We are always looking for idea's to improve our Citrix events. Some of the past feedback we have received is to step-up the technical content and include more unscripted and unfiltered opinions and dialog. At Synergy 2008 we introduced GeekSpeak which was very well received as indicated by the feedback and standing room only crowds. At Synergy 2009 you can expect even more technical content plus more GeekSpeak sessions. In addition as many iForum/Summit/Synergy attendees know. Citrix usually includes a concluding session that could be a brand name comedian ( Dana Carvey - Synergy 2008) or an Athlete with a story ( Lance Armstrong - Summit 2008 ) or other memorable entertainer.
 
In keeping with listening to the community and even better engaging with some of the innovators of social media we thought it might be interesting to have Kevin Rose and Alex Albright host an episode of Diggnation at Synergy 2009. As you may know Kevin is the founder of Digg and an expert at developing a community. If you're not familiar with the show check it out at Diggnation.com ( it's about as unscripted and unfiltered you can get ...  ). If you are a fan of Digg this might be your chance to watch an episode first hand and maybe hang out with Kevin and Alex afterwards with some beers at our closing party. If you're not a fan of Diggnation and would rather we look for other entertainment we would like to hear that as well. As always, suggestions and comments welcome.
 

Do you Digg the idea of Diggnation at Synergy ?	Choose
2 Thumbs up, I want to see Kevin and Alex at Synergy in Vegas !
Keep looking ...

I often talk with Citrix customers who are interested in virtualizing XenApp ( Presentation Server  ) based on the potential to consolidate servers, increase flexibility or enable new HA/DR capabilities. However, a frequent comment I hear is that we tried this before with ESX but the overhead penatly was to high so we are still running XenApp fully installed. This may have been the case before but things have changed, now it is possble to get the benefits of Virtualization by runing XenApp on XenServer 5 without the downside you may be concerned about.

If you would like learn more and engage with the experts without traveling to an event, make sure you register for the Citrix Delivery Center Live event on Devember 4th. You can register here and check out the other topics that may be of interest as well.

First the thanks!

As we roll into the Thanksgiving week in the US, I thought I would give a quick shout out of thanks to all of you that have participated in the Citrix Ready Community Verified site. Verifications are coming in faster than we can keep up with them (which was, after all, the whole idea in the first place). As of this morning, we have well over 1,000 applications and products verified by customers and partners as "Citrix Ready", backed by more than 7,000 verifications... more than 500 were added this week alone, and it's only Wednesday!

I'm assuming that you have all seen the Citrix Ready Community Verified site and you know it rocks... not because of anything we've done, but because it's created, owned and maintained by YOU; if not don't just take my word on it, check out Chris' blog, or Rene Vester's two blogs, here and here, or even Brian Madden's review, ...or of course, the site itself!

By many standards, the site has proven to be an overwhelming success. We launched it at Citrix Summit on October 25 this year with 600 Applications and 500 Community Verifications. In the month since launch, these numbers have gone through the roof with no end in sight. In fact, I am already hearing of cases where the Citrix Ready Community Verified site has encouraged customers to virtualize more apps, helped channel partners answer customer & prospect questions more quickly and technology partners who have submitted apps (theirs as well as from other vendors).

Citrix IT has even taken up the challenge by starting to validate all the products and applications we use internally in our IT environment. I challenge all of you reading this to verify via the "voting" function all apps and other products you are using via XenApp, XenDesktop, XenServer and NetScaler!

May I have another? Or more appropriately, may we give you another?

The Citrix Ready Community Verified site is a great example of how a community can share small bits of information that doesn't impose a tax on the submitter (the apps are already deployed, submitters are just telling us they have already completed the work)... taking full advantage of the network effect to drive overall benefit.

So the question that I have for all of you, is what can we do next? The Citrix Ready Community Verified site is addressing a common question around product verification with Citrix products that has been around literally since the first release of WinFrame. Are there other longstanding questions, issues, etc that seem difficult to solve as an individual customer, SE, channel partner, technology partner or Citrix employee, that we as a community can attack?

My team and I are very interested in your feedback and would welcome the opportunity to help.

