Running with One Shoe
Cloud technology isn't enough; we need to bring cloud economics as well to the enterprise

Last weekend was the first of three weekends on which an H1N1 flu shot day was held in Santa Clara, California. There was such an overwhelming demand for this shot that the net result was a massive shortage and long lines of residents eagerly awaiting shots for themselves and their children.  So here I am spending my entire Sunday standing in a line that was literally a half-mile long. I got in around 9:00 a.m. and exited around 4:00 p.m.  Some folks even arrived as early as 4:00 a.m. to grab a spot in line. It rivaled any Black Friday or Pearl Jam event.  

On the first weekend, the County ran out of vaccine shots pretty quickly and had to turn away folks who had stood in line for quite a long time. On the second weekend, evolution kicked in - they allocated more vaccines, ensured a count of folks during the day, and issued tickets to manage the count. Once the count reached 5000 (the max capacity that day), they turned people away ahead of them actually spending time in line. Although this approach overall was an improvement, it didn't address the root cause of the problem - completely avoiding the six to seven hour wait is what we really needed.

This whole incident reminded me of how enterprise IT (and, in general, business) deals with capacity management, or the lack thereof. Inevitably, there are events, some predictable (the Christmas shopping season in online retail) and some unpredictable (catastrophic events being covered by media outlets), that cause spikes in demand. Traditionally, as we all know, enterprises have adopted the "give-room-to-grow" architecture, which I think could also easily have been called "let me pay for 70% of un-utilized resources." Obviously, the recent economic indigestion (mildly speaking) has changed all that.

Enter various dynamic capacity management techniques including virtualization, on-demand architectures, etc.  All are driving towards improved utilization among other things. But the fact remains that one can never really predict demand. In fact, IT decision makers need to build in unpredictable demand into their business and technology model without the cost outlay.  

So which business model has truly internalized this?

The cloud computing business model for one. A key component of the cloud model that one needs to realize is that seldom does a cloud provider build in upfront CAPEX. It doesn't matter if their technology can bend it like Beckham, the core underpinning of their balance sheet stems from the fact that when customers pay, they pay their vendors. When their customers scale, they grow and in turn the vendors grow. Period.

So why isn't something like this adopted for the enterprise?
First, DNA
o       This is changing - no doubt the recent economic wakeup call has helped, but beyond that I believe CIOs, CFOs and their organizations are beginning to internalize that on-demand pricing is as critical as long-term support in the new decade.

Second, LEGACY
o       Again, with the evolution of virtualization, and technology morphing to support an on-demand model, the footprint in enterprise IT is slowly but surely getting there. As an example, the number of deployments of Citrix XenApp that have been virtualized has increased more in 2009 than any prior year. In addition, desktop virtualization is forecasted to be one of the most widely-adopted technologies of 2010.

Third, ECONOMICS
o       This is the hard problem, but also the most important to solve. Essentially, the core economic issue is not just how the technology is consumed (e.g., usage-based metering, etc.), but is dependent upon how the technology is procured, paid for and scaled up to align with business growth.
 Getting the economics wrong, but the architecture right, is like running with one shoe - it's the worst of the options.  So how does enterprise IT ensure it is wearing both shoes?

 -          First, internalize that enterprise datacenter capacity is now inherently as unpredictable as the online or cloud models.

-          Second, drive for pay-for-utilization or, as we call it, "Pay-as-You-Grow" in the core design, choice and licensing of technology. Ensure that IT decision makers keep this in mind from the get-go.

-          Finally, close the loop on iterating through the financial "grain" (i.e., whether you pay per month vs. per minute; whether you pay per GB vs. per IO throughput). The key is to retain the flexibility to change the scope of Pay-as-You-Grow pricing based on usage over the year.

So how does one manifest Pay-as-You-Grow in a product?

Take the example of networking. Traditionally, application delivery controllers were purchased using perpetual licensing based on throughput tiers and functional segmentation (e.g., buy an 8 Gbps appliance with caching and an application firewall for $85,000). What if your current scaling need is only 3 Gbps, but you believe that seasonal or unpredictable spikes can drive this to more than 5 Gbps? In the new world of cloud economics and Pay-as-You-Grow pricing, this translates to:
-          giving customers the choice of going with a 3 Gbps model today, and the option to scale up to 8 Gbps on demand, as needed
-          without forklift upgrades
-          without service interruptions
-          and, all of this is delivered with a simple license-key based activation procured via a self-service interface with back-end accounting that is automatically processed

That's cloud economics.

That's the other shoe.

Bottom line - based on conversations I have had with various cloud providers and enterprise IT leaders, I am a firm believer in the theory that technology delivered and consumed in the enterprise needs to natively support Pay-as-You-Grow pricing. This is the only way that enterprises will be able to align with the cloud model. It's no longer just about the technology architecture.
 
Running is a whole lot more fun with two shoes.

I get this question less often recently than I used to but it still shows up.  

• Can Application Streaming be ported to Apple Mac or Linux? 

The question is usually based on the idea of wanting to run XenApp published streamed applications in an isolation system on the foreign operating system.  That is, to bring streamed Windows applications to the other system. 

You can insert your favorite operating system on the above list, but the answer remains the same, no.

APPLICATION ISOLATION is about changing things and lying to applications so that they think they are doing one thing when they are really doing another.  Fundamentally though, the executed application is still a "native" application for the operating system.  The executed Windows based application is still a Windows based application and it will not run unless something exists below to satisfy the Windows APIs.  The application won't even load unless the Windows loader brings it into memory.

Can you use App Streaming on Mac?  SURE! 

Insert your favorite MACHINE virtualization system such as Parallels, install Windows into the virtual machine, install the streaming client (aka: offline plug-in) and then run all the applications streamed that you want.  This works fine! 

Is it "streaming" to the Mac?  No! 

I see people around Citrix doing this all the time.  They run streamed MS Outlook 2007 and happily check their email and do many things of their job, all day long with lots of apps.  Many of them spend most of their day inside the Windows environment of the Mac machine.

In this usage, I call the MAC the ...

• THE WORLD'S LARGEST WINDOWS LOADER!

For the non programmers in the room, the "loader" is the component of the operating system that is responsible for bringing the operating system to life.  The quick version goes something like this:

The machine powers up and and a whole bunch of things happen, but eventually the hardware kicks off the machine loader from ROM in "real mode" at address CS:IP FFFF:0000, this kicks starts the BIOS.  The BIOS h has the job of finding a 512 byte sector of disk, loading it into memory and "jumping" to it.  From the BIOS perspective, at this point the machine is "booted".  The 512 byte initial loader, brings in a bigger loader, which brings in a bit more, which brings in a primitive part of the operating system, which brings in some "boot" device drivers such as "disk" boot load device drivers, which brings in more of the operating system, which loads more device drivers, like NTFS, enables paging and does a bunch more stuff until you eventually get a machine, running and ready to do useful work.  You can make a career out of any of these activities.

In my mac example without machine isolation, the Mac must boot first and once it's done, it loads the virtual machine thingie which "powers on" the x86 box, which does a bunch of things, which then runs from "ROM", which is really "RAM" and jumpts to a "real mode" address FFFF:0000 and then boots the Windows machine.

This continues on until the Windows box is ready to do work => ergo, the Mac is the worlds largest Windows loader.  While boot sequences are fun, I am way off topic.  

