Since the last months Citrix and Novell worked closely together to provide a solution for customers with Novell eDirectory in place. For the Desktop Delivery Controller and the Virtual Desktop Agents Citrix announced an official support statement which could be found here: http://support.citrix.com/article/CTX123281

Costumers with a synched Active Directory / eDirectory only have to be aware of their GINA chaining. http://community.citrix.com/display/ocb/2009/05/07/XenDesktop+and+Novell+eDirectory

For environments where no Active Directory is in place Novell Open Enterprise Server with Domain Service for Windows (DSfW) http://tinyurl.com/yze7y65 have to be installed and configured before XenDesktop.
Due the fact, that DSfW only accepts Kerberos and no NTLM calls the XenDesktop Active Directory Wizard should not be used to prepare the OU.

You'll need to configure the DDC and VDA without using an OU:
http://support.citrix.com/article/CTX118976

I've developed a little cool tool to configure both components using a simple GUI.

On the Desktop Delivery Controller:
1.Set Desktop Delivery Controller without AD OU to enabled
2.Press Set DDC Config Button

On the Virtual Desktop Agents (WinXP,Vista, Win7)
1.Enter the FQDN of the DDC(s)
2.Press SET VDA Config Button

For those of you who would like to set the DDC configuration by using ZENworks or Group Policies I've added an ADM Template (FarmControllers.adm) into the Novell Integration Tool folder.

Download: Novell Integration Tool

Note: This tool is not supported by Citrix Support and if you have any issues try to configure the VDA manually using regedit or leave me a blog comment.

Recently several customers and integrators have asked me about the ports used by XenDesktop and whether or not Citrix recommends changing them. Since the ports used by Citrix products are well documented in CTX101810, I will leave that topic alone. However, in this blog I will provide some guidance around the ports you can change, where the change can be made, and whether it is a good idea to do so.  Like any good news story, the information is provided in order of relevance.

Due to the amount of content, I have decided to break this blog into multiple parts, starting with the core XenDesktop farm ports. I will tackle the supporting technologies like Provisioning Services and the XenDesktop Setup Wizard later.

Note:   To make the port number change obvious I have used 5555 in all the screen shots below. Clearly, bad things would happen if you set all the components to the same port value.

Virtual Desktop Agent (VDA)

The VDA communication is actually two one-way communications between the Citrix Desktop Delivery Controller Service running on the Desktop Delivery Controller (DDC) and the Citrix Desktop Service running on the desktop.  The significance of that statement is that the two ports can be set independently and do not have to be the same. To confuse this more, the default for both ports happens to be port 8080 which is the default for the Microsoft Windows Communication Foundation (WCF) services used by XenDesktop. Since port 8080 is used by other services, such as internet proxies or McAfee, I highly recommend changing this port on both sides of the communication.

Desktop Delivery Controller WCF Port

During the install of the DDC, the WCF port for the Citrix Desktop Delivery Controller Service is automatically set to 8080 and cannot be changed. To change the port, wait until after the installation is complete. Unfortunately, you cannot change this directly from the Add/Remove Programs Control Panel. Instead, you need to run the DDCServices.msi package from the installation media. Choose Modify, click Next, and then set the new port number. Click Next then Install to finish the wizard. I recommend rebooting the server after this change. The screen sequence is shown below.

Virtual Desktop Agent WCF Port

Changing the WCF port on the Virtual Desktop Agent side can be done either during the initial install or afterwards using the Add/Remove Programs control panel applet. To change it afterwards, open Add/Remove Programs, choose the "Change" option for the Citrix Virtual Desktop Agent, select Modify, click Next, click Next on the Custom Setup screen, enter the port number and then finish the wizard. The initial sequence looks similar to the DDC install and is shown below. 

Although in the examples above I have set the ports to be the same for both components, this is not a requirement.

Database

For security reasons, many institutions run SQL Server on a port other than 1433. If you are running the database on a different port, you can specify this information either during the setup by selecting the Client Configuration button on the ODBC setup screen and entering the new database port. Below are the screen shots for changing the ports during the installation for SQL Server.

Alternatively, you can directly edit the C:\Program Files\Citrix\Independent Management Architecture\MF20.DSN file that is used by the IMA service. For a SQL server, you would just add the line Address=servername,port to the file.  Restart the Citrix Independent Management Service for the change to take effect. Below is a sample MF20.DSN file where I have specified a different tcp port for the SQL server.

[ODBC]
DRIVER=SQL Server
UID=XDSQL
Trusted_Connection=Yes
DATABASE=XenDesktop
WSID=XDDDC4
APP=Citrix IMA
SERVER=SQLSVR1
Address=SQLSVR1,5555 

Session Reliability

Session reliability is another port that companies often modify to increase security for remote access. Unlike the ICA port number, this port can easily be changed by a setting in the Access Management Console. When session reliability is enabled, the ICA client tunnels its ICA traffic inside the Common Gateway Protocol (CGP) on the session reliability port. The XTE service will then unpack the ICA packets and forward them to the ICA listener port on the server.  If you change the session reliability port, you cannot just stop and restart the IMA and XTE services instead you will need to reboot the server. The session reliability port can be changed in the farm properties as shown in the screen shot below:

Virtualization Infrastructure

Changing the port of the API communications is not recommended.  However, if you have changed the inbound port for the API on VMWare Virtual Center or XenServer, you can configure XenDesktop by specifying the new port number on the location URL for the Access Management Console and the Setup Wizard as shown in the screen shot below.

IMA Ports

Changing the IMA ports (2512/2513) used by the farm for communication is not recommended. The primary reason I do not recommend changing the IMA port numbers is because the vast majority of quality assurance testing is done with the default port numbers. However, if you feel so inclined, you can use the IMAPORT.EXE utility to set the IMA ports for the IMA service and CMC to different values. After running this utility, you will need to restart all the Citrix services or just reboot the server.

XML Service

The XML Service port can be changed on the Desktop Delivery Controller. However, changing the XML service port is not recommended as there have been several reports of strange behaviors after changing it. If you must change the port number, you can use the CTXXMLSS.EXE command-line utility to do so and use the same XML service port for all DDCs in the farm.

That is all I have time for now. I hope to the have the next set of ports for the supporting technologies out by the end of the month. If you found this helpful and would like to be notified of future blogs postings, please follow me on twitter @pwilson98. 

