Citrix is sponsoring SAP TechEd 09 in Phoenix! Starting on October 13th at the Phoenix Convention Center, Citrix will showcase our desktop virtualization solutions and promote our recent Citrix Delivery Center POC produced jointly with SAP and onsite at SAP Labs in Palo Alto.

Don't miss your chance to learn about our desktop virtualization vision and how our solutions work alongside SAP solutions.

If you're planning to be at SAP TechEd, stop by the Citrix booth (#211) to meet with the team and learn how we're working with SAP to improve application delivery and user experience. Learn more about SAP TechEd or register to attend here.

Visit the Citrix Community for SAP to stay up-to-date on the latest partnership information...and don't forget to follow us on Twitter!

By now, you've probably been hearing or reading a lot about Citrix's relationship with Intel...or at least we're hoping that's the case!

Most of the recent news has been focused on our joint collaboration in the development of Citrix XenClient. XenClient is one of the most exciting projects in Citrix's history and we can't wait to see how the project changes the definition of desktop virtualization. With that said, there are optimization activities currently underway with our Citrix Deliver Center products, such as Citrix XenServer and Citrix XenDesktop that are worth talking about too!

Intel and Citrix have a long history of working together to deliver end-to-end solutions for the enterprise. From how Citrix XenServer works with Intel Xeon processors to how Citrix XenApp and Citrix XenDesktop work alongside Intel vPro technology to our joint development of Citrix XenClient, there is a great story in this partnership.

At Citrix Synergy 2009, Tom James, Business Development Manager, Digital Office Platform Division from Intel presented how solutions and technologies from Intel work with Citrix Delivery Center. For those of you who weren't able to attend Synergy or those who could but didn't have a chance to check out this session, it's available here for your viewing pleasure.

In this webinar you will learn:

• About recent server consolidation testing conducted in the Citrix Lab with Citrix XenApp, Citrix XenServer and Intel Xeon 5500 Series processors
• About the upcoming local desktop virtualization platform - XenClient - Citrix is developing in conjunction with Intel and how we see it changing the client landscape moving forward
• About the other collaboration areas from a technical perspective and how they add customer value
  

Check out the webinar!

As part of the Citrix Technical Support Escalation team that focuses on Debugging/Code analysis, Kapildev Ramlal is constantly learning new technologies and thinking of ways to help improve the support process at Citrix. Kapildev will be presenting the following sessions at Citrix TechEdge during Citrix Summit and Citrix Synergy 2009: End-to-end virtualization with Citrix Delivery Center, with a focus on Citrix XenApp, and then his in-depth session will cover Troubleshooting tools and methodology for Citrix XenApp 5 environments.
Q. How has XenApp improved from a support perspective over the past year?

Kapildev: Over the past year XenApp has improved significantly from a performance standpoint. With the release of hotfix rollup pack 3 for XenApp 4.5 and the release of XenApp 5.0, there has been some tremendous IMA improvements. As we know, IMA is the backbone of XenApp, and is considered the most critical component of the Farm. From our internal stress testing, we have found that IMA is now more stable than it has ever been in the past, so I expect to see less support cases opened regarding performance issues.

Q. What XenApp and Citrix Delivery Center tips will attendees learn at your session this year?

Kapildev: I hope that attendees would pick up several troubleshooting tips and techniques that they can readily use in their own environments. For my session, I've updated several tools and techniques as things have evolved a bit with the release of Windows Vista and Server 2008. For example, I include tips on how to enable local debugging on Windows Server 2008, which can be extremely useful for live debugging and analysis. It is becoming more common to see servers with 16+GB of RAM, so learning how to debug and analyze complex server related issues live, can save precious time on a trip to Citrix or Microsoft.

Q. What new tools or techniques are you using to troubleshoot XenApp?

Kapildev: We have had some improvements with our internal tool development process, and because of them, we now have a lot more public Citrix tools available for use on our Citrix Knowledge Center. These tools not only help automate time consuming tasks, but they also help expedite the time it takes to resolve problems.

Q. What types of cases have you worked on this past year? Why?

Kapildev: I have covered several synchronization and memory related cases over the past year. I believe this is mainly due to the wide variety of applications that can be run on a XenApp server. Because of this, the chances for a rogue application or driver causing problems on a system will be increased. Surprisingly not all of these cases were Citrix problems. In most of these cases, which I have worked on, the problem usually turned out to be a problem with a 3rd party application, and usually that 3rd party vendor already had a fix for the problem.

About Kapildev Ramlal
Kapildev has been with Citrix Technical Support for about five years. He started as a technical support engineer, and had a strong motivation for learning programming, C/C+, and Windows internals. One year later, he transitioned into the Global Escalation team as an Escalation Engineer. On the Escalation team, he's been able to learn debugging user mode and kernel mode Windows components, and has been actively assisting with analyzing complex development analysis cases. He's also developed several software application utilities for Citrix including CDFControl, Print Detective and TSUserLog (to name a few). He holds certifications in Network, A+, MCP, CCA. When he's not learning a new technology, he loves to be playing music.

