2008/08/01
How Do You Make Technology Decisions? Part II
Last changed: Aug 01, 2008 15:29 by Barry Flanagan
Labels: google, vote, poll, citrix, wikipedia, blogs, provisioning-server, xenapp, xendesktop, xenserver, technology solutions, idea storm, nonspecific, lang-eng I an earlier post, I asked "How do you make Technology decisions?". According to a recent survey, Google is by far the most used tool by technology buyers (83% ALWAYS use Google). The poll on my post found similar results.
 Again Google is the clear leader, but not nearly by the same margin as in the external survey. I am curious if the is partly because the question in the poll was phrased a bit differently.
2008/08/04
Shedding some light on XenApp on XenServer performance tuning
You won't be surprised to hear that we spend a lot of time improving XenApp performance when running on XenServer. Although there are some good benchmark comparisons available (such as the Tolly Group report), I still get a lot of customers asking about what the "secret sauce" is. I sat down with George Dunlap, the lead XenServer performance engineer to chat about the very first optimisation we did back in XenServer 4.0 last year. Before we dive in, we first need to explain how a normal operating system handles memory. George explains: "Modern desktop and server processors don't access memory directly using its physical address. They use 'virtual memory' to separate the addresses that processes use to read and write memory from the actual memory itself. This allows operating systems to hide from processes all the dirty details of how much memory there is, where in physical memory the process needs to write to, and so on." "However, the actual processor still needs to translate from a virtual address to the physical memory address in order to actually read and write any memory. This translation is done with something called page tables." "Page tables are used to implement virtual memory by mapping virtual addresses to physical addresses. The operating system constructs page tables using physical memory addresses, and then puts the physical address of the "top-level" page table into a hardware register called the 'base pointer'. Then the processor will read these page tables to translate virtual addresses to physical addresses as needed, before reading and writing to physical memory." Most modern processor types have some sort of paging mechanism, although XenServer is specifically tuned for x86-64 CPUs. An excellent book on the general topic is Modern Operating Systems by Andrew Tanenbaum. When XenServer creates Windows VMs, it takes advantage of the virtualization extensions in modern CPUs, which requires special memory handling in Xen. George explains this further: "When we create a virtual machine, we virtualize the memory as well; that means that the guest operating system's idea of physical memory does not match up to real physical memory on the host. Traditionally, what the guest thinks of as physical memory is called "physical memory", and what the hypervisor thinks of as physical memory is called "machine memory". Since this terminology is a bit confusing, Xen tends to call what the guest thinks of as physical memory as "guest physical" memory, just to help make things more clear." "This means that any fully-virtualized operating system, like Windows, will create page tables using guest physical memory, and will point the base pointer at the guest physical address of the top-level page table. Unfortunately, the hardware still needs to map from virtual memory address to machine addresses, not guest physical addresses." "In order to allow this to happen, the hypervisor sets up shadow page tables. These page tables are generated by the hypervisor are copies of the guest page tables, but with the guest physical addresses converted into machine physical addresses. The guest cannot access them directly, and they don't reside in the guest's physical memory; they're generated out of a pool of memory that the hypervisor allocates when a VM is created, called "shadow page table memory"." "What this means is that whenever the guest operating system wants to map some new memory, after it writes the data into the page table but before it can actually use it, the hypervisor needs to translate the change to the guest page table into changes to the shadow page table. So any workload that involves a lot of this will necessarily involve the hypervisor a lot, which causes overhead." So shadow page tables are our mechanism of giving a guest an interface which is identical to real hardware (so it doesn't need to be modified), but still intercepting changes before they reach the real hardware. You can find more details from the XenSummit 2006 talk or from the 2005 NSDI paper. So how is this all relevant to XenApp performance? Back to George... "The hypervisor allocates a certain amount of memory for each VM to use for shadow page tables; this is called shadow page table memory. As new page tables are created and old ones aren't used anymore, the hypervisor cycles through this shadow page table memory. When it needs a new page and there isn't enough, it will 'unshadow' the guest page tables that haven't been used for the longest time to reclaim shadow memory, so that it can use more." "We don't know ahead of time how much shadow memory a given workload will use, but we can estimate based on the amount of memory that the VM has. We allocate enough shadow memory for each page to be mapped once, more or less, then add an extra 50% to have some slack. For all the workloads we've tested, that's been enough – except XenApp." "XenApp is the one workload we've found that requires more shadow page table memory than our standard default. Because XenApp generally starts hundreds of copies of the same process, the same memory ends up mapped in hundreds of different processes. What happens when all of those processes are active is that XenServer is continually unshadowing one process' page tables in order to shadow another process' pagetables; only to have to re-shadow the original ones a second or two later when it runs again! This is called thrashing, when there's not enough of a limited resource." Once the bottleneck was discovered, the solution was simple. In XenServer 4.1, we created a special XenServer application template called "Citrix XenApp", which has an increased shadow multiplier that reserves more shadow memory for the guest when it starts. This is also a good example of how templates hide the complexities of performance tuning from the user, but still permitting custom modifications if they are required. For example, on your XenServer host with a VM called "XenApp", you could view the shadow multiplier by using the CLI: # xe vm-list name-label=XenApp params=HVM-shadow-multiplier The same value is also available from XenCenter in the Optimization pane, but of course do remember that the default value was chosen through extensive testing and doesn't need to be changed. Most of the other templates in XenServer also have carefully tuned settings (e.g. the hardware platform flags) to ensure smooth running, or in the case of Linux templates, to support para-virtual installation. This is why it's so important that you not use the "Other Install Media" template in preference of a more specialised one! I mentioned at the beginning of this post that this was the first of many XenApp optimisations. We've just released the public beta of the latest XenServer ("Orlando") which is even faster. The story of what those improvements are, and the tools which George and his team uses to analyze the inner workings of Xen, are a topic for a future post. For now, get downloading XenServer and start virtualizing your XenApp installations! Or if you're feeling inspired, go over to xen.org, check out the source, and get coding...
Disabling SMB signing for CIFS optimization
Last changed: Sep 17, 2008 16:06 by Amos Gregory
Labels: netscaler, acceleration branch repeater cifs citrx layer microsoft optimization smb tips utipu wanscaler netexpert tips help, lang-eng This video TIP will demonstrate how to disable SMB signing within a CIFS environment. The Citrix WanScaler optimizes the Microsoft CIFS protocol, this protocol which was designed for a LAN environment has a very high overhead and is bandwidth intensive. CIFS deployed over a WAN environment may provide unpredictable performance and user experience. SMB signing digitally signs the CIFS protocol between two Micosoft servers. When SMB signing is enabled then the WanScaler cannot inspect the signed CIFS traffic. One must note, that even with SMB enabled the WanScaler will acccelerate layer 4 TCP traffic and some performance improvement will be seen. If an administrator wishes to experience the high gains of actually optimizing CIFS you must disable SMB. Watch this Video Tip:
Special Characters with PowerShell
Last changed: Aug 04, 2008 14:46 by Peter Schulz
Labels: xenapp, powershell, escape, workflow-studio, workflow studio, connect to farm, nonspecific, lang-eng There was a question on the forums about calling the XenApp task Connect To Farm when using a domain user name. Since we are using PowerShell heavily under the covers the string passed in to this task for the username needs to use the PowerShell escape character whenever a reserved character for PowerShell is in the string. I searched Microsoft's site, but couldn't find much detail out there on this so I wanted to clarify here: The escape character for PowerShell is the grave-accent character "`" (which on US keyboards should be in the upper-left of the keyboard to the left of the number 1. I haven't been able to find much posted on reserved characters on Microsoft's site, but here is a good article that highlights what is in the PowerShell help documentation: http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan08/hey0117.mspx Here is the list of characters from that article: $
( )
*
+
.
[ ]
?
\
/
^
{ }
|
If you need to use any of those characters in a string then you will need to escape it with the ` character. For example, to pass in a domain username to Connect to Farm in XenApp then you will need to pass in "domain`/user" instead of just typing "domain/user".
XenServer "Orlando" Disaster Recovery
Last changed: Aug 04, 2008 16:27 by Joel Stocker
Labels: xenserver, xenserver, disaster recovery, lang-eng Citrix recently opend up the public beta of the next XenServer release (read more about it [here]).
One of the new features in this release is a simplified way of backing up and restoring the Virtual Machine metadata for Disaster Recovery. Check out the video below to find out how simple this is.
What the $_
Last changed: Aug 16, 2008 23:07 by Peter Schulz
Labels: $ , powershell, workflow-studio, workflow studio, where object, nonspecific, lang-eng When you build a workflow using some of the PowerShell tasks you may come across a need for the special variable "$_". This variable represents the current pipeline object in PowerShell and is used in workflow tasks to refer to the passed in 'Input' object. One case where this comes up often is with the "Where-Object" task. When using this object your "Filter Script" property will typically contain something that looks like this: $_.Status -eq "Running" The above means to return all items from the Input object where the Status field is "Running" I found this site that does a great job of explaining the special variables in PowerShell if you want to explore further: http://www.computerperformance.co.uk/powershell/powershell_variables.htm That site has a lot of tutorial pages on PowerShell covering the escape character I talked about in my previous post as well as a good summary of PowerShell syntax. I find myself on that site often from searching for PowerShell topics and often find answers there.
PAE This!!! Optimizing XenApp
Last changed: Aug 05, 2008 09:48 by Daniel Feller
Labels: xenapp, virtualization, architecture, design considerations, lang-eng Memory is a big concern for XenApp on a 32bit operating system like Windows 2003 Server. In the default state, Windows 2003 can only "see" 4GB of memory, which is split up into two equal parts: Kernel Memory (2GB) and User Memory (2GB). Kernel Memory is further broken down into 4 other parts:
Once the system has started, the different sections of kernel memory cannot be re-allocated. The system tries to allocate these 4 areas appropriately, but they might require "tweaking". However, the four areas cannot all be set to the maximum level as that would go over the 2GB limit of kernel memory.
Many of you are probably saying, "But I can use the PAE switch on Windows 2003 to go above the 4GB limit". You are correct, you can go above the 4GB limit, but are you aware of the consequences of this action?
Talk about being between a rock and a hard place. Adding more RAM and enabling the PAE switch "might" give you more scalability but at a great cost for a more expensive operating system, more RAM and special optimization configuration analysis and implementation. The reason I said "might" give you more scalability is because you will now likely run out of kernel memory before you run out of user memory. So you just bought a more expensive operating system and more RAM that will sit there wasted.
Now I know some of you will add a comment saying something to the effect that you are using the PAE switch and ended up increasing single server scalability by 60, 70, 80 or even 90%. All I can say is congratulations and I applaud you Keep using Windows 2003 Standard but virtualize it with XenServer. Upgrade the RAM on the physical servers so it can support 2-4+ virtual servers. In the end, you will end up with a system that is more flexible, scalable and easier to manage.
If you interested in learning more about sever virtualization for XenApp, then take a look at the following:
Daniel Homer Quote of the Blog: "To be loved, you have to be nice to others EVERYDAY! To be hated, you don't have to do squat."
Making Server Virtualization Work for XenApp - TechTalk Q&A
Like I said in the recent TechTalk on server virtualization for XenApp, because there were so many questions, i was going to post answers to them all in a blog. And this is the blog. First, many of you wanted the addresses for the reference materials i identified in the webinar. Here they are: http://xenserver.citrix.vivoconcepts.com/prg/form/Citrix_runningxenapponxenserver_080225.cfm Q: Is all this done on a Citrix appliance or is it all software based and we provide the hardware? A: Running XenServer is all software based. You install XenServer, which takes roughly 10 minutes, on a physical server. From there you can split up the physical server into any number of virtual servers. A free version of XenServer Express and an evaluation version of XenServer Enterprise can be downloaded here: http://www.citrix.com/site/SS/downloads/results.asp?productID=683148* *\\ Q: What is the best resource for researching the possibilities of XenApp? A: With regards to virtualization and recommendations, I would suggest the following materials, which covers different types of configuration, practices, considerations, how to do it, and much more.
