News, tips, and tricks from the XenApp product team
A couple months back I posted a blog on running OCS 2007 on XenApp. In it I highlighted a couple of known issues (doesn't support voice or video at this time), but I also posted a feedback received from customers that the user status changes intermittently. E.g., Communicator will change your status to "Away" even if you are online and available. If you have experienced this annoyance, it appears this issue (sporadic presence change) has been addressed in Microsoft's April 30th update for OCS 2007. You can find more information about this update here: http://support.microsoft.com/kb/951662/
This whitepaper recently released by out guys in consulting covers the design considerations on how policies can impact your XenApp (Presentation Server) 4.5 environment...
---
There are numerous ways to apply a configuration or security setting onto a group of servers within a Citrix Presentation Server environment. Because policies are so unique, diverse and customizable, there is no single, correct method toward policy design. However, this document will give the key areas to consider when deciding on the appropriate approach to implementing a setting using a policy.
This design consideration will look at the following types of policies and the comm on practices associated with them:
- Citrix Presentation Server policies: These policies are defined within the management console on Presentation Server and only apply to connections using the Citrix ICA protocol but not the Microsoft RDP protocol. Presentation Server policies also allow for the configuration of Presentation Server-specific options like Session Printers and Progressive Display. The power of these policies is that they have the ability to be filtered based on users, location and even the method for launching the published applications. Many of these filters are only available within Presentation Server.
- Active Directory Policies: These policies are configured within Active Directory. They are applied to organizational units (folders), domains, sites, etc. within the Active Directory structure. A single Active Director y policy can consist of a computer policy and a user policy. A computer policy consists of settings that affect the physical computer and impact all users logging onto the computer while a user policy affects the user and is applied on all systems the user logs on to. Local server policies and custom policies are types of Active Director y policies and are described as:
- Local Server Policies and Settings: Local Server policies are similar to Active Directory policies, except they are managed on a server-by-server basis and configured locally on that specific server, where Active Directory policies are managed centrally and can impact hundreds or thousands of users or computers with a single application of a policy.
- Custom Active Directory Policy Templates: Custom ADM templates, like the Citrix icaclient.adm template, are Active Directory or Local Server policies used to make configuration settings. They can be custom registry settings or simply standard policies re-organized as two examples. The concept of custom templates is supported, but depending on the author of the custom template, supportability by either Citrix or Microsoft might not be available. Organizations will have to verify the supportability of custom ADM templates. Also, any custom template used might already have settings configured, potentially causing issues with the environment. It is highly recommended to test custom policies in a test environment before implementing in production.
- Local Server Policies and Settings: Local Server policies are similar to Active Directory policies, except they are managed on a server-by-server basis and configured locally on that specific server, where Active Directory policies are managed centrally and can impact hundreds or thousands of users or computers with a single application of a policy.
The following five areas are the basis f or the design decisions for an enterprise deployment of Presentation Server. These types of policies will be impacted by the following design areas:
- Policy Type
- Policy Integration
- Policy Filters
- Policy Prioritization
- Policy Precedence
If you have been following some of the recent blog posts about Nirvana Devices and Nirvana Phones, you can get a better idea of what we are talking about in this video clip. Conceptually the Nirvana Phone takes the Smartphone to the next level by solving the existing limitations of small screens and keyboards. There are now some new devices that are close to making this possible, especially in combination with a Virtualized Desktops and applications like XenDesktop and XenApp.
Stay tuned for more videos and demos of the state of the art in Nirvana Phones , or better yet register for Citrix Synergy and try them for yourself, you may even win one !
Citrix XenDesktop and Citrix XenApp now offer customers two different computing models for centralizing their client computing. I have had about a dozen or so customer conversations regarding where the best use of each technology is. I want to share that with everyone.
People ask me whether the IT and business problems to centralize have changed. The answer is - they have not. Costs, compliance/security and flexibility for access remain to be IT challenges that centralization can solve. If you think about the culprit that keeps the TCO of desktops high, it is application deployment and management.
The two problems that customers have been able to successfully address with XenApp are:
1. Delivering appa to users anywhere - typically customers start with virtualizing problem apps and grow their XenApp usage overtime.
2. Virtualizing the full desktop with all the apps - it has worked great for task based workers who use standardized locked down environments with few apps.