Please feel free to comment on this blog, or send an email to me at john.fanelli@citrix.com

 

I've been using the Sprint HTC Touch Pro for a few months now, and I feel that it is a very compelling mobile device for use with Citrix XenApp and XenDesktop, maybe even for few of the folks I've been hearing from that are looking to move away from the iPhone.  So what I've done in this blog is to video what I feel are some of the compelling use cases for mobile devices with Citrix and let the Sprint HTC Touch Pro take top billing in this post.  I'm sure you can find a few posts about Citrix and the iPhone if you try, and we'll have it out "Sooner than later"!

HTC Touch Pro w/Web Interface

HTC Touch Flo interface does a good job of bringing most of the tasks I want on my mobile device right to my finger tips.  One of the areas that HTC's Touch Flo interface comes into play with Citrix is when connected to Web Interface via the Opera browser.  The Opera browser allows the user to quickly zoom in and out on the Web interface, and move the viewable portion of the page using your finger to quickly find the application you want to launch (no stylus required).  The built in accelerometer will also automatically change the view from portrait to landscape when you tilt the Touch Pro.  If the keyboard is pulled out, the orientation will also switch to landscape mode.  The below video shows the new Web Interface, which has a mobile device mode built in, easily navigated with HTC's Touch Flo integration into Opera.

Mobile Access to Corporate Documents

Being able to quickly and securely access documents on corporate file shares from your mobile device can be a real advantage.  Imaging a lawyer or sales person not having to boot up their laptop to get quick access to a document when they simply want to look up some data in a document or quickly review a file.  Using their mobile device instead they can just launch File Explorer via XenApp from their mobile phone to gain secure access to that any file they have access to in the data center, regardless of its size or type.  They can find the data they were looking for and be done quicker than it takes to boot most laptops.  The HTC Touch Pro's full VGA resolution really shines here, you are able to view a lot more data on its VGA screen than most devices with lesser resolution.  The screen is small (2.7"), but its clarity helps to overcome its size. 

NOTE: in order to make the following videos more viewable, the Touch Pro was controlled from my PC using Soti's Pocket Controller Pro so my fingers weren't in the way!  Like the keyboard is when typing on an iPhone

Mobile Access to ERP, CRM and Other Database Applications

Being able to access to ERP, CRM and other corporate database data while mobile is another key use case.  While I wouldn't recommend that users do a ton of data entry into these systems from any mobile device, there are a lot of cases where a user in the field needs quick access to customer information, sales and program data, payment or purchase approvals, and inventory information for example.  The general use case when using mobile devices is about quick consumption of data, and they can securely gain access to such data from their mobile device using XenApp.

The below video shows the HTC Touch Pro accessing the Citrix corporate SAP system to quickly approve an event, and look up some travel expense report data.

Mobile Access to Technical Documents

Citrix has optimized its ICA protocol for over a decade to deliver some of the most demanding types of data to remote users.  Imagine the technical field worker that needs to look up the proper connectivity of electrical wiring on an expensive piece of equipment.  They could try and carry every possible paper manual in their truck, OR all of the technical drawings could be kept online in the data center for the worker to access via their mobile device, and again, having a device with a full VGA resolution like the HTC Touch Pro makes a big difference.

The below video shows the HTC Touch Pro accessing a 3D AutoDesk drawing, allowing the worker to rotate the drawing on the Touch Pro and zoom in and get whatever level of detail they require to get the job done.

So you wanna full desktop to?

Are you standardizing your desktop deployments on XenDesktop?  Not a problem for mobile users.  The HTC Touch Pro's full VGA screen is one of the few devices I've seen that can easily fit a full desktop on the screen without requiring panning and scaling. 

The below video shows use of the Touch Pro with XenDesktop.  It also shows the ability of the solution to detect a change from landscape to portrait mode and have the application or desktop being run on XenApp/XenDesktop automatically adapt to this change. 

So is a 2.7" screen a bit small to run a full desktop on, probably.  But I find the Touch Pro very usable for quick access to applications and data, even with XenDesktop. I can only hope for HTC to come out with an HTC HD Pro version with an external keyboard which would really make this solution pop.  Give it full SVGA output via a VGA connector (Sprint HTC Touch Pro has VGA output today) and you may just have the first real Nirvana Device along with my Celio Redfly to complete the package.