Q: What about network utilization with regards to Provisioning Server? A: Network utilization is important for Provisioning Server in that the operating system image is streamed down to the virtual server. With a base Windows 2003 Server, the install size is roughly a few GB. However, Provisioning Server does NOT stream that entire image to the virtual server. Provisioning Server ONLY streams materials as needed. In fact, booting a Windows 2003 Server only streams a fraction of the multi-GB actually used in the install. Q: Is Network Storage iSCSI or Fiber connection? A: When you virtualize the disk with Provisioning Server, you essentially do not have any storage assigned to the virtual server. Yes, you read that right, you don't assign storage to the virtual server because the image is streamed on-the-fly. It is actually pretty wild to think about. Provisioning Server should be on an enterprise storage solution like a NAS or a SAN for high-availability and high speed of delivery to the virtual server. I know the first time I had discussions about Provisioning Server I was like, what do you mean there is no disk. But it is true. If you stream to the physical server, you can completely unplug the hard drives. In the virtual server world, you just don't assign disks to the server. With this type of solution, you end up not having to worry about GBs and GBs of storage required for a virtualized XenApp solution. In fact, I've seen customers use Provisioning Server to help them migrate to newer versions of XenApp. Right now, let's say you are running XenApp 4.5 installed on physical servers. When the next release of XenApp arrives, you create your image with Provisioning Server and stream the image to the servers (physical or virtual). If you run into challenges with the new version of XenApp, your fallback procedure is to use the hard drives again, which still contains the XenApp 4.5 installation. Pretty cool if you ask me. Q: Would XenServer bundle with P2V tool for free? Or we have to buy PlateSpin P2V tool? A: The P2V tool, when it is released, will be free. You won't need to buy any third-party tools to do P2V conversions. Q: We have VMware ESX Enterprise already. Should we get XenServer for our XenApp farm? What are the advantages? A: I'm not a Sales person so I don't recommend products just because it is what we sell. So when talking about virtualizing XenApp, first understand that XenApp is a unique beast. It doesn't behave like other systems within the data center. It must support hundreds of users simultaneously. This requires lots of memory, lots of context switching, lots of disk access. It is different than let's say Exchange or SQL Server. Before XenServer 4.1, I would have been hard pressed to recommend XenServer as a viable solution for XenApp. In fact, most virtualization solutions would not have dealt with XenApp effeciently. But look what happens when XenSource became part of Citrix. Our engineers (XenApp and XenServer) worked together to re-architect the hypervisor to perform remarkably better for XenApp virtual machines as compared to the 4.0 version of XenServe. That being said, XenServer is optimized for the XenApp workload. Instead of making you perform some low-level funky "tweaks" the hypervisor, we just have you select the type of workload the virtual server is doing. In this case, you select XenApp. This option changes how XenServer deals with memory to align better with XenApp requirements. Now, when you look at XenServer Platinum the picture becomes even better with Provisioning Server. Without Provisioning Server you must still manage each virtual server as if it was a physical server. This is regardless if you are using XenServer, Hyper-V or even VMware. Provisioning Server lets you focus on the role and not the server. There are fewer roles in the data center than there are servers. Easier to manage and maintain, a huge savings if you ask me. And you did Q: what were your server specs for your example? A: The scalability testing completed with XenServer and XenApp were done on a Dell PowerEdge 1950 (1 Quad-core 1.6GHz, 8GB-16GB RAM). Q: What about users that are logged into an app, and the server is rebooted A: A physical server, virtual server or a server receiving the image from Provisioning Server, those users are disconnected and their sessions are gone. Now if the physical XenServer fails, the virtual XenApp servers can be moved to another XenServer, a feature we call XenMotion. In this circumstance, a user might see a slight pause in their session, all depends on the current situation. But the point is in this situation, the users session and data is intact. Q: You mentioned doing P2V of Citrix servers throughout your presentation. Are there any items to be aware of when doing this? Any resources to help with this process? A: Well, the first is an upcoming P2V tool that will let you convert a physical server to a virtual server for XenServer. If you only use XenServer and not Provisioning Server, the only other item is to set the optimization setting for the virtual server to Optimized for XenApp. This was discussed earlier in this blog. If you are also going to stream the system with Provisioning Server, you will want to build the "golden image" how you want it to be for each server. You then must run the integration utility, which will take care of all the other configuration items. If you want instructions on how to do the Provisioning Server aspect, take a look at the Implementation Guide identified at the beginning of this blog. Q: Did you use Provisioning Server w/ the test load, or just straight XenApp on XenServer? A: The scalability testing was just XenApp on XenServer. I can bet your next question will be what impact on scalability with Provisioning Server have. And might I say it is a great question if I do say so myself. Unfortunately, I'm not aware of any scalability testing that shows the impact to single server scalability with Provisioning Server. Q: How is XenApp rated on VMware ESX vs. on Provisioning Server on XenServer? A: Unfortunately, due to VMware's end user license agreement, we are not able to publish scalability numbers for VMware ESX. No one can except VMware. We did tests against a number of virtualization vendors and found that XenServer allowed roughly 70% more users than others when running 64Bit XenApp. Q: How large would a server image be with Provisioning Server? A: The size of the Provisioning Server virtual disk, which I call a role, can be pretty much any size. However, you don't want to go wild with the image size. If you create a 10GB image and a 100GB image, the 100GB image will take a lot longer to build and optimize, plus it will waste space and we are all trying to conserver power, space, cooling, etc. Q: What is the best client to use - PN, PNA or WI? A: You tell me Q: How can one discern how much RAM/CPU is being used on a daily basis? Does Access Suite Console give that info? (Am on PS 4.0 and use VMWare) A: Within the XenApp Access Management Console, you can generate reports for your XenApp servers to give you all kinds of information about the overall utilization of the servers. The reports are in the Report Center. Also, you can use Resource Manager or EdgeSight to get even more detailed information. Q: Is there a release date for the P2V tool? A: All I can tell you is the beta is expected soon. I would log onto MyCitrix and see if you can see it in the download section. Also, Roger Klorese has been blogging about the next version of XenServer (Project Orlando). I recommend taking a look at his blogs. Q: Is there a guideline for application roles that are not suited for XenServer virtualization? A: Hmmm, I'm trying to see if I can think of an application that is not suited for XenServer, but I'm having trouble. Before XenServer 4.1, I would have probably said XenApp due to the overhead, but now that the overhead has been drastically reduced, I can't say that anymore. Q: What file system do you recommend for the storage partitions on a NAS or SAN? (I think VMware has a proprietary clustered file system, Novell uses OCFSv2). A: This is what I love about XenServer and Citrix. You can use anything you want. NAS, SAN, NFS, iSCSI. If you already use something like NetApp, use it. If you use a SAN solution, use it for XenServer. Q: Nice to see how memory issues can be addressed with virtualization. What about CPU, network, and disk I/O being the bottleneck? A: Excellent question.
Q: is the benefit presented on this slide in the fact that Disaster recovery is improved by virtualizing? A: Disaster recovery is improved. With XenServer you can move a running virtual server to another XenServer. Provisioning Server also helps in the DR scenario as you can quickly re-provision systems to take on a new workload with a simple reboot. Q: You don't have to have 32-bit apps to run on 64-bit OS. That's where you get your scalability on XenApp A: True, you can continue to run your 32bit apps on a 32bit OS like Windows 2003. The problem is that you have a memory limit with 32bit OS. In more cases than not, you will max your RAM before you get close to maximizing your CPU. Q: We have XenApp 4.5 running on a dev/test environment in VMware. Session connection times seem to be slow for an app to open up. What kind of things should I be looking at to find the source of the problem outside of adding hardware to the VM. thanks! A: Well, first I would say try using XenServer (I know, I had to say it) Q: What technology are you using to determine user count? A: We are just performing scalability tests with tools like EdgeSight for Load Testing and then to get the metrics, we utilize perfmon counters and log files to analyze the results and make comparisons. Q: I'm a bit new to XenApp but your numbers for concurrent users seemed very high. If your Visio app is using 1Gb of RAM just for you, doesn't' that mean that a max of 15 people could use Visio on a XenApp server? A: In that example, yes. However, it all depends on the apps. For example, the scalability numbers I presented for roughly 300 concurrent users on a physical server were working with Excel only. This was used to determine overhead. Your concurrency numbers will vary based on workloads. The scalability numbers are meant to give you an idea of the XenServer overhead. Q: Another point is disk utilization... we are often disk bound A: Yes, disks can be a problem. Sure you can implement array controllers, use 15K RPM drives, but you are still relying on the local system to manage the file system. When you integrate with a SAN or a NAS type solution, those devices are optimized for file hosting. Optimization=Speed Q: I have already heard that you can not clone XenApp servers... where can I learn more about this? A: Read the Reference Architecture document identified at the beginning of this rather long blog. It talks about the Provisioning Server Integration Utility for XenApp. Q: How do you get 200 users in 4GB of RAM? A: By running Excel only. This workload is used to show the overhead impact between 64bit physical, virtual and 32bit. You workloads and your concurrency numbers will be different. This is to give you an idea of the expected overhead. I've actually seen other people get their XenApp servers into the upper 100s by using bigger applications than Excel. It all depends on the apps and users. That is the main problem with scalability tests, they only reflect a single type of workload and do not represent your environment. They are only meant to give you an idea of what the overhead is and comparisions against other products. Q: Any tool like ESX Ranger becoming available? A: ESX Ranger has many different features. I know you would be able to use something like Workflow Studio to help manage the environment from user-based, event-based or schedule-based triggers. As this product is still in beta, it is hard to tell what functionality and integrated components will be available at release. Q: Isn't XenServer only supported on 64-bit platforms? How then would we virtualize a 32-bit Server with your scenarios? A: XenServer is a 64bit hypervisor, but it can virtualize 32 and 64bit systems. Q: Did you reference a 32bit version of XenServer? A: XenServer only exists as 64bit. There is no 32bit code in the XenServer. Q: What about PAE on 32-bit systems? This allows more than 4gb of ram to be addressed. A: I wondered if someone was going to ask about that. Congratulations. You can use more than 4GB of RAM on a 32bit system, but there are a lot of things you must be aware of. Instead of making this blog even longer, I created another entry that discuss the PAE setting, which can be found here: Q: Why would you keep a backup data store if you can just motion it instead? A: In the event the live data store is corrupted and is unrecoverable. If it is, I hope you have a backup. Q: What are your thoughts on virtualizing Provisioning Server? A: The great answer, it depends. Virtualizing Provisioning Server will induce latency into the stream as it must go through a virtual network and then onto the physical network to the device. However, being able to hot-move the Provisioning Server to another server and easily add capacity makes virtualizing a very sound solution. I haven't seen any numbers yet as to what virtualizing Provisioning Server would do to the scalability. Q: Running published desktops. Can I virtualize these? A: Published desktops on XenApp, yes you can. If you are talking about XenDesktop, desktop virtualization, VDI, whatever else they call it these days, you can as well. In fact, Citrix XenDesktop is also based on the XenServer hypervisor. Thanks Daniel Homer Simpson Quote of the Blog "If you really want something in this life, you have to work for it. Now quiet, they're about to annouce the lottery numbers!"