Overtime, XenApp has addressed several key challenges in addressing those requirements including scalability (via 64-bit), app compatibility (via app isolation environments any app can be made compatible with XenApp), graphics (via SpeedScreen), performance monitoring (via EdgeSight) and offline support (via portable app virtualization/streaming). This has enabled an even broader use of XenApp for virtualizing more apps within existing XenApp customer base.
Now, XenDesktop enables our customers to expand desktop virtualization to not just task workers (served via XenApp shared desktops) but also office workers (VM/Blade based dedicated desktop). However, dedicated desktops always come at a cost. The cost is reflected in the user density per server. Where as a dual core XenApp server can serve 100 shared desktops, XenDesktop can serve about 10-12 users per dual core server. So, the cost of hardware required per user goes up from $25-$50 for XenApp to about $250-$350 per user on XenDesktop. Hence, the XenApp based shared desktops will always be the most cost effective way to deliver virtual desktops.
Both models have their merits and limitations. As stated XenApp serves desktops in the most cost effective manner and is best suitable for task based workers. The limitation for XenApp is around personalization capabilities - end users cannot fully personalize their environment, which is a need for mainstream office users. XenDesktop, on the other hand, is best suited for virtual desktop delivery for mainstream office worker. The real limitation lies in offline access requirements, or advanced peripheral support.
LAST BUT NOT THE LEAST - delivering applications using XenApp radically lowers TCO of BOTH physical and virtual desktops by enabling IT to centralize the apps and never install them with the desktop. There are different benefits for physical PCs and virtual desktops.
With physical PCs, benefits of using XenApp are:
1. Increases the life of PCs
2. Enhances application and data security
3. Enables app delivery anywhere using any device
4. Lowers the cost of application management
With XenDesktop (virtual desktops), benefits of using XenApp are:
1. Dynamic provisioning of virtual desktop implies that a user's desktop always stays pristine with no apps installed - all apps are delivered (using streaming or hosting technologies) enabling an on demand assembly of personalized desktop at the time when a user logs on.
2. Predictability and Capacity planning on VDI - Separating all LOB apps that have unpredictable (problematic) resource requirements, and running them on separate XenApp servers, prevents over-provisioning the VDI server architecture and can reduce the number of servers required for virtual desktops, improving the TCO of virtual desktops.
3. Application and license management - each app can be controlled granularly. You have complete visibility into who has access to the applications and who accessed which application when.
In summary, IT now has two excellent options (XenApp and XenDesktop) for building their virtualization infrastructure to meet the needs across all their use cases:
Task workers - use thin clients with shared desktops delivered via XenApp
Mainstream office workers - use desktop appliances with dedicated desktops delivered via XenDesktop
Mobile users - use XenApp to deliver all streamed or hosted apps for both connected and offline access
At Synergy (http://www.citrix.com/synergy), this topic will be discussed at length. Come visit us!
I've been spending quite a bit of time digging into the topic of how to optimize the performance of Adobe Flash content (animations and videos) when using a web browser hosted on Citrix XenApp (see Parts 1, 2, 3 and 4 of this series). Here's a secret for optimizing Flash performance that will seem totally counterintuitive. Actually, this one took me by complete surprise...
From my blog post on SpeedScreen Browser Acceleration ("SpeedBrowse" for short), you might have picked up on the fact that there is an incompatibility between this feature and Flash content. Delving into this, I recently learned that if Internet Explorer running on XenApp will be used to access a web app or web site(s) with Flash content, it is best to turn SpeedBrowse off. Why?
When Internet Explorer encounters Flash content, it switches to an off-screen rendering and compositing mode. In this mode, SpeedBrowse is prevented from tracking how images get drawn onto the off-screen surface and then to the real display surface (bit block transfers). From then on, JPEG and non-transparent GIF images will be sent over the wire twice; over the SpeedBrowse virtual channel (but never used) and over ThinWire to draw them. As a result, more bandwidth is consumed than necessary.
To avoid this interaction issue, I recommend that you review how your organization uses Internet Explorer on XenApp. On servers where IE is used only to access specific web apps that don't utilize Flash, you'll want to keep SpeedBrowse enabled. But if you're publishing Internet Explorer for general web browsing or to access web applications with Flash content, I recommend turning SpeedBrowse off. This can be done at the server or farm level.