I got an interesting item in my inbox from a friend who was speaking with VMware about their VDI solution.  He asked me if the information VMware was telling him was true. He was especially curious because he knew I wrote the Citrix XenDesktop Enterprise Design reference architecture that VMware was referencing to talk about how much better View was. VMWare's approach is laughable.  They are taking a detailed consulting design document  and trying to compare it to the VMware View reference architecture, which if you read it like I have (wasted 2 hours of my life), you will quickly see it is high-level and full of marketing spin and provides no insight.  I, on the other hand, was trying to provide all of you in the community with insight into how to design a large, and complex customer environment with XenDesktop.  Anyways, I told him the angle they were using and he thought it was ridiculous.  I was going to leave it at that, but I've been seeing and hearing more about it from others so I thought I would provide all of you with the same information.  Let's break it down: 

Scalability:

• Misconception: VMWare says that XenDesktop has poor hypervisor scalability. They say that on a 16 core server XenDesktop can only support 40 users (3 users per core). 
• Truth: The XenDesktop reference architecture for the hosted virtual desktops is 8 cores, not 16.  In the design phase, we estimated 40-50 VMs per server, which averages to 5-7 virtual desktops per core.  We were a little conservative as we were not sure how the unique applications would impact the system.  But you can look at Project Virtual Reality Check scalability white paper to get a good comparison of XenServer and ESX.  Although the design VMWare references was for XenServer, the same estimates would have been used if the hypervisor was running ESX.

Storage:

• Misconception: VMware likes to say that XenDesktop is a storage pig in that we need a lot of storage associated with each virtual desktop. 
• Truth: This particular design had a requirement to keep a few system items persistent across workstation reboots so we recommended the creation of a local, persistent disk of between 3-5GB to store items like event logs, performance metrics, antivirus definitions, etc.  This is not NAS/SAN storage; it is the storage on the physical XenServer.  Think about it. You buy an 8 core server, install XenServer, which is small, and the rest of the local storage is wasted.  We utilize that for the persistent store of the virtual desktops.  This means we cannot do XenMotion on the virtual desktops, but most customers I've spoken to do not have this requirement.  After looking at VMware's reference architecture I don't see any level of detail as to the amount of storage they require.  I wonder why not. 

Workloads:

• Misconception: VMware states that they can get more users on a hypervisor than we can.
• Truth: This is all around scalability tests, which I'm not a fan of.  I can easily find you 5 tests that show XenServer is better and another 5 that shows ESX is.  The VMware reference architecture had users connected for 14 straight hours, seems like a long workday to me. I have a question for VMWare: What company did you create this architecture for where users would work for 14 hours? Please tell me as I do not want to work there.  As we all know, the most typical system hit is during startup and logon. So by expanding the session time from a few hours to 14, the overall average utilization rates can be significantly lowered, thus providing an inaccurate estimate to the hardware
• Truth: The Citrix Reference Architecture made estimates based on the applications and expected real user workload, not simple apps and 14 hour workdays.  VMware's reference architecture was based on standard scalability samples shown below. If this was an actual user workload, I totally want to work for that company because that job looks so easy:
  • Microsoft Word - Open/minimize/close, write random words/numbers, save modifications.
  • Microsoft Excel - Open/minimize/close, write random numbers, insert/delete columns/rows, copy/paste formulas
  • Etc

RAM:

• Misconception: The amount of RAM that VMware recommends in their reference architecture is nuts.  They say they can get 96 users on a server with 96GB RAM.
• Truth: If you subtract the hypervisor overhead you are looking at "USABLE" RAM of about 800MB per virtual desktop.  I say usable because ESX has probably enabled memory ballooning.  It is true that XenServer does not have memory ballooning, but I would recommend customers disable this feature for virtual desktops.  On XenDesktop projects that use the ESX hypervisor, I also recommend disabling this feature.  Users and desktops are more dynamic than server workloads, meaning the RAM consumption is going to fluctuate greatly.  If RAM starts to decrease to the critical threshold, what happens to the hypervisor?  It must free up memory by paging this to disk.  Isn't this an intensive system process that consumes more resources at a time when resources are scarce?

End Points:

• Misconception: Vmware talks about the end points and only focus on thin clients and end points that we can repurpose with a Linux OS or locked down Windows OS. What about the newer end points that organizations have already spent money on? 

• Truth: With VMware View you still will connect to the VDI desktop and idle your local hardware. Seems like a lot of wasted desktop resources to me.  XenDesktop, on the other hand, allows you to re-use those desktops as a local streamed virtual desktop. Don't be fooled, there is more to desktop virtualization than VDI.

Provision:

• Truth: Closer to the end, the reference architecture talks about the time to provision X number of linked clone desktops.  I'm not sure if this is automated or if an admin has to do each desktop one-by-one. I'll give VMware the benefit of doubt here and say it is automated, but taking 161 minutes (2 1/2 hours) to provision 500 virtual desktops seems long to me.  I personally don't think this metric is important, even though XenDesktop is measured in seconds.  If it is automated, you do all of this in the build out phase and not in production. So the time it takes is irrelevant to me. Why did they choose to include it? No idea

So my advice to anyone who is still reading this blog... Take everything you get with a level of skepticism.  Do your own due diligence and look at the details to see if things were glossed over or if an in-depth analysis and design was completed.  That recommendation even includes the materials I post.  I try to be open and honest in my blogs, white papers, TechTalks and videos, but I am a little biased to Citrix because they pay my bills. 
If you want to discuss more, or have further questions, then Ask the Architect

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• For the latest desktop virtualization information visit the Ask the Architect - Next-Generation Desktop site
• Questions - Then Ask The Architect

I had the pleasure of attending Gartner's Symposium and IT Expo in Orlando in October. Other than talking to a lot of customers and partners, I took time off between booth hours to attend sessions and I was especially interested in anything labeled "Cloud".
Gartner defines Cloud computing as a style of computing, where elastically scalable IT services are delivered to customers using Internet technologies. This is one definition, and there are nuances between private cloud services (which corporate IT can build inside of companies to be more responsive to business needs) and public cloud services, which will enable companies to rid themselves of IT and consume services from providers - just like manufacturers stopped having their own on-premise power generators and are now consuming power from a utility. As a member of the Citrix Consulting organization, I was curious to see what the thoughts on a transition to the cloud would be. There is a lot of press and talk about the cloud itself at this time and it is not surprising that Gartner sees Cloud Computing on top of the Hype Curve with at least 2 yrs to wider spread adoption. Before that can happen though, we will have to move through the trough of disillusionment, but after we get over the mild hangover, we can talk shop.
Gartner looks primarily at three different types of cloud providers:

• Infrastructure. Think providers of server on storage capacity a la Amazon EC2 and S3.
• Middleware: Think providers of application developer platforms like Google Apps and force.com.
• Applications: Think providers of applications that often run on the Middleware layer, such as salesforce.com, web-based email etc.