I know there are a lot of other differences between the Touch Pro and the iPhone, iPhone pinch .vs. Touch Flo swirl, Opera browser .vs. Safari, iPhone has a cool Star Wars light saber application and Touch Pro does not   Overall, the Touch Pro has been an excellent device, very stable, phone works great, Touch Flo interface makes it very easy to get to the most common features I use on a phone, and it works with XenApp today!   So what's the "right" business device for you and your employees, that's for you to decide.  But hopefully this post helps you look at some of the use cases that can add value to your mobile workforce, and another great device for you to consider.

Sprint HTC Touch Pro Keyboard TIP!!!!! 

I did initially have an issue with the external keyboard with XenApp applications and have seen a number of posts on the web about this.  I quickly found a few settings in the ICA Client that quickly resolved this issue.  To make these changes, open the "ICA Client" from the Programs folder and navigate to the "Edit Preferences" page:

"Edit Global Settings" -> "Edit Preferences" then make the changes highlighted below:

 

You may also be interested in Full Screen Mode for Your Nirvana Device 

I've been working on the ICA on iPhone project recently and I had to move a new build from my development machine to my test server frequently. At first I tried RDP. But it is painfully slow to copy my binary to the test server for me. Then I tried ICA and it worked much better. The experience made me appreciate the efficiency of ICA more.

Seeing is believing, I've captured my experience in a video. If you use client drive mapping, you might be interested in checking out this video.

Watch the same video in higher resolution and with caption at the Citrix video site at

http://citrix.utipu.com/app/tip/id/5204/

Here is the embedded version

 

Ray Yang

Check out my other blogs

Wan Optimization Survey:

Take this quick survey to tell us more about the solutions your organization uses to optimize your WAN.

1. Do you currently have a WAN optimization solution in your IT environment?	Choose
Yes (go to Q2)
No (go to Q3)

2. Which, if any, of the following WAN optimization solutions does your organization currently use?	Choose
Citrix WAN opt product(s) (WANScaler, Branch Repeater, Branch Repeater w\Windows Server)
Riverbed
Blue Coat
Expand
Other (please specify in a comment)
I don't know

3. Approximately what average percentage of your organization's overall network traffic is via XenApp (ICA)?	Choose
0%
1-25%
26-50%
51-75%
76-99%
100%
I don't know

For those who are looking for a place which aggregates Autodesk and Citrix related technical information, I've created a page on Citrix Developer Network at

http://community.citrix.com/display/xa/Autodesk+Citrix+Best+Practices

Your feedbacks are welcome.

AutoDesk and Citrix Tips and Tricks Part 4

Here is a video demo of how to apply Autodesk AutoCAD Map 3D 2009 on XenApp post installation script.

http://citrix.utipu.com/app/tip/id/5027/

Here is the embeded version of the same video.The embedded video currently doesn't have associated notes. Please click the links above to see the same video with notes and at a higher resolution

?

For more information and download the script, please visit the following link

 http://community.citrix.com/display/xa/Autodesk+AutoCAD+Map+3D+2009+on+XenApp+post+installation+script

Tip:

• You can find a log with details about the execution of the scripts in the user profile directory named AutodeskForCitrix.log
• The template directory in which the information is saved has to exist before running the scripts
• Change the batch files to use a different directory to save information. Network share is supported
• Run the apply script automatically whenever a user logs in

Please see my blogs for the complete series.

Ray Yang

AutoDesk and Citrix Tips and Tricks Part 3

How to publish AutoCAD Map3D 2009 on XenApp

Here is  a short demo of publishing AutoCAD Map3D 2009 as a published application on XenApp.

http://citrix.utipu.com/app/tip/id/5015/

Tip: publish executable acad.exe

How to change published Map3D 2009 icon

When you use the default settings to publish AutoCAD Map 3D 2009 on XenApp, the icon associated with this published application is different from the official blue icon the installation placed on the desktop. This short demo shows how to associate the right icon with the published application.

http://citrix.utipu.com/app/tip/id/5017/

Tip: get the icon file location from the desktop shortcut property.

