In my previous two posts, I've described how XenApp for 2008 R2 configuration can be defined as XenApp Template-based Management, and how it can be defined as Group Policy integration in XenApp for 2008 R2. Today I will cover some common questions I get when explaining this new configuration model. Please feel free to add yours in the comments sessions below, if I didn't cover here.

Why XenApp has two ways to configure settings?

The Group Policy and the IMA policy system are in fact the same - settings coming from either will merge in a single, predictable Resulting Setting of Policies.

One way to think about it is that IMA has an additional GPO associated with the farm itself, and stored in the IMA data store. This GPO is what you edit when you change Policies in Delivery Services Console.

In case of setting conflicts, which policy document will take precedence?

Group Policy takes precedence over IMA; and IMA takes precedence over Local Group Policies. If you configure a GPO setting "SecureICA minimum encryption level" to RC5 128 bits, then you cannot override this configuration at the farm GPO or LGPO level.

How can I track from where settings are coming from?

The best way to track applied settings of a computer or session is to run a Resulting Set of Policies Logging report from GPMC. This report will show all Citrix settings configured via policy, and which Group Policy object - including the IMA GPO and filters - has actually won the merging calculation.

The policy report doesn't show the value I'm looking for!

RSoP doesn't display settings that policies have not configured. If you are looking for a specific setting, and it doesn't show on reports, then the value being enforced is "default". You can read the setting description in the policy editor to find what the default value for each setting is.

How does it work exactly?

When you edit a Group Policy object using GP Editor, we store your configuration in a file called \\<domain>\SYSVOL\<domain>\Policies\<guid>\<Machine or User>\Citrix\GroupPolicy\Policies.GPF. When you edit Policies in the Delivery Services Console, we store this same GPF structure in the IMA data store.

Every time Group Policies are evaluated on a XenApp server - server reboot; user logon; and randomized refresh intervals - we will retrieve these GPF files from SYSVOL and the datastore. Our Client-side Extension then evaluates filters and merges the results into a single RSoP, in the system registry (HKLM\Software\Policies\Citrix). Various software components then read the registry values and enforce the settings.

This diagram shows the conceptual model behind XenApp for 2008 R2 policy system.

What is the "Unfiltered" policy, how filtering works?

You will always find a Policy named "Unfiltered" when you edit any GPO. There's nothing special to it - it's just a default policy rule that applies to all machines and users in scope of that policy.

What is the "scope of the policy"? Group Policy Objects are linked to one or more Organizational Units in GPMC. GPOs may also have WMI filters. Only servers and users that are under OUs linked by that policy, and that match the optional WMI filters will process the policy. Other computers and users will ignore it. This is standard GPO processing.

The IMA Policy scope is the farm itself - i.e., settings added to the "Unfiltered" IMA policy will apply to all servers and users in that farm.

We've added an additional filtering system, allowing you to create additional settings and rules within each GPO. When you select "New..." in our policy editor, you will enter a set of configuration, and rules to apply that configuration. For example, you may set Bandwidth limits for end-point devices of a certain IP range; or restrict clipboard access for users of a specific AD security group.

We've created this extra filtering system for two reasons: first, we have additional filters related to the endpoint itself - AAC, endpoint IP, endpoint name - that are not available in WMI; second, some of our customers have very large number of policies (over 1000), and Group Policies wouldn't scale to those levels.

If you have a very large number of rules based on endpoint IP or name, then you should use the Citrix filtering rules - for example, setting a different Default Printer per endpoint name. Other than that, either way works fine. As a rule of thumb, you should minimize the overall number of Group Policy Objects, as a large number of GPOs may impact logon times.

Should I use Group Policies or configure settings in the DSC?

You should use Group Policies if you can. If you have some control over the server OU structure, and has the necessary delegation to Group Policies, GPO integration will give you the best user experience. You can leverage GPMC and AGPM functionality, and perform server management actions exclusively in Active Directory consoles.

However, if you have no delegated access to AD, then you can still fully manage your farm through the IMA policy.

I often get the question about support for Windows 7 in Citrix Single Sign-On (previously known as Password Manager). So, I figured I could use this short post to let you know that the upcoming version of Single Sign-On, to be released as part of Citrix XenApp for Windows Server 2008 R2 will include support for both Windows 7 and Windows Server 2008 R2.

If you were one of those asking that question, it is likely because you have not had a chance yet to download the Tech Preview of XenApp on Windows Server 2008 R2. Do so, and you will be able to experience a better Single Single-On that now also works in both Windows 7 and Windows Server 2008 R2.

You can follow me on Twitter at @aurelianolopez

Learn more about XenApp for R2 and other XenApp happenings:

• Download the tech preview for XenApp for Windows Server 2008 R2.
• Register for the TechTalk hosted by Sridhar Mullapudi.
• XenApp Technology Previews
• XenApp blogs
• XenApp Videos and TV
  
• Follow XenApp on | | |
  
  

XenApp Expert Series - Informational, News, Interviews (2010) The show where we interview the experts to get you the latest news in on-demand application delivery with XenApp. Host Vinny Sosa (@vinnysosa) interviews Product Manager Modesto Tabares on new HDX technologies planned for availability in XenApp for R2. Episode 6, Season 2.

