XenApp Expert Series - Informational, News, Interviews (2009) The show where we interview the experts to get you the latest research and technology news on XenApp application virtualization. Host Vinny Sosa (@vinnysosa) interviews Product Strategist Derek Thorslund (@derektcitrix) to help everyone understand the HDX Technology stack. This is part one of multiple videos that will dig deeper into HDX technologies. Episode 3, Season 1.

View this Episode and Subscribe to the XenApp Expert Series

Follow XenApp on Twitter

Download XenApp technology previews

Learn more about Citrix HDX

Last month we released the Power and capacity management tech preview for XenApp. If you're using server-side application virtualization and delivery with XenApp, then you'll want to check it out. We've put out a couple of blog posts (1 | 2), a demo, and a couple of videos on it including a XenApp Expert Series video and audio episode with Sridhar Mullapudi (Product Manager). We also have a new episode coming up in July with Juliano Maldaner (the Architect). What's more, both of these rock stars are getting together to do a TechTalk on this same topic.

The TechTalk is going to cover the features, functions and components of Power and capacity management and the guys will also talk about how to deploy it for virtual server infrastructures or physical machines using Wake on LAN. They'll even provide some tips on using this technology to help with migrations.

The great thing about this vs. the other content we've created already is that there's a Q&A at the end so if you're interested in the technology, now's the time to ask your questions.

Stay Updated! Follow XenApp... XenApp on Twitter | XenApp TV-Radio | XenApp Tech Previews

"During times of universal deceit, telling the truth becomes a revolutionary act."  Those are the words of the infamous George Orwell.  The same guy who wrote Animal Farm and forever changed our views about social behaviors.  Orwell developed a farm full of animals to imitate the behaviors of humans in their most despicable forms.  For those of you who have read the book (and for those of you who are less enlightened) you'll remember that the Pigs wield the power of deceit to convince the rest of the "animals" that their situation is much better than it really is... creating a power base from which they (the Pigs) rule.

Well, with all of the hype around what Clouds are and are not, I've got some great news for you.  There is a storm on the horizon and it's full of Clouds that have applications pouring out of them.  That's right, it's an application fest and Citrix is seeding the cloud with a form of "silver iodide and frozen carbon dioxide" (oops, dare I say that with Cap and Trade on the horizon). We want it to rain applications and give service providers the means to successfully pull additional revenues by supplying their customers with applications that run better and give a High Definition User eXperience (HDX).

Wouldn't it also be awesome if you could manage your entire data center and have a fully optimized workload management capability that provided high availability and flexibility.  Well then... you need to look at how server virtualization works with application delivery as well for a highly profitable approach to the Cloud.

So tell all of your friends that might want to know more about how to make this happen by registering for the Citrix Service Provider Business Webinar and you won't be fooled by the Pigs.

Registration Information 

Citrix Service Provider Business Overview -

EMEA (https://www1.gotomeeting.com/register/527632217)

Americas (https://www1.gotomeeting.com/register/822345865)

APAC (https://www1.gotomeeting.com/register/826234609)

Twitter

Check out the newest Branch Repeater customer case study posted on citrix.com at http://citrix.com/English/aboutCitrix/caseStudies/caseStudy.asp?storyID=1855157
 Lately I have been discussing with partners and customers about how enterprises pursuing M&A strategy or with distributed branch offices often face the kind of challenges that Consolidated Graphics faced. Enterprises with far flung offices and locations are now looking at ways to reduce the cost of delivering applications to branch offices while improving user experience and productivity. Check out the case study to see how Consolidated Graphics:

• • Enabled datacenter consolidation for cost savings
  • Simplified IT administration
  • Doubled throughput on existing T1 lines, avoiding need for network upgrades
  • Improved the user experience at branches

Happy reading!

Sai
Twitter:@SaiAllavarpu

Citrix Branch Repeater: http://www.citrix.com/English/ps2/products/product.asp?contentID=1350184

One hundred and fifty billion dollars! That's $150,000,000,000 or €107,635,000,000 or ¥14,458,000,000,000. In any currency we are talking about a lot of money. According to some estimates this represents the total projected revenues for Cloud Computing by 2013.  Don't you wish you could capture just a small percentage of that total market?  Just think, a 2% capture rate would yield $3,000,000,000 or €2,152,700,000 or ¥289,160,000,000... still a lot of money. 

Well we may be on our way as we see the evolution of Amazon S3 and EC2, Google Apps, Microsoft Azure and IBM's LotusLive Connections.  Even though Larry Ellison has been quoted as stating Cloud Computing is "gibberish", now Oracle has even entered the mix.  How are we to make heads or tails out of all this?  What is the breakdown of the Cloud from a business perspective and what is the evolution from where we are today. 

It all starts with two basic descriptions, "private" and "public" Clouds.  There is a very important distinction here in that the road to implementation will be markedly different in each area.  How Information Technology evolves between now and 2013 has everything to do with these terms.  Kind of scary but even the U.S. Government is involved as the National Institute of Standards and Technology has published their definitions and findings.

In the Private Cloud world, large enterprise businesses will be looking for ways to evolve their current IT environment.  And like a wave similar to electronic miniaturization when microchip technology finally came of age, IT will be changed forever.  Enterprises will be trying to figure out how to model their internal IT operations after the Web and web based applications.  There are a few model companies today who have already done the math, understand the value proposition of working this way and are full steam ahead in implementation. 

Bechtel is one such large enterprise.  In an article entitled "Around the Clock, Around the World", they talk about how they are changing the future by using virtualization infrastructure today, "Bechtel's Information Systems and Technology group developed a "virtual company" of dedicated servers, firewalls, and software programs to enable massive transfers of engineering data..."  As a result of this progressive approach to managing information using private cloud technology, "Bechtel's intranet, combined with work-sharing software and advanced network security, is making it possible for far-flung team members to communicate and tap securely into linked databases, CAD models, and other tools."  Bechtel relies on technology from Citrix to achieve this state.

