Follow on Twitter
Post to Twitter
Join Leo Laporte, Randal Schwartz, and Ian Pratt in this podcast on Xen, the multi-platform virtualization software.
Hosts: Randal Schwartz and Leo Laporte
Guests: Ian Pratt for Xen
Ian Pratt is VP of Advanced Virtualization Prododucts at Citrix Systems, and the leader of the Xen program. Previously, he was a senior lecturer at University of Cambridge Computer Laboratory, and a Fellow of King's College Cambridge.
Click below to continue to the podcast:
http://twit.tv/floss67
If you are like me running a 1280 x 1024 display resolution, you may have run into the issue of displaying a virtual machine console at 1024 x 768 display resolution inside XenCenter. Even when XenCenter is maximized I still have to use virtual and horizontal scroll bars when working on a virtual machine console. It's inconvenient to use. Here is the screen shot.
I found a solution today. After I hide the toolbar and adjust the width of the left column, the VM console can be used without relying on scroll bars.
Here is the screen shot.
To disable toolbar, go to View menu and uncheck ToolBar option.
Check out the new XenServer.
Here is the new community site.
Ray (Ruiguo) Yang
Check out my other blogs
Subscribe to my blog RSS feed
Follow me (RayYangCitrix) on Twitter
明日からInterop Tokyo 2009のXen Technology 2009というブースで、仮想化関連技術・製品の展示や紹介をします。
特にCitrixの展示ブースでご覧になれるものは、仮想環境における下記のような技術です。
- アプリケーション仮想化: XenApp
- デスクトップ仮想化: XenDesktop
- サーバ仮想化: XenServer
- 電源管理
- 3D CADアプリケーション
- Flushの再生
- VoIPアプリケーション
- パフォーマンステスト
- パフォーマンス監視
- スマートカードを使用した認証
その他にも、弊社のパートナーから色々な技術・製品が展示されますので、時間があるかたはぜひともご来場いただければとおもいます。
また、ShowNetとよばれるInterop Tokyo 2009のNetworkで、NetScalerとXenDesktopが使用されています。NetScalerは、ServerのロードバランシングやIPv4からIPv6への変換などをおこなっています。また、Interop会場内に設置されたHPのシンクライアント端末からXenDesktopで配信されるDesktopに接続することができます。
Xen.org is pleased to announce the latest release of the Xen hypervisor, the open source industry standard for virtualization. Xen.org is a global community of independent and industry developers, university researchers, users, and virtualization gurus who regularly contribute to the shared design, development, support, and improvement of the Xen hypervisor platform.
The new release, Xen 3.4, furthers the vision of creating a powerful, efficient, and ubiquitous virtualization hypervisor. As part of the Xen community's commitment to continuous improvement, the new hypervisor offers significant enhancements in the following areas:
• Xen Client Initiative (XCI) Enhancements-Xen.org continues develop industry virtualization standards for desktop and client devices. Xen 3.4 contains the initial XCI code release providing a base client hypervisor for the community to extend and improve. This new version of the Xen hypervisor expands the hardware options for the leading open source virtualization platform.
• Reliability - Availability - Serviceability (RAS)- In addition, Xen now delivers a collection of features designed to avoid and detect system failures, provide maximum uptime by isolating system faults, and provide system failure notices to administrators to properly service the hardware/software. The combination of these services provide for a robust Xen hypervisor with fault-tolerant and back-up capabilities built-in.
• Power Management - Xen 3.4 improves the power saving features with a host of new algorithms to better manage the processor including schedulers and timers optimized for peak power savings.
Xen 3.4 is currently available via free download to developers by visiting the Xen.org website at: http://www.xen.org/download
Momentum in the Xen Community
The Xen community remains strong and active. On average, Xen.org receives more than 750 new code submissions to the source tree each month from developers across the world working on an array of solutions within the hypervisor. Industry leading companies such as Intel, AMD, HP, IBM, Oracle, Red Hat, Sun, Fujitsu, and Novell are part of the vibrant Xen.org community and contribute to the development of the hypervisor code. The Yankee Group's Third Annual Virtualization Survey reports a significant increase of commercial Xen-based solutions which represent 17 percent of total market share. This includes a Citrix XenServer share of 11 percent, plus an additional six percent from other open source suppliers.
