The streaming profiler defines IIC profiles as either "associated" or "dependent".  These are fancy words which translate into, is it "just links", or does it have an installation image of its own?

For background, refer to this recent post on the layers of glass for Inter-Isolation Communication.  This shows how the isolation system creates an N-Layer isolation environment based on a collection of separate profiles.  What was not mentioned is that this also occurs during PROFILING.

Consider that you have a big profile and want to attach a small application to it.  Let's call the big one MS Office and the small one, YouSendIt.  No, I haven't tested this, I just needed a small office plugin that is requires installation "on top of" an existing MS office installation. 

The grand question: how do you separately profile MS Office and YouSendIt if you can't install the second app without the first already being installed?

Answer:  You create a DEPENDENT profile and you MOUNT the big profile before installing the app.  This happens at this screen in the streaming profiler.  Observe the red-circle...

 
In the "unchecked" form, the profiler is creating a dependent profile and will give you an opportunity to "run an installer", which ultimatley means that this profile gets its own layer in the isolation stack.  If the circled box is checked, then the profile is an "associated" profile meaning that it is only LINKS. 

First, consider "just links"
Notice that a "just links" example has no installation image for the associate profile.  The profile merely defines that the streaming client should IIC connect other existing profiles at runtime and make available for publishing, all of the applications of both A and B.

Back to dependent profile example

During profiling, the streaming profiler "mounts" all of the sub-profiles (A and B as below) that are defined as part of the new profile being created.  What the installer sees is a merged view of the sub-profiles and an installation target being created on the top. This highest target is "writable" at profiling and there is no per-user space during profiling. 

When "installing", YouSendIt will modify stuff on the machine including potentially also in the MS Office installation space.  In all of these, the isolation system prevents those writes from hurting the sub-profiles and stores the written-to stuff into the highest level of the isolation stack.  When done, the streaming profiler collects the "changed" stuff and stores this as the isolation target that is part of this new profile.

The end answer is a profile, called "MS Office with YouSendIt", which is a "link" to the big MS Office profile plus a true installation image (target) for the installation of YouSendIt.  At runtime, this is what the streaming client sets up to run the application.

The profiler can also adjust the relative position of the linked profiles (in blue above) via the move up and move down buttons on the sub-profile selection panel. 

Joe Nord

I have previously written about inter-isolation communication and how it can be used to minimize the application maintenance for isolated applications.  That is, to retain the advantages of isolation while getting maintenane of isolated applications back on-par with maintenance of locally installed applications.  I have also written about the layers of glass which make the isolation possible.  The previous discussion of the layers of glass ignored IIC.  This post combines the layers of glass with IIC to show how IIC happens and how this allows separate maintenance of the various installation images that are run under isolation.

Refresher on Inter Isolation Communication

If you have multiple big applications, all of which also need the use of a small application, running under isolation says that you have to install the small application into each of the "big" applications.  If you later decide to update "small" application, then you have to update small application in ALL of the using profiles. 

Compare that to a local machine installation where one installation of the small application effects all of the big applications.  That is handy, but it is also something that isolation systems try to avoid.  In a "completely isolated" world (Streaming Clients before XenApp 5.0/Streaming Client 1.2), the only choice was to install the small application into each of the big profiles.  You could put the small application outside of isolation and have it visible to all the big apps, but stick with me on the concept.  You want the small application (lets call it Adobe Reader) usable to each of the big applications, but you don't want anything installed on the local machine. 

Without IIC, you have to install Adobe Reader into each of the "big" profiles and this creates a situation where isolation produces MORE maintenance than does installing the applications locally.  Sure the local install case has opportunity for the apps to crater each other, but you still only have to install it once.  Generally, it is the "big apps" that are colliding with each other and this maintenance of the small applications becomes an isolation headache.

IIC gets isolated execution and locally installed back on the same "maintenance footprint".  With IIC, you have ONE place to maitain the small application and updates applied to the single small application image automatically fold into the big applications at runtime.  PRETTY COOL STUFF!

How does it work

When having this as a goal, we considered a complex scheme to open COM and other communication holes in isolation spaces so that applications in different sandboxes can communicate across the sandboxes; honest to goodness INTER-isolation communication.  This becomes pretty complex when you consider how to define holes that should leak through and how to define where that should not occur.  You would also also wonder what you missed.

We cheated

Instead of defining complex communication between isolation spaces, we wrapped the SEPARATE isolation spaces into a single isolation space.   Now, you have separate MAINTENANCE of the "big" and "small" profiles, but they are runtime combined into a single image.  Notice that this eliminates all the complex stuff of defining holes between isolation spaces, because in reality, all the apps are running in the same isolation space; but they are separately maintined.

This decision requires an assumption that big-app and small-app already get along.  A safe assumption as millions of locally installed instalations already confirm that for the most part, these TWO applications get along.  We still want them separate from other applications and separate from the local machine, but as far as these applications go, we already know that they get along.

In many ways, this is moving the isolation bar to the left.  If right means isolate everything and left means isolate nothing, then the early isolation system was all the way on the right.  IIC moves it a bit back to the left, but in a measured manner that produces a good outcome at a reasonable cost.

Layers of glass

The classic layers of glass view shows 3 layers.  Here's a diagram along with graphics that show how the bottom two layers are actually shared across all the users on the machine. 
 IIC takes this to new depths!

There are really N layers of glass.  The parts in dark gray above which are marked Installation/Execution image are really deeper than 1 layer.   Each of the profiles that is part of an IIC profile provides 1 layer of the "installation root".  Here's a graphic.
 
Position matters!

I usuall title this "DLL Hell is back!".  When viewed from above, the application sees the world through the mask of the layers between it and the real machine.  Each layer can add or DELETE registry and file system content and the layer at the top (the per-user layer) wins!  Beneath it, the top installation image wins in preference to the lower layers.  To avoid this, the Streaming Profiler allows the administrator to define the order of the layers of glass.  This is subtle, but occasionally it is important.  You'll see "move up" and "move down" buttons in the profiler panel that lets you select existing profiles to be made part of this new profile.  The sub-profile at the top is the one that is highest in the layers of glass.

Generally speaking, the order of the installation images in an IIC profile doesn't matter because any applications that the admin is putting together likely already work cleanly together.  The profiler UI is really there to accomodate the exception case.  The admin could just as easily cure the collision by deleting the offending content from all but one of the layers.  The one remaining will "shine through" all of the higher levels which do not have that same content.  Its still good to make it adjustable. 

Making it adjustable also lets the admin put the "biggest" at the top.  Sometimes this isn't possible, but if it is, putting the biggest at the top should provide more efficient execution as the isolation system will find things earlier.  It starts at the top and works it's way down and if it finds things sooner, it runs faster.

There is no theoretical limit to the number of layers.  Anything beyond 5 starts to seem busted in concept, but the isolation system has no inherrent limits to the number of layers.

Joe Nord

Citrix Systems

In reference to hosting applications in this new Cloud world I recently heard from a guy I admire and respect, "We've been here before and all that came out of this was a bunch of hype." When we consider what happened to the Application Service Providers in 2000 that is a fair assessment. So the million dollar question(s) today is who is making money hosting applications, what applications are they using and who are they selling these subscriptions to?

The answer is a bit complex because hosting service providers come in many shapes and sizes. However, if we only take into consideration those service providers who are actually charging for application delivery (subscription of applications) and not outsourcing companies who are mainly infrastructure providers, we can distill the market down to just a few distinct categories. The chart below is a depiction of the types of applications most subscribed to in this emerging space.

Human Resource Management Systems, Collaboration and Communications, Customer Relationship Management and Content Management Systems top the list of applications being delivered via hosting among Small and Medium Businesses (SMB). When we look at the practical application of these services, there is a business reason for why this is happening. 

Smaller companies do not have the capacity for overhead related to support functions within Human Resources such as Payroll, Talent Management, Employee Review processes, etc.  It makes absolute sense that these services would be either completely outsourced or applications hosted that perform the needed function. 

In order to cut the cost of expense items such as travel, Collaboration and Conferencing using the Internet and hosted applications is a sure fired way to accomplish this.  I've got to plug Citrix Online here... some say the 3^rd largest SaaS concern in the world for this category.  Corporate email is a good fit in this category as well.  There are currently over one hundred million unmanaged electronic mailboxes worldwide today and using email that has no business continuity is dangerous and unprofessional.  SMBs use hosted business email such as Microsoft Exchange to mitigate this issue.

Customer Relationship Management services shouldn't be a surprise to anyone with the success of Saleforce.com.  But there are many CRM packages used in this space.  Using a product like XenApp to virtualize applications opens the door to products typically used in the Enterprise but can now be scaled to operate in the larger Internet cloud.  Citrix has customers today who (internally) host CRM software using XenApp to thousands of end points in remote locations worldwide.