The second and possibly more controversial category is the Public Cloud.  The companies given the most publicity in this area are those highlighted at the beginning of this blog.  Amazon, Google, Microsoft and IBM have the most notoriety.  However, companies like RackSpace are emerging as well.  There is quite a bit of swirl around how these monoliths will shake out in terms of winning the space.  The end goal for these companies is to produce utility based Information Technology.  Some would say that this is the commoditization of services heretofore called the IT organization.  The truth is that there will be a mix of virtualized data center infrastructure (IaaS) and application delivery platforms (PaaS) starting with non-mission critical workloads and services.

Within this "Public Cloud" category is a subset that currently services the Small and Medium Business segment.  These are the companies who have seen the hype and latched onto the taxonomy.  What were at one time "Hosting Service Providers" now look at themselves as Cloud Providers.  And why not?  They have very similar business goals as the Amazons and Googles of the world... namely, the portability of services from on-premise to off-premise using a time based subscription model.  Most of these companies are part of the Microsoft eco-system driving revenue for themselves and for Microsoft through the Service Provider Licensing Program.  Why is this important to those who would play in the Cloud space?  Because there are over 5 Million SMBs in this target market worldwide with an average employee count of 100.  In each of these SMBs, a percentage would be considered knowledge workers who require business productivity applications.

Nasstar, a "cloud provider" in Europe is taking advantage of this new ideology and technology approach.  They boast subscriptions for SMBs in London and the surrounding area with a growing contingent of customers.

Now to round out the discussion.  With a typical subscription rate of $50 per month for productivity apps in the SMB, the projected worldwide annual revenues for the Hosting Service Provider community could be $30,000,000,000 or €21,577,000,000 or ¥2,891,000,000,000. And that is a lot of money too!

Whether Private or Public, Large Monolithic or Hoster (for SMB) one thing is agreed upon by all who are in the market....namely, there is only one way to achieve the scale needed to capture these revenues....Virtualize!

Twitter

Common Application Streaming question:

How much data lands in the execution cache compared to what is captured at profiling?

My quick answer to this question is 25 to 30% of the captured content will land on the execution machine at runtime.  A more correct answer is ... "it depends".   People like numbers and they need numbers, so we give them numbers.  Statistics though can be misleading.  Are they good numbers? Sure, absolutely! Read more to understand some of the complications.

To get it started, this is the wrong question.

What people really want to know is how much disk space is used to deliver this application via Application Streaming as compared to delivering it via local install?  Answer: 35.6%.  Again, read on for more details because the real cost is a bit lower than this number and gets back to that 30% space, or the real cost is quite a bit higher than this number depending on whether you're going to go offline or not.

Application selection

The selection of the application here greatly changes the outcome of the question and deliverying for OFFLINE really changes the calculation.  First, consider online execution.  If the application has only a few files, all of which are accessed at runtime, then the isolation system will populate 100% of what was profiled.  By contrast, if the application has thousands of files, most of which it never accesses, then the answer approaches zero. 

The key point is that files are brought in when they are ACCESSED.  If they are not accessed, the isolation system LIES to the application to tell it that the stuff is present when it really isn't.  When it isn't, it doesn't use any disk space and it doesn't occupy any network time being copied in from central strore. 

It is amazing to watch how much stuff applications install that they NEVER, EVER reference.

NUMBERS

The measurements that follow are taken from my primary notebook machine, running non-release Windows 7 RC1, with Citrix Application Streaming, non-released development "tips" build from about 2 days ago that flunked build test, but which seems to be working pretty good for me.  I'm connected to the "showcase" farm inside Citrix, which is where we put the stuff that isn't released yet to "use what you sell".  Hundreds of people using this by the way.  I'm running a non-release and pretty current PNAgent which I haven't changed since before Synergy conference.  This is about as "stable" an environment as I get.  Other than these items, my environment is pretty typical and should be fine for statistics.
Why Microsoft Office 2007?  Answer: It's a really big application and everyone understands it.  Is it an example of a typical application?  I'm not sure, but it is sure an excellent testcase for proving out an isolation system.

Framing the problem
There's more to it than what gets populated into the execution cache; offline/deploy and online are also part of the equation.  If the execution is "stream to server" then there's no need to deploy a copy of the execution image on the execution machine.  Disk space usage will be optimal, the low number.

For "stream to client", offline will be common, so disk usage will be higher as you have to store a COPY of everything that is on the Application Hub that supports your execution.  This storage though is a compressed version of what was captured at profiling, so it is reduced in size and you only get a copy the execution target that is right for your machine, so the size used for deploy will often be less than the disk space used on the server that stores the execution content.

Application Hub:
Our showcase farm is consuming 27.2 GB of disk space to store MS Office 2007, on the server.  Much of this is wasted space because no house cleaning has occured.  There are for example 5 version of the execution target stored which support Vista/Windows 7 and there only needs to be 1.  My admin could save 80% of this disk space and nobody would notice.  By spending the disk though, he retains the ability to perform rollback. 

LOCAL MACHINE
Deploy: 1,161,958,306 bytes. 

Notice this is a WHOLE bunch smaller than on the App Hub.  I'm pretty sure our admins flush out the old stuff to help keep this number small, but even if they don't, I format and reinstall machines often enough that this doesn't come up.  The deploy location though is COMPRESSED.  We install everything and a bunch more when profiling for the showcase farm.  The expanded number for the size of the packaged MS Office is 2,125,243,930 bytes.

RadeCache populated execution space = 321,401,139 bytes.

Drum roll for the math

Online: 321,401,139 /  1,161,958,306 = .2766 = 28% OR

Online:  321,401,139 / 2,125,243,930 = 15% (That's a nice statistic!)

Offline: (321,401,139 + 1,161,958,306) / 1,161,958,306 = 128%
Did you just say that offline streamed uses MORE than locally installed?  Yes.  We made a conscious decision for this actually.  The extra disk usage allows online and offline streaming to be largely the "same" from the view of the isolation engine.  Technically, this is called "deployed" or "not deployed".

Compare to locally installed.

I had to struggle, but I found a Citrix PM who is still has MS Office 2007 locally installed where I could get some numbers.  His machine has 904MB, 904,155,136 bytes consumed.  Notice that this is smaller than the 1.1GB that is in the CAB file that our showcase farm has.  This is expected.  Our build has some other stuff added beyond the base MS Office and also was profiled with the of MS Office install selections, selecting "everything". Among the nuggets that are "extra" in the profile are a full copy of Mozilla Firefox.  I'm not sure what it's doing in there, but adding these things does make the profile grow.