On an ongoing basis, university research and other high profile Xen projects are regularly incorporated or run on the hypervisor. For example, Project Snowflock from the University of Toronto leverages the Xen hypervisor to instantaneously launch thousands of virtual machines for fast, efficient, scalable parallel processing and Project HXen extends the Type1 virtual machine monitor (VMM) functionality in Xen to a Type 2 VMM for a simplified method of deploying Xen to desktops, laptops, USB sticks and other devices where the base OS is left in place. For high availability, Project Kemari and Project Remus provide transparent, comprehensive, high availability to ordinary virtual machines running on the Xen virtual machine monitor by maintaining a completely up-to-date copy of a running VM on a backup server, which automatically activates if the primary server fails. These are examples of the various contributions across academia and within the development community to Xen.org.
To date, thousands of companies and universities have chosen the power of open source Xen, making the Xen hypervisor their choice to provide virtualization in their IT environment. Last month, more than 100 attendees from the open source community participated in the Xen Summit sponsored by Oracle; similar events are planned in Europe and Asia this year to support the growing global community.
In addition, the Xen.org community is committed to providing more resources to its members:
• Xen.org Solutions Searchis a new online tool enabling customers to quickly find consultants, hosting providers, developers, and solutions built on the Xen hypervisor platform. This search system profiles the growing ecosystem for the Xen hypervisor.
• Xen.org is committing resources to expand the global footprint for support and promotion of the open source Xen hypervisor. Materials are being translated into Spanish, German, Portuguese, Chinese, and Japanese with the community Wiki now available in English, Spanish, French, Russian, German, Chinese, Korean Japanese, and Italian. Support groups for customers are also available in English, Portuguese, Japanese, and Italian.
• Finally, Xen.org is excited to offer an event for virtualization customers and prospects in Europe called Xen Directions,being held in conjunction with LinuxTAG on June 27, 2009 in Berlin, Germany. A variety of hands-on Xen demonstrations will be offered to the European technical audience for the first time. In 2010, Xen.org will be hosting the first event in South America as part of the FISL event in Brazil.
Ian Pratt, Citrix VP of Engineering, founder of the open source Xen.org community, and project leader of Xen.org was recently interviewed by Randal Schwartz and Leo Laporte of FLOSS Weekly. The recorded podcast is about 40 minutes long and can be accessed at http://www.podtrac.com/pts/redirect.mp3/twit.cachefly.net/FLOSS-067.mp3.
This PodCast is a chance to learn about the origins of the Xen.org Xen Hypervisor project, how Cloud Computing was really behind its origins, and how the Xen.org community continues to drive the leading open source hypervisor.
Citrix Project Satori is the result of a collaborative agreement between XenSource and Microsoft, and was carried forward after XenSource was acquired by Citrix Systems. The base Satori components are released by Microsoft as the Linux Integration Components for Hyper-V, and provide support for paravirtualized XenLinux guests running on Hyper-V. The Linux Integration Components can be downloaded here.
The complete source code and license information (GPL version 2) on this project is now availalbe at http://www.xen.org/download/satori.html.
The Windows 7 Beta is out in the wild and what better way to try it out than running it as a virtual machine. While the latest version of XenServer shipped well before Windows 7 beta in this month's first XenServer Tips and Tricks you can learn how to get it running on Citrix XenServer 5.
Let me start out by saying this is totally unsupported and experimental. You could blow-up your server, your server room, your building, your car, you know the drill. If you call support they would likely laugh and hang up the phone.
There are two ways to do this, the easy way and the hard way. Just do it the easy way unless you want to know the details.
The Easy Way
The easy way is to download the Windows 7 Beta x64 Experimental Template.
After downloading and unzipping the template follow the steps below.
Getting it onto your XenServer system:
1. In XenCenter right-click on your server and select Import VM
2. Browse to the file and select Exported Template as the Import Type
Building a Windows 7 Beta VM:
1. Once the template is installed just click New VM button and the Windows 7 Template will show up at the top of the first screen
2. The rest is business as usual just be sure to add a disk drive and a NIC as you are creating the VM
The Hard Way
The hard way is to create a new VM using the existing Windows Server 2008 x64 template. Create a new VM and point to your Windows 7 Beta install source. On the last page of the New VM wizard in XenCenter unclick the "Start VM Automatically" option. Also make a note of the VM name as you will need this in a second.
We run Windows 2008 enlightened on the XenServer 5 platform. Enlightened means the VM knows it's running virtual and we can make it run faster! Microsoft is still working on the Windows 7 Beta so we just need to turn off the enlightenment support for now to get it working.