Do you have an XenApp troubleshooting area that you would like Kapildev to focus on during his presentation? Leave a comment.

Check out more posts in the Citrix TechEdge 2009 series.

Securing Web Applications with an Application Firewall

I have been working with Application Firewalls for quite a few years - many times to protect web applications published in languages and character sets that I didn't understand. Frequently, I have seen these Application Firewall deployment projects get bogged down in pursuit of the perfect policy set.

I have also seen many situations in which this process and application changes actually break these applications.

The NetScaler Application Firewall deployment can also be subject to these issues since the appliance provides extensive application firewall features. Even with the learning capabilities, creating the ideal set of security policies for any application can be a trial and error process that can take significant time.

In this blog, I would like to share an implementation methodology that shortens the deployment, and helps avoid breaking the applications to be protected. Experience has shown that approaching the configuration of the Application Firewall in stages is the key to timely success. This methodology is effective for all types of applications and their needs.

To alleviate the time and risk of varying degrees of policy complexity, break the task into stages. That is, separate the policy configuration into groups of ascending risk.  While some may raise the point that a simplified protection policy set is not complete, it must be remembered that protection stages will build upon each other, and will be better than allowing unfiltered access while all policies are in learning or logging/warning mode.

The benefit of staging is that a basic set of policies are made operational.  Then, the following stages will consist of conducting a repeatable process of "policy tightening" procedures as required by the application.

Stage I

When configuring the NetScaler Application firewall policies, start with some of the basic protections.  Activating the simple, generic policies almost never produce false positives.  These typically include:

• Protect against Cross Site Scripting (XSS) attacks
• Protect against SQL Injection attacks
• Protect against Buffer Overflow attacks
• Prevent Credit Card Leakage
• Prevent access to system files
• Alter the contents of the server headers

Activating these policies will typically not break applications.  As such, a small user community - with etc/hosts overrides - can be used to validate the configuration over a fairly brief validation period.

More importantly, this is a great start. These policies create security effectiveness that can typically be rated as a level seven on scale of zero though nine (you can never get to a perfect "10" in security).

Stage II

The next stage will include applying policies that require more application validation to determine the application specific relaxation adjustments ("policy overrides").

But first, don't forget to ask yourself if this application actually requires tightened policies.

If so, Stage II protections should be sequenced - Cookie Tampering prevention should be blocked first. Then, move on to blocking tampering with the values of parameter and/or hidden form fields.

Start with cookie poisoning prevention ("Cookie Consistency"). It will be likely require the least number of relaxations. This will build on the Stage I successes most rapidly.

To do this, use the learning process to identify the cookies that are legitimately altered between the response and request process. Minimally, relaxations will be required for cookies that are set and modified by third party monitoring services. Again, because of the staging, this learning can happen while the basic policies are in place and actively applying their protection mechanisms.

If further tightening is required, focus on creating policies that prevent users from tampering with the values of parameter and hidden form fields. This is achieved by activating "Field Consistency" learning in the NetScaler application firewall. Depending on the architecture of the application or a frequent use of client side scripting, these policies carry a higher risk of blocking legitimate requests. These policies thus require a more extensive learning period and associated relaxation overrides.

It should also be noted that these Stage II policies and their relaxations do have a tendency to be susceptible to producing false positives as applications change, and should be re-evaluated in conjunction with major application changes.

Stage III and Beyond

If the application is contains super sensitive information, and undergoes frequent changes, further security configuration may be required.

Stage III typically involves enforcing field formats and enforcing user navigation paths. Adding restrictions to field input types, such as date formats, and more, will require further time for learning these application attributes. Be aware that these policies will also be more likely to be sensitive to application changes.

Enabling the "Start URL" facility allows users to access only the specifically stated URL types. Due to the flexibility inherent in application architectures, however, these restrictions may require modification to include additional request types present in a particular application.

Lastly, carefully consider activating "URL Closure" to control the flow of access by users. Enforcement of this policy set disallows users from navigating to locations not previously offered by an application response. These policies may require significant application validation if client side scripts modify URLs, or if FLASH objects contain links.

The above policies tend to bend the needle towards the nine level and will be more likely to cause false positives during policy refinement or when the application changes. Leaving these to Stage III, however, allows continued protection afforded by the policies of Level I and Level II during the refinement, however.

Summary

Personally, when I plan my application firewall deployments, I always attack the assignment in the phases outlined above. I focus on the quick return policies first. Then I take time to consider if the sensitivities of the specific application even warrant the extra effort of going all the way to Stage III. This last question can produce some interesting answers that pit my application security ideals against the practicalities driven by the depth of my current to-do list.