Using these "common user" numbers for locally installed and comparing to the showcase MS Office 2007 profile, we can calculate a second statistics.

Online vs common user: 321,401,139 / 904,155,136 = 35.6%

Offline vs common user: (321,401,139 + 1,161,958,306) /  904,155,136 = 164%

Fascinating numbers.  What good do they do me?  I'm not totally sure.  If you operate on the theory that streamed delivery will use about the same disk space as installed delivery, you're in the right ballpark.

Joe Nord

Product Architect - Application Streaming

Citrix Systems

In the first part of this blog series we looked at specific details on Citrix Delivery Center and the Disaster Recovery demonstration for SAP NetWeaver. In this posting we will cover different High Availability solutions also demonstrated at SAP. In addition to this blog series, please refer the Reference Architecture document that provides all the technical details about Citrix and Marathon solutions implemented for SAP.

Getting back to High Availability, Citrix XenServer and Marathon Technologies everRun VM for XenServer provide solutions that covers a broad spectrum of High Availability requirements  ranging from maintenance to complete system-level fault tolerance. Given the breadth of High Availability solutions, IT administrators are bound to find a Citrix XenServer High Availability solution to meet their application availability needs.  

When looking for an HA solution, various factors such as application criticality and business impact must be considered before choosing a particular solution for an application. A more detailed report on determining availability requirements can be found here.  
In our Proof Of Concept environment at SAP, we showcased all levels of High Availability offered by XenServer and everRun VM. First let's look at the out-of-the-box High Availability solutions that XenServer alone delivers:

• XenMotion: XenMotion supports live migration of running virtual machines from one XenServer to another. The primary purpose of XenMotion is to prepare for planned server maintenance.  The end user will not experience any interruption in application performance in XenMotion.
• XenServer High Availability (HA) - Level 1: XenServer HA provides High Availability by automatically restarting failed virtual machines on a different XenServer host within the same resource pool.  The end user will experience an interruption in service as the virtual machine restarts.

In addition, Marathon Technologies everRun VM for XenServer provides High and Continuous Availability for critical virtual machines hosting business applications like SAP NetWeaver Portal:

• everRun VM for XenServer-- Level 2: Marathon Technologies everRun VM Level 2 delivers High Availability from component-level fault tolerance, eliminating downtime caused by I/O component failures and guaranteeing recovery from system failures. The solution identifies faulty I/O pathways before they become a problem and responds to a wide range of I/O and component failures. Active validation of all components on primary and secondary hosts ensures smooth recovery following any primary host component failure.  
• everRun VM for XenServer - Level 3: Marathon Technologies everRun VM Level 3 provides Continuous Availability from system-level fault tolerance, eliminating data loss, downtime and transaction loss. It offers all of the benefits of Level 2 and adds two important attributes:
  a.    Zero downtime, even with complete XenServer host failure.
  b.    Preservation of application and memory states during failure.

The following video features the Marathon everRun VM Level 3 High Availability solution demonstrated at SAP Co-Innovation Labs, Palo Alto. Again, for more technical details on the implementation, please take a look at the Reference Architecture.

I need to be clear up front that this is not a blog about our Citrix Online products.  Although there is a way to resell the Online SaaS products, that is a discussion for another blog.  This blog is about setting up your data center to host Windows applications in a Software as a Service model using the Citrix Cloud Center (C3) products. 

I recently spoke to Byron Altridge, Vice President at ClubDrive, one of our new Citrix Service Providers in the U.S. about his company's success in this space and he was kind enough to share with me how they are becoming one of the fastest growing companies in Atlanta.  From a business perspective, Byron told me they are pretty much doing everything by the book in regards to finding the target market and providing a valued service to their customers.  Like so many other Service Providers however, they were lacking the tools to make the delivery of applications over the open Internet seamless and simple.

When the team at ClubDrive found out about the Citrix Service Provider Program, they were one of the first in line to pick it up and put it into action.  Byron turned me on to his CTO, Nathan Kelly and we went over the configuration of his data center using C3.  Nathan told me, "It's really quite simple.  We use the inherent security of XenApp by managing the applications from a single instance.  There are 2 NetScaler devices in the DMZ at each location that monitor each other locally in the event of failure and also monitor the other location devices in case of failure - this provides High Availability for the users.  And because there is so much efficiency in XenApp workloads using XenServer, the combination provides us with the best approach to making our hosting center work."  The diagram below depicts the configuration of the ClubDrive hosting center using C3 technologies.

Note that ClubDrive also opted to create fail-over redundancy using a mirrored approach deploying C3.  The combination of network optimization with NetScaler, single instance management with XenApp and server virtualization with XenServer creates the best revenue generating, cost optimized approach to hosting Windows apps.
 
Based on the popularity of this offering we will be providing both a business webinar and a follow up technical webinar for hosting service providers in July.
 
Stay tuned.

Part - 3

In this entry of the series, I am going to answer a few questions we asked ourselves while planning our BYOC program at Citrix.

In the Citrix BYOC program (I named it Citrix Choice), I was on the steering commitee and we had a few questions to ask ourselves.

Here were some of the questions we asked:

"How much of a stipend should we pay per user?"
We chose $2100 because we asked the users to get a new computer with a 3 year warranty. Of course this amount varies from company to company depending on budgets, etc.

"Should we have system requirements?"
We went with the fact that most of the computers coming out had respectable performance. We also mandated that the users with a BYOC computer have an anti-virus solution, the Citrix Receiver and related plug-ins. We set up an AWESOME internal website that had guides on configuring the wireless connections, Citrix Access Gateway, Citrix Receiver, and other settings the user might want. We leveraged our partnerships to get discounts on Microsoft Office, anti-virus, and other hardware and software needs.

"What OS's should we allow?"
We had clients and software for Windows Vista, XP, and Mac OS. We might do Linux later, but we wanted to go with the three mainstream operating systems with our initial roll-out.

