Post to Twitter |
Comments (18) |
Views (32736) |
Finally, XenApp server farms are going to be easier to manage. Am I the only one jumping for joy? As many of you have heard by now, XenApp Platinum is going to include Provisioning Services. This is an announcement I've been waiting for, for quite a long time. Provisioning Services is a great secret weapon for maintaining any system, but I'm going to focus on is XenApp. If you want a great overview of what Provisioning Services will do for you, take a look at Vinny Sosa's blog. What I want to focus on are the best practices for integrating Provisioning Services for XenApp.
The first best practice, is one you need to decide very early on in your build-out... What type of vDisk should you use? Private, Standard or Differential. Take a look at the three options below:
| Standard Image | Private Image | Differential Image | |
| Description | Each target devices stores vDisk writes in a unique change file that is destroyed upon each target device reboot. | Each target device has a dedicate vDisk image configured in a read/write fashion. All changes are part of the vDisk. | Each target device stores vDisk writes in a unique file that is kept upon subsequent reboots, allowing the server to keep configuration changes, until the base vDisk is modified. |
| Benefit |
|
Complete personalization of the environment because all changes are stored, but at a cost of storage and support. | Allows for greater levels of system personalization by not discarding system-level changes upon subsequent reboots. |
| Recommendations | Standard images are a recommended best practice for XenApp servers. XenApp servers delivering the same applications should be:
|
There is little need for Private Images in a XenApp environment because of the differences each image will take. This will go against the core best practice of consistency. | Differential images are appropriate for a small subset of use cases where users have the need to install their own applications. In a XenApp environment, this is not recommended. Once the base vDisk is modified, the differential image is destroyed and the user must rebuild their personality into the target device. |
Standard Image is the way to go. The benefits are great. They align completely with the best practices for XenApp servers... Consistency. The standard image is the key to consistency. But how can a single image be used for multiple XenApp servers? If I install the operating system and XenApp onto a base image and then use the same, exact image to hundreds of servers, aren't there issues with farm membership, especially as each server has the same name?
This is the really cool thing about Provisioning Services. Within the console, you define each target device with a name and a MAC address. The MAC address links the defined target device within the Provisioning Services console to the actual physical/virtual server. Whatever name you enter will become the actual computer name of the streamed server. The Provisioning Services streaming service inserts this identification information into the stream. So, Provisioning Services takes care of the computer name, but we still have to deal with XenApp farm membership.
Included in the base image, along with the operating system and XenApp, is the XenApp Prep Tool. Immediately before you create your base image, you run the prep tool. This tool does exactly what you think it should do, it prepares the XenApp server for streaming by removing items (local host cache, Resource Manager local database), stopping services (IMA Service, Citrix SMA service) and a whole slew of other things. The XenApp Prep tool also creates a new service so when the base image is streamed to any target, the XenApp Prep service starts and begins the personalization and integration into the XenApp farm. It does a whole bunch of things, but of importance is the changing of the STA ID (they have to be different), updates certain registry keys to force the XenApp server to request updates to the local host cache, recreates local XenApp databases, and restarts XenApp services. I've left off a few items, but essentially what happens is when the XenApp services start, they will try to communicate with the XenApp farm. If the server does not have a presence in the farm yet, it will automatically be added. If the server has a presence, it will simply receive its local host cache from the data store automatically. If you want to get more information and the XenAppPrep tool, get it from here:
If you want to see it in action, take a look at this video
Please comment if there is another best practice you are wondering about. Stay tuned for more upcoming best practice blogs specifically focused on Provisioning Services and XenApp:
- vDisk Cache
- Active Directory
- Application Integration
- Application Streaming Cache
- System-level settings: Page file, drive remapping and multiple drives
- Plus more if we get some good ideas on other areas of focus.
Daniel
Follow Daniel's Blog: http://community.citrix.com/blogs/citrite/danielf
Follow Daniel on Twitter: http://www.twitter.com/djfeller
Comments (18)
Mar 11, 2009
Simon Jackson says:
Hi Daniel - great blog - If we run XenApp on XenServer and have XenServer...Hi Daniel - great blog -
If we run XenApp on XenServer and have XenServer Storage allocated to each XenApp VM, can you explain the best practice for how we can locate the Provisioning Server vDisk Cache on this per VM XenServer Storage?
