For those of you who attended the TechTalk on XenDesktop Technical Dive, I wanted to post the videos maintenance videos. 

Remember, a virtual desktop solution must be able to simplify maintenance or else you are simply moving the administrative problem from remote sites to the data center. The first video shows how easy it is to patch the Hypervisor (XenServer).  The running virtual machines are automatically moved to another available XenServer without impacting the users. 

XenServer Update Video:

The second video shows how thousands of users' desktops can be patched easily without requiring a significant amount of time or expense with the use of Provisioning Server. 

Provisioning Server OS Images Update Video:

These are just two examples of maintenance for XenDesktop. The incorporation of XenApp and application streaming greatly simplifies the maintenance of application delivery.  If you want to hear more, take a listen to the recording of the TechTalk which can be accessed from here.

Thanks

Daniel

Homer Simpson Quote of the Blog (What do we need a psychiatrist for? We know our kid is nuts.)

WAN Load Balancing by Elfiq Networks is a perfect fit for the Citrix WanScaler WAN Optimization Engine product. The Citrix NetScaler already performs Server Load Balancing on inbound connections, and can even perform Link Load Balancing on outbound connections. However, when it comes to managing link resiliency directly at the WAN Links, at layer 2, this is where Elfiq shines. The Elfiq Layer 2 implementation allows the insertion of the Elfiq unit between the firewall and the primary link router without any change to their configuration for an easy deployment. For private WAN Links, Elfiq will redirect packets to all links at Layer 2 on a per session basis. Another great advantage with Elfiq is the low price point to get this type of functionality. When connectivity is being deployed to multiple sites with multiple links, Elfiq SitePathMTPX can be used with IPSec VPN Tunnels and VoIP along side of enterprise applications for greater performance and resilience.

Citrix & Elfiq Networks Deployment Guide!

WAN Failover Video Tip:

WAN Load Balancing Video Tip:

NetScaler Developer Network!

Please expand to view the English version. You will need Chinese fonts to view the section in Chinese.

您好！欢迎来访思杰博客。

新的博客现在开始支持包括中文在内的多国语言。 您现在可以用您最熟悉的语言来分享您的观点和信息。

作为在思杰总部工作多年的中国人，我很愿意为华人用户和同事提供更好的服务。欢迎您留言或来信。我会很感谢您的建议。

这个博客有很多信息，可惜到现在为止都是英文的。如果我们提供多种语言的翻译工具是不是会对您有帮助？比如说像谷歌的翻译工具。

杨瑞国

高级设计师

解决方案市场部

我的其他博客

----

If you are wondering what the above is about, here is the English Translation. Now you get an idea of how helpless a non-English speaking person may feel 

Citrix blog now supports blogging in non-English languages including Chinese and others. You can now blog in your favorite language. This blog is an example of it.  I am interested in your suggestions and feedbacks to improve the usefulness of this blog to non-English speaking users.

Will on demand translation such as google translation tool help?

If English is not your native language, please vote below.

Ray Yang

Check out my other blogs

The upcoming release for the Citrix Access Gateway version 4.5.8 has had some fixes and visual improvements added to it. There are no new features that I am aware of that have been added, it appears to be a maintenance build with some unification of the graphics for the Citrix Delivery Center. I for one love the new look, and that the different interfaces are gaining a uniform look and feel, look below and see for yourself:


Here is a screenshot of the Citrix Access Gateway welcome screen




Here is a screenshot of the Citrix Access Gateway connections screen




Here is a screenshot of the Citrix XenApp welcome screen




Here is a screenshot of the Citrix XenApp applications screen




Here is a screenshot of the Citrix XenDesktop welcome screen




Here is a screenshot of the Citrix XenDesktop desktops screen




We will cover more of the changes and details in version 4.5.8 as the imminent release date approaches, we be will releasing more information about the changes in it. I hope you like the visual changes as much as I do, and I would love to hear your thoughs about them, good or bad.

Finally the much awaited release of XenApp 5 can now be downloaded from MyCitrix download page (needs MyCitrix credentials).

XenApp 5 for Windows Server 2008 needs a full install and since this is the first time we are supporting Windows Server 2008 platform, there is no upgrade from previous versions. And, this comes in a DVD. No more Server CD and Component CD. Everything is one DVD for the Windows Server 2008 platform. And don't forget to check out this technical guide for a step by step approach in migrating to XenApp 5.

XenApp 5 for Windows Server 2003 does not require a full install and supports upgrading from previous XenApp versions (4.0 and above). In fact there have been no server side updates and the core server install still uses Presentation Server 4.5 install. All the new functionality can be implemented using the new clients and components (like Web Interface 5.x, EdgeSight 5.x, Streaming Profiler/Client 1.2 etc). So, why did we call this release XenApp 5 for Windows Server 2003 and not something like Presentation Server 4.5 Feature Pack 2 for Windows Server 2003? Let's not go there  and I think that deserves a blog post of its own. Anyhow, the good news is that all this new functionality on Windows Server 2003 can be adopted without doing a fork lift upgrade/migration. Again, for step by step instructions on implementing the new functionality, check out the technical guide for migrating to XenApp 5.

Btw, don't miss out on the first ever XenApp 5 virtual event on Sept 9th. More than 2500 customers and partners (and still counting) have already registered for this online virtual event.

In association with the XenApp 5 release and inline with the product release strategy outlined in the Future of XenApp for UNIX blog article, the XenApp for UNIX 4.0 with Feature Pack 1 release is now available as a MyCitrix download. This is a small feature pack containing the following changes:

• XAU Rebranding: Look and Feel of the product had been changed to align with the general XenApp rebranding. This primarily affects the login screen and all icons used when interfacing with ICA clients, WI and PNA.
• XAU MOTD (message of the day): Adds the ability for administrators to place a message in the file /var/CTXSmf/motd, the contents of which are displayed as text in a message box on the screen before the user logs in.
• XAU NOMORELOGIN: Adds the ability for administrators to disable any new logons to a server by using the ctxcfg -k nomorelogons=1 keyword configurable. Users can still reconnect to any disconnected sessions. At the next restart of Citrix Presentation Server for UNIX this behaviour is reverted.
• As well as the above, a number of bug fixes are being released: 
  • Fixes an issue where the ctxfm process can crash if an authentication time-out is enabled. 
  • Fixes issues where replacing a non-retail license with another license can cause the ctxfm process to consume large amounts of CPU. This occurs if the license is changed but the Citrix Presentation Server processes are not restarted. 
  • Adds the ability to disable scrollmouse support. This uses the ctxcfg -k disablescrollmouse=1 keyword configurable to make a server session not claim this capability. Add the option -noscrollmouse to the XTW_OPTS line in /opt/CTXSmf/slib/ctxXtw.sh to turn off the X server's capability to handle any scrollmouse events that the client sends. 
  • Fixes an issue where errors could be generated when parsing XML Service packets under rare network-related conditions (for example congestion and misconfigured hubs or switches). 
  • Fixes an issue where the X server could crash when multiple OpenGL applications are run at the same time. 
  • Fixes an issue where screen corruption could occur when scrolling window contents. 
  • Fixes an issue that meant users had to re-authenticate when connecting to a published application using Web Interface 4.6. 
  • Fixes an issue where shadowing highly graphical applications could cause screen updates to lock up for all sessions involved.

• License Server: New release at the same release level as the Windows License Server.  As well as a re release for the Solaris SPARC platform, support on the Solaris x86/x64 platform has been added. As well as being included with the XenApp For UNIX with Feature Pack 1 download it can be downloaded separately as License Server 11.5 for UNIX.
• Updated Administration Guides for this XAU Feature Pack and the Licence Server product.

An associated public hotfix for each supported platform is also available (PSE400AIX054, PSE400HPUX054, PSE400SOL054, PSE400SOLX54). By default this contains all the bugfixes in Feature Pack 1. You can also configure the hotfix to upgrade your installation with Feature Pack 1 changes where your upgraded installation will then require licenses that provide Subscription Advantage Eligibility Dates for all platforms of August 27, 2008. This corresponds to installing the XenApp for UNIX 4.0 with Feature Pack 1 release.

Private and public hotfixes going forward will be common and applicable to all releases which makes patching simpler.

This post introduces the Streaming Profiler SDK, provides a description of what it does, how it works and how it can be a useful tool for managing your Application Streaming profiles.  The Profiler SDK has been around since the 1.1 release of the Streaming Client (PS 4.5 HRP 1) and the 1.2 update that accompanies XenApp 5.0 was recently announced.

Here's a link to the download site and the official documentation.

For a moment, put your programmer hat on and consider that the Streaming Profiler (the guts of it) have more than one client.  The "back end" supports the Streaming Profiler GUI (pkgr.exe), the Streaming Client itself (radesvc.exe) and the Citrix publishing system, aka the Access Management Console. 

Architecturally, the Streaming Profiler "back end" is the ONLY thing that is allowed to touch the .profile content.  Sure, others can and we haven't exactly HIDDEN the content, but in theory, the ONLY thing that knows the internals of how a .profile and .CAB are formatted is the profiler back end.  Notice that the backward / foreward compatibility stuff is at the API layer - not the disk content. 

Here's a picture...

This was the original layout of Application Streaming.  The separation of function said the GUI talented people do GUIs, the publishing people do publishing and the guts of how the streaming client works people do the back end and the service.   I was in this last group, had development responsibility for the back end and the above is rough description of how it all plugs together.  We decided on C++ as the interface between the pieces; shared header files loosly modeled on COM so it could be consumed.  It seemed to be a good balance at the time and we pushed on and built it.   There were some issues.  Being based on shared headers, the API is "per-build" dependent.  CPP doesn't meld well for portability.  C wasn't the right answer; too much state.  We let the header dependence go since - afterall - we are all building in the same build tree and it was a foregone given that all of the pieces would be updated every time we update the Streaming Client/Profiler.

Along came the real world

Customers, partners, ISVs also want to manage profiles and they want to do it from PROGRAM CODE.  The API is broke and the wisdom of the original developer who laid out the internal API rightly had rocks thrown at it.  I should have stuck with vanilla 'C' and all would be good - but that too had its own pitfalls.

The solution was a conversion of the private API from "something like COM" to "really COM" and this is the profiler SDK.  Picture below.

A vision to the future

Standard disclaimers and no promises, but the logical next step is to convert the internal components to use the external SDK.  The benefits are that we can be SURE that the SDK is a complete reflection of the internal API and that ... it works.  It will take some to get there - lots of time - but this is where I want it to go.

Joe Nord
Product Architect Application Streaming
Citrix Systems, Fort Lauderdale, FL

The Streaming Profiler SDK just got better.  The XenApp 5.0 APIs are published!

Here's a link to the download site and official documentation for the 1.2 release of the Streaming Profiler SDK. 

Just to be clear, YES, the 1.2 Streaming Client/Profiler can be used on top of Presentation Server 4.5.  The 1.2 version of the Profiler and Client are on the XenApp 5.0 DVD, announced here.  The streaming components can install on top of PS 4.5 and are not tied to Windows Server 2008 - though that is one of the platforms the new client supports.

In a prior post, I outlined the foundations of the Streaming Profiler SDK.  For that background, read here.

Additional details and overview on the SDK update can be found here.

OKAY - What's new?

Enhancements at a glance, Streaming Profiler SDK version 1.2:

• New APIs - Support for Inter-Isolation Communication defined profiles
• Supports more languages; notably C++ where the prior supported only C# and probably VB.
• Actual sample source!  What a concept.
• The SDK files are better organized for easy navigation.

Enhancement 1: Support for C++
 
No, I do not make this stuff up.  The Profiler SDK is COM based and COM allows client programs to be written in numerous languages.  The Profiler back end code is written in CPP, so you would think it would be possible to write a client application in CPP.   This previously wasn't possible.   If you don't ship all the parts that are needed to compile the CPP code, then nobody will be successful using that language.  Neat!  With this release, we actually now include the TLB file with the SDK and this makes it possible to write COM client applications without the assistance of Visual Studio programming environment.  I'll note that the Visual Studio method is still easier and writing this stuff in C# rather flows together compared to the CPP methods. 
 
Enhancement 2: Actual sample code provided with the SDK
 
The Profiler SDK now includes actual sample code!  Super.  How useful is it?  Yes, very useful.   The prior had samples included with the help files, but a file on disk is more tangible and easier to use given it also comes with build procedures or Visual Studio build environment.  I wrote a sample for the SDK which is included in the official download.  Actually, I didn't so much write a sample; I wrote a utility that was needed and the SDK team shipped it.  That works.  The App Streaming Test team wrote some samples as well.  The existance of Hello World can take you a long way toward working code and this is a good addition in this SDK.
 
Enhancement 3: New APIs - Inter-Isolation Communication profiles
The New IRADEPackage2 classes include support for defining links between profiles.  Goodness.
 
What can you code now - call to action!
Here's my list of profiler SDK based utilities that are definitely needed, but that I don't have the time to code....
 
Volunteers to fill these gaps and publish their works will receive a kind plug on this blog.

1. RadeGUID       Feed it a GUID, it will search the profiles and tell you which profile on the server caused this entry to get populated into the cache.
2. RadePurge       Nuke RadeCache.  I mean really nuke it - not just the apps that are published.
3. RadePackage   Command line launch a profiling session and save the output with no user interaction.   Everything needed for this exists right now.

In the above, I throw some rocks at our own stuff.  I'm not sure that's the right political way to go about it, but I do like to get things going the right way.  Fortunately most of the rocks are self-directed so that makes it easier.  We're making good progress and the Citrix Product Management group is giving significant focus to SDKs and I think this will provide good benefits for years to come.

Joe Nord
Product Architect Application Streaming
Citrix Systems, Fort Lauderdale, FL

Robert O'Keefe has created a demo of how to use the Citrix Password Manager Localization SDK, which can be used to localize the CPM plugin to languages beyond those natively supported.

video:src=http://www.youtube.com/watch?v=sYxBOsIGzc8

Dan Feller on my team contributed at least two posts on the topic of virtualizing XenApp servers on XenServer. Dan makes some excellent points and gives you plenty of business reasons why XA on XS is a good idea.

I am not going to re-iterate Dan's points here, but rather focus on another burning question in this context: How much of a scalability overhead can I really expect with my specific application? The typical consulting answer would be "it depends" and "we'll have to do a scalability / performance assessment to determine the specifics and best practices". So, we have done just that and used two popular enterprise class Applications: Siebel 8.0 and PeopleSoft 9.0. The Solution Center is one of the teams under the umbrella of Worldwide Consulting Solutions (Dan Feller's Integrated Solutions team is another) and focuses on these types of projects, which often involve third party applications and/or hardware platforms from our technology partners.
Recently, we looked at running the front-end of Oracle's PeopleSoft and Siebel applications on XenApp (both 32-bit and 64-bit platforms) and focused on comparing the user densities we could achieve on "bare metal" servers compared to running them on XenServer.
The results are published in two separate whitepapers (PeopleSoft, Siebel), which describe the test bed, test methodology, detailed results and interpretation. As Dan stated in his May 15th posting, the virtualization overhead can be as low as 6% for XenApp virtualization on XenServer, and our tests confirm this number. Of course, the numbers vary between the applications and platforms, and we describe all the details in the whitepapers.
Generally speaking, kernel memory limitations constitute the first bottleneck on 32-bit platforms, and our tests verified that behavior. Even with the popular /PAE switch, the kernel memory limitation remains at 2 GB. Therefore, you can expect a higher user density per physical server if you're running multiple 32-bit XenApp servers on a XenServer. You'd have to be cautious not to consume too many CPU cycles, which often become the next bottleneck once memory is no longer a major concern. Prices of multi-core, multi socket servers with plenty of RAM have come down significantly, so chances are that your latest servers have plenty of resources to run reliably in that configuration at a reasonable price:

According to this 1988 article, prices of 1 MB memory chips were as high as $60 (or $105 in today's money), while you can buy a barebones server with 64 GB of RAM for roughly $5,000 today. While I am on the topic of computer nostalgia: a 150 MB hard drive set you back over $8k in today's dollars way back when... 1988 was also the year Dan Feller was looking forward to seeing his favorite TV show getting its own slot in the line up and he is still enjoying it to this day, as you can see from the quotes in his postings on this site. But I am digressing...

The Solution Center also conducted detailed validation tests with Oracle to obtain validation status for running virtual images of the Web-, Application-, and Database servers of Siebel 8.0 , PeopleSoft 9.0, and Oracle E-Business Suite 12 on XenServer 4.1, so you can now be confident that the entire environment can be successfully virtualized on XenServer, allowing you to take advantage of XenMotion in case of hardware failure and other benefits.

Now that XenApp 5 has been released to web, you will be probably looking to migrate your current farm or just create a test one. Jo Harder did an amazing job of putting together an all-you-need-to-know document that will help you understand all the technical aspects and requirements for installing XenApp 5 as well as step-by-step procedures on how you can migrate to XenApp 5.