"Why should we do this?"
Users wanted the latest a greatest hardware and wished IT could keep up with the curve. On a standards scale, it is hard to do that, but if you are a self-supported user then that makes it feasible. If you are a Hardware geek (like me), you like to change out your equipment quicker than the IT timeline for refresh. BYOC gives that flexibility to do this. We also wanted to leverage our own solutions

"Are there HR concerns?"
This was a big question for us. We debated on this for a few meetings and took a few weeks on this part of the process. We wanted to make sure we were compliant with regulatory items. We leveraged our current policies for much of answers. Most of our policies already addressed most of our concerns. Most companies already have these types of policies in place. Check out your company's data, email, and technology policies and you will find out that most of your concerns are already covered. Legal departments usually cover all possible bases when they make these policies.

"Should there be a term?"
Of course every company, country, and department has different requirements and wants/needs for this area. It is a very difficult question to answer , but we chose 3 years at Citrix. So when the warranty is up, the term is up. This way the user does not have to pay premium prices for any repairs or parts after the warranty has expired. The user can then "opt in/out" for the next three years.

"How can we do this and maintain compliance?"
We leveraged our own products (XenServer, XenDesktop, Access Gateway) to keep in compliance. With Citrix solutions, we are able to keep data secure and encapsulated within our secure corporate environment. All of the users work related documents are stored in a home folder on the network.

"How much freedom do we give the users?"
We give the users the freedom they have been demanding while keeping compliance. We give them the freedom to use any computer they want. We also give them the freedom to have one computer for work and play. With the company data secure on our internal network and documents stored in network home drives, the user has carte blanche to do whatever they want on their computer.

Hopefully, this helps answer some of your questions and can help you in implementing your own BYOC programs. If you have any other questions, please feel free to email me at tedd<at>citrix<dot>com and I will try to address them in future posts.

More later...

User32.dll is a magic item.  As a programmer, if you want to take the machine over, then user32.dll is your best friend.  User32 is a system DLL that gets loaded into all programs, system and user, that do anything with the GUI.  User32 has a nice side benefit that it also loads other DLLs, by name.  The list of DLLs to load is stored in the registry in a string item, AppInit_Dlls.  Yes, this space is only writable by privileged proceses, but if you can get yourself on the AppInit_Dlls list, you're golden!  This is so handy that it is a common method that viruses use to attach themselves to all the processes on a system and ... is how application isolation systems like Citrix Application Streaming do their work.

Notice above, I said ALMOST all processes link to user32.dll.

There are many processes which do not load user32.dll and if they don't, then things that load as part of AppInit_Dlls will not get loaded.  If you're in the application isolation business, this is not good because it means that you can't isolate that application. 

A common question - Does Citrix Application Streaming depend on the application loading user32.dll in order for the isolation system to hook the app's execution?

Answer: No. 

The more elaborate answer is that AIE on Presentation Server 4.0 did depend on the application loading of user32.dll, but Application Streaming does not have this limitation. 

Propeller talk on user32.dll. 

If you want to know more about hooking processes and user32.dll, here are some good and entertaining references. 

• User32.dll is really important
• AVG Virus scanner incorrectly recommends erasing user32.dll (Awesome!)
• AppInit_DLLs should be renamed Deadlock_Or_Crash_Randomly_DLLs
• How virus loads
• Microsoft Malware Protection Center blog (good reading)

Probably best for a separate post, but the second item here is really interesting.  If you think you have a virus and do a google search for "user32.dll virus" you'll get 574,000 hits!  Sometimes, it seems like the "fix" for virus is worse than the virus itself.  If you delete user32.dll, you're up a creek with no paddle!  You can hope that the Windows XP system file protection will put it back, but it's still a scary proposition. 

Consider that if you are evil, and you're inserted into system code, then the obvious next step is to hide from anti-virus.  This must be an interesting battle. 

Enjoy,

Joe Nord

This is"part 2" in a propeller-head series about the internal workings of Citrix Application Streaming.  This post covers how stuff in the registry can be "erased" during profiling without really effecting the profiling machine.  The same concepts apply at runtime where the application can erase things from the machine and have this effect only be apparent for the current user rather than the whole machine.

Part 1 covered the same topic for files.

Consider: Machine has registry space at HKLM\Software\DeleteMe (yes, notice the easy to recognize naming).  In this example, there are also a few registry items located in that space, abtly named, item 1 and item 2.

The installation program observes that this space exists and as part of its installation activity, erases it.  The job of the isolation system is to let the installer BELIEVE it erased the space, while not really erasing it, so that the streaming client can present this space as "not there", when it really is.

For the installer, I have used CMD.exe and here's the activity, captured as text.
c:\>reg query hklm\software\deleteme

HKEY_LOCAL_MACHINE\software\deleteme
    Item 1    REG_DWORD    0x1
    Item 2    REG_DWORD    0x2

c:\>reg delete hklm\software\deleteme
Permanently delete the registry key HKEY_LOCAL_MACHINE\software\deleteme (Yes/No
)? y
The operation completed successfully.

c:\>reg query hklm\software\deleteme
ERROR: The system was unable to find the specified registry key or value.

From outside of isolation, go look at the "real" registry.  You'll see:
What happened? 

Answer: The true registry was not "hurt" by the profiling activity.  The registry space that was deleted wasn't really deleted.  The captured profile though believes it was deleted and when moved to the execution machine, the Streaming Client will do similar isolation stuff to make this space appear "gone" even if that space really exists.  The "how" follows.

Package the app up and peek into the captured registry contents and you'll see the magic that makes this happen.  Recall from the file discussion, NTFS Alternate Data Streams are attached to the deleted files to describe them as erased.  The isolation system does similar activity for deleted registry.

Notice that the deleted registry space "exists" as part of the captured registry space.  It exists, but there is also this extra stuff that the isolation system references to conclude that this regsitry space is "erased" and should be masked from vision to the application.  In the case of the registry as well as for files, the erased markers are attached to the erased stuff so that the isolation system doesn't have to look far away to index things that are erased.  When a registry key is opened, the isolation system looks to the side to see if the marker is present and if it is, it "hides" this registry key from the view of the application. 

Magic?