So to do this we need to use the XenServer CLI. Just click on your XenServer system in the left hand tree view of XenCenter and select the console tab and get ready to type a few command lines. Hit <enter> to get to the command prompt and then type xe vm-list name-label=<Your VM name Here>, just type the first few letters and hit the <tab> key to save having to type the whole name. Now you will get a display showing you the unique ID (uuid) of your virtual machine. Make a note of the UUID and then type xe vm-param-set uuid=<uuid of your VM> platform:viridian=false. Then you can go startup the VM and start installing Windows 7 Beta.
The Xen.org community, creator of the open source Xen hypervisor, is hosting our North American Xen Summit event this February 24 - 25, 2009 at Oracle's HQ in Redwood City, CA. This event brings together developers, users, and researchers of the Xen hypervisor for a 2 day conference on all things Xen. The topic abstracts are now available for review with the final agenda to be published later this week at http://www.xen.org/community/xensummit.html. Some of the speakers at this event include:
• Ian Pratt - Project Leader of Xen.org
• Keir Fraser - "Gatekeeper of Xen.org"
• Dan Magenheimer - Xen guru of memory form Oracle
• Jeremy Fitzhardinge - PVOPS Xen master (includes a demo!)
• Eddie Dong - Status of SR-IOV from Intel
• Ben Serebrin - Cross-vendor migration from AMD
• Andrew Warfield - Dual Citizen of Citrix & Univ of British Columbia
• Chuck Yoo - Korea University on Real-Time VMM
• Many others...
Even if you have never participated in the Xen.org community, I strongly encourage you to consider attending this event. As an open event, you will have the opportunity to learn first hand what the Xen community is planning for future releases, what researchers are doing with Xen to enable future industry trends, and how users are leveraging the powerful Xen hypervisor to solve critical and complex problems. For Citrix XenSever customers, this event provides a glimpse into the "behind the scenes" efforts for the Xen platform that supports the XenServer product family.
Registration is only $215 including a great Xen Summit jacket, evening out at the Computer History Museum, and the chance to mingle with the Xen community. Registration is at https://www.regonline.com/xs_oracle.
I look forward to seeing everyone later this month for Xen Summit North America at Oracle 2009.
The simple javascript example I wrote about last time is actually a great deal more interesting when it's combined with Firefox and Firebug. Using Firebug it's possible to both view the xmlrpc requests and also to browse the fields in the objects returned by the API calls. This becomes particularly enlightening when we have a up-to-date local cache of API objects, enabling the browsing of all of the fields available to API users. This is really useful for everyone developing against the XenServer API, not just web application developers. However, first of all we need to know how to get and maintain this cache, so I'll describe that first.
Using the methods in my last post, to find out about changes in the fields of objects we'd have to poll the XenServer every so often. This would involve large amounts of data transfer, especially when the objects of interest are VMs, which are by far the largest objects in our datamodel. There is a much nicer method of keeping track of the changes on the XenServer, and that is by using two API calls: 'event.register' and 'event.next'.
The basic idea is that you register for xapi to keep a note of changes in classes in which you're interested, e.g. VMs, hosts, or just everything, and when you call 'Event.next' it will give you back all of the objects in those classes that have changed since last time. When there are no events ready to send back, the call will block until one happens, which makes it perfect for an asychronous XHR request. Using the modified jquery.rpc library, making an asynchronous call just involves putting the callback as the last argument to the API call - for example:
rpc.VM.get_all_records(session)
is synchronous, and returns the VM references and records, whereas
rpc.VM.get_all_records(session,callback_fn)
is asynchronous, returns nothing, and the callback function is called with the result when the RPC completes.
In order that we don't miss out any events, we register for events before populating the local cache. So the sequence of calls is:
rpc.event.register(session,["vm"]); // case insensitive cache['vm']=rpc.VM.get_all_records(session); rpc.event.next(session,eventcallback);
Here we've registered for events on VMs - you can specify multiple classes to listen out for or use "*" to mean all classes (except those we don't generate events for, like sessions!) The event callback then updates the cache whenever it receives data, and then in turn again calls event.next:
function eventcallback(evts) {
for(var i=0; i<evts.length; i++) {
evt=evts[i];
if(cache[evt['class']]) {
cache[evt['class']][evt.ref]=evt.snapshot;
}
}
rpc.event.next(session,eventcallback);
}
For the demo application, we register for all classes, but only pay attention to the modification events to VM objects - in this case we simply print out the names of the VMs in <div>s styled according to the power state. To see the event system working, just start or stop a VM, and the page will be updated accordingly. The demo is available here. Once again, to install it, it's easiest to have it served up by the XenServer itself, so ssh in and mkdir /opt/xensource/www - then copy the files from the demo zip in. Edit the 'demo.js' file to put in the correct username and password, then just point your web browser at the server.