And then, of course, this staged approach may be completely ignored in situations in which a specific application just suffered from an attack through a specific Level III vulnerability. Such situations may warrant overriding the staged approach and focusing on addressing the impacted vulnerability immediately.

Also, don't forget to sign on to MyCitrix and download the Application Hacking Kit and actually try some of the most common application attacks on the BadStore application!

Nelson Esteves has moved through the ranks as part of the Citrix Technical Support team. He started out as a level one support engineer on the XenApp team, and now is an Escalation Engineer for the NetScaler and Advanced Access Gateway (AAG) support team. Nelson will be presenting the following sessions at Citrix TechEdge during Citrix Summit and Citrix Synergy 2009: End-to-end virtualization with Citrix Delivery Center, with a focus on Citrix Access Gateway, Enterprise Edition (AGEE), and then his in-depth session will cover Integrating and troubleshooting Citrix Access Gateway, Enterprise Edition.
Q. How has AGEE improved from a support perspective over the past year?

Nelson: AGEE has evolved to a bigger and better product. With the 9.0 release we are able to meet most of users demands such as full Microsoft SharePoint Integration as well as Branch Repeater acceleration. From a support perspective, the new filtering capabilities of network tracing on the appliance is great not to mention the ability for more granular control such as choosing packet type and size.

Q. What AGEE and Citrix Delivery Center tips will attendees learn at your session this year?

Nelson: During the breakout session, attendees will learn with great detail how pre and post-authentication scans work and how to configure them properly. They'll also learn how AGEE integrates with XenApp via Web Interface. I'll show what's involved on the login process to Web Interface and how Smart Access works in the background. In addition to all that they'll learn how to successfully decrypt a network trace and how to troubleshooting SSL errors when launching a published application via a pre-recorded troubleshooting video. The CDC presentation will explain how AGEE integrates with XenDesktop as well as Web Interface and NetScaler.

Q. What new tools or techniques are you using to troubleshoot NetScaler?

Nelson: The new filtering system when taking network traces was a great addition, and it made troubleshooting a lot faster since we can now select what we want to filter instead of having to handle very large network trace files.

Q. What types of cases have you worked on this past year? Why?

Nelson: I have handled cases related to VoIP issues via the VPN, SSL Errors when launching applications, Microsoft SharePoint integration issues, and several others. Most of the VoIP issues had to do with the software being used since it didn't have an option for VPN configuration. We need to make sure the call manager server receives the VPN user Intranet IP and not its local IP. SSL Errors were due to clients either not having the proper certificates installed or misconfiguration on the AGEE or Web Interface (missing STA, wrong STA URL, missing STA port, etc.). SharePoint integration has been challenging since the release of 9.0, but now we have corrected all the errors we have encountered.

About Nelson Esteves
Nelson has been with Citrix Technical Support for a little over three years. He started as level one support engineer working on core products such as XenApp, Password Manager, Installation Manager and Resource Manager. He was then transferred to the Web Security team working with Web Interface and Access Gateway. One year later he was promoted to the frontline NetScaler support team, and about a year after that he became an Escalation Engineer supporting NetScaler, Application Firewall and AGEE. He holds certifications in A+, Net+, MCP, CCNA and CCA for Citrix NetScaler 8 Platinum Edition. He's also pretty quick on his feet, as an amateur soccer player, and has played in local tournaments and traveled with the Florida select team.Do you have an AGEE troubleshooting area that you would like Nelson to focus on during his presentation? Leave a comment.

Check out more posts in the Citrix TechEdge 2009 series.

As part of the Citrix Technical Support team, Jacob Salassi is not only a senior escalation engineer, he's also an appliance technical relationship manager (TRM). Jacob gave us a glimpse into the following sessions he'll be presenting at Citrix TechEdge during Citrix Summit and Citrix Synergy 2009: End-to-end virtualization with Citrix Delivery Center, with a focus on Citrix NetScaler, and then his in-depth session will cover Advanced troubleshooting of Citrix NetScaler.

Q. How has NetScaler improved from a support perspective over the past year?

Jacob: With the release of 8.1 and 9.0 we have seen big gains in overall feature sets, UI improvements, and stability improvements. Along with that have come enhancements and additions to logging (TCP logging for example), and the various tools we in support employ to troubleshoot issues. A hotly awaited change in 9.0 was the addition of the ability to use filters in nstrace.sh which allows us to capture much smaller sniffs and avoid post-capture filtering while still preserving the entire session and its related packets.

Q. What NetScaler and Citrix Delivery Center tips will attendees learn at your session this year? 

Jacob: My sessions will take an administrator through overall troubleshooting methods and techniques, to a simple XenApp deployment example, and then to troubleshooting that same deployment using the techniques that have been learned.

