The St.Bernard iPrism works with Citrix's Application Virtualization platform - XenApp, and works quite well. Seen as a perfect complement to each other the Citrix NetScaler and XenApp products were tested with the St.Bernard iPrism Web Filter. Both companies offer architectures of one-arm (out-of-band) and two-arm (in-band) deployments. At Citrixlabs in Santa Clara, CA, USA, we tested both the out-of-band and in-band configuration of the iPrism Web Filter. We loved the fact that the iPrism is auto-discovered by the management software, so no console cable was needed.

With NetScaler:

We deployed the iPrism Web Filter behind the NetScaler in our proof of concept datacenter in Santa Clara, CA, USA, and configured the NetScaler for NAT (Reverse NAT) for outbound connections to the Internet. NAT is often performed by the Firewall. The Web Application Firewall, also part of the Citrix NetScaler, was configured for protection of inbound security threats to websites and web applications.

The iPrism was configured to monitor outbound traffic from the internal subnet of 172.16.104.0/24, and block all traffic to offensive websites, and monitor traffic to all other websites. The Real-Time monitor in iPrism gave us a detailed report on the users and IP Addresses that were going out to which sites on the internet. We could see who was accessing what, and which content was being blocked. Particularly nice, was the fact that the iPrism automatically authenticated each user to the Citrixlabs domain controller, every time they surfed a new website, without them knowing it. This was very useful for keeping a tight grip on security and for compliance reporting.

With XenApp:

The powerful value is in the integration with XenApp. We plugged the iPrism in as an in-line device, and configured it to work with Citrix XenApp©, formerly known as Citrix Presentation Server. One of the key questions that will arise in this situation is with all of those Citrix XenApp thin clients logging into the XenApp and then launching browsers to the internet, how does iPrism keep track of them. By adding the XenApp IP Address to the iPrism configuration, the users are tracked using "Session Based Authentication" - this catches each individual user and IP Address in each browser session and in the reports. We were impressed by this and determined the iPrism to be an excellent fit into a datacenter outfitted with Citrix.


Citrix & St.Bernard Deployment Guide!

Network Diagram:

Watch this video tip:

NetScaler Developer Network!

Citrix is all about virtualization. They have a suite of tools that enable IT departments to virtualize almost everything. Citrix is a Microsoft Certified Partner and, to some extent, a competitor. How does this Partner Competitor relationship work? Microsoft is very interested in virtualization technologies and with the advent of our hypervisor technology, HyperV, and application virtualization software, SoftGrid, you can bet that we'll compete hard with other virtualization vendors.

Here, we meet Simon Crosby, formerly of XenSource now working for Citrix (Citrix purchased XenSource). We discuss the relationship between Microsoft and Citrix, the complexities of building scalable, sercure, reliable and performant virtualization technologies and the future of virtualization. It's a very interesting conversation and Simon is quite the conversationalist. Enjoy.

Border Gateway Protocol, open-source and it's para-virtualized. No more proprietary software and hardware, you can run as many copies of this as needed on one physical XenServer machine. As a proof point, we used the Vyatta Open Source router to build out our Link Load Balancing network in Santa Clara.  The Open Source Vyatta is running on a Dell server. We configured the BGP routing protocol, but could have have also configured OSPF or RIP and redistributed the routes. This configuration has been proven to outperform the incumbents, and is less costly by a wide margin.  Reduce opex and capex and start rolling this out today.  

What is needed:

• Vyatta Open Source Networking Software
• A Dell Server that supports Virtualization
• XenServer Enterprise 4.1

The Network:

Watch this Video:

Tap into the power of AppExpert!

We are all used to the familiar commands to configure IP Addressing on *nix and *dows types of systems, however there is a little bit of a trick involved with XenServer. 

Imagine if you had built your XenServer in one location and then transported it to another location where a different IP Addressing scheme was being used.  In order to have XenCenter come in contact with the XenServer again, you will need to re-configure the Management IP Address.  Since you probably won't RTM, and you don't want to rip your hair out trying to figure it out, the steps are outlined in this XenServer Tip.

Download this XenTip.

Tap into the power of AppExpert!

