develop the code, so I can't address anything specific about it.

Kind Regards,
Matt

POCs are an activity that sales engineers perform on a routine basis.  It's the best way to show the value of a product within a customer's environment.  I created this guide to help anyone (Citrites, partners, customers) who is interested in setting up a POC of EdgeSight 4.5.

Are my notes perfect?  It would be nice to be perfect, but I'm human.

Should you deploy this in a production environment?  Never

Can I contact Citrix Tech Support for assistance with this document?  Unofficial = Unsupported

If you have any questions, compliments, corrections, etc. about this document, please post a comment to the blog and I will respond.

Download the POC Guide here.