As you would expect, a mitigating hotfix is now in the works (in fact, it has already been incorporated into XenDesktop 2.0). I'll keep you posted as we make further progress on this issue.
Another option to consider (dare I go there?) is to turn Flash off. Again, you'll want to carefully consider how Internet Explorer is used in your organization before making this choice. If IE on XenApp is intended to be used just to access specific web sites, you may determine that the Flash content on those sites is not particularly important. Or, like MSN.com, the site may be designed to provide alternative content if Flash isn't available. You could then choose to turn Flash off in order to maintain the benefits of SpeedScreen Browser Acceleration. There is an article in the Citrix Knowledge Center that provides instructions for disabling Flash (document ID CTX110407).
If you have any feedback on this blog post or the others in this series, please share your comments! If you are able to measure a change in bandwidth consumption after following my recommendations above, please share your results. And I'd love to hear your views on the importance of further optimizing Flash performance and your use cases for published web browsers.
Derek Thorslund
Product Strategist, Multimedia Virtualization
Out of curiosity I decided to collect the communication ports for any given technology within the Citrix XenApp platform.... It turned out I didn't have to look much further, I found them on Vinny's blog, posted a while back right here on the Citrix blogs, however his post only got a handful of views, since I think Vinny did a great job and tons of people need this kind of information, I'm extending his collection and sharing it out with a broader audience...
This is an extremely helpful list to have always handy:
Application Performance Monitoring (powered by Citrix EdgeSight)
- EdgeSight Agent to Edgesight Server - TCP 80/443 (Payload and alerts)
- EdgeSight Web console (non-IMA) to RSCorSvc on EdgeSight Agent - TCP 9035
- EdgeSight Agent internal communication - TCP 9036 (client-side database)
- EdgeSight database - SQL 1433 (configurable)
Client-side Application Virtualization -
- Streaming Client to Application Hub (File Server/Share) - SMB 445
EasyCall
- To client - HTTP(S)-TCP 8443 (PSync)
- To Admin console (non-IMA) - TCP 443
- To LDAP Directory- TCP 389
- To PBX - port varies by vendor
Independent Management Architecture (IMA) Services - TCP 2512, 2513
Licensing Service - TCP 27000, 27009 (configurable)
Server-side Application Virtualization
- Management Console (Using IMA) - TCP 2512, 2513
- Application requests - TCP XML 80, 8080 or 443 (configurable)
- Access to Applications Virtualized on the Server - ICA-TCP 1494, 2598 (Session Reliability)
Single Sign-on (powered by Citrix Password Manager)
- Management Console (non-IMA) or Agent to Password Manager Service - TCP-443
- Management Console (non-IMA), Agent or Service to credential store
- Network File Share Credential Store - TCP/UDP 445 (CIFS) or TCP/UDP 135-139 (NetBIOS)
- Active Directory Credential Store - TCP/UDP - 389, 636, TCP - 3268, 3269
- Novell File Share Credential Store - TCP/UDP - 524
SmartAccess (powered by Citrix Access Gateway)
- Standard and Advanced Edition
- Client connections- TCP-SSL 443 (configurable)
- Advanced Access Control (AAC) to Appliance communication - TCP 80 or 443 (configurable), 9001, 9002, 9005
- Management Console
- to Appliance (non-IMA) - 9001, 9002, 9005
- to AAC - IMA-TCP-2513
- Enterprise Edition
- To client - SSL-TCP 443
- To internal network - SSL-TCP 443, Native Authentication port (i.e. RADIUS 1812, LDAP 389), Native application ports (i.e. ICA-1494)
- Management console (non-IMA) - SSH-TCP 22, HTTP(S)-TCP 80/443
SmartAuditor
- Management (non-IMA) - Use local console on Agent or on Server.
- Agent to Broker (Recording and Policy Check) - TCP 80/443 (configurable)
- Player to Broker - TCP 80/443 (configurable)
- Agent to Server (Metadata and Video)- Microsoft Message Queuing,
- Default - TCP: 1801; RPC: 135, 2101*, 2103*, 2105*; UDP: 3527, 1801 (*These port numbers may be incremented by 11 if the initia choice of RPC port is being used when Message Queuing initializes. A connecting QM queries port 135 to discover the 2xxx ports.)