Q: What NetScaler Tech Tip can you give people now?

Jacob: Always disable unused interfaces on BOTH nodes of an HA pair. It's common for administrators to forget about the secondary node which may cause HA to behave improperly in the event of a failover.

Q. What new tools or techniques are you using to troubleshoot NetScaler?

Jacob: Having more experience and spending more time using and developing troubleshooting tools has been a huge benefit for me. We now have tools to automate many things we had to do manually in the past, and this really helps our customers provide us with the data we need to resolve their issues.

Q. What types of cases have you worked on this past year? Why?

Jacob: I don't like the restrict myself to any particular kind of case, and the issues around NetScaler can be of a huge variety. This year some of the stand out issues have been dynamic routing deployments, as well as some very large, exotic, and sensitive deployments where resolving an issue quickly is absolutely a requirement.

About Jacob Salassi

Jacob's been with Citrix Technical Support for just under two years. His first position at Citrix was as an escalation engineer. He was then promoted to lead escalation engineer, and then to senior escalation engineer where he joined the TRM team. He holds certifications in Citrix Certified Administrator (CCA) for NetScaler. When Jacob is not troubleshooting a hot issue, he's listening to his motorcycle scream around the track at 15,000 RPM.

Do you have a NetScaler troubleshooting area that you would like Jacob to focus on during his presentation? Leave a comment.

Check out more posts in the Citrix TechEdge 2009 series.

 Keith McLaughlin, Escalation Engineer
 
Keith McLaughlin is a Provisioning Server expert on the Citrix Technical Support Escalation team, joining the team when Citrix acquired Ardence about two years ago. Keith filled us in on the two sessions that he'll present at Citrix TechEdge during Citrix Summit and Synergy 2009: End-to-end virtualization with Citrix Delivery Center, with a focus on Active Directory integration with Provisioning Server, and then his in-depth session will be on Planning and implementing a Provisioning Server high availability (HA) solution.

Q. How has Provisioning Server improved from a support perspective over the past year?
Keith: The biggest improvement this year is the addition of the Streaming Service Logs.  These logs, which came out as part of 5.0 SP1 are extremely helpful in narrowing down the issue.

 Q. What Provisioning Server and Citrix Delivery Center tips will attendees learn at your session this year?
Keith: This year's session is focused on High Availability. In the session we are going to go over troubleshooting procedures and explain in depth what happens when a Target Device fails over and how to track that failover through the logs files. For the Citrix Delivery Center session, I'll focus on Active Directory integration with Provisioning Server Standard Image.

Q: What Provisioning Server Tech Tip can you give people now?

Keith: When planning your Provisioning Server deployment, give the Target Devices unique names in the Provisioning Server Console. Do not use the hostname of the machine that is being imaged as the name of the Target Device. This avoids conflicts when booting the Target Device from the Vdisk.

Q. What new tools or techniques are you using to troubleshoot Provisioning Server?

Keith: A year of working with the 5.0 is probably the biggest factor.  5.0 had many improvements over the previous version and many architecture changes.  Also seeing where customers and end users were running into problems and being able to identify the symptoms because of past experiences greatly cuts down on troubleshooting time.

 Q. What types of cases have you worked on this past year? Why?

Keith: As part of the Provisioning Server Escalation group, I have covered a lot of different issues ranging from Active Directory integration to tracking down possible bottlenecks on customers networks that could be causing timeouts on the provisioning server.

 About Keith McLaughlin

Keith's been with Citrix Technical Support for two years.  He holds certifications in Citrix Certified Administrator, CCA, for Provisioning Server and XenServer. During his free time Keith loves playing the guitar, and his favorite artist is Stevie Ray Vaughan.

Do you have a Provisioning Server troubleshooting area that you would like Keith to focus on during his presentation? Leave a comment.

 Want to learn more about TechEdge 2009, www.citrix.com/techedge. Stay tuned for our weekly close-up interviews on the TechEdge presenters.

Posts in this series:

• Citrix TechEdge - Troubleshooting Tips and Tricks

• Interview 1: Close-up with Jamie Baker

• Interview 2: Close-up with Keith McLaughlin  

Jamie Baker, Sr. Escalation Engineer 

Without a doubt one of Citrix Technical Support's top engineers is Jamie Baker. Jamie works with the Strategic Managed Accounts Resolution team, SMART, which handles 24 hour coverage on critical and high priority issues, and he also is a Subject Matter Expert, SME, in various areas such as Printing, Application Streaming and currently the XenDesktop, SME, for the SMART team. Jamie took a few moments out of his busy day of solving customer issues to answer some questions on the sessions that he'll be presenting at Citrix TechEdge.