XenApp Migration Reference Table

XenApp 5 Operating System and Platform Support

Farm and Server Interoperability Scenarios

 
 
Download the full document here

Never ever use this command to shutdown a vm!!!

The command should only be used if a xenserver crashes and a VM is still shown as running after the reboot!
The only thing the command does is deleting the VM running state entry
from the database.

You have to ensure that the VM is offline when you run the command!

For more information's please take a look at the manual:
http://docs.xensource.com/XenServer/4.1.0/1.0/en_gb/reference.html#cli-xe-commands_vm-reset-powerstate

Citrix Delivery Center Live! is a series of premier worldwide virtual events that will provide a look at how Citrix is making the next generation of virtualization a reality.  Join us for these live online events where you will get an in-depth view of Citrix products and how you can transform your datacenter into a dynamic delivery center.

Transform your datacenter to a delivery center...with XenApp
Join us for the first event of the series for a look at the next generation of Presentation Server: XenApp.  Attend sessions throughout the day to learn about how application delivery is driving businesses forward and why Citrix XenApp is the only end-to-end solution in the market.

This virtual event will explore key topics:

• Deliver All Windows Applications To All Users
• Introduction to XenApp 5
• XenApp and Windows Server 2008
• Combat Top IT Challenges with XenApp
• Create the Best Desktop Virtualization Solution
• Virtualize XenApp Servers
• Deliver 100% Availability for XenApp Deployments with Citrix NetScaler.
  
  

Throughout the day, you can:

• Attend keynote sessions with live Q&A
• Chat live with Citrix product experts
• Participate in forums and network with other attendees
• View content online and download information
• Visit the expo hall to learn about key Citrix products and joint partner solutions
• Connect with Citrix Partners to learn about solutions to enhance your virtualization experience
  
  

Event Schedule:

Register for Citrix Delivery Center Live!
Transform your datacenter to a delivery center...with XenApp

If you attended the live TechTalk, there were more questions than I could answer in the time allotted.  If you want, the recording of the webinar can be found here. Also, don't forget to check out the guides and reference architecture for the end-to-end virtual desktop solution:

• Implementation Guide
• Reference Architecture

But now it is time for the Q&A...

Q: So I have Presentation Server 4.0 and can publish desktops.  What does XenDesktop do differently?

A: An Excellent question and a great one to start this blog. One of the big differences between a XenApp (Presentation Server) desktop and a XenDesktop desktop is in XenDesktop you are essentially on your own workstation.  This means you can more easily allow your users to personalize and customize the applications to best suit their needs.  One of the major concerns I've seen and heard from numerous organizations using published desktops on XenApp was the desktop was static.  They couldn't change their backgrounds. They couldn't customize their applications. They couldn't do certain tasks because the XenApp server was locked down so tightly because that desktop is shared by many users.  In XenDesktop however, you can let your users modify the settings, customize the look and feel and try to better align the desktop with their job function.  On another aspect, there might be applications that just don't work on Terminal Services or XenApp for any number of reasons. However, XenDesktop is not built a multi-user operating system like Terminal Services. Is it meant for desktop operating systems like Vista and XP.  If the app works on your desktop, it should work on the virtual desktop.

Q: Can you please elaborate on the desktop receiver?  How different is it from an ICA client, and will it be available for a variety of thin client devices? 

A: In part, the desktop receiver is similar to the ICA client in that it allows ICA connections to XenApp and XenDesktop sessions.  The Desktop Receiver also includes visualization customization options through the use of a toolbar in the virtual desktop window.  If you just used the standard ICA client, a connection to XenDesktop would work, but you would be unable to fully customize the view.

A: Yes. The user will most likely experience a pause or slowness in their session (100-200ms) during a transfer. However, the session and the data will not be lost. In most instances, the user will be completely unaware of the pause unless they are staring at the monitor and interacting with the session.

Q: Roughly how many VMs can a controller handle?

A: I wish this was an easy question to answer, unfortunately it is not.  I can tell you that we have seen a single controller manage 1500 desktops without reaching a the breaking point (standard server hardware was used 2 processors, dual core, 2 GB RAM).  Because XenDesktop is based on a farm architecture, we can simply add another desktop controller when one becomes maxed out.  If you remember the processes that occurred during a virtual desktop startup, it essentially comes down to the virtual desktop registering itself with the controller and then the controller routing a user request to the virtual desktop.  These processes happen quickly with little impact to the server. Once the virtual desktop is up and running, very little activity is required by the controller except to verify the virtual desktop is still running.

Q: To provide high-availability for the AppHub, you used a NetScaler to load balance the requests. Do you need to load balance multiple NetScalers?

A: No.  There should be 2 NetScalers in the architecture though, setup in a HA Pair. The HA Pair will be in an Active-Passive mode. If the Active NetScaler were to fail, the Passive NetScaler would take over immediately.

Q: So where do you install the applications if you don't install on the virtual desktop?

A: It depends how you want to deliver the application.  The recommendation is to stream using XenApp and to host using XenApp. When the user is logged onto their virtual desktop, the Application Receiver (similar to PN Agent), will auto-logon with the user's credentials.  The App Receiver will show a list of applications for the user on the virtual desktop, start menu or system tray. Those applications are not installed, they are just icons.  When the user selects one icon they will

1.       Hosted: start a session on a remote XenApp server and execute the application from there

2.       Stream: have the application streamed to the virtual desktop on-the-fly.  The application will run from the virtual desktop. 

Both options are valid and appropriate for different circumstances.  That is a longer discussion, which I hope to extrapolate on in an upcoming blog post. Hmmm, did I just commit to something else? I gotta stop doing that.

Q: What impact would XenDesktop have on apps which are not Windows Terminal Server compliant?

A: They should work.  Terminal Services is a multi-user OS and we try to run single-user apps on top of it. Most applications work fine, but there are a handful which do not for some reason or another. XenApp has tried to overcome these challenges with technologies like AIE or virtual IP, but there are still some apps that don't play nicely on a multi-user OS.  With XenDesktop, you are using Vista or XP.  That desktop, for the duration of the session, belongs to a single user.  This should help to overcome many of the app challenges we have all experiences with a Terminal Services infrastructure.

Q: Does each XenDesktop instance take up a citrix license?

A: Yes. Each virtual desktop connection equates to a XenDesktop license.

Q: Do you have to have XenDesktop with XenApps?

A: No.  You can run XenDesktop without XenApp and it runs fine.  The integration of XenApp with XenDesktop allows for the reduction in the number OS images you must maintain because the applications have been removed. For example, your entire organization probably runs 1 or 2 desktop OS but you have more than 1 or 2 desktop images. Why? Probably because of the application set. 

Q: Do you have to buy separate licenses for each provisioning server?  Or do you get rights to configure a dev/test and production server when you buy the product.

A: Provisioning Server licensing is based on streamed desktop. So you can setup a Provisioning Server in Production and Test and they don't require a license until you stream desktops. Then each streamed desktop requires a license. If no license is available, the desktop will shut down after a few minutes.  

Q: How do the vm's continue to run if the host physically goes down in the case of a hypervisor failure?

A: If the host physically fails, the virtual machines go offline as well. Any unsaved data is lost. The virtual desktop will restart on another available XenServer.  The time required will be based on how long it takes for the virtual machine to boot. Think about this as well, if your physical desktop fails, power outage, etc, you also lose everything unsaved. 

Q: What do you do about applications that aren't supported in XenApp, do you then have to have an image that contains that app?

A: No. If the application doesn't work on XenApp, I would suggest trying to create an application profile for the app.  That profile will then stream down to the virtual desktop when the user requests the application.  The app will run ontop of XP or Vista and not XenApp.  This should help with those troublesome applications.

Q: Do we need to install the applications on all the desktops or only on the base OS

A: Ideally, you don't install the apps on the base OS.  The base OS is just the OS and some agents.  When the user logs on, they automatically get their applications from a XenApp backend.  When the user selects an app, the app is either launched remotely from a XenApp server or streamed down to the virtual desktop.  If you must update the app with a hotfix, you update the application profile once, and those updates are streamed down to all virtual desktops automatically.

Q: I have Presentation Server now. What are the migration steps for moving to XenDesktop?

A: If you already have your Presentation Server (XenApp) architecture, then your move to XenDesktop is fairly straight forward. You want to leverage your XenApp install to better delivery applications into the virtual desktop.  I would suggest looking at the Pilot Reference Architecture and the Implementation Guide to help you through the setup and integration.

Q: I use ISA to publish my internal URLs.  Is there a way in XenDesktop to use a different port for the URL that it gives out?

A: Many of the ports and addresses inside of XenDesktop are customizable. 

Q: Could one use Citrix Access Gateway or Netscaler for secure desktop delivery?

A: Yes.  That is the best integrated solution.  With Access Gateway or NetScaler, you can setup secure, remote desktop delivery without requiring users to open up a full VPN tunnel. They will instead be able to encapsulate ICA traffic inside of SSL so it is secure over the Internet. If you go with NetScaler, you have the option of using and integrating the high-availability options for XenDesktop like load balancing and global server load balancing. These materials (Reference Architecture and Implementation Guide) explain how this works for a XenApp environment, which would be similar to a XenDesktop environment.

Q: Is the app receiver like a PNAgent?

A: Yes, that is the best way to think of it for those familiar with PN Agent.

Q: When Hypervisor #1 goes down, how does Hypervisor #2 know about the #1 server's session's virtual memory and use it to run those sessions on Hypervisor #2?

A: It doesn't.  If the hypervisor fails, then the data is lost.  You can only move a running VM to another XenServer without losing data. If the XenServer physically fails, then the virtual machine can be automatically restarted on another virtual machine.

Q: What is the difference between the VD Receiver and the XenApp ICA client 10.2?

A: The main difference right now is that the Desktop Receiver contains the functionality for a toolbar allowing you to more easily customize the window of the virtual desktop. 

A: I would recommend taking a look at David Wagner's blogs on the UPM here:

http://community.citrix.com/pages/viewpage.action?pageId=34439480

http://community.citrix.com/pages/viewpage.action?pageId=35291139

http://community.citrix.com/pages/viewpage.action?pageId=33587458

Q: Can machines be added to the Desktop Broker that do not have the XD Client, but instead just use a traditional RDP or VNC connection?

A: At this time, the connections are through ICA and require the Virtual Desktop Agent installed on the virtual desktop. The agent is responsible for the ICA connection as well as registering with the XenDesktop controller.

Q: You said that XenDesktop is supported on Virtualization OS other than Citrix - Microsoft Hyper-V and VMWare ESX; is it supported on the Oracle VM also?

A: Not at this time. 

Q: Can this support multiple versions of the same software suite?  I.E. I have most of my users using Office 2003 Pro but I have a select group using Office 2007 Pro Plus, can this be done with XenDesktop?

A: Yes.  You can either have the apps available for different users (one user group gets 2003 and another gets 2007) or you can have both apps be available for all users simultaneously and be executed from the same virtual desktop when the applications are streamed with XenApp.  

Q: I have several users that need to use Adobe Acrobat Professional and at this time, Acrobat will not install on a Terminal server, this causes us to have to have local PCs for these users, does XenDesktop adress this issue and allow me to give my users, who need it, access to Acrobat Pro?

A: Yes.  You should first try to have a base virtual desktop image and stream Acrobat Pro down to the virtual desktop.  If the app streaming does not work, you can also create a Acrobat Pro virtual desktop where the application is installed and part of the base OS.  That base OS will be published to the appropriate users.

Q: Can you "publish" a virtual desktop from xenapp server?

A: Yes, but that virtual desktop is not the same as a XenDesktop virtual desktop. See the very first question.

Q: What thin client devices can this be used with?  Is there a thin client with Desktop Receiver? Does this work with Sun Ray's and Sun Secure Global Desktop

A: Take a look at the Citrix Ready site. There is a specific section focused on Desktop Appliances.

Q: Does this work with non x86 UNIX/Linux OS's

A: Currently it only works for XP and Vista.

Q: Can a user change clients without losing their virtual desktop.  i.e. can I disconnect form machine 1 go to machine 2 and reconnect and still have the original virtual desktop and continue with the original virtual desktop.  Also, does the system keep running while disconnected (i.e. a compile would continue)

A: Changing endpoints but going back to the same virtual desktop is possible with a feature called Workspace Control (it is part of XenDesktop).  As for running while disconnected, it can you if you want it to. 

A: Get an umbrella.  This is actually a very serious concern. If you try to boot up 1000 virtual desktops at once, you will most likely have some challenges on many fronts, just due to the impact on everything.  This will in turn result in users not getting to their virtual desktop or being required to wait a very, very, very long time.  XenDesktop allows you to set idle limits based on the time of day.  If the morning rush starts at 9AM, you will want XenDesktop to start prepping the environment around 7 or 8AM to make sure everything is ready for the rush.  You do this with the Idle limits shown in a previous picture.   

Q: Is the OS image hardware independent, or do you have to have a separate OS image for each hardware variant in your environment?

A: If you are running on XenServer, then all images have the same hardware footprint (the XenServer virtual space) even though the XenServer might be on different hardware.  You can use the same  OS image to stream to a XenServer virtual machine and a physical server by configuring a common image where drivers are incorporated into the base image.

Q: How would this be in a WAN env?

A: Pretty good. The protocol XenDesktop uses is Citrix's ICA protocol which has been used for years with XenApp (Presentation Server, MetaFrame).  This protocol only sends the screen updates down to the end point.  So when you are typing in Word, only the images of the letters get sent, if they changed.  ICA also has been enhanced greatly over the years to support audio, video and numerous other areas.  Truthfully, the only way to be certain it will work for you is to try it out by getting the free evaluation kit.

Q: Our env is highly integrated, we have found that streaming applications to be nearly impossible.

A: By highly integrated, I assume you mean many of your applications rely on each other.  App streaming is a great idea, but this was a huge problem. First, the background. When you stream, each app is in its own container.  Those containers are separate and do not interact.  That is a major problem for environments like yours.  What ends up happening is you have 2 different enterprise applications that each rely on Excel.  You create one profile for one enterprise app and include Excel. You then create another profile with the second enterprise app and Excel.  When you have updates to Excel. You have to update both profiles. This is hard to manage and maintain. 

Have you looked into XenApp 5, just released? It has major updates to XenApp streaming where these different containers can now talk to each other. So in the previous example, you would have 3 profiles, 1 for each of the two enterprise apps and another profile for Excel.  You configure the profiles to work with other profiles. This should help you overcome the major challenges you experienced in the past.

Q: Does this require an AD schema update?

A: No.  It does use AD, but it does not require Schema updates. (thank goodness).

Q: Streaming is overbilled it doesn't address application integration

A: I would love to hear more.  I agree in the past App streaming was a challenge because of communication limitations between applications, but with XenApp 5, those challenges are being mitigated with inter-isolation communication.

Q: Can you use a Microsoft load balancer to replace the NetScaler?

A: Yes. There are many differences that would take a lot of time to explain, but for simplicity, NetScaler has specific smart monitors and high-availability options for XenApp and XenDesktop that makes it easy to configure and setup.

Q: Is it possible to stream this over the internet at all? For example hosting the desktop at a datacenter

A: Well, the desktop and application stream would stay within the data center.  Users would connect to the virtual desktop in the data center with the Desktop Receiver, which relies on the ICA protocol.

Q: What happens if there is no controller available?

A: If all of your XenDesktop controllers fail, currently connected users will be fine. New connections will not be allowed.

Q: If the user count is small and all use same apps would it make sense to install all apps on provisioning server and by-pass streamed/hosted options.

A: It does make sense and is a possible option. 

Q: Does XenDesktop with installed apps optimize video/audio significantly more than a VMware VDI desktop?

A: Hosted, installed or streamed apps really don't make much of a difference when you talk about the optimization of video and audio t the endpoint.  What does play a major part is the delivery protocol.  The Citrix protocol, ICA, is used by millions of users who connect to XenApp published applications. That same protocol is used to delivery virtual desktops.  Truthfully, the only way you will be able to see is to try it out for yourself. 

Q: How do apps that are launched from other apps work - things like GoToWebinar or Flash, which are launched from a browser? What about plugins that require installation that are not on the gold desktop?

A: Plugins and flash and other items that were not part of the base OS image can be installed on the virtual desktop by the user.  However, that installation only impacts that particular virtual desktop. The changes made by the installation are contained in a write cache. When the user reboots the virtual desktop, that write cache is destroyed.  The next time the user connects to the virtual desktop, they would have to re-install the agent. This is a big reason for identifying the needs of the user. It allows us to identify the agents and plugins that are needed. But just because it is not part of the base image, doesn't mean the user can't add it on-the-fly.

Q: Is there a plan to provide a "Offline XenDesktop" in the future? (similar to VMwares OnDemand VDI)

A: I have heard people talk about it, but am not in the product group so I'm not certain what the roadmap looks like.