- Over SSL- TCP 80,443
WAN Optimizer -Guidance provided was to get it from Admin Guide
- Appliance to Appliance - Pass-through native application port (e.g. ICA-1494, HTTP-80, LDAP-389)
- Management Console (non-IMA) - TCP 80
- Client to Appliance - TCP 443
Web Interface
- Client connections - TCP 80/443 (configurable)
- Server-to-server - TCP XML 80/8080, 443 (using SSL Relay)
Management console (partially IMA) - DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443
---
! Please be advised that these have been gathered from product documentation and can change on future product releases. 
---
Nice work Vinny boy! 
Keep an eye on this guy's blog!!!
Cheers,
Gus Pinto
Microsoft MVP - Virtualization
Twitter/GusPinto
Citrix XenApp Platinum Reference Design is an independent publication originally created by Rick Dehlinger the CEO/Chief Technologist of the iQurious Corporation in 2004 / 2005. From 2005 through 2008 Roddy Rodstein maintained and re-distributed the publication.
I'm honored to have both these brilliant minds as close friends of mine.
If you don't know Rick, you're probably new to this industry or have been kept far away from all technical conversations around Citrix. Rick is one of Citrix's Technology Professionals - a true community leader and CEO of a Citrix partner company named iQurious where he applies his revolutionary technical vision around App Delivery.
Roddy Rodstein is a world-class technical guru for Citrix products, he's been the most active and renowned SEs in the community while working for Citrix; Roddy recently started his own company named SE Outsourcing.
--
This Paper is a complete guide covering every aspect of XenApp Platinum; If you have Citrix XenApp currently implemented or you're thinking of delivering your applications using XenApp technology this is a must read!
Fantastic Job Guys, you know I'm a big fan!
To download the whitepaper visit: http://seoutsourcing.com/node/28
Cheers,
Gus Pinto
Twitter/GusPinto
Alright, latelly I have received quite unsual number of emails from readers asking about virtualizing and remoting usage when deliverying Microsoft Office 2007.
Office is the application most frequently delivered with XenApp.
I will share two papers on this topic today.
One to show some of the many benefits of delivering Office applications with XenApp. It will also explain how XenApp can eliminate challenges associated with migrating to the new Office builds, allowing you to deliver the new versions immediately and at a fraction of the cost of a traditional deployment.
Download: Using XenApp 4.5 to rapidly deliver Office 2007
And for those looking for more information on how to deliver Office 2007 using XenApp streaming technology, you can download this advanced guide that has every technical detail needed.
Download: Streaming Office 2007 using XenApp 4.5
Hope this helps!
Cheers,
Gus Pinto
Ps. Hi Mom! Happy Mother's day!
I get the impression that Microsoft is playing in a lot of different sandboxes. Even if you are just looking at the products they are launching in 2008 - Windows Server 2008, Visual Studio, Sharepoint, Silverlight - you will see great breadth, and a very compelling story. Microsoft's epic tale brings our heroes across a wide landscape of current IT thought, considering virtualization, security, business continuity, and user experience, to name a few. But the telling of the story is refreshing, in that Microsoft recognizes that their story is not the whole story. Yes they present a complete integrated platform that covers the pillars of customer needs. But Microsoft recognizes that it's important to build on the platform. Interoperability, by Design, reigns.
Our presenter stated that 96% of Microsoft's revenues come from their partners. These partners customize the Microsoft solution to meet customer needs far beyond the out-of-box solution. To paraphrase our presenter's comments about a security solution: if you have an existing solution, for instance Cisco, that's great! We're happy. But if you don't, MS Network Access Protection and MS Forefront are the place to start. Or, his response to a question about XenApp and Microsoft's new Virtualization Capabilities: Citrix and Microsoft have enjoyed a partnership for many years, Citrix will always be around, providing more bells and whistles. If you want more than the basic functionality, you need Citrix.
Written live from the Microsoft Launch Event in Fort Lauderdale FL, May 6th 2008.
I don't believe this footage ever made into the web.
This is a short video from the day Citrix announced the name change durring Summit 08 and the crowd's reaction was trully impressive, I remember seating all the in the back and I could only hear people yelling, shouting, and whistling for like a minute or two.
If you still doubt Citrix made the right choice, I would highly recomment watching this video.
Cheers,
Gus Pinto
Twitter/GusPinto
Page: 1 2 3 4 5 6 7 8 9 10 11 Next >>