The sessions he'll be covering are End-to-end virtualization with Citrix Delivery Center with a focus on XenDesktop, and then presenting an in-depth session on XenDesktop 3 architecture and design. TechEdge is the new name for the Citrix Support and Engineering Institute of Technology, CSEIT. The event is hosted by top Citrix Technical Support engineers at Citrix Summit and Synergy, and is the event for troubleshooting your Citrix Application Delivery environment

 Q. How has XenDesktop improved from a support perspective over the past year?

Jamie: The release of XenDesktop 3.0 has closed a lot of issues, added USB device support which was a big need for a lot of customers and provided pool management failover when using XenServer as the desktop hosting infrastructure. The new failover allows the administrator to configure multiple pool masters for the same XenServer pool in the XenDesktop Management Console and if the original XenServer pool master fails, the Pool Management service will fail over to the secondary pool master. This makes the product much more resilient by eliminating a single point of failure, which is always more supportable

Q. What XenDesktop and Citrix Delivery Center tips will attendees learn at your session this year?  

Jamie: We will provide tips on both how to design your XenDesktop infrastructure to take advantage of the new features in XenDesktop 3.0 and how to implement those new features, including USB device support. We will also provide tips on how to configure XenDesktop to take advantage of the robust hosting infrastructure provided by XenServer.

The Citrix Delivery Center Session will highlight how each of the components of the Citrix Deliver Center can integrate to provide secure and robust access to desktops and applications. We'll focus on each product and the features it brings specifically to complement the entire Citrix Delivery Center.

Q. What new tools or techniques are you using to troubleshoot XenDesktop?

Jamie: Besides from having a year's more experience working with customer issues and the new products, we've developed our internal tools to more quickly identify XenDesktop issues. We've updated the CDFControl utility to allow for remote CDF trace on VDA and DDC machines. This allows us to more easily set up a diagnostic trace and resolve issues more quickly.

This year we've also stood up a public symbol server. This allows us to access more diagnostic data through system dumps and memory dumps without having to bring those dump files in house. In time sensitive situations, this can save us hours of time. It also allows customers and other vendors to diagnose issues from dump files more quickly.

Q. What types of cases have you worked on this past year? Why?

Jamie: For me, being on the critical situation team, I've focused on identifying single points of failure and issues that have the potential for wide impact. The pool management service's ability to connect to a hosting infrastructure and to recover quickly in case of an issue with the infrastructure is the biggest issue we tackled this year. As mentioned above, we were able to build in failover when using XenServer infrastructure. The addition of HDX technology has improved multi-monitor display handling as well as USB device remoting and multi-media display.
 

About Jamie Baker

Jamie's been with Citrix Systems for six years, and all of those with Citrix Technical Support. He started out as a first level frontline support engineer, supporting MetaFrameXP. After two years on the phones, he moved to the Escalation team, and a year later moved to the SMART team. Jamie is currently a Sr. Escalation Engineer, and holds certifications as a CCA in XenDesktop and XenApp, as well as a Windows MCSE.

When Jamie isn't working, he loves to spend time with his wife and three year old twin daughters, exploring all the playgrounds that North Georgia has to offer. On Fall Sundays, you'll find him watching the Philadelphia Eagles and trying desperately to control his emotions so he doesn't scare the dog.

Do you have a XenDesktop troubleshooting area that you would like Jamie to focus on during his presentation? Leave a comment.

TechEdge 2009 sessions:

• End-to-end virtualization with Citrix Delivery Center
• XenDesktop 3 architecture and design
• Planning and implementing a Provisioning Server high availability (HA) solution
• Integrating and troubleshooting Citrix Access Gateway
• Enterprise Edition Advanced troubleshooting of Citrix NetScaler
• XenServer disaster recovery and automation
• Troubleshooting tools and methodology for Citrix XenApp 5 environments

Want to learn more about TechEdge 2009, www.citrix.com/techedge. Stay tuned for our weekly close-up interviews on the TechEdge presenters.

Posts in this series:

• Citrix TechEdge - Troubleshooting Tips and Tricks

• Interview 1: Close-up with Jamie Baker
  

What's Citrix TechEdge?

TechEdge, the new name for Citrix Support and Engineering Institute of Technology (CSEIT), started nine years ago as a small in-depth troubleshooting training event hosted by Citrix Technical Support for support agreement customers.  Over the years, this event has grown from 50 customers to over 300 customers and now  provides training to our support agreement customers prior to Citrix Synergy and to our partners as a part of Citrix Summit.  This has become the event for troubleshooting the Citrix Application Delivery environment.

 Meet the support experts who can answer all of your technical questions:

Citrix Technical Support's top Escalation team engineers are hosting the TechEdge 2009 sessions. Here are some interesting facts about the team.