Q: what is best practice for managing XD workstation log files, taking into account that the log data is lost after every reboot? 

A: the log files would need to be stored on a network share that is persistent.   

Q: Does this support any Linux Desktops?

A: Not currently

Q: Do you absolutely need the Access Gateway?  I have WI with the CSG.

A: I believe you would be able to use Secure Gateway instead of Access Gateway.

Q: Will XenDesktop work with VIrtual Iron and XenApp?

A: right now XenDesktop only supports XenServer, Hyper-V and VMware ESX as the hypervisor.

Q: You had to mention NetScaler.  So what are all us normal or smaller companies going to use?  I hear that a NetScaler starts at $20K plus.

A: You can use software or hardware based load balancers.  NetScaler just includes integrated monitors and wizards to make configuration easier.  However, load balancers like Microsoft load balancing would work as well, you just want to make sure that the devices you are load balancing are being monitored intelligently (but even a Ping is better than nothing).  

Q: What happens when the Hypervisor fails and there are too many VMs moved to a single host?  Do some of the machines get put in stasis, are they shut down, or do all VMs suffer slowness?

A: With XenServer (Orlando) you can set priority levels for the virtual machines.  The ones with highest priority will be restarted on available XenServers, others will not. 

Q: What happens to data in the case of an Application Hub failure caused by a XenApp server crash?

A: This is the interesting thing with XenApp and application streaming. XenApp is needed to identify and start the stream, but once the desktop receives the stream instructions, the Xenapp server is removed from the equation.  So if I'm receiving my app stream, it is coming from the App Hub and the XenApp server is doing nothing.

Q:  In terms of client hardware would this work with WYSE thin clients?

A: You will want to look at the Citrix Readysite for desktop appliances.  Those devices that are not on the list might work, but you want to test.

Q: What are the differences in performance installing this on ESX server 3.5?

A: I haven't seen published stats on that scenario yet.  Until that time, you might want to try downloading the XenDesktop eval and trying it on both hypervisors.

Q: What's server cache??

A: The cache is for Provisioning Server (OS Streaming). Provisioning Server streams a base OS to hundreds of workstations.  Those workstations use a Standard Image (Read Only) to receive their desktop OS.  Any changes the user/desktop makes to that image are stored in a write cache. 

Q: This question is regarding licensing.  Do you utilize 2 different concurrent session licensing for any XenApp published applications running on Xendesktop?  please explain how it the licensing works.

A: Licensing is such a fun topic.  Citrix licensing for XenDesktop is concurrency for the virtual desktop and the app delivery.  With XenDesktop Enterprise and Platinum, you get XenDesktop, Provisioning Server and XenApp for Virtual Desktops. Each one is concurrency. So when you start 1 desktop and have applications, you use 1 XenDesktop, 1 Provisioning Server and 1 XenApp license. Of course when you purchase XenDesktop Enterprise or Platinum, the licenses are part of the package.  Take a look at the editions here. 

Q: I guess we need to have our own SSL solution. It is not part of XenDesk components, right?

A: With Standard, Advanced, Enterprise or Platinum edition, you get Access Gateway licenses which provide secure, remote access using SSL.

Q: Is XenDesktop the same as Desktop Broker?  We want to display a physical PC (a CAD workstation) across the WAN using ICA.

A: Sort of. XenDesktop replaced Desktop Broker.  Desktop Broker used an ICA server as a proxy to RDP to workstations. With XenDesktop, you get ICA from your end point to the virtual desktop.  Plus, XenDesktop incorporates many other technologies to make a more complete end-to-end solution. 

Q: Will Secure Gateway work or does it have to be the Access Gateway?

A: Secure Gateway will work.

Q: On average how many users can one XenDesktop and XenServer host?

A: XenServer is really going to be based on the amount of RAM.  Very few physical desktops utilize their CPU. If you are hosting Vista desktop on XenServer, the general recommendation for Vista is 1-2GB of RAM. If you have 64GB of RAM on XenServer, and you have 1GB RAM for each Vista desktop, you will end up with 60-62 virtual desktops (XenServer takes RAM too, which is why it isn't 64). However, the processor is the big question and the only way to really see that is to test it with real users and see how much they hit the processor.   

Q: What are some of the main differences between XenDesktop and Citrix Provisioning Server?

A: XenDesktop is the complete, end-to-end solution of virtual desktops.  Provisioning Server is a component of XenDesktop.  Provisioning Server allows a single OS image to be streamed to hundreds or thousands of devices across the network. This has advantages of only requiring administration of a single image for many desktops. 

Q: You mentioned Citrix User Profile manager is in Tech preview at the moment.... when can we expect this to be generally available? Will this be included with XenApp 5.0 which is due for release next month? 

A: I don't know the release dates for User Profile Manager and it isn't part of the XenApp 5 release either.

Q: Is this only for high-speed connections (local LAN) vs WAN as some of our sites are only 256MB frame relay?

A: No.  The remote delivery protocol that XenDesktop uses is Citrix ICA which has been used for numerous years by millions of users to remote connections.  I've seen organizations use ICA for any number of connections including dial-up and satellite. 

Q: Which of these products mentioned are extra to XenApp as we have Subscription Advantage and Enterprise Edition?

A: XenDesktop is a new product line different that the XenApp product line.  XenDesktop Enterprise does include a portion of XenApp, but it only allows application delivery to virtual desktops, where the XenApp product line allows application delivery to any end point. You will probably want to check out the product matrix.

Q: I'm looking for a VPN replacement.  Will you talk about the Remote user scenerio where I want to present a full desktop to a remote Work from Home user or newly aquired company where I need to provide a Desktop to them via citrix?

A: Access Gateway.  This will allow you to do just what you are looking for. You have two options on the configuration: Virtual desktop only or Full VPN. The Virtual desktop only option will only allow the user to have connection to the virtual desktop over ICA.  The user's endpoint won't technically be on the network, helping to protect the internal environment. With the full VPN configuration, the user will have a connection to the network. They can connect to a virtual desktop and browse the network from their end point.

Q: Is the streaming of virtual desktop accelerated over the network?  We have the Citrix WAN accelerators.  Does this work?

A: It might, I've never tried or it seen anyone try it.  As WANScaler works at the network stream and is not concerned with files or data, the Provisioning Server stream should show a lot of duplication as it goes from the central Provisioning Server to the numerous virtual desktops.

Q: What is the best way to run CadCam Civil 3D application for remote and internal networks? Can XenApps support and deliver CadCam Civil 3D Applications remotely? How much bandwidth is required?  Who can I call to assist me in setting up a Virtual desk top solution for CadCam Civil 3D

A: I unfortunately don't have experience with that particular application. You best bet would be to setup it up in a test environment and see how it functions.  Citrix's Consulting group can help with this type of testing, as they have done this with numerous organizations in the past. I should know as I used to be in Citrix Consulting. The Consulting information can be found here.  

Q: If I understood, we have the option to serve only the apps of the desktop to the user? Is there an installed client program on the client machine?

A: Yes, if the end point is going to get desktops, you want the desktop receiver. If the end point needs applications you use the Application Receiver.  They are very similar and can be used together. In most situations, you would have the Desktop Receiver on your end point and the Application Receiver on the virtual desktop.

Q: Can this solution work on a 10/100 MB network?

A: It all can, but you have to be concerned with the number of users and the number of desktops being streamed as the streaming is using the network. Now if your environment has your users on the 10/100 network and the infrastructure components (XenDesktop, XenServer and Provisioning Server) on a faster network, then that architecture easily works as the 10/100 network will just use the bandwidth associated with ICA protocol, which is minimal.   

Q: Can the desktop receiver be loaded on a thin client or desktop appliance?

A: Yes and it is, at least for the Desktop Appliances part of the Citrix Ready program.

Q: How is licensing addressed for the user, through Xen, if they need an application that requires Vista?  Is there a special license needed for this use on the Xen Server?

A: Each XenDesktop component is managed by Citrix licensing. For users who require a Vista desktop and application, those licenses are managed by the Microsoft and App vendor licensing agreement.   

Q: how does XenDesktop join to domain?

A: The base image is added to the domain.  Then that image is provisioned out to numerous other workstations. Those workstations are also added to the domain. As the desktops are managed by Provisioning Server, the Provisioning Server will keep the Active Directory and machine passwords in sync.   

BTW, I think this is the longest blog on the Citrix blog site. Thanks

Daniel

Homer Quote of Blog "I bet Einstein turned himself all sorts of colors before he invented the light bulb."

This tip shows you how to connect remotely to XenServer Configuration Console GUI from XenCenter and save a trip to the Datacenter.

UPDATE

Adding the command line to be typed for Copy & Paste purposes...

/usr/bin/xsconsole

best,
Gus

Remember the impressive demo that David Stone gave at Synergy in Houston showing how Citrix's RAVE technology is being adapted to improve the delivery of Adobe Flash content? Perhaps you caught the video on Synergy Underground. David showed a graphics-intensive 3D Flash animation of a shark and fish swimming in the ocean. It was far beyond the typical Flash animations found on corporate web pages yet the quality was "just like local". Since then, the Apollo Multimedia Virtualization team has continued to make excellent progress enhancing SpeedScreen Flash Acceleration with our RAVE technology. I met with Dave recently and we recorded this video to show how RAVE can deliver a high definition Flash movie complete with HD audio. The user experience is amazing and server CPU consumption is extremely low. Sorry, no dates have yet been announced for beta trials or general availability. But I think you'll be amazed at what the Apollo team has already achieved. RAVE (Remote Audio & Video Extension) is a strategic technology for Citrix and a key piece of our SmartRendering vision - the intelligent combination of server-side and client-side rendering based on factors such as the particulars of the application, the capabilities of the client and the server, and the characteristics of the network connection. RAVE is already used in XenApp's SpeedScreen Multimedia Acceleration feature, which is now being ported to XenDesktop, to deliver high quality video and audio from hosted media players based on DirectShow, DMO or Media Foundation technology. Many customers have been asking Citrix to enhance SpeedScreen Flash Acceleration with RAVE to improve the delivery of Flash-based eLearning applications and corporate communications videos. So take a look and let us know what you think. How will this technology help your organization? What are your most important "use cases" for delivering Flash content using XenApp or XenDesktop?

Derek Thorslund
Product Strategist, Multimedia Virtualization

I conferred with some of the security experts at Citrix on the topic of people and security.  Their advice came in several key areas:  

Physical access to IT assets: Gaining physical access to machines greatly increases the damage and theft of data a malicious user can do.   For this reason, admins should restrict physical access to sensitive resources - for example, restricting access to the XenApp farm to Citrix administrators with authorized access cards. 

Citrix products offer a great advantage in making it unnecessary to have applications and data locally stored, so physical access is less of an issue.  Some of our most security sensitive customers publish the application that can manipulate sensitive data but disable client drive mapping and the clipboard virtual channel and print screen functionality so that no data can leave the data center. 

Unattended and unlocked user workstations are also a liability and a policy that requires users to lock workstations when they leave the work area is strongly suggested.  System configuration to lock workstations after a few minutes of inactivity and password-protected screen savers are also good measures. 

Separation of Duties: Security policy should be such that no one person or role holds all control.  This means assigning roles in a manner in which it takes more than one person to accomplish certain tasks.  For example, if the task is releasing a binary to a customer, a software developer should not QA their own code.  Similarly, an administrator's activities should be monitored by a separate auditing role. 

Citrix brings value here as well, with a separate role for Citrix Administrators who share control of the overall system with Local and Network Administrators.  The Citrix Administrators manage only the Citrix environment, so there is additional separation of duties.

  Least Privilege:  The old "need to know" basis!  Well in this case, "need to have permission to do."  People's roles in an organization and access rights should be broken down to grant users only the privileges that they need for their particular jobs.  This applies to admins as well - for example, the database admin should not have management rights on the mail server or security console or the network. 

Citrix allows you to publish applications using different roles to further restrict access to certain data and privileges.   
The whole point of least privilege is that if an attacker is able to compromise an account, they can only do a small subset of tasks on the network/database/machine. 

Password Policies:

There are several ways people can weaken corporate security with their management of passwords.  The problem with passwords is users would like them to be easy to remember.  As a result, they may attempt to simplify things by using the following bad practices:

-         Write down their passwords

-         Set all of their application passwords to the same thing

-         Use really easy-to-guess passwords, like their dog's name

-         Use the same password every other time they change it (just alternating)

-         Using trivial and short passwords, like 123

-         Never changing their passwords 

These user antics are not good for corporate security!  Security Policy should specify:

-         Password length

-         Password complexity (require special characters, mix of letters and numbers, etc.)

-         Password history enforcement (force a new password and don't allow repeats for a certain number of passwords.)

-         Disallowing the use of dictionary words in the password

-         Prohibit the use of obvious words, like Citrix, in a password

-         Password expiry, forcing password changes 

Enforcement of this policy is a different matter.  Citrix Password Manager can help administrators enforce these policies in a corporate setting.  Plus, with CPM you can configure such that users do not even know their own passwords, very effectively preventing sharing.  As a side benefit, if the user leaves, de-provisioning and assuring the user can no longer access any assets is much easier, since the user didn't know their passwords in the first place. 

One of the attractions of virtualization is the ability to deploy applications as pre-built virtual appliances. An article in CIO Magazine describes a virtual appliance as "an application is designed, certified and delivered, with its own little OS, to run as a virtual machine on your existing physical server, or to run in a VM via a "cloud computing" service like Amazon's." Virtual Appliances are expected to provide rapid deployment, simplified support, improved performance (OS and Application Tuned by ISV), and increased security. There are many advantages to virtual appliances. But is this deployment method the best solution to your deployment issues?

With all the buzz about virtualization and cloud computing, the interest level from both IT departments and vendors in virtual appliances is rising rapidly. Citrix has offered an Evaluation Virtual Appliance of XenApp for over a year. It has been downloaded over 11,000 times, according to Kurt Moody. Microsoft nows has virtual appliances for Windows Server 2008, System Center Configuration Manager, SharePoint Server 2007, Exchange Server 2007, and more.  Many virtualization vendors like Marathon Technologies, Platform Computing, Fortisphere, VMLogix, deliver their product as a virtual appliance.

Some application vendors have also jumped on the virtual appliance bandwagon, such as Business Objects and Satori. Several virtual appliance sites have been launched, included rPath, VirtualAppliances.net and JumpBox.com in addition the the existing VMWare Virtual Appliance Marketplace. Even Paralells has started offering virtual appliances from their website.

There are some concerns about this new model. As this article points out, there are questions about licensing of the OS and application (especially for Windows based applications) as well as export and security issues.

With all these new virtual appliances becoming available, I am curious to know if you use virtual appliances, and, if so, for what purposes? What do you see as the advantages and disadvantages of virtual appliances?


Please vote in the polls below. Once you have voted, please post in the comments if there is anything else you would liek to see from virtual appliances.-

XenApp and XenDesktop provide the means for users to access their Apps and Desktops from a wide variety of platforms and devices. At Citrix our vision is to create a world where anyone can work and play from anywhere. Mobility is not new to Citrix. There are XenApp clients available today for Windows Mobile and Symbian devices, but small form factor devices have had their challenges. Slow, unreliable wireless networks, small screens and awkward user input models have relegated hand held access to small and highly specialized market segments. But that's all about to change.

The latest generation of hand held devices with their large, high definition screens and the availability of high-speed wireless networks are changing the game in a big way! A hand held device such as an iphone connected to XenApp via a high-speed 3G network yields a remarkably usable experience.

While serious content creation might have to wait for an external keyboard and monitor, consuming content like reviewing a spreadsheet or a patients records and simple tasks like approving an expense report are quite frictionless. And because you're accessing your content via XenApp and XenDesktop your access is fast and reliable and you never need to worry about your valuable data being compromised if you misplace or loose your phone.

I've been fielding quite a few inquiries lately about our strategy and plans for the iPhone. I thought it was time to let everyone know where we are and where we're going. The guys on our Mac development team in Chalfont, UK have just recently finished porting the core XenApp engine over to the iPhone platform. This was a great deal of work and the guys have done a brilliant job.

As you can see, pretty cool, but we still have quite a bit of work to do. During the next stage of the project we will be crafting a user experience that provides a natural, transparent and effortless user interface in keeping with the high standards set by our friends at Apple.

It's tough to say at this stage when we would have something that we could share with you but I promise if you watch this space we will provide regular updates on our progress and schedules as they reveal themselves.

Its the continuous and enthusiastic feedback we have collected from you all that has helped get this project off the ground. If you haven't done so already please check out Chris Fleck's iPhone blog and cast your vote.

Al-

I wanted to let everyone know that I'll be doing a Tech Talk on the new Streamed Plugin 1.2 soon.  The official title is Extend Application Delivery to More Users and Applications with Citrix XenApp 5. The agenda will cover how to extend the value of Citrix XenApp 5 to more users than ever before.