Please see my blogs for the complete series.

Ray Yang

I've been working with AutoDesk for a while to ensure AutoDesk products can work well with Citrix products and create new solutions.

I'd like to share what I learned with the community. Thus I am creating this tips and tricks series to cover all things that are related to AutoDesk and Citrix. I will try to cover mainly technical information, tips and tricks. But I may include other useful information as well.

Many thanks to everyone who helped with this on-going effort!

If you would like to hear more about certain aspects of AutoDesk and Citrix related solutions, please leave comments on my blog. I'd love to hear from you.

Ray Yang

How many times have we watched our favorite super heroes cornered into a situation that appears hopeless when they reach into their utility belts and pull out a tool that saves the day?

We would like to equip our customers with the tools that can help them face challenging circumstances. In the past few weeks we have released a number of new and updated support tools.

Examples

Print Detective CTX116474

Medevac 2.5  CTX107935

CtxHideEx32  CTX110341

Citrix ICA File Creator CTX113472

ScreenHistory 1.0 CTX113046

JetTest CTX116532

DSInfo 1.2 CTX114916

We are working on some additional support tools to increase your arsenal but we would like to hear from you. Please email us at supporttools@citrix.com and let us know how we can help you become a Citrix Super Hero.

Brandon Shell (MVP PowerShell) and I are planning a more advanced level MFCOM and PowerShell Webinar to manage XenApp. We are looking for some input for the webinar content. Tell us what particular script or sample  code you would like to see via comments. If you would like us to demo a particular method or a call then please leave us a comment. We would try our best to include it in the webinar.

Follow the link provided to view the previous webinar where Brandon explained how to write MFCOM scripts using PowerShell to manage XenApp.

In a previous post, I talked about the 3 layers of a virtual desktop (OS, Apps and Personalization) and spent some time discussing the must haves and might need items that should be part of the base OS build.  This time I want to talk about the second layer, application delivery. 

As you are probably aware, application delivery in a XenDesktop environment is done with XenApp.  Now, I'm not going to tell you about how cool XenApp is (I leave that to the product marketing people). What I do want to spend time talking about is how we choose the best application delivery technique for a virtual desktop, because XenApp gives us three options:

Installed

• Applications part of the virtual desktop OS build
• Processing occurs on the virtual desktop
• Impacts processor and more storage required for deployment as base OS image also includes applications
  

Streamed

• Applications streamed to the virtual desktop upon request
• Processing occurs on the virtual desktop
• Slightly higher utilization when compared to installed applications due to the streaming client
• Base Operating System images and applications remain separate entities
  

Hosted

• Applications run remotely on a XenApp server
• Application processing occurs on XenApp server
• Running multiple applications has little impact on virtual desktop utilization due to the hosted application client

So, how do you choose the best option? Simple, close your eyes and point to one.     This might work, but it probably won't give you the best results.  If I was designing a solution, I would want to base these decisions on the following criteria:

The Primary and Secondary options are general recommendations.  For base applications like Microsoft Office, it will be a decsion by the business whether streaming or installing makes the most sense. But remember, installing applications into the virtual desktop means that everyone assigned that OS will receive those applications.  Streaming and Hosting allows fewer base OS images while still allowing for dynamic application sets based on user credentials.  

If you think the criteria will be difficult to remembr, look at it this way:

• Base applications
• Anomalous applications
• Resource intensive applications
• Technically challenging applications

This is the BART Principles of Application Integration.  It is really amazing how much you can do in life by basing ideas on The Simpsons. 

Let me know your thoughts on the BART Principles. 

Daniel

Bart Quote: If I do something bad and there's no one there to catch me, does that mean I'm good?

I interviewed Chris Mayers for this topic.  Chris has been with Citrix since 1998, and in his role as principal security architect at Citrix, Chris has both internal and external responsibilities for promoting security, developing security strategies and advocating the secure enterprise.  Based in Cambourne, Cambridge, Chris's job takes him all over Europe and to the USA, where he can be found advising CIOs and CSOs, presenting White Papers at industry conferences and working to develop Citrix technology to ensure it continues to protect the 'perimeterless' enterprise.