2008/08/05
How Big is 32MB? Not So Fast...
How big is a 32MB hypervisor? Obviously, the size that's important is the memory footprint of the virtualization software when it's running. Apparently, 32MB is 415MB in size, based on the attached screenshot from VMware ESXi 3.5. This is a 4GB Dell 2950 -- one of the two models on which ESXi Installable is, er, installable. While there is one virtual machine created, it's powered off. And, as you see, it's consuming 415MB. Which is approximately 13 times 32MB.
Must be the New VMath™. EDIT: It's been pointed out that in the last few weeks, VMware has been explicit about changing the ambiguously-worded "footprint" to "disk footprint." This moves the discussion from the realm of the interesting-but-inaccurate (a tiny memory footprint might indeed have some advantages) to the level of a stunt, and an uninteresting one at that (I have a t-shirt with more than 32MB of memory -- the cost difference between the 32MB USB keys used for trade-show giveaways and the 1GB USB keys used for real distributions of XenServer Embedded and ESXi is of negligible impact to any real server platform). So, oops, and, so what.
2008/08/06
It's the iPhone ... Stupid !
Last changed: Dec 17, 2008 12:48 by Chris Fleck
Labels: iphone, ica, vdi, xenapp, xendesktop, grp-cto, cdn, team-executive-cto, xenapp, receiver, terminal services, nirvana smartphone, lang-eng A few of us were having a brainstorm session recently regarding the ICA client, mobility and device support, inevitably the discussion led to the topic of competing priorities, limited resources, and business cases. Al Granville ( sometimes affectionately referred to as the " suit " in the blogosphere ) is the Product Manager for the ICA client and has the enviable position of driving what features and functions get included ( and which ones don't ). Nowadays you can't talk about mobility without the topic of support for the iPhone and where that fits versus all the other priorities. If you also want Citrix iPhone support please place your vote and tell us your use case here. Typically this analysis means doing a market analysis, talking to customers and developing a business case comparing all the alternatives and determining the ROI. During this discussion however, Al made the profound statement that maybe in this situation the business case simply needs to say ... it's the iPhone.. Stupid ! This brings up a really interesting point that IT also seems to be dealing with lately, that is what is the value of new and "cool " and do you spend resources to enable these technologies. It could be the iPhone or it could be Web 2.0 collaboration tools or desktop video conferencing, whatever. Sometimes it's straight forward to put an ROI and business case together, however quantifying the value of "cool" is subjective at best. Apple as the best example has done a superb job proving that elegant design, user experience, and "cool " is a profitable business model. This certainly has proven to be the case in the consumer world, but it's also evident that this is impacting the business IT world as well, at least from the perspective of user expectations. I am interested to know if this phenomena is also impacting IT's decision process for implementing new projects.
How does your organization deal with all the new and cool user requests ?
XenServer "Orlando" High Availability
Last Monday I posted a video of the new [\~joels:/2008/08/04/XenServer "Orlando" Disaster Recovery] in our upcoming XenServer release. Today it's time to show another new functionality in XenServer "Orlando": High Availability.
2008/08/07
Upcoming XenServer Hyperic Webinar
Last changed: Aug 07, 2008 11:39 by Barry Flanagan
Labels: xenserver, virtualization, hyperic, webinar, xenserver, lang-eng Live Webinar: "Citrix & Hyperic: Best Practice for Successful Virtualization Systems Management"
Hyperic's enterprise-class management and monitoring software for the popular Citrix XenServer virtualization software provides users with a single view into their virtual and non-virtual infrastructure. Join Citrix and Hyperic for their upcoming webinar to learn more about this best practice solution for successful virtualization systems management. Reserve your space today, register here: https://www1.gotomeeting.com/register/999023087
2008/08/08
Kensho - Portability, Ubiquity... Now with Extra Freedom!
On July 15th, we at Citrix announced our work on Project Kensho, a set of tools that makes it easier to adopt the DMTF OVF (Open Virtual Machine Format) specification for virtual machine portability between different hypervisors and virtualization platforms. OVF will allow IT organizations and software developers to capture, deliver and import virtual machines in a common format; Kensho will make it easy to do so. This morning in my keynote at LinuxWorld I announcedthat the tools will not only be easy to use... but the core Kensho components will also be free, not only distributed at no cost ("free beer") but licensed under an open source license ("free speech") as well, to encourage open development and wider adoption. The free distribution of Kensho will include the export/import tools we've already talked about, making it easy for ISVs and IT to export any VMware, Hyper-V or XenServer virtual machines and to import them into XenServer and Hyper-V (VMware is shipping its own OVF import capability). The open availability of source code, and the right to extend it, will make it possible for other Xen implementations, other hypervisors, and even other non-hypervisor technologies to participate in, and benefit from, the OVF ecosystem. This will enable easier distribution, opening the floodgates for a vast pool of powerful and innovative apps and tools. As proliferation of both free and proprietary software in virtual machines grows, and users will benefit from increased portability, a greater number of technology choices, and reduced operational friction in selecting their platforms. For maximum flexibility and portability, Kensho will support all major virtual disk file formats -- including the Amazon Machine Image (AMI) format used in the Xen-based Amazon Elastic Compute Cloud (EC2). In addition to OVF support, the Kensho code will include a complete DMTF SVPC (System Virtualization, Partitioning and Clustering) CIM provider for Xen. This will extend the management options for implementations of Xen, including but not restricted to XenServer. We are on track to make the first tech preview available in September. Together, these capabilities released in Kensho will increase choice for users, and help remove some barriers. The candidate pool of servers that can benefit from virtualization is barely tapped. With the free availability of the Kensho technology, we're taking another step toward making virtualization fast, free, ubiquitous, and compatible.
Upcoming TechTalk Webinar - Implementing a Virtual Desktop Solution with Citrix XenDesktop
Last changed: Aug 08, 2008 09:05 by Daniel Feller
Labels: xendesktop, techtalk, architecture, lang-eng We have seen the materials, at a high-level, on how the XenDesktop solution fits together and the benefit it can provide. Are you interested in understanding more detail of the end-to-end solution? In this 60 minute webinar, I will provide you with a very quick overview of the complete solution and then spend the majority of the time discussing the different components, what they are for, how they work and how virtual desktops are managed by the solution. We will cover the integration of the following components:
It is sure to be a great time where we will all learn a lot. And I might even explain to you on how XenDesktop relates to a Simpsons episode. By the end of the webinar, we will all be able to understand the following song: Desktop Receiver connected to the Access Gateway, Access Gateway connected to the Web Interface, Web Interface connected to the XML Broker, XML Broker connected to the IMA Service, IMA service connected to the Data Collector, Data Collector connected to the Pool Service, Pool Service connected to the XenServer and that's how the whole thing works See you there and don't forget to register here. Daniel
Cheaters Beware
Last changed: Aug 08, 2008 16:32 by Sierra Hampton
Labels: exams, braindumps, cca, ccea, ccia, study, tests, answers, questions, security, team-education, citrix certifications, brain dumps, 1y0 259, xenapp exam, citrix education, lang-eng, nonspecific The views expressed here are mine alone and have not been authorized by, and do not necessarily reflect the views of, Citrix.  Last week, two of Citrix's peer IT certifying agencies, Cisco and Microsoft launched new exam security initiatives. Both, in an effort to combat the growing problem of test fraud and test theft, have implemented policies and programs to address this issue on a wide scale. The growing problem of exam security breaches has forced many players in IT certification to stand up and take notice. In this day and age, with the cost to develop quality examinations on the rise and the perceived value of certifications waning, it has become more critical that IT certification programs combat cheating and exam fraud from several different angles. As the Manager of Exam Development in Citrix Education, I have also focused more on exam security. Beginning last year, I focused more than ever on security measures by working with industry peers, security consultants, and exam delivery providers (Prometric and VUE) to tackle the growing problem of cheating. I have to admit that when I first began this process it felt like an unrealistic goal to tackle. The ever growing presence of brain dumps (those web sites that sell stolen exam content) is not easy to ignore. But to make matters worse, the attitudes of some towards the use of brain dumps and other forms of cheating just makes it that more difficult. In the last year I have had more opportunities than ever to meet and get to know Citrix certificants. What they have repeatedly stressed to me is how they want Citrix Education to do something about brain dumps; that they don't want just any Joe Administrator to get Citrix Certified; that they are sick and tired of meeting "paper certified" individuals who have no experience. So how do you eat an elephant? One bite at a time...... In 2007, Citrix Education started slowly by adopting a security plan. That security plan, addressed four areas: Detection of test theft and fraud Citrix Education conducts web patrolling efforts 24 hours a day world wide to identify brain dumps as well as violators of our exam policies. Once a site is detected, staff members and security professionals purchase, analyze, and verify that advertised content or information is indeed the intellectual property of Citrix. Based on the information gathered, I have been able to serve legal take down notices to websites and cease and desist letters. In addition to brain dumps and auction sites, I have also discovered candidates "discussing" exam content and "sharing" answers...you know in the interest of "knowledge being FREE". Candidates sharing exam content, is by the way, in direct violation to the NDA that all exam takers must accept before taking an exam. When initially kicking off the security initiative, I realized that many did NOT read this NDA before taking the exam. Kind of like a EULA, exam candidates see that NDA and simply scroll to the radio button marked "Yes, I agree." without ever considering what they have agreed to..... So Citrix Education adopted a Candidate Conduct Policy that had been widely used by our IT Peers . This policy http://www.citrixtraining.com/content/index.cfm/cgroup_id:48 basically outlines everything that candidates have done in the past that is classified as illegal behavior. Additional Citrix Education policies include a retake, beta exam, and special needs testing policies: http://www.citrixtraining.com/content/index.cfm/cgroup_id:38. A violation of any policy can result in a list of remedies including bans up to a year. The newest addition to exam policies is that of classifying results as indeterminate. Basically based on data forensics, our security consultants identify suspicious results and depending on the strength of the data, say a 1 in 10,000,000,000 chance of a specific result occurring, I can definitely with confidence conclude that a result is not sound and will invalidate those results. Once invalidated, a result will not count toward certification. After putting these policies and procedures in place it's been really interesting what I have found: Once people know someone is looking, they repent and cease with their misconduct. I hope our efforts will help Citrix Education begin to make a dent in the challenge of exam security. But I realize that a huge part of the problem is in the attitudes and lack of a universal understanding of what constitutes test theft and fraud. So my mission is simple, To educate Citrix Certification Candidates and Certificants on what constitutes cheating and how it impacts the value of the credential in an effort to maintain the integrity and validity of our certification programs. What I really hope to get out of this besides the above is a better understanding of our certified community. And as Citrix Education takes bite after bite of the elephant known as cheating....I can only hope that candidates and certificants worldwide will see the return to the value of certification.... The million dollar question is with all the buzz by Citrix and others on increased security initiatives, how will the cheaters respond? Sierra Hampton is the Manager of Exam Development and has worked at Citrix for 7 years.
2008/08/11
Green Day
No, I'm not talking about the band. I'm talking about August 27, "Power IT Down Day." Citrix, HP, and Intel have banded together to ask government and industry IT users to make a little change to their work habits on that day: when you leave work for the day, turn off your PCs, monitors and printers. (And unplug the transformers from the wall, too - no sense in letting them sit there even converting a little bit of power to keep devices in standby.) We're underscoring putting our money where our press release is by donating our savings to the American Red Cross of the National Capital area - putting our power savings to use bringing resources to those who might need them in an emergency. The potential for power savings goes beyond the power switch, of course. I visited a major Web 2.0 cloud the other day - I'm not naming names, but if you have 16-year-olds (or are one), it's a web-place they're likely to hang out a lot. Their service is powered by XenServer - all 4,000 servers of it. Can you think of a more critical workload than the entire user-facing end of a Web 2.0 service? (Maybe you'd have a few more favorite candidates, but your 16-year-old probably doesn't.) The levels of consolidation achieved, and the savings from dynamically deploying servers only when the load requires it, is driving power reductions that can power a small town. A real one, that is, not a virtual-reality one.