Can you run App Streaming based apps on a non-Windows platform?

Answer the question with a question:

• Can you run WINDOWS based applications on a non-Windows platform?  Answer no.

Sometimes this answer receives a follow up: Have you considered adding this capability?

Now, a white-board is needed.  We use a white-board because nobody has chalk-boards anymore.  Frankly, I prefer the old style because they could be readily and reliably erased, but I'm digressing away from the topic.

How much slower does a streamed app run compared to a locally installed app?

Answer: They are the same!  CPU wise, it's the same.  A process is a process is a process and program code is program code.  The isolated app runs NATIVE on the machine.  It is loaded by Windows and the app uses Windows to do things that apps do with Windows. 

Eventually, the program may call a Windows API, such as RegOpenKeyEx or CreateFile.  When this happens, the program execution takes a brief side journey through the isolation system where the parameters to the API are "adjusted" to make the application run inside of an "isolated environment".  This is how the layers of glass are implemented.

The application is still an application and it is still dependent on the Windows machine for running the application.  Things do get a bit more complicated because even DOS apps running on the Windows machine can be isolated (link), but fundamentally, Application Isolation "adjusts" the execution of applications that are running native on the Windows machine.

Finally, the question can be answered: You can't run "isolated" Windows apps on a non-Windows machine, so there is no point is worrying about running App Streaming under MAC or Linux or others.

What about App Streaming to Windows XP Embedded?

Sure, that will work and this has been done. 

What about App Streaming to Linux under Wine?

Sounds like an interesting activity.  I'm quite sure it won't work, but there could be other neat things.

Enjoy!

Joe Nord

Citrix Product Architect - Application Streaming and User Profile Manager

We had some studio time available recently and took the opportunity to capture the alpha version of Citrix XenClient as you've never seen it...in HD. We thought it fitting given our ongoing dedication to HDX technology in both the Citrix XenClient and Citrix XenDesktop platforms.

Before we get to the videos, let me take just a few moments to review some basics about Citrix XenClient.

XenClient is a bare-metal local desktop virtualization platform based on the same technology that goes into Citrix XenServer including the open-source Xen hypervisor. Translation - XenClient allows you to run multiple virtual desktops locally on the same device, in complete isolation with kickass performance and graphics. Much of the credit for the performance can be given to the hardware-assisted virtualization in the Xen hypervisor combined with the work that Intel has done to give you the same great performance and user experience on your virtual desktops as you would expect on a physical laptop (or desktop).

Watch the XenClient Overview(1 minute)

There are many benefits to bare-metal desktop virtualization. One of the more obvious benefits is performance. We could go into all the ways a type-1 harware assisted hypervisor does that, but thought it might be easier to just show it.

Watch Citrix XenClient HDX Performance (2:30 minutes)

Pretty cool huh? Stay tuned for parts 2 and 3 where we will show off the use cases for XenClient as well as its ability to keep your computing environment secure.

Watch all four videos in the XenClient series or visit XenClient Central for more information on XenClient.

Here is a three minute (or less) pitch building the story of Citrix technology. It doesn't capture everything, but it gives a fair flavour. Intended for technology audiences, potentially with little exposure to Citrix, I think it's is "as simple as possible, but no simpler".

As always, I'd love to hear what you think.

Michael

Citrix technology ranges from point to point desktop sharing like GoToMyPC and GoToMeeting (1) ...

... through to sophisticated enterprise delivery of Windows desktops and applications, including remote sessions from Windows Server farms (2) ...

... and full desktop images, hosted on a shared server and delivered over the internet (3).

The desktop technologies are complemented by application acceleration appliances, delivering web apps for dot com and the enterprise (4).

All can run "virtually" to enable the promise of cloud computing (5). Indeed, the Citrix hypervisor is at the heart of the largest (IaaS) clouds.

____

Hämta ner XenDesktop 4 och kom igång med den snabbaste och mest flexibla lösningen tillgänglig idag på marknaden för att få ut Windows 7 till alla användare.

XenDesktop 4 - Platinum Edition
Release Date: 11/16/2009

Ge användarna en bättre multimediaupplevelse med HDX™ technologi, leverera Windows 7 till både fysiska och virtuella klienter med FlexCast™ leveransteknologi.

Det enda du behöver för att komma igång är lite hårdvara, kolla quick guiden, den är användbar för att komma igång om du vill använda flexcast. Annars är det ganska rakt fram med övriga komponenter, det har aldrig varit enklare än såhär att komma igång med klientvirtualisering.

Om du är återförsäljare/Citrixpartner och loggar in med ditt konto finner du även riktigt bra quick guies och proof of concept checklistor, designtemplates osv

It's always best to define a topic such as this, especially in light of the fact that "X as a Y" has been loosely connected to Cloud Computing in every way imaginable.  IT as a Service is no different.  Although several articles have been written about IT as a Service, the underlying core elements have not.  To really understand how we can approach something as monumental as the topic, we have to break it down into its core sub-elements, namely Software as a Service, Desktop as a Service and Platform as a Service.

Software as a Service (SaaS) - commonly defined by web based applications, this technology approach allows for the delivery of applications from a location separate from the local end device (PC, MAC, Mobile, etc).  This can be accomplished by utilizing a web browser to access the application or an application may be virtualized and transported to the end device.  In either case, the application is generally loaded in a central data center and delivered via LAN, WAN or open Internet connection.  In most cases web based applications are delivered over the Internet to the end device.  This gives rise to the notion that applications of the future will not be the sole responsibility of an Enterprise IT group.  Although the group may administer certain aspects of the applications and resulting end user data, the application itself is owned and core administration is done off-premise at the site of the application owner's facility (usually known as a Independent Software Vendor or ISV).  Some applications are being re-developed for this environment.  Microsoft Office 2010 is a perfect example.  Whereas previous releases have required the expert administration of the local (on-premise) IT personnel, the design of Office 2010 is much different.

To seed the market and the new approach, Microsoft is offering up 'light' versions of Office 2010 free of charge, delivered over the open Internet.  The target audiences for this product are consumers and 'light' users who will only require a fraction of the capabilities of the Office products.  Other companies, such as Salesforce.com and Citrix (GoToMeeting) have created this new paradigm.  Microsoft (and others) are merely following suit to what is an emerging mechanism for the delivery of applications.  Business owners and executives looking for a way to circumvent expensive IT infrastructure and personnel are looking at SaaS as a way to augment (or dissolve completely) their Information Technology groups.  There are technologies available today that enable locally run applications to be delivered in a SaaS model.

Desktop as a Service (DaaS) - One of the more confusing approaches under the IT as a Service mantra, DaaS recognizes that the ultimate goal is to connect a person to a machine.  In other words, an application is only a portion of what any user does on a personal computer, thin client or smart phone.  Where SaaS focuses on the individual application, DaaS focuses on the Individual.  DaaS allows not only applications to be delivered to an end device from a LAN, WAN or open Internet, but associates specific characterizations such as icon placement, desktop settings, interaction between desktop applications and interaction between an operating system and the applications.  There are many forms of DaaS including but not limited to Virtual Desktop Infrastructure (VDI).  In DaaS, anytime an end user wants access to his or her applications and data, the entire desktop is presented to them based on their individual (personalized) set up.  By using certain technical approaches, many of these characteristics can be delivered to the end user as well without the encumbrance of a direct connection with the operating system.  Client hypervisors are emerging to further arbitrate the hardware and associated operating systems from the applications and data themselves.  In parallel, server based computing has been a means to accomplish both the delivery of applications and the entire desktop.  The critical path to success for any DaaS approach is to understand the end users requirements and then deliver a technology approach that meets the demand.  DaaS implementations are becoming more commonplace but come with a cost.  By definition application delivery utilizes less bandwidth and server capacity than an entire desktop.  For service providers this is crucial as the offerings tend to be in the hundreds of thousands if not millions of subscribers from a single data center.