I called this magic above.  In reality, no magic.  If the application happened to use and depend on a registry item named CitrixAIEDeletedStatus, this whole thing would not work.  Fortunately, this is a rather unique name and this makes it okay to add to registry space, where the application won't be impacted.  As a last step, the registry items that are the markers "don't exist" from the perspective of the isolated application, so this prevents confusing an application by giving it extra registry items that it did not define.

What is the other Citrix thing

Good question.  The CitrixAIEPlaceHolder item exists so that the isolation system can transport registry KEYS that have no contents.  Compare in concept to XCOPY /S and XCOPY /S /E.  Some application create registry keys (similar to file system directories) and the mere presence of the key has meaning to the application even if that key has no contents.  Since the isolation system stores and later repopulates the registry space in a manner similar to .reg files save and restore, keys with no contents get lost.   By providing an item, any item, the empty registry key is preserved from profiling system to execution system and the application "works" because it sees what it expects to see.

Disclaimers

Lots of bit head stuff here on how the isolation system works.  Don't become dependent on it.  We change these things from release to release and it is likely that the method of representing deleted registry or empty registry can and will change some day in the future.

But - if you're looking at your machine and are asking yourself: What is all the Citrix stuff?  Now you have the answer.

Joe Nord

Several Citrix products have been nominated for the 2009 Information Security Magazine / SearchSecurity.com Readers Choice Awards:

• NetScaler, Application security: Web application firewall, application/code vulnerability assessment/QA, Web services security
• Access Gateway, Remote access: IPsec, SSL VPNs and other remote access products
• Branch Repeater, Other: Branch optimization/application acceleration solution

Thanks to your support, last year we won the Bronze Award under the 'remote access' category for Citrix Access Gateway and the Bronze Award under the 'application security' category for Citrix App Firewall.

While technically not a security product, Branch Repeater does play a role in building a secure IT infrastructure. Branch optimization allows businesses to centralize applications and data in secure datacenters without sacrificing end-user performance.

Surveys have already gone out to readers of Information Security and SearchSecurity.com via e-mail. If you received one of these surveys please take a few minutes and vote.

Deleted files are an interesting topic in isolation systems.  How do you represent a file as "gone", when it is still present?  During profiling of an installation program, the isolation system has to isolate additions to the file system; this part is easy and pretty easy to understand using the "layers of glass" metaphor.  You look down from above and the highest version of the file is the version that you see.  What is more interesting to consider is that the isolation system also has to represent DELETED files; and deleted registry content.  These require placing a marker at higher levels that say to mask vision to the content that really does exist.  Deleting files is much more interesting than adding files!

Consider a view from above, looking down through the isolation system goggles:
 
I used the IIC version of this graphic because it was handy, but consider the above with only 2 layers as this is the environment during profiling.  The PHYSICAL or "REAL" disk/registry is off limits for writes.  When the installer during profiling, or when the program at runtime writes to the isolate space, the changes are reflected as writes to the higher layers of isolation (the first "writable" space, which is always on the top).  This works great for adding content because the presence of the content at the higher layer "masks" vision to the layers below.

For deleting things, this gets interesting.  Consider a program at installation which erases content from the physical machine.  Looking down from above, the installer needs to BELIEVE that the erase it commanded, really happened.  Here, the isolation system has to represent "deleted" files and registry content without really deleting the stuff from the true disk.  Failure to do this would require a VM snapshot thing and resetting of the environment before/after profiling and we didn't want that.  Instead, you can profile over and over all day long without hurting the true physical image - at least for the spaces that are isolated, which is pretty much everything during profiling.

A deleted file is represented as a real file, at a higher layer of isolation.  The real file is changed to have 0 size, but still has the same filename as the lower layer file.  The filesize reduction is just to conserve disk space, but in concept the deleted file is the same file as the lower layer; promotion from physical to isolated occurs commonly for files "changed".  To make the file "deleted", the isolation system tags the file with a NTFS Alternate Data Stream, "CITRIX_DELETED_FILE_MARKER".   If the file exists on the layer of glass, but has zero size and the required tag, then the file "disappears" from the perspective of isolated processes.  The file still exists and is even visible outside of isolation; though it still has no contents.

References:

Forked file systems (Mac)

Scary reference - ADS are evil  IMO, They are not evil, they just aren't widely understood.

Microsoft KB describing how to use ADS

Sysinternals tool for displaying Streams

The fact that ADS are rarely used by "normal" Windows applications makes them a PERFECT candidate for usage in the isolation system.  The isolation system can attach a stream to the file and feel pretty confident that this won't hurt the applications ability to manipulate that file, yet the information associated with that file hangs out and even follows the file from place to place when it is copied.  Note: this isn't exactly true - keep reading.

Profiling

During profiling, the isolation system sets the marker on files that the installation program erases.  In concept, this means that the marker is present on the execution machine at runtime because the captured layer of glass is transported to the execution machine.  In reality, this is true only in concept.  In reality, we use CAB files to hold the layer of glass and CAB files do not maintain streams.  Hum.  Problem.  What did we do?  Answer: When the application installer completes processing, the profiler goes through and "deletes the deleteds"; removing the files with zero size and the stream attached.  This means that the deleted file will not be present in the captured image, but it also means that the marker will not be present at runtime.  Problem?

First, why is this a risk?  If the file existed on the profiling machine (at true disk location), and if the installer erased it; then on the execution machine, if the file exists on the true disk, then at application runtime, the erased file will re-appear.  As the theory goes, the application at runtime will get unhappy.
Is that a problem?

At the time, I wore the FSFD dev hat and took note that darn near zero application installers actually erase things from isolated spaces during profiling.  Those that do, likely will also tollerate that the file comes back.  We also took note that even if the file did re-appear, we could always erase it again using a pre-launch script.  Bottom line: Application Streaming has shipped this way from the beginning and I have never seen a failure attributed to this behavior.

But wait, there are more problems

At runtime, the application may decide to erase things.  In general, the only spaces isolated are the \windows directory and below and the \program files spaces or more precisely, these are the locations where an ill-behaved program may want to erase things; things that could effect the execution of the program.  