Hello Everyone,

I am happy to announce that Citrix will be releasing the next exciting , feature-packed versions of Citrix Receiver and Merchandising Server software on March 1st, just one short week away! Below are just a few of the new enhancements for the 1.2 release:

Receiver for Windows 1.2:

• Includes new language support - Nine languages: English, Japanese, German, French, Spanish, Korean, Russian, traditional and simplified Chinese
• Full support for Dazzle , the new "iTunes-like" application store

Receiver for MAC 1.2:

• Automatically configure and update the new Citrix online plug-in
• Full support for Dazzle, the new "iTunes-like" application store

Merchandising Server 1.2:

• Expanded Administrator Console browser support: Internet Explorer 8 in native mode, Firefox, and Safari
• One-step download of new plug-ins. (Note: only plug-ins compatible with your version of Merchandising Server are downloaded)
• Ability to configure a back-up Active Directory server in case your primary server is down

Note: The current version of Merchandising Server virtual appliance can be imported into the Citrix XenServer virtual machine environment. We are working on releasing a version of the Merchandising Server that can be imported into VMware's ESX virtual machine environment, stay tuned for updates!

Why upgrade to Receiver?

First of all because it is a time-saving, slick, new tool that administrators and end users are finding a great deal of value in. Those customers that have already upgraded to Citrix Receiver are finding value in three main areas, are you one of them?

1. Faster, smoother rollouts of new desktops, whether they are physical or virtual
2. Ease of client management, version and configuration control
3. A single end user experience for everything Citrix

How do you upgrade from your existing XenApp Online Plug-in? Simple!

1. Download and import the Merchandising Server
2. Either push the Receiver client using your favorite ESD tool, or use the built in download page to enable end user self-service
3. Use the built-in plug-in download feature of MS to get the latest and greatest Online Plug-in
4. Configure a single rule and delivery with the new online plug-in
5. Your upgrade is now complete!

XenApp Expert Series - Informational, News, Interviews (2010) The show where we interview the experts to get you the latest news in on-demand application delivery with XenApp. Host Vinny Sosa (@vinnysosa) interviews Product Manager Aaron Videtto (@aaronvidetto) on current Citrix Receiver functionality and insight into what's planned in support for XenApp on Windows Server 2008 R2. Episode 5, Season 2.

It's been over 2 years since my initial post on XenApp/Group Policy integration... how time flies! This feature is finally seeing the light of day with XenApp for 2008 R2 (in Tech Preview right now). I'm really happy with the results, let me describe how it will enhance management of XenApp farms.

As I described in my previous post, our primary goal for XenApp management was to enable template-based management of XenApp servers. We realized that most environments used Group Policies and Active Directory OUs as a way to define these server templates. Most XenApp environments need GPOs in some capacity to configure RDS, profiles, lock-down servers, configure sessions and the operating system.

GPO integration therefore reduces the number of consoles used for common management task. This sounds counter-intuitive at first: the Group Policy Management Console (GPMC) is an extra console... But the reality is that tasks can be fully performed on the Active Directory consoles: Creating a new app silo or farm? Create a new OU, drop servers there, and assign a new Group Policy Object to that OU. Adding servers to the farm? Just drop to the right OU. Maintaining dev, test, and production farms? Just link the high-level policies to the right OUs, and override any farm-specific setting using child OUs.

Additionally, GPO integration means all GPO management features now apply to XenApp settings as well. GPMC supports backup/restore; migration; and resulting set of policies (planning and modeling). AGPM supports off-line editing; configuration logging; change control; role-based delegation; and more.

Finally, GPO integration allows separation of management roles within IT. XenApp administrators can delegate server provisioning more easily, knowing that the only required step is the correct OU assignment for the server - something non-XA admins can understand and perform without specific XA delegation.

How will it work?

When you install the XenApp for 2008 R2 Management Console, it will include extensions to GPMC and GP Editor. GP Editor will display new Citrix policy nodes under the existing Computer and User nodes. These apply to all servers and/or users under the scope of that GPO (generally the list of OUs the GPO is linked to). The GP Editor extension is also installed at all XenApp servers, so the Local GPO editor (gpedit.msc) will also display XA settings that apply to that computer alone.

This picture shows GPEdit after XenApp management consoles are installed:

In this example, I've selected "User Configuration", "Policies", and then "Citrix Policies". The UI is the same as the policy editor found in the native XenApp MMC console. The difference is that these policies are associated with the Group Policy itself, rather than any one farm! In other words, this policy will apply to all computers and users under the scope of this policy, even if the computers are in multiple XenApp farms.

Note that we didn't use standard ADMX files to represent our policies. ADMC couldn't handle our filtering requirements. Our policies support session filtering based on the client-side parameters - AAC tags; client IP range; client name; etc - as well as computer filtering based on IMA Worker Groups membership.