Content Management Systems may be a bit of a surprise for some.  However, document management and workflow is a critical need especially in market verticals such as Healthcare (HIPAA) and Finance (SOX).  When requirements of this magnitude are levied on the SMB the overhead can be overwhelming.  So the IT management of a system like this is a burden not many SMBs are willing to bear.  Application hosting is a cost effective alternative.  I recently spoke to an ISV in this space who started selling his application to SMBs in the insurance industry.  It became unmanageable to scale his business so he started to host the application 8 years ago.  Now he has 12,000 SMBs using the software.

Order Management, Enterprise Relationship Planning, Web 2.0 applications and Supply Chain Management round out the list.  And there it is... the applications making the most impact and therefore the most revenue in the SaaS space among SMBs. 

What if business productivity applications such as Microsoft Office could be offered up through the Internet (Cloud)?  Service providers who have tried this before might say that this is impossible because Office wasn't designed to be hosted... but what if you could do it using a platform that could make Office run as though it were local?  Wouldn't that be great?  Citrix has the technology and the products to accomplish this and my guess is it won't be long until service providers (in 2009) actually use it to host these types of applications.

Here's another surprise.  In an economy that is shrinking in virtually every other aspect of IT, applications hosting is still growing.  What are you waiting for?

Twitter

Application Streaming executes applications whose names and icons are listed in a PROFILE.  The streaming system uses the contents of an execution TARGET to run the application.   I have previously written about this separation of publishing data from execution data and how it lets a single profile support multiple execution environments.  For example, only one set of icons are published even if the execution platforms will be for 32 and 64 bit systems; which have different execution images (targets).

As the Targets mature, their version number increments.  Users who have the application up "now" keep using the old version and users who freshly launch the application get the latest version published.  Lots of details on this in this post, RADE => Rapid Application DElivery. This is what allows the application to be updated HOT. 

What is often glossed over is that it is a one way movement! 

If your users are happily running on version "3" and your update the profile (Target) to get it to version "4", your users will be moved up to version 4 the next time they run the application.  

What if version 4 is "BAD"?

Officially, there is no way to "go back".  The original developers of Application Streaming failed to implement "rollback".  I was there, so first rule - everything is my fault.  Just for the record though, I jumped up and down, screamed and held my breath to force the issue - and still lost.  The idea was that even if you roll the targets back, there are other items to consider such as profile level changes that affect the targets; can you roll everything back?

Target Rollback is not implemented in the profiler GUI, but it can be manually achieved.

The profile and all of its targets are stored in a directory on the file/web server which is also known as the Application Hub.  The top level file is filename.profile which is an XML formatted file, which is the keys to the kingdom for all of the other files for the profile and all of the files of each of the execution targets.  The targets are stored inside of a CAB file, for easy transport and to provide an atomic test of "deployed" or "not deployed".  The naming of the targets is GUID_v.cab and the definition of which GUID goes for which Target is present in the profile XML data, which is stored inside the .profile.

This question has come up before.  Here's a forum post that talks about it.

I summarize it to these steps

• Copy filename.profile to filename.xml
• Favoriate XML editor, edit filename.xml (I use Visual SlickEdit).
• Tools menu, beautify, enter, enter (this is why edited as XML - syntax assist editing).
• Search for "<Ver>" 
• Change the integer that is there to be the smaller number that you're after
• Save
• copy filename.xml filename.profile
• Rollback is complete!
• No need to erase the "newer" CAB file - it may still be supporting users who are using the "BAD" version.

Things are mostly as they were and your life and users are now happy!

Immediately, new executions of applications from that profile will use the "older" Target. 

NOW - What won't work?

The editing that you did - which caused it to not work - is gone.  That TARGET will be overwritten on the next save of that target inside the streaming profiler.  So far, nothing will occur that seems bad.  But, if you managed to edit the target fast enough, you could replace the already in use GUID_version.cab and this could heavily confuse your user community.  For purposes of rollback, I assume that the user community are already standing in your office and will understand when you tell them close the app and launch it again.  There could be some "left overs" in the users Cache which would be different than the next time they run that same version of the same target.  Hey, it could happen - but it is really unlikely.

More stuff that can go wrong...

IF you edited the profile and stored SCRIPTS at the PROFILE level, then these scripts are GLOBAL to all of the Targets in the profile.  IF the Target is set to "inherit profile level scripts", then the new scripts will apply even if you rollback the target.  Good news here, the scripts at profile level are stored in a directory on the network server (Application Hub) where you can replace them - don't tell anyone I said to do this.  You will also then have to force the scripts to be re-downloaded onto the execution machines after the update.  More discussion on that here.

What really won't work?  DIGITAL SIGNATURES!

If your profile is "digitally signed", then by changing the profile data, you have invalidated the signature and the streaming client will do its job and declare the end of the universe and otherwise refuse to run the application. The streaming profiler will (or at least probably will) allow you to load the invalid profile, fix it and save it back to get signatures in place again.

For people going "digital what", the application streaming system uses SHA1 hashes of every file in the profile, every file in every target and an overall digital signature of the profile XML data to authenticate that the streaming content is from an approved source, e.g. you.  This is optional, so if you're not doing it, no worries. 

It is also possible that Pre-Deploy could get confused - thinking it has the latest version when it doesn't.  The good news is that once you update it again, the later version will be "new" and will be brought to the execution machine.  If you're only using stream to server, this doesn't really apply to you because deploy isn't normally used unless you're taking the application offline.

Summary

The fast majority of the time, target rollback will work just fine.  The most common reason for rollback is that an application update was applied - and it made things worse, not better.  So, providing a means to rollback the application image achieves what the admin wants; albeit with a few things to keep an eye on.  It's not in the profiler GUI, maybe it will be some day.  Until then, the needed function can be achieved.

Enjoy.

Joe Nord

There are a lot of things to do in Vegas, such as seeing a show, riding a roller coaster and of course, becoming a high roller; however, none of them come with a guarantee that you will go home with something more valuable than you arrived with. At Citrix Synergy, not only will you leave with new and/or renewed connections with other professionals in the industry and at Citrix, but you will leave with knowledge that will deliver more value to your company and to you as an individual.

Sure, there are multiple valuable conferences within a conference at Synergy (iForum, Network World Live! and Virtualization Congress) but my personal favorite is GeekSpeak Live!  If you haven't seen or attended a GeekSpeak session (examples Shawn at Synergy  and Michael with GeekSpeak Roadtrip!) , you need to check this out. These sessions are where true unfiltered technical interactive discussions occur, many sessions are led by Citrix CTPs such as Charles Aunger , Ruben Spruijt  & Jeroen van de Camp, and Brian Madden and many more, but you also have the ability to lead and/or change a discussion topic on the fly.

This year we have expanded GeekSpeak Live to not only include our traditional evening sessions, but we also have the GeekSpeak SpeakEasy sessions on the exhibit floor and we have woven GeekSpeak session through the traditional conference tracks as well.

As we get closer and closer to Citrix Synergy, I will be posting more information about our GeekSpeak sessions and presenters. Please feel free to leave a comment on this blog, check out the GeekSpeak forum or drop me an email if you are interested in a topic or being a GeekSpeak session lead.

Before I go, I wanted to share a discussion I had with a Citrix Synergy attendee. The discussion started regarding the GeekSpeak session, but quickly transitioned to "I am planning to attend, but my boss/finance team is really leery of spending on technology conferences (especially in Vegas), given the negative press that AIG and others in the industry have gotten regarding conferences. Do you have any advice for me?"

We at Citrix are completely aware budget constraints and have pulled together some information on the topic for you. The fact is that from a cost perspective, Vegas is a value compared to other cities hosting technology events Vegas is 20%-60% cheaper from an attendee perspective. With the data we provided, she was able to assure her management that Citrix Synergy was not a boondoggle!

I look forward to seeing you at Citrix Synergy and Geekspeak Live! , perhaps the one time that "What happens in Vegas, stays in Vegas" isn't true!

About once a week, I am asked "how do you start streamed applications directly"; that is, without using the standard publishing infrastructure.  This post describes how to do it, where it works and where it doesn't.

The quick version:

• Can you do it?  Yes. 
• Does it work? Sortof.

The second part above is the part that has kept me from promoting this as a concept.  That said, I'm not the first to bring up the idea, or at least to publicly talk about it.  Jeroen van de Kamp included information similar to this during his BriForum pitch, Chicago, June 2008.  I was there.  Being the App Streaming "Citrix-guy", some folks in the audience thought I would be bothered by the idea of Jeroen discussing how to bypass the Citrix publishing system.  I wasn't bothered at all - the puzzled look on my face was amazement that his presented method actually worked!  Read the rest of this and you'll understand why I was puzzled. Short version, the demo should have gone down in flames!  But it succeeded.