It could also be that the application erases some of its configuration data from the directory to which it was installed (a bad application). In either of these cases, a deleted file marker will be generated and will land in the per-user layer of isolation.  This will mask vision to the file on the true disk.  Since this is part of the per-user space, all should be happy because the per-user space will follow the user from machine to machine as part of roaming profiles or even better, Citrix User Profile Manager!  The Win32 CopyFile API DOES maintain Streams!

Problem: Roaming profiles do not maintain ADS Streams, so the deleted markers will disappear on movement from machine to machine.  4 years in the field, has this been a problem?  Nope.  

I have asked the Citrix UPM team to maintain Streams on copy of the user profile content to/from central store which is a bit of a curiosity because it is different behavior than Roaming Profiles.   I'm not sure if it occurs yet and not even sure if they will actually implement the change.  Why?  Fundamentally, the ADS streams haven't been missed yet, they will likely be missed less in the future; except for all them MAC users.  Stick with me.

What file systems support ADS Streams?

Excellent question!  The answer is "NTFS".  The Mac file system REQUIRES streams, but we rarely get the mac file system as the foundation of a Windows machine.  FAT32 definitely doesn't support streams and I'm not sure about CDFS.

Since deleted file markers are needed for isolation processing, the Application Streaming file system code restricts it's filtering to only NTFS disk volumes.  In some ways, this is a plus.  You don't want to isolate USB drives and these tend to be FAT32, so they don't get isolated.  But, the FSFD knows the USB drive is "removable" and it assumes all removable media is for "data", so it doesn't mess with it.  In this way, the NTFS restriction actually gets in the way a bit.  Note: you can convince the FSFD to look at the USB drive as I outlined here.

What about more elaborate file systems?

Some customers have enterprise storage which is network based, but appears to the execution machine as local.  These disk volumes COULD be NTFS, but often they have a custom file system.  Do these support NTFS style ADS streams?  Answer: It depends.  Let's say they don't.  How to solve...  Answer: Convert the representation of "deleted files" from ADS Stream to something a bit more common.  Has this happened? Nope.  Is it really necessary?  I'm not sure.  Experience of the last few years says it is rare enough that the failure case probably won't come up.  With this wide post though, something tells me someone is going to say: "I've seen the failure case".

In a follow up post, I'll describe how the registry "deleted" markers are implemented.

Enjoy.

Joe Nord

Product Architect - Application Streaming

Citrix Systems

Well I was coached by our resident Blog Expert (thanks Vinny) to make sure I publish my picture with my blog so here it is... now you know who the face is behind the Cloud rantings!

I know we announced this in a press release and we also have plenty of marketing fodder on our web site around the Citrix Service Provider Program, but just in case we haven't made it explicitly clear... if you are a Hosting Service Provider and you want to increase your revenues with more applications and decrease your costs by saving CPU and Memory and you want to better manage your server farms... all you have to do is sign up and you will have access to the most prolific applications delivery system on the planet.

In fact I'll go one step further and let you know that if you plan to attend the Microsoft Worldwide Partner Conference I will personally be there to talk to you about the program!  All you have to do is to email me or meet me at the Microsoft Software + Services booth... in fact you should probably do both.  We have distributors who would love to meet you as well and get you started in this exciting program.

We are at the dawning of a new day and you who are hosting partners know that this market is about to explode.  I've jotted down just a couple of reasons why you would want to make Citrix your delivery center partner....

• No upfront commitments or start-up costs
• Flexible active subscriber pricing model
• Access to the most current product versions
• Use rights protection for all products
• Guaranteed pricing stability

So here's the "duh" question of the day... If you host applications or services to other businesses why would you not use Citrix as your preferred platform?

As the Cloud evolves, critical technology enhancements will also have to evolve to meet the challenge regarding mass delivery of applications or applications/software as a service.

In phase II, Enterprises will continue to expand the use of Cloud Computing through their own Private Clouds and the continuing extension of data centers to the larger cloud providers.  This will require Cloud providers to enhance their storage and application delivery models and provide a seamless provisioning scheme for both server farm management and end user subscriptions.  Citrix is aiding this evolution by providing a testing ground for service providers and enterprises alike to begin proof of concept work for Cloud integration.

During this phase, Tier 1 managed service providers (MSPs) will also enter the space using the Tier 2 MSPs as proving grounds through white label offerings.  Tier 2 MSPs will need the ability to provide multitenancy by managing multiple server farms both on premise and off.  Tier 2 MSPs will also have to grapple with the integration of back office billing to the large service provider Operations (OSS) and Billing (BSS) systems.

Deutsche Telekom through its Managed Services group, T-Systems, has already begun to develop this market approach.  Note that the Cloud will be used in this phase to continue expansive growth of existing data centers and not to displace them entirely either in the MSP or the Enterprise.  As with Phase I, the Cloud Bridge is the essential component to provide integration between the Cloud Center and Enterprise or MSP data centers.

How do you add FTAs to profiled applications that the installer forgot to install?  Answer: There are a few steps.

This has been on my list to Blog about for a while, just haven't gotten around to writing about it, mostly because  I hadn't had a chance to verify the solution would actually work.  Conveniently, Karl Muller of I-Access took care of the trial for me, and it worked, so here's the solution.  Thanks Karl.

Review

Backup a couple steps... "FTA what!"

When an application installs, it writes entries to the machine to establish associations between file extensions (multiple) and programs (single).  Each file type definition also includes a reference to the ICON that goes with the extension. This is what Windows Explorer uses to show you icons that looks like MS Word for file's that end in .docx.  

The Streaming Profiler runs the installation program under isolation and blocks the installers attempt to set FTAs on the true machine.  As part of post processing, the profiler examines all the FTA entries that the installation program TRIED to create and for each of these, creates corresponding FTA entries in the streaming profile XML data - you can see them in the .profile file, if copy to .xml and view with web browser.  Easier, just look at the properties of applications captured during profiling and ask to see the FTAs.  Yes, that's much easier.

The Access Management Console (XenApp publishing console) reads the profile information and gets a list of all the captured FTAs.  It makes these AVAILABLE for association with applications that you publish.  The default is that no FTA will be associated with the published application, so as an admin, you have to go to direct action to establish the FTA by clicking on boxes.