As I mentioned at the beginning though, it's much more interesting to look at the demo with Firebug installed, where you can see the xmlrpc requests (note that to take this screenshot I changed the 'use_json' param to 'false'):
Using the DOM browser, you can see the contents of the local cache, including the names and values of all of the fields available to XenAPI clients:
A pivotal part of Project Independence is the technology at its core. An obvious choice for Citrix, and many other virtualization companies, is to select the Xen open-source technology as the basis for a bare-metal hypervisor. The wonderful thing about having Xen at the core of the hypervisor is that Citrix, undeniably the experts in Xen, has teamed with Intel, undeniably the experts in hardware virtualization, to build the core client hypervisor. This is the best recipe for success that I've ever seen.
The Intel and Citrix collaboration, known as Thunder Lake, is a joint program intended to bring many proven server based virtualization technologies to Intel vPro client desktops and laptops. At the heart of the Citrix client hypervisor is open source Xen with its architecture that is uniquely designed to ensure strong isolation between VMs running on a single device. Several key Intel technologies like VTx, VTd, TXT, and TPM will be leveraged by the Xen hypervisor such that Citrix products and technologies can bring features previously found only on server based solutions to the client platform with full local execution. For example, since Xen is the most up to date technology using Intel's VTd hardware, it is well suited to pass through device control directly to the client in a way that doesn't impact security. Hypervisor features like Xen's support for VTd will solve some very tough problems for client virtualization.
A key requirement for a client hypervisor is a seamless user experience. This is one of the main differences from a server-based hypervisor. To accomplish this, hardware devices like Graphics and USB perform just like they do today but now on a platform running multiple VMs - all this without compromising security. On the Xen client hypervisor you will get full 3D graphics, including Vista Aero, all the while maintaining full isolation between VM's. This ensures that the corporate applications and desktops are safe from vulnerabilities that could copy your display and keystrokes.
Today, Xen offers excellent isolation between VMs. With our new client hypervisor, security will be enhanced even beyond today's standards. By incorporating encryption and support for Intel's TXT technologies the Citrix client hypervisor will check and measure the boot process. Now data and OS are safe even if client platform has been compromised by removing the disk.
The exciting thing for us at Citrix is that Project Independence along with the Intel joint collaboration project will bring leading edge hardware and software technologies together for the distinct purpose of providing a better end user experience and better security. For years it seems an improvement in security meant a decrease in user experience or performance. More than ever most of us are PC users and soon we will be able to own and control our Desktop and therefore be in control of our experience and productivity.
Matt
Next month, the Xen.org open source community is hosting our latest Xen Summit at Oracle's HQ in Redwood City, CA. This event brings together the leading developers of the Xen hypervisor as well as researchers and users who leverage the Xen hypervisor. For two days, you will have the opportunity to listen to and interact with a global group of industry leaders in hypervisor virtualization.
The event is planned for February 24 and 25th and includes 2 days of highly interactive discussion, an evening out at the Computer History Museuem, and other Xen Summit firsts. Registration is only $215 and is now open at https://www.regonline.com/xs_oracle.
More information on this event is available at http://www.xen.org/community/xensummit.html with local hotel information and the event agenda soon to be published. If you have any questions about this event, please contact Stephen Spector at stephen.spector@xen.org.
One of the most requested features from Service Providers and Enterprises is IP Address Management (IPAM). I can't tell you how many times I have listened to customers ask for a platform that manages IP Addresses effectively on a large scale, even to the point of managing disparate classes and subnets. What happens when two companies merge, do you munge spreadsheets or do you have this software yet? It's not only the software that is unique but that it runs as a XenServer VM in Para-Virtualized mode, meaning it is high-performance. Even better is these run in linux. 
Nixu Software specializes in software designed for DNS, DHCP and IP address management. To run Nixu Products in a virtual machine environment, simply download the ISO installation media from their website and boot up a new virtual machine. The installation media auto-installs the entire server stack.
Unlike traditional computing appliances that require specific hardware to run on, Nixu Products provide a quick and cost-efficient way to migrate and consolidate core network services such as DNS and DHCP to virtualized computing environments. By streamlining tedious network and system management routines, Nixu Products offer exceptional availability and ROI.