First, some history on how applications are launched.  Lots of components: PNAgent, Web Interface, Internet Explorer/Firefox plugins and the streaming client.  I have written about this application launch activity before.  The important part is that everything comes down to a little program, raderun.exe, who throws the launch request over the wall to the Application Streaming service that does the work.

RadeRun is to streaming what WFCRun32 is for hosted applications.

wfcrun32 takes an .ICA file as a parameter, establishes a communication link to a XenApp server where the application is executed.  RadeRun takes a .RAD file as a parameter, establishes a link to the streaming service, where the application is executed.  

To get the parameters for raderun, run it with no parameters and a help screen will be displayed.  This isn't usually shown to users or admins, so the form of the help is a bit rugged, but the needed information is displayed in a message box along with an alarm sound that triggers and scares me every time I run it, but I have disgressed.

How to launch applications without publishing

Jeroen hadn't invented anything mysterious; he had resurrected the old!  The actual parameters and method he used to kick off the application was slightly different than the method I'll show later in this post, but the concept is the same.  Immediately at the demo, I was intrigued because I thought his alternate parameters had overcome a limitation that I didn't know how to get past.  Having the benefit of the ultimate documentation (source code), when I came back to the office I took the demo apart line by line and ... still concluded that it shouldn't work.

Some history...

When Application Streaming was first being developed, RadeRun was all there was.  There was no publihsing infrastructure and none of the important components in XenApp knew anything about "streaming".  Everything was developed in parallel.  The streaming team needed to launch applications to test the isolation and caching systems, but all they had was RadeRun.  At this point in time, raderun with parameters works great!

Time goes on, programmers working the Access Management Console, IMA, Web Interface, PNAgent, Internet Explorer and Firefox plugins all teach their code about application streaming and all of a sudden, RadeRun isn't the only way anymore.  Worse than "not the only way", when the product goes out the door, the standalone executable method doesn't work anymore.  We know it doesn't and can all remember when it did, but no longer matters because the correct methods are in place. 

The loss of function happened as the infrastructure grew.  Why?  One of the things added was the central management of applications running stream to client.  The Access Management Console can DISPLAY information on what applications are in active use, by any given user and a variety of other information.  This happens only for stream to client for online execution.  For offline, you take the app with you, so the "its running now" information isn't useful for much because there is no way to send it home.  Here, you get "Joe has this app available for offline use".   For server side, none of this applies, the hosted session has its own monitoring and the streaming client skips all of this.   This works out to be important for the view of this post.  Server side, the limitations I'm talking about do not apply. 

This makes the "does it work" question posted at the front of this post have an answer of "yes, server side".

Back to the online stream to client discussion.  When the launch activity starts, the XenApp host infrastructure generates a launch ticket for the streaming client.  This is provided to the client as part of the launch processing.  Let me reword, that, the launch ticket is provided to RadeRun as a parameter.  The streaming cleint does its stuff and eventually tells the central infrastructure that the launch for this app has proceeded good and is about to succeed.   In the normal case, the publishing infrastructure responds, "great, good to hear it".

If the launch ticket is "unknown, invalid or blank", the publishing system responds "who?".  And the application launch unravels.  Now, you would EXPECT that the streaming client gets this unexpected response and then ... PUSHES ON.  Instead, it displays an error message close to this: "The Web Interface returned an unspecified error".  Then, it aborts the launch.  Technically, the launch is aborted in parallel to the message box, so by the time you see the error, its too late to ask the debugger what happened.  Bummer.

BUT IT WORKS
Here's the rub.  I saw Jeroen's demo and it worked.  I have myself done it hundreds of times because when testing the streaming client, I often like to skip all the publishing steps - it really saves alot of time! 

But, I know that the code says it shouldn't work -- but it does.  My experience is that it works about 90% of the time and works most-often when the streaming client has already run a successful application, recently.  If it doesn't work 100% of the time, it isn't a good solution, so I've avoided bringing it up.

But I still get inquiries

Customers want it to work this way so they can engage all kinds of really valid scenarios. 

When does it fail?  First thing in the morning, it tends to fail.  Launch email program or any other really published application successfully, then non-published launches start working and you can't make it fail again.  I have no explaination for the success and I have studied it.  The fact that it is sporadic makes it harder to track down and correct, but it would appear that the client is caching a recent success case and using that to say "good enough", push on and have it work.  Bla bla bla - not good enough.

What to conclude: I want it to work and you can accept this as a heads up that it might start working better in a future release.  No promises though - notice that since BriForum in June, there have been TWO streaming client releases and we haven't changed the behavior yet. 

Enough on the "history", here's example batch file on how to do it.  For this example, I profiled TextPad and stored the profile to the C:\PACK directory on the local machine hard disk.
Batch file to start the application

start "" "C:\Program Files\Citrix\Streaming Client\RadeRun.exe" /package:"c:\pack\textpad\textpad.profile" /app:"Textpad"

The supporting .RAD file

[RADE]
PackageLocation=c:\pack\textpad\textpad.profile
InitialApp=Textpad

Run the bat file, and textpad comes up running inside of isolation; no publishing required.

I hope this is useful.  Sometimes I don't know if it helps to know things to this level of detail - or to know the unexpected behaviors in the technology that can cause headaches.  Hopefully at least makes for good reading.

Joe Nord

Product Architect - Application Streaming

Citrix Systems

Does your organization deliver virtual applications to the branch office over a sloooow WAN link?
Are you tired of trying to fix all of your WAN issues with a bigger and more expensive WAN connection?

There has to be a better solution...
Citrix Branch Repeater and XenApp work in concert to deliver a "high-definition" branch office experience, drastically improving the XenApp experience to branch office users. Using Citrix HDXTechnology, Branch Repeater and HDX IntelliCache adaptively orchestrate with XenApp to disable the native ICA compression used for optimizing single-user sessions.

Just how much better?

• Branch Repeater reduces XenApp traffic by up to 95 percent, increasing file transfer throughput by up to 20 times and increasing print traffic throughput by up to 33 times.
• Together these enhancements allow customers to serve up to 4x more XenApp users in each branch without upgrading bandwidth.

Learn more about ICA Optimization, how to deploy the components, and see the High Definition branch experience yourself in this exciting demo, which can also be found on the Branch Repeater demo page of Citrix.com.

I used the "cloud" to search for the "cloud" and found out that the company who defined the "cloud" was the company I used to search the "cloud". What an amazing thing... this Cloud!

Isn't the Internet grand! I wondered where the term Cloud Computing originated so I just opened up a browser and did a Google search "Inventing the term Cloud Computing". I was directed to a site called elstasticvapor.com. In an article by the purveyer of the site, he quotes another blogger who asked the question "who coined the term Cloud Computing" and at least one answer that came back was, 'Eric Schmidt in a 2006 interview when describing Google's SaaS model'. When you dig into the press release from Google, http://www.google.com/press/podium/ses2006.html, you'll find that indeed Eric mentions the term at least twice during an interview back in 2006.

In an excerpt from that interview, Eric describes the services of the future as follows, "What's interesting [now] is that there is an emergent new model, and you all are here because you are part of that new model. I don't think people have really understood how big this opportunity really is. It starts with the premise that the data services and architecture should be on servers. We call it cloud computing - they should be in a "cloud" somewhere. And that if you have the right kind of browser or the right kind of access, it doesn't matter whether you have a PC or a Mac or a mobile phone or a BlackBerry or what have you - or new devices still to be developed - you can get access to the cloud." That really sounds pretty straight forward.

Back in 1985 when I was a regional administrator for part of the ARPANET (whoops I just revealed my age), we knew that the Internet was nothing more than a collection of servers and routers which were designed to enable a best effort service with multiple paths of redundancy. And despite what Al Gore says, it was invented by the DoD. What started as a science project became so prolifically used that we (all) started to refer to it as the "Cloud" twenty years ago.

So what is it today that has the world in such a tizzy about the terminology Cloud Computing? Is it because a powerhouse like Eric Schmidt from a powerhouse company like Google used it three years ago in a time when Google was setting the Internet world on fire? Or is it that we've somehow convoluted the message in such a way as to distort its meaning... Something so esoteric that only the elite in the industry can comprehend its meaning? But note the brilliance and simplicity of what Eric Schmidt actually said, "if you have the right kind of browser OR the right kind of access, it doesn't matter [what kind of device you have]..." meaning the methodology doesn't matter as much as the result. That's why there are emerging types of methods to accomplish the same task, namely ACCESS to applications that reside somewhere other than the local PC! That is what Information Technology should be focused on today. Not a bunch of hype that has no practical outcome.