• Accelerate delivery of virtualized applications
• Extend the value of XenApp with client-side application virtualization
• Simplify packaging and reduce maintenance costs by 30% with linked profiles
• Fast and secure delivery to users outside corporate LAN with HTTP streaming
• Streamline management with self-healing applications and rapid updates
  

The date will be Thursday, October 2, 2008 at 10 am EDT and 2 pm EDT. Click here to read more and register for the whole series of upcoming XenApp 5 Tech Talk webcasts.

Hope to see you there.

Offer available through 10/19/08

The Citrix XenApp 5 beta exam, A05 Implementing Citrix XenApp 5.0 for Windows Server 2008, is currently offered at NO COST to all candidates through 10/19/08. Candidates have the opportunity to show their expertise and get ahead of the crowd on the next XenApp certification.

Because this exam is in beta, exam takers will have the chance to provide feedback and shape the final version. Candidates who pass the beta exam will earn the new Citrix Certified Administrator (CCA) for Citrix XenApp 5 on Windows Server 2008 at no cost.

Find XenApp training

*The last da to take the beta exam is 10/19/08. To register for the exam, visit http://www.vue.com/

And what a release it is. When we started this journey several years ago, the goal of the XenServer team was to create the industry's most comprehensive and open, bare metal virtualization solution on the planet. By nearly every measure, the XenServer 5 release meets or exceeds this objective. It's an entirely new approach to virtualization that makes the first-generation solutions look a bit complex, expensive and kludgy by contrast... kind of like comparing one of those 6-lb cell phones from the 1980s with a sleek new 3G iPhone.

Before I get into all the reasons you have to check out XenServer, I want to personally thank our fantastic team at Citrix who put in endless hours getting this release to market, as well as the hundreds of incredible customers who have discovered a better way to do virtualization and are passionate about helping us make it better with every release. Since the acquisition of XenSource by Citrix, we have grown the capabilities of the XenServer organization and have combined several existing Citrix groups into a tremendous new organization with some of the most talented engineers in the world. I am also pleased to report that every person who came to Citrix as part of the XenSource acquisition is still at Citrix and diligently working on fantastic new innovations. Citrix employs all of the original Xen inventors, so we continue to maintain a technical and leadership advantage when it comes to releasing new products. (As you know from watching all the recent top level departures from that other virtualization company in recent weeks, keeping top talent is no easy task). Software companies are based on people and a core few make all the difference. Tribal knowledge and expertise is very difficult to replace.

XenServer 5 is built on the Xen open source hypervisor, the industry's best, next generation bare metal hypervisor. We are pleased to have a robust community of over 50 major organizations that contribute to the innovation and continued development of this key technology, including all of the biggest names in server and microprocessor design. This incredibly powerful model ensures that the features in today's shipping version of Xen are already optimized to take advantage of next-generation capabilities in chips and servers that won't ship until next year, an advantage that will only increase over time. Xen has been available for many years and can be found in everything from supercomputers to cell phones. Xen is also the building block to most of the world's cloud computing vendors, including Amazon. The technology is robust, innovative, and freely available.

At Citrix, we take a snapshot of the open source Xen "engine" and build a great "automobile" around it called XenServer. With XenServer 5, this "automobile" contains a complete virtualization infrastructure with comprehensive management capabilities. We have designed this latest product to not only meet the competition in key areas, but exceed them in many dimensions. We've always said that the community development of Xen, along with the innovations and open ecosystem around XenServer, would eventually allow us to leapfrog a closed and proprietary first generation architecture. I am pleased to say that XenServer 5 accomplishes exactly that along so many dimensions.

When I talk with customers about XenServer and Citrix, they use words like innovative, open, partner-driven, and value. These characteristics have helped us double revenue every quarter, enter into strategic agreements with the largest server vendors in the world, and most recently, starting to win major enterprise deployments against a very entrenched competitor. Recent data shows that we are gaining market share even before the general release of XenServer 5. With our major OEMs, ISVs and channel partners trained and ready to deliver, it's going to be one heck of a year.

So, what's so great about XenServer 5? To begin with, it's amazingly easy to use, has unparalleled performance, is highly available, and has all the management bells and whistles an enterprise could envision. We've even taken things one-step further and enabled the product to provision both physical and virtual servers in a snap, saving up to 80% on storage costs over other solutions.

Here are some of the things that I am particularly excited about in this release:

Availability - We've added incredible new high availability and disaster recovery capabilities to this release. The new HA function allows for automated placement and restart of VMs in the event of a system failure. In addition, we've partnered with Marathon, giving us a seamless upgrade to the industry's best fault tolerance ("best of show winner at VMworld"), whereby applications can remain completely online and "compute through" any failure. No other server virtualization technology offers this level of availability and fault tolerance.

Performance - XenServer has the best performance of any product on the market, and this release builds on that by providing better Windows performance and enhanced memory management for improved performance of resource intensive workloads like Exchange and our own XenApp.

XenCenter Management - We've made many, many improvements to XenCenter, our easy-to-use management system. We've added a super cool Web 2.0 style search tool, performance monitoring, alerting and the new XenConvert utility for easy P2V and V2V conversions.

Storage Management Enhancements - This is an area I am particularly excited about. We've partnered with storage vendors to leverage native storage array capabilities by XenServer. This integration eliminates CPU-intensive storage operations to be performed by the host server and enables maximum use of array-based storage capabilities. We don't treat feature-rich storage arrays as just a dumb set of disks and load the host CPU with expensive storage operations as our competition does. In a word, we've done storage right.

While XenServer 5 can certainly stand on its own as a great server virtualization product, at Citrix, we've taken the game to the next level. XenServer is a fundamental component to the Citrix Delivery Center product family, enabling integrated application delivery from the datacenter to the desktop. The dynamic capability of XenServer provides the foundation for turning the static data center into a flexible and agile "delivery center". In addition to XenServer, Citrix Delivery Center contains XenApp, XenDesktop, NetScaler and the upcoming Workflow Studio tool for orchestrating it all together and making it easy to integrate our solutions with products you already have in your environment. The products are all designed to complement each other and we will continue to innovate around the integration of these products, always providing the best application delivery solution in the market. When it comes to application delivery, Citrix has it covered, and XenServer is a basic building block in the solution.

Finally, with the release of Microsoft Windows Server 2008 Hyper-V, some have suggested that Citrix and Microsoft are now competing head-to-head in the server virtualization space. Nothing could be further from the truth. The fact is that Citrix (and XenSource before the acquisition) have been collaborating with Microsoft for years to ensure that XenServer and Hyper-V are complementary solutions. The first thing you need to understand is that XenServer is a bare metal (Operating System agnostic) virtualization product while Hyper-V is a built-in part of the Windows Server operating system. We believe there are two types of users: those who want to perform virtualization as a bare metal extension of their hardware running multiple types of OS guests, and those who want to consume it as part of the operating system. Together, Citrix and Microsoft meet both of these market needs in a way that is flexible and interoperable - giving customers the best of both worlds

XenServer will always be bare metal, will always have great performance and leading-edge features, and will always be open. Additionally, we will take advantage of Hyper-V deployments in the future by delivering advanced XenServer capabilities on top of the Hyper-V installed base. This is a playbook Citrix and Microsoft have run successfully for years. Our philosophy at Citrix is all about customer choice and market coverage - it's a customer-first strategy we believe in and are excited about bringing to the rapidly-evolving server virtualization market.

XenServer is here and ready to deliver. Before you lock yourselves in to a proprietary system, I encourage you to try XenServer. If you're anything like the growing list of CIOs and IT managers who fill my in-basket each week, you're going to love what you see. But hey, I know I'm a bit biased. Why don't you download a copy today and try it out for yourself. I'd love to hear what you think!

Peter Levine

Executive SVP & GM, Virtualization & Management  Division

Learn more at  http://www.xenserver5.com/

Citrix has announced Citrix XenServer 5.

As Peter Levine wrote earlier today, XenServer 5 is built to be "the industry's most comprehensive and open, bare metal virtualization solution on the planet".

Below you can see a brief presentation that cover's the newest features of Citrix XenServer 5 (presentation hosted at SlideShare.net). After reviewing the slides, you can take a look at which features are are available in each version of Citrix XenServer 5.

Below you can see the features available in each release -

(click the thumbnail to enlarge)

You can find much more information at www.XenServer5.com.

XenServer 5 has just been released, and now we can talk about experiencing zero downtime with live migration. With XenMotion, virtual machines can be moved from server to server without service interruption for zero-downtime server maintenance or to seamlessly balance available compute power within a pool of physical servers.

Here's a cool demo of this new XenServer 5 Feature:

Get your weekends back by managing and maintaining your physical hardware during business hours...

For more on XenServer 5 check out XenServer5.com

You can also download a copy of XenServer 5 right here.

I am doing a TechTalk on "What's new in XenApp 5" on Tuesday, Sept 30th 2008. This is an hour long presentation (with Q&A) that is repeated and hence you can pick the time slot that works for you (either 10AM EDT or 2PM EDT). As this is a TechTalk, it will be technical in nature explaining not only the benefits of the new features but also the technical details on implementing them.

I am also co-speaking with Al on the TechTalk "Enhancing the User Experience with Citrix XenApp 5" which is geared towards the new XenApp 5 features that will enhance the end user experience when accessing XenApp applications. In the Q&A you probably can ask Al if he will provide us with his private copy of XenApp client for iPhone. I can't wait to see that go public.

And there are 2 other XenApp 5 TechTalks on our streaming enhancements and best practices for upgrading/migrating to XenApp 5. Don't miss them! All the TechTalks are repeated to let you pick the time slot that works for you.

Now that XenApp 5 has been released, you may be wondering how to transition the current environment to this new version and the associated pre-requisites.  Should I upgrade?  Should I migrate?  If this, then what? 

That's exactly the focus of the TechTalk that I'll be hosting on October 9th.  If you attended the Presentation Server 4.5 Feature Pack 1 Upgrade/Migration TechTalk session last year, you know that we get into the the nitty-gritty technical discussion fast and stay there for the better part of the hour. 

Check out the XenApp 5 TechTalk series!

Jo Harder

One of the new features of XenServer 5 is High Availability. Check out these screen shots to get a close up view of how to configure High availability in XenServer 5.

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

You can find much more information at www.XenServer5.com.

This is the first blog in a series of posts in which I will describe Citrix WanScaler operations within a Distributed Storage Area Network environment.
The purpose of this blog is to discuss the term "The Big Push" as it relates to Distributed Storage Area Networks. Distributed Storage Area Networks allow for corporations to provide local storage at Remote offices. These networks also provide remote users access to critical data in the event of a network outage.

Distributed SAN's are typically deployed in a multi-site configuration with one or more storage units located at each individual remote office, and with several clustered arrays residing at a central facility. In the example below, a corporation has it's headquarters located in San Francisco with remote offices in Chicago and New York City.

"The Big Push" is the process of the initial writing of data to a Storage Area Network array. The size of the initial datastore can be in excess of 1 terabyte. Because of this fact, "The Big Push" has been traditionally performed locally at a central facility over a high bandwidth Local Area Network where latency and bandwidth constraints are not a limiting factor. After the units have had data written to them they are then shipped to their respective remote locations and configured by local IT or contracted personnel.

By utilizing a WAN optimization solution between headquarters and the remote locations, corporations are able to deploy and complete initial configuration of remote SAN units over high latency, low bandwidth Wan links. Initial lab testing results show a significant increase in Wan performance when utilizing Citrix WanScalers between the HQ and remote sites. These results may present a compelling argument to many corporations to begin migrating from the traditional "Big Push" to a more distributed initial configuration which would eliminate the costs and logistical overhead of configuring centrally and providing support for the local installation of the remote storage units.

In my next blog post I will write about Snap-shots and how Citrix Wanscaler increases their performance metrics over a distributed environment.

As part of the XenServer 5 release, several new features have been added to XenCenter.

Here is a brief summary of the new XenCenter 5 features -

• Powerful, Self-healing Management Architecture

Unlike other management consoles, XenCenter distributes management data across servers in a resource pool to ensure there is no single point of management failure. If a management server should fail, any other server in the pool can take over the management role.

• Search, Sort and Tag

User-defined grouping and metadata tags allows simple, powerful searching and sorting capabilities across virtual machines, hosts and resource pools based on custom fields to help administrators easily identify and manage virtual infrastructure.

• Performance Monitoring and Trending

XenServer adds new enhanced performance monitoring, reporting and alerting dashboards that make it easy for IT professionals to see both real-time and historical views of virtual machines and physical host performance over long periods of time with virtually no storage or performance overhead.

• Physical to Virtual

Use the new XenConvert feature to move existing physical server workloads to XenServer virtual infrastructure in no time with. Tools are also available to convert other virtual machines to run on XenServer.

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

Visit XenServer5.com to see video demos of the new XenCenter and the other new features of XenServer 5.

I've had a great opportunity to travel the world this year and meet with a wide range of our customers and partners. I've been struck with the number of CIO's, IT Managers and Admin's who are consistent in their frustrations and questions around finding a better way to manage desktops. In one meeting with the IT team of a Japanese company with more than 100,000 employees, the CIO summarized this well with his comment, "We can't go on with the current desktop model as we need to reduce the overall cost of IT while continuing to deliver innovation to our businesses". I hear something similar to this in customers large and small across geographies and industries. This is a classic headache looking for aspirin IT challenge. The next part of the conversation generally turns into something like: "We know we have a problem, but how do we work our way out of this mess?".

VDI, What is all the fuss?

The cost and complexity of the current default model of: purchase personal computer's/laptop's, install standard operating environment, deploy with user, then patch/fix/secure & repeat is hitting the breaking point. Maybe this is just the edge of the pendulum swing between mainframe/dumb terminal to networked PC, but it's clear that there is a big "headache" today. Desktop Virtualization represents a new way forward that can be radically simpler than the current managed desktop model. The benefits of desktop virtualization are now within the reach of every organization. Customers deploying XenDesktop are seeing total cost of ownership per desktop reducing 10%-40% annually, time to value is pretty much instantaneous and information security is significantly increased.

After a recent customer event I had one IT manager ask me, "so for my 5,000 desktops I can use just one image of XP and manage 1 copy rather than 5,000? Wow, my management challenge just disappeared". With ah-ha moments like this, you can see why more and more organizations are making the move to centralized delivered desktops. The current economic headwind that businesses are facing is creating an opportunity for every company to take a look at current models and make large scale changes to emerge from this downturn in a stronger position. With this in mind here are a few principles and key points when considering Desktop Virtualization.

1) One size DOESN'T fit all

As we worked with customers to define and develop XenDesktop, we attacked the biggest pain point first -> the cost of delivering and managing desktops inside the company on the local area network. We partnered with a number of our hardware partners to build a new class of end user device called a Desktop Appliance - meeting a base level of capabilities to ensure a great user experience and options to increase capabilities over time. The Desktop Appliance combined with XenDesktop becomes the primary device for Office Workers and delivers a user experience better than a desktop PC.

Desktop virtualization can provide a user customized desktop for Office Workers; however it is an over-kill for task workers and does not address the needs of mobile workers. Task Workers include call center agents, retail clerks and shop floor workers, generally accessing a set of specific applications. A shared server based desktops (delivered by XenApp) combined with a traditional Thin Client device is the most secure and cost effective way to deliver applications to this group of users - 20 million task workers operate in this model every day. When you consider that a shared server can accommodate the needs to 300-400 users vs 30-50 virtual desktop users per server for VDI, the cost comparison is fairly straightforward. Mobile workers include sales execs, service personnel and executives who carry a laptop and need their applications with them on the road, both on and off the network. Application virtualization is the best solution for cutting down the cost of managing applications for mobile worker laptops. Citrix has a long history supporting mobile workers and now we have the only product, XenApp, that acts as a single application hub that can deliver line of business applications hosted from the data center and productivity applications like Microsoft Office streamed to run locally on the users laptop for offline use in locations like airplanes and at customer offices.

2) IAATHUX - It's All About the User Experience

I'm a virtual desktop (XenDesktop) user and it really is a fresh, personal & fast experience every time I log-in. My XenDesktop starts up faster than I can get a cup of coffee and absolutely screams when I launch and use applications throughout the day -> apps and data live close together on servers in the data center. Knowing there is no spinning hard drive or humming fans makes me feel good about reducing power and air conditioning in our offices. With anytime, secure remote access, I can work from home with my customized desktop when needed and not make unnecessary off-hours trips to the office. I have accessed my virtual desktop from all locations, broadband, our small regional sales offices, offshore during my international trips. With the EasyCall feature of XenDesktop set to make calls from the office, or the users cellphone or home telephone, I can be productive with voice and data access from anywhere - and see significant savings in my cellphone & telephone bills.

3) The Desktop: Just Another Datacenter Workload?