The piece that I was missing in the Gartner discussion was the Desktop in the Cloud, or Desktops as a Service (DaaS). Given that the public cloud mantra is still a bit in the future, this is not surprising, but the thought raises some interesting questions.
Unlike moving a few apps playfully to a cloud provider in non-production environment, moving a desktop into a public cloud requires a bit more thought. For one thing, the desktop must deliver the business applications and those apps often times need to talk to databases and file shares to be useful. Companies may actually keep this portion on-premise for the time being, so long as the communication from the cloud back to the datacenter performs reasonably well and can be secured properly. Consulting hint: Test the end to end response time to assess if this is feasible for your specific scenario. Given multiple regulatory questions such as "Who owns the data in the cloud? Who ensures compliance?" I would expect a lot of the backend data to remain in the corporate datacenter initially, even as desktops move to the cloud. Over time, networks will continue to provide ever increasing capacity and reliability, so the application latency introduced by backend resources is probably not necessarily going to be a showstopper.
So, let me go out on a limb and predict the future for Desktop in the Cloud (hosted virtual desktops running on shared infrastructure, accessed by end-user over public networks, used as the primary means to do work):

• Desktop in the Cloud will first be adopted by small businesses or for desktops with a limited number of apps. Host a desktop with a web browser, office productivity software connected to a cloud-hosted web server (or entirely web-based email) and maybe include software such as Quickbooks and you have a repeatable, low cost desktop that can be used from the office or from home for a low monthly charge. Employees use their own personal PC or laptop to access this environment and gone are the days where everyone directs their PC troubles to the guy or gal in the office who happens play video games in the evenings.
• Gartner stated in one session that ISVs will have to become good service providers to prepare for cloud computing. I actually disagree with that statement - it reminds me of the days when software vendors aspired to be ASP's. ISV's will have to provide software and licensing that is conducive to a cloud model. The software licensing will have to change to allow for hosting in the cloud and a subscription-based pricing model. Software and data ownership will need to be figured out and the cloud provider with the most straight forward legal terms will have a leg up.
• Desktops delivering a few critical apps will be next. Think call centers or the healthcare vertical. Those are fairly simple desktop implementations without a lot of application complexity or a requirement to let traveling users connect or work offline.
• Enterprise Desktops (those delivering pretty much any app and connect to a myriad of complex application back-ends) will be the most challenging and probably take the longest to achieve widespread adoption in a cloud model. One can imagine the offline use case being solved by streaming an offline operating system to an endpoint, and some of the emerging file synchronization solutions in the cloud ensuring that all corporate data is properly synchronized between online and offline usage.

One of the items that the industry hasn't figured out yet is a service level agreement (SLA) standard for virtual desktops. We have SLA's for servers and applications, but not for desktops, whose users are a lot less forgiving for latency for basic desktop interactions or the inability to access them. To establish and enforce SLAs for the desktop, end-to-end monitoring solutions are key that allow both the provider and the customer to pull reports on response times and overall system performance.

I remember one additional line from the Gartner Symposium keynote. According to their surveys, some 60% of CEOs believe that IT is constraining their business. What that tells me is that business leaders will need to have more trust in their cloud provider than they have in their own IT. Therefore, I predict that the Desktop as a Service providers of tomorrow will be the large system integrators. They are already trusted by many corporations to run IT end to end and have the expertise and backend capability to deliver hosted services with strong SLAs and security.

Florian Becker
Director, Worldwide Consulting Solutions
Follow me on twitter: @florianbecker

Citrix Support is focused on ensuring Customer and Partner satisfaction with the support of our products. One of our initiatives is to increase the ability of our Partners and Customers to leverage self-service avenues for finding answers and resolving problems. A key area that the Support teams focus on is development of troubleshooting and health checking tools.

One of the most recent tools to come out of Citrix Support is the Citrix Printing Tool.

The Citrix Printing Tool helps configuring and troubleshooting the Citrix Printing subsystem on XenApp, XenApp Online Plugin, and XenDesktop products.

You can download the Citrix Printing Tool here.

Also find below a video by the tools developer Frederic Serriere, providing an overview and demo of the Citrix Printing Tool.

David
Twitter - http://twitter.com/citrixreadiness
Citrix Support on Facebook - http://www.facebook.com/citrixsupport

I wanted to take a moment and provide some thoughts around selecting the correct logoff behavior for your XenDesktop environment. When working with a pooled desktop environment, the administrator can choose between restarting the virtual desktop at logoff and doing nothing.  Below is a screen shot of the two settings I am referring to for a pooled desktop group:

When selecting a logoff behavior, administrators should consider the operating environment since selecting the wrong logoff behavior could have a negative impact on your user experience. In order to see how this could be the case, let's first look at the logoff process and then apply it to a simple customer scenario. Here are the steps executed when "Restart the virtual desktop" is selected for the desktop group and the user logs off:

1. Virtual Desktop Agent notifies the Desktop Delivery Controller of the user logoff event.
2. Desktop Delivery Controller initiates the shutdown and restart via the pool management service.
3. If the DDC contacted is not the farm master then the request is routed through IMA to the farm master and then executed.
4. The farm master sends a desktop shutdown command to the hosting infrastructure. 
5. If the idle pool count is not met the Desktop Delivery Controller then sends a startup command for the desktop to the hosting infrastructure.
6. The desktop boots up, and if streamed from provisioning services anywhere from 90MB (XP) to 220MB (Vista) of data will be sent over during the boot process for the desktop.

When the logoff behavior is set to "Do nothing" the following sequence is executed for each user logoff.

1. Virtual Desktop Agent notifies the Desktop Delivery Controller of the user logoff event.

Probably obvious now is that a significant amount of overhead is avoided by not restarting the desktop each time a user logs off. Now the question for administrators is "when does not restarting the desktop make sense?"  In most situations, restarting the desktop is the best answer. However, there are some situations where restarting the desktop after each logoff will impact the user experience. Consider the following basic XenDesktop configuration:

• 2 Desktop Delivery Controllers
• 500 virtual desktops hosted on 10 servers in a single resource pool
• 2 Provisioning Servers hosting a single Windows Vista vDisk used by all 500 desktops

If the 500 desktops in above example are supporting 1200 users across three shifts (400 desktops per shift) then during a shift change the amount of overhead caused by restarting the desktops could be significant and easily introduce user logon delay. When 400 users logoff in a relatively short time span, say 15-20 minutes, you would end up with 400 desktop boot processes occurring. If we pick the longer 20-minute interval, and assume even distribution (best case), that is 20 desktops per minute that will need to reboot (400 desktops/20 minutes).

If you are using Provisioning server to deliver Windows XP desktops, you have 90MB of data traversing the wire for each of those desktops and considerably more for later desktop operating systems. In addition, some hosting infrastructures have a limitation of how many desktops can be started within a given time period for a single resource pool or server. Furthermore, if the XenDesktop farm master is throttled (usually by a registry setting for performance reasons see the XD Best Practices Guide) and has a limited number of outstanding VM management commands then the 400 restart commands will get queued thus further slowing the end user's response time.

As the number of virtual desktops in the environment increases, the impact of a restart becomes more noticeable. For instance, if we were considering 5,000 desktops across 2 resource pools with the same 3 shifts and 80% utilization, the number of desktops being rebooted in a short time span becomes 4,000. Even splitting this across 2 resource pools would lead to 100 desktops per minute rebooting in each resource pool.

In contrast, setting the desktop group to "Do nothing" provides a much faster response for the users during shift changes and taxes the network and disk infrastructures less. In addition, if the user is routed back to a desktop they have been to before, the user profile update is faster since the entire user profile will not need to be created and loaded.

Of course, like any architecture decision, it has tradeoffs. By not rebooting the workstations at every user logoff, the write cache file for the provisioning services will grow larger than it would if the workstation was rebooted more often. How much larger, really depends on the environment. In addition, if the users are local administrators on the desktops, then user security is at risk because any files left by other users would then be visible to anyone logged on.