Cloud Computing is branching out into many things. That's why we see terminology like "Internal Cloud" and "Elastic Cloud" and "Cloud Bursting" but all stem from the same basic premise. The core of the Cloud IS the Internet. The result of Cloud Computing is a more universal access to applications. If you want to make money (or save money) by implementing Cloud Computing then you need to figure out how to give access to the users who want it and then determine the method for making it happen. Use the Internet... Yes, but don't limit the possibilities because of misconceptions. Find a way to deliver applications by loosely coupling the application and the local device.

Map out what you want to have happen and then design an architecture that meets the needs. Don't get caught in the hype. Use your head and basic networking principals and soon you will find that you are harnessing the power of the Cloud and not being overrun by it.

Twitter

Doing a bit of system maintenance, I noticed some interesting stuff today about my %TEMP% folder. 

The folder and its decedents are 13GB in size (that's with a G and 9 zeros) and has 9,483 files!  This is almost equal to the "free space" on my drive.  Besides needing a bigger drive, this isn't a good use of space on the machine.  Hum...

How'd it get there?  I'm not totally sure, but a big piece of it is debugging the streaming profiler.  After getting half way through profiling of an application - killing the profiler.  I do this alot.  The profiler tries to be a good citizen and clean up when it is done, but if you kill it, it never gets the chance.  I'll also add that the profiler doesn't delete on the way "in" as it ASSUMES that their might be other instances of the profiler running at the same time, so it doesn't delete their stuff.

Back to me.  13GB wasted in temporary file system space!

XenApp hosted people have it easy.  There's a configuration option to obliterate the TEMP folders on logoff.  I'm a domain based user using a machine that is part of the domain.  I don't get the automatic delete on logoff and because I am not admin of the Citrix company domain, I also don't have ability to set the setting to obliterate everything.  In an ideal world, I would have this Citrix Profile management stuff on my domain and all of this would be magically taken care of for me.  We will get there, but for now I still have 13GB wasted space!

What to do?  Just deleting it won't be good enough - it will come back!

I went browsing the internet and found this nice article on how to clean house.  I can't make deleting the TEMP space part of my system's logoff, but I can command my machine to run batch files of my choosing at logoff.  Great!  If only I had a most-excellent set of batch files to help with the house cleaning.

A bit of coding and now I DO have these and I'm so happy with myself now that I now share the batch files with you.  Installation instructions are inside the batch file comments.

First bat file: logoff-script.bat@echo off
REM This script runs at every logoff for every user.
REM Enable by group policy (local policy)
REM
REM Start/Run GPEDIT.MSC
REM    User Configuration - Windows Settings
REM    Scripts - Logoff
REM    Add - Add this script.
setlocal
set OUTFILE=c:\logoff-script.log

REM Use a worker bat file to faciliate redirection of output.
call logoff-worker.bat | tee -a "%OUTFILE%"
endlocal

Second bat file: logoff-worker.bat@echo off
REM Called by logoff-script to faciliate redirecting output to log file
echo.
echo logoff-script running
date /t
time /t
echo Erasing TEMP directory

echo BEFORE
du -q "%TEMP%"

rd /s /q "%TEMP%" 1>nul: 2>&1
if not exist "%TEMP%\." mkdir "%TEMP%"

echo AFTER
du -q "%TEMP%"

Things to notice.  First, I logged the output to the root of drive C:.  Mere user's don't have privilege to write to this space and on Vista, you'll probably get a UAC dialog.  Easy to fix by writing to My Documents or similar.

In the main bat, there is a call to "tee -a".  There are a million tee filters on the Internet.

In the worker, there's a call to "du.exe" to log the before/after statistics.  This is the du.exe utility from Mark Russinovich (SysInternals).  Download from Microsoft Technet.  If you don't have the DU utility and still want to log output, dir /s "%TEMP%" 2>&1 | tail -2.   Right, better to use the tool.

What about the registry?  If the file system has garbage left over from interrupted profiling, then the registry should also be poluted.  Went looking, nothing there.  Luck?  Probably not, but I uninstalled/reinstalled the profiler and client yesterday, so it is possible that the installer took care of this for me.  The place to look is HKLM\Software\Citrix\AIE, yes AIE!.  More information on the temporary spaces of the streaming profiler can be found here.

I'm not asking for a "mine is better than yours" tool comparison, but if you have a method that just plain makes this batch file stuff unnecessary, do post a comment to let me and others know.

Enjoy, 

Joe Nord

When you hear the term "Cloud Computing", do you see the big, beautiful, puffy white cloud we typically see on a calm summer day or do you see a dark, menacing thunderhead that spells impending doom?  Probably a little bit of both (isn't that always how life is?).  Cloud Computing has great potential to provide significant savings and automation to any business' IT environment, so why haven't you started moving to the cloud?  Probably because some things scare the hell out of you, like the following:

1. Security: Do I really trust a third party to hold my corporate data? Many cloud computing providers have extensive security processes in place to help mitigate this concern, but this data is the lifeblood of your organization.  If it is stolen, your entire business might be at risk.  It doesn't matter how many assurances you have from a 3rd party, losing the data might spell the demise of your organization or open you up to expensive lawsuits.
2. Compliance: Depending on your organization, you might have to adhere to different restrictions to gain a certain compliance certification.  Ever hear of PCI-DSS or HIPAA?  These are the ones most people think of, but there are many more depending on your industry.  How easy will it be for you to prove you are in compliance when you systems are in the cloud? 
   

If these are some of your major concerns with moving to the cloud, does that mean you are stuck running your IT like you have been, or is there still a way for you to implement cloud-based efficiencies into your own IT environment? 

Let's make this simple, cloud computing is essentially using technology to provide a dynamic, scalable computing environment where resources are virtualized and delivered over the Internet securely.  OK, definitions are always good, but how do I put this into practice?  By using the Citrix Delivery Center.  The CDC is a set of solutions that, when integrated, provides a virtual, dynamic, scalable application delivery solution securely over the Internet. An application is simply what you need to do your job, which could be a web application, windows application or even a desktop. 

Let's break the key areas of cloud computing down further:

1. Virtual:  This is an easy one.  First, you virtualize your servers in the data center. This will allow you to more fully utilize ALL of your hardware resources. Through XenServer virtualization, which is free by the way, you can use all of your server for any number of different workloads at the same time. You bought the hardware, might as well use it without waste.
2. Dynamic: An SAP server is not just an SAP server. A XenApp server is not just a XenApp server.  These servers can be anything you want them to be based on the current business situation.  Need a new XenApp server, no problem, just use Provisioning Services, which is part of Citrix Essentials for XenServer or Hyper-V, to deliver a new XenApp server in 30 seconds.  Need to reduce the number of XenApp servers while adding capacity to SAP? Use Provisioning Services to do just that without adding new hardware.  The time it takes to build a new SAP or XenApp server is roughly 30 seconds and this entire process can be automated by designing appropriate workflows for your business with Workflow Studio.
3. Delivery: The first question is what do you want to deliver? Desktops or applications?  How about both?  Use the underlying virtual and dynamic infrastructure to deliver a virtual desktop (XenDesktop), which is correctly populated with the right applications for the user with XenApp application delivery.  Not into virtual desktops yet? No problem, but I bet you are using applications.  Use XenApp to dynamically deliver the applications to any endpoint.
4. Scalable: Scalability means getting the most bang for the buck.  First, you need to use the infrastructure that is best aligned with your delivery solution. Are you using XenApp for application delivery, then your most scalable solution is XenServer due to the optimizations to make XenServer optimized for the XenApp workload.  What about web applications?  Many of the communication tasks a typical web application does can be offloaded by NetScaler.  This means your web server can support many more users because the expensive processing tasks are handled by the optimized NetScaler.
5. Security: Last but not least is security.  Remember, a cloud is going over the internet and you had better make sure your communication is secured.  NetScaler has the Access Gateway functionality to provide SSL-VPN access.  If you are only delivering desktops and applications with XenDesktop and XenApp, your environment is even more secure because all traffic occurs on two ports (ICA and CGP).  This means there is no need to install a full-blown SSL-VPN client on your devices. All you need is a web browser.  Don't forget about your data, that is your lifeblood.  Use NetScaler to create policies to disallow saving files on the endpoint, or printing, or even running certain applications from unapproved locations. Last, but definitely not least, are the web applications the organization is delivering.  We need to make sure sensitive information is kept hidden, like social security numbers and credit card numbers.  We also want to make sure our web applications are hit by different web attacks, like SQL injection, cross-site scripting, etc.  The Application Firewall component of NetScaler protects us. 
   