BUT - There's a catch, you can only establish FTA reference for the FTAs that were captured by the streaming profiler.

Say you know that .DOC9 (.DOC and the number nine), is SUPPOSED to be associated with MS Word, but you note that the installation program seems to have left that one out, or that the streaming profiler seems to have missed this one.  Let's focus on the first one.  You have an extra FTA that is SUPPOSED to be associated that seems to be missing from the list.  How do you add an extra FTA?

Option 1: Streaming Profiler, application properties, FTAs, Add

Option 2: In the Access Management Console, application properties, FTAs, Add 

Both options above would be GREAT, if only they worked.  They are both READ-ONLY.  You can see the FTAs, but you can't add a new one.  
The solution...

FTA must be captured during profiling

When profiling, tell the profiler that you want to launch an installer, it will prompt you for the path and name of the installation program, tell it "CMD".  When launch the installer, you will get a command prompt running that is running inside of isolation.  Two commands are needed at the command prompt to establish an FTA.

• assoc .doc9=Word.Document.12
• ftype Word.Document.12

If the ftype is already in place, you're done.  If not,

• ftype Word.Document.12="C:\Program Files\Microsoft Office\Office12\WINWORD.exe" /n /dde
• exit

Now, let the streaming profiler do it's thing to see what the "installer" did and it will discover a new FTA for the .doc9.  Save the profile and return to the Access Management Console.

Publishing

In the AMC, publish a new application, point it at the profile and it will see the FTA that you added.  EASY!

There's a catch

There is always a catch.  The catch here is that the FTA will exist only for new application that you publish.  Applications that you have already published have already had the FTA data sucked out of the streaming profile and placed into the XenApp publishing infrastructure.  The AMC will not "pick up" or automatically update the applications to reflect changes to the profile, so the FTAs won't exist.  If you need that FTA added to an application that is already published, it is necessary to delete the application and republish it. 

The other solution

Not recommended, but you can accomplish the same thing by hand editing the XML data in the streaming profile and saving.  This isn't the RECOMMENDED answer, but just between all of us, it will work.

Joe Nord 

I was in Stockholm last week delivering a message on Cloud Computing.  During my visit Paul Dobson (our EMEA Marcom Manager) and I had an interesting encounter with the Editor of CIO magazine (Swedish edition).  It was a bit strange in that I found myself interviewing her instead of the other way around.  I figured if anyone had a pulse on the industry from a CIOs perspective it might be the people who take the time to write about them.  The one question that stands out to me during the conversation we had regarding Software as a Service and Cloud Computing was, "If you take Cloud Computing to its natural end state, is this the beginning of the end for CIOs as we know them today?"

Why is this question so pertinent? Because those companies who sell SaaS today are most accomplished because they sell around the IT organization, not necessarily through it.  Why is Salesforce.com so successful?  Is it because it has such a simple to use interface or the consolidation of information or the fact that the entire sales process from lead generation to customer management is all in one portal based package?  Or is it because the end user doesn't want to rely on the age old process of building a system based on arcane IT practices that often carry with it unbelievable cycle times for deployment.  Has IT really become obsolete and those of us in the industry are just afraid to admit it?

While I was in Europe I got the opportunity to speak with many companies from all sorts of market verticals.  Small municipalities, large government, manufacturers, developers and education to name a few.  What surprised me the most in these conversations was the general lack of understanding regarding the virtualization of applications.  There seemed to be a good understanding of server virtualization but the virtualization of applications was not well understood. So I began to ponder what the future might hold in regards to how information technology is done today and how the Cloud might affect it in the future.

Combined with the research we completed for the delivery of our Citrix Service Provider program for the SMB and this anecdotal information from IT managers in the field I noticed a trend.  When a company gets to be about 100 people it starts to understand the need for IT based on organic growth of the PCs and shrink-wrap software yielding an unwieldy system of Post-It notes, IT consultants and two or three general knowledge software application "experts" within the company. An IT manager is typically hired only after the need is so great that a single individual can't handle the work load.  And so the vicious cycle begins. 

The first IT manager is hired into a chaotic environment that is already understaffed and over budget.  As the company grows so do the needs of IT yet there never seems to be enough people to do the job and legacy systems continue to grow to keep the business growing without regard to a systematic approach to providing text book Information Technology.  CIOs are trained in this environment and as their career progresses they inherit the same problems at larger companies only on a bigger scale.  Over and over again this process repeats itself until the entire system begins to collapse from its own legacy operational weight.  The current economic conditions, although tough to stomach, have created a forcing function for CIOs and IT managers using this paradigm... change the way you do business or else.

Maybe I'm over simplifying this, but it seems to me there are only two ways to effectively "change" the way IT is done.  The first is to outsource everything in the data center including the delivery of applications utilizing web based technology.  The other is to virtualize the applications and the server farms to provide a much more efficient way to operate.  And maybe as the Cloud becomes more secure and seamless a combination of the two.  So why is there so much resistance to either or both of these approaches?

Is the Cloud the beginning of the end for CIOs?  I'm not really sure we can say today because it hasn't evolved yet.  But one thing is for sure, doing business the same old way just won't be tolerated any longer, either from the standpoint of the CFO or from the end user.  And the Editor of CIO didn't seem to have an answer either. 

What still blows me away is the lack of planning and strategic thinking around the development of a private cloud that takes all of this into consideration.  I can probably count on two hands the companies who seem to be seriously looking at a Systems approach to application delivery and information technology in general.

Why is this?

Twitter

We've recently announced a cool new feature for XenApp, called Power and Capacity Management (PCM). Here's a video demonstrating PCM in action:

Architectural Overview

Power and Capacity Management uses an agent/manager architecture. The agent is installed at all XenApp servers you wish to power manage. The manager - called the Concentrator - is responsible for monitoring, storing data, and issuing power operations to the agents. The Tech Preview doesn't have high-availability implemented yet, so you should install only one concentrator. In the final version you can have multiple concentrators to enable high availability. Another thing to note is that we've decided to implement Power and Capacity Management outside of XenApp IMA (Independent Management Architecture) partially because we wanted PCM to manage multiple XenApp farms. You can install the PCM concentrator alongside your Data Collectors if you only want to manage a single farm.