You can set any number of policies under "Computer Configuration" and "User Configuration" for a single GPO. Each policy has its own filter - in the example above I've set policies for any user connecting from IP addresses different than 10.15.* - representing remote users.

All the Group Policies rules and features apply to the Citrix extension: loopback, enforced policies, ACL and WMI filtering. For example, the following Modeling Report shows Windows and XenApp policies side-by-side:

I've launched this simulation from the "Citrix Group Policy Modeling" wizard, added to GPMC after you install the XenApp extension. That wizard replicates all steps of the "Group Policy Modeling", with one extra page where you can enter client IP, name, and AAC filters you want to simulate with.

Note that you can see which Group Policy setting "won" for every single setting. You can also see which XenApp filters "matched" the simulation, and the resulting policy group within the GPO.

We know, however, that some XenApp admins cannot effectively use Group Policy - they either lack delegated control to the XenApp OU; or they are not using Active Directory. In this case, you can fully manage your farm using the Policy node in the XenApp Delivery Services console. I've shown how that is done at this blog post here.

Does this mean we have two policy systems, one in IMA, and another with Group Policies?

Not at all! I will describe how the IMA Policies and Citrix Group Policies extension work together in my next post.

Learn more about XenApp for R2

• Download the tech preview for XenApp for Windows Server 2008 R2.
• Register for the TechTalk hosted by Sridhar Mullapudi.
• Follow XenApp on | | |

XenApp for Windows Server 2008 R2 has a new HDX Plug-n-Play feature called True Multi-monitor. First of all, why the heck is it called "True". Does it mean our existing Multi-monitor solution on Windows Server 2003 and Windows Server 2008 R1 we had for several years was "False" . Let me explain. Historically Terminal Services has not allowed the mapping of multiple display devices into a remote session. So we presented a single display to Windows that overlaps all of the display devices on the client. And XenApp had to hook (the infamous MMHOOK) the Windows APIs that deal with multiple monitors to fake the existence of different display devices where in reality there is only one.

With True Multi-monitor, our display driver can actually present multiple display devices to the host Windows OS server that match those on the client. This will enable Windows to completely handle the Multi-monitor behavior. There are several benefits with this approach as outlined below

• Improved application compatibility as we never have to deal with hooking conflicts with other applications
• Better performance as we delegate the Multi-monitor tasks to Windows
• Better quality as we don't have to work around specific application and monitor configuration bugs

And best of all, this feature relies on server side changes and hence you can use this feature with your existing online plug-in/client deployments.

"Learn more about XenApp for R2"
Download the tech preview for XenApp for Windows Server 2008 R2.
Follow XenApp on | | |

The main theme behind XenApp for Windows 2008 R2 management was to enable template-based management of XenApp servers. Instead of configuring individual servers, the new release let you use "templates" to simplify common management tasks and eliminate configuration drift among servers in a silo.

Now that the Parra Tech Preview is available, you can finally see how things worked out!

As an example, assume I want to create a new group of servers to host Office 2007 - i.e., a new application silo. All servers in this group will be configured in the same way, and will publish the same applications.

The first step is to create a "Worker Group". Worker Groups are groups of servers, introduced in XA for 2008 R2. Unlike server folders, worker groups are unstructured - a server may belong to multiple worker groups.

Worker Groups are the Templates that applications and configuration policies will apply to.

In the example, I will use an OU to assign servers to this worker group - I could also select individual servers, or AD Security Groups. Select the "Worker Groups" node in the Citrix Delivery Services Console (the MMC - the Java console was removed - yay!), and "Create Worker Group":

Applications can now reference these worker groups. You can still publish against individual servers, but I really recommend you start making use of worker groups for your apps going forward:

For server and session settings, you will use the new "Policies" node. Select the "Computers" tab to show computer policies, then "New...", then go through the wizard.

There are two policies now: "Unfiltered", which is always present and applies to all computers in the farm; and a new policy I've created called "Office 2007 App Group". I've entered the server settings for that silo, and applied a filter to my Office 2007 worker group. Computers outside that worker group will ignore this policy.

Computer policies replace the old Farm and Server settings pages. Policies are much more flexible, since they apply to group of computers. As long as the server group membership is correct, you can be sure the settings and applications assigned to that server are correct.

The "Users" tab in the Policies node replace the old Session Policies from the Java console. The usability for Computer and Session policies is exactly the same.

That's it! Now, adding or removing capacity to this app silo is just a matter of adding or removing the server from the OU. It means the provisioning step for XenApp servers can be done completely without going to the XenApp console, and without scripting!

Stay tuned! Next, I will deep-dive on the new policy system, and talk about Group Policies integration.

Learn more about XenApp for R2

• Download the tech preview for XenApp for Windows Server 2008 R2.
• Register for the TechTalk hosted by Sridhar Mullapudi.
• Follow XenApp on | | |

XenApp Expert Series - Informational, News, Interviews (2010) The show where we interview the experts to get you the latest news in on-demand application delivery with XenApp. Host Vinny Sosa (@vinnysosa) interviews Product Manager David Wagner on new User Profile Streaming technology planned for availability in XenApp for R2. Episode 4, Season 2.