Platform as a Service (PaaS) - Once again PaaS has many definitions but seems to be concentrating around the notion that in order to develop structured environments (whether for Information Technology or for Software Engineering) there needs to be a mechanism to manage and control all of the pieces of the system.  As data centers (whether on-premise of off-premise) become more virtual in the way in which applications are loaded, delivered and managed a need is arising to create a platform by which to simplify the work and workloads.  This platform is really the orchestration of many different elements of a data center.  For instance, in the Applications Platform as a Service (APaaS) model, software development is accomplished as a virtual entity.  All of the available resources (memory, CPU, UI, O/S) are made available to the developer on virtual machines and software images stored for execution off-premise.  This allows for rapid development cycles and on-the-fly iterations of production code. 

In a production software delivery environment, the 'platform' is managed via a "universal management console" where virtual servers, O/S and applications can be stored, delivered and recovered with ease.  In either case, the PaaS approach is used to provide an endless means of flexibility and efficiency by arbitrating the physical hardware from the developer and the end user.  Many of the technologies required for this approach are already available but the System Level Management to easily manipulate the information and provide secure access are embryonic.  Service providers who will need agility and scale that a PaaS can offer will need a fully integrated solution to make this approach a reality.

When we roll all of this together we begin to see the possibilities and the challenges.  Each of these approaches brings benefits to what we have previously known as on-premise IT.  IT as a Service then is the combination of SaaS, DaaS and PaaS in order to deliver a simple, manageable, secure ecosystem which always has one common denominator...  The end user.  When considering buying or selling any or all of these approaches, the most beneficial way to start is with the end user.  Critical questions need to be asked in order to determine the right fit.  What are the end user needs?  When is it appropriate to use SaaS vs. DaaS?  How will a PaaS implementation be managed and what are the critical elements of the system?  Once this has been determined, a reasonable TCO/ROI model can be built with the end customer's needs in mind.  Without answering these questions, we merely replace one technology with another and potentially the ability to exponentially expand a bad Information Technology approach.

Today's the big day. November 16, 2009. XenDesktop 4 is here! The final XD4 software has been posted to the Downloads page on MyCitrix and both Evaluation and Retail licenses are now available. Likewise, final XD4 documentation has been published on our eDocs site. So I'd like to publicly congratulate our Engineering team for delivering a truly outstanding product release. 

The enhancements in XenDesktop 4, summarized in a previous blog post, have resulted in the most comprehensive desktop virtualization solution on the planet. With FlexCast, we deliver the best desktop for each user in the organization; a hosted shared desktop (Terminal Services / RDS), a hosted VM-based desktop (now including Windows 7), a blade PC or rack workstation based desktop, a local streamed desktop, or virtual apps on a physical laptop or desktop. And our HDX technologies ensure an optimized user experience for every access scenario. You can learn about HDX in my recent 18-minute video seminar with Sridhar Mullapudi on CitrixTV, which includes demos of many new HDX features.

So download an evaluation copy and check it out for yourself. Now is the time to rethink your desktops and join our desktop virtualization revolution!

Derek Thorslund
Citrix Product Strategist, HDX

Tyler Carter, Product Marketing Manager for Citrix Essentials for Hyper-V, put together a brief overview presentation of the new features in Citrix Essentials for Hyper-V 5-5. The link below will open a new window to play a flash version of the presentation. There is some animation in the presentation, so I suggest just letting it play all the way through without manually advancing the slides. There is no audio in the presentation.

What's New in Citrix Essentials for Hyper-V 5.5

I uploaded the slide presentation to my SkyDrive account. You can download it here. You can download a 10 page Essentials for Hyper-V whitepaper here.

Express Edition Download
http://www.citrix.com/ehvexpress

Citrix Essentials for Hyper-V Step by Step Part 1

StorageLink Deep Dive Webinar - http://community.citrix.com/blogs/citrite/barryf/2009/04/13/StorageLink+-+Essentials+for+Hyper-V+Deep+Dive+Webinar

StorageLink Demo Videos
http://www.citrix.com/ehv

StorageLink Overview - http://community.citrix.com/blogs/citrite/barryf/2009/02/23/StorageLink+in+Essentials+for+Hyper-V

Provisoning Services Overview - http://community.citrix.com/blogs/citrite/barryf/2009/03/20/Provisioning+for+Hyper-V+with+Citrix+Essentials

Lab Manager Overview - http://community.citrix.com/blogs/citrite/barryf/2009/03/19/Essentials+for+Hyper-V+with+Lab+Management

StorageLink Install Install Guide - http://support.citrix.com/article/CTX120789
StorageLink User Guide - http://support.citrix.com/article/CTX120791

Follow me on Twitter.

Citrix self-paced online training course CEV-100-2W Getting Started with Citrix Essentials for Hyper-V introduces learners to Citrix Essentials for Hyper-V and provides the knowledge needed to perform basic installation and configuration tasks. The new Site Recovery Manager feature is covered as well.

Through online simulations, students will install and configure key features and explore product capabilities, such as virtual storage management, provisioning services, lifecycle management and workflow studio. This course is available at no cost for a limited time.

To learn more and access this online course, click here.

Express Edition Download
http://www.citrix.com/ehvexpress

Citrix Essentials for Hyper-V Step by Step Part 1

StorageLink Deep Dive Webinar - http://community.citrix.com/blogs/citrite/barryf/2009/04/13/StorageLink+-+Essentials+for+Hyper-V+Deep+Dive+Webinar

StorageLink Demo Videos
http://www.citrix.com/ehv

StorageLink Overview - http://community.citrix.com/blogs/citrite/barryf/2009/02/23/StorageLink+in+Essentials+for+Hyper-V

Provisoning Services Overview - http://community.citrix.com/blogs/citrite/barryf/2009/03/20/Provisioning+for+Hyper-V+with+Citrix+Essentials

Lab Manager Overview - http://community.citrix.com/blogs/citrite/barryf/2009/03/19/Essentials+for+Hyper-V+with+Lab+Management

Follow me on Twitter.

Join Citrix and Microsoft for this upcoming webinar on November 19th, 2009 at 1:00 PM EST-

Event Date: 11/19/2009 01:00 PM Eastern Standard Time

Have you started planning to migrate to Windows 7? Struggling to continuously update and patch endpoint devices for new application releases and updates ? Data residing on end point devices creating potential security risks? Continuing to follow the decades-old PC refresh cycle and traditional distributed desktop model is a poor choice for IT departments that face reduced budgets and headcount. Join Citrix and Microsoft in this webinar to learn about the only industry leading desktop delivery solution that will enable you to:

• Radically simplify desktop management
• Increase business agility
• Reduce desktop and application management costs
• Right & wrong reasons to implement desktop virtualization
• Improve security
• Accelerate enterprise wide deployment of Windows 7
  
  http://event.on24.com/r.htm?e=175014&s=1&k=03BEDE18A207B107B57E59BBFB11A8B9
  
  
  
  Follow me on Twitter.