• On average these guys work and close 65 to 100 cases each per year.

• There are a total of 65 engineers on the team, so that's over 5,000 cases total per year.

• The average engineer has ten to fifteen years experience in the IT industry; the most common certifications are CCA and MCSE, ANG NetScaler and AGEE.
  

What they'll cover:

• End-to-end virtualization with Citrix Delivery Center
• XenDesktop 3 architecture and design
• Planning and implementing a Provisioning Server high availability (HA) solution
• Integrating and troubleshooting Citrix Access Gateway, Enterprise Edition
• Advanced troubleshooting of Citrix NetScaler
• XenServer disaster recovery and automation
• Troubleshooting tools and methodology for Citrix XenApp 5 environments  
  
  

Who can attend?
All partners who have registered for Summit, Citrix Technology Professionals (CTP) and customers with active support or maintenance agreements as of the first day of the event (May 3, 2009).
 

When and where?

The event will be at the MGM Grand Hotel and Casino in Las Vegas, Nevada on Monday, May 4th from 8:00am to 5:30pm. 

Here's what a few past attendees had to say:

"This was probably the most valuable day of iForum [Synergy]. It was extremely technical and really provided a lot of insight into managing a Citrix environment."

"In-depth seminars, get to meet face to face with the people that support us, a wonderful venue."

Check out past event presentations and videos:

TechEdge 2008
October 29, 2008
Orlando, FL
Presentations and Session Videos

CSEIT 2008
May 19, 2008
Houston, TX
Presentations and Session Videos

CSEIT 2007
October 21, 2007
Las Vegas, NV
Presentations and Session Videos

Click here to register for TechEdge 2009

Learn More:

Want to learn more about TechEdge 2009, www.citrix.com/techedge. Stay tuned for our weekly close-up interview blog posts of the TechEdge presenters. Please let us know your thoughts, questions and feedback.

This post is part of a series on the TechEdge event:

• Check out my interview this week with Jamie Baker to discuss his sessions on End-to-end virtualization with Citrix Delivery Center and XenDesktop 3 architecture and design.

Cost Savings, Green Benefits and Improved Server Management.

Citrix Systems, Inc. (NASDAQ: CTXS), the global leader in application delivery, recently announced that leading enterprise resource planning (ERP) manufacturer SAP AG will be virtualizing an estimated 500 servers with Citrix® XenServer™ by the middle of 2009. SAP has also deployed Citrix® XenApp™ application virtualization technology to deliver applications to both SAP employees and external partners. In addition, SAP expects to receive the benefits that a combined XenServer and XenApp solution provides - such as streaming standardized workload images and superior management functionality - which the company anticipates will generate a 35 percent savings in terminal server costs.

SAP was looking to consolidate its server infrastructure and also wanted to create a much more flexible and dynamic computing architecture. Following an extensive test of XenServer, the company decided to move forward with a multi-stage roll-out of the server virtualization solution onto 500 servers, initially in the company's Saint Leon Rot, Germany office. In the next phase of the project, the servers that power the worldwide training centers will be virtualized, followed by the project management division with several hundred development, test, and support environments. After the server virtualization project in Germany is complete, the roll-out will continue at the end of 2009 to SAP's offices in Asia and the United States.

SAP has also deployed Citrix XenApp application virtualization technology to deliver more than 40 applications, including Microsoft Office and the SAP Business Suite software, to its entire user base. In total, there are more than 50,000 end users who access the XenApp infrastructure to work on tasks such as product development and support.

XenServer is FREE !

Read more news like this.

Its powerful AppExpert!

When you hear the term "Cloud Computing", do you see the big, beautiful, puffy white cloud we typically see on a calm summer day or do you see a dark, menacing thunderhead that spells impending doom?  Probably a little bit of both (isn't that always how life is?).  Cloud Computing has great potential to provide significant savings and automation to any business' IT environment, so why haven't you started moving to the cloud?  Probably because some things scare the hell out of you, like the following:

1. Security: Do I really trust a third party to hold my corporate data? Many cloud computing providers have extensive security processes in place to help mitigate this concern, but this data is the lifeblood of your organization.  If it is stolen, your entire business might be at risk.  It doesn't matter how many assurances you have from a 3rd party, losing the data might spell the demise of your organization or open you up to expensive lawsuits.
2. Compliance: Depending on your organization, you might have to adhere to different restrictions to gain a certain compliance certification.  Ever hear of PCI-DSS or HIPAA?  These are the ones most people think of, but there are many more depending on your industry.  How easy will it be for you to prove you are in compliance when you systems are in the cloud? 
   

If these are some of your major concerns with moving to the cloud, does that mean you are stuck running your IT like you have been, or is there still a way for you to implement cloud-based efficiencies into your own IT environment? 