.

XenApp Expert Series - Informational, News, Interviews (2010) The show where we interview the experts to get you the latest news in on-demand application delivery with XenApp. Host Vinny Sosa (@vinnysosa) interviews XenApp Architect Juliano Maldaner (@jmaldaner) on best practices for Migrating to XenApp for R2. Episode 3, Season 2.

XenApp Expert Series - Informational, News, Interviews (2009) The show where we interview the experts to get you the latest news in on-demand application delivery with XenApp. Host Vinny Sosa (@vinnysosa) interviews interviews Adam Marano (@adammarano) on CitrixCloud.net and best practices for optimizing your applications for delivery and session virtualization to smartphones. Adam discusses tips for developers as well as day to day optimization that requires no code. Episode 2, Season 2.

In our first part of this series, we talked about publishing apps at the right resolution... something that doesn't really require any custom development. All it requires is a little thought and observation about an app in general. In part 2 we talked about publishing apps as tasks to basically turn receiver into a list of tasks that represent the way your users work. Now, we'll take that a step further and talk about some useful apps you may want to publish. There are many more, I am sure, and if you have some you would like to add, please comment on this post. I've just added the top 5 here.

Optimize Configuration by publishing useful apps

As I stated in the previous post, the last thing you want to do is make available applications that aren't really usable on small form factors just for the sake of saying, "I did it" (Don't laugh, I've seen this practice myself).

To start off your implementation and help ensure early user adoption and support, here is a short list of useful applications you might want to publish. Don't forget that session resolution, as discussed in the previous post, can help with the user experience.

• Microsoft Powerpoint and Powerpoint Viewer - I love PowerPoint and PowerPoint Viewer on mobile devices. The reason is because it's a great helper app. I have an iPhone and most smartphones have built-in readers for office. The problem is that they don;t preserve the animations. They also don;t parse data very well so complex presentations with lots of graphics and animation can come out all garbled. For these, I use Microsoft Powerpoint. If I need to get a review on a Powerpoint done quickly or if I'm on my way to a meeting and want to practice my presentation, I can open a PPT up on my iphone and work away. I can even practice and record timings. I would publish this app at 640x480 or 960x640 (landscape) if you are working with phones that have a built-in accelerometer and automatically flip to landscape when the users turns the phone in it's side. Users will want to naturally flip it on it's side anyway. Publishing at this resolution gives users the ability to navigate using a 4 quadrant display while at the same time being able to easily zoom out to view a PPT in slideshow mode. You'll want to try a variety of configurations depending on the mobile devices you need to support. Publish this app as "Edit a presentation" or "View a presentation". Publish Powerpoint Viewer or Powerpoint with the /s command line option to open in slideshow view only. Publish this task as "View a presentation".

• Citrix GoToWebinar and GoToMeeting - In conjunction with Microsoft PowerPoint, this is a killer app for anyone on the road. If you don't have a laptop connection and are in a pinch to watch a webinar, you can do it via GoToMeeting or GoToWebinar on XenApp. It's even handy for hosting small meetings using a hosted session running PowerPoint. It's great for participating in meetings if you're broken down somewhere or at the beach enjoying a lazy day when the board of directors decides to have an emergency call. I'd publish this app at 640x480 or 960x960 to make it easy for users hosting a conference to use the toolbar. If you want to see this in action yourself, get a demo account at CitrixCloud.net and connect with your mobile device. Publish this app as "Join a Webinar". In fact, even if your organization doesn't support this yet but you have a GotoWebinar (like a Citrix TechTalk) or a GotoMeeting to attend, you can use CitrixCloud.net and published GotoWebinar to participate. I've done this myself for morning meetings from 8-9. I have a suction stand and stereo jack that lets me mount my iPhone on my windshield and plug the sound into my car stereo. I can be on the con-call and at red lights (of course I'm safe ) I'll glance over and see what's going on in the presentation. Very nifty tool. Especially if you're running late or if you need to multi-task without your laptop.

• Microsoft Outlook - I know you're probably thinking "how could this app possibly be on this list when smartphones can already access e-mail". Well, guess what? Not all organizations allow mobile e-mail. In fact they don't trust mobile devices at all due to the fact that e-mail is cached and if the device is lost this can pose a security risk. Even in any organization there are always a handful of users that are involved in mergers and acquisitions or have access to sensitive information. These users can't even have Camera's on their phones. You might want to provide them with access to Microsoft Outlook from XenApp which could serve as a more secure option for you. It's also useful for use with GoToWebinar, GoToMeeting and PowerPoint if you have meetings scheduled in your calendar (makes webinars easier to start from published Outlook). It's also useful if you have to review that PowerPoint you got in e-mail but your local viewer isn't cutting it. Open Microsoft Outlook, search for your e-mail with attachment and open it from there. Check out the first blog post in this series for more specific direction on Microsoft Outlook. Publish this app as "Access e-mail".