As the Citrix Architect of Application Streaming AND Architect of Citrix Profile Manager, you might infer that I'm interested in leveraging one technology to help the other. 

Background on roaming profiles and Citrix Profile Manager

First, background on Windows "roaming profiles" and similar.  Consider that when a user logs onto a machine, the logon activity must "roam" or "copy" the network stored version of the user's profile onto the execution machine.  In the general sense, everything on disk beneath %USERPROFILE% or C:\Users\usename, will be copied onto the execution machine at logon and then copied back to central store at logoff. 

During logon, this is a "large" consumer of logon time where it consumes perhaps the largest portion of the overall logon clock.  With roaming profiles, this full copy happens every time, but with efficient systems such as Citrix Profile Manager, the "copy" is actually a "sync", so the copy happens really fast and the copy back is limited to only the files that changed.   While this also speeds logoff time, let's stick with the value of logon time because ... nobody cares how long it takes to logoff.

Where all of this stuff gets more interesting is when you consider a user logging on to XenApp hosted session or logging onto a hosted XenDesktop session where a common disk image is used for the base operating system.  Notice that in each of these hosted cases, the user's profile on the execution machine is initially "empty" and it will be initially "empty" on every logon.  This means that the glorious logon sync that the Citrix Profile Manager does at logon will actually be a "full copy" and here, it starts to behave with the same inefficiency as the base operating system profile solution because it will be a full copy at EVERY logon.  We like to do better than this.

For a more detailed introduction to Citrix Profile Manager, consult this Sepago white paper.  Recall that Citrix Profile Manager is based upon the Sepago Profile technology that Citrix acquired some time back.

Use "streaming" to solve profile population
Logical move: Instead of copying stuff onto the machine at logon, use isolation technology to LIE to the system to tell it everything is copied local when it is really still on the central store.  Eventually, when the system or an application references stuff in the user profile, go fetch it and make it present.  This is "just in time" population and it has the promise to greatly improve logon time in a hosted environment.

For JUST IN TIME population, the bet goes, some large portion of the user profile will never be referenced, so you save big on the logon speed and you save big on the runtime because much of what exists in the user profile will NEVER be copied to/from the central store.  This means that using a just in time profile solution will save LOTS of time for logon, and this is a great benefit!

Great - How much quicker?

The answer: LOTS QUICKER!

Yes, but do you have a number?

I'd like quote: Just in time Profile Manager speeds XenApp logon by 100%  

My gut says that the number is closer to 40% - 50%, but I don't have any hard evidence and thus the premise of this blog post...

Getting a "number" is harder because the answer is that "it depends".  Marketing people and customers prefer hard integers.  The integer number is hard to dream up because the answer depends on the size of the user's profile and the efficiency of network activity to/from the central profile store to the execution physical machine or virtual machine.  The BIGGER the profile, the more efficient.  If the profile is zero size, then JIT doesn't do anything and if the profile size if infinite the the JIT logon benefit is also without limit.

So, the answer for the logon value of just in time is is somewhere between a 100% benefit and 0%.  This doesn't help.

Let's go with an example:  The profile on my primary computer is 11GB, yes Gigabytes.   I could be a rare case.  This is pretty close to "infinite" so I will save plenty in an average logon.  

It turns out that 10 GB of my 11 GB profile is a TrueCrypt encrypted hard disk container.  I'm sure glad I'm not copying that down from a central store on each logon!  In a hosted VDI, I would be.  Technically, I'd store stuff differently, but in concept I'd be copying this down.  In a hosted XenApp execution with just in time, I would never copy down this file so Joe's benefit of just in time will be either 0% or 100% and nothing in the middle.  This still isn't helping me come up with a number.

For my normal machine, I am not connected to profile manager or roaming solution or even to a domain so my system may not be the perfect example.   As XenDesktop becomes more and more prevelant though, the strange things that users do to populate their user profile will make examples of users doing stupid things like placing 10GB files into the user profile more and more common.

If you are using the same profile for the primary hosted desktop as well as numerous XenApp server based app executions, you experience the victory!  Only ONE of them will be accessing that really big file.

In my case, the primary machine will access the really big file, but all the "vacation request" and similar applications that I run will run on another computer, where the really big file will never be referenced.  Using just in time population of the user profile, the majority of my logons and I'll say that ALL of my quick in/out sessions will have a HUGE benefit to not copying down that 10GB file!  This will make my logon time benefit near 100% on these other sesions and near 0% on the machine where I do access that single file that is 90% of my user profile!  

It is much better to quote percentages on something like this, so the time saved will be some percentage of the overall logon time and the LARGER the user profile, the HIGHER the savings!  Okay, we're getting closer.

Right - what's the number to quote?

Let's start with a formula:

• TimeSaved = TotalTimeWithouJIT - TotalTimeWithJIT;
• PercentFaster = (TimeSaved / TotalTimeWithoutJIT) * 100%;
  

How to calculate "TotalTime"?  This number will be the sum of the entire logon, nobody cares how much more efficient the roaming profile copy is, they want to know how many SECONDS this will save on logon time and how much of a percentage faster the logon time is. 

This requires breaking down the logon time of a "NORMAL" logon.  What is a "normal" logon?

Need to have: Computers that are representative of a "normal IT shop".  Need networks that are also representative of "normal world" and network servers and end user machiens that are "normal".  Must simulate some kind of load on these machines or just take it as a given that the load during the test will be similar to all the other stuff going on with the test network at the time of the measurement.

The key ingredients are:

1. Size of the user profile.
2. Speed of the network.
3. Overall logon time 
4. Logon time used to copy the full user profile

Given the above, we tigger the measurement to figure out how much time is profile population and poof!  Take the total logon time, subtract out the portion spent copying the user profile without JIT and ... We have a number!

What's that number again?

What is the SIZE of an "average" user profile?  What is the average file size?  How many files are "normal". 

Do normal users have giant files inside their user profile?  Yes, they do!  If you have have you ever copied a .MPG file or .MP3 onto your desktop, then you're as guilty as I am.  The PROFILE WILL GROW and will be large.

How large?

We need to exclude some files.  What about the files that will NEVER copy onto the execution machine even ignoring just in time.   Some stuff like "My Documents" will not be roamed, but will instead be accessed straight off the network via folder redirection.  This is "standard procedure" for setting up profile environments and here, "just in time" doesn't have any effect.

Let's get to statistcs.

Start with the initial 11GB and take out that 10GB file that is an anomaly and I'm left with 390MB.  The missing 610 MB is round off error.

Administrators usually redirect "My Documents".  Take out Joe's "My Documents" = 208,055,865 bytes and I'm left with 182,450,081 bytes.

Okay, I wonder what I have inside my USERPROFILE that could possibly constitute 182MB?   Dig deeper.  I have 24 MB of pictures!  While I am sure that they are lovely - I am also sure that I haven't looked at them in months.  If I were "server side" my admin would probably redirect "My Pictures" too.  Now I'm down to 158MB.

Keep looking....  BING BING BING BING BING!!  We have a winner.  I have 149MB of "Downloads".

First - before anyone starts, "Downloads" have ZERO relation to the 24 MB of pictures!