Here are some of the Highlights of using NIXU DNS and DHCP in a XenServer VM:
- Centralized IP Address Management
- Merge/Join IP Blocks
- Split IP Blocks
- Subnets in use – report
- Subnets free – report
- Addresses in use – report
- Addresses free – report
- Runs in XenServer as a VM, optimized for Para-Virtualization
- Supports pv-ops
- Supports IPv6
- Uses secure communication between secondary name servers, using keys
- Role based administration
- Assign subnets to administrative domains
- Supports BIND syntax
- For the BIND junkies
- Has a configuration checker
- Automated installation and maintenance reducing management overhead
- Centralized management of all nameservers
- Hardened design for security
WATCH this video tip:
Download the Nixu / XenServer Integration Guide.
Read about Nixu Software here.
Read about Citrix XenServer 5.0 here.
Download Citrix XenServer 5.0 here.
Tap into the power of AppExpert!
During a recent presentation I gave to one of our alliance partners, an interesting question came up during the discussion - How can a commercial software company build a business based on open source software? After the question was asked, I saw many heads nodding in agreement. On the surface, this question may appear to be difficult to answer.
An excellent way to answer this pressing question can be found in a very intriguing book called Wikinomics. There is a story in the opening chapter about GoldCorp, a gold mining company. The story of the GoldCorp Challenge highlights the power of working with a very diverse group of people to take innovation and creativity to new heights. Rob McEwen of GoldCorp used that creativity and innovation to build a very successful business.
Read this short excerpt from the opening chapter -
It was late in the afternoon, on a typically harsh Canadian winter day, as Rob McEwen, the CEO of Goldcorp Inc., stood at the head of the boardroom table confronting a room full of senior geologists. The news he was about to deliver was not good. In fact it was disastrous, and McEwen was having a hard time shielding his frustration.
The small Toronto-based gold-mining firm was struggling, besieged by strikes, lingering debts, and an exceedingly high cost of production, which had caused them to cease mining operations. Conditions in the marketplace were hardly favorable. The gold market was contracting, and most analysts assumed that the company's fifty-year-old mine in Red Lake, Ontario, was dying. Without evidence of substantial new gold deposits, the mine seemed destined for closure, and Goldcorp was likely to go down with it. Tensions were running at fever pitch. McEwen had no real experience in the extractive industries, let alone in gold mining. Nevertheless, as an adventurous young mutual fund manager he had gotten involved in a takeover battle and emerged as Goldcorp, Inc.'s majority owner. Few people in the room had much confidence that McEwen was the right person to rescue the company. But McEwen just shrugged off his critics.
He turned to his geologists and said, "We're going to find more gold on this property, and we won't leave this room tonight until we have a plan to find it." At the conclusion of the meeting he handed his geologists $10 million for further exploration and sent them packing for Northern Ontario. Most of his staff thought he was crazy but they carried out his instructions, drilling in the deepest and most remote parts of the mine. Amazingly, 2 few weeks later they arrived back at Goldcorp headquarters beaming with pride and bearing a remarkable discovery: Test drilling suggested rich deposits of new gold, as much as thirty times the amount Goldcorp was currently mining!
The discovery was surprising, and could hardly have been better timed. But after years of further exploration, and to McEwen's deep frustration, the company's geologists struggled to provide an accurate estimate of the gold's value and exact location. He desperately needed to inject the urgency of the market into the glacial processes of an old-economy industry.
In 1999, with the future still uncertain, McEwen took some time out for personal development. He wound up at an MIT conference for young presidents when coincidentally the subject of Linux came up. Perched in the lecture hall, McEwen listened intently to the remarkable story of how Linus Torvalds and a loose volunteer brigade of software developers had assembled the world-class computer operating system over the Internet. The lecturer explained how Torvalds revealed his code to the world, allowing thousands of anonymous programmers to vet it and make contributions of their own.
McEwen had an epiphany and sat back in his chair to contemplate. If Goldcorp employees couldn't find the Red Lake gold, maybe someone else could. And maybe the key to finding those people was to open up the exploration process in the same way Torvalds "open sourced" Linux.
McEwen raced back to Toronto to present the idea to his head geologist. "I'd like to take all of our geology, all the data we have that goes back to 1948, and put it into a file and share it with the world," he said. "Then we'll ask the world to tell us where we're going to find the next six million ounces of gold." McEwen saw this as an opportunity to harness some of the best minds in the industry. Perhaps understandably, the in-house geologists were just a little skeptical.
Mining is an intensely secretive industry, and apart from the minerals themselves, geological data is the most precious and carefully guarded resource. It's like the Cadbury secret-it's just not something companies go around sharing. Goldcorp employees wondered whether the global community of geologists would respond to Goldcorp's call in the same way that software developers rallied around Linus Torvalds. Moreover, they worried about how the contest would reflect on them and their inability to find the illusive gold deposits.