Save the Power - Save the World?
OK, the title is a little bit hyperbolic and owes more than a little bit to recent sci-fi television. But that's not to say the true importance is overstated. As announced today, Citrix, HP, and Intel have banded together to ask government and industry IT users to make a little change to their work habits on that day: when you leave work for the day, turn off your PCs, monitors and printers. And we're donating our own savings to the American Red Cross of the National Capital area, to put our power savings to use bringing resources to those who might need them in an emergency. When you go home from work on the 27th, think about what you've just done as a start. If powering off PCs and printers at night can yield savings, that got me thinking about other things IT can do to green up. Of course, my ideas started with the Citrix Virtualization spectrum. For example, instead of powerful PCs on every desktop, lighter-weight machines with XenApp hosted or streamed applications can save lots of power - and reduce management costs as well. And many users can take the next step - moving them to XenDesktop desktop virtualization will enable you to replace their PCs with low-power thin clients, or at least to remove the power-hungry disk drives from their systems. Moving the workloads to new, efficient servers in data centers with well-managed and predictable power requirements can yield further efficiency. What about server workloads? Consolidation based on XenServer virtualization can enable dramatically higher utilization, and savings in power, cooling, and real estate - did you know that for every dollar you spend to power a server, you spend as much as 80 cents cooling it?! The workload delivery capabilities of XenServer Platinum can deliver not only a dynamic one, but a greener one - reducing storage requirements by 90% or more, and eliminating even more of those spinning power-hogs. Looking forward, the future offers even greater savings, by taking advantage of the resources in the cloud to reduce your own company's investment in IT infrastructure and in the electricity that powers it. This isn't just a pipe-dream, it's a reality: Amazon's Elastic Compute Cloud (EC2) is powered by Xen, and the 10,000 Xen-powered servers in the cloud mean another 90,000 that don't need to be purchased, shipped (more fuel!), racked, provisioned, and managed. And let's not forget about the environmental impact at their end-of-life. Amazon's multi-megawatt savings can keep the lights on in a small town. Think of that times a hundred, or a thousand, as cloud computing becomes an even greater reality - powered by Xen. Remember: turn that PC off on the 27th... and see if you can't get a few ideas to turn on that light bulb over your head about green IT through virtualization.
GIS at Southwest Florida Water Management
Last changed: Jul 30, 2009 14:03 by Derek Thorslund
Labels: gis, graphics, xenapp, hdx, xenapp, geographic information systems, speedscreen progressive display, hdx 3d, hdx, progressive display, lang-eng Southwest Florida Water Management District is one of many Citrix XenApp customers using SpeedScreen Progressive Display to give remote users an excellent user experience when accessing a highly graphical application. On August 28th, Marc Versley (Lead System Administrator) and Axel Griner (Senior GIS Analyst) of Southwest Florida Water Management District will share insights into how they have configured their XenApp PS 4.5 system to deliver ESRI ArcGIS, an integrated system for authoring, serving and using geographic information. I'm really looking forward to this webinar as Marc and Axel are planning to give us an in-depth demonstration from both an admin and end user perspective, and share some valuable tips and tricks. So if you're interested in graphical application virtualization, I encourage you to register for this webinar, scheduled for August 28th at 2pm Eastern / 11am Pacific, and learn about this topic straight from a customer who has this technology running in their production environment. Derek Thorslund
2008/08/12
XenServer "Orlando" XenCenter GUI
Last changed: Aug 12, 2008 16:32 by Joel Stocker
Labels: xenserver, xencenter, orlando, beta, xenserver, lang-eng After the Disaster Recovery and High Availabilty videos I posted last week, it's time to show you some more changes in the upcoming XenServer release. This video is a GUI walktrough and will highlight the changes in the improved XenCenter which will ship with the XenServer "Orlando" release. For those who want this and the other videos in a slightly bigger format, please visit my page on the Citrix Video Tips site.
2008/08/13
Pass-Through authentication for PN Agent
I was going to enter this into the knowledge base and found that there are plenty of articles about PNAgent authentication troubleshooting. This information describes the authentication process for PN Agent. A better understanding of the authentication process can better assist you in troubleshooting an issue. Pass-Through authentication for PN Agent can operate in Kerberos and non-Kerberos mode.
Citrixblogger.org
From time to time it seems necessary to link Citrixblogger.org to the activities going on the main Citrix blog. Perhaps it would make more sense to deploy the posts to both sites. At this point it seems more friendly to post once and then refer to the posts from here. Here is a list of the 10 most recent posts: Session Recovery Idea 422 The most topical is "Server Based Computing versus Virtual Desktop Infrastructure". The overall focus is shifting more to issues related to virtualization and potential trends and ideas. The posts on this server related to me in the past (officially 150) are mostly small clips of the original. The old blog site here would only copy the first few lines with a link to citrite.org. Citrite.org is now gone. This means the only way to get the full details is to manually match the post clips with posts on Citrixblogger.org. It would make sense that most people would not bother. At Citrixblogger.org there are now more than 250 posts to scan through. It is very difficult to summarize what people find the most interesting over there. Typically people are searching for help with Citrix issues (like COM ports, and the clipboard) or they want more information about aspects of XenDesktop. In September it will be two years since blogging began at Citrix. As most people have noticed, I've really enjoyed it. The running joke is that if I learn something new, I'm likely to blog about it. Truthfully that was more true towards the beginning than now. Blogging opened some new experiences including the invitation to BriForum 2008 in Chicago. It was well worth it and proved that the extended Citrix community is really healthy with some incredibly bright advocates and presenters. Thanks to Citrix for making this possible and also thanks for the words of encouragement over the last two years.
GoToMeeting VoIP Audio Best Practices - Lessons Learned
Wanting to eat our own dog food and wash it down with a big tumbler of kool-aid, my team recently held a meeting of nationally dispersed attendees and used the GoToMeeting VoIP features. I'm not kidding when I say I haven't heard that much reverb, distortion and echo since the last time I listened to "The Piper at the Gates of Dawn." As our first attempt, we spent quite a bit of time complaining to each other about the sound quality and asking each other to place our devices on mute. By the way, did you know that the default setting in the GoToMeeting preferences is to always save chat logs? The following is an extract of the recorded GoToMeeting chat that occurred. Names have been changed to protect the innocent. B (to All - Entire Audience): the voice quality is terrible I don't have specific stats yet as to how many people were on "regular" phones vs. using computer mics, but judging on the icons in the attendee list it was a nice enough mix of what one would probably reasonably encounter in this scenario at other companies. Now, I'm used to using our stuff before it's released and dealing with the intricacies of things that don't quite work yet, but in this case it's not the application - it's the settings. In this case it's just a matter of understanding that one-size does not always fit all. Turns out if we had done a little pre-meeting training and all made some quick and easy settings adjustments to our individual GoToMeeting installations, we could have had a much more satisfactory experience. When in doubt, read the friendly manualIf you've experienced similar issues or haven't tried this feature yet, there's a good article in the GoToMeeting online help to mitigate this - GoToMeeting VoIP Audio Best PracticesFirst, what device are you planning to use? Check out the chart in the link above for recommendations. A USB headset connected to your computer will offer the best quality experience, while using your laptop's built-in microphone and speakers will give you a poor experience, especially if your mic is picking up what's coming out of your speakers - echo city. And here's an additional excerpt that may help:
I strongly recommend that you read the rest of this article, consider using a USB headset and adjust your microphone and speakers settings before joining your next GoToMeeting VoIP call for a much better experience. If all else fails, the meeting organizer can mute/unmute all participants by selecting *5 Have a happy meeting!
Internals of XenApp's Health Monitoring and Recovery (a.k.a. Health Assistant) feature
Last changed: Aug 13, 2008 17:11 by Sridhar Mullapudi
Labels: xenapp, xenapp, terminal services, health monitoring and recovery, health assistant, black hole, presentation server, lang-eng Since I blogged about Health Monitoring and Recovery (a.k.a. Health Assistant) feature of XenApp, I received several requests on the internals of the 10 test packs. So, here you go.
This test detects failures (typically external to XenApp) that cause users to rapidly logoff the system and potentially create a black hole in the farm. The test will monitor logons and logoffs to a XenApp server. If logoffs are rapid and consistent, the test will throw an error condition.
This test has the following three unique parameters that must be updated through command line arguments. These arguments can be managed centrally using the Access Management Console.
This test enumerates the list of sessions running on the server and queries session information (such as user name). It is similar in functionality to the "quser" utility. The test communicates directly with Terminal Services by using the "WTSEnumerateSessions" API call.
The IMA test queries the IMA service to ensure that it is up and running by performing an app enumeration on the IMA service. It uses an internal API call to enumerate the applications.
This test queries the Citrix XML service on the local machine. The service responds with XML data that includes a XenApp ticket. This ticket is checked for validity. If the ticket check fails or if a server/port fails to respond to the request (e.g. a socket timeout occurs) the test returns an error. This test communicates directly with the XML service through a TCP socket via the Winsock API.
The Print Spooler test attempts to ensure MS printer spooler reliability. It will enumerate printers on the local server, enumerate printer drivers and printer processors using Microsoft Windows APIs. Exercising these tasks is fundamental to ensure that the MS printer service is running smoothly. The reason we enumerate these three different items is because enumerating just printers may not give us any information as we will only be able to enumerate printers that an administrator gives Local Service permission to read. However, drivers and processors can be enumerated by Local Service.
This test is responsible for ensuring that the Citrix Print Manager service is operating properly. The Citrix Print Service test calls internal APIs to ensure reliability. Specifically, the test will use RPC to call Citrix Print Manager service to enumerate all printers on the local machine. If enumeration does not complete successfully the test will throw an error condition.
By default this test will run a forward DNS lookup that is guaranteed to go over the wire to the local machine's DNS server. Optionally, users may run a reverse DNS lookup. For either test, we gather the locally configured information and then make a DNS query to compare the results. The forward DNS lookup will gather the IPv4 address of the local machine from the installed NICs. The test will then make a DNS query based on the locally configured hostname and compare the resulting IP address to the one we grabbed locally. If these two IP addresses do not match, the forward DNS lookup will throw an error. The reverse DNS lookup will gather the hostname from the local machine. It will also take the locally configured IPv4 address. Using the local address, it will convert it to the reverse DNS address and query for the hostname. The test will then compare the resulting hostname with the one it originally queried from the local machine. The reverse DNS look up will not be set to run by default as many organizations neglect configuring this and which may lead to false negatives. Successful completion of this test will ensure DNS is working properly on the local server.
The responsibility of the ICA Listener Test is to ensure clients can make a successful connection to the local server via the ICA protocol. We will validate this functionality by pinging the ICA listener and monitoring the response. When idle, the ICA listener emits the text "ICA". By looking for these characters we can verify that the ICA listener is in a good state.