Something is wrong here because after you subtract all this out and I'm down to 9MB of stuff that wouldn't normally be "redirected" and I KNOW that NTUSER.DAT on my machine is 8.9 MB.  This leaves me with 100KB of stuff that is candidate for JIT value.  There's a number breakdown here someplace, but let's keep it going.

Pretty soon it's obvious that I don't have ANYTHING in the user profile that matters.  I store it all in that huge the container file and in "other places" on the hard disk.  In a hosted case, these "others places" would find their way into the user profile, so all my utilities would be a plus for the profile.  Go looking...

What are "other places".

Utilities.  I have lots of them and store them off the root.  In a hosted desktop model, they will be in the user profile.  Add in 137 MB.  I have 77 MB of sound .wav files left over from my days of writing audio device drivers.  These would almost never be accessed, but they would live in my user profile.  Batch files.  They are kept separate from executable utilities, so add in another 9 MB and utilities and 33 MB of Windows SYMBOL files for debugging stuff.  137 + 9 + 77 + 33 = 256 MB of additional stuff for the user profile.

I love it when numbers come out to a power of 2!

One number:  "Average" user profile size is 256MB!

Yes, I left the 10GB file out of this mix.  That quantity of storage just has to kind of go away from the calculation.   I hear numbers of 20-30 seconds of XenApp logon time being required for copying down user profile content?  If we can make this number be "zero", then there can be real value in just in time profile solutions.

Add in some stuff that would be moved from my container file onto the user profile and I propose that the real size could easily double. 

Joe's proposal: The Average size of user profile is 512MB!

If any of this math makes sense, then I have an example number set that can be used to construct a measurement.  Is 256MB the right number?  Is 512MB the right number?  How about 1GB?

Real world statistics are the elusive number.  If you happen to have a couple hundred profiles representing a years worth of regular hosted desktop usage and wouldn't mind sharing, please send me an email or comment below.  

THANKS.

Joe Nord
Product Architect of Application Streaming, Profile Manager and a few side projects
Citrix Systems - Fort Lauderdale, FL

PCoIP is VMware's latest attempt at delivering a decent user experience for a virtual desktop. After failed attempts with RDP, Sun Ray, RGS and TCX, VMware View 4 is betting that a software version of the PCoIP protocol will deliver the great user experience customers demand from a VDI solution.

I've been in the virtualization business for many years. Currently I lead the HDX technology for XenDesktop. In the past I've worked on tons of projects for the ICA protocol including CGP, Secure Gateway, and Thinwire. In recent years I've led the Apollo project which has created technologies now in XenDesktop 4 like HDX MediaStream for Flash, HDX 3D Pro Graphics, HDX RealTimeand HDX Broadcast. So I've watched with amusement as VMware attempts to position PCoIP as the next great remoting protocol. The three most amusing 'marketing' tactics about PCoIP are:

PCoIP bets on UDP as the foundational transport for graphics
One of the major design flaws in PCoIP is that it relies exclusively on UDP for deliver bitmaps. UDP is valid for some narrow use cases but PCoIP relies on it entirely. When you need a reliable transport, TCP is a much better option. The fact that PCoIP has application-layer packet reliability shows you need reliable delivery for desktop graphics. If all you are doing is playing a video, fine... but that's not what a virtual desktop is all about. You may not know this but many years ago, ICA supported a datagram-based protocol with application-layer reliability just like PCoIP. Since then, we have learned that TCP is the ideal transport for delivering desktop graphics over the network. It is also friendlier to firewall and network infrastructure. And it is cheaper to deploy as customers can leverage their existing network infrastructure.

PCoIP claims bitmap remoting is the best way to deliver graphics
Another interesting aspect of PCoIP is that the protocol is based on the idea of sending bitmaps. No wonder, since their hardware solution used as input the DVI port of the graphics card. It is interesting that VMware claim that sending bitmaps is better than sending graphic primitives. This is a half truth. While sending bitmaps make sense in some scenarios, sending graphic primitives is much more efficient in other scenarios. Think of this, what is more efficient when sending a 400x300 rectangle with black borders and white background? As a bitmap or sending a RECT command with both upper left and lower right coordinates? The key is to be smart about it and know when one scenario makes more sense than the other. That's what we call SmartRendering. Getting this right is very hard and it has taken us years of fine tuning. But a half truth is convenient because sending bitmaps is the easiest thing to do, after all, that's all most graphic remoting protocols can do.

PCoIP relies primarily on the server to do all the heavy lifting
PCoIP also focuses on the use of server resources to deliver the graphics. But you soon realize that does not get you far enough. I have spoken with countless customers asking us to solve their scalability issues with playing Flash multimedia. I'm sure VMware have shown some YouTube videos to get people excited but you have to look at the CPU and bandwidth consumption. The Flash player uses up lots of CPU, so if your only available solution is server-side rendering then you are going to need a lot of servers. Customers need solutions that scale, are cost effective and leverage their computing resources in the data center and also on the user device. PCoIP fails to do this because it is an incomplete protocol.

Delivering a complete solution takes time and it's hard, very hard. I see PCoIP making some of the same mistakes we made 15 years ago. I congratulate them for trying, but they have a long way to go.

To deliver a great user experience you not only need a robust protocol, you need all the components in the delivery infrastructure working together to optimize the delivery of virtual desktops and applications. This is what we are doing with HDX at Citrix.

Follow me on Twitter

Klientvirtualisering är ett hett ämne nu när alla ska ut med Windows 7. Att göra som vi alltid gjort är inte tillräcklgt, det tar alldeles för lång tid och är på tok för dyrt.

Som vi alltid gjort?! - alltså köpa nya servrar, uppgradera nät och köpa nya datorer.
Windows 7 fungerar utmärkt även på inte helt ny hårdvara vilket bara det ger oss möjligheter att låta klienterna stå kvar på skrivbordet och leverera ut operativet med nya metoder.

2008 åkte jag land och rike runt och pratade VDI, virtuell klienthantering. Ärligt talat måste jag medge att det var flopp, vissa gillade tekniken och testade omedelbart att lyfta in några klienter i serverrummet men då man ganska snabbt insåg att man då får en ytterligare klientinfrastruktur parallellt med sin traditionella kom svaret ganska snabbt att så länge man inte har en lösning för ALLA klienter eller scenario blir det ganska kostsamt att underhålla flera plattformar.

2009 pratar många fortfarande VDI trots det faktum att det är en brake/fix lösing. Jag träffar om inte dagligen men ändå ganska ofta företag och organisationer som laddat upp ett antal klienter i sin virtualiseringsplattform för att några veckor senare falla på antingen dubbel administration eller ökade kostnader.

Att virtualisera ett antal servrar var för några år sedan en utmaning men idag är det standard för de flesta och vi står någonstans motsvarande i utveckling på klientsidan. Det jag reflekterat över är att det ofta är servergruppen som nu även börjar ta över klienterna och ger sig på klientvirtualisering. Inget ont om serverkillar, de flesta jag träffat är extremt kompetenta men ärligt talat: - Det är rätt stor skillnad på klienter och servrar.

I min värld ska klienter skapas dynamiskt efter behov, man ska inte behöva scripta och mecka så mycket bara för att tillhandahålla några hundra datorer och självklart har alla användare inte samma behov. När vi skickar in alla klienter i serverrummet löser vi bara ett (1st) problem och därför är det så viktigt att se det här med klientvirtualisering utifrån ett helt annat perspektiv.

Vad är en klient?

• Hårdvara i någon form av pc, fysisk eller virtuell
• Operativsystem, Windows XP, Windows Vista eller Windows 7 i många fall
• Applikationer
• Personliga inställningar/konfiguration
• Åtkomst

Jag väljer att dela upp en klient i fem delar även om vi kan dela upp ex. hårdvara i flera olika delar som ex. nät, hårddisk som också bör beaktas när det gäller effektiv klienthantering. Men vi tar det lite längre fram. Om man inte bryter isär dessa komponenter kommer man aldrig att lyckas med sitt klientvirtualiseringsprojekt - hur kommer det sig?!

Jo, min tes är att klienter förändras betydligt mer ofta än servrar och om vi beaktar kombination av behov från ett användarperspektiv är det betydligt mer "spretigt" i jämförelse med serverhanteringen som ofta ska fylla en funktion och dessutom i server rummet. Vem märker om en server är virtuell eller fysksk? Man ska bara ansluta mot den och den ska fungera.
Då de flesta är bekanta med virtualisering i form av nät (ex. VPN och VLAN) samt servervirtualisering har jag valt att börja i den änden även när det gäller klientvirtualisering men här är det viktigt att inte blanda ihop hårdvaruvirtualisering med operativssystemsvirtualisering och operativsystemsleverans och operativsystem installation. Vad är då skillnaden?
Genom virtualisering av hårdvara kan vi möjliggöra flera saker men viktigast i klientvirtualiseringssammanhang är möjligheten att köra flera klienter på samma fysiska hårdvara. Det löser en sak, bättre nyttjandegrad eller densitet på fysisk hårdvara men om vi väljer ett spår som endast klarar virtualisering kommer vi aldrig att kunna tillgodose alla användares behov. Här kommer operativsystemsvirtualisering in i bilden. Alltså möjligheten att tillhandahålla ett operativsystem till både fysisk och virtuell hårdvara

I år när jag kört mina "seminarier" runt om i landet har jag kört "live" och jag tror det är vad som krävs nu i dessa virtualiseringsförvirringstider. Det är nästan helt omöjligt att berätta med ord hur det fungerar men att visa/-se live ger en helt annan förståelse för enkelheten/storheten .

Tips på Citrix TV filmer - www.citrix.com/tv

• How to: Design XenDesktop for the Small Business
• How To: Install Web Interface 5.2
• How To: Deploy Citrix Clients via Web Interface 5.2
• How To: Create a XenApp Site in Web Interface
• How To: Create a XenApp Services Site in Web Interface
• Citrix Ready Spotlight Video - AppSense
• Free!! XenDesktop4 Express Edition
• How To: Use Wild Cards with Dynamic Window Titles in Citrix Password Manager
• How To: Use the Agent Logging Facility in Citrix Password Manager
• How To: Use the Control Matching Feature of Citrix Password Manager
• How To: Deal with Drop Down lists in Citrix Password Manager
• How To: Create a Basic Application Definition in Citrix Password Manager
• How To: Configure the Networking Settings of a Citrix Merchandising Server
• How To: Schedule a Plugin-in Delivery in Citrix Merchandising Server
• How To: Download and Install a Plugin-in from Citrix Merchandising Server
How to: Design XenDesktop for the Small Business

Do we really want to allow our users to have the ability to self provision / install applications? Won't this just cause mayhem and anarchy? How will we ensure that we are licensed to install the applications that the users choses to install?

Simon Rust, VP of Technology at AppSense answers these questions in an article he posted over of the AppSense Community Blog - Please find the post below:

These are a small sample of some of the obvious and key issues that the IT administrator needs to seriously consider when thinking about allowing the user to install applications of their own choice.

Just this week, @HarryLabana asked the following question via Twitter - "Are user installed apps a compliance nightmare waiting to happen?". A very sensible question that effectively is asking, "WHY should we even consider allowing the user to install their own stuff?"

To labor on the need briefly, it is relatively simple as to why we need to cater for it (we don't need to agree with it, but we do have to accept it to a certain degree ). Bottom line is that for years, there has been a challenge with packaging all the applications required by a user to conduct their daily duties. This is a challenge that traditional desktop managers have had for years, and now with desktop virtualization it is perhaps getting more noise. Unfortunately it is not going away any time soon, in fact may be getting worse as time progresses and the number of applications increases. If we choose to not allow users to install their own stuff, then how do we ensure that the user does not fall foul downstream of an application not being available and hence their inability to conduct their work? An obvious example would be the corporate user who uses Microsoft Live Meeting to conduct online meetings, who has a meeting booked with an organization that uses Citrix GoToMeeting. The GoToMeeting client would not be installed, and hence the user would only find this out 5 to 10 minutes before the session, and hence would be unable to join

AppSense Product Manager Chris Oldroyd (Twitter - @coldroyd) wrote about the various user installed applications a month or so ago and is well worth a read - What is a User Installed Application? And why should we care?

So, now we have accepted that we need to cater in some form or another, we can move on to consider HOW. The key aspects to delivering users with the ability to install their own apps is CONTROL - it would be insane (most would argue) to allow ALL users with the ability to install their own stuff. Very quickly the enterprise would find themselves in a situation where literally 1000's of applications have found their way in, and are posing a serious legal issue. It is (mostly) true that a typical enterprise using laptop devices has this very issue today, since the majority of users of laptop devices are administrators of them. There is usually a solid business reason (from years gone by) as to why the user is an administrator, whether that reason being a requirement to install printer drivers (pre Vista) or something like that. Typically, once a user has admin rights, it is nigh impossible to get them back again

Arguably this is all part of something called "User Rights Management" as well as "Personalization". Both of these are clearly becoming markets in their own right with vendors appearing in it regularly, and many other vendors morphing their solutions to fit the model(s) also

In order to deliver against the need, but to do so in that all important controlled manner, we need to enable / allow for the following (there will be more - these are just the key areas);

• Only allow certain users to install apps (AD group based / end point device based)
• Only allow those users to install from certain (internal) network location(s) - that way the enterprise can control exactly WHAT a user who is authorized to install can install
• Only allow those users to install applications from certain vendors
• Full reporting is required to enable the administration team to be able to see what is out there in a quick snapshot
• Full administrative override to enable rapid removal of any applications as necessary

The overriding point here is simple - user installed applications is NOT for everyone, but it will be for a significant portion of the user population, so we need to provision for it in some way - simply saying no will not cut it.

Thanks
Gareth Kitson
AppSense

Twitter - @garethkitson

Wavemaker integrates with Citrix NetScaler seamlessly for web services.

WaveMaker Visual Ajax Studio is an easy-to-use visual builder that enables the drag & drop assembly of scalable, web-applications using Ajax widgets, web services and databases. WaveMaker Studio will look and feel especially familiar to client/server developers who are used to working with visual tools. Check out the Wavemaker specifications here.

WaveMaker has helped customers reduce development costs by 67% and cut the lines of code written by 98%. Less code makes WaveMaker applications cheaper to maintain and easier to manage. The NetScaler REST API's are going to be released soon. Today, the API provides web services in the form of Java. We, at Citrixlabs, have recently been using the Java Services and the examples in our API Documentation, with Wavemaker, to built a Proof of Concept.