Particularly I'd like to know how we ensure that the per VM storage is formatted as NTFS ready for the vDisk Cache, and how the disk signature for each and every per VM Storage is included within the vDisk gold build.
Cheers
SJ
Mar 11, 2009
Anonymous says:
Dan, How about the best practive for updating a Standand image vDisk running Xe...Dan,
How about the best practive for updating a Standand image vDisk running XenApp. We get daily anti-virus updates, so to keep the Standard image vDisk current we need to updated it every day (to avoid too much writing to the cache). If you put the vDisk in Private mode you are required to shutdown all servers running the vDisk first, so that doesn't work in a 24/7 environment.
Thanks,
Kevin Castleman
Anonymous replies:
Mar 11, 2009
Scott Campbell says:
To answer Kevin's question about vDisk updating, I prefer to have 3 copies of a ...To answer Kevin's question about vDisk updating, I prefer to have 3 copies of a vDisk: 1) to boot machines off of, 2) as a backup for safe keeping, and 3) that you can make updates to.
You make updates to #3 and make two copies. Configure your PVS template to point to the new vDisk, apply the template, then reboot the servers whenever convenient.
Updating the vDisk every single day just to update AV definitions will probably be a huge administrative nightmare. It may be worth letting the auto-update of AV occur every time the server is rebooted and then updating the vDisk with AV definitions on those days when you update the OS (like Patch Tuesdays).
Scott Campbell
Mar 16, 2009
Anonymous says:
This is where I disagree with Daniel... A Differential Image is great for XenApp...This is where I disagree with Daniel... A Differential Image is great for XenApp as it allow for those out-of-cycle updates such as AV Signatures.
Joe Shonk
Mar 16, 2009
Daniel Feller says:
Hey Kevin Antivirus is always the big question, especially around the Standard ...Hey Kevin
Antivirus is always the big question, especially around the Standard Image mode. I totally agree, you don't want to update the images daily, and you are not going to. No one is going to keep up with that kind of an update cycle.
Ask yourself this, how often do you reboot your XenApp servers? Most schedules I've seen from customers is to do weekly reboot schedules. This means you might be 1 week+ behind on antivirus definitions, probably not a good idea. So I would suggest to enable antivirus updates in the base image, and then on a weekly basis, or whatever time period you select, update the standard image with the latest virus definition. Kinda like what Scott said about Patch-Tuesday.
As for differential images, they are an option, but they break one of the most important XenApp best practices... Consistency. I'm concerned that enabling differential images would allow the XenApp servers to take on different configurations, resulting in odd behavior and longer troubleshooting sessions.
Mar 13, 2009
Nico van Meurs says:
Hi Daniell, Great initiative, this is something that I was missing at the ...Hi Daniell,
Great initiative, this is something that I was missing at the moment.
I'm wondering how you see best practices around image management, like how to make changes to your images, versioning, backups, etc...
Cheers
Nico van Meurs
www.virtualdesktopblog.com
Mar 13, 2009
Carlo Costanzo says:
Dan, Great description on the process of selecting the...Dan,
Great description on the process of selecting the vDisk types. One question I have is how to handle changes such as Edgesight databases, Event Logs or other performance monitoring that would be necessary to keep in a streamed environment after a reboot. If we choose to use the Standard image, those things I believe would be lost after a reboot or crash.
I'd be curious to know the recommended way of handling these types of issues.
Thanks again.
CARLO
[www.VMwareInfo.com]
Mar 16, 2009
Anonymous says:
Sounds like using a standard image would make sense in an environment where ther...Sounds like using a standard image would make sense in an environment where there is little variation in the server builds -- a handful of server silos. This way an environment can be built up quickly with perfect consistency. This makes sense and is ideal for smaller, less complex XenApp environments.
But what about for large complex enviornments? One that has to grow breadth-wise considerably to adapt for a dynamic computing environment? One with applications, that can't be streamed or isolated? In this case, it may make more sense to standardize a XenApp image with all standard base apps and use a differential PVS image. This way different applications can be installed and configured on a stable, consistent platform which is available at the click of a button.