• Doc Finder - Doc Finder is a feature of Citrix Receiver for Mobile Devices. Doc Finder is kind of like Windows Explorer built for small form factors. This is super useful for users with lots of centralized data. Just think about it... There are two ways to open a file... using explorer or using an applications File...Open... menu. For small form factor devices, both of these methods are frustrating, requiring panning, zooming, tapping, moving, panning, zooming, etc. The easiest thing is to open Doc Finder, find your doc using simple taps and an interface that actually works on the device you're using. You'll want to publish Doc Finder at 640x480 to enable users to work with the apps that will open when they find their file (i.e. Word, Excel, PowerPoint, etc.). Publish this app as "Find & open files". If you decide not to make it available in this manner, then you might want to publish it at 320x480. Isolate the application on a virtual XenApp server and use in conjunction with file type association. This way, when the user opens a file, it will open Microsoft PowerPoint in a separate session which can be configured at a higher resolution (640x480). Don't worry, this scenario only uses one license.

• App Viewer - Probably one of my favorite utilities is App Viewer, another feature of Citrix Receiver for Mobile Devices. App Viewer is a web browser with no user controls. It's great for maximizing usable area for web apps. So, if you see the graphics below, one shows the experience of publishing a flash-based app running in Internet Explorer. The other is the same app using App Viewer. This app is so useful for custom apps or even your own web apps if you decide not to do any customization (More on customization later in the series). Publish this app as the task enabled by the web app is it delivering access to.

So check these apps out for starters and visit CitrixCloud.net for more ideas. Keep your eye on Adam Morano and Ray Yang for more in this area. They are our Guru's here.

Other blog posts in this series:

• Part 1: Session resolution by Vinny Sosa
• Part 2: Publish Tasks by Vinny Sosa
• Part 3: Make your app mobile friendly by Chris Fleck

See best practices in action at CitrixCloud.net

Follow me on Twitter

Follow XenApp on | | |

In our first post in this series we talked about publishing apps at the right resolution. Here, we'll talk a little more about an application publishing concept called publishing tasks.

Optimizing Configuration by publishing tasks

In the mobile world, users perform tasks. Just think about it... every app is designed to perform a single task very well on a small form factor. The most important thing you can do when providing access for mobile users is to understand the tasks your users perform when they work with your applications and then break applications down into specific tasks wherever possible. Doing so will save users time and make navigation easier. An easy example is Microsoft PowerPoint. With this app, a user can either edit a PPT or view a slideshow. You can publish Powerpoint,exe and call the published app "Edit a presentation". That is fine for users who want to edit a PPT file on their mobile device (however impractical that use case may be). But, if users want to simply view files in slideshow, you could save them some panning, zooming and a couple of taps if you publish PowerPoint Viewer (the program specifically made to view slideshows). In this case, you might call it "View a presentation". These are two distinct tasks that a user would want to perform and for which you can tailor the application session.

TIP Citrix Receiver even has built-in short cuts to help users work with with PowerPoint like a slideshow button on the keyboard to enter and exit slideshow easily, a tab button to move between objects on a slide in edit mode, as well as the general copy, cut, paste and save shortcuts.

A more sophisticated and real-world example might be a Healthcare application used in a hospital. In this case perhaps you take a user like a nurse. That nurse might be giving medication or taking vital stats or simply entering notes. If you can publish direct access to those tasks by using a command line parameter then you should do so. For example, if the app is a web app, then publish App Viewer or Internet Explorer with the URL to a specific page as a command line parameter. If you can do this, it will save clicks, pans and zooms and make the application at least more bearable for use in a pinch.

TIP Many apps have command line parameters that can help. Google or Bing the application executable or check the vendor's admin guide to see if there are any that might be useful for publishing apps in a specific resolution, in a different mode or even to get to a specific screen upon opening.

Make the Receiver yours

The Receiver isn't just client software for accessing applications. It helps you organize applications in a way that makes sense to your organization. However, with Receiver for Mobile devices, you can take that concept to a new level. For example, a traditional XenApp admin may use a folder structure that organizes apps by package as follows:

• Microsoft Office 2007
  • Microsoft PowerPoint 2007
  • Microsoft Excel 2007
  • Microsoft Word 2007
  • Microsoft Outlook 2007
    etc.

I submit to you that making this menu task oriented is far easier for mobile users as long as there are actual task-based applications behind each item. So, a new folder structure for published apps may look as follows:

• Work with files (Folder)
  • Find & edit files (Opens Doc Finder)
  • Create Presentation (Opens PowerPoint in edit mode)
  • View a Slideshow (Opens PowerPoint Viewer)
  • Create a document (Opens Word)
  • Create a Spreadhseet (Opens Excel)
• View e-mail (Opens Outlook)

Another example might look like this if you were able to publish apps with command line parameters as mentioned in the first section above:

• Patient Care (Folder)
  • View dashboard (Dashboard that show me open tasks, active patients, messages, etc.)
  • View active patients (App that filters only current open cases assigned to me)
  • Record patient data (App that let's you enter patient data)
  • Search Prescription Med DB (Reference app that let's me search for info in prescription meds)
  • Write Prescription (App that let's me write a prescription for my patients)
  • View historical records (App that let's you view patient data for archived cases)
• Administration (Folder)
  • Order supplies
  • View budget
  • View payroll status
    etc.