McEwen acknowledges in retrospect that the strategy was controversial and risky. "We were attacking a fundamental assumption; you simply don't give away proprietary data," he said. "It's so fundamental," he adds, "that no one had ever questioned it." Once again, McEwen was determined to soldier on.
In March 2000, the "Goldcorp Challenge" was launched with a total of $575,000 in prize money available to participants with the best methods and estimates. Every scrap of information (some four hundred megabytes worth) about the 55,000-acre property was revealed on Goldcorp's Web site. News of the contest spread quickly around the Internet, as more than one thousand virtual prospectors from fifty countries got busy crunching the data.
Within weeks, submissions from around the world came flooding in to Goldcorp headquarters. As expected, geologists got involved. But entries came from surprising sources, including graduate students, consultants, mathematicians, and military officers, all seeking a piece of the action. "We had applied math, advanced physics, intelligent systems, computer graphics, and organic solutions to inorganic problems. There were capabilities I had never seen before in the industry," says McEwen. "When I saw the computer graphics I almost fell out of my chair." The contestants had identified 110 targets on the Red Lake property, 50 percent of which had not been previously identified by the company. Over 80 percent of the new targets yielded substantial quantities of gold. In fact, since the challenge was initiated an astounding eight million ounces of gold have been found. McEwen estimates the collaborative process shaved two to three years off their exploration time.
Today Goldcorp is reaping the fruits of its open source approach to exploration. Not only did the contest yield copious quantities of gold, it catapulted his under-performing $ 100 million company into a $9 billion juggernaut while transforming a backward mining site in Northern Ontario into one of the most innovative and profitable properties in the industry. Needless to say McEwen is one happy camper. As are his shareholders. One hundred dollars invested in the company in 1993 is worth over $3,000 today.
Perhaps the most lasting legacy of the Goldcorp Challenge is the validation of an ingenious approach to exploration in what remains a conservative and highly secretive industry. Rob McEwen bucked an industry trend by sharing the company's proprietary data and simultaneously transformed 2 lumbering exploration process into a modem distributed gold discovery engine that harnessed some of the most talented minds in the field.
McEwen saw things differently. He realized that the uniquely qualified minds to make new discoveries were probably outside the boundaries of his organization, and by sharing some intellectual property he could harness the power of collective genius and capability. In doing so he stumbled successfully into the future of innovation, business, and how wealth and just about everything else will be created. Welcome to the new world of wikinomics where collaboration on a mass scale is set to change every institution in society.
Open source, wikis, blogging and other new forms of mass collaboration like MIT OpenCourseWare, Innocentive, NineSigma, and YourEncore are discussed in depth in Wikinomics.
Reading this book gave me a much firmer grasp on the real power of building a business by massively collaborating with others to mine for the golden nuggets of creativity and innovation of the open source Xen community. Citrix is able to use those golden nuggets to craft a fully supported and managed commercial software product and business.
The St.Bernard iPrism works with Citrix's Application Virtualization platform - XenApp, and works quite well. Seen as a perfect complement to each other the Citrix NetScaler and XenApp products were tested with the St.Bernard iPrism Web Filter. Both companies offer architectures of one-arm (out-of-band) and two-arm (in-band) deployments. At Citrixlabs in Santa Clara, CA, USA, we tested both the out-of-band and in-band configuration of the iPrism Web Filter. We loved the fact that the iPrism is auto-discovered by the management software, so no console cable was needed.
With NetScaler:
We deployed the iPrism Web Filter behind the NetScaler in our proof of concept datacenter in Santa Clara, CA, USA, and configured the NetScaler for NAT (Reverse NAT) for outbound connections to the Internet. NAT is often performed by the Firewall. The Web Application Firewall, also part of the Citrix NetScaler, was configured for protection of inbound security threats to websites and web applications.
The iPrism was configured to monitor outbound traffic from the internal subnet of 172.16.104.0/24, and block all traffic to offensive websites, and monitor traffic to all other websites. The Real-Time monitor in iPrism gave us a detailed report on the users and IP Addresses that were going out to which sites on the internet. We could see who was accessing what, and which content was being blocked. Particularly nice, was the fact that the iPrism automatically authenticated each user to the Citrixlabs domain controller, every time they surfed a new website, without them knowing it. This was very useful for keeping a tight grip on security and for compliance reporting.