Let's make this simple, cloud computing is essentially using technology to provide a dynamic, scalable computing environment where resources are virtualized and delivered over the Internet securely.  OK, definitions are always good, but how do I put this into practice?  By using the Citrix Delivery Center.  The CDC is a set of solutions that, when integrated, provides a virtual, dynamic, scalable application delivery solution securely over the Internet. An application is simply what you need to do your job, which could be a web application, windows application or even a desktop. 

Let's break the key areas of cloud computing down further:

1. Virtual:  This is an easy one.  First, you virtualize your servers in the data center. This will allow you to more fully utilize ALL of your hardware resources. Through XenServer virtualization, which is free by the way, you can use all of your server for any number of different workloads at the same time. You bought the hardware, might as well use it without waste.
2. Dynamic: An SAP server is not just an SAP server. A XenApp server is not just a XenApp server.  These servers can be anything you want them to be based on the current business situation.  Need a new XenApp server, no problem, just use Provisioning Services, which is part of Citrix Essentials for XenServer or Hyper-V, to deliver a new XenApp server in 30 seconds.  Need to reduce the number of XenApp servers while adding capacity to SAP? Use Provisioning Services to do just that without adding new hardware.  The time it takes to build a new SAP or XenApp server is roughly 30 seconds and this entire process can be automated by designing appropriate workflows for your business with Workflow Studio.
3. Delivery: The first question is what do you want to deliver? Desktops or applications?  How about both?  Use the underlying virtual and dynamic infrastructure to deliver a virtual desktop (XenDesktop), which is correctly populated with the right applications for the user with XenApp application delivery.  Not into virtual desktops yet? No problem, but I bet you are using applications.  Use XenApp to dynamically deliver the applications to any endpoint.
4. Scalable: Scalability means getting the most bang for the buck.  First, you need to use the infrastructure that is best aligned with your delivery solution. Are you using XenApp for application delivery, then your most scalable solution is XenServer due to the optimizations to make XenServer optimized for the XenApp workload.  What about web applications?  Many of the communication tasks a typical web application does can be offloaded by NetScaler.  This means your web server can support many more users because the expensive processing tasks are handled by the optimized NetScaler.
5. Security: Last but not least is security.  Remember, a cloud is going over the internet and you had better make sure your communication is secured.  NetScaler has the Access Gateway functionality to provide SSL-VPN access.  If you are only delivering desktops and applications with XenDesktop and XenApp, your environment is even more secure because all traffic occurs on two ports (ICA and CGP).  This means there is no need to install a full-blown SSL-VPN client on your devices. All you need is a web browser.  Don't forget about your data, that is your lifeblood.  Use NetScaler to create policies to disallow saving files on the endpoint, or printing, or even running certain applications from unapproved locations. Last, but definitely not least, are the web applications the organization is delivering.  We need to make sure sensitive information is kept hidden, like social security numbers and credit card numbers.  We also want to make sure our web applications are hit by different web attacks, like SQL injection, cross-site scripting, etc.  The Application Firewall component of NetScaler protects us. 
   

Does it seem like a lot to take in? Remember, the goal is to turn your environment into an enterprise cloud, which requires you to re-think how you deliver applications to your users. Of course you get the most cloud-like environment by doing the entire suite but the nice thing about the Citrix Delivery Center is that you can pick and choose the options you need. They all plug into each other to create a unified enterprise cloud environment.  I encourage you to take a closer look at the Citrix Delivery Center to see what you can do to your IT environment to achieve the  efficiencies of enterprise clouds.

Daniel

Citrix Delivery Center Live! is a series of premier worldwide virtual events that will provide a look at how Citrix is making the next generation of virtualization a reality.  Join us for these live online events where you will get an in-depth view of Citrix products and how you can transform your datacenter into a dynamic delivery center.

Transform your datacenter to a delivery center...with XenApp
Join us for the first event of the series for a look at the next generation of Presentation Server: XenApp.  Attend sessions throughout the day to learn about how application delivery is driving businesses forward and why Citrix XenApp is the only end-to-end solution in the market.

This virtual event will explore key topics:

• Deliver All Windows Applications To All Users
• Introduction to XenApp 5
• XenApp and Windows Server 2008
• Combat Top IT Challenges with XenApp
• Create the Best Desktop Virtualization Solution
• Virtualize XenApp Servers
• Deliver 100% Availability for XenApp Deployments with Citrix NetScaler.
  