Does it seem like a lot to take in? Remember, the goal is to turn your environment into an enterprise cloud, which requires you to re-think how you deliver applications to your users. Of course you get the most cloud-like environment by doing the entire suite but the nice thing about the Citrix Delivery Center is that you can pick and choose the options you need. They all plug into each other to create a unified enterprise cloud environment.  I encourage you to take a closer look at the Citrix Delivery Center to see what you can do to your IT environment to achieve the  efficiencies of enterprise clouds.

Daniel

Have you ever wished your VPN connection was faster?
Do you need to take a lunch break when downloading your sales presentation over your VPN?

Did you know that you can Turbo Charge Access Gateway with Citrix Branch Repeater and make these headaches go away? Citrix Branch Repeater can accelerate all editions of Access Gateway by adding Branch Repeater to your Citrix Delivery Center environment. The Citrix Repeater and Access Gateway Plug-ins seamlessly deliver the fastest secure access solution. Granular Access Gateway policies enable the IT Administrator to fine tune when and how a user's connection is turbo charged.

Learn more about Turbo Charging Access Gateway; how the components are deployed, and see the Turbo Charge experience yourself in this exciting demo. View the video in full size and learn more about Access Gateway here.

I compliment Microsoft on UAC.  This is a painful problem, but somebody has to encourage application vendors to fix their stuff and the UAC dialogs seem to get that point across.  Complaining to the users forces the application vendors to fix the apps, but still allows the applications to run. 

Here though, I am torn.  I make a living convincing poorly written applications to run in a XenApp world and if all the applications are fixed to make them runnable on normal user privilege, there won't be as much magic to work.  Friends tell me to not get discouraged; application vendors will continue to produce poorly behaved software for eternity; please no comments about Citrix...

The common question

Can Application Streaming help convince this poorly behaving application to run successfully on XenApp hosted?  Answer: You betcha! 

Applications can desire privilege for many reasons; some of those reasons are valid, but given the flury of UAC dialogs we saw when Vista shipped, many of them are invalid.  These invalid ones are great candidates for running under isolation because applications that want privilege, can be run under Application Streaming and then will successfully run in a terminal services world, without privilege and not complain about it. 

Often, the incomptibiltiy is a small problem of the application wanting to write to protected spaces at runtime, such as \Program files or HKLM in the registry.   Windows programming 101 - you can't do that, still many applications do, especially those with a long herritage on Windows 9x and then ported to NT.  The UAC dialogs are helping and we're getting on a improved track to applications that are designed to work with users running on user privilege accounts and by inferance, becoming multi-user XenApp hosted execution friendly.  This is a great boon for application execution on TS/XenApp; more applications will "just work" even when locally installed.  Still, a large number of applications will continue to misbehave and this creates an endless need for running applications under isolation.

Give me an example please

What happens at runtime is that the applications writes to protected spaces end up writing to per-user spaces instead.  The isolation system layers all this back together to make the application THINK it wrote to the global space and the application pushes on blisfully unaware of the deception and you as the administrator push on gleefully happy about your ability to put ANYTHING into a hosted XenApp environment.

With multiple users, each user gets their own per-user version of the "global" space and the application - for each user - sees a world that is global, yet per-user in its structure.  This same thing happens for named objects (like pipes), the registry and file systems so that multiple misbehaving applications can all get along. 

Here's a graphic to get it across.
There's no magic; only smoke and mirrors.  When you understand the smoke and mirrors, this isolation stuff becomes pretty plain to understand.   Application Streaming is a tool you can use to make your misbehaving applications behave.  Its been around for years now, it works and can solve some of your headaches. So, I say ... Isolate and enjoy.

One last thing, in case anyone wanted to know, the above graphic is actually repeated for EACH sandbox on the server. Each 3 layer view is a sandbox supporting application execution for a given user.  Parts of the isolation space are "shared" between the users because there is no need to have multiple versions of the application content present, that would just waste space.  Take a heavily loaded XenApp server with 50 users; each running a variety of applications, all streamed.  150 different sandboxes would not be uncommon.   The isolation system has to keep track of all of that and not blow up even if Citrix has people on staff who do nothing other than try to break it.  Good fun and they don't call it the "stress lab" for nothing.

Joe Nord

Product Architect for Application Streaming

Citrix Systems 

The XenApp Application Streaming system uses a File System Filter Driver (FSFD) to implement file system isolation.   I have previously described the isolation layers and how they present a different image of the system to each sandboxed application.  This post describes where in the system that the file system filtering occurs and points out places where things can get "interesting" when having a system with multiple filters, all competing to handle the file system operations.

GEEK SPEEK is turned on for this post 

File system 101 - in two paragraphs...

Before considering filtering, first consider the world without filtering. What happens when my application tries to open "letter to mom.doc".  The answer is that your application issues a command to Windows to ask it to open the file.  This almost always starts with the CreateFile() Win32 API.  It travels from "high level" Windows to "details level" Windows where it lands in the Windows NT I/O Manager.  The I/O manager looks around its registered "File Systems" and finds one who is willing to take on the work of satisfying this file operation and "sends it down".  Eventually, the file system will respond "done" and the I/O manager returns to the application.

The file system (think NTFS or FAT32), would like to move things to and from disk, but it doesn't really know how.  Instead, the file system does it's stuff to convert the high level concept of a file to "blocks" of same sized binary data that it will ask other device drivers to actually move to/from permanent storage (call it a DISK DRIVE).  The DISK device driver doesn't actually know what it is storing, but it absolutely assures the file system that if it is asked to store 512 or 256 bytes of data at location 123456, when the file system later asks for the data at 123456, it will get back the same data that it put there last week.  It is the file systems responsibility to convert high level concepts like a "file" into low level concepts like "blocks of data" that can be stored.

Most of the above describes OPERATING SYSTEM components.  To implement "isolation", you have to interfere with what the operation system really wants to accomplish and that's where filter drivers come in.

Here's a graphic.
Ponder for a moment the opening of any file.  It travels from the I/O Manager, through a number of file system filters, into the file system and eventually on to the disk device driver.   To implement isolation, we are one of the file system filter drivers and that pus us "above" the file system.  Notice that the filter drivers "below" the file system are called are not file system filters, they are "block" filters.  For application isolation systems, we focus on file system filtering.

You will hear the term "IRP".  Not to get too deep, but an IRP is the I/O managers definition of an I/O operation - it stands for "Input/Output Request Packet".  The I/O manager sends IRPs down and filter drivers and file systems do stuff to satisfy the commanded operation.  To do application isolation, the filter driver "changes" the IRP along the way so that operations intended for one location actually effect another.   I have commented before that there is no "magic" in application isolation.  Smoke and mirrors however do exist and for isolated file operations, the smoke and mirrors redirection is done in the file system filter driver.

Where the world gets interesting

Everybody wants to be on top!  The "highest" filter is the one that sees the I/O operation first.   In principle, if you're higher up the stack, you can satisfy the I/O operation without the lower level filter drivers ever being informed that there was an IRP on the way and nothing those other guys do will interfere with you, well at least not until it recurses, but stick with me on the concept - If you get to see it first, you "win" compared to the other filters. 

Who should win?

Put your programmer hat on...   The answer is that it isn't necessarily you.   The right answer can become so complicated that it becomes hard to contemplate.  Here is a link to the MSDN documentation. http://msdn.microsoft.com/en-us/library/ms790738.aspx

Priceless stuff.  What it comes down to is that when installing, a filter driver can ask the system to load it at a particular "level" or "altitude" in the filter stack.  The registry item that controls this is called "Group".

Here's a snapshot from my notebook for the Citrix FSFD, CTXSBX.sys at the XenApp 5.0 / App Streaming 1.2 level.

 
Notice that it has requested to be a "FSFilter Content Screener".  This puts it, kind of in the middle of filters.  Anti-virus is "higher" and some other filter types are lower.  Read the MSDN docs for the whole list, but it is a very complicated puzzle.  Anyone who has stayed with this article all the way to here probably already knows that it's complicated....

As the programmer who owned the device driver for the development of Application Streaming, I had to work out the "right" position in the filter stack.  Occasionally, folks inquire to relative positions and we have to look up information like this to know where one companies filters should live in relation to others.  There is a bit of "art" in the selection.  It is such an interesting thing that Microsoft holds "plug fests" where various filter driver writers can show up and test inter-operation with other vendors, in particular anti-virus.

A final note

Every few years, the model for device drivers changes.  The CTXSBX.sys device driver is a "legacy filter driver".  It had to be to be compatible with Windows 2000, which was one of its design requirements.  Since then, Microsoft have built the "mini filter" model which is the normal thing for writing filters today.   In addition to being cooler because they are "mini", mini filters also have a more refined system for specifying load order position.  I'll leave that for a MSDN inquiry, but it ultimately comes down to the same question: who's above me, who's below me.

This was probably more techno bit-head stuff than anyone wanted to read, but there it is...