In this case, to mitigate the write cache file issue, I would leverage something like Workflow Studio to reboot the 20% of unused desktops in between shift changes. To prevent users from gaining access to left over files, you could not make users local administrators or employ a profile management solution in conjunction with redirected folders to keep the sensitive data stored on remote drives and/or remove the data at logoff.

So, now you have another perspective around designing a XenDesktop farm and something more to consider during your configuration. If you found this posting valuable and would like to be notified of future blogs, please follow me on twitter @pwilson98.
 

VDI is not stupid. Recently, Eric S. Perkins on his blog proclaimed that VDI is Stupid. Well, actually, the way our competitors have been treating VDI is problematic; which might have led to Eric's assertion that VDI is stupid. So, I want to take this opportunity to go over some of his concerns.

One important point on VDI - VDI is not merely another server workload and must not be treated as such. This is perhaps why many of our competitors' VDI implementations have failed and have also created significant costs for their customers. Furthermore, VDI is not for every user in the enterprise - it is best suited for certain environments.

Desktop virtualization, on the other hand, is a more comprehensive solution that encompasses VDI. By separating the three core components of the desktop - OS, apps, and user profile - into three different layers, desktops are managed centrally and dynamically assembled for users regardless of the location and device the users are logging in from. The separation of the three core layers provide tremendous flexibility for IT to manage users desktops.

Citrix has been in the desktop virtualization space for a long time (admittedly we never talked about it as desktop virtualization) and have various forms of it available to our customers. Beyond VDI, Citrix FlexCast allows IT to delivery desktops to all users desktops in different scenarios:

• For task workers sharing a similar set of applications, the most secure, cost-effective approach is Hosted Shared Desktops.
• For office workers who need more personalized desktops, Hosted VM-based VDI Desktops is often the best approach. By running each user's desktop in a dedicated virtual machine, this option combines the benefits of central management with full user personalization.
• For technical workers and power users who run professional graphics applications such as CAD/CAM, GIS; Hosted Blade PC Desktops ensures dedicated processing power for each user.
• Local Streamed Desktops leverage the local processing power of rich clients, while centralizing single-image management of the desktop. This is a quick and cost-effective way for anyone to get started with desktop virtualization by leveraging existing PC resources while keeping datacenter overhead to a minimum.
• Virtual Apps to Installed Desktops offer many of the ROI and management benefits of a fully virtualized desktop with minimal setup costs. Although virtual apps run on the local device, they managed centrally.

Regardless of what type of virtual desktop you pick for your users, user experience is the most important aspect of desktop virtualization. Based on Citrix's 20 years experience working with the end users, we are very sensitive to how users interact with their work environment. So when we created XenDesktop, a huge focus is placed on making the user experience much better than a local PC - with our HDX technology.

With regards to VDI being just another propaganda or niche solution. Gartner estimates by 2013, the desktop virtualization market will be at $65billion. And we are seeing this explosive growth at Citrix. There are real business issues our customers are addressing with desktop virtualization. You can see all these real world testimonials on our website.

Administrators are used to the idea, that running applications under Application Streaming will permit poorly written applications to run in a multi-user terminal services environment.   For example, if the application wants to write to the \Windows directory, no problem; the application will believe that it wrote there and later if it reads the same stuff, it will see what it put there and generally, the application will work. What is less known is that that Application Streaming and XenApp publishing can be used to reduce the rights of the application at execution so that it has a reduced chance of hurting the machine.

Privilege vs. Isolation

Isolation and "privilege" are different things. Running the application "isolated" does not mean that the application can't do powerful things.   An administrator privilege ISOLATED application CAN still perform privileged operations such as adding new users to the machine, marking them as administrators and adding them to the remote desktop group where the evil doer can then remotely login, as a non-isolated administrator and easily do evil things. 

Not a problem for XenApp hosted execution

To be clear, none of this is important for XenApp hosted execution.  Here, the user is already a user and stripping power from the user to get them to user power is a "nop" because they were a "user" to start with.  This discussion of "privilege" reduction is more of a Windows XP client side, or hosted desktop statement where "admin" power users are the norm.   On Windows XP, unless you're very good at locking down the machine the end user will be running as an "Administrator" and this is not desired.  How can you make this happen as little as possible?  How can you get MOST of the applications to run with the least privilege possible?

Brain damaged applications

Some applications even CHECK to see if they are admins and refuse to run if they are not.   Awesome!  If you can't figure out how to code it, demand admin rights machine wide!    You can easily hit a situation where 90% of your desktop applications will run fine without admin rights, yet you have no choice but to make the user a full blown administrator because some small subset of the applications demand admin rights; or perhaps, even really need them.

What about the "normal" applications that don't need admin rights, or at least don't need admin rights when run under isolation?  It would sure help if we could at least make the "all powerful" user be a "lowly user" for the purposes of the majority of application execution, even if the user is really an administrator.  You can, and XenApp makes this easy.  First, some history.

DropMyRigthts

Go back in time and take a look at this 2006 technet article from Microsoft on Least User Access and a description of the DropMyRights utility by Michael Howard.   Excellent stuff and here is a related set of blogs from Aaron Margolis of Microsoft who seems to have a passion for running apps as a user!   The output of this early work was a command line utility called DropMyRights which would duplicate the user's logon token, strip the powerful rights - and then use the modified token to launch the application.  Good stuff.  As an example, here is the .BAT file I used to use to launch MS Outlook.

• dropmyrights "%PROGFILES%\Microsoft Office\OFFICE11\OUTLOOK.EXE"

The idea of running apps on forced user privilege on Windows XP was not unique to App Streaming, but we did wrap pretty GUI around it and wrapped application publishing around it to make it easy to use - and then we didn't tell anyone it was there.  To be fair, most of the usage was server side, so it wasn't as important, but hosted desktops are changing this.

The XenApp publishing system makes this dropping of user rights accessible via easy to use GUI.

Access Management Console

Here's the AMC screen that controls this setting.  Notice that this "stripping of rights" is controlled in the AMC - not in the streaming profiler.  Could it be controlled in the profiler?   Sure.  Both of these tools are nice GUIs which could accomplish the same goal, so yes, it could be controlled in the profiler, but it isn't.  One could even make a really good argument that it is in the wrong place and SHOULD be in the profiler because this is where the admin is that knows more about the application.  I would agree, but it wouldn't matter, it's still in the publishing console whether or not this seems like the right place.  

 
When I wrote the draft for this post, I did it in a place without internet access, so I couldn't easily check the default.  I wrote that SURELY! the default is that we strip the rights before launching the app.  Surely, Shirley, what ever you call it, the default is the other way; by default, the launch leaves the user's token alone and launches the app using what ever power the user has according to logon.  If you CHECK the box, then the Access Management Console tells the Citrix IMA to tell the Citrix Web Interface to tell PNAgent to tell the Streaming Client that it should strip power from the user for the purposes of running this stream to client application.  Where the application will permit it, You should set the checkbox.