With XenApp:
The powerful value is in the integration with XenApp. We plugged the iPrism in as an in-line device, and configured it to work with Citrix XenApp©, formerly known as Citrix Presentation Server. One of the key questions that will arise in this situation is with all of those Citrix XenApp thin clients logging into the XenApp and then launching browsers to the internet, how does iPrism keep track of them. By adding the XenApp IP Address to the iPrism configuration, the users are tracked using "Session Based Authentication" - this catches each individual user and IP Address in each browser session and in the reports. We were impressed by this and determined the iPrism to be an excellent fit into a datacenter outfitted with Citrix.
Citrix & St.Bernard Deployment Guide!
Network Diagram:
Watch this video tip:
Citrix is all about virtualization. They have a suite of tools that enable IT departments to virtualize almost everything. Citrix is a Microsoft Certified Partner and, to some extent, a competitor. How does this Partner Competitor relationship work? Microsoft is very interested in virtualization technologies and with the advent of our hypervisor technology, HyperV, and application virtualization software, SoftGrid, you can bet that we'll compete hard with other virtualization vendors.
Here, we meet Simon Crosby, formerly of XenSource now working for Citrix (Citrix purchased XenSource). We discuss the relationship between Microsoft and Citrix, the complexities of building scalable, sercure, reliable and performant virtualization technologies and the future of virtualization. It's a very interesting conversation and Simon is quite the conversationalist. Enjoy.
Border Gateway Protocol, open-source and it's para-virtualized. No more proprietary software and hardware, you can run as many copies of this as needed on one physical XenServer machine. As a proof point, we used the Vyatta Open Source router to build out our Link Load Balancing network in Santa Clara. The Open Source Vyatta is running on a Dell server. We configured the BGP routing protocol, but could have have also configured OSPF or RIP and redistributed the routes. This configuration has been proven to outperform the incumbents, and is less costly by a wide margin. Reduce opex and capex and start rolling this out today.
What is needed:
- Vyatta Open Source Networking Software
- A Dell Server that supports Virtualization
- XenServer Enterprise 4.1
The Network:
Watch this Video:
Tap into the power of AppExpert!
We are all used to the familiar commands to configure IP Addressing on *nix and *dows types of systems, however there is a little bit of a trick involved with XenServer.
Imagine if you had built your XenServer in one location and then transported it to another location where a different IP Addressing scheme was being used. In order to have XenCenter come in contact with the XenServer again, you will need to re-configure the Management IP Address. Since you probably won't RTM, and you don't want to rip your hair out trying to figure it out, the steps are outlined in this XenServer Tip.
Tap into the power of AppExpert!
And it's FREE! Throw away those behemoths that suck power from every grid in the state and drain your budget. This baby is Free, Open Source and VIRTUAL, meaning you can run as many instances of this router as you want on your choice of hardware. What is even more gratifying is it's faster than the old router technology.
Vyatta has commoditized router, firewall and VPN deployment in the same way that Linux commoditized the operating system market. Vyatta open-source networking offers you an alternative to over-priced, inflexible products from proprietary vendors.
Vyatta software enables customers to build routing and security solutions using standard x86-based hardware of their choosing, ensuring networks will always meet performance requirements. Vyatta open-source software delivers the unique advantage of allowing customers to scale networks from the simplest LAN configurations to large BGP WAN edge configurations using a single software package.
Vyatta software includes support for most commonly used network interfaces, industry standard routing and management protocols, and all of these features are configurable via a single command-line interface (CLI) or web-based graphical user interface (GUI) - avail Q3'08. The integrated features and functionality make Vyatta software ideal for SMB, Branch Office, Enterprise and Service Provider deployments.
Summary of features:
BGP, OSPF, RIP, DHCP, QoS, IPSec VPN, VRRP, PPP, 802.1Q, Complete List.
This open source router is already running on XenServer in a large service provider in Europe. We are using it in our Citrix Ready program as a multi-link Intranet with connections to the Internet along with high availability link load balancing.
This para-virtualized Vyatta image runs as a virtual appliance in XenServer v3.2.1 and v4.1.
The XenServer Platform we are using:
- Dell Poweredge 2950 server.
- 2 x Intel 64-bit Quad-Core Xeon Processors, Model E5335 @ 2.00 GHz each, for a total of 8 CPUs.
- 2 Intel 82571EB Gigabit Ethernet (on-board)
- 2 Broadcom NetXtremeII Gigabit Ethernet
- 16 GB of memory.
- 300 GB of Storage.
- XenServer v4.1
- *note: CPU's must support virtualization technology.
Virtual Router - Install:
Virtual Router - Config:
Tap into the power of AppExpert.