Joe Nord

Citrix Systems, Fort Lauderdale, FL

Q: Any recommendations for hosting or streaming components such as .NET, Oracle Drivers, MQ drivers, teradata, DB2, etc ?   

A: Many core OS components will need to be installed as part of the base image. Things like anti-virus, drivers, .NET. 

Q: Is there a place to find this "Leverage Existing Infrastructure" slide or the info later on?

A: Yes. In the next few days there will be 3 articles released to the knowledgebase called: Simplifying Application Delivery to the Virtual desktop (Reference Architecture, Getting Started Guide and Implementation Guide).  The item you are interested in will be part of the Reference Architecture. 

Q: Can you elaborate on the nature of the Citrix Receiver? One of the main benefits to XenDesktop, supposedly, is that it's clientless. It seems that the Citrix Receiver is a client...   

A: Nothing is clientless. Even a web browser is a client.  But in order to get to a virtual desktop, you will need a client application, the Citrix Receiver. Now the nice things about the Receiver is you aren't forced to install 20 different clients. This one client will provide you with all the features needed to receiver your virtual desktop.

Q: Could we possibly see a demonstration of a virtual desktop session?   

A: You can take a look at the items on this page: http://www.citrix.com/English/ps2/products/demo.asp?contentid=163057#top

Q: If we pre-cache the app on the VDisk - aren't we coupling the app with the vDisk. 

A: Not really. I consider installing an application to be coupling the app to the vDisk. Doing a pre-cache just optimizes the write cache so the app starts faster.  Remember, with streaming, the application is not installed and you only see the applications you have been granted.  Now if you have pre-cached an application and you now have an application update, do you update the pre-cache? Depends, of course.  If the update is major, meaning it changes many files, then I would update the pre-cache because these updates will cause the write-cache to expand. However, if the update is minor, meaning it only changes a few files, just update the application profile package and forgo the pre-cache updates. When the pre-cached application starts, the updates will be streamed down to the virtual desktop. This will increase the size of the write-cache, but because the updates are so small, the write cache growth will be small.

Q: Do you maintain a list of applications and how resource intensive they are?

A: There is a Citrix site called Citrix Ready (CitrixReady.com).  There are a fair amount of applications listed on that site. 

Q: For those of us who have not moved into the XenApp Realm yet and are trying to determine which product meet our needs, is there a better source of information, or a 'buyers guide' that helps us determine the correct path, XennApp, XenDesktop, etc?   

A: See if this document helps: http://www.citrix.com/%2Fsite%2Fresources%2Fdynamic%2Fsalesdocs%2FXenApp-XenDesktopTogether.pdf

Q: How many users can access a single vDisk from Provisioning Server with XenDesktop? An example...How many Provisioning and DDC servers will I need for 500 employees vs 1001+ Employees? 

A:   Take a look at this recently completed scalability document.  http://support.citrix.com/article/CTX119775

Q: If I still have to manage the client why would we want to create XenDesktop? I am not seeing the return based on the large infrastructure this will require to install.   

A: Excellent question.  There are many scenarios where it makes sense.  Below are a few, but there are many more. It all depends on your business and challenges experienced with the distributed computing model. # Forgo workstation upgrades but still utilize the latest Operating System and applications. Ever run Vista on an old workstation? You can now

1. Use Desktop Appliances: They are slim devices that simply connect to a virtual desktop
2. Remote users: Use your home computer without having to install apps or copy company data
3. BYOC: Bring Your Own Computer allows you to use your own personal workstation while still having a secure and separate corporate computing environment.

Q: Since streaming is regarded as a primary delivery recommendation, how do you get the network team on board since they occasionally present resistance towards this distribution method 

A:   Yes, working with the network team is critical.  How much data do you think is transferred just to boot the OS?  Remember, we ONLY stream the parts needed. So even though Vista is gigs in size, we are only streaming about 180 MB of data.  XP is roughly 90MB. However, for enterprise deployments, you would want the physical design of the environment to have both ends of the stream to be in close/fast proximity.  The Provisioning Server should be located on the same high-speed network as the XenServers that will receive the stream for the virtual desktops.  This helps control where the network usage is going to occur. 

Q: You mentioned that if there are applications that need a lot of resources and they are installed on XenApp server they could hog the XenApp server.  Does XenApp have an HA (high availability) architecture that would allow distribution of the XenApp load dynamically to hot standby XenApp servers?   

A: XenApp does have a powerful load-balancing solution to distribute load based on any number of configurable parameters (CPU, memory, page swaps, user load, etc).  However, these algorithms only come into play during the start of a new session. Once your session is on a XenApp server, that session remains on the XenApp server until the session is closed.   So, you could wind up with a bunch of users on a XenApp server (which is good), until someone runs a resource intensive application that can potentially slow down the entire server because resources are shared. 

Q: You recommended Stream Applications for Base, Anomalous and Resource Intensive apps.  Stream from where, from XenApp? 

A: Yes, application streaming comes from XenApp.  The XenApp servers will manage application enumeration and launching. If you select a streamed application, you will obtain the stream from the Application Hub (like a file server) controlled by XenApp. 

Q: What is a hosted application?

A: A hosted application is one that executes remotely on XenApp.  All resources used are resources on the XenApp server.

Q: What happens when Provisioning Server goes down?  Are existing workstations cached and still working and only new stream requests are impacted?  Or are all workstations down? 

A: Because there is no local disk on the provisioned desktops, if Provisioning Server fails, the desktop pauses until the stream is reestablished.   This is why we recommend turning on the HA option for Provisioning Server.  This will help overcome this potential risk.

Q: When pre-caching the streamed apps, would you recommend storing those in the base OS vdisk or in a separate disk attached to the VMs?   

A: Pre-cache into the OS vDisk.

Q: When Streaming apps, will I run into problems when I have a suite of applications that make calls to each other. I.E. MS Office, Email and Document Management Systems?   

A: Not with XenApp 5 application streaming. In previous versions, applications could not talk to applications in different streams, but that challenge was overcome in XenApp 5.  So if you put Word, Excel and PowerPoint in separate application streams, they can still work together.

Q: Would this work for remote users, or is network connectivity required

A: Right now, you need a network connection.  But Citrix has announced Project Independence which provides a client-side hypervisor where we can think about doing offline virtual desktops. Take a look at the video: http://community.citrix.com/display/xd/independence

Q: What is the process for preparing an application for streaming?

A: You need to run through the installation of the application with the Streaming Profiler.  The profiler will take the installation and create an application package used for application streaming. Once the profile is created, you simply publish it like any other XenApp application.

Q: What is the typical time to first launch for a streamed application? 

A:  It depends on the application size and the network speed. When properly configured, the actual streaming of the application should be very fast, one or two seconds)

Q: What type of apps are not appropriate for this solution? 

A: There are still some issues with applications that install services on the system or install OS-level items (.Net, drivers, etc) .  Many of the other challenges have been overcome.

Q: Are streamed applications isolated to the extent that they are not aware of and cannot interact with another streamed application?  

A: Yes and no.  Yes in that what you say is correct. Streamed applications do not interact with other streamed applications. However, in XenApp 5 you can configure rules for the applications so they can talk to other streamed applications. It is a pretty cool feature that overcomes some major challenges with application streaming.

Daniel

Analysts and technology companies alike have been attempting to describe the totality of Cloud Computing in terms of technology and business application.  The problem to date is that there has not been a single company who is both actively creating applications as well as producing the infrastructure and delivery mechanisms to deliver applications in the Cloud.  I usually don't promote Citrix right up front in my blogs, but in this case, Citrix is the core of the discussion in that we are the only company in the world today that plays across the entire spectrum of the Cloud.  I'd like to start with a basic picture to depict this strength and then describe each area. 

The Cloud can be described in these vertical planes by generalizing between Services and Infrastructure.  Along the horizontal plane the spectrum of the Cloud stretches from the software companies producing the applications (Independent Software Vendors - ISV) to the ultimate utility infrastructure for architectures with a foundation of servers which are virtualized.  The core product families at Citrix not only fit this paradigm, but by definition are core to the way in which Cloud Computing is developed and delivered.

Note first of all that without applications the cloud has no purpose.  The spectrum starts with the ISV.  Citrix Online's core technology and business proposition is rooted firmly in the ISV and SaaS portions of the cloud (http://www.citrixonline.com/products.tmpl?SessionInfo=20196379:BC688DECBA73756).&nbsp; In fact, Online is actually the 5^th largest SaaS supplier in the world.  This gives us a keen understanding of what it takes to produce applications and deliver them to millions of subscribers around the world through a subscription model.