XenApp server side, it won't change anything;XenApp Client side, it will ensure that the application is launched using a user token that has "lower power".  Lower power is better...

Here are some other writings on Application Streaming related to this:

•  Enhancing the Security of Application Streamingfor Desktops

Enjoy!

Joe Nord

Citrix Systems Product Architect - Application Streaming

先週はITPro EXPO 2009のCitrixブースにご来場いただきありがとうございました。また関係各位にご協力いただき大変感謝しております。なお、同イベントにおいてXenDesktop 4がITPro EXPO Award 2009のZDNet Japan賞に選ばれました。スタッフのみなさんで徹夜して準備した甲斐がありました。

http://itpro.nikkeibp.co.jp/article/NEWS/20091030/339835/?ST=keitai

The Citrix Workflow Studio Evaluation Virtual Appliance (EVA) is now available. This EVA provides you with 30 days to evaluate a pre-configured virtual machine running Windows Server 2008 that has Workflow Studio 2.0 already installed and configured with all activity libraries and the sample workflows from CDN. Download the EVA and review the Getting Started guide .

If you have any questions leave a comment or contact me directly

While a mandatory based profile solution was the original approach (something we leveraged in the earliest releases), we are not going to return to that method. Let me explain why and get your thoughts and opinions on this.

One request that has been commonly voiced has been around a mandatory style implementation. While previously we had leveraged a mandatory profile as the base, for many reasons we moved away from that approach. One key reason was to save time that the merging process required (the copying of the mandatory down first and then copying of all the net changes). All in the spirit of logon speed. Another key reason is that it really was not a mandatory profile anymore. Profile management captured all the net changes from that base mandatory. So no settings were enforced or re-written at next logon. Basically it was a holder of starting settings when a profile was loaded. But the net changes were always re-applied over the base so nothing was ever enforced. So in the end, you needed to leverage Group Policy to enforce any permanent settings anyway.

It's also been explained that having a mandatory approach enables customers without Group Policy delegation to have a means to control the profile settings. And mandatory by itself is a great solution albeit the limitations on the breadth of personalization - which the amount of personalization afforded by a mandatory solution is probably adequate for many scenarios. While you can redirect folders like My Documents, Favorites, Cookies and others, the ability to change anything registry related is prevented e.g. wallpapers, application configurations and such. But if you try to combine this with something like Profile management to enable those changes, how are you going to restrict what does not get saved? You would need to create an exclusion list of all the settings you want enforced (and thus excluded from being saved). Doable on a few settings but it will get unwieldy really fast. And I am willing to bet it's going to be harder than Group Policy to manage before long. In the end, it seems capturing all the settings and using Group Policy to enforce setting as required is the way to go and thus the direction for our profile management solution.

Finally, let's address the capability of having a base profile to start with. We do offer a template profile capability which you could think of as a Global Default User profile. When a user logs onto Windows and does not have an existing profile (be it local, mandatory, roaming or TS), Windows creates a new profile for that user based on the Default User profile located on that current machine. The fun of this is unless you want to sync all the Default User profiles across all the machines a user might likely log onto for the first time, the starting profile will different (although often only slightly) from user to user. Might not be a big deal initially or on smaller scales, but will be more problematic as your environment expands and grows.

The purpose of the template profile is to enable a consistence starting point for a new profile being created no matter the machine. The template profile can leverage a copy of the mandatory profile you use today but you just need to rename the NTUSER.MAN back to NTUSER.DAT (so no you can't use the same one as both the template and a mandatory). And the template profile has to be complete (e.g. the entire directory structure and NTUSER.DAT). Also keep in mind that this is used for profile creation. So changing the template is fine, but only affects new profile being created and not existing ones. Need to change or enforce a setting for all users? Then we are back to using Group Policy for those situations.

So that is where we stand today with our Profile management feature (a feature of both XenApp (Enterprise and Platinum) and XenDesktop (Advanced, Enterprise and Platinum). Of course this is always open to debate and discussion if you have scenarios that illustrate weaknesses to this approach that Citrix should pay more attention to addressing.

DABCC will be hosting a webinar Nov 4, 2009 on Web Interface customization leveraging Extentrix Web Optimizer ... details here: http://www.dabcc.com/media.aspx?id=647

You can register through the above link. Key topics covered:

– Make your Web Interface "look and feel" consistent with your corporate and intranet web sites
– Quickly add custom graphics and themes
– Simple and easy to use interface and available quick start templates get you up and running quickly
– Unrivaled support for mobile devices

My role allows me to speak with many different people (customers, technologists, coworkers, administrators, etc). I've been able to see presentations comparing the different desktop virtualization solutions out there.  One of the problems I see is that many of the solutions only focus on one aspect of desktop virtualization, and that is the VDI model. 

VDI is only one aspect of the entire desktop virtualization solution.  This is a concept that many fail to comprehend. For example, I attended Gartner ITExpo last week and was amazed at how many people I talked to only thought about the VDI scenario (you know VDI, allowing you to have a remote virtual desktop running on a hypervisor in the data center).  When I talked to people about the other options, I could see their eyes light up.  

If you are reading this and only know about the VDI version, the I suggest you take a look at FlexCast to get a better understanding at all of the different options out there (FYI, even the CIO magazine identifies there is more to desktop virtualization than VDI). But in a nutshell, here's the deal... desktop virtualization includes:

1. Hosted shared desktop
2. Hosted VM-based VDI desktop
3. Hosted blade PCs
4. Streamed local desktop
5. Virtual Apps to installed desktops
6. Local VM-based desktop

I want to focus on the Streamed local desktops scenario. This is the one that really got people's attention at Gartner.  Why?  Because most organizations do not do a big bang effect of replacing their end point devices. Instead, most have a rolling lifecycle where each year a portion of the endpoints are upgraded and over the course of 3-4 years the entire desktop environment has been upgraded. Once the process completes, it starts over, never ending.  
 
Let's now say you are embarking on a desktop virtualization project.  It seems like  a waste of resources and money to idle those desktops that are only 1 year old. They are powerful enough to run Windows 7 and the latest applications, so why would we not use the hardware we already have?  This is where the streamed local desktop comes in. It uses the same XenDesktop infrastructure, the same OS images, the same application layer and the same personalization layer.  The only thing that changed is the hardware layer.  
 
As money always seems to speak louder than words, think about it this way: If you have 3,000 desktops and they are replaced every 3 years on a rolling cycle, that means 1,000 of those desktop are less than 1 year old.  If you estimate 50-100 virtual desktops on a hypervisor (XenServer, ESX or Hyper-V) then you need 10-20 fewer physical servers, which is a substantial cost savings (and even greater if you are using a hypervisor that costs money).

So I encourage all of you to not think about the VDI-only solution but instead to look at your environment as a whole. Chances are you will see that VDI-only might work for you, but probably isn't the best way to run your business. Think about it this way... You can create documents in Notepad, but would you really base your business on a solution that only does one thing, or would you use a more complete solution like Microsoft Word that gives you options?  