And it's FREE! Throw away those behemoths that suck power from every grid in the state and drain your budget. This baby is Free, Open Source and VIRTUAL, meaning you can run as many instances of this router as you want on your choice of hardware. What is even more gratifying is it's faster than the old router technology.

Vyatta has commoditized router, firewall and VPN deployment in the same way that Linux commoditized the operating system market. Vyatta open-source networking offers you an alternative to over-priced, inflexible products from proprietary vendors.

Vyatta software enables customers to build routing and security solutions using standard x86-based hardware of their choosing, ensuring networks will always meet performance requirements. Vyatta open-source software delivers the unique advantage of allowing customers to scale networks from the simplest LAN configurations to large BGP WAN edge configurations using a single software package.

Vyatta software includes support for most commonly used network interfaces, industry standard routing and management protocols, and all of these features are configurable via a single command-line interface (CLI) or web-based graphical user interface (GUI) - avail Q3'08. The integrated features and functionality make Vyatta software ideal for SMB, Branch Office, Enterprise and Service Provider deployments.

Summary of features:
BGP, OSPF, RIP, DHCP, QoS, IPSec VPN, VRRP, PPP, 802.1Q, Complete List.

This open source router is already running on XenServer in a large service provider in Europe. We are using it in our Citrix Ready program as a multi-link Intranet with connections to the Internet along with high availability link load balancing.

This para-virtualized Vyatta image runs as a virtual appliance in XenServer v3.2.1 and v4.1.

The XenServer Platform we are using:

• Dell Poweredge 2950 server.
• 2 x Intel 64-bit Quad-Core Xeon Processors, Model E5335 @ 2.00 GHz each, for a total of 8 CPUs.
• 2 Intel 82571EB Gigabit Ethernet (on-board)
• 2 Broadcom NetXtremeII Gigabit Ethernet
• 16 GB of memory.
• 300 GB of Storage.
• XenServer v4.1
• *note: CPU's must support virtualization technology.
  
  
  
  
  
  

Virtual Router - Install:

Virtual Router - Config:

Tap into the power of AppExpert.

XenCenter has a simple and intuitive UI. However when problems happen, the log tab sometimes doesn't contain enough information to help with debugging the issues.  I found it very useful to take a look at the debug log in %appdata%\Citrix\XenCenter\logs\XenCenter.log.  For example, the log file may be in C:\Documents and Settings\<user name>\Application Data\Citrix\XenCenter\logs directory. Please note that Application Data directory may be hidden.

Here is an example of what's contained in the log:

... 

2008-06-10 10:02:05,579 INFO  Audit [Main program thread] - Operation started: ImportVmAction: pdxen2: Pool 95e79feb-a2fd-f744-8f03-a47ce57a2d2e (): Host 817c97de-2b6d-4670-a00d-0dcccff42531 (pdxen2): Preparing to Import VM
2008-06-10 10:02:06,016 DEBUG XenAdmin.Actions.ImportVmAction [7428] - Importing Rio-style XVA from C:\XenVm\Auto-Win2K3-R2-SP2-32bit-TS-IIS-.NET-SysPrep.xva to SR 10.2.248.123_local
2008-06-10 10:02:06,016 DEBUG XenAdmin.Actions.ImportVmAction [7428] - SR is not shared -- redirecting to 10.2.248.123
2008-06-10 10:02:06,016 DEBUG XenAdmin.Actions.ImportVmAction [7428] - Using https://10.2.248.123:443/import?session_id=OpaqueRef%3A4769e023-7c64-ca54-f6e0-e257b8be522f&sr_id=OpaqueRef%3A2fc1e3d8-0763-0099-7151-98f4610f37b1 for import
2008-06-10 10:02:06,063 DEBUG XenAdmin.Network.HTTP [7428] - HTTP PUTTING file from C:\XenVm\Auto-Win2K3-R2-SP2-32bit-TS-IIS-.NET-SysPrep.xva to https://10.2.248.123/import?session_id=OpaqueRef:4769e023-7c64-ca54-f6e0-e257b8be522f&sr_id=OpaqueRef:2fc1e3d8-0763-0099-7151-98f4610f37b1&task_id=OpaqueRef:1160c6fb-4a03-39c4-3336-0973573958c2
2008-06-10 10:02:25,469 DEBUG XenAdmin.Actions.AsyncAction [Main program thread] - AsyncAction.Cancel() was called. Attempting to cancel action

Is this debug tip helpful	Choose
Yes
No

 

GUS PINTO: It's noticeable the steady growth of conversations around virtualization within organizations and in the Internet today, more specifically around server and desktop virtualization.