Server virtualization is primarily focused on the wringing efficiency from under-utilized servers. Virtualizing desktops, on the other hand, is more an end-to-end solution including servers, networks and client devices. Defining the desktop as Operating System + Applications + User Profiles is useful to highlight the key components. The dynamic assembly of these components and delivery as a service are critical to realize the cost advantages of desktop virtualization and improved user experience.

4) App Virtualization: Key to Succesful VDI

In much the same way that having a single copy of the operating system to be delivered to all users, application virtualization can deliver a single image of each application across a broad range of users. XenApp delivers applications on a hosted or streamed basis to virtual desktops (in addition to physical desktops). Keeping individual copies of applications for each user and maintaining these across users just doesn't make sense and destroys the cost benefits of desktop virtualization. Managing each application separately from the desktop image is the only way to make the virtual desktop projects cost effective.

5) Storage, storage and more storage - Why Storage is a Critical Factor

The first versions of early virtual desktop infrastructure seemed designed to increase IT's spend on back end storage. Virtualizing applications and managing them separately, as explained above, not only helps in cutting down the cost of desktop and application management but also becomes one of the key factors in reducing the storage requirements of the desktop images. In addition, this virtual desktop image along with applications should be dynamically assembled and provisioned into a virtual desktop on-demand at the time when a user logs on. XenDesktop has been architected to optimize storage requirements by dynamically assembling users' desktop at the time when they logon. The only unique storage required for each user is their profile and application data. This approach has unlocked the business case for Desktop Virtualization using any hypervisor - XenServer, Hyper-V or ESX.

6) Real distance, real networks

With the move to centralized data centers and more virtual workforces, the distance between users and their desktops and applications is increasing. Hence, the delivery of the virtual desktop is equally important regardless of where the end user is. Citrix has a long history with delivery applications over networks ranging from current high speed 1Gb networks with lots of bandwidth and low latency to the skinniest of networks with high latency and failure rates. Our larger customers operate with 10's of thousands of users operating across public and private networks built with wired and wireless network infrastructure from different network infrastructure vendors including Cisco, Juniper, Nortel and others. Since application and networking professionals have lots of hands on experience with Citrix traffic on their networks, we decided to have the same proven virtual delivery protocol, Citrix ICA, in both XenApp and XenDesktop.

7) Client Hypervisor - Fact vs. Fiction

Based on the strategy above, all task workers and office workers should have their desktops centrally hosted in the datacenter, enabling them to securely access their desktop from anywhere. For mobile workers, who need to work offline, I expect more innovation to come where IT can virtualize and stream full desktop images to laptops. Citrix is helping to make this a reality by working closely with the Xen.org, Xen Client Initiative (XCI) to create a fast and free embedded hypervisor for laptops, PC's and PDAs. XCI is an exciting and fast-moving initiative driven by all the biggest names in microprocessors, BIOS, PCs and laptop hardware. Because when it comes to client hypervisors, trying to build something proprietary and closed simply won't cut it. Anything that doesn't have broad, open and compatible implementation across the industry is likely to fail. An embedded client hypervisor will, of course, provide a foundation to deliver local virtual desktops. However, a client side hypervisor alone is not enough for IT to have a complete solution. At Citrix, we're working on a complete solution that integrates a client side hypervisor, application and desktop streaming, application and desktop hosting, and end user profile and context management - this complete solution will ensure that the mobile users can quickly get their personalized desktop and their applications available to them offline and IT can centrally manage the lifecycle of the desktop at lowest possible cost.

In our experience to date with XenDesktop in the market, I've been pleasantly surprised at both the level of interest and speed at which our customers are deploying virtual desktops. It seems that the headache with current desktop management crosses industries, geographies and customer size and that many of these organizations are reaching for the aspirin or already starting to breath a sigh of relief with their virtual desktops.

If you are interested in a third party evaluation of XenDesktop, check out this InfoWorld test by Paul Venezia:  http://www.infoworld.com/article/08/09/16/38TC-citrix-xendesktop_2.html

Gordon Payne,
Senior Vice President
Delivery Systems Division

Now that XenServer and XenCenter 5.0 have been released, we turn our attention to other things. One of those new projects is a PowerShell SnapIn for XenServer, which I'm pleased to announce today.

The new SnapIn is now available publicly, at http://community.citrix.com/cdn/xs/sdks.

Here are a few basic examples. Over the next few days, I'll post some increasingly interesting examples, to help you get a feel for the new SnapIn.

PS> Get-Credential | Connect-XenServer -url https://<servername>


PS> Get-XenServer:VM -name Debian | Format-Table uuid,name_label,is_a_template,power_state

uuid                name_label                is_a_template         power_state
----                ----------                -------------         -----------
2b676031-29b0-35... Debian Sarge 3.1                   True              Halted
b20f5359-1c5a-7b... Debian Etch 4.0                    True              Halted
9b14ee57-47fd-af... Debian Sarge 3.1...               False              Halted
04738c85-0bb7-ce... Debian Sarge 3.1                  False           Suspended
4b76320b-404b-0c... Debian Etch 4.0 (1)               False             Running
3e0982ed-0cfe-1e... Debian Sarge 3.1                  False           Suspended


PS> Get-XenServer:VM -name Debian -properties @{ is_a_template="false" } |
>>    Format-Table uuid,name_label,power_state

uuid                       name_label                               power_state
----                       ----------                               -----------
9b14ee57-47fd-afc6-e057... Debian Sarge 3.1 (1)                          Halted
04738c85-0bb7-ce5a-40bc... Debian Sarge 3.1                           Suspended
4b76320b-404b-0cdf-1583... Debian Etch 4.0 (1)                          Running
3e0982ed-0cfe-1ef5-7e5c... Debian Sarge 3.1                           Suspended


PS> Invoke-XenServer:VM.start -vm "Debian Sarge 3.1 (1)"
PS> Get-XenServer:VM -name Debian -properties @{ is_a_template="false" } |
>>    Format-Table uuid,name_label,power_state

uuid                       name_label                               power_state
----                       ----------                               -----------
9b14ee57-47fd-afc6-e057... Debian Sarge 3.1 (1)                         Running
04738c85-0bb7-ce5a-40bc... Debian Sarge 3.1                           Suspended
4b76320b-404b-0cdf-1583... Debian Etch 4.0 (1)                          Running
3e0982ed-0cfe-1ef5-7e5c... Debian Sarge 3.1                           Suspended

PS> Disconnect-XenServer -url https://<servername>

 I don't know about you, but I've always been frustrated when reading articles about DNS Server Attacks and they never explain exactly how they work.  It's obvious that such a thing would be a point of extreme interest to an attacker, but how do they do it??? 

 I interviewed Ben Tucker, XenApp Developer on the Guardian Security Team, to finally understand this thing.  Ben worked previously in the Gaming Industry creating and securing slot machines, communications protocols, and distributed systems.
 
Here is a picture of Ben:       

 
 Q: What is DNS?

 A: DNS is a computer protocol that translates human-understandable web names, such as google.com, into IP addresses.  It's basically a telephone book that answers requests from a client to get them to the web site they want.   A DNS server answers requests and forms them into IP addresses so connections can be made.  A DNS server might talk with other servers until an authoritative answer is received.

 Q: What are the basic vulnerabilities of this technology?

 A: The client computer does not authenticate that the server providing IP addresses is really the right DNS server.  Therefore, the client has no verification that they are talking to the right DNS server, or a malicious entity, such as evil.com.

 This vulnerability has been around for twenty five years.  To complicate this further, DNS is a layered protocol.  A client in one layer might be the server from another layer.  So, this vulnerability pervades computers that lack trusted and authenticated communications.
 
Q: What has been done to fix this long-known vulnerability?

 A: When DNS was designed the security landscape was far more subdued than it is now.  Different ways to exploit the lack of authentication have been found over time.  Likewise, a series of mitigations have been implemented.  Until the last decade, transaction IDs were ascending and predictable.  Six years ago, a related implementation error led to an attack on the DNS protocol using the mathematics of the Birthday Paradox.  Overall, DNS has been a fertile ground for exploitation.
 
Q: So the problem was solved?

 A: No.  The recent DNS debacle involves forcing large numbers of fake DNS replies to a caching resolver while simultaneously controlling a client computer's requests.  Having a client repeatedly look for a DNS server gives the attacker more of a chance to improperly present evil.com as an authoritative DNS server.  Once the attacker beats the proper server with a response, then bankofamerica.com may look and feel correct to the user, but that user would be giving logon credentials to another entity entirely.

 Q: Why has this been in the news lately?

 A: Dan Kaminsky, a well-known security researcher, recently uncovered this problem and came up with a mitigation.

 First he uncovered a platform agnostic exploit that poisons a DNS cache within seconds.  Then, before releasing this exploit to the public, he worked with major vendors including Citrix to provide patches mitigating the problem.  Kaminsky's mitigation randomizes the protocol's source port as well as the transaction ID.  Now, the random transaction ID's are associated with random source ports, creating a more difficult problem for attackers in these race attacks.

 Q: How can Citrix help with this problem?

 A: We have two KB articles that may be helpful.  Please see:
 Vulnerability in Access Gateway Standard and Advanced Edition Appliance firmware could result in DNS Cache Poisoning (CTX118183)Vulnerability in NetScaler and Access Gateway Enterprise Edition could result in DNS Cache Poisoning (CTX117991)

 Q: Does HTTPS help at all?

 A: Yes.  HTTPS ensures that traffic is encrypted end-to-end.  With HTTPS, browsers can more easily notify users if the site being contacted doesn't match the intended site, if the certificate has expired, or if the certificate doesn't have a clear chain of trust to a known Certificate Authority.

 Another suggestion for customers is to consider using an Intrusion Detection System (IDS) from a security vendor or reputable security source.  This should be setup to guard corporate DNS server's from attacks.
   

EdgeSight 5 for both XenApp and Endpoints was released last week with many changes, but for those of you who are already familiar with EdgeSight from it's 4.x days - you're probably wondering what those changes mean to you.  Today I'm going to cover what's changed; what's new; and give you a taste of some of the cool things you can now do with EdgeSight.

The first thing that will hit you when you access EdgeSight 5 are the UI changes.  Citrix has spent some serious time making their XenApp UI have a modern crisp feel, and EdgeSight is no different, but while dramatic, the new style is just the tip of the iceberg here.  EdgeSight 5 has thrown out the old navigation model in favor of a tab based approach which places the information you need right at your finger tips.  This navigation model is centered around common tasks such as monitoring performance, troubleshooting user problems and capacity planning.  While in EdgeSight 4.x you had the ability to access the detailed real-time information stored in the EdgeSight agent, doing so involved opening an Excel spreadsheet and working with the raw data.  While the Excel sheets remain for EdgeSight 5, most users will opt for the highly interactive Farm Monitor, User Troubleshooter and Device Troubleshooter. 

XenApp admins will find the Farm Monitor and User Troubleshooters particularly interesting.  The Farm Monitor provides a clear and concise view of all servers in the farm, follows the farm server hierarchy defined for the farm, and permits deep dives into exactly what is happening on the farm - in real-time.  Multiple farms are also no problem for the Farm Monitor as it seamlessly integrates all monitored farms into a single view.  The Farm Monitor is also where the EdgeSight 5 integration with the XenApp Health Check Agent occurs.  In contrast to previous EdgeSight versions, EdgeSight 5 ships with preconfigured alerts, and those alerts are tailored to the XenApp health check function.

Moving on to the User Troubleshooter, EdgeSight provides a simple report which provides access to every users' session; both for active and inactive sessions.  Working with this report couldn't be easier.  All that is required is the user name, the approximate time the session was created and optionally the application the user was accessing.  You enter the user name, and the report shows all the sessions for that user - independent of the server they are on, or their active status.  Simply select the session corresponding to when the session was created and begin your diagnosis.  In the event that multiple sessions were created at about the same time, the published application name is also shown.  From there you can access a wealth of information about the session including the ICA channel usage, startup experience and application performance.

Endpoint users should not feel left out with this release as they too gain a troubleshooter with the Device Troubleshooter.  In order to use the device troubleshooter you need only the name of the device.  Once the device is selected, detailed real-time information about the device, the applications running on the device and the network experience are returned.  Endpoint users also see all real-time functionality present in EdgeSight 4.x moved front and center with both the Trace Route and Process List moved to peers of the troubleshooters.

Moving past real-time functionality and into the realm of trending and capacity planning, EdgeSight 5 sees what is likely to be the biggest change.  Gone is the list of over 300 reports, a list that many customers found daunting.  In its place is a report list found under the Browse tab which contains just over 120 reports.  While it may appear on the surface that there has been a reduction in reporting, nothing could be further from the truth.  The new EdgeSight 5 reports allow users to do much more than the equivalent EdgeSight 4 report.  There are new grouping options and a third layer of data analysis with many reports now containing optional parameters.  When combined, these new features yield historical reports which are both richer and more interactive.  In addition to the new report structure, new reports have also been introduced exposing the new ICA data collected in EdgeSight 5.

Lastly, if you have ever wanted more than just the passive monitoring EdgeSight provided, look no further than Active Application Monitoring.  Built on the EdgeSight for Load Test functionality, this new feature permits you to define a series of synthetic actions and perform them on a pre-defined schedule.  If the desired SLA isn't met, alerts can be fired.  Deploying Active Application Monitoring script launchers in key departments and branch offices permits visibility into performance degradations before users experience outages.

Want to get your hands on EdgeSight 5 today?  As always your solution advisor is a fantastic resource, but you can also take the EdgeSight 4.5 EVA and upgrade it in place to EdgeSight 5.  There is an EdgeSight 5 EVA in the works, so stay tuned.  If you're attending Interop New York, or are in the New York area and can attend Interop, I will be showing EdgeSight 5 at the Citrix booth.  Please stop by and check it out.

I posted a blog earlier this year on running OCS 2007 on XenApp. Since that time, I've received many emails from customers telling me they've started rolling out OCS 2007 via XenApp in either pilot or production environments. Most of these customers are running IM and Presence with integration into office apps. For those who are still not sure about delivering OCS 2007 via XenApp, I have good news. Citrix Consulting Solutions team has documented a best practice guide detailing how to you can deliver Office Communicator with XenApp 4.5. Come download the Microsoft Office Communications Server 2007 Application Delivery Best Practices guide at: http://support.citrix.com/article/ctx118216

Well, the big launch of XenServer 5 has gone smoothly, and with it have arrived a flood of questions about how exactly the new High Availability functionality works.  I'll use this post to explain the overall architecture of HA in XenServer 5, and also how some of the fault detection and failure planning works.

Fundamentally, HA is about making sure important VMs are always running on a resource pool. There are two aspects to this: reliably detecting host failure, and computing a failure plan to deal with swift recovery.

Detecting host failure reliably is difficult since you need to remotely distinguish between a host disappearing for a while versus exploding in a ball of flames.  If we mistakenly decide that a master host has broken down and elect a new master in its place, there may be unpredictable results if the original host were to make a comeback!   Similarly, if there is a network issue and a resource pool splits into two equal halves, we need to ensure that only one half accesses the shared storage and not both simultaneously.

Heartbeating for availability

We solve all these problems in XenServer by having two mechanisms: a storage heartbeat and a network heartbeat. When you enable HA in a pool, you must nominate an iSCSI or FC storage repository to be the heartbeat SR. XenServer automatically creates a couple of small virtual disks in this SR. The first disk is used by every physical host in the resource pool as a shared quorum disk. Each host allocates itself a unique block in the shared disk and regularly writes to the block to indicate that it is alive.

I asked Dave 'highly available' Scott, the principal engineer behind HA about the startup process:

"When HA starts up, all hosts exchange data over both network and storage channels, indicating which hosts *they* can see over both channels; i.e. which I/O paths are working and which are not.  This liveness information is exchanged until a fixed point is reached and all of the hosts are satisfied that they are in agreement about what they can see.  When this happens, the HA functionality is 'armed' and the pool is protected."

This HA arming process can take a few minutes to settle for larger pools, but is only required when HA is first enabled.

Once HA is active, each host regularly writes storage updates to the heartbeat virtual disk, and network packets over the management interface.  It is vital to ensure that network adapters are bonded for resilience, and that storage interfaces are using dynamic multipathing where supported.  This will ensure that any single adapter or wiring failures do not result in any availability issues.

The worst-case scenario for HA is the situation where a host is thought to be off-line but is actually still writing to the shared storage, since this can result in corruption of persistent data.  In order to prevent this situation without requiring active power strip control, we implemented hypervisor-level fencing.  This is a Xen modification which will hard-power the host off at a very low-level if it doesn't hear regularly from a watchdog process running in the control domain.  Since it is implemented at a very low-level, this also covers the case where the control domain becomes unresponsive for any reason.