Here is Chris:

Q: Chris, first can you explain what we mean by "Strong Authentication"?
A: Strong Authentication is multiple factor authentication.  The classic definition is something you know (such as a password), coupled with something you have (such as a token or smartcard) or something you are (biometric data.)  For remote access using Web Interface, Citrix recommends that customers always use strong authentication rather than just passwords.

Q: That makes sense.  Why wouldn't everyone use strong authentication for remote access?
A: Everyone should use strong authentication, but there are choices, so it's a question of balance.  Security requirements are balanced against cost and user acceptance.   The number of users who actually need remote access, and the applications they are using must be evaluated.  There may be less expensive ways to secure remote access to simple applications such as email - using Smart Access or XenApp capabilities.

Q: What kind of cost would a customer be looking at for implementing strong authentication?
A: The good news is that the purchase price of second factor devices has come down in recent years.  A security token, for example, costs only a few dollars now.  Unfortunately there are additional costs, such as fulfillment to the user, and administrative and help desk costs; these need watching.

Q: What about user acceptance, why is that an issue for customers?
A: Well, users are required to either carry an item with them for access (something they have) or use biometrics (something they are.)  End users must be involved in this process - authentication is not something administrators can do for them.  So, users may view this as inconvenient. 
One interesting way around this is dual-purpose: combine strong authentication on an item the user can use for other tasks.  There are several solutions based on mobile phones, USB tokens (which can be used generically as well), and smartcards (which can be used for digital signature and encryption as well as authentication).

Q: Counting on users is always risky  How do you recommend IT deal with this?
A: The trick is to manage risks and have a calculated backup plan.  For example, if tokens or smartcards are used for strong authentication, and the user loses, damages or forgets the item, you might enable the help desk to temporarily allow a password to access the account remotely.  That way, even if a user intentionally "forgets" the item, there is no excuse to avoid work!

Q: What about biometrics - that way the user doesn't have to remember a device?
A: Biometrics are great for unlocking things, like laptops and doors.  The big danger for the remote access use case is that the biometric data can go over the network.   The issues with this are nasty - stolen biometric data can be much more damaging than stolen credentials (biometrics don't change like passwords do.) 

Q: Does Citrix provide strong authentication solutions?

A: No, but Citrix has numerous partners - check out Citrix Ready.

I interviewed Ola Nordstrom for this topic - way interesting!  Ola is a Senior Security Engineer at Citrix. He has been securing XenApp for the last five years. He's been involved with a number of product features and has driven numerous security improvements. He has a Master of Science in Computer Science degree from Georgia Institute of Technology and is a Certified Information Systems Security Professional (CISSP).

Here is Ola:
  

Q: Ola, what is an "Attack Surface" as it relates to software?

A: Attack Surface is a measure of how potentially vulnerable a piece of software is.  It enumerates the entry points and associated code a malicious user could employ to exploit the software. 

Q: What are examples of entry points?

A: Examples would be open sockets, RPC entry points, and even the number of web applications hosted inside a web server. 

Q: Why would the number of web apps running be an issue?

A: The more programs that are running, the more program code is exposed to malicious users finding vulnerabilities. Also, larger programs will tend to provide more opportunities for exploitation.  For example, a web application with 1000 lines of code is generally less likely than a web application with 10000 lines of code to have vulnerability.  

Q: Are there any "best practices" that can help customers reduce attack surface of the software they use.

A: Disabling unneeded features is a good step.  In fact, software vendors like Citrix are tending to disable more features by default to improve security.  Customers can also disable services and features not used - the smaller the number of features, the less attack surface is effectively available. The principle of least privilege also applies to all deployments. 

Q: What other steps is Citrix taking as a software vendor to decrease attack surface of our products?

A: We are disabling more features by default, of course.  We are also reducing the privilege of each component to the lowest possible - this is valuable in restricting capabilities of a component, even if it IS compromised.  In the web server example any vulnerabilities found will execute as the identity of the web server - so the less privileges the web server has the better off the system is. We are also focusing our security scrutiny and testing on components with large attack surface.  If a component is running with high privilege and is processing complex data (lots of code), that component has a high attack surface will receive more security review.  