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• For the latest desktop virtualization information visit the Ask the Architect - Next-Generation site
• Questions - Then Ask The Architect

I have recently returned from Gartner ITExpo in Orlando.  It was quite interesting, especially some of the thoughts they had around the economy and impending recovery.  One thing stated during the conference should not be a surprise to anyone, during a recession you save your money by not taking on any new projects. By not implementing beneficial upgrades to your systems. By not delivering newer versions of your applications to users.  

This does have the benefit of saving money, but this can only go on for so long.  Eventually, your competitors will stop saving and start expanding. Where will you be?  

We are at a very unique inflection point that can have lasting ramifications to your IT infrastructure.  We are:

1. Coming out of a recession. We are very likely to see a slew of projects going across the tables to install this or upgrade that. So it is looking like the next 1-2 years will have IT taking on a lot of tactical projects.
2. Getting ready for a major operating system upgrade with Windows 7. Whether you are ready or not, Windows XP doesn't have much time left, and most people are skipping Windows Vista. How are you going to migrate?
3. Able to do things that were unheard of in previous years. We can virtualize a massive server into small chunks, we can do the same to an operating system, applications, and the user's personalization layer and deliver it to any type of device imaginable (phones, PCs, MACs).  

So what does this mean? It means you can continue running your environment like you have for the last 10-20-30 years, or you can ask yourself one simple questions: "Is there a better way?"

We have a very profound opportunity to correct the issues of the past.  And if we do it correctly, the resources required to update, maintain and support our environment will greatly reduce.  So when the next recession comes around, your organization will be ready with a fast and streamlined approach towards maintaining your IT environment as well as continuously providing new services.  But where to begin?  

Take a look at your infrastructure. What area requires a lot of time and resources to maintain?  Probably your desktop environment.  Let's investigate and fix it, but let's do it right.  Make sure you look at all aspects

1. The users: what do they need and how do they work
2. The devices: what type of devices, what capabilities
3. The locations: where are they located, what bandwidth pipes are available
4. The applications: how many are there, what level of dependencies do they have, who uses what

This information is critical.  This is what you need if you want to do the desktop virtualization solution correctly, from day 1.  Is it going to be something you can do in 10 minutes? No. Is it something you can implement in 1 hour? No. Why?  Because we are taking something that is seriously complex and trying to create a solution that can scale and simplify our lives. So during the next recession, we won't have to stop delivering new services, but can forge ahead and beat your competition with an entirely new delivery solution.  
Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• Ask the Architect - Next-Generation site
• Questions - Then Ask The Architect

We have had a great discussion going about user-installed applications and the need/risks associated with this type of solution. One of the comments I received in favor of allowing users to install applications was around Firefox. For those of you who don't use Firefox, there are thousands of add-ons a user can install to customize their browser experience. I personally have about five different add-ons configured with my Firefox implementation.

Now I've been advocating the need for IT to have a process in place that can handle the expansion of the application pool for the users as needed by:

1. Taking user requests for new applications/tools
2. Validating the need
3. Delivering in a timely manner

This is all well and good until we get to the topic of these add-ons. I don't expect any IT organization to have a requirement to support the add-ons. There are thousands of them. Think about it, do you really expect your IT to be spending time messing with these add-ons? And what would it look like for the user? A Firefox application with thousands of add-ons? CRAZY (I do wonder at what point that app would crash. Maybe need a MythBuster episode on it)

All of the sudden, I had a very enlightening experience. I just got my new XenDesktop 4 environment built. I went in an started to personalize my environment, including my 5 Firefox add-ons (remember I'm using pooled desktops from a single base image with roaming profiles). The next day, when I logged onto my virtual desktop, my Firefox starts up and BAM all of my add-ons are still there?!?!

I did some investigation into this. Well, this is an example of an intelligent application design. The add-ons are located within the user's profile (the roaming portion). User's are able to customize the Firefox application without any special tools/utilities. The discussion about Firefox and the add-ons is now a non-issue as the application manages this for us.

So, 1 application down, only 999,999 to go   The point is you need to test before deciding if something will or will not work.

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• Ask the Architect - Next-Generation site
• Questions - Then Ask The Architect

With the release last month of HDX 3D for Professional Graphics as a feature of XenDesktop, Citrix now offers two alternatives for delivering high-end 3D graphics from hosted applications. Let's compare these two solutions.

HDX 3D Pro Graphics on XenDesktop

Our premier solution for 3D professional graphics is based on hosted Windows desktops and works with either the XenDesktop 3 or XenDesktop 4 Desktop Delivery Controller. HDX 3D Pro Graphics features our most advanced technologies for data compression, making XenDesktop the best solution on the market for delivering 3D graphics to remote workers. For top level performance, we offer GPU-based compression, leveraging NVIDIA graphics processors with 96 or more CUDA cores. The compression level is automatically adjusted based on bandwidth. Just below that is CPU-based JPEG XR compression (no special GPU required). JPEG XR (the 'XR' stands for 'Extended Range'), formerly known as HD Photo, is an ISO/IEC standard for high dynamic range image encoding. These compression options are supported by the HDX 3D online plug-in for Windows, a special version of the ICA client. With advanced compression and other clever innovations, HDX 3D Pro Graphics delivers a good experience even at 2 Mbps and 200 ms roundtrip latency. And, of course, it delivers a high definition "like local" experience on high bandwidth, low latency connections.

Application compatibility is excellent with HDX 3D Pro Graphics because the applications run on a standard Windows XP operating system (and Windows 7 support is in development). It doesn't matter whether the applications use DirectX/Direct3D or OpenGL or whatever. HDX 3D supports True Color, important when a very large number of colors, shades, and hues need to be displayed, as with high quality photographic images or complex graphics. Customers are already using HDX 3D to work with models with more than a million parts, and 64-bit OS support is coming soon, which will enable huge amounts of memory to be addressed.

These comments from our customers sum it up best:
• So far this is the only product to have anywhere near acceptable performance
• Everyone is loving it
• 50 to 75% better than our existing solution
• In pure Swedish, it is "sh$@#ing good"!
• At 1.5 Mbps it is still very usable
• We have been extremely impressed

HDX 3D on XenApp for Windows Server 2008

For many organizations, HDX 3D on XenApp provides a great solution for delivering professional graphics, since Windows Server 2008 now enables a graphics card to be used for 3D rendering on Terminal Services / Remote Desktop Services. While hardware acceleration is limited to DirectX/Direct3D-based applications, that may be all you need depending on the specific applications your end users require. OpenGL based applications are CPU-rendered but they perform much faster on 64-bit Windows than on 32-bit so you may find that to be adequate. Of course, if you really need hardware acceleration for your OpenGL applications, go with HDX 3D Pro Graphics on XenDesktop.