Hosts will self-fence (i.e. power off and restart) in the event of any heartbeat failure unless any of the following hold true:

• The storage heartbeat is present for all hosts but the network has partitioned (so that there are now two groups of hosts).  In this case, all of the hosts which are members of the largest network partition stay running, and the hosts in the smaller network partition self-fence.  The assumption here is that the network outage has isolated the VMs, and they ought to be restarted on a host with working networking.  If the network partitions are exactly the same size, then only one of them will self-fence according to a stable selection function.
• If the storage heartbeat goes away but the network heartbeat remains, then the hosts check to see if they can see all other hosts over the network.  If this condition holds true, then the hosts remain running on the assumption that the storage heartbeat server has gone away.  This doesn't compromise VM safety, but any network glitches will result in fencing since that would mean both heartbeats have disappeared.

Planning for failure

The heartbeat system gives us reliable notification of host failure, and so we move onto the second step of HA: capacity planning for failure.

A resource pool consists of several physical hosts (say, 16), each with potentially different amounts of host memory and a different number of running VMs.  In order to ensure that no single host failure will result in the VMs on that host being unrestartable (e.g. due to insufficient memory on any other host), the XenServer pool dynamically computes a failure plan which calculates the actions that would be taken on any host failure.

But there's one more complexity... a single host failure plan does not cover more advanced cases such as network partitions which take out entire groups of hosts.  It would be very useful to be able to create a plan that could tolerate more than a single host failure, so that administrators could ignore the first host failure and be safe in the knowledge that (for example) three more hosts could fail before the pool runs out of spare capacity.

That's exactly what we do in XenServer... the resource pool dynamically computes a failure plan which considers the "number of host failures to tolerate" (or nhtol).  This represents the number of disposable servers in a pool for a given set of protected VMs.

The planning algorithms are pretty complex, since doing a brute force search of all possible failures across all hosts across all VMs is an exponential problem.  We apply heuristics to ensure we can compute a plan in a reasonably small time:

• for up to 3 host failures, we do a comprehensive search which tries almost all permutations.  This covers corner cases such as having hosts or VMs with very different amounts of memory (e.g. 4GB vs 128GB).  Rather than calculate memory slots or otherwise approximate results, we just deal with them individually and give very accurate plans.
• for greater than 3 host failures, we make conservative decisions by approximating every VM to be as large as the largest, and considering each host to be the same as the most densely packed host.  We do not approximate the host memory, and so having pools with uneven amounts of host memory will be fine.  However, in approximate planning mode having a single very large VM will result in a low nhtol value.  If this is a problem, then try to reduce the nhtol or try to have a more even spread of VM memory sizes.

Since planning algorithms are designed for unexpected host failures, we only consider absolutely essential resource reservations which would prevent the VM from starting on the alternative host (e.g. storage is visible, and enough memory is present).  We do not perform CPU reservation on the basis that it can be optimised at a later stage via live relocation once the VM is back up and running.

Overcommit protection

We now have HA armed and a failover plan for our VMs.  But what if you want to make changes to your configuration after HA is enabled?  This is dealt with via overcommit protection.

The XenServer pool dynamically calculates a new failover plan in response to every XenAPI call which would affect it (e.g. starting a new VM).  If a new plan cannot be calculated due to insufficient resources across the pool, the XenServer will return an overcommitment error message to the client which blocks the operation.

The "What if?" Machine

This overcommit protection would be quite irritating if you have to keep trying things and seeing if a plan exists or not, and so we built in a "What If?" machine into XenServer to facilitate counter-factual reasoning.

When reconfiguring HA via XenCenter, you can supply a hypothetical series of VM priorities, and XenServer will return a number of host failures which would be tolerated under this scheme.  This lets you try various combinations of VM protections depending on your business needs, and see if the number of host failures is appropriate to the level of paranoia you desire.

This can even be done via the CLI, using the snappily named "xe pool-ha-compute-max-host-failures-to-tolerate" when HA is enabled.

The nice thing about XenServer HA is that it is done at the XenAPI level, and so  any of the standard clients (such as the xe CLI or XenCenter) or any third-party clients which use the XenAPI will all interoperate just fine.  The XenServer pool dynamically recalculates plans in response to the client requests, and so no special "oracle" is required outside of the pool to figure out HA plans.

Finally, HA makes master election completely invisible.  Any host in a pool can be a master host, and the pool database is constantly replicated across all nodes and also backed up to shared storage on the heartbeat SR for additional safety.  Any XenAPI client can connect to any host, and a redirect is issued to the current master host.

Protection Levels

Each VM in an HA pool can be either fully protected, best-effort or unprotected. VMs which are protected are all included in the failover planning, and if no plan exists for which they can all be reliably restarted then the pool is considered to be overcommitted.

Hugh Warrington (who implemented the XenCenter HA support) explained what use protection levels are:

"Best-effort VMs are not considered when calculating a failover plan, but the pool will still try to start them as a one-off if a host that is running them fails.  This restart is attempted after all protected VMs are restarted, and if the attempt to start them fails then it will not be retried.  This is a useful setting for test/dev VMs which aren't critical to keep running, but would be nice to do so in a pool which also has some important VMs which absolutely must run."

There are some advanced features which are only available via the CLI.   Each protected VM in an HA pool can be assigned a numeric ha-restart-priority.  If a pool is well-resourced with a high nhtol, then these restart priorities are not relevant: the VMs are all guaranteed to be started.

If more hosts fail than have been planned for, then the priorities are used to determine the order in which VMs are restarted.  This ensures that in over-committed pools, the most important VMs are restarted first.  Although the pool will start priority 1 VMs first, they might not finish booting before the priority 2 VMs, and so this should not be used as the basis for service ordering.

Note that it's very important to ensure that a VM is agile when protecting it by HA.  If the VM is not agile (e.g has a physical CD drive mapped in from a host), then it can only be assigned Best Effort restart since it is tied to one host!

XenCenter support for HA

The best practice for HA is not to make configuration changes while it is enabled.  Instead, it is intended to be the "2am safeguard" which will restart hosts in the event of a problem when there isn't a human administrator nearby.  If you are actively making configuration changes such as applying patches, then HA should be disabled for the duration of these changes.

XenCenter makes some common changes under HA much more user-friendly, which I asked Ewan Mellor (the principal GUI engineer) about:

• Normally a protected VM cannot be shut down via the CLI or from within the guest (a shutdown from within the guest will automatically restart it).  If you try to shutdown from XenCenter, it will give you the option of unprotecting the VM and then shutting it down first.  Thus, accidental in-guest shutdowns wont result in downtime, but administrators can still stop a protected guest if they really want to.
• If you want to reboot a host when HA is enabled, XenCenter automatically uses the hypothetical planning calculation to determine if this would invalidate the failover plan.  If it doesn't affect it, then the host is shut down normally.  If the plan would be violated, but the nhtol is greater than 1, XenCenter will give the administrator the option of lowering the nhtol value by 1.  This reduces the overall resilience of the pool, but always ensures that at least one host failure will be tolerated.  When the host comes back up, the plan is automatically recalculated and the original nhtol value restored if appropriate.
• If you try to apply a hotfix, then XenCenter will disable HA for the duration of the pool patching wizard.  It is important to manually keep an eye on hotfix application to ensure that host failures do not disrupt the operation of the pool.

So, I hope this short article has given you a taster... just kidding! This post is almost as long as my PhD thesis, but then, HA is a complex topic. Please do feel free to get back to me with comments and feedback about how we can improve it in the future releases, or if you just love it the way it is.  Many thanks to Dave Scott, Richard Sharp, Ewan Mellor and Hugh Warrington for their input to this article.

Citrix XenServer 5 allows you to take full advantage of all the powerful features of your storage hardware.

Virtual Storage Management in XenServer 5

Here are some screen shots of the new Storage Wizard -

(click to enlarge)

(click to enlarge)

(click to enlarge)

(click to enlarge)

Visit XenServer5.com to learn more and download the free XenServer 5 Express. You can watch a recored webinar on Virtual Storage management in XenServer 5 here.

Today many users access their productivity applications using multiple methods.  This includes installed locally, published and/or streamed via XenApp (either as the mechanism to publish the app on XenApp or directly to the end point client).  So who is tired of re-creating their auto-signatures over and over?  One of the challenges is making sure your auto-signatures always follow you no matter how you launch Microsoft Outlook (as well as your other Office settings).

We also need to consider the other application settings like toolbar settings.  In Office 2007, changes to the toolbar are saved to a .qat file.  Microsoft has more details on these Office settings - http://support.microsoft.com/kb/926805/en-us

The below paths are for WinXP and WS2003.  For Vista, use AppData\Roaming\... instead of Application Data\... AND use AppData\Local\... instead of Local Settings\Applications Data\...  Although keep in mind in most scenarios you do not want to 'roam' local settings hence the name.  You would add (or verify they already exist) the below files and folders (or just the parent folder to capture everything) to the User Profile Manager settings to have them tracked and managed.

Files

• Local Settings\Application Data\Microsoft\Office\Access.qat
• Local Settings\Application Data\Microsoft\Office\Excel.qat
• Local Settings\Application Data\Microsoft\Office\Olkaddritem.qat
• Local Settings\Application Data\Microsoft\Office\Olkapptitem.qat
• Local Settings\Application Data\Microsoft\Office\Olkdistitem.qat
• Local Settings\Application Data\Microsoft\Office\Olklogitem.qat
• Local Settings\Application Data\Microsoft\Office\Olkmailitem.qat
• Local Settings\Application Data\Microsoft\Office\Olkpostitem.qat
• Local Settings\Application Data\Microsoft\Office\Olktaskitem.qat
• Local Settings\Application Data\Microsoft\Office\PowerPoint.qat
• Local Settings\Application Data\Microsoft\Office\Word.qat
  
  

Folders (Outlook)

• Application Data\Microsoft\Outlook
  • There are a number of files here that control/track configurations such as auto-complete, send/receive settings and tools, utilities and other add-ins configurations/settings
• Application Data\Microsoft\Signatures
  • These are all your signatures in various formats
• Local Settings\Application Data\Microsoft\Outlook
  • This folder (and all those in Local Settings) can be tricky since it stores offline folders (OST) and Personal Folders (PST files).  You may want your PST files to follow you but pending their size this can be an expensive file to roam.  And you can imagine the situations that will arise when two or more sessions are active simultaneously for these types of files - last write wins will definitely be a factor here and thus lost emails in the PST files.  For this reason Local Settings should probably not be roamed unless you are absolutely sure it is safe for a particular application.  Use file exclusion here as needed.
    
    

Folders (Office in general)

• Application Data\Microsoft\Office
  • ACL files (Auto correct entries) - http://support.microsoft.com/kb/926927
  • PIP files (personalized toolbar and menu settings) - http://support.microsoft.com/default.aspx/kb/193006
• Application Data\Microsoft\Templates
  • These are your office template files such as normal.dot/.dotm for Word and blank.pot/.potx for PowerPoint etc.
  • Again be careful here when using multiple versions (e.g. Office 2003 and Office 2007) - mixing can result in unpredictable results.
• Local Settings\Application Data\Microsoft\Office
  • Keep in mind in most scenarios you do not want to 'roam' local settings hence the name.  You would want to do this very selectively on a file by file basis.
    
    

I expect I covered the key areas for ensuring your Office settings follow your users.  Please let me know if there is anything missing or overlooked.

This is the second blog in my series on Wan Optimization and Distributed Storage.
 
Remote Copy provides a powerful and flexible method for reproducing data and keeping that replicated data available for disaster recovery, business continuance, backup and recovery, data migration and data mining. For example in figure 1 the accounting department in Chicago runs a corporate accounting application and stores the resulting data. The designated backup site is in San Francisco. Nightly at 11:00 p.m., accounting updates are copied to the San Francisco facility using Remote Copy. Remote copying follows a three-step process.

1. Creation of a primary snapshot at the Chicago facility - this is called the primary snapshot, 2. Creation of a remote volume at the San Francisco office. Then you create a remote copy of the primary snapshot to the remote volume. 3. The system then copies data from the primary snapshot to the remote snapshot.

So, you ask "what is a snapshot?" A storage snapshot is a set of reference markers, or pointers to data stored on a storage area network (SAN). A snapshot is something like a detailed table of contents, but it is treated as a complete data backup.There are two types of snapshots - the first being the copy-on-write which creates a snapshot of changes to existing data every time the data is modified or new data is added to the volume. The second is split-mirror which creates a snapshot of all the existing data including the new and updated data. Copy-on-write involves the transfer of less amounts of data than the split-mirror method.

In a typical Distributed Storage environment Copy-on-write snapshots are scheduled for daily or weekly copies from primary to remote sites. These snapshots transfer data over a Wide Area Network and by utilizing Wanscaler Wan Optimization devices at both sites these data transfers are accelerated the time of complete transfer of the data is greatly reduced. In my next blog I will demonstrate Remote Copying within a Distributed Storage environment both with and without Wan Optimization to show the dramatic decrease in transfer times. 

In my next blog I will demonstrate remote copying and snapshots both with and without Wan Optimization via a video capture highlighting the results. 

One of the many new features of XenServer 5 is advanced integration with Storage Infrastructure. The Citrix XenServer Adapter for Dell EqualLogic integrates server and storage functionality on a single management interface and delegates tasks according to each platform's core strengths.

Achmad Chadran of Dell Equallogic blogged about this integration from VMWorld -

After you try out this integration with your own implementation of Dell Equallogic, you will understand why Achmad says this is a "very cool piece of engineering".

Peter Blum put together an excellent overview video that demonstrates this new integration with Dell EqualLogic.

(click to play)

http://www.equallogic.com/partners/CitrixDemo/xenserver_equallogic_demo_controller.swf

Robin Brandl (Microsoft Technology Evangelist for Citrix) was interviewed by Joey Snow of Technet Edge during the Microsoft getVirtualnow event in Bellevue, WA.

(click to play)

You are planning for a WANScaler implementation in your datacenter. For redundancy, you have multiple physical WAN Links and are planning to use the WANScalers in the simple "in-line" deployment in each one of the links.
While the WANScaler supports this configuration natively with the "group mode" feature set, network architects may wish to use an external link load balancing method instead. Depending on your network architecture, group mode can lead to additional traffic on the LAN side as network architects may not have the luxury of a separate network to handle the group mode related traffic .

This is where Citrix NetScaler can come to the rescue in a powerful way. NetScaler supports link load balancing capabilities that are well described in the product documentation. However, when designing for link load balancing with WANScaler in the picture, it is critical to ensure that the WANScaler appliances see all TCP segments associated with a connection in both directions. Therefore, special considerations need to be taken when designing link load balancing for WANScaler implementations:

(a) For connections initiated in the datacenter, it is critical that all TCP segments of the connections keep flowing over the same WAN link in both directions. This can be achieved by ensuring certain settings are applied (such as destination IP based persistency and the RNAT switch).

(b) For connections initiated from a branch office or a mobile user, the link load balancing decision must be made prior to the connection being actually established. This can be done by leveraging the DNS-based selection of NetScaler's Global Server Load Balancing capability (although we're not load balancing data centers in this example). Furthermore, once a selection is made by GSLB, the return packets must not be link load balanced, but must stick to the path selected in the GSLB step.

Sounds complicated? It's not too bad and to make it easier for you, you can read all about it in the Consulting Solutions design considerations article published here.

 
 In my last post, I discussed the importance of user experience -> It's All About The User Experience (IAATHUX) 
Our Access Gateway team has come up with a new look and
feel that is nice and clean.   I think this is much more intuitive and consistent with the experience across Citrix Delivery Center.   Notice that they are using plugin terminology in anticipation of App Receiver.

The desktop icon has changed from the "two rubic's cubes connected by a red pipe" to the simple and easy to understand lock symbol.   The rationale here is that secure access is not just about remote access but should secure connections onsite and offsite.

The thing I like the most with Access Gateway is that with auto-reconnect, I can just live in secure connected mode all the time.  At Citrix, we run open wireless networks at most locations, so I can just put my laptop to sleep and start-up in any location (including at home) and be assured a secure connection without having to do anything.  I just see the secure lock icon in my systray and the auto reconnect happen as I transit networks. 
 
With the advantages of de-perimeterization,
I think more and more users will appreciate this model. Check out the Jericho Forum, for more on this model.

Cheers,

Gordon

The Citrix Desktop Delivery Controller PowerShell SDK provides a snap-in, XDCommands, for the Microsoft PowerShell v1.0 framework. The SDK consists of a number of "cmdlets" that allow you to script many of the administrative tasks you may need to perform on a regular basis.

Step by Step setting up your PowerShell / XenDesktop environment

• Install PowerShell 1.0 on the DDC (Desktop Delivery Controller)
• Download and Install Microsoft .NET Framework 3.5
• The PowerShell SDK is located on the XenDesktop 2.1 CD in the ...\Support\DdcSdk folder. Run the installer XenDesktop_2_0_DDC_Powershell_SDK.msi

Installing the SDK registers the XdCommands snap-in assembly with the Microsoft PowerShell framework. The snap-in makes a number of new classes and "cmdlets" available to PowerShell scripts or interactive shell sessions.

