Please join us for two webinars covering XenApp Fundamentals sales and technical topics. The new sales topic is "Extending Terminal Services with XenApp Fundamentals".  We will expand on several newly published case studies that illustrate why customers still have a need for a remote access solution that meets both their performance and security requirements.  These case studies highlight instances where customers had initially implemented Terminal Services as a stand alone solution, and why they saw a need to add XenApp Fundamentals to their application environment. 

Our technical topic will be "XenApp Fundamentals for HP Proliant Servers with Microsoft Small Business Server 2008 - Technical Overview".  This session is a technical review of the implementation options for deploying XenApp Fundamentals with Windows Small Business Server on HP Servers. We have many partners who have already implemented this solution and are pleased to have Terry Sheehy,who is an independent IT consultant, join us to share some best practices. This topic was originally presented several months ago and is being repeated due to popular demand. 

Title:	Extending Terminal Services with XenApp Fundamentals.......The Secure Remote Access Solution For Small to Medium Businesses
Date:	Thursday, October 8, 2009
Time:	2:00 PM - 3:00 PM EDT
Register:	https://www1.gotomeeting.com/register/519248097

Title:	XenApp Fundamentals for HP Proliant Servers with Microsoft Small Business Server 2008 - Technical Overview
Date:	Thursday, October 15, 2009
Time:	2:00 PM - 3:00 PM EDT
Register:	https://www1.gotomeeting.com/register/582954936

I just wanted to announce an upcoming TechTalk I'm delivering on the new HDX Technologies included within the upcoming XenApp 5 Feature Pack 2 release.  As you know, HDX refers to a series of technologies that deliver a high-definition experience for both XenApp and XenDesktop users.

In this particular session, I'm going to do a technical deep dive on the latest HDX features include in XenApp 5 Feature Pack 2.  Each feature will include an overview, configuration details, and deployment considerations to help you maximize your XenApp deployments and help you provide the best possible experience to your end users.  The features included in this presentation are:
-HDX MediaStream for Flash
-HDX Plug-and-Play for Thumb Drives
-Secure Paste

The TechTalk is this Thursday, October 1 (1pm to 2pm EST).  To sign up for the session, visit this link: https://www1.gotomeeting.com/register/907190776

I hope to see you there!

Yesterday I've posted Part 1 of this series, talking about Capacity Estimation. Today I will describe the Power Management schedule policies. PCM use these policies to determine how many servers should be powered down, how sessions will consolidate or spread among the online servers, and when to power on additional servers to handle unexpected load.

The load policies for a workload vary during the day - you need more capacity during working hours than over the weekend. PCM configurations are entered over a weekly table period. Each entry has a start time four settings described below.

You will find this configuration on the PCM console. Select any workload, and then the "Schedule" tab. Each entry configures the following policies:

Minimum session capacity (Min Capacity): specify how many sessions, connected or not, should be on-line. The minimum session capacity is probably the easiest policy to understand and define. It describes the typical session utilization of that workload over time. For example, if you expect 1000 users connected to a workload during the day, and 250 over night, you will configure Min Capacity to 1000 from 8 to 5, and 250 from 5 to 8. It's that simple.

PCM will start as many servers as needed to support the Min Capacity policy. Servers are selected randomly, although you may control the selection order using the server tiers - I will cover tiers in more details at another post.

The session capacity is the sum of the estimated capacity of each online server in that workload. See Part 1 for in-depth description of load estimation.

Min Capacity is ignored if "Power Management" is disabled for that workload.

Minimum available servers (Min Servers): specify how many servers will handle logon requests. At first glance this seems similar to Minimum session capacity, but there's more to it.
PCM works its magic by setting the IMA load index to 20,000 value, indicating to IMA load balancer that the server is not available to take additional sessions. In the PCM console, you can see each servers selection state - select a workload and the "Servers" tab. At the left side of the "Sessions" column, you will find a small icon that can be:

• Circle: Load consolidation has disabled logons on this server. The IMA load index is set to 20,000.
• Green Triangle: Load consolidation has enabled logons on this server. The IMA load index is calculated based on the Load Evaluator.
• Yellow Triangle: Load consolidation has enabled logons on this server, but the load is higher than the optimal load. The IMA load index is still calculated based on the Load Evaluator.

The Min Servers policy defines how many servers with "green triangles" you will see in that workload - servers with enabled logons and under the optimal load. In the picture, I have Min Servers set to 1. Server 1 is draining, Server 2 is accepting logons, and Server 3 is above the optimal load (of 70%).

The value of this parameter should be related to expected user logon concurrency. If you set this value too low, then a small number of servers have to process too many logon requests, increasing the average logon time. If you set Min Servers too high, then sessions will spread to too many servers.

As a rule of thumb, you should set Min Servers to a higher number just before a shift starts - say, at 7:00AM - and reduce it after the logon peak has passed.

But how should I estimate this value? Well, you may start with a conservative high number and work your way back until user logons are impacted. Edgesight is a terrific way to get this data. Another way is to calculate the expected concurrent logons per server, based on peak logon rate and the logon time. For example, if average logon time is 30 seconds, and peak logon rate is 2 users/second, you should expect 15 concurrent logons if Min Servers is set to 1 (30 seconds/logon divided by 2 users/second). If you want to limit servers to process at most 5 concurrent logons, you will need Min Servers set to 3.

Min Servers policy is ignored if you disable load consolidation in the workload.

Online session reserve (Session Reserve): specify how many sessions should be available at on-line servers. Available sessions are calculated as "Session Capacity" minus connected sessions. For example, if a server has session capacity of 100 and 30 sessions, available sessions would be estimated as 70.

PCM counts all server sessions, including console and disconnected sessions.

Session reserve is used to create a buffer of available sessions for unexpected session influx. Servers take a while to boot, therefore you need to start powering on servers before the workload is fully loaded.

When the session reserve policy is violated, PCM will start sufficient number of servers to bring the policy back to compliancy.

Session Reserve can be estimated based on server power on time, and the maximum unexpected connections influx you have to support via SLA. For example, let's say your servers take 5 minutes to power on, and your DR strategy requires the workload to take up to 60 users/minute if a site fails. Your session reserve has to be set to 300 - the expected number of sessions before the 1st offline server can become available.

In the example above, PCM may issue additional power-on commands before the 1st server comes online. Let's say each offline server can take 100 sessions. When the number of available session falls under 300, the 1st server is started. If connections continue to come in, and available sessions fall under 200, the 2nd server is started, since the 1st server alone wouldn't be sufficient to get the session reserve policy back into compliancy.

Online session reserve is ignored if you disable power management in the workload.

Maximum session capacity (Max Capacity): specify a high water mark for capacity in the workload. This is an advanced setting, most workloads won't have to bother (default is "infinite"). This is used if you want to specify a session reserve, but stop adding servers after a certain point.

For example, assume your servers have session capacity of 100. A workload has 400 sessions at peak utilization. You have an SLA to support up to 600 sessions during DR events. You also have 7 servers assigned to this workload, but you can only power on 6 at a time due to power constraints - the 7th is there in case any other breaks. In this case, you may define Maximum session capacity as 600. Even if the session load gets above 500 (breaching the Session Reserve policy) PCM will not start the 7th server as it would violate the maximum capacity policy.

OK, that completes the PCM weekly schedule policy configuration. Next, in Part 3, I will talk about sites, tiers, and computer managers.