The Check XML Threads test will run as a monitor test. This means that we will look for unwanted behavior over a period of time. The Check XML Threads test will look for too many XML worker threads to be running for a prolonged time period. By default we set this time to be one minute. If the test determines that the worker threads are past the default threshold of 10 threads for over a minute this will indicate that the XML service is being stressed too much. The administrator may wish to add an extra server to handle some of the load. When the threshold is met, the corrective action will execute. This test aims to monitor XML service trafic load. When the service is overloaded, Web Interface connections will suffer. This test will alert administrators that they may need to address XML performance. This test will make use of a new performance counter that we added with the test pack. The performance counter will measure the number of active worker threads running in the XML service. There were recent changes made to the XML service where worker threads are not killed when they are done being used. Instead, they are kept alive but are made idle. This change was made to improve performance. However, the old performance counter still reflects the total number of worker threads. This value is not what we are interested in because there may exist worker threads that are idle. With data from the new performance counter, the test will simply poll the counter for the number of worker threads that are actually doing work.
The Check LHC test is responsible for recognizing and responding to LHC corruptions and inconsistencies on the local machine that could result from stale data left when removing a server and/or published app. LHC corruption refers to compromised integrity of LHC object(s). The test will check what the object size should be versus the actual size of the object. LHC inconsistencies occur when there are duplicate entries or when entries do not match the datastore objects. To verify inconsistencies we focus on four contexts: MfServer, CommonServer, MfApp, and CommonApp. If we detect an error when running these checks, we perform an LHC refresh. After the refresh is complete, we check the integrity and consistency to ensure that the problem has been resolved. If the problem persists, the administrator configured corrective action will be executed.
2008/08/14
So Mr. ISV, does your app work with Citrix?
How many times have you had an ISV come into your shop pushing their new solution, and you ask them if it works with Citrix? How many times did you get a blank stare or a reply stating that they don't know because they don't have a Citrix lab environment or that it's too hard to setup. We'll now there's no excuse. MyCitrixLab is now up and running and available to ISV vendors to use to verify that their application works with XenApp, Citrix Access Essentials and XenServer. MyCitrixLab is an online virtual lab environment available to all Citrix ecosystem partners, and becoming a Citrix Alliance partner at the Citrix Technology Member level is free. More details on the MyCitrixLab configurations can be found at http://community.citrix.com/pages/viewpage.action?pageId=29851667 All the ISV needs to do is schedule lab time and make sure they have the basics covered by following the Citrix Ready test scipts before they approach you with their pitch. So the next time an new ISV partner comes knocking and they state they don't know if their app is compatible with Citrix, or that setting up a Citrix environment is too hard, give them 3 quick pieces of advice: - Sign up for free as a Citrix Alliance Partner from the partner section on citrix.com at http://www.citrix.com/English/partners/programs/thirdlevel.asp?programID=1681660&tlID=23443 - Have them verify their solution using http://MyCitrixLab.com which is free to Citrix Alliance partners - Become Citrix Ready Then they can come back and explain why their solution is a good fit with your Citrix deployment. Why should you need to do the basic compatibility testing for them?
Autodesk - Upgrade AutoCAD customers to "Citrix Ready" AutoCAD Map 3D
If you have an AutoCAD customer, who wants to deliver AutoCAD on XenApp, they now can upgrade to AutoCAD Map 3D, which is part of the "Citrix Ready" program. AutoCAD Map 3D 2009 software contains all the features and functionality of AutoCAD 2009, which is automatically installed when you install AutoCAD Map 3D 2009. Please find below a compilation of those most frequently asked questions about the partnership and the combined technologies. 1. What are the benefits of deploying AutoCAD Map 3D on Citrix XenApp?
2. Are other AutoCAD 2009 platform--based applications available that are Citrix Ready?
3. How does AutoCAD Map 3D performance in a Citrix environment compare to AutoCAD Map 3D installed in a stand-alone environment? Performance of AutoCAD Map 3D 2009 on Citrix technology varies by task. The following guidelines are typical of applications deployed using Citrix technology.
4. Can I customize the AutoCAD Map 3D user interface differently for individual users in a Citrix deployment?
5. Where can I purchase a Citrix Ready version of AutoCAD Map 3D?
6. Can I try AutoCAD Map 3D 2009 software before I buy it?
Note: The trial version of AutoCAD Map 3D software allows only 7. How is Citrix Ready AutoCAD Map 3D 2009 software licensed?
For more information please refer to our co-branded microsite, www.citrixandautodesk.com
Understanding Inter-Isolation Communciation
You will soon have this tool called "Inter-Isolation Communication". Great! What do I do with it? Answer: You have less points of maintenance for Application Streaming while retaining isolation and centralized updates. Example scenario: 1 Big app + 1 small addition = single thing you want to publish. Lets call the big application "MS Office" because everyone knows that MS Office is big. Its also a convenient example because there are numerous add-on programs that install "on top of" the base application. Let's also assume that you have different "add-ons" to install for the different groups that you support. Everyone uses "big app", but they all use it differently based on their job function. To get this to show the power of single point of maintenance, we're going to say that you have a really big shop that has 10 different deriveratives of "big app" that you have to publish. Back-step: I ran out of job titles, so we're gonig to use 5 different deriveratives! The groups:
NOW - Each of these groups has different requirements for add-ons. You as the administrator install the base "big app" and then install the add-on and then you store the application away where folks of that group can access it. Before Isolation and Streaming, you create a MSI that gets pushed down to end user machines with the correct package set for that user. With Isolation and Streaming, you still use the MSI, but you instead use it to create a centralized profile. With Streaming, but before IIC, what did you have? Answer: 5 different installation images for MS Office where each was really MS Office + some other installer. If you want to update the add-on installation, no problem, you update your profile and store it - the streaming system then kicks in to get the profile update out to all your users. Great. BUT! What if you want to update "big app"? In the App Streaming or (insert other streaming system here), you now have 5 points of maintenance compared to 1 when the application could be locally installed. Notice that this is a univeral problem to all application isolation systems. Streaming and Isolation are great! Centralized publishing, isolation, resolution of DLL Hell and a variety of other good things. BUT if you have 5 points of maintenance on "big app", then that rather reduces the value of going to streaming. Inter Isolation Communication gets Streaming back on the same maintenance foot print with locally installed. With IIC, you have only 1 instance of "big app" and you also have 5 profiles of deriveratives of "big app". Interestingly, the applications you are interested in running are all from "big app", but the profile you publish from will be "sales on top of big app.profile" and "execs on top of big app.profile". Inter-Isolation Communication will RUNTIME MERGE the profile for big app with the deriverative profile and this is why it is so important. A single update to "big app" will immediately benefit ALL of the derived profiles. This makes maintenance just as easy as locally installed, while retaining isolation! Great stuff. A studious reader will notice that IIC to some degree also brings back some of the issues that isoaltion is intended to make go away. True. Its rather a balancing act. In the first releases of Application Streaming, we had isoaltion on the brain and when no other decision exists, we isolate! This isn't always what the administrator wants. The admin wants to isolate the isolated application from the system and they want to isolate the isolated application from other applications, but they do not want to isolate "big app" from "addition to big app". The later is "known to work" with big app and this is how the IIC subsystem runs the apps. Big app and addition to big app run in the same isoaltion space - but they are still separetly cached and they are maintained in their separate profiles. Is DLL Hell back Yes! You can control it though. Given that two profiles linked at runtime both have a single DLL and that the order of installation of the linked profiles MATTERS! Then there exists a scenario where defining a link relationship between apps can expose a DLL Hell dependency. The 1.2 Streaming Profiler allows control of this on the page where the relationship between linked profiles is defined. Here's a picture.
Notice the "Move up" and "Move down" buttons on the right. When a sub-profile is selected on the left, its position in the isolation stack can be adjusted. Using the layers of glass analogy, the higher profile in the GUI is the highest layer of glass. That means that IT WINS compared to lower profiles. If DLL Hell is detected, you could just erase the offending file from a higher level profile and let the lower level shine through - you can also adjust the relative position of the isoaltion layers to have the same effect. This GUI is where that configuration occurs. IIC will be a powerful tool in the XenApp adminstrators toolbox. I expect to be surprised at how it is put to use. Happy Streaming! Joe Nord, Product Architect - Application Streaming, Citrix Systems
Autodesk - "Citrix Ready" AutoCAD Map 3D Upcoming Events & Materials
With our global marketing campaign in full force and the co-branded microsite in place we are still developing sales and marketing assets to aide both end-customers and Citrix/Autodesk sales teams. Below is a list of upcoming marketing events, enhancements to the microsite, and sales/technical whitepapers that are in development; Marketing Events October 1, 2008 - Webinar - Federal Government Focus
Co-branded Microsite Test Drive Map 3D on XenApp
White Papers Performance / Scalability / Bandwidth Analysis document
ROI Analysis
2008/08/15
High Performance Citrix meets Number 1 Web Filter
Last changed: Sep 02, 2008 14:23 by Craig Ellrod
Labels: antivirus, hybrid, iprism, stbernard, eprism, proxy, bridge, netscaler, appexpert, apptips, tips, appdos, appfw, rnat, ssl, rewrite, client-ip, x-forwarded-for, apache, iis, headers, netscaler, number 1 web filter, web filter, web filters, web filtering, url filtering, internet filter, website filter, content filter, content filtering, im filter, p2p filter, im filtering, p2p filtering, email filter, email filtering, transparent proxy, citrix ready, security switch, application firewall, app firewall, website firewall, spam firewall, ssl offload, ssl vpn, content rewrite, external url, internal url, home page redirect, apache rewrite, server obfuscation, application obfuscation, http header, citrix web filter, lang-eng The #1 Web Filter by St.Bernard is now Citrix Ready. The Highest Performance Web Application Solution from Citrix Systems can now be deployed with the the #1 Web Filter by St. Berdard. IDC ranked them #1, SC Magazine gives them high ratings, and you will agree when you plug this thing in. The Citrix Web Application Firewall protects inbound traffic destined to Web and Application Servers without degrading throughput or response time. Now, with St.Bernard's iPrism h-Series high performance appliances, you can also do outbound Web filtering, IM/P2P filtering, and antivirus detection. The iPrism Web Filter is optimized for the datacenter infrastructure and sits behind the firewall while it monitors traffic. St. Bernard's platforms are hybrid so that Web filtering, antivirus and IM/P2P filtering are all contained within one box - unlike other point solutions. St.Bernard's iPrism Web Filter is easy to use and easy to manage. If fact, it's so easy, we had the device up and running in Proxy mode and then in Bridge mode in a matter of seconds. The management software auto-discovers the box, so you don't have to plug in a console cable - very nice! It is far better than a transparent proxy because St.Bernard has engineered their filtering technology at the kernel level, so their bridge mode really is a bridge between interfaces, and not just a transparent proxy like other solutions in the market. We deployed the iPrism Web Filter behind our NetScaler, and had the NetScaler perform NAT (Reverse NAT) for outbound connections to the Internet. The iPrism Web Filter adds another level of security that IT organizations sometimes look for to complement their existing base of high-performance Citrix Gear.
How do I update my base images in XenDesktop?
XenDesktop offers a powerful way to update all virtual desktops just by updating your shared base image. Most of this functionality is provided via the Provisioning Server component of XenDesktop. Some storage vendors offer significant storage savings for saving multiple copies of the base Provisioning Server vDisk image. For background information on XenDesktop please refer to the XenDesktop Getting Started Guide or related documentation. Listed below are the steps required to update a Provisioning Server vDisk image for use with XenDesktop. This common vDisk image is shared across all virtual desktops in a XenDesktop desktop group. Each virtual desktop OS image is identical when the virtual desktop is started. During boot the virtual desktop is customized for that virtual desktop VM by changing items such as the hostname. When the user logs in their profile is applied and they are authenticated to the XenApp for virtual desktops component that gives them access to their authorized applications. The "writes" for each virtual desktop are stored in a separate write back cache for each virtual desktop. This write back cache can be stored on the same storage device where the base vDisk image is located or on a virtual hard disk for each virtual desktop VM. Since each virtual desktop boots using the same clean PVS vDisk how would you handle any needed updates such as patches? The answer is to create a new version of the PVS vDisk that you will update and then assign that new vDisk to all the virtual desktops in the desktop group. To accomplish this perform the following steps in the Provisioning Server (PVS) console in XenDesktop.