XenCenter has a simple and intuitive UI. However when problems happen, the log tab sometimes doesn't contain enough information to help with debugging the issues. I found it very useful to take a look at the debug log in %appdata%\Citrix\XenCenter\logs\XenCenter.log. For example, the log file may be in C:\Documents and Settings\<user name>\Application Data\Citrix\XenCenter\logs directory. Please note that Application Data directory may be hidden.
Here is an example of what's contained in the log:
...
2008-06-10 10:02:05,579 INFO Audit [Main program thread] - Operation started: ImportVmAction: pdxen2: Pool 95e79feb-a2fd-f744-8f03-a47ce57a2d2e (): Host 817c97de-2b6d-4670-a00d-0dcccff42531 (pdxen2): Preparing to Import VM
2008-06-10 10:02:06,016 DEBUG XenAdmin.Actions.ImportVmAction [7428] - Importing Rio-style XVA from C:\XenVm\Auto-Win2K3-R2-SP2-32bit-TS-IIS-.NET-SysPrep.xva to SR 10.2.248.123_local
2008-06-10 10:02:06,016 DEBUG XenAdmin.Actions.ImportVmAction [7428] - SR is not shared -- redirecting to 10.2.248.123
2008-06-10 10:02:06,016 DEBUG XenAdmin.Actions.ImportVmAction [7428] - Using https://10.2.248.123:443/import?session_id=OpaqueRef%3A4769e023-7c64-ca54-f6e0-e257b8be522f&sr_id=OpaqueRef%3A2fc1e3d8-0763-0099-7151-98f4610f37b1 for import
2008-06-10 10:02:06,063 DEBUG XenAdmin.Network.HTTP [7428] - HTTP PUTTING file from C:\XenVm\Auto-Win2K3-R2-SP2-32bit-TS-IIS-.NET-SysPrep.xva to https://10.2.248.123/import?session_id=OpaqueRef:4769e023-7c64-ca54-f6e0-e257b8be522f&sr_id=OpaqueRef:2fc1e3d8-0763-0099-7151-98f4610f37b1&task_id=OpaqueRef:1160c6fb-4a03-39c4-3336-0973573958c2
2008-06-10 10:02:25,469 DEBUG XenAdmin.Actions.AsyncAction [Main program thread] - AsyncAction.Cancel() was called. Attempting to cancel action
| Is this debug tip helpful | Choose |
|---|---|
| Yes |  |
| No | |
GUS PINTO: It's noticeable the steady growth of conversations around virtualization within organizations and in the Internet today, more specifically around server and desktop virtualization.
Microsoft is readying up Hyper-V, and a lot of technologies to allow these technologies to actually happen for the large enterprise. It's going into market in partnership with Citrix and its Xen Hypervisor.
I guess the question is, what is your true feeling about virtualization in the enterprise on the server and desktop base? Is this just really hype or is this something you guys truly believe is going to happen?
RAY OZZIE: No, it's absolutely fundamental. It is absolutely going to happen.
I would say you have to take desktops separately. The logic behind virtualization on the desktop is completely separate from what it would be on the server, and in some ways it's different within the on-premises world versus the cloud. So, I'll just touch upon those independently.
Before I do that, though, let me just say that from a TS perspective, Terminal Server based deployment will always be more efficient than virtualization. It was a designed-in, multi-tenant model within the OS. So, if there are applications and solutions that fit the TS model, that's just a terrific model to use, and I would encourage organizations to use that model.
Within the enterprise, virtualization, the simplest and most straightforward way is to just make the best use of the datacenter resources that you can from a consolidation perspective. This is we are absolutely taking it seriously.
There are two phases of that consolidation. Phase one is bringing things together, meaning if you have a scale-up cluster or a scale-up, some expensive configuration of hardware, how can you package much usage on that piece of hardware as you can? The other one is then movement of images amongst the different machines within the back-end. You'll see investments progressively from us in both of those realms.
Taken to the extreme within the cloud, virtualization is absolutely critical. Virtualization is key to making the best use and securely isolating properties from multiple customers that might not use even a full inexpensive CPU, and moving them geographically or whatever to provide resilience and robustness. So, it is something that's extremely important.
On the client I'll only say that the uses of it, the way that the Mac uses it to run Windows and stuff, it's clever. Parallels, they're very clever technologies.
The way that you'll see us take advantage of it over time more and more on the client is our mechanisms around ensuring compatibility. App compat is a very, very challenging thing, and you want to continue to make progress with the operating system. We look to it as another tool in the toolbox to try to help in the compat world without -- enabling innovation while still enabling assurance of compatibility.
~snip~
I will be posting the Video with Q&A shortly.
Gus Pinto - Technology Evangelist
Microsoft MVP | gus.pinto@citrix.com