Q: Can attack surface be measured?

A: Yes, there is a Relative Attack Surface Quotient metric that allows for comparisons. 

Q: Do you have any reference for more information?
A: Sure.  Measuring Relative Attack Surfaces and The Attack Surface Problem     

On Oct 15th we released HRP03 for PS 4.5 on Windows Server 2003 and XenApp 5 on Windows Server 2003. Traditionally XenApp HRPs (Hotfix Rollup Pack) are a bundle of bug fixes and hence not that exciting. But in HRP03, in addition to XenApp bug fixes we included IMA optimizations that provide the following benefits.

Improved Performance

• Faster load balancing (up to 65% in >250 server farms)
• Time to bring up a large global farm with multiple sites is dramatically reduced (the farm-wide start up time was improved by 25% on physical machines and 59% on VMs in >50 server farms)
• Improved replication of session and load data over slow WAN links

Higher availability

• Provide user access resiliency (avoids periods when new users are denied application access for several minutes)
• Fewer data store corruptions
• Data collector election resiliency (69% improvement in election time with 2,000 applications and 95% improvement with 50,000 sessions)
• Better diagnostics
• Optimized caching of user and group information on XML brokers to better handle environments with tens of thousands of users

These updates are further explained within CTX118658 and CTX118659. Also check out the 10 minute webinar explaining the technical details of these optimizations.

The App Compat Toolkit for XenApp is a valuable web resource that contains essential tools and best practices to help customers and partners quickly migrate applications to XenApp. It's as easy as Analyze, Virtualize and Validate.

Analyze - Quickly determine which applications have already been delivered with XenApp by searching the new Citrix Ready Community Verified online database.

Automatically assess the application in your environment to understand any incompatibilities in detail by using the AppTitude Virtualization Manager for Citrix XenApp from our ISV partner AppDNA. This product is currently in beta, click here to download.

Virtualize - Best practice is to virtualize every application and manage as a single instance in the datacenter. This reduces incompatibility and conflict on the server and on the user machine and dramatically reduces testing and support costs

Validate - Choose the application testing method that is best for your environment. Test in house with fully configured Evaluation Virtual Appliance (EVA) or the new Citrix Ready Virtual Lab online test portal. Either way, you get to Proof of Concept and final deliver faster and with more confidence. To learn more, go to the Validate page.

The App Compat Toolkit for Xenapp gives you:

• Faster time to application delivery
• Increased confidence by following best practices
• Quicker remediation of application incompatibilities
• Leverage of the experience in the Citrix community
  
  

We introduced this last week at Summit and have received a favorable response. Please tell us what you think? Please leave a comment.

One of the common questions and quests around user profile solutions is improving logon speed.  Often there is an expectation that if the profile load time is addressed, my logon time issues are addressed.  This is not always the case.  There are other factors that influence the logon time.  Group Policy objects, global logon scripts and user logon scripts are other critical areas that have significant influence on logon times.  So let's take a closer look at the influence the user's profile has on logon speed.

User Profile Manager 'might' help improve logon time but it really depends on what is in the profile and what is consuming the time to load it.  Also keep in mind if you are currently using a mandatory profile (a size controlled profile that does not store any new settings from a user's session) then moving to User Profile Manager will likely increase the size of the user's profile (since now the user can add and create new settings, files and folders in their respective profile).  A larger profile means it will then take longer to load than the previous mandatory profile.  Of course the upside is the user now has a much more customizable and personalized experience.

Let's compare User Profile Manager to roaming style profiles where the user's profile settings are stored and will follow the user from computer to computer.  User Profile Manager may improve logon time significantly if these profiles are being weighted down by bloat.  User profile bloat is when there are many extra settings, files and folders in the user's profile that are not needed but are still being captured and stored (here is a blog on profile bloat: http://community.citrix.com/x/A4AaAg).

With User Profile Manager, you can granularly define what is included and what is excluded in a user's profile. This includes using combinations of includes and excludes to further refine and target only what is absolutely required to be in a user's profile.  Thus by managing the size, the time it takes to copy down is optimized and improved.