These are all the steps to update your base image. Some storage vendors offer functionality to improve upon storage utilization and also allow for faster cloning. For example data deduplication can be used on the vDisk repository so that only the differences between different version of the base vDisk images are stored. Some storage vendors such as NetApp will soon allow for file level cloning which will be more effective for quickly cloning a base vDisk image. So when you create a file copy it would be nearly instantaneous and use almost no additional storage. This differs from data deduplication because in this case each block in the base vDisk image would first need to be copied and you will need to take time and hard disk throughput to perform the data deduplication to get the storage savings. For additional information please refer to the new XenDesktop CDN site.
AppExpert is now NetScaler Developer Network
Last changed: Aug 15, 2008 18:26 by Craig Ellrod
Labels: appexpert, netscaler, apptips, tips, netscaler, netscaler developer network, lang-eng AppExpert is now a useful tag used by Citrix Systems, Inc., to qualify articles and content on the web as that which pertains to the art of delivering applications to an end user. Becoming an "Application Expert" is not only an art, but as with anything else in the internet industry, takes time to learn. Becoming an Application Expert and using the knowledge takes time, drive and patience. In an effort to make this art easier, Citrix embarked on a series of product enhancements targeted toward the Application Expert, which started with the use of the NetScaler Policy Engine. The first in many enhancements directed toward making application delivery easier for the individual using the product. Other product nomenclature was created for other features such as "AppCompress" and "AppCache", but "AppExpert" seemed to stick and a community website was born to promote the development of policies and expressions used in the course of business on the NetScaler at customer sites, by partners and in the labs at Citrix Systems. The concept of the community site grew with favor as a much needed interactive forum for the exchange of ideas, policies, blogs, video tips and information to expand the knowledge of those using the Citrix products. Thus, the AppExpert community site was born to express this direction of growth in knowledge. In an effort to create a community site that is both practical and useful for our customers, and in keeping aligned with the principles of ease of use and name recognition, the community site formerly named "AppExpert", has been renamed to "NetScaler Developer Network" to allow for a more easier fit among other Citrix product lines, as the Citrix community continues to grow.
Welcome to Citrix Community 2.0
Labels: netscaler, cdn, team-executive-cto, workflow-studio, xenapp, xendesktop, xenserver, nonspecific, lang-eng
Welcome to my blog! I've been at Citrix for about 6 months now and my team and I have been hard at work to bring you the revamped Citrix Community site. I'm calling this version of the site "Citrix Community 2.0" to emphasize the fact that it's a new version of the site and that the site incorporates many of the Web 2.0/Enterprise 2.0 technologies that you see written or filmed about so often in the media. I tend to think that a lot of Web 2.0 is overhyped (are there really this many Web 2.0 companies??), but I found this definition that I really like "Web 2.0 is linking people...people sharing, trading, and collaborating" If you have 4 minutes, I really suggest checking out the video - plus it's got a great soundtrack. The whole purpose of updating our site is to really allow people with an interest in virtualization and application delivery to share and learn ideas. In fact, you'll see our tagline is "Discover, Connect, Participate". The new site allows you to all of that and more! So, let's get down to the details. What is new about the site? The Citrix Community site is a new multi-media, launching pad to reach your favorite Citrix communities. It is the location to discover what is hot around application delivery and virtualization; connect with Citrix product teams, customers and industry pundits; and participate through sharing of opinions, thoughts and knowledge in blogs, forums and code sharing. New capabilities include better description and easier navigation to Citrix communities, ties to our extended communities in the industry (Hello Citrix CTPs!), enhanced multi-media/video support and real time blog feeds from across the blogosphere, all on a completely redesigned look and feel. In addition, we have made it easier for Citrites (that's what we call ourselves) and non-Citrites (that would be you!) to participate and create content. Check out our Video Tip Factory if you don't believe me. Of course, one of the key communities is the Citrix Developer Network, which has undergone quite a dramatic change itself... The Citrix Developer Network is the place for open, unfiltered, straight talk on Citrix products. The goal of the Citrix Developer Network is to provide access to technical information for all aspects of our community, from Network Architects to IT Professionals, to Data Center Architects to Developers. Based on your requests, forum posts and support calls, we have expanded the products covered, while simplifying access to the information. We now have specific Developer Networks for XenApp, XenDesktop, NetScaler, XenServer and one of our newest (and coolest) products, Workflow Studio. Interested in multiple products? Never fear, due to tagging technology, blogs, discussion and content relevant to multiple products will be available wherever relevant (example, server virtualization is key to both XenServer and XenDesktop). New capabilities available in per-product flavors include RSS feeds for our forums (I know, duh - this should have been there long ago), best practices pages, multi-media centers, wiki articles, code snippets and SDK examples. Last but not least, the Citrix Blogs platform has some simple to use, yet powerful enhancements, including "window shade" views of blogs to allow you to see more content in less real estate and the simplification of our group blogs to ensure you can find the content you are looking for. Today's launch of the revamped Citrix Community site is the first phase of multiple updates occurring in the next few months. It is the result of a lot of hard work from the team, but also from the community. Many of the changes and planned changes come directly from you, our community. We are not done yet and I hope you aren't either. Please provide us feedback in the forms of responses to this blog, emails, or better yet post a video. Thanks for taking the time to check out the new Citrix Community site... and I have one last request... Discover, Connect, Participate John
2008/08/18
If it's so great why doesn't everybody do it ?
Last changed: Aug 18, 2008 12:17 by Chris Fleck
Labels: grp-cto, team-executive-cto, lang-eng, nonspecific A somewhat frequent conversation I seem to have with new acquaintance's not familiar with our industry often turns to a discussion of " what does Citrix do ? " After a brief elevator pitch on fast app delivery, centralization, security, and minimizing the need to install apps, etc, there is typically a point that they can relate to in their own situation. It may be a failed hard drive, a desire to work from different devices or locations, or the frustration of waiting for IT to come fix their PC. You can tell when the light bulb goes on and they start to envision being able to utilize the benefits of what Citrix ( and our community ) could provide for themselves or their company. If the discussion goes further a common question comes up that goes something like " If it's so great , why doesn't every company do this ? " sometimes followed by, why is Citrix only a $ 1.5 Billion company ? why not a lot more ? These are some of the objections I have heard along the way as to why more companies don't adopt Citrix, or the concept of App Delivery on a broader more strategic scale. What is the top objection you hear about ( beyond initial cost ) ?
Others ?
Citrix Fast Launch, Take 2
Last changed: Aug 18, 2008 15:00 by Gus Pinto
Labels: xenapp, architecture, cdn, xenapp, citrix fast launch, citrix xenapp, terminal services, lang-eng Back in april I stumbled upon and brought forward a nice finding on our internal showcase farm, an application named ICAPipe later renamed to Citrix Fast Launch. I posted some demos and an interview with the creators of the tool, shortly after announced that we had the intent of releasing the app as a utility on CDN with forum support. As you probably know, it's been 2 months and the utility has not being released, and the reason why, is very simple. The demand this app has generated was tremendous, but despite of the community demand, many customers would not be able to take advantage of this app simply because it's not officially supported, therefore making it not suitable for production environments. We were set with a dilemma, release the app anyways, assuming web support would suffice or review our release process and attempt to sneak CFL in the XenApp product roadmap. I can tell you that in the meantime we've been putting the app thru many tests, while identifying the scenarios users could benefit from it, and at the same time, talking to our engineering group trying to lockdown a possible target for this application to be introduced as part of our product. Of course, there is no guarantee Citrix Fast Launch will be included in the future, however one thing is certain, you as customers can influence these decisions, helping us identify where does faster launch times fit on your list of priorities. With that been said, here are some questions for you...
Make your vote count, and we encourage your comments and feedback.
Support Forums Upgrade
Last changed: Aug 18, 2008 16:30 by Monica Leggoe
Labels: forums, web-services, knowledge center, support forums, lang-eng, nonspecific The Knowledge Center Support Forums have undergone some major changes that include a new look and enhanced functionality. As part of the upgrade, we made sure to keep all of the good stuff. Previous forum posts have all been migrated as well as user IDs, watches and previously earned reward points. Here is a summary of the major enhancements:
Thanks and enjoy.
Virtualization Congress 2008 is coming, Citrix will be there!
Last changed: Aug 18, 2008 19:39 by Gus Pinto
Labels: community, events, virtualization, lang-eng, nonspecific This is the very first edition of a highly buzzed virtualization event held in London, UK, from Oct 14 to 16. The event is three days long: first day (Oct. 14) is dedicated for distributors and resellers, second and third day are for the attendees. But wait a minute. Another trade show? The answer is, Not really! So what makes Virtualization Congress special, VC is shaping up to be a truly unconventional conference.
Never mind the level of expertise attending the conference: Simon Crosby, Mark Russinoivch, Richard Garsthangen, Scott Herold and many others. Citrix as usual will be there supporting the conference as a platinum sponsor and deliverying the keynote, you will be able to interact with our top experts and product specialists, so feel free to stop by our booth and say hi to myself, Simon, and others. Anything else? Yes. Citrix Certified individuals (CCA, CCEA, CCIA) will receive an amazing discount to sign-up for the conference, an amazing 25% off the regular price or $400 US dollars for a pass. *Details coming soon, stay tuned. I'm looking forward to this event and I have here a video invite from Simon to share with all. In the meantime you can check out the following links for more information. See you in London. best,
Coming soon - the latest release of XenApp!
Last changed: Aug 18, 2008 20:55 by Sridhar Mullapudi
Labels: xenapp, delaware, xendesktop, xenserver, netscaler, xenapp, terminal services, citrix delivery center, lang-eng Get an in-depth look at the upcoming XenApp release in our first Citrix Delivery Center Live virtual event. Attend keynote sessions with live Q&A, chat live with Citrix product experts, participate in forums, network with other attendees, visit the expo hall, view content online and download information. Think of this event as a virtual Synergy for XenApp. Register for this worldwide virtual event happening on September 9th 2008. This event will explore the following topics • How XenApp liberates applications and the end user
2008/08/19
What's in a Wordle?
Well, according to the creator of Wordle: Wordle is a toy for generating "word clouds" from text that you provide. The clouds give greater prominence to words that appear more frequently in the source text. You can tweak your clouds with different fonts, layouts, and color schemes. The images you create with Wordle are yours to use however you like. You can print them out, or save them to the Wordle gallery to share with your friends. This is a snapshot of the Citrix Blog Wordle on 2008-08-19:
Utility Imports-Exports your Published Apps
Labels: community, utility, utilities, xenapp, citrix, cdn, xenapp, community apps, citrix xenapp, lang-eng
In the age where Agua or Aero-glass interfaces are somewhat as important as the underlining kernel, same rules have been applying to Scripts and utilities, after all not everyone wants to be using complex scripts and endless command-line combinations. For those who are not so keen on Scripts and CLI, our French friend Pierre Marmignon created an app that doesn't solve a new problem, but tackles it more elegantly. Pierre has created an GUI app that (bulk) imports/exports all your published applications. XenApp Export Manager Author: Pierre Marmignon | Citrixtools.net
Application Isolation - What does that really mean?