  

Throughout the day, you can:

• Attend keynote sessions with live Q&A
• Chat live with Citrix product experts
• Participate in forums and network with other attendees
• View content online and download information
• Visit the expo hall to learn about key Citrix products and joint partner solutions
• Connect with Citrix Partners to learn about solutions to enhance your virtualization experience
  
  

Event Schedule:

Register for Citrix Delivery Center Live!
Transform your datacenter to a delivery center...with XenApp

Get an in-depth look at the upcoming XenApp release in our first Citrix Delivery Center Live virtual event. Attend keynote sessions with live Q&A, chat live with Citrix product experts, participate in forums, network with other attendees, visit the expo hall, view content online and download information. Think of this event as a virtual Synergy for XenApp. Register for this worldwide virtual event happening on September 9th 2008.

This event will explore the following topics

•    How XenApp liberates applications and the end user
•    What's new with XenApp 5
•    XenApp and Windows Server 2008
•    Leveraging XenApp to reduce IT TCO
•    When to add XenDesktop to XenApp
•    What XenServer can do for XenApp
•    How NetScaler optimizes XenApp

This is the first episode of the Citrix Delivery Center podcast. Vishal Ganeriwala and I interviewed Daniel Feller of Worldwide Consulting Solutions on the topic of deploying XenApp on XenServer. In part 1 of this topic, Dan talks about where, why and how XenServer and XenApp integration makes sense to deploy in your environment. Scalability will be covered in part 2.

Thanks to Jim West in Citrix Technical Support for voicing the Citrix Countdown and Steve Greenberg of Thinclient.net for the CTP Minute. A special thanks also goes out to Doug Brown for his podcasting advice and help.

MP3 File Download

Subscribe to the Citrix Delivery Center Podcast Feed

UPDATE: Click here to vote on topics for future podcasts.

Here are the documents Dan created regarding XenApp on XenServer -

Reference Architecture: Explains why a 100% physical architecture was reconfigured to include both physical and virtual systems and deciding factors of why XenServer is the best server virtualization solution for XenApp servers.

Implementation Guide: A step-by-step guide showing how to incorporate a XenApp Farm into a XenServer Platinum environment. Demonstrates how to create a golden XenApp image to be provisioned to any number of virtual machines.

Design Considerations: To meet the needs of the business, a solution like XenServer for XenApp must allow for design decisions. This article focuses on a few of the major considerations when integrating these solutions together.

As IT organizations struggle to keep pace with the demands of business, application delivery has become a major priority for CIOs around the world. Get advice from leading analysts, including Forrester Consulting, on pragmatic steps to transition from application deployment to application delivery.
Delivery, Please!
- Burton Group's Eric Siegel reveals the best practices behind application delivery.

A Guide to Application Delivery for CIOs and Senior IT Executives
- learn how to architect an IT organization that can rapidly respond to new business requirements.

A Guide to Application Delivery for Network Architects
- learn how to improve performance and security for web apps and WANs.

A Guide to Application Delivery for IT Infrastructure Operations
- learn how to enhance security and business continuity for Windows apps.

A Guide to Application Delivery for Desktop Operations Managers
- learn how to streamline management of Windows desktops.

Moving from Application Deployment to Application Delivery
- Learn about the differences between these two paradigms and how application delivery enables a rapid response.

Check out this video excerpt from Citrix Summit 08 of Citrix Delivery Center and its amazingly fast and easy provisioning of application workloads to virtual and physical servers. Presented by Pete Downing and Brad Peterson.

Provisioning Server and the soon to be released Citrix Workflow Studio Customer Tech Preview will have Workflow Tasks for Provisioning Server included in the Customer Tech Preview.

Stay Tuned Here: Citrix Developer Network - Citrix Workflow Studio

Get Updates Here: Citrix Updated - Citrix Workflow Studio

The soon to be released Citrix Workflow Studio Customer Tech Preview might have Workflow Tasks for VMware included in the Customer Tech Preview.

What The? Yes you read that right, Citrix might be going to include support for VMware in Citrix Workflow Studio. I am not saying they are or are not going to, but it is a very real possibility!

Stay Tuned Here: Citrix Developer Network - Citrix Workflow Studio

Get Updates Here: Citrix Updated - Citrix Workflow Studio

Virtual Machine Manager and the soon to be released Citrix Workflow Studio Customer Tech Preview will have Workflow Tasks for Microsoft Virtual Machine Manager included in the Customer Tech Preview.

No Way! Yes you read that right, Citrix is going to include support for Microsoft Virtual Machine Manager in Citrix Workflow Studio.

Stay Tuned Here: Citrix Developer Network - Citrix Workflow Studio

Get Updates Here: Citrix Updated - Citrix Workflow Studio

WanScaler and the soon to be released Citrix Workflow Studio Customer Tech Preview will not have Workflow Tasks for WanScaler included in the Customer Tech Preview.

A future release of Citrix Workflow Studio after the release of the Citrix Workflow Studio Customer Tech Preview will have support for WanScaler.

Stay Tuned Here: Citrix Developer Network - Citrix Workflow Studio

Get Updates Here: Citrix Updated - Citrix Workflow Studio