Next, Citrix has designed an application delivery technology used by 98% of the Fortune 500 companies around the world, XenApp.  Huge companies like Bechtel looking for ways in which to change the way they do business are adopting a variant of SaaS through what they call the Project Services Network producing an "on demand environment for application and data access" (http://web.citrix.com/go/synergy_08/vote/). And because the base software has been designed to work in these complex environments it shouldn't be surprising that Citrix also is the world leader in the delivery of applications embedded with high end graphics. (http://community.citrix.com/blogs/citrite/derekt/2009/02/06/New+Multimedia+Capabilities+%28and+more+to+come%29).

Recognizing the need for entire desktop virtualization, XenDesktop is rapidly becoming the Desktop as a Service choice for many companies looking to augment their current application delivery approach.  Citrix leads the market in the flexibility of the DaaS through the latest release of the XenDesktop product.  My friend and colleague, Simon Crosby recently spoke on the topic and our future plans in this space in an interview with Doug Brown (http://www.dabcc.com/multimedia.aspx).

Moving to the far right of the spectrum we know that eventually the delivery of software will have to follow a utility model closely related to the Telco in order to be available to the mass market consumer.  So in an effort to begin to bridge that gap, Citrix has begun work in what is called the Elastic Compute Cloud or EC2 (http://community.citrix.com/pages/viewpage.action?pageId=58196960&showComments=true#comments).&nbsp; In this environment, Citrix has demonstrated a future view of what will be Infrastructure as a Service using XenServer and the Xen Hypervisor as the core technology.

Finally, NetScaler has been a critical element of the Cloud for a number of years.  Providing web application acceleration and network optimization, this is a core technology to enable the infrastructure that delivers the applications through the Cloud.

I challenge anyone who thinks they know of a company better aligned with all aspects of Cloud Computing and has not only the vision for the future of application delivery, but a business model and technology today to actually deploy it and allow customers to produce revenues from it.  Look for an upcoming Podcast hosted by Doug Brown including discussion from Brad Pedersen and Kurt Moody to round out this discussion (http://www.dabcc.com/multimedia.aspx).

The following trademarks appear in this blog: Microsoft Office and Microsoft Windows are a registered trademark of Microsoft Corporation in the U.S. and other countries, SAP is a registered trademark of SAP Corporation in the U.S. and in other countries, Firefox is a registered trademark of Mozilla, an Internet Community, Safari is a registered trademark of Apple Inc in the U.S. and other countries. 

Twitter

For those of you who were not able to attend the live event or wish to re-watch it, you can get to the recording by going here: http://www.citrix.com/English/NE/events/event.asp?eventID=1685355&nbsp;

Q: Where can I get NeScaler training

A: You should check out the Citrix Training website for information on classes and locations. (http://www.citrixtraining.com/courses/courses/index.cfm)

Q: Is there Web Interface and XML Broker Monitors part of Citrix Access Gateway Ent.?

A: Access Gateway Enterprise Edition is a component on the NetScaler platform.  In order to use Access Gateway functionality along with the load balancing functionality, you will need to have the correct license for the NetScaler platform.  Please take a look at the Citrix NetScaler Editions description (http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=1683492)

Q: In the demo being shown, if the application is only available via the Minneapolis datacenter, but the user is closer to the Ft Lauderdale datacenter, is it possible to configure the NS/AG to redirect the connection to the Minneapolis NS pair instead?

A: Excellent question. The challenge with your question is that NetScaler does not know which application you intend to launch when it decides the most appropriate data center.  Even if the NetScaler sends you to the Ft Lauderdale data center, you will still be able to launch an application only available in the Minneapolis data center, but you still have your SSLVPN session going to Ft. Lauderdale.

Q: If you have redundant WI and/or XML Broker servers set up does NS determine that the Primary has gone down and alert the admin that redundancy is no longer there?"

A: These should be SNMP traps that you could pick up with a management tool to alert the administrator.

Q: What happen if we have two sites with different subnets and we have two DNS over NAT?

A: Two sites with different subnets, NAT, etc is fine. Your configuration will just be different and include different addresses.  With multiple DNS servers, you just need to make sure that the fully qualified domain name you setup as part of Global Server Load Balancing is configured on both DNS servers to point to the NetScaler devices, which are the authoritative DNS servers for that domain name.

Daniel

One of the more time-consuming tasks for a  XenApp administrator is to build new XenApp servers. This video shows how we can use Provisioning Server to

1. Create an image based on a current installation
2. Take the image and deliver to a whole slew of new XenApp servers

This process not only creates new XenApp servers, but it also adds them into the farm automatically.  Simply publish applications with a drag-and-drop and your done.  Because each XenApp server is coming from a single image, you can guarantee that each server is identical to each other, a very important XenApp best practice.

Video

Daniel

Why is it that we become so polarized when it comes to Information Technology?  "I'm a Mac guy!-I'm a PC guy! Linux is the only way! iPhone vs. Blackberry, you must be kidding! Win Server 2003 vs. Win Server2008!  Web apps are the only way!"  I know it's good to have opposing views and diversity is the foundation of change, but polarizing to any extreme just doesn't map with reality, does it?

Ten years ago the polarization around web based applications began.  Adobe is probably the best example of how this technology has emerged.  There was a day when loading someone's client on your PC or laptop was seen as obtrusive and even a security risk.  But now we are constantly reminded to upgrade our Flash player or we won't be able to access the latest multimedia.  To be sure, web app technology including Flash have come a long way and have enhanced our ability to get the information we need more rapidly.  But when I sit down to put a spreadsheet together chances are I'm not going to launch IE or Firefox to get started.  There is a job for every tool and a tool for most every job.  That's what my grandfather used to tell me and I think it applies to the world of IT as well.  In that regard, if we postulate that Google Apps is going to take over the world of application delivery any time soon, I think time will tell a different story.  But just to round out the playing field I'd like to examine some of the misnomers around a web app only world.

First and foremost there is the issue of what works best for the job.  As I mentioned, like it or not, Microsoft Excel owns the lion's share of the spreadsheet market by leaps and bounds.  Even if there were another application with a more user friendly experience the typical consumer of this application would still adopt what he knows (learned behavior) over what is new. So if a "universal" web app emerged tomorrow it would take years to get mass market adoption.  And even if that were to happen, we would still have to the issues of file storage and file sharing to contend with.  The point is the information technology world we live and work in takes advantage of both O/S dependent applications and web/browser based applications. 

But what if overnight, we all just decided enough is enough and we want to simplify the world of IT by only using web based applications?  Are they universal enough that every application would run on every end point every time it was accessed?  Let's explore...

Leaving aside the problem of learned behavior for O/S dependant applications, web based apps have a myriad of obstacles to overcome.  First are the physical machine and the physical network limitations.  Have you ever tried to stream a high definition video on a 5 year old PC (or MAC) on a dial-up network?  Even if you increased the bandwidth to Business Class DSL/Cable Modem you'd have to shut down every other web app just to get the clip running.  So there is first the problem of embedded multi-media over low bandwidth/high latency networks.  Surely everyone has access to 100 mbps Ethernet, don't they?  No, in fact they don't.  Most of the SMB world still lives off of a connection of 3-6 mbps with no specified SLA and that bandwidth is shared for the entire office.According to Kurt Moody, Senior Technical Marketing Manager at Citrix, "The development of web-based applications has been perceived as a fundamental competitor to traditional Windows desktop applications and therefore to some extent is considered the largest competitive threat to Citrix XenApp.  The reality for many enterprises is that although the web based applications themselves present a form of Server-based computing from an application development perspective, from an application delivery perspective the critical potential point of failure is the web browser itself, which in many cases is a Windows desktop application that presents the same version and lifecycle maintenance challenges of other desktop applications.  Many businesses have determined that using Citrix XenApp to deliver the required Web Browser and application presents a much more predictable environment to the broadest set of users and use cases with a lower TCO."  Not that XenApp solves all of the problems listed above, but it still provides the best case user experience even over low bandwidth, high latency networks.

How about the browser environment itself?  According to David Wagner, Architect and Product Manager at Citrix, "While it is easy to make the argument that the complexity and headaches that exist across multiple browsers has diminished somewhat over that last few years, there are still plenty of pain points this creates for all of us.  Challenges such as a browser version or needed plug-ins still occur particularly when using shared or common devices.  Sure if it is your personal PC or your company's laptop or desktop it is often easy enough to add what you need but what if you are using a hotel device?  Or a public venue kiosk?  Or some mobile device?  Making any change or modification at all is just not going to happen.

From a developer's point of view, wouldn't it be nice to focus on one or two browsers?  And maybe just a handful of configurations?  It would be if you were sure all your users had access to that version and configuration setup.  Otherwise you will be developing, testing and validating for every combination you can expect a user to leverage which usually means picking as many as you can manage to test and validate with each release and thus we have our published 'supported list'.  E.g. if you are trying to use this app and are experiencing issues and you are not using a configuration on the supported list we can't help you."