So, the lesson here is that you don't necessarily need to customize your applications as a first step. Consider simple things that you can do to make it easier for users by reducing the number of clicks or taps they have to go through to do what they need to do. Do a little research to find out how much flexibility you have in your own apps to get users to the screen they need to use right when they open the app. These things go a long way to creating a great user experience.

Stay tuned for more in my next post in this series - "Publishing useful apps."

Register for XenApp Tech Previews including Receiver for Blackberry

See best practices in action at CitrixCloud.net

Follow me on Twitter

Follow XenApp on | | |

XenApp Expert Series - Informational, News, Interviews (2009) SEASON PREMIERE The show where we interview the experts to get you the latest news in on-demand application delivery with XenApp. Host Vinny Sosa (@vinnysosa) interviews XenApp Architect Juliano Maldaner (@jmaldaner) on the exciting new technologies coming for XenApp on Windows Server 2008 R2 and why it's such a boone for customers. Episode 1, Season 2.

Citrix XenApp 5 Feature Pack 2 for Windows Server 2003 has a very cool feature called Secure Clipboard Control. The technical folks may know this feature as "Read-Only Client Drive Mapping and Clipboard", but the end results are the same: it further mitigates risks of data leakage.

Granting remote users CDM access is great because they can open local files with server published apps. But they also have the ability to save server documents locally thereby increasing the probability that confidential data leaks out beyond the enterprise. Some customers have tried to tackle this problem by disabling CDM and clipboard altogether, but that does not offer users flexibility - what if administrators want to only let users save documents back on the server? This is where the new Secure Clipboard Control setting can help. It is a really simple feature for administrators to configure, yet provides an added level of flexibility (users can save documents to the server, but cannot save documents to the local device) administrators didn't have before.

To enable the feature in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdm\Parameters, create a DWORD value with value name ReadOnlyMappedDrive and value data 1.

To enable one way clipboard In registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\Virtual Clipboard, create a DWORD value with value name ReadOnly and value data 1.

After rebooting the server all users that connect will only be able to read documents from their mapped drives and will only be able to copy and paste text into a published application. Data that is copied into the published application clipboard (via CTRL-C) will not show up in the client's clipboard paste buffer. Whenever the user tries to save a file to a mapped drive they will get an error saying they don't have permission to write to the location because XenApp has the drive open in read-only mode.

For now both settings are server wide so remote users will have to be confined to specific machines where the settings are enabled. You can find out more about this feature at CTX123002 and in Citrix eDocs here.

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp feature matrix by platform, version and edition - http://citrix.com/xenapp/comparativematrix
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

I was away for a couple of week, but I'm back and very excited to tell you about the HDX Plug-n-Play for USB storage device. HDX Plug-n-Play for USB storage is another HDX/High Definition eXperience feature introduced in XenApp 5 Feature Pack 2. I believe this new feature will really eliminate many headaches for XenApp administrators and end users alike. So imagine, users now have the ability to plug-in their USB thumb drive/USB stick and use it with their XenApp delivered application at any time; before launching the application or while they are in the middle of working with the application. Effectively, users now have a local-like experience when interacting with a USB stick or USB disk drive.

For those not familiar with how USB storage worked prior to Feature Pack 2, let me explain... Let's say you are working with Microsoft Powerpoint delivered to you via XenApp. A co-worker stops by, hands you a USB stick and asks for a copy of the Powerpoint. Naturally, your instinct tells you to plug in that USB stick, go to Powerpoint - File - Save As... <bzzzz - wrong!>. Prior to Feature Pack 2, users must first plug in the USB stick before starting the Powerpoint. Otherwise, XenApp would not recognize and map the thumb drive in the session. Needless to say, it's not very natural, and couldn't be any less instinctive.
Many customers & admins I talked to are raving about this new feature in XenApp! They are excited because they no longer need to "re-train" users how to use USB drives with XenApp. IT no longer have to field support calls on why they don't see the USB stick in the application. Applications delivered with XenApp become ever more transparent to the end users...and that's a great thing!

How do I enable this feature? This feature is enabled by default. So, if you have policies to not allow use of USB sticks, you'll need to disable this feature in the registry by following the instructions below or in eDocs.

On XenApp 32-bit edition
HKEY_LOCAL_MACHINE\Software\Citrix\Policies\DisableUSBRedirection
On XenApp 64-bit edition
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\Policies\DisableUSBRedirection

Type: DWORD
Values:
1 = redirection disabled
0 = redirection enabled

Now, I also want to point out that this feature, like the HDX MediaStream for Flash is currently available on XenApp 5 for Windows Server 2003. Support on Windows Server 2008 is forth-coming and I'll be sharing more information on this site in the near future.