To run scripts you may need to use the built-in "Set-ExecutionPolicy" cmdlet to adjust the PowerShell execution policy to a value such as "RemoteSigned"

• Start Powershell and set the Excecution Policy. Set-ExecutionPolicy RemoteSigned
• Change to the folder where the SDK is installed cd \Program Files\Citrix\Desktop Delivery Controller\Powershell
• Load the snap-in into the PowerShell  Add-PSSnapin XdCommands
  

Alternatively, use the installed PowerShell console file, XdCommands.psc1, to start an interactive PowerShell shell session with the XdCommands snap-in pre-loaded. Citrix provides a shortcut on the Start menu to start such a session. This shortcut also runs the "XdAliases.ps1" PowerShell script that sets up aliases for most of the SDK cmdlets. This shortcut will not function properly until the PowerShell execution policy, as described above, is set appropriately.

Help

Online help is available for all Desktop Delivery Controller SDK cmdlets. To obtain a list of cmdlets offered by the snap-in, run the built-in "Get-Command" cmdlet, as follows: Get-Command -psSnapin XdCommands
Online help for individual cmdlets is available using the built-in "Get-Help" cmdlet. For example, to view the online help for the "Get-XdDesktopGroup" cmdlet, run the following command: Get-Help Get-XdDesktopGroup
For an overview of all cmdlets provided by the SDK, view the "about_XdCommands" help topic. To view this information, run the following command: Get-Help about_XdCommands

Samples

Creating a new VM-based desktop group

This command creates a new VM-based desktop group, "testgrp", containing three machines, and published to all domain users.
$usr = New-XdUser 'domain users' -group
$cred = Get-Credential 'root'
$hs = New-XdHostingServer 'XDS01' $cred
$machineName= 'machine1','machine2','machine3'
#find all the VM machines in the pool
$allvms = Get-XdHostedMachine $hs
#Find the workers and set the AD identity to the correct machine
$dsk = $machineName | foreach { $vm=$_; $allvms | where {$_.HostingName -match $vm } | foreach { $_.Name = $vm; $_ }}
$hgs = New-XdGroupHostingSettings $hs
$ng = New-XdDesktopGroup -pub 'testgrp' -desk $dsk -user $usr -hosting $hgs

Adding a virtual desktop to an existing VM-based desktop group

This command adds a new virtual desktop, hosted by a VM, to an existing VM-based desktop group. Before adding a VM to the group, you must create a mapping between the VMs host ID and Active Directory ID. To do this, run the Get-XdHostedMachine cmdlet to obtain a list of host IDs for VMs and assign Active Directory IDs to those VMs.

# get all the groups whose name starts with 'test' (should be just one)
$grp = Get-XdDesktopGroup test*
# get all the workers whose friendly names have 'machine3' in them (should be just one)
$dsk= Get-XdHostedMachine $grp.HostingSettings.HostingServer -name *machine3*
# Set up the mapping to the AD name for the new Virtual Desktop machine
$dsk.Name = 'machine3'
$grp.Desktops.Add($dsk)
Set-XdDesktopGroup $grp

If host ID to Active Directory ID mappings have been created previously, run the following command:

Get-XdDesktopGroup test* | *%* { \[void\]$\_.Desktops.Add($(Get-XdHostedMachine $\_.HostingSettings.HostingServer \-name \*machine3\*)); $\_ }| Set-XdDesktopGroup

Logging off a user from all current sessions, after sending a warning message

This command displays a warning message to all users whose names start with "christian" before logging them off. Note that in this example there is specified time period (10 seconds) before logoff occurs.

# get sessions for all users whose names start with 'christian'
$sess = Get-XdSession -user christian*
# warn the user
Send-XdSessionMessage $sess 'Forced log off in 10 seconds'
Start-Sleep 10
#Then go ahead with the logoff
Stop-XdSession $sess

Adding a user to an existing desktop group

This command adds users in all groups whose names match "GroupName" to an existing desktop group.
# get all the groups whose name matches 'GroupName' (should be just one)
# Note could also be written as:

#  $grp = Get-XdDesktopGroup GroupName
$grp = Get-XdDesktopGroup | ? {$_.Name -match "GroupName" }
$Usr = New-XdUser "UserName"
$grp.Users.Add($Usr)
Set-XdDesktopGroup $grp

Simon Crosby, CTO of the Citrix VMD Division, did an interview with Brian Ducharme of Virtual Strategy Magazine during VMWorld to review the Citrix announcements during the event.

Here are the Citrix press releases from the event -

Citrix Unveils Cloud Computing Strategy and Product Line

Citrix and Marathon Partner to Bring World Class High Availability and Fault Tolerance to Citrix XenServer

XenServer 5 Changes the Game in Server Virtualization with Unprecedented Reliability, Openness and Ease-of-Use

(click the link to play - there is a current issue with embedding videos)

http://www.virtual-strategy.com/mambots/content/plugin_jw_allvideos/jw_allvideos_player.swf?file=http://www.virtual-strategy.com/video/20080915_Citrix.flv

During a recent presentation I gave to one of our alliance partners, an interesting question came up during the discussion - How can a commercial software company build a business based on open source software? After the question was asked, I saw many heads nodding in agreement. On the surface, this question may appear to be difficult to answer.

An excellent way to answer this pressing question can be found in a very intriguing book called Wikinomics. There is a story in the opening chapter about GoldCorp, a gold mining company. The story of the GoldCorp Challenge highlights the power of working with a very diverse group of people to take innovation and creativity to new heights. Rob McEwen of GoldCorp used that creativity and innovation to build a very successful business.

Read this short excerpt from the opening chapter - 

Open source, wikis, blogging and other new forms of mass collaboration like MIT OpenCourseWare, Innocentive, NineSigma, and YourEncore are discussed in depth in Wikinomics.

Reading this book gave me a much firmer grasp on the real power of building a business by massively collaborating with others to mine for the golden nuggets of creativity and innovation of the open source Xen community. Citrix is able to use those golden nuggets to craft a fully supported and managed commercial software product and business.

Whether you attribute the original quotation to Benjamin Disraeli, Mark Twain, or your old Uncle Sol, you're probably familiar with the old adage about how the interpretation of statistics can be used to make the truth, er, pliable.

A great recent example of this is the interpretation by Parallels' Corey Thomas of a recent IDC report tracking software virtualization revenue.  In his analysis, he takes great pride in the fact that Parallels ranked ahead of Microsoft (and Citrix) in the report -- and second to VMware,  once you are "eliminating mainframe and UNIX players IBM and HP."

But this particular view of the world is designed to support a skewed interpretation.  Why?  Let's see...

• First, the elimination of IBM and HP doesn't necessarily hold water. It's not clear if they are on the list because they offer hypervisors for mainframes and UNIX boxes -- or if it's because they offer products like HP's Virtual Machine Manager (which supports Citrix XenServer, among other virtualization platforms) and other management tools.
• To move Parallels to the top five, one has to decide that certain platforms are relevant (not only PC desktops and servers but Mac desktops and servers too), but others are not (mainframes, SPARC, Itanium, Power).
• More important, one needs to determine that certain types of virtualization are relevant (not only server virtualization and client/endpoint virtualization, but also server-based OS virtualization -- but NOT the huge sales and installed base of server- and client-side application virtualization represented by Citrix XenApp.

When you look at the real picture for IT organizations -- server virtualization, desktop virtualization, and application virtualization on industry-standard x86 servers -- a different story emerges.  But it's not one that looks particularly strong for Parallels, since their strengths are in the hobbyist and developer market (for Parallels Desktop for Mac) and in the hosting provider market (for Virtuozzo -- and who knows what else -- are they counting control panels like Plesk and Sphera?)... While they've announced server virtualization products, they've only released on the Apple XServe running MacOS X, hardly a mainstream enterprise technology.

The choice, then: consider the hundreds of thousands of enterprises using key virtualization technologies -- server, desktop, and app virtualization on the industry-standard x86 platform -- from Citrix... or, like Lewis Carroll's Humpty Dumpty, work the numbers by working the definition of "virtualization" -- as long as "it means just what I choose it to mean -- neither more nor less."

There is just about seven weeks left until the next PubForum event is upon us. The XI PubForum is going to happen on November 7 - 9, 2008 in Nice, France. You know the PubForum event planners are always picking some of the greatest places to have this conference. If you have ever been to Nice, France then you know what I mean, but if you haven't, then you are in for a real treat.

This year's Nice event is only going to have 90 seats available, so if you are thinking about attending this event I wouldn't waste to much time, as these things tend to go very very quickly. If you have never heard about PubForum and want to know what it's all about, please check their website for more information,

http://www.pubforum.info/welcome/PubForumEvents/PubForum2008Nice/tabid/74/Default.aspx

The current agenda is still being put together but here is the quick overview:

Conference Topics - about 20 sessions delivered by true SBC and Virtualization Experts, Citrix, Microsoft and other companies - uncensored, community friendly no sales stuff:

Citrix XenApp, XenServer, XenDesktop, NetScaler, WanScaler
Microsoft Terminal Services Windows 2008
Citrix Virtualization
Microsoft Hyper V Virtualization
Vmware Virtualization
Case Studies, Best Practices, Alternative Products
System Monitoring and Performance Optimization
Profile & User Management
VDM
VDI

It's that time in the XenApp world again... Migration.  With the release of XenApp 5, many of you are contemplating a migration.  Why is migration such a big deal? I've heard numerous reasons like "It takes a long time to test my applications with the new XenApp (especially true if there is a new operating system involved)", "It takes a long time to rebuild my servers as I have to update my server build scripts" or "My current XenApp environment works fine, so why change it".

Those were all good points a few years ago.  But with the enhancements and optimizations made on XenServer for XenApp virtual machines, it is a great time to test server virtualization for XenApp to simplify migration.  And if we virtualize the XenApp servers, migration to XenApp 5, 6, 9, 11 or even XenApp 243 will be even easier (of course we will have changed the product name a few times. Let me hear a Hallelujah for HomerFrame or XenHomer).

But if we are going to migrate to XenApp 5, why not make the migration easier. Just how will XenServer make migration easier?  That is a great question, and I'm glad I asked it

Hardware
First, part of a new XenApp version means organizations will have to update their server builds.  Many of the server builds I've seen are complex scripts or require many manual changes once the build is complete.  Many times, there are multiple builds because of differences in the underlying hardware.  With XenServer , the links between the OS and the hardware are cut resulting in the ability to create a single build that can span multiple hardware variations.  How many fewer images will you now have to maintain?  Simplified

Optimization
With XenApp, you want to get the most users out of  your hardware.  This has been true with previous versions, is true with XenApp 5 and will be true in the future versions.  With a new OS and a new XenApp, do you have any idea how much hardware you need to support your users for the different application sets?  This is a challenge, especially when trying to design the new environment.  When you designate a server for a certain function, it is awfully hard to change the server's function, unless you virtualize.  With XenServer, you can make a virtual machine into anything you want.  You can move the running virtual machine to another physical server without the users ever knowing.  With XenServer and XenApp, you are no longer stuck in your static environment; instead, you are dynamically changing the environment based on the needs of the business. Simplified

Maintenance
How many of you like spending your days patching servers?  Not many.  Unfortunately, with each piece of software, there will undoubtedly be patches. With physical servers, you have to patch each server. With server virtualization, you still have to patch each virtual server.  But with XenServer Platinum, you only have to patch your base image, which is delivered to the virtual server via Provisioning Server.  If I have one XenApp image for SAP and another XenApp image for all of my other applications, I only have to patch both of those images.  Those images are then streamed to hundreds of physical or virtual servers.  Simplified

Evaluate
How could we do a migration without evaluating the apps and OS and XenApp configuration? This is critically important, especially if you are upgrading to a new OS like Windows Server 2008. With XenServer Platinum, the evaluation and testing phase is simplified.  How do you typically do this?  Well, you build the environment in a test lab.  You run test, modify, re-test. The cycle continues until a golden image is created.  That image must be used as a guide for rolling into production.  If you use scripts, you have to figure out how to script the build process to mimic your image.  If you use cloning solutions, you have to modify based on hardware.  If you use Provisioning Server, which is part of XenServer, you take your server, create a Provisioning Server image, and copy the image to production for delivery.  Simplified.   

Rollback
Let's say you upgraded without doing a proper test (shame on you).  As it turns out, one of the applications, which unlucky for you, is mission critical and is not working correctly.  What do you do?  Well, you have a few options:

• Try to troubleshoot and fix. You will be under the gun to get it fixed quickly as the business needs the application.
• Rebuild the physical server with the old setup. This will take a few hours for the build to complete and configure the applications.
  

Neither of those options sounds good to me.  Instead, if the environment was virtualized with XenServer Platinum, you would easily be able to change the version of XenApp delivered based on the Provisioning Server image you associated with each target device.  Simplified

XenServer for XenApp can simplify migrations by focusing on the areas of Hardware, Optimization, Maintenance, Evaluation and Rollback (This is what I like to call the HOMER Criteria).   It's a great way to get more done without working harder.  You get the migration done faster while providing a more dynamic environment for the business. 

Daniel

I recently recorded a video session with Tim Bardzil and Eric Wolf, two team members of the Citrix Wanscaler Product Marketing group. The video is a Frequently Asked Questions session on the Citrix Systems Branch Repeater. This video can be used to address some of the common hardware and feature capabilities of the Branch Repeater.

Watch this video tip

This years bi-annual PubForum event is in the heart of the french riviera, Nice, France on Nov 7 - Nov 9. The event will be held at the Novotel Nice Center. There are special rates for attendess who are staying at the hotel for the event.

http://www.novotel.com/novotel/fichehotel/gb/nov/1103/fiche_hotel.shtml

The Novotel Nice Centre is a 3 star hotel in the heart of Nice, near the Acropolis convention centre and moments away from the old city. The hotel offers 180 airconditioned rooms, a restaurant and a bar as well as five conference rooms for your meetingsand seminars for up to 130 people. This 3 star hotel is equally suited to a business trip or a holiday in Nice with your partner or family. Guests also enjoy the benefit of a public car park and swimming pool with panoramic views.

8/10 Parvis de l'Europe
06300 NICE
FRANCE
Tel (+33)4/93133093
Fax (+33)4/93130904
GPS. N 43° 42' 28.21'' E 7° 16' 55.01''

If you are looking at attending this event, please remember that there are only 90 seats available, and they usually dont last to long, so if you are interested in attending, I would suggest you act quickly.

It has now been two years since I started blogging. Most of the early posts were based on documenting Citrix history. More recent posts tend to wander many more recent Citrix related topics.

Here is the list since the last update:

• Single User ICA Server - Citrix Product Idea 431
  Idea submitted to Citrix Product Ideas Database to build single user version of ICA.

• ICA Stream - Citrix Product Idea 187
  Another idea related to treating ICA like a streaming protocol.

• Informal VDI Poll
  Simple poll about why customers would use VDI.

• Why not choose VDI?
  Another poll about why customers would not use VDI.

• The Next 5000 Days of the Web
  Insight into what might come to the web in the next 5000 days.

• Wandering Desktops
  Exploring the idea of desktops isolated from the underlying hardware.

• Citrix XenDesktop iPhone Demo
  Presenting the Citrix iPhone demo with a poll about whether we should do a client.

• Shawn Bass at Geek Speak Live 2008
  An investigation into what really happened at Geek Speak with Shawn Bass VDI presentation.

• Application Virtualization Roundup
  A decent summary of the players in the application virtualization space.

• Citrix Logos
  The Citrix logos over the years collected in one post! Very much in the history category.

• InfoWorld XenDesktop Review
  Outside opinion about XenDesktop from InfoWorld.

• DayJet Stops Flying
  It has happened. DayJet is finished.

• Trout on Strategy
  Jack Trout shares his marketing wisdom with the world.

I really enjoy using WordPress and that is one of the biggest reasons why I do not blog here. Another major reason is that I get full control of content.

Instead of pointing out what I think are the most relevant posts, I'm hoping that the brief summaries will be enough.

Paul Venezia, senior contributing editor of the InfoWorld Test Center, recently posted a review of Citrix XenDesktop. Paul writes "The future is bright for VDI and, thus, for XenDesktop". He goes on to say "Citrix has married VDI to its existing stable of application and desktop delivery mechanisms, and it continues to leverage the stellar ICA protocol to assist in speed, user experience, and manageability" (emphasis mine).

The review evaluates Citrix XenDesktop on five categories - Management, Performance, Scalability, Setup and Value. Overall, Paul rates XenDesktop solution as "Very Good".

Read Paul's full review here.

Frank Anderson on the XenDesktop team has created a few screencasts covering the features of XenDesktop. You can watch his short screencast covering the provisioning and lifecycle management features of XenDesktop here. Frank's screencast on user experience is available here

Download the free XenDesktop Express Edition here

In a previous post, I embedded a presentation (thanks to SlideShare.net) that briefly reviewed the new server virtualization features of Citrix XenServer 5.