Installation and Communications

During agent installation, you will be asked for a farm and workload name. The concentrator manages a single Power and Capacity Management farm - note that this is not the XenApp IMA farm name, it's just a namespace for PCM. This setting is stored at HKLM:/Software/Policies/Citrix/XenAppPCM, which is good if you want to install the agent using dummy data and then use an ADM/X file and Group Policies to manage this setting across multiple XenApp servers later on. We plan on integrating this configuration into the XenApp configuration interface and SDK's as well.

The other configuration setting for the agent is the workload name. This represents a server silo or group. All configuration for Power and Capacity Management is related to a workload, so you want to make sure all XenApp servers in the same workload have similar or even identical configuration. You can also define tiers of servers within a workload, telling PCM which servers should be powered on first, and which ones to power on only when necessary.

Once you install the agent on your target XenApp server(s), it will register with the concentrator and its defined workload group will automatically appear in the PCM console. This is possible because the concentrator creates a Service Connection Point (SCP) under the computer Active Directory (AD) account during installation. This is done using the computer network account, so no special AD authority is required. The agent queries AD for these SCP to find the its concentrators. Since all PCM communications are Windows Communication Foundation (WCF)-based, all power-managed XenApp servers computers must be in the same domain as the concentrator that is controlling the farm they are joined to.

Configuration

Before Power and Capacity Management can manage the servers you've added to the workload, you need to enter the server capacity and policy schedule. The server capacity is related to the Load Evaluator, but they don't have to be the same. You will enter how many sessions are expected for each "hardware specification" in the workload. The hardware specification is automatically displayed when the agent registers, you just have to enter the capacity value. This setting is used to calculate the "session buffer", i.e., how many new sessions are currently available on the workload. If you under-estimate this number, then PCM will start more servers than necessary. If you over-estimate this number, PCM may not realize that the workload is running out of capacity. The Tech Preview version requires this manual configuration, at product release we plan to introduce some automatic adjustments to simplify this configuration.

The last piece of configuration is to define a policy schedule. You will enter the policy configuration and how it will vary during the day and throughout the week. The policy defines the minimum number of servers that must be online and how many spare sessions to maintain. Spare sessions are calculated as the difference of the workload server capacity and the number of connected sessions. Spare sessions are a buffer of capacity. The higher the number, the more idle capacity you will have on your servers. this is good when you have a very active user base or during times when many users login very rapidly. The lower the number the less idle capacity you will have. Setting the number too low may result in reduced performance or response while users wait for additional capacity to power on.

That's it! Now select the workload and "Enable Power Management" and PCM will start enforcing the policy schedule. You might notice that some servers power down immediately. That is normal operation if the current policy settings require less capacity than what is currently powered on.

Stay tuned for more posts from me on Power and Capacity Management. In the coming days and weeks, I'll go in depth on more advanced features like load consolidation, SDK's and some interesting possibilities that are afforded to us and that we are considering developing with PCM.

Download the technology preview of power and capacity management at the XenApp Technology Preview Center. Also, stay updated by following XenApp on Twitter.

Follow me on Twitter: http://www.twitter.com/jmaldaner

Part 2

In our last installment of this series, I touched on the paradigm of the BYOC (Bring Your Own Computer) concept. In many cases, this concept can scare the IT departments of the world because it is giving some very important control back to the user because the user decides on the equipment and the software they will use.

In the old realm of IT:

The technicians and/or the respective departments owned the actual hardware and software. Hardware ownership can be a double-edged sword. Yes, the department has the control of standardization to help with supporting the machines, but the company is now responsible for the actual financial asset, , spare parts, book keeping, and "end-of-life-ing" the machines when they are old or fail. Some may see this as a small item and I may agree there, but there is a disadvantage to this scenario.

Support costs money:

Each time a user submits a trouble ticket for hardware issues, it has a fee attached to it. Every time a technician attends to hardware troubleshooting, it has a fee attached to it. Service agreements with hardware vendors has a big fee attached to it.

We (IT) are in the business of saving the company money, right? If IT is busy supporting the hardware, when will IT get cycles to innovate, optimize, and simplify other processes and procedures (a.k.a. save money)?

In the BYOC world:

Users OWN the laptop and the support agreements for the hardware and OS's themselves. When the user obtains the laptop, they would get the three year support agreement (like AppleCare). When a user has an issue, they call the vendor to troubleshoot the hardware and/or OS. If there is a problem, the user sends the laptop off to the manufacture for repair (or brings it to a local repair depot). If the customer has to send in or leave the laptop, IT can help in this case with a loaner pool during the down time. IT would only need a small loaner pool for this support. This saves IT cycles and IT money over the spectrum of a whole company because they are not being billed for service calls, contracts for support, or personnel hours. Saving support dollars and support time is a major part of the BYOC concept. Thus, making the bean counters happier

What IT would own:

IT would own the corporate software (MicroSoft Office, SAP, etc.). IT would own the security of those applications and any data that is being accessed and stored via those applications. With Citrix XenApp, all of the company software resides on the XenApp servers. This ensures the license compliance is in IT's control and the updates, patches, and administration is under IT's control. XenApp does not care about hardware vendor, OS (Macintosh, Windows, Linux), or connection. If the user wants software locally installed (not via XenApp), the user would purchase the software, install it, and support themselves without IT support. Some users may want this option, but the number is not large. The users usually like having the software support that IT provides.

It is all about having a choice for today's tech-savvy workers!

At Citrix, we leverage our partnerships and vendors to offer employee discounts on certain software, but this method is not imperative for a BYOC program to work since the user still has access to these applications via XenApp.

Of course there are a couple of other AWESOME Citrix solutions that can be implemented in the BYOC world and we will talk about those in future installments of this series.

Citrix TV folks have made me look really good!  Here's a link to a 9 minute video where I go through the "layers of glass" in application isolation and the fundamentals of how Application Streaming works.  The video outlines the XenApp 5.0 new capabilities for HTTP based streaming and provides guidance on wide area network architecture including Branch Repeater usage to eliminate the Application Hubs at each branch office.

I have previously blogged about the layers of glass, here, and with inter isolation communication added, here.

This video is better.

Joe Nord