So, there you go... XenApp 5 Feature Pack 2 makes life easier for admins and end users, again! And if you missed my first post on how XenApp 5 Feature Pack 2 delivers a local-like experience with Adobe Flash content, take a look at HDX MediaStream for Flash
But wait! Tomorrow, Ola Nordstrom from our Security team will post our HDX Easter-egg feature called Secure Clipboard Control. Very cool feature for customers who require better control of information flow in an XenApp session. So, stop back tomorrow!

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp feature matrix by platform, version and edition - http://citrix.com/xenapp/comparativematrix
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | | [|http://www.linkedin.com/groups?gid=2130967&trk=hb_side_g|Follow XenApp application

Planning is done, content is ready, now we are in the middle of rolling out the XenApp 5 Feature Pack 2 training to the support teams worldwide.

By Sept 29th, the date in which XenApp 5 Feature Pack 2 will be available for download as mentioned in the Official Press Release, we plan to have a majority of Support engineers trained.

The 2 1/2 day XenApp 5 Feature Pack 2 comprehensive training course covers all new features as outlined by Vinny Sosa in his What's new in XenApp 5 Feature Pack 2 in plain English blog. A majority of the course is spent "hands on" installing, configuring, break/fixing and troubleshooting the various new features.

Then 3-5 months post release we plan to deliver a follow up "Advanced" session on common issues encountered.
The agenda for the Advanced session will be based on common/troublesome support issue logged in our CRM, Support Forums and Tech Support Twitter accounts, here and here.

Learn more about Citrix XenApp 5 Feature Pack 2

■Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
■XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
■XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
■XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
■XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
■XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
■Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
■XenApp Product Page - http://citrix.com/xenapp/

David
Twitter - http://twitter.com/citrixreadiness
Citrix Support on Facebook - http://www.facebook.com/citrixsupport

• VM hosted apps - Lets you deliver Windows applications from centrally hosted virtual machines running Windows XP, Windows Vista and Windows 7. The name is a bit misleading in that you can even use physical machines or blade PC's to host the applications in question. This feature is great for regulated applications and those which have performance bottlenecks, peripheral compatibility and general compatibility issues on Terminal Services. It's also great for applications where your ISV won't support them on Terminal Services. So far, everyone agrees that hosting applications on XenApp servers is still the most cost-effective way of delivering apps and that they'd rather stream applications to the users device before going VM hosted apps. But if you go the VM hosted apps route, you'll still get better TCO than native application deployment with remote installation. One thing is, for VM hosted apps, you'll need Microsoft VECD licenses, not Terminal Services CALS. Most environments will have a mix though so just keep this in mind as you consider it. Plus, we've announced pre-registration for the tech preview of XenApp on Windows Server 2008 R2. Available to Enterprise and Platinum customers. You'll want to check familiarize yourself with VECD using the licensing guide which I found helpful.
  
  
• Windows 7 and Windows Mobile support - In this release, we now support access from Windows 7 devices to server and VM hosted apps (we call these online apps), as well as streamed applications running on the users desktop (we call them offline apps). We've also released an updated profiler which includes Windows 7 as an option. Plus, we'll be releasing an updated Windows Mobile client shortly. Keep an eye on Pedro Llaguno's blog for more information on this one. Available to all customers or any edition.
  
  
• Streamed application performance - I interviewed Joe Nord a few weeks ago on this and he mentioned that the engineering team has really focused on performance improvements and bug fixes for this release rather than adding a ton of new features. In fact, when I pressed him on the topic of performance after the show, he told me about some internal tests where we saw improvements ranging from 22% to 33% faster initial launch times and 50% to 65% improvements for subsequent launch times. Definitely worth a look whether you're using it or not. Available for Advanced, Enterprise or Platinum Customers.
  
  

Enterprise Class Management - Better management of your application virtualization solution

• Power and Capacity Management - My personal favorite feature in this release. If you didn't get the chance to play with the technology preview, this feature will certainly shock you. It has the potential to save you a bunch of money on electrical expenses. You install an agent on your XenApp servers (whether virtual or physical) and Power and Capacity Management turns them on and off when capacity is needed based on rules you create. You tell it how much capacity you always want available on standby and it just keeps turning on servers as users log into your farm to maintain that buffer capacity. Plus, you can manage multiple farms from a single implementation. But Power management is only half of this feature. The other half is capacity management. This feature will help to keep sessions consolidated on fewer servers while maintaining adequate user performance. This is awesome for when you need to perform server maintenance - now you don't have to wait for users to log off or bump them. You can even tell capacity management to drain sessions on servers for you so you can come back later and perform your maintenance. You can even configure capacity management to drain old server images and replace them with new server images (say one with a new application or hotfix configured). Simply amazing. It's the only XenApp-aware power management solution available to my knowledge. Available to Enterprise and Platinum customers running XenApp on Windows Server 2003.
  
  * Provisioning Services - some key enhancements which you might already be aware of but certainly worth mentioning are multi-partition and dual NIC support for provisioning images. Plus there are some wonderful new fault tolerance improvements that have been made such as server maintenance mode which let's you transfer image management between multiple provisioning servers in the event you need to bring one down for maintenance. And of course, Provisioning services can be used to manage VM hosted applications. Enterprise edition customers can use Provisioning services to manage VM hosted apps only. Platinum customers can use Provisioning services to manage VM hosted or server hosted apps.