Wavemaker allows you to build a GUI interface, consume web services through a .wsdl definition, save it to a WAR file, and then run that WAR file against a Tomcat web server. All of this is done using Drag & Drop functionality in the Wavemaker interface. Running a WAR file, allows interaction with the NetScaler for several types of services such as configuring load balancing services, or gathering statistics.

Possible uses

Users can create their own interface/GUI to the NetScaler for configuration and monitoring. Multi-tenancy has come up in discussions, as a way to manage multiple configurations through a single interface, perhaps on several NetScaler VPX devices, either in a XenServer deployment or in the cloud.

Current Proof of Concept

Having said that, using Wavemaker, we were able to successfully ...

• Create a GUI user interface to NetScaler
• Consume the NSConfig web services from the examples in the NetScaler API Documentation
• Configure the NetScaler with a new Load Balancing VIP and associated backend servers

If you have a NetScaler, the API's are already there. Connect to your NetScaler, select downloads, and navigate to XML API.

The best part about Wavemaker is it is Open Source.

Tap into the power of AppExpert!

Citrix customers have often asked us for help with promoting Citrix within their organizations. In response, we wanted to let you know about the Customer Success center, a new section of the Citrix website dedicated to supporting Citrix customer advocates. 

The Customer Success center was created to gather together tools, tips, and other information to help Citrix customers like you promote Citrix within your organizations. The center includes a searchable database of Citrix customer case studies; videos from the Citrix Innovation Awards; an overview of the Citrix Voice of the Customer reference program; and the Guide to Expanding your Citrix Success.  

The Guide to Expanding your Citrix Success is a new, in-depth guide that can help you build a business case for Citrix. It includes 'talking points' about Citrix benefits that you can share with your management, IT colleagues and users. It shows how to demonstrate the ROI of a Citrix solution, and how to counter common objections to expanding a Citrix implementation. Links to reports from industry analysts and market research firms about Citrix are featured, as are business-oriented thought leadership articles and high-level overviews of the Citrix product lines.  

The Customer Success center and the guide will be updated regularly, and we'll post updates to this blog when new tools are added to the site. If you'd like to be alerted when new resources are available, simply subscribe via RSS to this blog.

We look forward to helping you to expand your success with Citrix!

Yesterday, Citrix announced the new Citrix Ready Open Desktop Virtualization program. Today, I would like to provide you with more details. The program is designed to ensure that organizations deploying virtual desktops have confidence that their deployments will deliver a true, high definition (HDX), multi-device experience for the end users as well as satisfy the security and management requirements of the IT organization

As you probably saw from our XenDesktop 4 announcement, Citrix's view of desktop virtualization is much broader than running a user's desktop in a hosted virtual machine (VDI) and is emerging in mainstream deployment with customers such as Emory Healthcare and Collier County Schools.  Citrix's FlexCast delivery technology enables the delivery of every major desktop virtualization model via XenDesktop. As IT organizations pilot and architect their the desktop virtualization solutions it quickly becomes evident that desktop virtualization requires a robust ecosystem of partners to ensure that, amongst other things, the deployment is fully supported in the desktop value chain, end user's USB devices that are attached to their desktops continue to work, user personalization of their desktops remains persistent and that their desktop are available via multiple modes of access.

At the center of the program is the open architecture of XenDesktop 4. XenDesktop 4 is the only desktop virtualization solution on the market with an open architecture that is designed, certified and tested to work with the wide variety of products customers already have in production, including all popular applications, servers, storage and backup systems, client devices (BTW, check out our new HDX Ready designation that ensures a truly awesome user experience), printers and desktop peripherals, security and desktop management software and systems management products. The Citrix Ready Open Desktop Virtualization Program incorporates over 200 Citrix Ready partners and covers more than 10,000 devices. The products are verified using the full reach of the Citrix Ready program... Citrix product engineering organizations; Citrix Ready partner engineering organizations; our community of technology partners, customer and resellers; as well some via third party venders who verify a range of products (for example, USB devices).

The program covers product categories from the data center to the desktop; from choice of virtualization infrastructure to choice of end user device as shown below. For more detailed information check out the Citrix Ready Open Desktop Virtualization program at http://www.citrix.com/ODV.

How do you prevent the spread of flu, create happier, more productive employees and "inoculate" your organization against disruption? It starts with making technology simple and adding the right organizational support. Let me explain.

The other day my eight-year-old boy, Alex, woke up complaining vaguely that he was not feeling well. He didn't have a fever, and he really didn't have other specific symptoms. At that point, I had a choice. I could send him to school and see if it went away, or I could keep him home.

Since my husband and I both work, the temptation could be to send the kids to school unless they're clearly ill. Only I didn't. At this point it's finally gotten so easy for me to seamlessly work from home at a moment's notice, there's no need to take the risk of exposing our germs to anyone else.

After getting my son to work on his homework, I logged into GoToMyPC which lets me securely view and control my office computer and work on my documents and programs as if I were sitting there in the office. I reviewed my meetings for the day, and informed the organizers I would join remotely via GoToMeeting.

Over the years, I have seen firsthand how these remote work tools have empowered myself and my husband - as well as co-workers, friends and customers who have shared their stories - to keep up with demanding jobs while balancing the rest of their lives. I helped launch GoToMyPC in 2001 then used it to work from home with a new baby. My husband could take the kids to soccer practice in the afternoon, and finish work from home at night. We're not tempted to bring our cold germs to work, and we always know we can get things done even if we're not in the office. It's no wonder work flexibility tops the list of most desired employee benefits.

Not everyone must get a vaccine for the general population to be protected so I imagine the same is true of remote work. Not everyone needs to be able to do it, but those of us "inoculated" with the ability to do so easily, at a moments notice, protect a much larger group. In so doing, we help prevent flu contagion, get work done when traffic or other disruptions threaten business, take better care of our families, and generally increase our well-being and productivity.

For organizations wanting to see these benefits, there are two potential pitfalls:

1. The key to adoption is making technology simple. For instance, I rely on GoToMyPC and GoToMeeting because they are easy-to-use and dependable. The more I use them, the more I benefit my employer with increased productivity - even when I might otherwise be unavailable. Some organizations think putting the tools in place is enough. However, they must also be easy and convenient before they will be widely adopted.

2. Work flexibility is a privilege. Organizations must provide remote work tools and encourage employees to make use of them in a responsible way. This requires a results-oriented culture of accountability. Measure task completion, not hours logged at a particular place. Plan for a future of increased work mobility and family-friendly policies. You may not want sick employees in the office, traveling employees to be out of touch, or new parents to quit, but if you don't publicly and frequently encourage remote work as a solution, that's what you may get.

My son, incidentally, was fine and back to school the next day. Perhaps I was overly cautious, but I'm sure glad it's easy for me to make that choice...

See Workshifting for more on working from anywhere.

I have heard some rumors of the production level App Streaming service (radesvc.exe) dying at runtime.  In the reported failure, the administrator has configured the service for automatic restart to work past the issue and I have suggested that this is only masking the problem, don't do that!  The streaming service, like most NT services, should never die and I'd much rather cure the root cause than work around the issue. 

The realities of "real users" and "production use" sometimes necessitate doing things that aren't ideal in a theoretical sense so this advice cannot always be followed, which brings us to this post where I will bring vision to the perils and values of configuring the streaming service for automatic restart.