So what exactly do the Cloud initiatives of 2009 present to mitigate these web application issues?  Nothing really.  The Cloud is a mechanism for providing utility in the mass delivery of applications, not the end-all, be-all.  Even when Cloud delivery infrastructure becomes a reality, we still have these fundamental issues to grapple with.  That's why Citrix is taking the more holistic approach to the entire eco system.  From the creation of web based apps (Citrix Online products) to the virtualization of workloads in the datacenter (XenServer) to the delivery of both web and non-web applications (XenApp/XenDesktop) we provide the architecture to economically and efficiently provide services (applications) to the end points.... And we've been doing it for years. 

Stay tuned for the next discussion on Managed Service Providers vs. Independent Software Vendors providing SaaS.

I'm kind of a stickler for simplification so I always like to set the stage by making sure terms are defined and understood before launching into a diatribe of alphabet soup over acronyms that mean ten different things to ten different people.  For instance, it seems today (much like the era of the dot-com) that if someone drops the suffix "aaS" at the end of a subject or object it immediately becomes newsworthy.  For instance a statement like MSPs who provide SaaS or DaaS must use either AIaaS or APaaS to achieve true IaaS, is in my opinion condescending.  It's kind of like using the word Grok.  If you don't know what it means, then you must not be educated enough to use it.  Do you grok SaaS?

These kinds of acronyms and esoteric terms only confuse the poor guy who is trying to make a decision about how to run his business more cost effectively.  The small business owner is still trying to figure out what an "XP Pro" is or why there is so much hype over Vista vs. OS 10 (PC Guy vs. Apple Guy).  And the more software/computer science literate business owner wants to know why he has to pay for an entire staff of guys to keep his PCs running when he could do it all himself if he only had the time.  In either case, especially in this economy, at the end of the day it's all about the bottom line in business. Techno jargon is meaningless if it has no bearing on profitability. For these business owners if it costs less to do business by outsourcing part of the business, that's exactly what they are going to do.  But the message better be simple as to how they go about it.  So whether or not the small or medium sized business (SMB) owner can decipher Managed Service Providers (MSPs) who provide Software as a Service (SaaS) or Desktops as a Service (DaaS) must use either Application Infrastructure as a Service (AIaaS) or Application Platforms as a Service (APaaS) to achieve true Integration as a Service (IaaS), doesn't mean a hill of beans if it doesn't help his bottom line.  What is really important is for the MSP to quickly articulate his value proposition to the SMB owner so that there is no question about the service provided and its relative value to the business.  To start, according to Wikipedia, Software as a Service "is a model of software deployment where an application is hosted as a service provided to customers across the Internet. By eliminating the need to install and run the application on the customer's own computer, SaaS alleviates the customer's burden of software maintenance, ongoing operation, and support."  Now that's pretty understandable even for the guy who doesn't know what an XP Pro is.

Even with this distinction however there are still different types of MSPs who provide services for a variety of different use cases.  For simplicity sake, I'll describe three variants of MSPs here but by no means does this exhaust the category.  First there is the purist MSP.  That is to say the service provider who sets up one application to be shared by hundreds or thousands of businesses for a one-to-many implementation.  On the other end of the spectrum, is the service provider who transfers an entire data center from an SMB and hosts the "custom" one-to-one environment.  The later obviously has a scaling issue in that each physical server farm must stand on its own for each individual SMB.  In between these extremes is the MSP who has a "generic" server farm (which may or may not be virtual) used to deliver applications, but not necessarily built to scale.  In this case, the SMB may have a set number of applications he wishes to have hosted, but not all applications.  Sometimes these applications are problematic and may be difficult to deliver to remote sites.  Or they may be cumbersome to manage and therefore cause an inordinate amount of time and energy for the local IT personnel.  In some cases this hybrid hoster may provide an entire environment for a specific niche.

One such hybrid is a company called AcXess Inc, http://www.acxess.com/AcXess_home.htm in Boca Raton, Florida.  AcXess is the developer of V-Works™ a new Platform for managing online Virtual Server Environments. Their services include Labs On-Demand™ for integration and consulting projects, Demos On-Demand™ for automated "live" software demonstrations and Desktops On-Demand™ for Hi-Performance remote access desktops and applications.  By focusing on the ability to host lab environments and demonstrations, this MSP has built a business with unique value to a variety of customers including Microsoft, AT&T and SAP.  Tom Elowson, CEO is no neophyte when it comes to hosted services.  He was actually one of the principals in an ASP company in 2000.  Learning from the rise and fall of that era, Tom started AcXess and a couple of other companies to take advantage of the emerging hosted services market.  His business is actually seeing growth even in these tough times, which is no surprise according to a recent article written by Scott Campbell at ChannelWeb, entitled "Study: MSPs Bucking Poor Economy", http://www.crn.com/managed-services/212902884.&nbsp; The article states, "Managed service providers expect their revenue to increase by 20 percent over the next 12 months, according to a new study by research firm AMI-Partners. The study found that MSPs are being spared the impact of the downturn, and in fact may owe some success to the economy, as more businesses look to streamline IT costs through managed services."

So when it's all said and done, alphabet soup isn't where the money is... it's in the services that the SMBs are looking for.... And did I mention that AcXess uses Citrix products to power their hosted infrastructure.  Yep, they do!

The web apps are coming, the web apps are coming!  This has been the mantra in the Internet space for years now.  And the truth of the matter is that yes, the web apps are coming.  In fact, there are hundreds, if not thousands already deployed.  Many of which were designed specifically for browser based technology and are used by the masses every day.  YouTube, Facebook, and MySpace are entrenched as the debutants of social networking with applications like Twitter on the quick road to mass adoption.  In the business world, Saleforce.com is the clear leader in CRM while products like Microsoft Live, Cisco TelePresence and Citrix Online top the list for web conferencing and team collaboration.

And then there are those applications that have a dedicated connection to their original designs which are not browser based.  Intuit and SAP are two companies that come to mind. Giants in their own right, they have yet to cross the chasm from Operating System dependency to fully web enabled delivery.  To be sure, both of these companies have products in the browser space, but the bulk of their revenues still come from non web enabled applications.  The challenge for these companies (and hundreds like them) as well as the opportunity is in their ability to quickly expand their license penetration and hold the cost of doing business down.  Enter Virtualization and subscription services.

Citrix is the best kept secret in the web space from a software delivery perspective.  Many ISVs don't think to offer their products through Citrix server based computing technology mainly because there is no association between what SBC is and how an ISV sells to their customer.  Or at least that has been the problem in the past.  Now, Amazon is creating the Elastic Compute Cloud (or EC2) and the ability to offer data center functionality using the utility company model.  Pay as you go and only pay for as much (data center) as you use.  So imagine taking an existing model today for data centralization in the large enterprise, transfer the architecture to an uber-data center in the Cloud and offer software applications through a (virtually) secure, (virtually) redundant network.  And voila, a new age is born in which any here-to-for O/S dependant applications can be run on any desktop in any location by simply using a virtual environment to get it there.  Sounds pretty futuristic, huh?  Well, it is and it isn't.  It's futuristic in the sense that it hasn't been proven from a mass adoption perspective.  But then again, thirty years ago no one ever imagined driving down the road with a wireless connection to a head set which allowed voice communications (aka the cell phone) to emerge as a mass market delivery network either.

But what about today?  Is it possible to host applications that are not web based and serve them up to a mass market?  Wanna know another well kept secret?  The answer is YES.  If you don't believe me just take a look at the following web site, http://www.microsoft.com/hosting/findahostingprovider.mspx. In here you will see that Microsoft has not only embraced the concept of hosting applications that were not originally designed for web delivery, but support an entire network of hosting providers who generate income from these services.  What's even more surprising is they have been doing it for over 7 years... long before the term Software as a Service was dreamed up.

And are there really hosted service providers providing Software as a Service outside of the Salesforce.com hype?  Yep!  They are right in your backyard most of the time.  In fact several of them are already a part of the Citrix Partner Program and the focus of their business is in hosting applications.  One in particular, a company called Nasstar ( http://www.nasstar.com/) is taking the concept to the next level in the way in which they offer up an application delivery model to the SMB.  Charles Black, CEO of Nasstar had a vision that the mass market SMB would not only accept this paradigm of subscription based software applications, but would generate enough revenue to substantiate an ongoing business concern.  That was five years ago.  Now Nasstar is thriving and growing the business of subscription based software delivery (or SaaS) utilizing products like XenApp in their infrastructure.  I had a call with Charles today and he underscored the SaaS model saying, "Citrix is indeed a pioneer in this space.  [Our approach is] Citrix powered desktop and application delivery for the SMB and XenApp is the delivery platform." Futuristic?  Not anymore.