Running applications under isolation can solve many problems; the registry and file system no longer conflict with other applications. Great. What does it really mean to run an application isolated? This post will bring some clarity and also provide insight into how the Application Streaming isolation system works. Let's start with the definition of a sandbox. Call it a sandbox, call it a bubble, call it an isolation space, its all pretty much the same goal. How can I run an application without it doing things that I don't want it to do. How can I let that application do ANYTHING it wants to do, but have its bad behavior not really occur? Answer: I let the application play and do anything it wants so long as it doesn't leave the isolation sandbox. Play, play, but so long as you don't leave the confines of the sandbox, I know you're pretty safe. Operating system theory 101: What is a process? A process is an entity that holds things associated with running some program. Generally, this is a holder for allocated memory and allocated threads. Memory is pretty easy. A thread is a something that the operating system knows how to "run". In more techno jargon, a thread is something that can be scheduled to run on the CPU. A single process commonly has multiple threads and each thread can allocate memory. Since the memory is technically tied to the PROCESS rather than the thread, all threads in that process can see any memory allocated by any of the threads. Okay, booring - I know all that already. What is a sandbox? A sandbox is a layer of abstraction on top of a process. A Sandbox is a collection of processes and a set of RULES which control what the kids are allowed to do in the sandbox. Example, digging, okay. Dumping your drink into the sand, okay, the carpet inside the home is safe. Hitting your brother in the ear with a rock, NOT okay. Oh wait, wrong sandbox. A sandbox is the thing that the isolation space uses to keep track of all the ISOLATED processes on the machine. We over-dramatize this. An isolated process is just like a normal processes, except is isn't generally allowed out of the sandbox. Put your file system programmer hat on for a moment. A disk operation comes wondering by your code and this is the place were you do isolation stuff. What do you do with this operation? Questions you ask yourself: Do I care about this disk operation? The answer is almost always no. How to decide? Answer: Process ID. Conveniently, it is a "given" with all disk activity. Filtering code looks up the process ID in its list of sandboxes (an in memory B-Tree if anyone wants particulars). Most of the time, none found and the disk operation proceeds along its merry way without being messed with. Occasionally though - and always for the isolated process - the disk filter says WOW! I got a live one and goes to work. With a hit, it knows which "sandbox" this process is part of and with that, it knows what isolation rules govern the operation of this disk operation. Notice that threads are not part of the equation. It is the process membership that governs isolation. What is a "rule"? On receiving a disk operation that it wants to filter - the filtering code has to decide what to do with it. Which isolation rule should be applied. Here, the file/path or registry key/item is looked up in a list of rules that are part of the sandbox (more in memory B-Trees). Eventually, the code identifies the "deepest" rule that effects this thing and then uses that to complete the disk/registry operation. Technically, the isolation code doesn't complete anything, it just modifies the original file/reg request and sends it back down the path to work on places other than where it was to work before. What kinds of rules are there? Isolate - They wanted to mess with \Windows; instead have them mess with \VerySafePlace\Windows. Stay in the BOX! Ignore - They wanted to mess with %TMP%. I don't really care what they do to %TMP%. Push it on with no modification. Redirect - They wanted to mess with "\Documents and settings", instead send them to \Users. Oh, wait, that's Vista. Same stuff. Strictly isolate - Clearly the neatest of all the rules. The Strictly Isolate rules are new to Application Streaming - didn't exist in AIE. The application wanted to mess with "\Program Files\Co Name\App name" and that directory didn't exist at time profiling started, so from the view of the application at runtime, the only content that directory has is the stuff that the installation program added during profiling. In the layers of glass analogy, the bottom layer (the physical layer) disappears. These are added authomatically by the Streaming Profiler during that "finalizing your profile" step. As the admin, you can add them too though this usually is not needed if the profiling machine was relatively clean at the start. EVERYTHING ABOVE HAPPENS FOR THE REGISTRY TOO Registry is a bit easier though - or harder - depends how you look at it. The registrying hooking is all done at application level and here, the isolation system is only involved with isolated processes and always "knows" which set of rules effect it. It is PART OF the isolated process, so looking things up is a given. Who are your ancestors? Among the neater things of managing sandboxes is keeping track of the process list. Everyone is used to the idea that launching an application creates a process; what they are not used to is that the started process starts other processes; kills itself; the children then mingle with other processes and start new ones and they then wonder around the machine and try to get into trouble. Managing the sandbox says that everyone in your ancestory tree is part of the sandbox and people who are members of the family are not allowed to leave just because they get pissed off at the processes next to them. The part that makes this cool is that the Windows APIs that tell you about process "launch" and "terminate" tell you about the immediate parent - and that's it. Once the parent dies, all history of who that parent was is gone! It is up to the isolation code to keep track of the grandparents who may or may not be alive anymore and since they have cousins and since the cousins are part of the family, they are all part of the same isolation sandbox. One of the very first things I did when the Application Streaming team took over the AIE code from Presentation Server 4.0 to use as the basis of Rade, was try to BREAK the process logic. To my happiness - it was bullet proof. Eventually, all of the processes that are part of the sandbox terminate - when they do, the isolation system declares the sandbox dead and starts tearing it down. This is where post-exit scripts kick in and licenses are released. WHAT IS THE POINT OF THIS POST? Isolated processes are just like regular processes. Actually, they are regular processes, they just get "filtered" a bit as they execute. Everything CPU wise happens "native speed" and everything about memory usage and other "process" things are same for isolated processes as they are for native processes. A process is a process is a processs. Enjoy, Joe Nord Product Architect - Application Streaming, Citrix Systems, Fort Lauderdale, FL
Web Filter for XenApp
Last changed: Sep 02, 2008 14:26 by Craig Ellrod
Labels: antivirus, hybrid, iprism, stbernard, eprism, proxy, bridge, netscaler, appexpert, apptips, tips, compliance, xenapp, virtualization, xen, tap, netscaler, xenapp, number 1 web filter, web filter, web filters, web filtering, url filtering, internet filter, website filter, content filter, content filtering, im filter, p2p filter, im filtering, p2p filtering, email filter, email filtering, transparent proxy, citrix ready, xen filter, network tap, application virtualization, citrix presentation server, xenapp web filter, xenapp security, load balancer, load balancing, server load balancer, server load balancing, lang-eng The St.Bernard iPrism works with Citrix's Application Virtualization platform - XenApp, and works quite well. Seen as a perfect complement to each other the Citrix NetScaler and XenApp products were tested with the St.Bernard iPrism Web Filter. Both companies offer architectures of one-arm (out-of-band) and two-arm (in-band) deployments. At Citrixlabs in Santa Clara, CA, USA, we tested both the out-of-band and in-band configuration of the iPrism Web Filter. We loved the fact that the iPrism is auto-discovered by the management software, so no console cable was needed. With NetScaler: We deployed the iPrism Web Filter behind the NetScaler in our proof of concept datacenter in Santa Clara, CA, USA, and configured the NetScaler for NAT (Reverse NAT) for outbound connections to the Internet. NAT is often performed by the Firewall. The Web Application Firewall, also part of the Citrix NetScaler, was configured for protection of inbound security threats to websites and web applications. The iPrism was configured to monitor outbound traffic from the internal subnet of 172.16.104.0/24, and block all traffic to offensive websites, and monitor traffic to all other websites. The Real-Time monitor in iPrism gave us a detailed report on the users and IP Addresses that were going out to which sites on the internet. We could see who was accessing what, and which content was being blocked. Particularly nice, was the fact that the iPrism automatically authenticated each user to the Citrixlabs domain controller, every time they surfed a new website, without them knowing it. This was very useful for keeping a tight grip on security and for compliance reporting. With XenApp: The powerful value is in the integration with XenApp. We plugged the iPrism in as an in-line device, and configured it to work with Citrix XenApp©, formerly known as Citrix Presentation Server. One of the key questions that will arise in this situation is with all of those Citrix XenApp thin clients logging into the XenApp and then launching browsers to the internet, how does iPrism keep track of them. By adding the XenApp IP Address to the iPrism configuration, the users are tracked using "Session Based Authentication" - this catches each individual user and IP Address in each browser session and in the reports. We were impressed by this and determined the iPrism to be an excellent fit into a datacenter outfitted with Citrix.
Network Diagram:
Watch this video tip:
How do you "Discover, Connect, Participate"?
I remember during Geek Speak at the Synergy Conference, that someone had posed the question about the many formats of information that are available. For the most part you have blogging, documentation, podcasts, tech talks, and webinars. It was interesting to hear the different responses to which format you liked most and why. I didn't keep a running tally or anything, but some points did stick in my mind. It would be great to hear from you on which format you most prefer. Vote below to let me know.
2008/08/22
XenServer SR and Openfiler 2.3
Hi. If you are using the OpenFiler software as a iSCSI Server for Citrix XenServer, you will run into an issue. There is a problem of activation Xen VG's within the Openfiler LV. So, to fix the issue in OpenFiler 2.3 and stop VG activation on the system startup comment the following lines (333-337) in /etc/rc.sysinit # if [ -x /sbin/lvm.static ]; then You can find more details in the OpenFiler Forum at: https://forums.openfiler.com/viewtopic.php?id=2280 Danny
Citrix Blogs Widget 1.2 Released
Last changed: Aug 22, 2008 15:51 by Gus Pinto
Labels: community, citrix, blogs, widget, mac, dashboard, netscaler, architecture, cdn, gotomeeting, provisioning-server, workflow-studio, xenapp, xendesktop, xenserver, citrix blogs, nonspecific, lang-eng Hello Mac Users First I would like to thank all of you for downloading version 1.0 of our blogs widget. We currently have 1400+ downloads, and this goes to show that the Citrix community has indeed a large number of Mac users. I also would like to thank those users who sent us their feedback, this version of the widget is here because of you, so keep sending your feedback and comments. Meet the Citrix Blogs Widget Version 1.0:
2008/08/23
Web Feed - Digital Whack-a-Mole
Last changed: Aug 23, 2008 16:51 by Brent Doncaster
Labels: citrix, web, video, community, user communities, internet video, lang-eng, nonspecific The NY Times published an interesting front page article (Aug 9) and online post discussing how NBC attempted to block web sites hosting video clips and live feeds of the Olympic Games opening ceremonies in the United States. According to the Times article NBC "sent frantic requests" to web sites asking them to remove videos and feeds of the Olympic ceremonies - amounting to a game of "digital whack-a-mole". Web sites including YouTube (Google) and Justin.tv pulled down clips, but could not keep up with users who traded links via Blogs and Twitter to stay ahead of NBC. NBC was attempting to protect its' TV broadcast coverage of the ceremonies which were tape delayed and presented in the USA during the evening hours on Friday August 8, a full 12 hours after the opening ceremonies actually occurred. So why is this interesting for a Citrix marketing type like me? This interests me because NBC had an opportunity to engage its user community - and didn't. User communities are a fundamental component of today's and presumably tomorrow's web, and at Citrix we are fortunate to have a long-standing and vibrant user community that Citrix needs to engage with and make successful. Citrix has a renewed focus and commitment to make our community more successful via the newly re-designed and enhanced Citrix Communities site. We care about our users and our community and are investing to help make our community successful. Is there more to this NBC video thing beyond the notion that traditional media outlets like NBC apparently still don't get the net, or that video has finally arrived on the net? NBC is posting thousands of hours of its Olympic Games coverage online, using Microsoft® Silverlight™ technology, so they do get the net, or do they? (this Silverlight aspect is a topic for another blog - can you say DRM!) NBC's decision not to live stream coverage of the opening ceremonies might be considered somewhat odd. NBC is obviously working to manage access to its Olympic video footage in an attempt to maximize its audience so as to charge higher advertising rates. This all makes sense - old school sense - or rather cents! I'm sensing NBC has missed a glorious opportunity to engage its community who could have supplied content snips from their perspective, content that could have extended the NBC viewpoint. This user supplied content could have been a great complement to live streaming feeds of NBC's "official" Olympic games opening coverage - if NBC had in fact supplied a live internet feed. They have the infrastructure -see myNBC.com. My searches on myNBC.com turned up 2 Olympic Games clips, both of which returned "the requested video is not available" message"... NBC blew a significant opportunity to begin re-inventing themselves to be more than just a source of content created in-house and to begin engaging and fostering a user community of associate content providers. Many news outlets, CNN, Fox News are attempting to leverage user supplied content to support their official coverage - NBC missed the opportunity to build their community and leverage the Olympics.