This next embedded presentation dives down into more technical detail for each of the new features.

You can find much more information at www.XenServer5.com.

This next embedded presentation dives down into the technical details of how live migration of a virtual machine happens with XenMotion.

You can find much more information at www.XenServer5.com.

Here is a code sample which will clone a virtual machine from a given template. I have also shown how to get the "MAC Address" of the newly created VM. Here is sample usage of the code

CreateClone <IP Address of XenServer> <UserName> <Password> <Template>

/// <summary>
/// Clone a Virtual machine from a template and determine virtual machines mac address.
/// </summary>
    public class Program
    {
        public static void Main(string[] args)
        {

            // Host information necessary to get started
            string hostname = args[0];
            int port = 80; // default
            string username = args[1]; ;
            string password = args[2];
            string template = args[3];

            // Establish a session
            Session session = new Session(hostname, port);

            // Authenticate with username and password. 
//The third parameter tells the server which API 
//version we support.
            session.login_with_password(username, password, API_Version.API_1_3);

            List<XenRef<VM>> vmRefs = VM.get_by_name_label(session, template);
            if (vmRefs.Count == 0)
                System.Console.WriteLine("Template not found");

            foreach (XenRef<VM> vmRef in vmRefs)
            {
                if (vmRefs.Count == 1)
                {
                    VM vm = VM.get_record(session, vmRef);
                    System.Console.WriteLine("Cloning VM '{0}'...", vm.name_label);
                    XenRef<VM> cloneVMref = VM.clone(session, vmRef,
                    string.Format("Cloned VM (from '{0}')",vm.name_label));
                    System.Console.WriteLine("Cloning VM '{0}'... Done", cloneVMref.ToString());
                    VM.provision(session, cloneVMref);
                    VM CloneVM = VM.get_record(session, cloneVMref);

                    foreach (XenRef<VIF> vifref in CloneVM.VIFs)
                    {
                        System.Console.WriteLine(VIF.get_MAC(session, vifref));
                    }
                }
                else { System.Console.WriteLine("More then one VM Template found with same name"); }
            }
        }

    }

On the other note XenServer 5.0 SDK has been released on the CDN and you can download the sample codes here

Please let me know what other samples would you like to see on the CDN regarding XenServer. If we had to do a webinar on XenServer API what would you like to hear about?

Special Certification Offer for Partners - Implementing Citrix XenApp 5.0 for Windows Server 2008 exam at NO COST, select other exams 50% OFF

Citrix Education offers partners the opportunity to get Citrix certified during Summit!  Partners can take the latest certification exams at our on-site testing center at a 50% discount and take the newest CCA for XenApp 5 exam at NO COST!

Partners, reserve your spot today and take advantage of this SUMMIT ONLY offer. Seating is limited and will be assigned on a first come first serve basis to those partners registered to attend Summit. For more information on this special offer and to pre-register for an exam, click here.

UPDATE: You can see the second post (and presentation) in this series at this link.

The XenServer posts with technical presentations embedded (here and here) have been very popular. This next presentation dives down into the architecture and functioning of XenDesktop.

This presentation does have several slide notes that provide additional detail. You can view the slide notes here

Frank Anderson on the XenDesktop team has created a few screencasts covering the features of XenDesktop. You can watch his short screencast covering the provisioning and lifecycle management features of XenDesktop here. Frank's screencast on user experience is available here

Download the free XenDesktop Express Edition here

Does my per-user RadeCache content for Application Streaming follow me from machine to machine?  Given you are using Roaming Profiles, Flex or even ... Citrix User Profile Manager, this is an important question for administrators. 

The answer is more complicated than a single sentence.  Here's a shot at it from a few paragraphs.

Consider the "layers of glass" with Application Streaming and Isolation.  The "per-user level" physically resides in a per-user space of the true disk.  It is here, on purpose so that it can roam with the user from machine to machine.  The details though are more involved.

The user content for any given user consists of two components, the files and the registry.  They exist at these locations.

• Files:         %APPDATA%\Citrix\Citrix\RadeCache\GUID * (not really, read on)
• Registry:    HKCU\Software\Citrix\RadeCache\GUID

NOW - The above is not the whole story.  The above USED TO BE the whole story, but we've changed it for Vista and in Streaming Client 1.2, for Windows XP and 2003 also.

Some customers like to redirect APPDATA to network servers and since the isolated disk top layer is accessed "alot", as Streaming folks, we don't want anything in the isolation stacks to actually be redirected off of the local machine.   Does the isolation system support redirecting to a network server, sure.  Do we want that to actually happen?  No.  Doing such would have bad effects on performance of the app, not to mention being a good network citizen to avoid putting all that file traffic onto the network server.

With Streaming Client 1.2 (XenApp 5.0), the location of per-user disk storage is moved; the registry location is left alone.

New locations are:

• Files:         %LOCALAPPDATA%\Citrix\RadeCache\GUID *
• Registry:    HKCU\Software\Citrix\RadeCache\GUID

But wait, there's more.  While LOCALAPPDATA exists in Vista, it doesn't exist in Windows XP. The directory space however does and is accessed in the same location for both XP/2003 and Vista/2008.

Notice that when you go look on your own machine, the expanded %LOCALAPPDATA% has hidden parts.  Example: "%USERPROFILE%\Local Settings\Application Data".  The last two directory levels here are HIDDEN, so they don't show up with the default Windows Explorer.
Here's the per-user DISK storage on my notebook:

Each of the listed GUIDs represents the disk storage for the per-user applications (profiles) of whatever applications my administrator has published to me.  

WHAT IS IMPORTANT

The per-user disk files are no longer part of the default roaming profile and this means that there is a window of trouble.  The per-user registry IS part of the roaming profile, but the per-user FILES are not.  AHH!  I see trouble on the horizon batman!

Notice that this is done to allow redirect of APPDATA while keeping the RadeCache data from being accessed across the network.  The downside is that now, without a little work, the per-user file storage will not be carried as payload during roaming.  A necessary evil. 

Solution is to manually add the App Streaming per-user RadeCache location to the list of directories that should be roamed for users during logoff/logon.

WHY WAS THIS DONE?

Each time an isolated application accesses a file from an isolated location (Say \Windows\System32), the isolation system has to first check if that file exists in the higher layers of glass.  It starts with the per-user space and the answer is almost always that the file is not there.  Still, it looks.  This act of "looking" is cheap on a local hard disk, but it is dreadfully expensive if the per-user layer of isolation is redirected to a network. 

Generally speaking, executable content shouldn't be in the per-user space and you as an admin can even enable settings during publishing to completely prevent this (user profile security).  Still, the disk accesses will be occuring and chewing up performance. 

The less of the available evils was to keep the per-user file space from being redirected to network and this means using LOCALAPPDATA rather than APPDATA for per-user file cache storage.  This allows APPDATA to be redirected, while retaining performance for isolated applications.  The downside is that there is a new directory that has to be added to the sync list when logoff/logon.  Please do that last part...

Joe Nord

     
In my last post, I discussed the new look and feel for our Access Gateway user experience.   Most of the focus was about the consistency of user experience across Citrix Delivery Center.   Well, the WANScaler product team has done the same with the Accelerator client plug-in. The Accelerator desktop icon is pretty cool...



The real value of Accelerator is that it makes things go faster (hence the name, gotta love those creative marketing folks ).  

In my job, the biggest kick that I get with Accelerator is when I transfer files from my laptop to my V: drive on the network.   First pass on a big Powerpoint presentation download can take a couple of minutes across the world, but then after a few tweaks to the file, the upload  takes less than 10 seconds.  There is no way that I'll ever let someone take this away from me.  

The performance improvement is a result of Delta compression where only the changes are re-transmitted.  The running joke is that we'll improve this someday and call it Gamma compression.

The geek in me has fun opening the Accelerator Manager window and watching  the Performance page. The more light blue in the graph the better.  Here, it's making my home DSL line feel like I'm in the office on the LAN.

Accelerator integrates with the Access Gateway client so that you get the combined benefit of a fast and secure connection when you are remote.  Although, I run in this mode on our open wireless network when in the office as well. More on this some other time...

With the Accelerator icon running in my systray, I know that WANScaler and the Accelerator client plug-in are quietly working in the background to make my experience "LAN-like" everywhere I connect.

Go Fast!

Gordon  

There is an interesting debate going on over on the Google cloud computing group that also helps point out some of the appropriate use cases for cloud computing. The example used is a simple comparison of Amazon EC2 vs. purchasing a set of servers for development purposes ( I have added some additional costs and scenarios below ) This example also assumes the servers fit in existing space and either environment would be managed by existing staff.

 On the surface it's apparent that EC2 is significantly more expensive if the set up is utilized 24x7x365, even a 40 hour week yields a slightly higher cost. So where is all the savings ? What's all the hype about ? This simple example does point out that the Cloud is not always a more cost effective solution it really comes down to what is the particular use case and alternative costs. For example if there is no space available or the existing space has reached the power limits of the facility ( a more common occurrence ). That means that the likely scenario is finding a Colo facility to provide space power and bandwidth. Depending on location and bandwidth usage this could easily cost $8,000+ per year plus additional remote administration hardware and service fees, effectively increasing the annual cost of purchased equipment to near $ 14,000. Although this option is still less than Amazon if utilized 24x7x365, it now is significantly more than the cost of the 40 hour week at EC2 which may be reality for a development environment. And if you only need the setup for a month of dev or testing Amazon becomes a no brainier.. put on your credit card !
What both examples point out are the fact that there is no single answer. In fact the right answer for many companies might be premise plus cloud. In order for this to work for a single workload however a seamless connection would be required, recognizing this has led to the Citrix Cloud Bridge based on our WANScaler acceleration technology. In fact, Citrix is in the unique position to be able to assemble the prerequisite technologies that make the C3 Citrix Cloud Center an optimized solution for many scenarios.

There are many other pro's, con's and hidden costs of each option, I am interested to hear what the community has considered regarding Cloud economics and/or other factors.

Part 2 - Premise Plus Cloud

Part 3 - Reserved Pricing

Part 4 - Amazon EC2 vs Terremark vCloud

http://twitter.com/chrisfleck

Over at Shannon Ma Virtualized I've recently blogged about using the XenServer 5.0 SDK to take and revert snapshots. Check out the post here.

Provisioning Server 5.0 was recently released. Provisioning Server 5 is included in the Platinum versions of XenServer 5 and XenDesktop.

See earlier posts (here here and here) for other deep dive presentations.

One of the unique new features of Citrix XenApp is Smart Auditor. The Smart Auditor feature of Citrix XenApp gives you the ability to capture all application screens of specific users or applications based on a number of different factors. This information can be used for compliance, activity monitoring and problem resolution. This presention goes under the cover of the Smart Auditor feature to give you an inside look.

(click here to see the presentation in full screen)

You can learn more from the Smart Auditor's Administrator's Guide.

EdgeSight Monitoring for Citrix XenApp provides health and availability monitoring, problem diagnosis and trending analysis for your Citrix XenApp farm. This presentation gives you greater insight into how EdgeSight works and what it can do for you XenApp farms.

(click here to see the presentation in full screen)

You can get instructions on how to download the EdgeSight Evaluation Virtual Appliance here. Teh EdgeSight Install Guyide is here and the Admin Guide is here. You can also check out the EdgeSight Application Monitoring Guide here.

XenApp enables IT organizations to reduce the costs of delivering applications by centralizing management, security and control of apps and data. Application virtualization technology provides a flexible application delivery system that can select the best method to deliver an application dynamically, based on the user, application and network.

This next embedded presentation digs down much deeper into the application virtualization technology included in Citrix XenApp 5.0 .

(click here to see the presentation in full screen)

You can download the Delivery and Streaming Best Practices document here and the Office 2007 Profiling document here. The Administrator FAQ is here and you can find a Troubleshooting document here.

You can download a complete virtual appliance of Citrix XenApp 4.5 at this link.

From what I've heard and read in the past few weeks, one of Citrix's competitors has made it clear that they are now very focused on desktops. Not that we needed announcements from them to learn that, given how they responded to the Citrix XenDesktop 2.0 release earlier this year.

But let's be frank about VDI. Let's not act like it's more than it really is. If Citrix learned anything from its customers at Citrix Synergy in May it's that customers don't believe that VDI is solution for 100% of a company's desktops. The good news for these customers is that Citrix agrees.

VDI is a tool, much like a hammer. But a hammer can't do everything. I ought to know. I've been called "Hammer" since I was a kid, and I learned long ago that I can't do everything.

But when one needs to put a nail into wood, nothing beats a good hammer. Well... except maybe a nail gun. In fact, if VDI is like a hammer, then VDI combined with a storage consolidation solution is like a nail gun.

The first VDI solution that provided storage consolidation was Citrix XenDesktop 2.0, which is why the industry responded so greatly to the XenDesktop 2.0 release.

The competition is close to releasing their version of a VDI storage consolidation solution. So soon the market will have two nail guns to choose from. However, Citrix and its competitor took varying technological approaches to "turn a hammer into a nail gun".

If you have any familiarity with power tools, looking at the difference between electric and compressed air nail guns is a good way to understand the difference between Citrix and its competitor's storage consolidation solutions.

Quite simply, the force that propels the nail in an electric nail gun is electromagnetism. While the force of electromagnetism is certainly capable of doing the job, unfortunately the investment in an electric nail gun is limited. That is to say, the only useful purpose the electromagnetism used within an electric nail gun has is its ability to pound in a nail. Your investment in an electric nail gun provides no benefit to you when you need to do something other than hammer a nail. The electric nail gun is similar to the approach the competition took in their storage consolidation.

Citrix's solution on the other hand is like the compressed air nail gun. Not only is the force of compressed air capable of pounding in a nail, but the air compressor that powers the nail gun can power many different tools other than just the nail gun. The air compressor can power wrenches, drills, sanders, grinders, power washers, and even painting tools. In fact, users of power tools prefer the compressed air tools because they are lighter (less overhead) and more powerful (more efficient) than those powered by electromagnetism.

Citrix Provisioning Server is the air compressor in Citrix's nail gun (Citrix XenDesktop). Just like an air compressor can be hooked up to different tools, Citrix Provisioning Server can also be used as the force behind other Citrix tools, such as XenServer, XenApp, diskless PC solutions, and even load balanced web applications. And much like the air compression powered tools, the Citrix tools powered by Provisioning Server require less overhead and are more efficient.

But let's not get into a head to head battle between the two storage consolidation technologies. We could, but there will be plenty enough articles and blogs about the technologies. Let's take a step back from the technology and look at the differences between who is trying to sell you what.

The problem with the competitor's storage consolidation solution is not the technology. To be fair, the technology they use in its storage consolidation is actually quite good as well, although it does have its limitations and issues (but what technology doesn't?).

The problem with the competitor's solution is the epitome of the old cliché "when all you sell is a hammer, everything looks like a nail". Not every customer needs to drive in a nail, yet to the competition every customer looking for a better way to manage desktops looks like a customer who has nails to pound, when in reality a customer may have only a 20% need for pounding nails. What if the other 80% of their need would be best served by a different tool?

The fact of the matter is there are numerous approaches to delivering desktops. Only one of those ways is VDI. And there are use cases where VDI is the most appropriate. Then there are use cases where the Terminal Services method is most appropriate. Then there are cases where the diskless PC/network boot solution is most appropriate. In fact, there are cases where the traditional desktop method is most appropriate (assuming application management tools are being properly used). The virtual machines method (whether it be remote, like VDI, or local) is but only one type of desktop tool, yet the competition wants you to use virtual machines (remote or local) 100% of the time.

The competition's limitation to virtual machine solutions becomes even clearer when we look at their new VDI storage consolidation solution. Only virtual machines can benefit from it. It's of no use to other methods. And really, the truth is why would we expect it to benefit any other methods? Virtual machines is all they do.

But don't let them keep you from thinking outside the virtual machine box. There's far more to managing desktops than just replacing them all with some form of virtualized machine. Instead, use the right tool for the right job.

In fact, what other company knows better that customers don't believe that one tool works for every use case than Citrix? For over a decade Citrix tried to convince the world that every user should be on Terminal Services. But Citrix finally got it that there isn't one tool that fits every use case. Customers want the right tool for the right job. So now Citrix is no longer a one trick pony, and sells a wide range of tools to manage desktops.

Because of that history and change, Citrix is the company that won't try to sell you a nail gun when what you really need for your particular situation is a pneumatic wrench, even when the competition is trying to sell you a nail gun.

Citrix saw the true value of Provisioning Server when they bought Ardence back in 2006. Basic tools that are engineered to be interchangeable and benefit from one another create a great set of tools. This is the whole concept behind Citrix's soon to be released Workflow Studio product.

If you haven't used Citrix Provisioning Server yet, in a VDI solution is a great place to start. Once it's in your environment you can start hooking up other tools to it, and begin to see what a great investment an air compre... er... Provisioning Server is.