Compression options with HDX 3D on XenApp are not quite as extensive as on XenDesktop but are generally sufficient for intracontinental WAN access. The highest level of compression is obtained by selecting Heavyweight JPEG, a special variant of JPEG that uses arithmetic encoding instead of the normal Huffman encoding. It gives a further reduction in bandwidth of around 10 to 20% without changing the pixel quality at all (compared to standard JPEG), at the cost of higher CPU consumption. With Progressive Display, users get a responsive experience even over WAN/Internet connections because images are delivered with lossier compression while being moved and quickly resolve to full resolution when motion stops.

A single graphics card in the server can support multiple concurrent users, depending on their usage characteristics. I spoke with a customer using an entry-level NVIDIA FX 370 GPU and they support four concurrent users on an HP 360 G5 server with a dual-core Xeon processor and 4 GB of memory running 32-bit Windows Server. They estimate that they will be able to support 12 to 16 simultaneous users on a dual quad-core server with 64-bit Windows Server and 32 GB of memory. Again, it depends on the application and the work profile of the users. A more powerful GPU, like the NVIDIA FX 5600 or 5800, will help with scalability, too.

HDX 3D on XenApp supports lossless compression (important in Healthcare), but color depth with DirectX hardware acceleration is currently limited to 16-bit High Color. True Color support (16 million colors) is offered with CPU-based rendering, and True Color with GPU hardware acceleration is planned for the near future, making HDX 3D on XenApp a great option for delivering PACS applications over hospital campus networks.

A Look Ahead

How will these technologies evolve in the future? 64-bit Windows XP and Windows 7 support is planned for HDX 3D Pro Graphics on XenDesktop, and True Color support is coming soon for HDX 3D on XenApp. Windows Server 2008 R2 is likely to bring some benefits, too. And as the graphics and hypervisor vendors introduce GPU virtualization, we expect to leverage that on both XenApp and XenDesktop; some exciting progress in this area is already happening in the lab. Expanding the VM Hosted Apps feature of XenApp to encompass 3D graphics apps would be a natural step.

Tell Us about Your Experience with HDX 3D

If you're using either of the HDX 3D technologies described above, I'm sure other customers would like to hear your story. Please tell us about the 3D applications you deliver, your data center and network, and how your users are benefiting.

Derek Thorslund
Citrix Product Strategist, HDX

There has been a lively discussion going on in the VDI related Blogosphere kicked off here by Dan Feller and Brian Madden here. This issue of whether or not to allow "User Installed apps "exemplifies the dichotomy that IT Pros struggle with architecting a system that meets the business challenges of security, cost, and compliance plus at the same time satisfying the needs of knowledge workers with high demands and expectations.

As VDI expands from task oriented deployments to broader general purpose PC replacement scenarios this issue is likely to gain more attention. Most companies don't condone user installed apps but many do allow users to have administrator rights to their work PC and may look the other way regarding what an individual installs on their own. When it comes time to virtualize everything for VDI however now they need to pay attention. But how big an issues it ?

Dan indicates from an IT best practice standpoint it is better to develop an effective workflow that speeds and automates the IT approval, packaging, and delivery of new apps that individuals need to be productive. Will knowledge workers accept this solution ? As the commenter's indicate, this works for some but not all situations. Brian Madden proposed another alternative, just give the power users a second VM for unique/personal apps. Keep the corporate VM pristine under IT control and let users have their own separate sandbox if warranted. This may be a bit of a brute force solution but would work If the costs are justified. I like it because I do it myself now, although I use lab VM's as a sandbox vs IT delivered VM's. The commenter's however also found issues with this solution due to costs plus compliance issues about what SW/data gets installed into those user VM's. Some offered up BYOC as a solution if users really needed their own environment. There are many 3rd parties looking to enable User Installed apps as well, however even if the technical challenges are solved will IT support/endorse/allow this? Let me put forth another option/proposal, sometimes when I'm on a system thats not mine or a thin client I connect to my home PC via GoToMyPC and keep it running as long as I need it. This gives me access to apps that are not provided by IT, I have all the freedom to install what ever I want and IT doesn't need to deal with infrastructure costs or compliance issues. Yes this assumes that the power user has their own powered on PC and GoToMyPC does not currently have all of the features I might want for this solution, but you get the idea.

Let us know what you situations you face, is it a problem and do you see a solution for it? If you have another idea or comments on the above, please share it.

As the first opportunity to really interact with customers and partners on a large scale after the XenDesktop 4 and FlexCast announcements, Tuesday's CitrixLive!was a really exciting day for many of us at Citrix.  Ron Lott, Frank Anderson and I had the opportunity to do the Q&A sessions for FlexCast, our name for the uniquely numerous methods Citrix has of delivering virtualized desktops and applications, all under one product, XenDesktop 4.  As my XenDesktop counterpart SME, Frank is an incredibly savvy technologist and fellow Citrite, with a rather impressive employment history with some of Citrix's largest and most successful partners, customers, and XenApp rollouts.  I knew him when he was at Disney and Emory, but have really enjoyed watching him work over the last couple of years in a vital role on our XenDesktop product team... just a great guy to work with.  But I digress...

Back to FlexCast and the delivery options:

Simply put, FlexCast is all about enabling the broadest class of capabilities under a single product from a single vendor, in order to enable IT buyers and engineers to focus on the right implementation for their environment and users, without getting caught up in what many are finding to otherwise be a costly, multi-vendor solution that usually doesn't quite cut it.

After some of the questions on FlexCast during the CitrixLive! Event on Tuesday I thought it would be a good idea to start a blog series about FlexCast On-Demand Apps by presenting the matrix of application and desktop delivery options included in XenDesktop 4.  Dan Feller has posted a quick video over in his "Ask the Architect" Blog that goes into this as well.  Dan's posts are always a great resource so please check them out.  In follow on posts we will go into more detail about specific implementations from this matrix, which grows much larger when you take into account that some users actually use multiple desktops and scenarios, sometimes all at the same time.

In the matrix I have included traditional installation as "End-point Installed", not to include it as part of FlexCast, but to acknowledge it in perspective to the options enabled by FlexCast. 

I have also separated "Online streamed/app-v" and "offline application streaming/App-V" in order to clarify the target platform for these on-demand delivery types. "Offline" in the Citrix vernacular describes the ability of an execution platform to run an isolated app without requiring an active connection to to a back-end XenApp server. 

App Type \ Desktop Type	Hosted Shared Desktop	Hosted VM-Based Desktop	Hosted Blade  Desktop	Local Streamed  Desktop	Local VM-Based  Desktop	Installed Desktop
Online Installed
Online Streamed to Server
Online App-V Streamed to Server*
Offline Application Streaming
Offline Microsoft App-V**
End-point Installed***		3rd Party	3rd Party	3rd Party	3rd Party	3rd Party

    * Requires Microsoft VDI Suite - Premier
  ** Requires Microsoft VDI Suite - Standard
*** Manual or 3^rd Party ESD installs are not part of FlexCast 

As you can see, there are 28 discreet options to be considered for any single desktop implementation. This can at first sight be a little overwhelming.  I would argue that this is much less overwhelming than being forced into one particular desktop or application delivery solution and then trying to address all of the complexities of a growing number of access scenarios (i.e. are all of the users on campus? How many branches do we have to serve and what are the idiosyncrasies of each one?  What do you mean the CEO is working from a remote island with crappy internet access, next week, but still wants to work like they are on the dedicated 10Gb link we installed in his office yesterday)  OK, maybe that last one was a bit of an exaggeration, but you get the point. 