Microsoft is readying up Hyper-V, and a lot of technologies to allow these technologies to actually happen for the large enterprise. It's going into market in partnership with Citrix and its Xen Hypervisor.

I guess the question is, what is your true feeling about virtualization in the enterprise on the server and desktop base? Is this just really hype or is this something you guys truly believe is going to happen?

RAY OZZIE: No, it's absolutely fundamental. It is absolutely going to happen.

I would say you have to take desktops separately. The logic behind virtualization on the desktop is completely separate from what it would be on the server, and in some ways it's different within the on-premises world versus the cloud. So, I'll just touch upon those independently.

Before I do that, though, let me just say that from a TS perspective, Terminal Server based deployment will always be more efficient than virtualization. It was a designed-in, multi-tenant model within the OS. So, if there are applications and solutions that fit the TS model, that's just a terrific model to use, and I would encourage organizations to use that model.

Within the enterprise, virtualization, the simplest and most straightforward way is to just make the best use of the datacenter resources that you can from a consolidation perspective. This is we are absolutely taking it seriously.

There are two phases of that consolidation. Phase one is bringing things together, meaning if you have a scale-up cluster or a scale-up, some expensive configuration of hardware, how can you package much usage on that piece of hardware as you can? The other one is then movement of images amongst the different machines within the back-end. You'll see investments progressively from us in both of those realms.

Taken to the extreme within the cloud, virtualization is absolutely critical. Virtualization is key to making the best use and securely isolating properties from multiple customers that might not use even a full inexpensive CPU, and moving them geographically or whatever to provide resilience and robustness. So, it is something that's extremely important.

On the client I'll only say that the uses of it, the way that the Mac uses it to run Windows and stuff, it's clever. Parallels, they're very clever technologies.

The way that you'll see us take advantage of it over time more and more on the client is our mechanisms around ensuring compatibility. App compat is a very, very challenging thing, and you want to continue to make progress with the operating system. We look to it as another tool in the toolbox to try to help in the compat world without -- enabling innovation while still enabling assurance of compatibility.

~snip~

I will be posting the Video with Q&A shortly.

Gus Pinto - Technology Evangelist
Microsoft MVP | gus.pinto@citrix.com

Last month I posted about Ian Pratt's presentation on the Xen Open Source Hypervisor at the FOSDEM (Free and Open Source Developer's European Meeting) Conference. FOSDEM has posted videos of all the sessions. As the one of the primary founders of the Xen Open Source Hypervisor Project, Ian has unique insight into the Xen Project.  http://video.fosdem.org/2008/maintracks/FOSDEM2008-xen.ogg

Ian Pratt, one of the founders of the Xen Project, recently gave an inteview at FOSDEM.org about his recent talk at the FOSDEM 2008 conference. FOSDEM is the Free and Open Source Developers European Meeting.
 Here are a few snippets from the interview.

You can read the entire interview at the FOSDEM.org site. In the past FOSDEM events, videos of the talks have been posted. None of the 2008 talks are posted yet, but soon you should be able to download the video of the entire talk by Ian Pratt at the FOSDEM video site. UPDATE: You can now download a pdf of Ian's presentation at FOSDEM.org here. 

While looking at the referring sites in the blog metrics for an earlier post,I just came across a site for a new Xen book  called "Running Xen". This book is written by a member of the faculty (Jeanna Neefe Matthews) and several grad students (including a current IBMer) at Clarkson University in Potsdam, NY. The book is primarily focused on the open source hypervisor, but there is additional content on Citrix XenServer as well.

Here is a description of the book from the website -

Here is the chapter list from the site -

The Running Xen web site has a page with multiple sites where the book can be purchased here. If you get the book and read it (or already have) I would love to hear your feedback in the comments.