F
Mar 16, 2009
Anonymous says:
Sounds like using a standard image would make sense in an environment where ther...Sounds like using a standard image would make sense in an environment where there is little variation in the server builds -- a handful of server silos. This way an environment can be built up quickly with perfect consistency. This makes sense and is ideal for smaller, less complex XenApp environments.
But what about for large complex enviornments? One that has to grow breadth-wise considerably to adapt for a dynamic computing environment? One with applications, that can't be streamed or isolated? In this case, it may make more sense to standardize a XenApp image with all standard base apps and use a differential PVS image. This way different applications can be installed and configured on a stable, consistent platform which is available at the click of a button.
F
Mar 16, 2009
Anonymous says:
Sounds like using a standard image would make sense in an environment where ther...Sounds like using a standard image would make sense in an environment where there is little variation in the server builds -- a handful of server silos. This way an environment can be built up quickly with perfect consistency. This makes sense and is ideal for smaller, less complex XenApp environments.
But what about for large complex enviornments? One that has to grow breadth-wise considerably to adapt for a dynamic computing environment? One with applications, that can't be streamed or isolated? In this case, it may make more sense to standardize a XenApp image with all standard base apps and use a differential PVS image. This way different applications can be installed and configured on a stable, consistent platform which is available at the click of a button.
F
Mar 19, 2009
Anonymous says:
First off, great article, Dan! To the people who suggest differential disks, tw...First off, great article, Dan!
To the people who suggest differential disks, two things:
1. Do you know how big those delta files will get if you actually make significant changes, such as additional application installs? Do you know how many modifications could be made during a typical application install? A file placed here, a Registry change there... All those changes are captured in the differential file at the binary level, meaning that your differential file could start outgrowing the vDisk size. Not that storing them is such a big deal, but it just kind of defeats the point of a standard vDisk.
As for complexity, you can always create several standard vDisks with different configurations...there's no rule that says you can only use one golden image. But, you should at least standardize as many XenApp servers as you can around as few standard image vDisks as possible. If you're relying on load managed groups and have a slew of servers that only host core productivity apps like Office, provision those servers with a standard vDisk. Then either create different standard image vDisks for the other load managed groups or use Private image mode for those servers (but be sure to have a good backup system in place for those private images). Standardizing as many XenApp servers as you can will make your life easier when it comes to administration and, worst case, a DR event.
2. In addition the point about consistency that Dan mentioned, you're also introducing a nice point of failure when using Differential disks. If you use differential disks and update the base vDisk, poof! The link between the vDisk and differential file is broken. And what if the differential file becomes corrupt or you make some change that breaks something and you need to revert back? Poof! All change since the base vDisk are gone. Same goes for if the actual vDisk becomes corrupt though that's probably rarer given that it's read-only. If you're going to rely on differential images for key changes, you better back that file up often.
The moral of the story is don't take shortcuts. Go with standard vDisk images for XenApp and do your due diligence and establish a process and methodology for updating the vDisks on a regular basis. If you must have daily A/V updates or even want Windows Update to automatically install security updates identified as Critical, then use differential disks, but establish a process around incorporating all deltas into the base image.
But like Dan suggested, differential disks are best used in low-stakes cases--in other words, cases where if the base vDisk is updated and the changes are lost, it's not that big of a deal. An example that jumps to mind would be a VDI scenario where you want users to boot to a standard image, but want to allow some customization such as desktop wallpaper and other appearance-related settings. Maybe you'd let your users install their favorite, but notoriously buggy, IM program that you obviously don't want as part of the base image. But any primary applications that can't (or aren't) being delivered by XenApp should be included in the base vDisk. In other words, if you're relying on differential images so your Marketing department can install InDesign, you're going to far with them.
--B
Mar 23, 2009
Daniel Feller says:
You are spot on. The marketing people love to say "One image is all you ne...You are spot on. The marketing people love to say "One image is all you need", but I'm not in marketing. I've been in IT for a long time having to support XenApp environments (a very large one too). You don't have to use a single vDisk for your entire XenApp environment. I think it would be safe to bet that you have a group of XenApp servers that are "supposed" to be doing the same thing. They should be delivering the same applications. Using a standard image will help you achieve the consistency. For large XenApp environments, you probably have many different groups of XenApp servers. So, create more vDisk images in standard mode (of course don't go crazy here). The fewer number of vDisk images you have, the better off you will be maintaining them.