But if everything in the profile is necessary and needs to remain in the profile, now we have a traditional bandwidth challenge.  How do you get data from point A (on the network) to point B (on the windows device) more efficiently and more quickly?  As there is much improvement that can be done in this area, it will be a focus area of User Profile Manager over future releases.

Next let's cover the question of how do I know if the profile is dragging out the login time.  It could be the profile is very large and the time it takes to copy down to the system creates logon lag (which often feels exactly like jet lag).    One option is to allow Windows to cache the user's profile.  By caching and thus retaining the profile on the local drive, only changed or updated files in the profile are copied down on next logon to the device.

While caching profiles may be fine on individual devices and desktops, not so much on a XenApp server when you could have 100s or 1000s of users (or even more) passing through.  In fact on XenApp based deployments you almost never want to cache the user profile (is there ever anything in technology that is an absolute).  While caching will certainly speed up logon time, it turns your server into a profile storage device which can easily translate into gigabytes and gigabytes of storage on that local drive.

So how do you figure out how much overhead the profile (or even part of the profile) is adding to the logon?  Based on finding this answer you will better be able to determine whether User Profile Manager will benefit logon time.  User Profile Manager offers the ability to extensively log the activities during logon including the time each activity required.

Not only is the profile loading process logged (NTUSER.DAT, files and folders) but also times querying AD, getting correct paths, etc. will be logged with time stamps.  In order to capture the user specific logging, please ensure that users have write access to %systemroot%\system32\LogFiles\UserProfileManager (the default Windows log directory).  Since users do not typically have write access here, you should add the user group "Authenticated users" to have write access to this directory.

So now that logging is enabled and you have logged on and off with some user accounts, let's take a look at what you have now.  At the end of the loading process of the profile, UPM summarizes this. Here's an example log entry:

2008-10-12,15:44:46.552,INFORMATION,SEPAGO,Joe,2,DispatchLogonLogoff: ---------- Finished logon processing successfully in [s]: <2.28>.

*Tip*: Always search for "-------- " to get starting and end points of logon / logoff events with accumulated information.
Wow, 2.28 seconds to process the logon -- this would be a great performing environment (this example was only processing the Registry and not files).  If the time captured was similar to "Finished logon processing successfully in [s]: <20.00>." (or more) you should have a look at the single timestamps in the logfile and identify if a big gap exists between two entries.  That is presumably the point you can start searching for what is going wrong.

If there is no such gap, have a look at the profile size. Back to the earlier discussion, if everything needs to be in a 2 GB profile, then this becomes a different discussion.  A discussion we should have someday soon.

Can you run Direct3D apps on XenApp? What about WPF apps?

Direct3D, part of Microsoft's DirectX API, is used to render 3D graphics in applications where high performance is required. Direct3D apps are not generally supported on XenApp because they require hardware acceleration. That's what kicked off the 3D acceleration technology being developed by Citrix under project Apollo. However, some Direct3D apps will fall back to software rendering, so they can be hosted on XenApp. It depends on whether the software developer has enabled fallback to the software rasterizer. Be aware that Direct3D apps may consume a lot of CPU to do the graphics rendering, especially if they make use of a lot of fancy effects. You'll probably want a multi-core server with lots of memory to deliver these apps.

WPF (Windows Presentation Foundation, the graphical subsystem of .NET Framework 3.0 and above), although Direct3D based, automatically falls back to software rendering when no GPU is available. WPF apps have been supported on XenApp as of PS 4.5 FP1 which was released in September 2007. They will run on XenApp for Windows Server 2003 when 16-bit or "5-6-5" color (also called "High color") is configured. With Windows Server 2008, 24-bit or "8-8-8" color ("True color") is also supported.

Depending on the WPF functionality that is leveraged by the application, performance and scalability on XenApp will vary. SpeedScreen Progressive Display optimizes the delivery of rendered graphics to the client device via compression and auto-sharpening. However, WPF applications using intensive 3D graphics or fading effects will consume more CPU and memory than typical GDI applications, so you can expect server scalability to be lower. Another challenge for project Apollo . . .

Derek Thorslund
Product Strategist, Multimedia Virtualization