Put your FSFD programmer hat on

You wear this hat when you're writing kernel mode code.  You write the file system filter code for the App Streaming isolation system and this code has two primary purposes; file system filtering and process monitor for sandbox management.

As a FSFD writer, you are never allowed to die or the entire machine will turn blue.  Today's post is not about kernel mode things dying, its about application level things dying.

Put your NT Service programmer hat on

You wear this hat, you think you're powerful because you run with "higher privilege"; higher than mere apps.  You may even be considered part of the "system", but from the perspective of the kernel code, you're a mere app too and as a class, all of you are untrustworthy. When a service dies, the machine does not turn blue, but it is still bad!

What does the service do?
Among other things, it is responsible for launching all isolation sandboxes and placing applications into the sandbox for execution.  Here's a chart that brings some color to this description.  What isn't drawn in the below is that the service talks to the FSFD to define sandboxes and launch applications into sandboxes.

What does the File System Filter Driver do

The FSFD hangs out and implements file system redirection - the layers of glass for the file system.  It is also responsible for managing which applications are in the isolation spaces; yes, that's plural on purpose. On a given machine, especially on a XenApp server, the FSFD can easily be tracking 500 isolation spaces.  Consider that there is state data for each of these.  It isn't large, but it exists and the code that keeps track of this actually does it in a balanced binary tree, which seems like overkill until you get large number of isolation spaces.

In the service, you also have state data for each sandbox.  Here though the state data is allocated per-thread.  Put differently, each sandbox gets a thread and this thread and only this thread is used for communication with the kernel mode code.  In this way, a few things are achieved.

1. The streaming service doesn't have to have complicated logic to manage its sandbox state
2. The kernel code can gate who it's willing to talk to based on the thread of the creator
3. When the FSFD has work for the service to do, the service "always" wakes up in the right state.

For computer science stuff, these are all positive actions. 

The negative actions

The service isn't supposed to die without a graceful shutdown and it should only close gracefully if it isn't managing any sandboxes.  In practice, "non scheduled" terminate happens all the time during development and recent reports show, it can also happen during production. 

The FSFD tolerates service death.  Why?  Primarily it does this because it doesn't have any other choice. 

If the service dies, the kernel code, being all powerful isn't surprised by this action - it "observes" that the service has died, but there isn't a whole bunch it can do about it.

Consider an example

You have isolated applications up.  Let's say you have 10 of them running, from 5 different profiles.  This means that you have 10 applications running in 5 different sandboxes.

The service dies...

The applications are still running, but they have lost their support network.

Let's say that the application now issues a DIRECTORY ENUMERATION on stuff in the isolated space.  Normally, the FSFD gathers information from the service to satisfy this request.  This is how the FSFD "LIES" to the application to tell it that things are present that aren't really present.   In this case though, the service is "gone", so what does the FSFD do?  Answer: It does the best it can and "falls back" to AIE style N layer directory merge.  The directory enumeration is satisfied, but the files that are there via a lie will not be included in the directory enumeration results?  What effect does this have on the application?  Don't know - depends on the app, but in general the results are bad.  

If the application issues a file open, you'll satisfy it based on the things you can answer without the help of the streaming service.  This means that if the file is really present in the cache, the file open will succeed and if it isn't, it won't, or execution will drop down to a lower layer in the layers of glass to answer the file operation.

Will this work for the application?  Maybe.  Ideally, you'd like to terminate the applications, but terminating applications when users have stuff running and haven't saved their work is considered bad form.

New sandboxes are launched

Recall that new sandboxes cannot be created without the help of the streaming service, so here it is a given that the service has been restarted.  When the service loads, it contacts the FSFD to register itself.  The kernel code says "nice to have you back" - but there isn't a dag gone thing it can do to help the orphaned sandboxes from the previous run of the service.  All the "app level" state data is "gone" and there's no way to put it back together again.

New launches though can be handled.  When created, the FSFD notes who the service is and will communicate with this "new" instance of the streaming service to manage the "new" sandboxes.

During development this is cool!

When developing the code, if you are the NT Service writer, this is really really cool because you can write code, debug it, terminate the debugger (which unloads the service), change the code, compile it again, run it (which loads the service) and the FSFD will just plain deal with all of this.  Very fast for development; no reboots needed and you can even do all this stuff from a visual development environment like MS Visual Studio.

During PRODUCTION this is not as cool!

Being willing to take on new sandboxes means that auto-restarting the service can seem like a good idea.  The thing this overlooks is that the orphaned sandboxes are, well they don't have their support network and without the streaming service, directory enumeration and file opens are not going to occur correctly unless the streaming cache is completely full.

Put your ADMINISTRATOR hat on

What should you do?  Answer: Treat death of the streaming service with caring detail.  It should be investigated and fixed.  The Citrix support team will love this - Joe said we should report service death rather than restarting the service.  My response, the service should not DIE unless you kill it!  I'm pretty sure service team already has the report, so I'm really writing for the next person and hopefully by the time you read this, we'll already have it fixed....

How to work around.

Above said, if you get in this situation, run one app from each profile with "-e" populated RadeRunSwitches.  This will fully populate the streaming cache and will minimize cases where the application will fail a file open or directory enumeration.  Next - Turn "-e" off as it will command a full extract on EVERY App Launch and you don't want that.  Next step - get the service fixed.  In the mean time, you can auto-restart the service to get new sandboxes created, but just be sure you aren't using the auto-restart to hide a problem that really needs to be investigated.

Before people ask, I already have feelers out to the people that have seen the service die.  Hate to have this happen with production code, but the correct answer is to research the problem and make the fix.  Hopefully readers of this post will appreciate the open nature to acknowledge a bug that isn't widely seen.

Joe Nord
Citrix Systems Product Architect - Application Streaming.

If you have paid any attention to any articles relating to desktop virtualization, you will quickly see claims like:

• Will Windows 7 fuel desktop virtualization adoption
• How desktop virtualization eases Windows 7 Migration
• Windows 7 Drives Desktop Virtualization
• Windows 7 and Desktop Virtualization: The New Tools
• Windows 7 - The Desktop Virtualization Catalyst 

 
I could go on, but you get the point. The major thought is that Windows 7 and desktop virtualization go hand-in-hand, but how do you get there?  You are not only migrating the OS but you are also migrating to a virtualized desktop operating environment.  Is this too much change for an organization?  
 
NO.  This is the perfect time to make the move.  Think about it this way, we have the opportunity to start with a clean slate.  We can define the new operating system that completely aligns with the organization's policies.  We can provide an environment that self heals and is optimized each and every time a user connects.  But in order to achieve these benefits, we have to design the environment correctly.  We need to focus on
•    What do we include in our base desktop image?
•    How do we deliver the operating system to our end point (which might be a physical or virtual desktop)?
•    How do we integrate applications into the mix?  
•    What are the recommendations for allowing users to personalize their environment without impacting the business?
•    What are the best practices for providing a great user experience for any user over any connection?
 
These are some of the topics being presenting in this week's Microsoft TechNet broadcast focusing on "Accelerating Windows 7 Migration with Citrix and Desktop Virtualization"
 
The show starts on Thursday, November 12th at 1PM Eastern time and you can register here

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• Desktop virtualization information: Ask the Architect - Next-Generation Desktop site
• Questions - Then Ask The Architect