What worries me about differential disks is that they are not permanent. If you change the base vDisk, add a hotfix, service pack, application update, anything... those differential disks are gone. What happens 2 weeks from now? Someone does something to the base vDisk and BAM, you are running around trying to figure out what happened. Trust me, some admin will do something that you are unaware of. This is a fact... Why do you think we added the configuration database to XenApp? Because some admins where making unauthorized changings.
Remember, one vDisk is the best, but chances are it is not feasible for many environments so create as few as needed.
Daniel
Mar 25, 2009
Anonymous says:
Daniel, We are using PVS with standard images. On the citrix documentation it s...Daniel,
We are using PVS with standard images. On the citrix documentation it says that from PVS to Shared Storage it uses CIFS/NFS. My question is should they be running on Netbios-SSN or MicrosoftDS? Our capture shows that all communication are all with netbios-ssn and a little bit in Microsoft DS.
May 24
Anonymous says:
I would like a discussion where to put the Vdsik? How do we make our Provisioni...I would like a discussion where to put the Vdsik?
How do we make our Provisioning Setup Ressiliant? By putting the Vdisk on a windows standard share, that windowsserver could NEVER get a serviceupdate. In my costumers enviroment they run 24/7/365. And once the XenApp servers is up and running on provisioning, the vdisk-windows-server is a single point of failure.
Should the vdisk share be located on a microsoft file cluster? No way! As far as I know microsoft cluster is not supported on XenServer.?? We don't want more physical machines!
The provisioing servers is HA enabled, but the Vdisk structure is not!! What do you Do in your real life enviroment?
Regards J
Jul 03
Bryan Mann says:
@Anon In your case I would put the vdisk directly on each PVS server, that way ...@Anon
In your case I would put the vdisk directly on each PVS server, that way you can patch the servers in rotation and not affect the ability to provide the vdisk. The drawback being you are now managing multiple vdisks.
Jun 06
Henrry Ortiz says:
I have a little comment to make about the topic of image, and problem that i'm g...I have a little comment to make about the topic of image, and problem that i'm getting.
When i have a vdisk in private mode the politic of wallpaper from de dc 2008 aplly ok.
But whe i have image in standar mode the politic fails, and the wallpaper disapper and take classic windows wallpaper felicity, i don't kwon yet if it is a problem with xendesktop or with provisioning but it is the only thing that i know that it is with those image.
If someone can explain me i appresate.
Thanks for all.
Jul 09
Anonymous says:
Hi Daniel, Thnx for the info. I was wondering if I don't want to use a differen...Hi Daniel,
Thnx for the info. I was wondering if I don't want to use a differential disk for my anti-virus software?
Suppose I update my AV daily, and reboot weekly. After a server is born it start's updating every day. After a reboot it loses it's updates, so it has to download the previous updates and the current, then it reboots and so on?
What we think of doing is letting our XenApp (and Xendesktop) vDisks (standard) update daily automatic, and than do a manual update of the vDisk once every month. This means worst case that when I reboot a system 30 days after manual update, it has to download 29 days of AV updates.
What are your ideas on this?
Regards,
Remco Nijkamp
Oct 27
Rick Rohne says:
In discussion of running Anti-Virus on a standard image, I've been considering u...In discussion of running Anti-Virus on a standard image, I've been considering using the Application Management product that comes with APPSense (using the trusted ownership model), to ensure that only processes that an administrator installs on the server will be allowed to run. That, of course, does not cover everything. But it does open you up to be a little less aggressive on the Anti-Virus Processing. For instance, if AppSense AM is installed on a PVS guest in standard mode, you only have to worry about viruses that attach themselves to documents and not have to worry about new processes. I've not done this in a production environment, but I'm going to do some more testing to see how well it would work. I was wondering if anyone else has had some similar experiences.
I also thought I would share a blog that I wrote that is related to the overall topic.
http://www.thegenerationv.com/2009/07/xenapp-50-on-server-2008-using-pvs-and.html
-Rick
Add Comment