With all of the other considerations to take into account, being hobbled by any solution that can only address the problem in a single, specific way, because that is all it can do, is often like painting a car with push broom, yep the paint will go on, but is the end result really what you were hoping for?  Citrix FlexCast pretty much covers every consideration that needs to be taken into account for cost effective desktop and application delivery.  Especially in light of current economics and increasing budget constraints, let alone consumer based end-user expectations that are outpacing the current capacity of corporate IT to deliver acceptable usability and service levels.

In the flexibility line of thought and in light of all of the pressure we are all under in a down economic climate, I'd like to share an excerpt that hit me from one of my favorite books while I was looking at this matrix and reflecting on the great opportunities that On-Demand Apps and XenDesktop 4 introduces.

All three quotes are from one book, they are not in sequence but they cover three thoughts...

The opportunity: 
"Congratulations!
Today is your day.
You're off to Great Places!
You're off and away!
You have brains in your head.
You have feet in your shoes.
You can steer yourself any direction you choose.
You're on your own. And you know what you know. And YOU are the guy who'll decide where to go."
 
The Trap to avoid:

"You can get so confused that you'll start in to race down long wiggled roads at a break-necking pace and grind on for miles across weirdish wild space, headed, I fear, toward a most useless place.

The Waiting Place...for people just waiting."
 
The Reward for getting it right:

"Oh! The Places You'll Go!

You'll be on your way up!
You'll be seeing great sights!
You'll join the high fliers who soar to high heights.

You won't lag behind, because you'll have the speed. You'll pass the whole gang and you'll soon take the lead. Wherever you fly, you'll be best of the best. Wherever you go, you will top all the rest."

Wow, I almost feel like Stuart Smalley after that one, anyway thanks for allowing me the tangent, and oh yes, thanks Dr. Seuss, one of the 20th centuries greatest philosophers!

Now, back to business... I am looking for the community to help this blog series evolve by asking questions, sharing examples, and pushing us to deliver more in those areas where you have real pain but no real solution yet.  These are the things that I would really like to be talking about, so let's have at it!

Kurt

It's been a very hectic week and a bit since Citrix announced XenDesktop 4. As owner of the Trade-up to XenDesktop 4 program for XenApp customers, I have been fielding lots of questions from partners, analysts, customers and Citrites as the word has been spreading rapidly. I thought it would be a good idea to follow up with a blog post series that captures many of the questions and answers.

Before I get into the first question, let me do a quick refresher on the program. First, the program is designed to make it very easy and attractive for any XenApp customer to trade-up to XenDesktop 4. Any customer, who is current on Subscription Advantage (SA) that Trades-up all their licenses to XenDesktop 4 at once, gets 2 XenDesktop 4 user or device licenses for every 1 XenApp concurrent license. The pricing is such that they save 80% off the purchase of new XenDesktop 4 licenses. If a customer doesn't want to trade up all their licenses at once, they can trade-up a portion of them and receive 1 XenDesktop 4 user or device license for every 1 XenApp CCU. Pricing is set such that the customer saves up to 70% off the purchase of new XenDesktop 4 licenses. In both cases, customers can use their existing SA renewal budget to fund the bulk of the Trade-up. This program is similar to the Upgrade to XenApp Platinum that we introduced to coincide with the launch of Platinum in Q1 of 2007 and was very well received by our customers. In fact approximately 70% of the upgrades to Platinum happened at SA renewal time.

If a customer has expired SA, no problem. They can Trade-up any Enterprise or Platinum licenses going back to MetaFrame XP. Pricing is set such that the customer saves up to 50% off the purchase of new XenDesktop 4 licenses.

In all cases, customers get another year of Subscription Advantage and when they renew, they do so at the lower XenDesktop 4 rate.

One of the first things that comes up is - "who should consider the Trade-up?" Before I answer, consider the following two key points. XenDesktop 4 contains all the functionality of XenApp (including the latest goodies introduces in XenApp 5 Feature Pack 2 like VM Hosted Apps, HDX enhancements for Flash and Power and Capacity Management) as well as all the latest XenDesktop 4 features (such as FlexCast Delivery Technologies). Customers who Trade-up and implement XenDesktop 4 can leverage all their XenApp experience to deliver apps the way they always have and full virtual desktops as well. What is even cooler is point two. If you Trade-up your licenses now, you don't have to implement XenDesktop 4 until you're ready. Your current XenApp implementation will run on your new XenDesktop 4 licenses. You can update your infrastructure when you're ready. One last little pitch. XenDesktop 4 works with any existing storage management and server virtualization infrastructure (including VMware).

All that said really any customer who has a concurrency ratio of 2:1 or less or multiple users per device should consider the Trade-up. If your organization is thinking about desktop virtualization now or in the future, you should consider the Trade-up. If you're about to embark on a desktop refresh with Win 7 and are looking at ways to reduce desktop management costs, consider the Trade-up.

Let's look at an example of a customer who has 1,000 licenses of XA Platinum at a 2:1 concurrency ratio and is considering Trade-up (Please note that prices here are SRP. No volume discounting has been applied). Of course, first thing they would do is go to the Trade-up calculator to check out the dynamics. If the customer Trades-up 100% of their licenses, they'd get the 2-for-1 and would have 2,000 XenDesktop 4 user or device licenses. To fund the Trade-up, they'd take their $50,000 of budgeted SA renewal and add $45,000. Now they have the ability to deliver full virtual desktops as well as applications. The renewal rate of SA the following year would be based on the $35/user or device and would be $70,000. Not bad considering they have more than twice the functionality they had before and double the number of licensed users or devices. Plus, the licensing flexibility gives the customer to provide access unlimited virtual devices per user or unlimited users per virtual device depending on whether they choose a per user or per device model.

We worked hard to make it easy for our customers to add desktop virtualization to their working XenApp implementations, to minimize risk and to reward them for their loyalty.

Probably enough for the first post. More to come.

Bill Hartwick, Sr. Director of Product Marketing for XenApp

Award nominations for Citrix

Citrix wanted to let you know that some of our products have been nominated for the SYS-CON Virtualization Reader's Choice Award and the Cloud Computing Readers' Choice Awards. These awards recognize excellence in the virtualization and cloud-based software, solutions or services provided by the industry's top vendors.

We wanted to let community members know about this nomination, since the final award winners will be determined through a public voting process. The voting period for these awards is now open and will end on Oct. 23 .

If you feel inclined to vote for a Citrix product for one of these awards, we would appreciate your support! To vote, please visit the Virtualization Readers' Choice Awards and the Cloud Computing Readers' Choice Awards voting pages. You will need to include your e-mail address and select one product in each category. Then, place your vote by clicking "vote now" on the bottom of the Web page. Award winners will be announced the week of Nov. 2.

Thank you for your consideration!