2008/08/25
Non-Vista apps and Apollo 3D graphics
Last changed: Aug 25, 2008 17:03 by Derek Thorslund
Labels: apollo, apollotechpreview, vista, graphics, hdx, xendesktop, lang-eng The Apollo Accelerated Bitmap Remoting technology leverages Vista Aero to efficiently capture and deliver DirectX and other 3D graphics. But what if you need to deliver applications that aren't Vista compatible into the same virtual desktop as your 3D professional graphics applications? The trick is to deliver them using XenApp, the Integrated App Delivery feature of the XenDesktop Enterprise and Platinum editions. XenApp supports applications that run on Windows Server 2003 and (with XenApp 5) Windows Server 2008 Terminal Services. Your non-Vista applications can be hosted on XenApp and delivered seamlessly into the user's XenDesktop virtual desktop via Citrix's ICA protocol. Application compatibility issues are eliminated because these applications are never actually installed on Windows Vista. They appear seamlessly integrated with the user's Vista Aero virtual desktop even though they are actually running on a different operating system. Derek Thorslund
Citrix EasyCall ver. 2.0 updates
Improvements in EasyCall 2.0 EasyCall 2.0 contains many of the improvements you have suggested: - Simpler phone selection - Simpler directory search, which now searches both the corporate directory and your Outlook contact t the same time - New call status and cancel features - Further improved number recognition EasyConference Tech Preview A new feature called EasyConferencewill enable you to use EasyCall for audio conferences. New EasyCall Directory You can leave the new Directory Bar on your desktop so you can use it anytime. Just start typing a name, a few letters of the first name space then the last, or now last name comma first name.
More EasyCall 2.0 Tips - Use EasyCall to call telephone numbers in Email signatures, GoToMeeting invites, Salesforce.com contacts, Outlook Contacts, etc. - Use EasyCall to place calls from your office or even the conference rooms you frequent. - Use EasyCall whenever working remotely for business calls. No more long distance charges on your home phone. No more international calls on your mobile phone. No more airtime overages. - Use the EasyCall Directory to look up and call coworkers. Finding phone numbers has never been faster. - If you don't want to share your home or mobile number with the folks you call, use the Hideoption. The folks you call will see the main number and not your personal numbers as your calling line ID. - Make sure you enter "X" or "ext" before your five digit number. Everywhere else, just use your regular office telephone number.
XenDesktop Storage Requirements
With desktop virtualization you might be thinking what should I use to store all my desktops and data. This can be especially confusing with Provisioning Server offering storage savings as well as storage optimization features from storage vendors. This blog covers storage requirements for the various components of XenDesktop, storage for pooled vs. assigned desktops, and storage features from storage vendors that can be leveraged in XenDesktop. XenDesktop Enterprise includes the Desktop Delivery Controller (Connection Broker), XenServer, Provisioning Server and XenApp for Virtual Desktops. For a XenDesktop environment you will need storage space in the follow areas.
Storage for Pooled vs. Assigned desktopsWhen creating groups of virtual desktops you have a choice of either a pooled / shared group of desktops or assigned / dedicated desktops. A pooled desktop groups allows a user to use any desktop in the pool. This allows for instant access to the virtual desktop since you can have an idle pool of desktops and simplified management by only needing to patch and update the base image instead of each individual dedicated desktop. When a user logs off the desktop is returned to the pool. An assigned / dedicated desktop has a few feature advantages since the user has full control over the desktop. One example is the support for user installed applications in their virtual desktop. Over time Citrix will be supporting / moving functionality only available in a dedicated desktop to a pooled desktop because a pooled desktop is ideal because of the simplified management. Storage for a pooled desktop group occupies about 1GB of storage for each virtual desktop plus the base PVS vDisk image. Your base PVS vDisk image will probably be about 10GB to 20GB depending on the OS and if you added any application streaming cab files to the base image. Keep in mind you will want to store multiple versions of the base PVS vDisk image in case you need to revert back to a previous copy. Some storage vendors offer features to efficiently store the copies of the base vDisk image. Storage for an assigned desktop group occupies 10GB to 20GB for each virtual desktop. With a large number of virtual desktops this takes a significant amount of storage. However by leveraging features storage vendors offer you can dramatically reduce the storage required. Keep in mind this will only reduce your storage requirements and will not provide the simplified management that a pooled desktop group offers. Leveraging storage vendors featuresLet's take a basic look at features that storage vendors offer that can be leveraged in XenDesktop.
So that is my overview on storage with XenDesktop. If you have any questions or have new ways to leverage storage features with XenDesktop check out the new XenDesktop CDN site or leave a comment.
Announcing Citrix XenApp 5!
Last changed: Aug 25, 2008 22:33 by Sridhar Mullapudi
Labels: xenapp, delaware, xenapp, xenapp 5, windows server 2008, terminal services, application virtualization, lang-eng This morning we announced Citrix XenApp 5. You can visit the product page for details on everything related to XenApp 5. Here you can download the updated feature matrix, XenApp 5 & Windows Server 2008 feature analysis, Top 8 reasons to upgrade and a link to register for the upcoming XenApp technical Webcasts. The technical Webcasts will cover XenApp 5 functionality as well as best practices for migrating/upgrading to XenApp 5. The XenApp 5 bits will be uploaded to MyCitrix download page on Sept 4th. And, don't forget to register for the Sept 9th first ever live XenApp virtual event!
2008/08/26
Summit is just around the corner
Citrix Summit, October 26 - 29 at the Walt Disney World Dolphin and Swan Resort in Orlando, Florida.Citrix Summit is being held in the fall of 2008 to give partners plenty of lead time in preparing for the new year. You'll hear all about the newest products and programs long before January arrives so you can kick off 2009 fully prepared for new opportunities. Top three reasons to attend
During two and one-half days of non-stop educational and networking activities with Citrix executives and the Sales team, you'll strengthen your solution selling skills so you can expand beyond point products into comprehensive application delivery solutions. You'll also find out how to increase your services business around Citrix solutions for larger revenue streams. Are you a Citrix Partner? [Learn More & Summit Registration]
Citrix Provisioning Server and Active Directory Machine Account Password Synchronization
Last changed: Aug 28, 2008 09:06 by Rich Crusco
Labels: xendesktop, xenserver, architecture, provisioning-server, xendesktop, xenserver, provisioning server, active directory, nonspecific, lang-eng Provisioning Server offers you the ability maintain Active Directory machine account password synchronization for target devices. This ability is enabled on the Provisioning Server and is configured on a per virtual disk basis.
2008/08/27
PowerShell and MFCom - Part II
Last changed: Aug 27, 2008 05:34 by Christian Gehring
Labels: powershell, mfcom, scripting, xenapp, cdn, workflow studio, lang-eng In my last blog I have started with the Introduction of PowerShell and MFCom. Today we'll provide you more information's about MFCom Objects and how to use them with PowerShell. Check Session StateTo retrieve the session state for each session within the Citrix farm you have to query IMetaFrameSession.SessionState. If the returned state of the session is MFSessionStateStale, no further attempt to read other session properties should be made. This state indicates that the session may no longer exist. #Type Definitions $MFSessionStateUnknown = 0 #Unknown state #Main $farm.Sessions | Where-Object { $_.SessionState -eq $MFSessionStateActive {color:black}}| Format-table Username,SessionName,AppName,ServerName,SessionState Find disabled Application Finding disabled applications is mostly useful in your production or test environment where you have to handle with many published applications. This property IMetaFrameApplication.EnableApp enables or disables the application.
#Type Definitions #Main
2008/08/29
Is SAN really NAS spelt backwards?
Last changed: Sep 11, 2008 16:55 by Olivier Withoff
Labels: xenserver, storage, san, nas, iscsi, fcp, gbic, raid, xenserver, xenapp, xendesktop, data storage, disk storage, fibre channel, lang-eng Google 'storage' and, apart from the odd link to IKEA, data storage is starting to become more prominent. That Ultra-640 SCSI, 15,000 RPM 30GB drive you proudly have in your best server is taking center stage in Storage Area Networks (SANs). As the options for building a SAN are becoming numerous, and the prices are starting to look attractive, maybe you need to get to grips with the fundamental technologies, and terminology. Have I got a whitepaper for you! Introduction to Storage Technologies.
The XenApp Management SDK (MFCOM) for XenApp 5.0 is now available
Last changed: Oct 14, 2008 17:26 by Andrew Van Heden
Labels: sdk, sdks, mfcom, mpssdk, cdn, partners, team-technical-support, xenapp, citrix sdks, presentation server sdk, xenapp sdk, xenapp management, lang-eng We have just released the XenApp Management SDK (MFCOM) for XenApp 5.0, and it is now available as a free download. This SDK allows creating programs or scripts that automate the management of XenApp. Examples of use for this SDK range from simple scripts to the implementation of full-fledge custom consoles for fully managing a XenApp deployment. This release of the SDK adds support for Health Monitoring and Recovery, for reboot schedules, and for session policies. For additional details see the SDK and the XenApp documentation. You can also visit the very active Community Forum for this SDK. XenApp 5.0 was announced earlier this week. If you want to learn more about it, you should not miss Citrix Delivery Center Live. This live virtual event will take place on September 9th. Make sure to register now!
The Application Streaming Profiler SDK version 1.2 is now available
Last changed: Aug 29, 2008 19:41 by Aureliano Lopez-Martin
Labels: sdk, sdks, streaming, rade, cdn, partners, team-technical-support, xenapp, citrix sdks, application streaming, application streaming profiler, streaming profiler, presentation server sdk, xenapp sdk, xenapp management, lang-eng Yesterday, we released the Application Streaming Profiler SDK version 1.2, and it is now available as a free download. This SDK allows creating applications or scripts that automate the management of streaming profiles. The API allows creating, updating, reseting and deleting profiles, and can be combined with automatic starts of unattended installers. Without this SDK, these tasks could only be done through the Streaming Profiler user interface and would require the physical presence and monitoring of an administrator. Here follow a list of improvements in this second release of the SDK:
For more information about Application Streaming see the product documentation or search for "Application Streaming" on the Citrix Blogs, and for detailed questions about the SDK, visit the dedicated Community Forum. Also, keep monitoring the Citrix Blogs because Joe Nord, our Product Architect for Application Streaming, will soon post entries to further explain the Streaming Profiler, the SDK, and this release. Very important: we want to know about your experience with this SDK:
Lastly, XenApp 5.0 was announced earlier this week. If you want to learn more about it, you should not miss Citrix Delivery Center Live. This live virtual event will take place on September 9th. Make sure to register now!
|
. You are lucky as you have the right set of apps for this to work as well as it has. But I want you to think about going down a completely different route. Virtualization...
But I did only touch on a two areas. Take a look at the documents (especially the reference architecture) I put at the beginning of this blog for additional information. 
Citrix Blogs Widget