One of the first screens you will see in the Streaming Profiler wizard is a screen about "Enable User Updates" or in the earlier profilers, this was called "Enhanced security" or "Relaxed security".   Wow!  Mysterious terms!  The first thing we do in the profiler is hit the admin with a question that they don't know the answer to.  Hum.

Steps:

1. Describe the panels
2. Describe what the settings do
3. Examples of how this effects application execution
4. Guidance on how to configure the setting

Here's the panel in the streaming profiler version 5.2 (XenApp 5 Feature Pack 2):  Hot off the presses, released GA to the web download last night.

Here's the same panel in the previous streaming profiler (1.3)

What does this setting do?

Under the profiler, it doesn't do a whole lot.  It just sets a BOOLEAN that accompanies the streaming profile.  You can see via nice visual form in this streaming profiler, but if you dig down, you'll find that all this does is set a boolean in the profile XML data; at the PROFILE layer.   Changing this setting actually does more work, but I'll get to that in a minute.

Going back to the Layers of Glass, there are conceptually 3 layers of isolation.  Here's an abbreviated version.

At runtime, the applications in the isolation sandbox see a multi-layer merge of the true machine at the bottom, masked by the installation image and at the top, a per-user layer.  The per-user layer is seen "first", followed by the lower layers of isolation and finally the true disk or true registry of the machine.

The normal action is that the machine starts out pretty much clean, the streaming profiler captures the installation activity of an "installer" that writes stuff to the file system and registry.  These are packaged up to become the "blue" layer above, the installation image.  

At end user execution, the installation image is laid down on top of the execution machine and as far as the isolated applications are concerned, they are installed.  It's all a lie - they aren't really installed.

The top layer is initially "clear" or "blank".  As the programs run, they may store documents and similar, but these would generally not be in isolated space, so they don't really show up in this picture.  The application though may WRITE things to "off-limits" locations which would be caught by the isolation system and end up with storage of stuff to the per-user layer of isolation.  These land in the top layer of the isolation stack which is set up as one per-user.  This is what allows ill-behaved application to run happily under isolation on a multi-user machine when they won't happily run without isolation.  As an example, consider an application that stores settings to the program installation directory in a .INI file.  Under isolation, this will be captured and land in per user space and the application becomes runnable in a XenApp Terminal Services world where otherwise it would not work successfully.

Back to this post

If the application updates itself at runtime, the update will land in the per-user layer of isolation and this is bad.  Standard procedure when profiling application installations is to TURN OFF all automatic updates.  The application should not update itself - this should only be done in the profiling scenario where the administrator commands the update.  Recall that the isolation space is ONE and the per-user space are MANY, so we only want application content to be updated in a single place.

What does "Enable User Updates" do?

If the user downloads application updates such as .DLL updates or .EXE updates, should this be permitted?

The general answer is "NO!".  Some administrators may have a scenario where this is desired.  The common ones are users wishing to install their own plugins for isolated web browsers or install their own addons for things like Microsoft Office.

How does it work?

Put your file system filter driver writer hat on.  For isolated applications, EVERY TIME the application opens a file or tries to open a file, you get first look.  If the file open is for executable content, should this be permitted?  If "enable user updates" is "off", then file opens for RUNNING executable content from the user layer will be denied.  

The neat part here is that the isolation system distinguishes this behavior based on WHO the caller is.

If the caller is vanilla application wanting to read or write content, no problem - do what you want.  If the caller is the Windows LOADER, then this setting comes into play.  If the LOADER is trying to load executable content from the per-user layer of isolation, then the isolation system can be told to FAIL that operation, and this is what this setting controls.  Pretty neato.

One headache

The setting while stored as a profile level single property (a boolean) is implemented in the isolation system as an attribute of EACH of the isolation rules for EACH execution target of the profile.  If you set the profile level property, the streaming profiler must modify the isolation rules (many) for each Target of the profile.  This means that if you have a profile with 4 execution targets and you're editing one of them - and you set the profile level property, behind the scenes, the profiler brings the other 3 execution targets into "edit state" to make the change and will eventually write all 4 targets back to the application hub.  Going to edit state to change the rules requires unzip of the can file from the network server onto the profiler machine.  If the profile/targets are large, this can be a very painful operation to accomplish a single boolean set, but this is how it is.  If you make this change, be aware of the large behind the scenes work that the profiler is doing.  Grummble yell a bit and then it will be done.

Fun with streaming - Great entertainment in isolation circles

Turn on the -x RadeRunSwitch so you can an isolated command prompt when you launch your next favorite streamed application.  This assumes you have user updates disabled, which is the default.

cd c:\windows\system32
c:\Windows\System32>notepad.exe
< it runs >

c:\Windows\System32>type notepad.exe
< see textual giberish - the file open succeeded for read access from CMD.exe >

c:\Windows\System32>copy notepad.exe n.exe
        1 file(s) copied.
< file copy was successful - n.exe is at the per-user layer of isolation >

c:\Windows\System32>type n.exe
< see textual giberish - the file open succeeded for read access from CMD.exe >

c:\Windows\System32>n.exe
The system cannot find the file c:\Windows\System32\n.exe.

FIREWORKS HERE!

The isolation system LIED to the Windows Loader - returning ERROR_FILE_NOT_FOUND (2) rather than completing the loaders request to run this file from user layer of isolation.  This is what this setting does!

But wait, there's more!

c:\Windows\System32>copy n.exe notepad.exe
        1 file(s) copied.

c:\Windows\System32>notepad.exe
< it runs!! >

Why does notepad.exe succeed in the final case?  Easy, there are two notepad.exes.  At the per-user layer, there's a notepad.exe which was written on the file copy from n.exe.  We don't care what this file is, but it is executable content and it exists at the per-user layer of isolation and therefore it doesn't exist for purposes of running programs.

Since the "Enable user updates" setting is set to disable user updates, executable content at the per-user layer of isolation does not exist from the perspective of the Windows loader.  BUT - at the physical layer, there does exist a file with that name and this can satisfy the file open, without violating the isolation rules.  There could also be a file with that name at the application installation image layer.  In this example there wasn't, but there could be.  The isolation system starts at the top and goes down until it finds a hit.  If "Enhanced security" is enabled, then the per-user layer is "off-limits" for execution of executable content.

The grand result

The application "update" applied by the user may have been applied as far as the user or application is concerned, but in reality, it was not applied.  The version of the application that is running is the version that the administrator profiled.  Pretty cool stuff.

Why did we rename the setting?

Putting "security" in the title implies that this will somehow prevent users from doing things to run content that they download and this is not what it does.  If the program updates itself, then this setting will block that content from being executed.  The setting can also block user installed additions to the program (plugins), depending on the location to which they were installed - was it included as an isolation rule during profiling?

Take a web browser for example, if the user downloads executable updates to the browser, this will be captured and the user installed stuff won't run, but if the user downloads evil.exe and places it on their desktop, and then double clicks it - this will be outside of isolation so the layers here do not apply.   This is also true if the user downloads evil stuff to locations outside of isolation and launches it from the isolated application.  It will still run isolated, but it will run!  Describing this activity as "disable user updates" is more accurate than the previous words, so we've made the change.  I also hope that it removes confusion in the streaming profiler wizard.  "Enable user updates" is pretty easy to understand.

How should you create your profiles

1) Enable user updates should generally be "off".  Plugins are a rare need and where there is a real need for users to add plugins, start asking yourself if you can add those plugins at profiling to the common layer.  OR, if the use of user installed executable content is large, should this application be locally installed rather than isolated?

2) Always tell the application to NEVER update itself at runtime.

 A look to the future

Streaming dev team are discussing removing this option from a future release.  That is, "Enable user updates" will always be OFF.  I'm not sure of all the ramifications of this yet.  The question really is "how many admins are profiling their applications with user installed updates permitted"?  I hope the number is "few".

Joe Nord

Product Architect - Application Streaming

Citrix Systems

When was the last time that a representative from your company's IT department spent an hour sitting down next to you and observed you while you were doing your work... for no other purpose than to learn about your needs and work habits so that IT can  provide you with better service, a better environment, and better application support?

Before you answer, I'd like to point you to a discussion on these pages that triggered me to think about this question: 

Daniel Feller authored a piece  which talked about the desire of users to install and manage their own applications in a virtual desktop environment. Dan gives several reasons that detail why letting users install their own apps in a virtual desktop is a bad idea in his opinion.

Brian Madden responded to some of Dan's points and stated that the flexibility and feel of control associated with user installed apps is critical to user adaptation of virtualized desktop environments. Therefore, Brian suggests providing each user with two desktops - one tightly managed by IT with approved applications; the other one more free-reeling to allow for any tool, utility, or app installed by a user. There are arguments for both sides and the common trade-off between user flexibility, IT's management capabilities, and cost must be considered during virtual desktop implementation projects.

So far, the virtual desktop discussion focused on increasing security through centralization and reducing desktop support and operating costs. Those are benefits primarily to IT. What about the users though? What's in it for them?

I spent several years in healthcare information systems, where the most valuable users (doctors and nurses, but especially doctors) are often the most reluctant to change their workflows towards the use of a computer and away from the voice recorder and paper notes that someone else has to decipher. How do you get these users to accept and embrace an electronic medical record (EMR) system? You have to state the benefit to them and let them experience them first hand! In this example  it means fewer patient deaths and complications due to missing or incorrect patient data and overall better patient outcomes. This appeals directly to some of the main reasons why these users are in their chosen field in the first place. Post implementation surveys among doctors and clinicians was overwhelmingly positive  once a doctor realized that she had the patients medical history at her fingertips and was more efficient in documenting her care.

Successful EMR implementation were all characterized by a fundamental shift in thinking in IT. Away with the old "this is not supported" argument of IT and away with the strict segregation of IT responsibilities between network, OS, servers, virtualized servers, databases, applications,  cross-system interfaces, storage, and "Citrix".  Our customer IT teams and we (the EMR software vendor) spent countless hours on the hospital floors, in emergency admission departments and in the operating room - simply to observe our users and provide the best possible products and the highest quality implementations to them. Our customer IT teams almost became experts in clinical documentation. On a side note, I am glad I wasn't on the OR team - I might have tossed my cookies...

Just like EMR implementations, virtual desktops have the potential of being disruptive and enabling at the same time. There is a fine line between providing a desktop from anywhere and excessively restricting capabilities. Successful implementations rely on strong leadership from the CIO down. Many EMR implementations include the Chief Medical Officer, CIO, Nursing representatives and traditional IT roles. By the same token, the virtual desktop initiatives must be guided by principles of including key user representatives and an IT organization that truly understands user needs. This should be understood at this point among many readers of industry commentary on desktop virtualization. However,  I still see many large organizations who make implementation decisions driven by their own organizational structure and  technical drivers (sometimes even politics). Of course, IT must enforce license compliance and protect environments from the hazards of poorly written software, but that imperative doesn't have to make it more complicated for users.

Back to the discussion between Dan and Brian:  I tend to agree with Dan - one virtual desktop image - centrally managed by a capable, agile, and results driven IT organization.  I simply don't want to switch between desktops for different tasks and I don't think I should have to. Instead, users who want their own apps demonstrate the business case (a personal preference of one browser over the other probably won't cut it) and an IT organization who understands their users' core requirements verifies the business need and provides the required app. Done. Simple.  

Going back to the opening question: When was the last time IT came to you? If you're in IT management or if you're a CIO - when was the last time you spent some proactive time with your users and learned about their work?

Background
First of all, This is relatively older article, however, it was really interesting for me so I posted today. The problem is that user failed path thru logon from Linux ICA client v10.x to Citrix Presentation server. It is no matter the server is Citrix Presentation server 4.0 and 4.5.The most important thing is whether ICA connection is thru WI4.0 or not.Secondary, we had somewhat change in the specification for ICA file encoding between WI4.0 and WI4.5. In a case of using WI4.0, it is based on S-JIS in JA Platform, WI4.5 is based on UTF-8.Firnally, we supposed that Linux Clinet a.k.a Unicode Client will send UTF-16 data to the server.

By default in a case of ICA connection thru WI, we are using ICA Ticket like magic number rather than actual Domain / User infomation. then it will be conveted to actual Domain / User information properly within the server later. ICA ticket has '\'as prefix byte in itself.

Debug Log
Here is an example in a case I met and investigated this.

'\' is 0x005C in S-JIS encoding, it is 0x00A5 in UTF-16 encoding. ccticket!RequestCredentialsFromTicker2() has ICA Ticket in UTF-16 encoding in Cliet - Host data structure in the case user fails to logon through WI4.0 to CPS40 HRP03 from Linux10.26 JA client. That measn Linux Client 10.26 JA sends UTF-16 data to CPS40 HRP03. On the other hand, ccticket!RequestCredentialsFromTicker2() will check UTF-16 data comparison to '\', which means, 0x005C(S-JIS) data. therefore, ccticket!RequestCredentialsFromTicker2() never try to convert ICATicket to NTLM authetication data the directly pass them to Gina. so user failed to logon in this scenario.

• Normal Case
  kd> p
  eax=001134b0 ebx=77b78dba ecx=0011350c edx=00000000 esi=001134b0 edi=0000008e
  eip=67ef323f esp=0285ef00 ebp=0285ef84 iopl=0 nv up ei pl nz na pe nc
  cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
  ccticket!RequestCredentialsFromTicket2+0x59:
  001b:67ef323f 6683395c cmp word ptr [ecx],5Ch ds:0023:0011350c=005c
  kd> dw ecx
  0011350c 005c 0035 0034 0033 0046 0042 0046 0034
  0011351c 0036 0032 0032 0036 0045 0043 0046 0041
  0011352c 0035 0000 0075 0073 0065 0072 0030 0030
  0011353c 0000 0033 0046 0031 0030 0030 0041 0032
  0011354c 0042 0031 0030 0046 0033 0034 0042 0000
  0011355c 0000 0000 0000 0000 0000 0000 0000 0000
  0011356c 0000 0000 0000 0000 0000 0000 0000 0000
  0011357c 0000 0000 0000 0000 0000 0000 0000 0000

• Problem Case
  kd> p
  eax=0011b1e8 ebx=77b78dba ecx=0011b244 edx=00000000 esi=0011b1e8 edi=0000008e
  eip=67ef323f esp=028cef00 ebp=028cef84 iopl=0 nv up ei pl nz ac pe nc
  cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
  ccticket!RequestCredentialsFromTicket2+0x59:
  001b:67ef323f 6683395c cmp word ptr [ecx],5Ch ds:0023:0011b244=00a5
  kd> dw ecx
  0011b244 00a5 0030 0041 0033 0037 0038 0032 0034
  0011b254 0033 0044 0032 0042 0035 0038 0038 0043
  0011b264 0045 0000 0075 0073 0065 0072 0030 0030
  0011b274 0000 0031 0030 0042 0032 0031 0036 0036
  0011b284 0035 0033 0034 0041 0042 0030 0038 0000
  0011b294 0000 0000 0000 0000 0000 0000 0000 0000
  0011b2a4 0000 0000 0000 0000 0000 0000 0000 0000
  0011b2b4 0000 0000 0000 0000 0000 0000 0000 0000

• Patching Data and Stack
  As following, I configured conditional break point so that debugger patch the binary stored 0x00a5 to 0x005c when WDICA.sys initialize winstation driver credential member　in WDICA data structure with the second parameter ICAWdCredentials(), as a result of that, I could become to logon to the CPS4.0 from Linux Clinet v10.x.

3 e f56aa5f6 0001 (0001) WDICA!ICAWdCredentials "kv; dw poi(esp+8)+d;ew poi(esp+8)+d 5c00;dw poi(esp+8)+d;gc"
kd> g
ChildEBP RetAddr Args to Child
f5afe1f0 f569eb44 8183c000 81883000 0000005e WDICA!ICAWdCredentials (FPO: [Non-Fpo]) (CONV: stdcall)
f5afe244 f569f62a e103bfb1 00000000 01000061 WDICA!ProcessIcaPacket+0x436 (FPO: [Non-Fpo]) (CONV: stdcall)
f5afe260 f56b371a 00597f41 818b5def 00000040 WDICA!ICAPacket+0x166 (FPO: [Non-Fpo]) (CONV: stdcall)
f5afe49c f76ad194 8183c000 00000000 818b5def WDICA!WdRawInput+0x2e0 (FPO: [Non-Fpo]) (CONV: stdcall)
f5afe4c0 f51ea2bd 8189619c 00000000 818b5def termdd!IcaRawInput+0x58 (FPO: [Non-Fpo])
f5afe4e4 f76ad194 81e51b68 00000000 818b5def pdcrypt1!PdRawInput+0x279 (FPO: [Non-Fpo]) (CONV: stdcall)
f5afe508 f56cb723 81fb1eac 00000000 818b5dee termdd!IcaRawInput+0x58 (FPO: [Non-Fpo])
f5afe52c f76ad194 81a13008 00000000 818b5dee pdrframe!PdRawInput+0x63 (FPO: [Non-Fpo]) (CONV: stdcall)
f5afe550 f5a2dfcb 81f8f2bc 00000000 818b5dec termdd!IcaRawInput+0x58 (FPO: [Non-Fpo])
f5afed90 f76ac265 818b5ca0 00000000 818d8660 TDTCP!TdInputThread+0x371 (FPO: [Non-Fpo])
f5afedac 809418f4 81986008 00000000 00000000 termdd!_IcaDriverThread+0x4d (FPO: [Non-Fpo])
f5afeddc 80887f4a f76ac218 81dce200 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo])
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

8188300d a500 4600 3900 4500 4300 3000 3900 3900
8188301d 4400 3000 3800 3500 4600 4200 3000 3200
8188302d 4300 0000 7500 7300 6500 7200 3000 3000
8188303d 0000 4300 4200 4300 3000 3100 4600 3700
8188304d 4400 3900 4100 3200 3500 3500 3400 0000
8188305d 0000 0000 0000 0000 0000 0000 0000 0000
8188306d 0000 0000 0000 0000 0000 0000 0000 0000
8188307d 0000 0000 0000 0000 0000 5400 0002 0000

8188300d 5c00 4600 3900 4500 4300 3000 3900 3900
8188301d 4400 3000 3800 3500 4600 4200 3000 3200
8188302d 4300 0000 7500 7300 6500 7200 3000 3000
8188303d 0000 4300 4200 4300 3000 3100 4600 3700
8188304d 4400 3900 4100 3200 3500 3500 3400 0000
8188305d 0000 0000 0000 0000 0000 0000 0000 0000
8188306d 0000 0000 0000 0000 0000 0000 0000 0000
8188307d 0000 0000 0000 0000 0000 5400 0002 0000

Global Escalation Manager Tokyo
-fb

Take a look at this screenshot of Windows 7 running on my Touch Pro 2.

This isn't Windows Mobile 7 and I must confess that Windows 7 is not running natively on the phone.  I'm connecting via the new Citrix Receiver Client for Windows Mobile directly to a Windows 7 virtual desktop.  Installation was pretty easy as I just downloaded the Citrix Receiver for the ARM processor to my laptop.  I copied the cab file onto my MicroSD card, put the card in my phone and then installed it.

Configuration was straightforward as I selected full screen mode then entered the URL into my Opera web browser.  Here is screenshot of my login page.  Note that I am connecting securely through Citrix Access Gateway.

With the stylus the virtual desktop connection was usable and pretty responsive.  I did have issues with characters not being recognized, but my arrow keys were working.  I'm not sure if this is an issue with my phone or with the Citrix Receiver.  This next screenshot shows that this full screen connection is indeed running Windows 7 at 800 X 480. 
Finally, here is screenshot of me at the old Texas Stadium at a CSC conference. 
This is my way saying I work for CSC and I'm guest blogger on the Citrix community blog.  My primary role is architecting and implementing several thousand seat desktop virtualization environments as part of CSC Dynamic Desktop of which Citrix XenDesktop is a core component.   Stay tuned as I will be writing blogs on this topic in the near future.

As the desktop virtualization space matures and as customers become increasingly more sophisticated, the consideration and use of thin clients in desktop virtualization initiatives grows in importance. 

This shifting wind has really become evident for me in the last few months.  There is a marked contrast between the customer conversations happening now relative to those of a year ago.  In mid 2008, thin clients weren't really coming up in discussions and they certainly weren't top of mind for customers interested in desktop virtualization.  Over the last few months, thin clients have been part of nearly every customer conversation that I've had. 

To further substantiate this point, Citrix ran a survey earlier this year asking customers and partners about their intent regarding the use of thin clients in their desktop virtualization initiatives.  Fifty-five percent of respondents replied that they intended to use thin clients (existing or new) as part of those initiatives.  Recent analyst reports cite similar figures and predict that the thin client market is poised to grow at a brisk pace.  One of the prime reasons for this growth is the desktop virtualization tailwind.  So, it seems there will be a strong attach rate between desktop virtualization and thin clients.

So, that begs the question: 'What caused the winds to change direction over the last year?'

As customers consider their desktop virtualization initiatives, they are moving beyond their initial evaluations and proofs of concept.  Many are now sold on the idea of desktop virtualization.  It's now less a question of if they should do desktop virtualization, but of when.  The conversations turn to discussion of broader enterprise-wide deployments. 

There is a clear recognition that going thin on the endpoint is a must in order to realize the promises of desktop virtualization.  Thin clients offer a number of endpoint benefits, among others: Dramatic reduction in management, better security, reduced power consumption footprint and better total cost of ownership.  These benefits are magnified as desktop virtualization deployments expand through the organization.

Given the increasing importance of thin clients with desktop virtualization, I'll explore the topic of selecting and using thin clients with XenDesktop over the coming weeks and months with the goal of helping you optimize thin clients in your desktop virtualization initiatives.  Here are some specific initial discussion areas: 

• Choosing a thin client for your desktop virtualization initiative
• Describing the ideal end user experience when accessing a virtual desktop from a thin client
• Thin clients from an administrators point of view
• The role of repurposed PC's

Please let me know other areas of discussion related to thin clients you'd like to see covered.

Windows 7 looks great

Like it or not, Windows 7 will be here soon. I am a new user of Windows 7 and it looks great! Definitely faster! I think that the adoption rate will far outpace not just Vista (of course) but also Windows XP. So chances are pretty good that there will be a rollout in your organization in the next 12 months.

But,...

Unfortunately, a migration could be disruptive, time consuming and can bust your budget.

Windows 7 represents a significant change as compared to XP. Apps that ran on XP may not run natively on Win7 without upgrading. The XP emulation feature on Win7 - the jury's still out on that. So, no matter what, you are likely going to have to spend a lot of time to test all of your applications in XP emulation or go buy upgrades to some of the apps and then do compatibility testing to ensure everything interacts the way it did in XP. In addition to spending 100's or even 1000's of dollars per user on these license upgrades, even a medium sized organization could spend millions on testing/integration/project management/installation.

Then, of course, there may be the cost of buying new PCs for the upgrade. If you have the luxury of time, you can just wait until the next refresh and ensure you get Win7 for some of your users. With this approach, you will have spent a chunk of money on planning Win7 app upgrades to just the first 20-25% of your user base and you will still be stuck with supporting PC desktops along with two OS platforms for years to come.

Finally, you need to manage somehow getting Windows 7 physically rolled out on all the end points that you manage. If you are lucky, they are all sitting in a single room - but for most of you this means end points everywhere. Also, since you did your last migration to Windows XP, you now have users that you didn't have in your previous migration - contractors, offshore, partners, you name it - you likely have it.

Time to think of the right plan

Can desktop virtualization help you with Win7 migration? Yes! In a big way: make it non-disruptive and will help you lower your costs.

1. You can migrate to Windows 7 by installing it once in the datacenter without touching every end point.
2. You don't need to refresh the hardware. Repurposing old PCs into thin clients can get you started quickly.
3. Any application conflicts can be managed via app virtualization technology, which should be a key component of any virtual desktop project. App virtualization makes desktops so much easier to manage than dealing with multiple desktop images spread on multiple end points.

Once you have established a golden OS image with Win7, desktop virtualization will deliver Win7 to your old PCs essentially overnight.

The key is to leverage the right delivery technology for different end point devices. By judiciously applying OS streaming technology, you can leverage the local processing power in newer PCs and reduce the investment in data center infrastructure. This has a significant impact on the overall per user cost of the solution. Now, you will be able to get started with desktop virtualization by using the budget you have allocated for PC replacement and start reducing desktop management costs from that point on.

7 STEPS TO WIN 7

1. KICK-OFF A PILOT FOR HOSTED VIRTUAL DESKTOPS TODAY - Kick off a pilot for virtual desktops today in order to experience the different in management and user experience. This gets you started.
2. SEGMENT YOUR USERS & EXPAND VIRTUAL DESKTOPS - Pick the right kind of virtual desktop for all your enterprise users. Expand your pilot to other office workers, remote workers and guest workers.
3. INVENTORY & VIRTUALIZE YOUR APPS - Inventory all the apps that you have and identify the ones that get updated the most or will have compatibility problems with Windows 7. Virtualize these apps within your virtual desktop pilot. Ether host the apps on dedicated servers if they are big, chunky LOB apps or stream them into the image (isolated) if they are productivity apps.
4. PREPARE CLEAN & PRISTINE WINDOWS 7 IMAGE - Prepare the OS image that you plan to roll-out with Windows 7. Ensure that you only have one clean & pristine image for all your users - virtualize all other applications and separate them from your OS. Centrally update your virtual desktops to Windows 7 for instant experience for all.
5. ROLL OUT WINDOWS 7 WITH VIRTUAL DESKTOPS FOR ALL ONLINE USERS - use a combination of delivery technoloies for getting the best ROI and levreage of your existing PC refresh budgets and cycles.
6. ADOPT OFFLINE VIRTUAL DESKTOPS - Once you are done with your online users, it will be time to expand llocal virtual desktops for your offline users. This is where you are using a technology such as XenClient to implement offline virtual desktops.
7. GET OUT OF MANAGEMENT OF END POINTS - This is where you transfer the responsibility of managing the end points entirely out of IT; and give it to other groups. It could be facilities. Or, it could be the employees themselves - helping you implement a BYOC program.

Follow this process and be a hero - lead the migration without disruptions for a change! And, you will never need to worry about the disruption and costs of another OS upgrade!

It will be hard to argue that there will be a migration process that is simpler and less disruptive. So, our conversation should shift to evaluating the technology landscape - which technology can help you with this migration best. Of course - my advice would be - XenDesktop

We will be talking more about this and more in our big desktop virtualization show - there will be thousands attending the online event - Secrets, Lies and VDI

Finally, join others who are going through Windows 7 migration with desktop virtualization

The release of Windows Server 2008 R2 brings many new features to Hyper-V.

A new release of Hyper-V for Windows Server 2008 also means that a new of release of Citrix Essentials for Hyper-V is coming.

Citrix just made the beta version of Citrix Essentials 5.5 for Microsoft Hyper-V available for download.

Citrix Essentials 5.5 for Hyper-V, otherwise known as the 'R2' release of Citrix Essentials, supports the latest Hyper-V and System Center enhancements now available in Windows Server 2008 R2 (http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx ). In addition to supporting R2, Citrix Essentials adds new disaster recovery capabilities to Hyper-V with StorageLink Site Recovery.

Here's a glimpse of some of the new goodies available in Citrix Essentials 5.5 for Microsoft Hyper-V:

Site Recovery
Why put a bunch of idle physical hardware at remote recovery sites when you can accomplish your DR objectives with virtualized servers using Hyper-V? Server virtualization with Hyper-V gives your IT organization an extremely cost-effective approach to disaster recovery, while the new Site Recovery capabilities included with Citrix Essentials gives you the control you need to implement, manage, and test your DR solution.

Site Recovery uses StorageLink technology (http://community.citrix.com/display/ocb/2009/07/20/Essentials+for+HyperV+-+StorageLink+Step+by+Step+Part+1 ) to unlock underlying storage array replication services, giving you the toolset you need to enable remote fail-over strategies for their Hyper-V environments. You can use StorageLink Site Recovery to set up native storage remote mirroring services, then test the recoverability of virtual infrastructure at remote sites through the staging capabilities included with Site Recovery. Instant clones of recovery VMs can be created and placed in isolated networks where you can test recovery without impacting ongoing data replication or access to critical Hyper-V infrastructure.

Additionally, you can use workflow orchestration tools in Citrix Essentials and Windows Server 2008 Clustering to build out a completely automated DR solution for your Hyper-V infrastructure.


R2 Integration
This release of Citrix Essentials coincides with the R2 release of Windows Server 2008 to ensure you can take full advantage of advanced management and automation included with Citrix Essentials for Hyper-V. It supports the latest Windows Server® technologies, including the R2 releases of Hyper-V and System Center Virtual Machine Manager. Citrix Essentials integration with the R2 release of Hyper-V and System Center includes the simplified setup and administration of shared storage assets required for Microsoft Failover Clustering and Live Migration.


Windows 7 Support
Most IT organizations will spend the coming months testing Windows 7 in their labs as they prepare to roll it out to their users. Citrix Essentials 5.5 for Hyper-V includes updates to its lab management capabilities, including support for Windows 7. Automated lab management in Citrix Essentials automates the setup and tear-down of unique workload configurations, including builds of Windows 7, using self-service template libraries for rapid provisioning and enables cross-team collaboration on common virtual environments. With automated lab management, organizations can accelerate the process of moving workloads through development and testing, and into the live production environment, while reducing virtual machine sprawl and minimizing setup or configuration errors and delays.

Grab the beta and go for a test drive.

Follow me on Twitter.

Power and Capacity Manager (PCM) is a feature of XenApp 5.0 Feature Pack 2. In this multi-part post, I will deep-dive on PCM configuration and trade-offs. I will assume you have basic understanding of the feature, please look here for an introduction.

To use Power and Capacity effectively, you will have to define the power management and load characteristics of your workloads. You have to strike a balance: if you are too aggressive, you may overload servers or cause connection failures. If you are too conservative, you will limit the manageability gain and power cost savings.

All PCM policies are defined per "workload". A workload is a group of computers that publish the same set of applications. You configure the PCM workload name during the agent installation, and you can modify it editing HKLM:\SOFTWARE\Policies\Citrix\XenAppPCM\WorkloadName

There are two important set of configurations in PCM: the Session Capacity estimation and the Weekly power management schedule. I will describe Capacity Estimation in this post, and the Weekly Power Management schedule in Part 2.

PCM policies are based on "Session Capacity" of each server and workload - i.e., how many sessions each server in a workload can host. The most basic concept in PCM is "Load Consolidation": instead of spreading sessions to all servers in the workload we load a few servers up to an "optimal load". Optimal load is defined as a percentage of the server session capacity, so we must estimate the later accurately. Also, most PCM policies reference "session buffers" and "available sessions", both require server capacity estimation.

Our first attempt was to use the server Load Evaluators to estimate capacity. XenApp uses load evaluators to determine which server will process a connection request. The Load Index varies from 0 (no load) to 10,000 (maximum), so couldn't we use the load index (divided by 100) as load percentage? Not really. A server with 50 sessions and a load index of 5,000 won't necessarily behave well with 100 sessions. The key problem is that load index is only used to find the least loaded server, and the session capacity is irrelevant most of the time. Therefore most XA environments stick to the Default Load evaluator (cap at 100 sessions), even though the servers never host more than 30-40 sessions.

We felt that overloading the load evaluator to estimate capacity was dangerous. We wanted a "soft" estimation, that wouldn't cause problems if it was underestimated. Therefore PCM defines a new configuration called "Typical Session Capacity", which tells PCM how many sessions to expect for a particular hardware specification.

In the PCM console, select a workload, then the "Capacities" tab. Over there you will see one row per hardware specification - for example, in my XenServer setup I see "VM: Intel Xeon E5345 @ 2.33 GHz, 1 core, 512 MB". Select the hardware spec, then "Server Profile Properties..." in the actions pane.

You should configure the typical load as the number of sessions you know a server can host without impacting user performance. PCM will force IMA to load a few servers up to an optimal load, so this number has direct impact on how much sessions will consolidate. The safest way to estimate this value is to start with the session high-water mark on your existing servers, and work your way up if you believe the server can handle more.

As an example, let's say you define typical load at 50 sessions. If you left the default optimal load configuration (70%), PCM will load servers up to 35 sessions before enabling other servers. Once all servers reach the optimal load, the load balance will behave as before - finding the least loaded server. Therefore, there's little risk in underestimating the typical load - at worst you will be back to pre-PCM load balancing!

OK, but what happens if the IMA load index gets to 10,000 before the server hit the optimal load? Good question! PCM constantly adjust the server capacity based on the IMA load index. For this dynamic estimation, we assume the load index is linear: each session contribute the same way to the index, and that new sessions will continue to do so - i.e, capacity = 10,000 * Current Sessions / IMA Load Index . PCM then use the smallest of the static and dynamic estimations. In the example above, if IMA load index was 5,000 with 10 sessions, PCM would reduce the capacity estimation to 20.

We have also exposed an advanced configuration if you want to use the IMA load index as the primary method to determine server load. This requires a more careful construction of the load evaluator - you have to adjust it so that the load index grows smoothly from 0 to 10,000. You would use this method if the session capacity varies too much - say, it's usually 100, but sometimes it can go up to 150. You would be wasting the last 50 sessions using the previous approach.

To model such load pattern, go to the "Server Profile Properties" and select the "Advanced" checkbox. Enter the "Estimated Session capacity limit" - it would be 150 in this example. Now PCM will use the Typical session capacity only when the server is off-line or with zero sessions. Otherwise, it will use the IMA load index and the "estimated session capacity limit".

Why not set the typical session capacity to 150 in the example above? Well, if most of the time servers get loaded at 100, then PCM will over-estimate the server capacity when servers are offline. This will cause some grief during unexpected load events, when servers must be powered on to cover unexpected incoming sessions. So keep the "typical" value to what is the norm, and use the "estimated limit" to get an extra mile adjusting load evaluators.

Stay tuned for Part 2, with a deep-dive on the PCM power management schedule!

 Update: Part 2 (Policies) posted here.

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

Sometimes I wonder if people really connect the fact that Citrix Systems and Citrix Online are the same company.  I also wonder if people understand that the same company that completely dominates the hosted application and desktop market also is the dominant player in online collaborative services.  In fact Citrix Online products rank top 4 in the world among Software as a Service (SaaS) vendors.  Next time you see a GoToMeeting advertisement on Fox News, Discovery or whatever your favorite TV channel is... take a good look.  You'll notice at the end of each commercial a tie-in to Citrix.

Maybe one of the reasons that this connection is not readily understood is the market dynamic.  Could it be organizations using GoToMeeting or GoToMyPC may not be using XenApp or XenDesktop?  In fact the Online products are so easy to use, IT is rarely involved.  You merely sign up for the service and start to use the meetings, webinars, and other collaborative tools. 

So while I'm musing I also wondered how many service providers (or hosting companies) out there understand the value they would bring to one of their customers if they could bundle a collaboration service with other application/desktop hosting solutions.  Did you know that according to many analysts collaboration is the #2 revenue generator in an $8+ Billion Market?  It's just behind business grade email in terms of demand. 

The service from Citrix Online is so easy that I used it the other day to give a presentation to a customer in China.  That's right... I used my Internet connection from home (East Coast time was 10:00 P.M. - too late to be in the office) to do the presentation.  But what was really cool was pulling my PowerPoint up using XenApp, making changes securely over the Internet 5 minutes before the meeting and then firing up GoToMeeting in four different locations on three different continents.  What a business case in this new economy...Just think of all the applications your customers (SMB) have while they continue to grapple with shrinking travel budgets.

If you're in the hosting business and want to enhance your ability to service your customer, why aren't you in the Citrix Online Affiliate Program?  All you have to do is sign up, plaster one of the best brands in the world on your web site and begin to collect revenues for it.  Not quite ready to take the full steps to being an Affiliate but still want to make some cash?  Citrix Online also pays for referrals.  Sounds easy enough, doesn't it?  Now you can take your million dollar business and add another couple of hundred thousand to it.  Why would you not do this?  I dunno?

Seems like a pretty good idea to me.

With the release of Feature Pack 2, the EdgeSight team has made some updates to both EdgeSight and EdgeSight for Load Testing. The key updates include;

EdgeSight 5.2 (for XenApp, Endpoints, and Virtual Desktops):

• Additional support for XenDesktop - Farm-wide monitoring and troubleshooting of virtual and physical desktops
• Support for the latest Citrix Receiver - Service Monitoring plug-in
• Microsoft Systems Center Operation Manager (MS SCOM) Support - Management pack connector
• Additional Operating System support - Windows 7
• New summary reports - XenApp, XenDesktop

EdgeSight for Load Testing 3.6:

• Service-based architecture - Easier to manage and does not require logged-in users for running the launchers
• Enhanced application security - When replaying scripts, allows for a basic level of authentication
• Intelligent Load Control - Ability to sense script execution & delays, and adjust accordingly (Introduced in 3.5)
• Xen Counters - Exposure of performance issues when XenApp is running on XenServer (Introduced in 3.5)

I've recorded a short video which gives a little more detail and a few screenshots in regards to the new EdgeSight functionality which you can find at http://www.citrix.com/tv/#videos/1164. In addition, there is a short ESLT 3.5 video from a month or so ago detailing those new features which is available at http://www.citrix.com/tv/#videos/666

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

Network World created quite a buzz last week with an article about a "major desktop virtualization push" being rolled out by Citrix. The story, which was picked up by sister publications like Computerworld and CIO Magazine, talked about the growing momentum behind our Citrix XenDesktop™ product line and its HDX™ technology, which promises an unparalleled high-definition experience for users while dramatically simplifying life for IT pros.

In reality, Citrix has been telling the world for quite a while now that we are playing to win in the desktop space, so I'm not sure how new this "major push" really is.  It's been mentioned on our earnings calls and has been a significant theme in multiple press releases.  There's also been growing chatter on blogs and on trade show floors across the industry for weeks.

At the same time, Network World is right about Citrix turning up the volume on our desktop virtualization business. We've recently rolled out a major advertising focus on desktop virtualization as part of our new "Simplicity is Power" brand awareness campaign. Our desktop virtualization ads have been in market for about six weeks now, running in publications like BusinessWeek and Harvard Business Review, as well as all the popular IT trade magazines and websites. And if you've been to any of the major virtualization sites lately, you've probably seen a flurry of Citrix banner ads sharing the results of numerous independent head-to-head comparisons between XenDestop and its VDI competitors. We believe we have a winner on our hands, and we're excited to tell the world about it.

Want to find out what all the buzz is about yourself?  If so, please plan to join Citrix - along with key partners like Microsoft, IBM, Dell, HP, Wyse, Intel and Fujitsu - for the "can't miss" virtual event of the year.  On October 20^th, our new "Secrets, Lies and VDI" event will uncover the truths and debunk the myths about desktop virtualization.  If you're intrigued by the possibilities of virtual desktops, but haven't yet sorted through all the facts, this is the one event you can't miss. So block off a few hours on your calendar and register today. We'll make it worth your time... you have my word.

 Kim

It seems everyone understands the "true picture" of the enterprise virtualization landscape. Everyone too, appears to be in a unique position to report on it. In the latest salvo, Alex Barrett, whom I admire as one of the savviest reporters on the virtualization beat, reports on findings from the TechTarget Virtualization Decisions 2009 Purchasing Intentions Survey of 666 IT professionals that have deployed or are evaluating virtualization. Data was collected between June and September 2009.

The article states: "To no one's surprise, survey respondents reported using VMware Inc. over other virtualization software by a wide margin...But despite a fair amount of buzz, Citrix XenServer... and open source Xen variants barely registered."

Am I surprised? Yes and no. On the one hand, this data seems to fly in the face of a flurry of new surveys from respected third party analysts, including the latest CIO Spending Survey from Goldman Sachs and data presented at VMworld from a Centrify survey. All of these show significant gains in XenServer market share this year. More importantly, they show enterprise customers expect their deployments of XenServer to increase next year. So why the huge dichotomy between the TechTarget results and every other recent customer survey?

Ignoring the temptation to deliver an easy punch line about the "666" IT admins surveyed, I think it is fair to say that the sampling methodology may have something to do with the result:

• Who do you ask?: Sampling admins that have already deployed virtualization would inevitably bias results in favour of VMware, since they certainly have racked up the largest share of the market until now.
• What do you ask?: XenServer is merely a feature of XenApp & XenDesktop. Every Citrix customer is entitled to full support for XenServer for these workloads. Many prefer XenServer for XenApp because we beat the pants off VMware for that workload. But their VMware virtualization administrators might not even be aware of it. My guess is that Hyper-V will similarly emerge from nowhere because it is just a role in Windows, and will grow by virtue of IT Pro adoption. Suddenly there will be lots of it, there will probably be no formal evaluation, and the VMware admin will be unaware...
• When do you ask?: In the last couple of years VMware papered the planet with Enterprise License Agreements, to lock in customers as XenServer and Hyper-V gained traction. When those ELAs start to come up for renewal, expect customers to look around for good competitive solutions from Citrix and Microsoft.
• Locked in loyalty: VMware has certainly done a good job of commanding the loyalty of their admins. It has given them new skills, knowledge (and hence clout), and "green cachet". I frequently encounter resistance from VMware admins when I visit customers, suggesting that VMware has support in the rank and file, no matter how expensive they may be.
• Missed the Big Switch?: I suspect that the TechTarget survey missed the early indications of the success of our "Big Switch", namely the free availability of XenServer virtual infrastructure, including resource pooling, shared storage, optimal VM placement, dynamic live relo and all the rich management of XenCenter. Here's what we know: Since XenServer was made freely available at the end of Q109,

1. More than 170,000 users have downloaded Free XenServer, with downloads now running at about 10,000 per week.
2. More than 50% of downloads have activated one or more licenses (indicating a PoC in progress)
3. More than 25% of them are evaluating Citrix Essentials (meaning evaluating the production deployment of XenServer with our portfolio of automation and private cloud value-added products, which are typically 20% or so of the cost of VMware's, and which get cheaper at the rate of Moore's Law, since VMware licenses by CPU and we license by server.
4. We have several Free XenServer users operating at a scale of more than 10,000 servers in production
5. In the last quarter alone, licenses for XenServer were activated within 20% of the Fortune 500, and 10% of the Forbes Global 2000, and we added just shy of 25,000 customers.

In other words, our business has never looked better.

Other samples from the analyst community appear to tell an entirely different story. FOCUS, for example has recently published research with very different findings than the TechTarget survey. In their results they find that (emphasis is mine):

"Not surprisingly, most of the respondents are running VMware in production, including ESX (64%), ESXi (23%), and Server (GSX) (21%). However, including all platforms in use at an organization (rather than only the primary platform in use), 27% of the 239 respondents doing server virtualization are using or evaluating Citrix XenServer and 29% of the respondents are using or evaluating Microsoft Hyper-V Server 2008. VMware Server (GSX) is being used by 35% of the respondents and 24% of the users are using Microsoft Virtual Server. Additionally, 23% of the respondents are running non-Citrix Xen solutions such as Open Source Xen, Sun xVM, or Oracle VM and 21% are running other virtualization solutions such as Sun Containers, or Parallels Server."

So at worst, 27% share for Xen, biased toward evaluation (which makes sense). Yet Barrett reports 1%. Doesn't add up.

For a change, it is nice to be in a position of not having to argue a point. We have our data. I think the market is at an inflection point: VMware put its prices up, the economy tanked, budgets have disappeared, XenServer & Hyper-V are free, and moreover, XenServer is the only product other than VMware's that the Burton Group has stated offers 100% of the features required for Enterprise Production Virtualization.

With that, why would any smart CIO not evaluate XenServer? How long can customers put up with a vendor that imposes a tax on every CPU they put in service?

OK you number crunchers, go figure it out.

We are proud to announce the *NEW* Citrix User Group - Fort Lauderdale! We will be holding monthly meetings at Citrix HQ geared towards people who administer and use Citrix products. This is not just geared towards XenApp, but towards EVERY product Citrix offers! We will have discussions, demonstrations, and other information. Everyone is encouraged to get on the agenda to share information.

In addition to the physical meeting, we will have a GoToMeeting posted for remote attendees. If you are remote and want to present, you can! We would love to have your input and information!

Here are some things you will encounter at a CUG meeting:

PIZZA!!!
Citrix gear as prizes and give aways!
What to expect from a CUG.
How someone can get involved in CUG.
Upcoming product information.
Product Presentations.
Q&A with the Engineers.
New Citrix User Information.
Demonstrations.
New Product Information.

We are open to topic and speaker suggestions!

What:
Citrix User Group - Fort Lauderdale (CUGFTL)

When:
October 29, 2009
7-9PM ET

Where:
Citrix Worldwide Headquarters.
851 West Cypress Creek Road
Fort Lauderdale, FL 33309
Room 1007-1009

Agenda
Derek Thorslund Speaking on XenDesktop 4 (our newest release)
Pizza!
Marathon Technologies - Tom Reed
Q&A / Mobility session

Webinar information for remote attendees:

https://www1.gotomeeting.com/register/290730136

Follow us on Twitter @cugftl

更新 10/8/2009：门票仅剩25%

2009 年的开源虚拟技术大会将第一次在中国召开。 到今天为止门票仅剩50%。 机会难得，感兴趣的话，请勿错过。

活动时间
2009年11月19-20日

活动地点
上海市紫竹科学园区紫星路880号
英特尔亚太研发有限公司

参与人群
Xen.org顶级国际社区专家、国内教育界虚拟化方面的教授学者、国内Xen爱好者和公司专家

注册截止时间
2009年11月5日

讨论话题
Xen技术的方方面面

详情和注册

前几届的开源虚拟技术大会的演讲和视频

XenSummit Asia 2009 details and registration at
http://www.xen.org/community/xenevents.html

Ray (Ruiguo) Yang
Check out my other blogs
Subscribe to my blog RSS feed
Follow me (@RayYangCitrix) on Twitter

I heard a great phrase recently "an embarrassment of riches" . I thought to myself...that is definitely what XenApp has become. There's nothing you can't do with it now. When it comes to virtualizing applications, you can deliver from a Windows Terminal Server, you can stream to a server or a client, and now with VM Hosted Apps, you can deliver from a workstation if the other two methods are not suitable. The user gets a seamless application that looks like it is running locally without ever being the wiser on what back end infrastructure is hosting the application. These days, you will be hard pressed to find an application that cannot be delivered with XenApp.

If you did not read my last post, I talked about considerations that you should take into account before selecting VM Hosted Apps (new in XenApp 5 Feature Pack 2) as your application delivery solution. If you are still deciding whether VM Hosted Apps is right for you, then go back to my first blog to help you with that decision. If and when you are convinced, come back and read below where I tell you how to set it up.

VM Hosted Apps components for application virtualization

These are the components that make up a VM Hosted Apps infrastructure:

• Physical or virtual workstations with either Windows XP, Windows Vista, or Windows 7 installed. The Virtual Desktop Agent software and applications must be installed on these machines.
• A Desktop Delivery Controller which is the brains behind that operation. It brokers connections to virtual desktops.
• An IIS web server with the Web Interface software installed. The user connects to this web site to display the application.
• Citrix Receiver, or the online plug-in standalone, installed on the client device

If you are already familiar with XenDesktop, then these are the exact same components that deliver desktops. The only difference between a VM Hosted Apps and a XenDesktop infrastructure is the license. No really, it's true! You need a XenApp license to deliver applications and you need a XenDesktop license to deliver desktops.

Follow me as we dig into this a bit deeper. The first component you need to install is the Desktop Delivery Controller (DDC) software which must be installed on a Windows 2003 Server only (we're working on WS 2008 support so hang tight). Use the software version that comes with XenApp Feature Pack 2 on the VM Hosted Apps media. It will require a database in order to complete the installation of the DDC. You can use Access, SQL, Oracle, IBM DB2 just like XenApp. But don't try to make it part of the same farm sharing the same physical database as XenApp, because it won't work. It must exist in a separate farm database.

Administering application virtualization with VM Hosted Apps

Next, you will administer the environment using the Delivery Services Console, formerly the Access Management Console (Yes we renamed it... again). You can use the console that is installed on the DDC by default or you can install the console on a separate machine. You are actually installing a rebranded XenDesktop Console which means that if you already have XenDesktop you can use this new console to manage that as well. Since this console cannot be used to administer your XenApp farm, to make administration easier , install both consoles on the same machine. When you do this, they will aggregate together in the same MMC snap-in automatically. We know customers hate separate consoles but it could not be helped in this release. If the two consoles are installed on the same machine, then administration will be less of a hassle.

Publishing VM hosted virtual applications

To publish a VM Hosted App, it is nothing like publishing an application with XenApp. It is more like publishing a virtual desktop with XenDesktop. You run the Desktop Group creation wizard in the console and check the box "Use Desktop Group for VM Hosted Apps".

Don't forget to name the Desktop group the same name as your application and change the default XenDesktop icon to an application icon. The application name and icon you select is displayed to users when they log into Web Interface. Selecting this box however, does not make an application available to users. Here is how you actually publish the application.

• First, install the Virtual Desktop Agent software on the workstation image or vdisk you are creating.
• Then after you install the desired application, place a shortcut for this application in the "SeamlessInitialProgram" folder located under \Program Files\Citrix\ICA Service.

You should only put one application shortcut in this folder, if other helper applications are needed, you can install them on the workstation and they will be called by the main application when necessary. If you are using Provisioning services to dynamically provision desktops, then make sure these steps are complete on the workstation image before you save the virtual disk. If you are not using PVS, then be aware that you will need one virtual workstation for each simultaneous user because multiple users cannot launch applications from the same workstation.

The last step is to make the application available to users by modifying your Web Interface site to add the VM Hosted Apps farm and point to the Desktop Delivery Controller. Web Interface is actually installed on the Desktop Delivery Controller by default. You can use that Web Interface server or you can use Web Interface from a standalone web server, as long as it is version 5.2 or above. You must have a XenApp web (aka web interface) or services site (aka pnagent site) configured in order to deliver your applications.

That's it! Now if you run into trouble, apply the same troubleshooting methodology that you would for XenDesktop.

Cris Lau the Product Manager for XenApp Feature Pack 2, hosted a TechTalk on how to configure VM hosted Apps in which Sr. Software Engineer Madhav Chinta demonstrated how to configure and publish a VM hosted application.

If you are a Citrix Partner you will soon have access to an Education sponsored Technical Readiness Learning Lab Series that focuses on VM Hosted Apps. The Learning Lab series offers you the opportunity to watch a CitrixTV video about how to configure VM Hosted Apps, then we'll let you log into a hands-on lab environment in the cloud so that you can play around with this feature using a step by step lab guide. Stay tuned for that!

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

There are some new articles posted on the Workflow Studio section of CDN. These will probably only be of interest to the developers and advanced workflow gurus out there, but I found them interesting and wanted to share (yes, I am a geek )

• Configuring Workflow Studio to use SQL Server for Tracking and Persistence
• Tips, Tricks, and Best Practices

Keep in mind that most of the CDN sections for Workflow Studio are open to the general public to post and edit (be sure to share your workflows and activity libraries). The tips and tricks article was intentionally left open to all to edit - come on in and share. Make sure you bookmark the articles section, add it to your RSS reader, or just click on the Community tab from within Workflow Studio every time you open it.