  
  * Service Monitoring - New server metrics make Service monitoring in XenApp 5 Feature Pack 2 a must have. Service monitoring now measures the performance of XenApp servers running on XenServer by giving you visibility into the performance of the hypervisor. This will help you better determine the right mix of physical and virtual servers in your environment. In addition, you can now measure application start up time for streamed applications - a nifty feature for testing those new performance improvements we've made with your own apps. Service monitoring is available to Platinum customers.

  
  
• Workflow Studio 2.0 - This latest release is what you XenApp administrators have really been waiting for. We've finally got the API's you need to expose custom workflows that include XenApp. So as an example, you can now simplify the process of adding users or even publishing new resources. One of my favorite examples is creating a provisioning app that let's HR add the users they want to the apps they need based on the department they need to be added into. I haven't seen this done but it is possible with Workflow studio and a little elbow grease. You can even expose specific functions like session management features so that they can easily be accessed from your Windows Mobile or iPhone. This is only going to continue to get better as time goes on. And if you haven't heard, we have PowerShell Commandlets for XenApp in tech preview as well. You can learn more about Workflow Studio 2.0 from Pete Schulz, Product Manager and a good friend of mine to boot. He just posted a blog post last night on this very topic. Workflow studio is available to Advanced, Enterprise and Platinum edition customers.
  
  

High Definition Experience - Ensuring best performance and usability

• HDX MediaStream for Flash - This technology was available as a tech preview and Juan Rivera has blogged about it extensively. He also recorded a XenApp Expert Series video for us on the topic. Basically, it leverages the processing power on the users Windows device to render Flash content and applications. This offloads the server and also improves performance and fluidity for the user. Nobody else has this kind of technology. What's more, if the users device isn't capable of rendering the content, it will automatically fall back to server-side rendering. We call that Adaptive orchestration (nobody else gives you that either). It's available in Advanced, Enterprise and Platinum Edition and for XenApp running on Windows Server 2003.
  
  
• HDX Plug and Play for USB storage devices - We've supported USB drive mapping before. This is just a bit different in that users can plug in their USB drive even if they are already in a session and it will be mapped automatically without their having to restart their session. It's a great usability feature and is available to Advanced, Enterprise and Platinum customers and for XenApp running on Windows Server 2003.
  
  
• Profile management - Profile management has seen some bug fixes and platform support enhancements. Plus we've added a number of counters to Service monitoring that expose the performance of user profiles within your environment to give you a better idea of how performance bottlenecks in user profiles can be affecting the performance of your applications. Stay tuned to Dave Wagners blog for more on this feature. Profile management is available in Enterprise and Platinum Edition.
  
  
• EasyCall voice services - EasyCall is probably one of my favorite features that hasn't caught on yet but I know it will cause it has the potential to save customers money and make life easier for users. In the previous XenApp release, we introduced this as a Xen-based virtual appliance available to Advanced, Enterprise and Platinum edition customers. Basically, EasyCall let's users hover their mouse over any phone number on their screen and then click to call that number. This is accomplished using a plugin on the users device. The plugin communicates call requests to the EasyCall virtual appliance and then the appliance tells the VoIP system to call the user at their current location and then to call their destination number. It's not just a cool feature though. It saves money by using your corporate rate to let users make business related calls rather than using their residential long distance rates. It's also great for customer service and sales people to reduce the amount of first minute charges for misdialed calls. In this release, we added a feature called Find Me which lets users configure phone numbers that EasyCall will use to redirect their calls to if they are not available, trying each one in order. Basically, you can do away with the softphone using EasyCall. EasyCall is available to Advanced, Enterprise and Platinum edition customers.
  
  Let me know if you have any questions. Check out other Feature Pack 2 Blogs or you can also check out the resources below.
  
  

  Learn more about Citrix XenApp 5 Feature Pack 2

  
  

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp feature matrix by platform, version and edition - http://citrix.com/xenapp/comparativematrix
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

Check out this recorded tech talk for coverage and information on the latest features of
Citrix XenApp 5 Feature Pack 2.

Learn more about XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

XenApp Expert Series - Informational, News, Interviews (2009) The show where we interview the experts to get you the latest research and technology news on XenApp application virtualization. Host Vinny Sosa (@vinnysosa) interviews Citrix Readiness Architect Stacy Scott on enhancements coming in XenApp 5 Feature Pack 2. Episode 8, Season 1.

View this Episode and Subscribe to the XenApp Expert Series

Listen to this episode Listen to archived episodes: Episode 7: Application Streaming with Joe Nord Episode 6: VMHosted Apps with Modesto Tabares Episode 5: Power and Capacity Management with Juliano Maldaner Episode 4: HDX MediaStream for Flash with Juan Rivera Episode 3: An Overview of HDX with Derek Thorslund Episode 2: Profile Management with David Wagner Episode 1: Power Management with Sridhar Mullapudi

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |