So What's This All About

The purpose of this site

I started off my career in IT 25 years ago as a COBOL Programmer in South Africa and have progressed (or some may say regressed) to consulting on virtualization technologies. I created this site to share my experiences with virtualization and cloud computing, as well as the latest virtualization news, tips, tricks and tools from other experts in the field.



Online Training

Free XenApp 7.6 Training

This free, one-hour online course provides an introduction to Citrix XenApp 7.6. Students will explore key components required in a XenApp 7.6 implementation, the FMA-based architecture, as well as key use cases.

Click here for the course details



Keep Tabs on Me

Social media links

RSS Feed 2.0

 
Articles

The Complete Guide to Citrix Session Recording

An article by Trond Eirik Haavarstein from xenappblog

With this week release of Feature Pack 2 for Citrix XenApp and XenDesktop 7.6 also comes Citrix Session Recording 7.6.100.

This piece of software was the missing part of my upcoming release of Automation Framework 3.0, so I went on a mission to get it automated.

I immediately stumbled upon this blog post from Citrix Virtualization SE Georg Kuruvilla, and as he says “the installation process was a little tedious“!

Add missing eDoc information to the mix and you get the picture. Let’s get started!

Session Recording Player

Write-Verbose "Setting Arguments" -Verbose
$StartDTM = (Get-Date)

$Vendor = "Citrix"
$Product = "Session Recording Player"
$PackageName = "SessionRecordingPlayer"
$Version = "7.6.100"
$InstallerType = "msi"
$LogPS = "${env:SystemRoot}" + "Temp$Vendor $Product $Version PS Wrapper.log"
$LogApp = "${env:SystemRoot}" + "Temp$PackageName.log"
$UnattendedArgs = "/i $PackageName.$InstallerType ALLUSERS=1 /qn /liewa $LogApp"

Start-Transcript $LogPS

CD $VersionPlayer

Write-Verbose "Starting Installation of $Vendor $Product $Version" -Verbose
(Start-Process msiexec.exe -ArgumentList $UnattendedArgs -Wait -Passthru).ExitCode

Write-Verbose "Customization" -Verbose

Write-Verbose "Stop logging" -Verbose
$EndDTM = (Get-Date)
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose
Stop-Transcript

Session Recording Agent

Write-Verbose "Setting Arguments" -Verbose
$StartDTM = (Get-Date)

$Vendor = "Citrix"
$Product = "Session Recording Agent"
$PackageName = "SessionRecordingAgentx64"
$Version = "7.6.100"
$InstallerType = "msi"
$LogPS = "${env:SystemRoot}" + "Temp$Vendor $Product $Version PS Wrapper.log"
$LogApp = "${env:SystemRoot}" + "Temp$PackageName.log"
$UnattendedArgs = "/i $PackageName.$InstallerType ALLUSERS=1 sessionrecordingservername=csr-01.ctxlab.vmw sessionrecordingbrokerprotocol=https sessionrecordingbrokerport=443 /qn /liewa $LogApp"

Start-Transcript $LogPS

Write-Verbose "Installing Prerequisites"
Install-WindowsFeature -Name MSMQ
Install-WindowsFeature -Name MSMQ-HTTP-Support

CD $VersionAgent

Write-Verbose "Starting Installation of $Vendor $Product $Version" -Verbose
(Start-Process msiexec.exe -ArgumentList $UnattendedArgs -Wait -Passthru).ExitCode

Write-Verbose "Customization" -Verbose

Write-Verbose "Stop logging" -Verbose
$EndDTM = (Get-Date)
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose
Stop-Transcript

Session Recording Administration

#1 Install Windows Features

powershell.exe Add-WindowsFeature Web-Windows-Auth,Web-Asp-Net,Web-Mgmt-Compat,Web-Metabase,Web-WMI,Web-Lgcy-Scripting,Web-Lgcy-Mgmt-Console,MSMQ,MSMQ-HTTP-Support,Web-Asp-Net45

#2 Download Microsoft SQL Server Express 2014

Write-Verbose "Setting Arguments" -Verbose
$StartDTM = (Get-Date)

$url = "http://download.microsoft.com/download/E/A/E/EAE6F7FC-767A-4038-A954-49B8B05D04EB/ExpressAndTools%2064BIT/SQLEXPRWT_x64_ENU.exe"
$output = "$PSScriptRootSQLEXPRWT_x64_ENU.exe"
$start_time = Get-Date

$Vendor = "Microsoft"
$Product = "SQL Server Express"
$Version = "2014"
$LogPS = "${env:SystemRoot}" + "Temp$Vendor $Product $Version PS Wrapper.log"

Start-Transcript $LogPS

Write-Verbose "Start Downloading $Vendor $Product $Version" -Verbose

$wc = New-Object System.Net.WebClient
$wc.DownloadFile($url, $output)
#OR
(New-Object System.Net.WebClient).DownloadFile($url, $output)

Write-Verbose "Stop logging" -Verbose
$EndDTM = (Get-Date)
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose
Stop-Transcript

#3 Install Microsoft SQL Express 2014

@echo off
REM Batch Wrapper for MDT, Standalone and Chocolatey Installation - (C)2015 xenappblog.com 

pushd %~dp0

SET AppName=Microsoft SQL Server Express 2014
SET Version=2014

SET OPTIONS=
SET OPTIONS=/Q
SET OPTIONS=%OPTIONS% /ACTION=Install
SET OPTIONS=%OPTIONS% /FEATURES=SQL,SSMS
SET OPTIONS=%OPTIONS% /INSTANCENAME=SQLEXPRESS
SET OPTIONS=%OPTIONS% /SQLSVCACCOUNT="NT AUTHORITYNETWORK SERVICE"
SET OPTIONS=%OPTIONS% /SQLSYSADMINACCOUNTS="CTXLABAdministrator" "BUILTINAdministrators"
SET OPTIONS=%OPTIONS% /AGTSVCACCOUNT="NT AUTHORITYNetwork Service"
SET OPTIONS=%OPTIONS% /IACCEPTSQLSERVERLICENSETERMS
SET OPTIONS=%OPTIONS% /BROWSERSVCSTARTUPTYPE="Automatic"

cls
echo.
echo Installing %AppName%
echo.

cd %Version%
start /wait SQLEXPRWT_x64_ENU.exe %OPTIONS%

popd
endlocal

#4 Import and Bind SSL Certificate

Install-WindowsFeature -Name Web-Server -IncludeManagementTools
copy-item "\mdt-01mdtproduction$ApplicationsScriptswildcard.pfx" -Destination C:WindowsTempwildcard.pfx 

import-module webadministration
$PFXPath="C:WindowsTempwildcard.pfx"
$PFXPassword="Password"
$strThumb="656D9BCE52970C48E235B5C071861f546A7ADBA8"
 
certutil -f -importpfx -p $PFXPassword $PFXPath

Remove-Item C:WindowsTemp*.pfx -Force

Push-Location IIS:
cd SslBindings
New-webBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
get-item cert:LocalMachineMY$strThumb | new-item 0.0.0.0!443
Pop-Location

Get all the details in the post Securing Citrix X1 StoreFront with Powershell.

#5 Install Session Recording Administration

Write-Verbose "Setting Arguments" -Verbose
$StartDTM = (Get-Date)

$Vendor = "Citrix"
$Product = "Session Recording Administration"
$PackageName = "SessionRecordingAdministrationx64"
$Version = "7.6.100"
$InstallerType = "msi"
$LogPS = "${env:SystemRoot}" + "Temp$Vendor $Product $Version PS Wrapper.log"
$LogApp = "${env:SystemRoot}" + "Temp$PackageName.log"
$LogApp2 = "${env:SystemRoot}" + "TempBrokerPSSnapIn.log"
$Destination = "${env:ChocoRepository}" + "$Vendor$Product$Version$packageName.$installerType"
$UnattendedArgs = "/i $PackageName.$InstallerType ALLUSERS=1 DATABASEINSTANCE=.SQLEXPRESS DATABASEUSER=localhost DATABASECREATERUSERNAME=CTXLABADMINISTRATOR DATABASECREATERPWD=Brasil2015 ADDLOCAL=PolicyConsole,SsRecServer,StorageDatabase,RequiredResources /qb /liewa $LogApp"
$UnattendedArgs2 = "/i Broker_PowerShellSnapIn_x64.msi /qn /liewa $LogApp2"

Start-Transcript $LogPS

CD $VersionAdministration

Write-Verbose "Starting Installation of $Vendor $Product $Version" -Verbose
(Start-Process msiexec.exe -ArgumentList $UnattendedArgs2 -Wait -Passthru).ExitCode
(Start-Process msiexec.exe -ArgumentList $UnattendedArgs -Wait -Passthru).ExitCode

Write-Verbose "Customization" -Verbose

Write-Verbose "Stop logging" -Verbose
$EndDTM = (Get-Date)
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose
Stop-Transcript

The rest is straight forward. Since the certificate is already installed, you just need to select it.

Citrix Session Recording 02

Citrix Session Recording 03

Set Citrix Session Recording Player permissions.

Citrix Session Recording 04

Set the policy you prefer.

Citrix Session Recording 05

Test it out.

Citrix Session Recording 06

I think the best option is to use the “Do not record” policy and enable recording through Citrix Director when needed. Run this command to configure Director integration.

C:inetpubwwwrootDirectortoolsDirectorConfig.exe /configsessionrecording

Citrix Session Recording 07

Citrix Session Recording is super helpful and if you’re licensed you should get it implemented during your next maintenance window.

 

What’s New in StoreFront 3.0

An article by Feng Huang from Citrix Blogs

p>StoreFront 3.0 has just been released. By now, hopefully you have learned that the headline feature for this release is to provide the unified user experience across all receivers and improve customizability.

If you would like to learn more about this, please refer to Richard’s blog articles here.

But back to the release! Today I would like to call out all the other new features available in StoreFront 3.0.

Please note that you have to import the StoreFront PowerShell modules before you can run any PowerShell commands described in this article. The following code snippet does this for you:

$dsInstallProp = Get-ItemProperty -Path HKLM:\SOFTWARE\Citrix\DeliveryServicesManagement -Name InstallDir
$dsInstallDir = $dsInstallProp.InstallDir
& $dsInstallDir\..\Scripts\ImportModules.ps1

Classic Receiver Experience

In order to help you smooth the transition to the new unified Receiver experience, StoreFront 3.0 continues to support the existing green bubble UI (referred to as the classic Receiver experience). This enables you to take advantage of all the new features immediately, and upgrade the user experience when your users are ready.

If you perform an in-place upgrade from StoreFront 2.x to 3.0, the UI for the existing Receiver for Web sites will remain as the classic green bubble UI. When you create new Receiver for Web sites after the upgrade or a fresh installation, users will see the new unified UI.

You can enable the new unified UI for an upgraded site using the StoreFront Administration Console by selecting the Disable Classic Receiver Experience action in the right pane for your selected Receiver for Web site.

The above action alone will only enable the unified UI for your web users. In order to enable the unified experience for your users with latest native Receivers (such as Receiver for Windows 4.3 and Receiver for Mac 12.0), you also need to configure the Store.

  1. Select the Stores node from the left pane
  2. Select the Store you would like to configure in the middle pane
  3. Select the Set Unified Experience as Default action in the right pane
  4. Select Set the unified Receiver experience as the default for this store in the pop up dialog
  5. Select the Receiver for Web site to use for the native Receivers from the drop down list
  6. Select OK

 

Google Chrome Support without NPAPI

Google Chrome on Windows and Mac is fully supported without NPAPI out of the box in StoreFront 3.0. To take advantage of this, you have to upgrade both StoreFront and Receivers. Receiver for Windows 4.3 and Receiver for Mac 12.0 support this new technology. You can learn more details about the technology and user experience from my previous blog article here.

No More Editing of Hosts File

Previously, as stated here, Citrix recommends that you modify the hosts file on your StoreFront servers to ensure that Receiver for Web always talks to the local StoreFront server instead of the load balancer. In StoreFront 3.0, we leverage a new feature in the .NET Framework 4.5 to implement loopback communication between Receiver for Web and the rest of StoreFront Services. This is configurable using PowerShell cmdlet Set-DSLoopback, which syntax is

Set-DSLoopback [-SiteId] <Int64> [-VirtualPath] <String> `
[-Loopback] <String> [[-LoopbackPortUsingHttp] <Int32>]

The valid values for Loopback are:

  • On – This is the default value for new Receiver for Web sites. Receiver for Web uses the schema (HTTPS or HTTP) and port number from the base URL but replace the host part with the loopback IP address to communicate with StoreFront Services. This works for a single server deployment and a deployments with a non SSL-terminating load balancer.
  • OnUsingHttp – Receiver for Web uses HTTP and the loopback IP address to communicate with StoreFront Services. If you are using an SSL-terminating load balancer, you should select this value. You have to also specify the HTTP port if it is not the default port 80.
  • Off – This turns off loopback and Receiver for Web uses the StoreFront base URL to communicate with StoreFront Services. If you perform an in-place upgrade this is the default value to avoid disruption to your existing deployment.

For example, if you are using an SSL-terminating load balancer, your IIS is configured to use port 81 for HTTP and the path of your Receiver for Web site is /Citrix/StoreWeb, you can run the following command to configure the Receiver for Web site:

 

Read More

 

A Review of XenApp 6.5 Scalability

An article by James Denne from Citrix Blogs

As a Technical Relationship Manager, I spend a lot of time researching the more complex questions asked by customers that do not fit into the traditional Break-Fix reactive support model. One that I was asked recently sparked a good bit of thought, research and a debate within the TRM Team at Citrix and I wanted to share my findings.

The customer question was: What is Citrix’s recommendation for the maximum number of servers, users etc for a XenApp 6.5 Farm?

There are some published documents that discuss XenApp 6.5 Farm scalability which you can read here:

Planning Server Functions: http://support.citrix.com/proddocs/topic/XenApp 6.565-planning/ps-planning-infrastructure-servers-v2.html

XenApp 6.5Enterprise Scalable XenApp 6.5 Deployments: http://support.citrix.com/article/CTX131102

Speeding up Farm Deployments with XenApp 6.5– Part 3: http://blogs.citrix.com/2011/09/23/speeding-up-Farm-deployments-with-XenApp 6.5-6-5-part-3/

Pedal to the Metal: Bare Metal Scaling of XenApp 6.5 Hosted Shared Desktops: http://blogs.citrix.com/2013/03/28/pedal-to-the-metal-bare-metal-scaling-of-XenApp 6.5-6-5-hosted-shared-desktops/

After reading these documents I drew a these conclusions:

  1. The largest XenApp 6.5 deployment we have tested internally was 1000 servers in a single Farm.
  2. Memory consumption of the IMA Service on the Zone Data Collector is going to be a critical bottleneck as Farm size increases.
  3. It is the fine detail of how the Farm has been deployed and how it is used that will determine overall scalability.

GENERAL FARM LIMITS

Zones

We recommend no more than 5 zones per Farm due to the mesh network nature of Zone Data Collector communications – adding zones exponentially increases the network chatter and bandwidth required to maintain inter-zone communications. I wrote about this a couple of years ago here: http://blogs.citrix.com/2012/11/26/some-XenApp 6.5-6-5-Zone Data Collector-replication-calculations/.

 

Read More

 

Bulletproof Guide to Citrix Receiver Start Menu Integration

An article by Trond Eirik Haavarstein from xenappblog

In this post I’m going to show you how to setup Citrix Receiver Start Menu Integration and troubleshoot in case it doesn’t work.

First off, to get this working you NEED to use HTTPS. Check out my previous posts Securing Citrix X1 StoreFront with Powershell and Citrix StoreFront Complete Automation.

I’m using Citrix Receiver 4.3 TP and Citrix Storefront 3.0 TP. Let’s install Citrix Receiver using the following Powershell code:

Write-Verbose "Setting Arguments" -Verbose
$StartDTM = (Get-Date)

$Vendor = "Citrix"
$Product = "Receiver"
$PackageName = "CitrixReceiver4.3TP"
$InstallerType = "exe"
$Version = "4.3TP"
$LogPS = "C:WindowsTemp$Vendor $Product $Version PS Wrapper.log"
$LogApp = "C:WindowsTemp$Product.log"
$Destination = "${env:ChocoRepository}" + "$Vendor$Product$Version$packageName.$installerType"
$UnattendedArgs = '/silent /includeSSON'

Start-Transcript $LogPS

CD $Version

Write-Verbose "Starting Installation of $Vendor $Product $Version" -Verbose
(Start-Process "$PackageName.$InstallerType" $UnattendedArgs -Wait -Passthru).ExitCode

Write-Verbose "Customization" -Verbose
copy-item "C:ProgramDataMicrosoftWindowsStart MenuProgramsCitrix Receiver.lnk" -Destination "C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupCitrix Receiver.lnk" -Recurse

Write-Verbose "Stop logging" -Verbose
$EndDTM = (Get-Date)
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose
Write-Verbose "Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose
Stop-Transcript

This will install Citrix Receiver with Single Sign On and copy the icon to the Startup folder.

Please be aware that if you install 4.3 Technical Preview you need to do some manual clicks. This will go away when it’s official.

Bulletproof Guide to Citrix Receiver Start Menu Integration 06

One of the most common mistakes is forgetting to add your Storefront URL to the Trusted Zone List. You’ll find the GPO in Administrative Templates – Windows Components – Internet Explorer – Internet Control Panel – Security Page.

Bulletproof Guide to Citrix Receiver Start Menu Integration 04

Let’s create a Group Policy for Citrix Single Sign On with Storefront Configuration. You need to import the ADM templates.

I’m keeping the ADM templates with the binaries. You’ll find these under C:Program Files (x86)CitrixICA ClientConfiguration.

Bulletproof Guide to Citrix Receiver Start Menu Integration 05

Bulletproof Guide to Citrix Receiver Start Menu Integration 09

Navigate to Administrative Templates – Classic Administrative Templates – Citrix Components – Citrix Receiver – User Authentication – Local username and password. Set the following:

Bulletproof Guide to Citrix Receiver Start Menu Integration 10

Navigate to Administrative Templates – Classic Administrative Templates – Citrix Components – Citrix Receiver – Storefront – Storefront Accounts List. Enable the policy and define your Store.

Store;https://sf-01.ctxlab.vmw/Citrix/Store/discovery;On;SF01

Bulletproof Guide to Citrix Receiver Start Menu Integration 11

Navigate to Administrative Templates – Classic Administrative Templates – Citrix Components – Citrix Receiver – Self Service and enable the first 3 policies.

I prefer to enable SelfServiceMode and Add/Remove Account at this stage. This makes it much easier for troubleshooting.

Bulletproof Guide to Citrix Receiver Start Menu Integration 12

Bulletproof Guide to Citrix Receiver Start Menu Integration 13

This is how I link the Internet Explorer and Citrix Receiver SSON policies.

Bulletproof Guide to Citrix Receiver Start Menu Integration 14

Now restart the computer and make sure it belongs to the OU where you have linked the GPO.

Head over to Store and configure Domain Pass-through.

Bulletproof Guide to Citrix Receiver Start Menu Integration 02

Bulletproof Guide to Citrix Receiver Start Menu Integration 03

To add the application shortcut to the Start Menu you need to set KEYWORDS:auto.

Bulletproof Guide to Citrix Receiver Start Menu Integration 15

Logon to your test computer. If everything works it should look like this.

Bulletproof Guide to Citrix Receiver Start Menu Integration 16

When you disable SelfServiceMode you’ll get all applications populated via the Citrix Receiver Start Menu Integration.

Bulletproof Guide to Citrix Receiver Start Menu Integration 22

Troubleshooting

Single Sign On

The first step is to verify that the Single Sign On process ssonsvr.exe is running in Task Manager.

Bulletproof Guide to Citrix Receiver Start Menu Integration 17

Now open your browser and verify that you get Single Sign On to StoreWeb. Please note that this works with both HTTP and HTTPS.

Bulletproof Guide to Citrix Receiver Start Menu Integration 18

Add Account

The Store has not been configured in GPO.

Bulletproof Guide to Citrix Receiver Start Menu Integration 07

Your apps are not available at this time

Bulletproof Guide to Citrix Receiver Start Menu Integration 19

Your Store is not configured to use HTTPS.

Bulletproof Guide to Citrix Receiver Start Menu Integration 21

You can verify this by clicking Accounts. If you have the Store configured with HTTPS in GPO, but the account show HTTP, you have certification problems. Verify that HTTPS works with StoreWeb.

Bulletproof Guide to Citrix Receiver Start Menu Integration 20

Citrix Receiver Start Menu Integration not working

Make sure to go through the steps above. If you can manually add icons in Citrix Receiver / StoreWeb and they show up in the Start Menu there´s something wrong with your application keywords.

Resources

 

NetScaler Web-Based Authentication

An article by Sachin Gadhave from Citrix Blogs

In high security applications, the use of two-factor authentication (2FA) is often a hard requirement to provide enhanced security and meet more stringent compliance requirements.

With 2FA, users are required to provide two means of identification credentials for authentication. The most common example of 2FA is the use of traditional user name and password credentials in combination with a personal identification number (PIN) or token.

2FA can be implemented using RADIUS, which is an industry-standard protocol for providing authentication, authorization, and accounting services. The RADIUS server matches data from the authentication/authorization request with information in a trusted database, such as RSA SecurID, SQL or LDAP. If a match is found and the user’s credentials are correct, the RADIUS server sends a “success” response to the client, which is then allowed access to a corporate resource. A similar solution can be deployed using a Web Authentication server, which connects to a trusted backend database with user security information, where user credentials are sent through HTTP headers.

NetScaler version 10.5 and later with the AAA-TM feature can now authenticate users to a Web Authentication server, providing the credentials that the web server requires in an HTTP request and subsequently analyzing the web server response to determine that user authentication was successful.

Previously, a similar exercise would be done using the HTTP Callout feature, where a client would send the user name and password through HTTP headers in the request. A typical implementation of an HTTP callout would include creating an HTTP callout on the appliance and configuring it with details about the external server and other required parameters, configuring a responder policy to analyze the response and then creating a callout agent on the remote server.

The new Web Authentication feature now simplifies this process, where configuration is similar to creating a standard authentication server and a policy that can be bound to a virtual server for single FA or 2FA.

As with other types of authentication policies, a Web authentication policy is comprised of an expression and an action. After creating an authentication policy, you bind it to an authentication virtual server and assign a priority to it. When binding it, you also designate it as either a primary or a secondary policy.

To set up web-based authentication with a specific web server, first you create an Authentication WEB Server that contains the following items:

  • Name—Name for the Web Authentication action.
  • Web Server IP Address— The IP address of the authentication Web server.
  • Port— The port of the authentication Web server.
  • Protocol—HTTP (for unencrypted web authentication) or HTTPS (for encrypted web authentication).
  • HTTP Request Expression— An expression in NetScaler default syntax that contains the user’s credentials in the format that the Web server expects.
  • Expression to validate the Authentication—An expression in NetScaler default syntax that matches the web server response string that signifies that the user authenticated successfully.

Authentication Rule & Expression to validate the Authentication are the most important items in the list above, which have to be formatted precisely to ensure the NetScaler request and response matches the exact POST expression that the Web server expects. In this example we will use a sample POST request and response to configure Web authentication on NetScaler 10.5. At high level we need to complete following 5 steps:

  1. Create a Netscaler Gateway VIP or AAA-TM Virtual Server and associated configuration.
  2. Create Web authentication server “HTTP Request Expression” & “Expression to validate the Authentication”
  3. Create Web authentication server and tie in the details from step 2.
  4. Create Web authentication policy and associate it with the Web Authentication Server.
  5. Bind the Web Authentication Policy to the Netscaler Gateway or AAA-TM VIP in question.

We will assume, at this point, that you are implementing this solution because of a specific requirement where the credentials from Netscaler Gateway or AAA-TM needs to be sent to a specific server in a specific manner that requires this approach.

At this point, one should also validate that the basic Netscaler Gateway ICA proxy functionality is working with standard LDAP based authentication. Once done, it’s now time to get to the exciting stuff!

 

Read More

 

Learn How StoreFront 3.0 Supports Google Chrome without NPAPI

An article by Feng Huang from Citrix Blogs

A couple of months ago, I blogged here to give a head-up about the disruption of user experience for Receiver for Web when Google Chrome disables NPAPI and to provide some temporary workarounds. I indicated that we were actively working on new technology to remove the dependency on NPAPI.

Today, I can announce that the new solution is included in the StoreFront 3.0 Tech Preview. In this article, I will show you how to set up the Tech Preview environment to test-drive this new solution to help you prepare for the change.

When StoreFront 3.0 finally releases, we expect that the new solution will be applied to Google Chrome and Microsoft Edge. The user experience for other browsers will not be affected. We also expect that the new solution will work for both the new UI and the classic green bubble UI. This is to help you minimize disruption for your users. In the Tech Preview, however, please note that the solution only works for the new UI with Chrome on Windows.

Now, let’s begin setting up the Tech Preview environment to support Chrome without NPAPI.

First, I would like to turn on auto fallback to Receiver for HTML5. This is optional but it will take you through the full user experience.

  1. Open the StoreFront Admin Console
  2. Select Receiver for Web node in the left pane
  3. Select the Receiver for Web site you would like to use in the middle pane
  4. Select the Deploy Citrix Receiver task in the right pane
  5. Select Use Receiver HTML5 if local install fails as shown in the screenshot below
  6. Select OK and close the Admin Console

The default Receiver for Windows download link in Receiver for Web refers to the official Citrix download site. As the new solution requires the Tech Preview version of Receiver for Windows, we have to set it up manually. Also, the solution is disabled by default in the StoreFront 3.0 Tech Preview and hence we have to enable it by editing the configuration file. These steps will not be necessary in the official release of StoreFront 3.0 and Receiver for Windows 4.3.

  1. Download Receiver for Windows 4.3 Tech Preview here (if you have not done so)
  2. Copy it to the StoreFront installation location (typically C:\Program Files\Citrix\Receiver StoreFront\Receiver Clients) and rename it to CitrixReceiverWeb.exe
  3. Open web.config under the Receiver for Web site (typically C:\inetpub\wwwroot\Citrix\<StoreName>Web) in your preferred text editor
  4. Locate the line <win32 path=”http://downloadplugins.citrix.com/Windows/CitrixReceiverWeb.exe” />
  5. Change the value of path to be the server local path, which is /Citrix/StoreWeb/clients/CitrixReceiverWeb.exe in my case
  6. Locate the line <protocolHandler enabled=”false” platforms=”Windows NT.*Chrome/([4-9][2-9]|\d\d\d);Edge”
  7. Change the value of enabled to be true

  8. Save the file and close the text editor

Read More

 

vSphere Replication and Bandwidth Requirements

An article by VMware SMB from VMware Blogs

By: Ivan Talley, Systems Engineer at VMware Customers often ask me how much bandwidth they’ll need for VMware vSphere Replication. It’s a pretty typical question, especially when they’re using vCenter Site Recovery Manager (SRM) for disaster recovery. In general, I’m not a fan of ambiguous answers from vendors. Unfortunately, this is a case where the […]]> By: Ivan Talley, Systems Engineer at VMware

Customers often ask me how much bandwidth they’ll need for VMware vSphere Replication. It’s a pretty typical question, especially when they’re using vCenter Site Recovery Manager (SRM) for disaster recovery.

In general, I’m not a fan of ambiguous answers from vendors. Unfortunately, this is a case where the ambiguous answer is correct — we just don’t know what you’ll need. It depends on how many virtual machines (VMs) you intend to replicate, how frequently you intend to do so, and how much their data changes. Each variable impacts the actual amount of data that needs to be moved. This calculation must be performed before you can determine your bandwidth needs.

You’ll need to do some math to determine the optimal connection speed because replication likely isn’t the only traffic on your connection.

You can find a free tool, one I often suggest to customers, at a lesser-known VMware site. It’s a “fling,” an unsupported software project that our engineers delve into on occasion, but it always fills a need for someone, somewhere. Sometimes flings even become product features.

Anyways, the fling you’ll need is available at https://labs.vmware.com/about. Search this page for “replication” to find the replication tool. You should find the following summary:

The vSphere Replication Capacity Planning Appliance allows administrators to model the network impact of a virtual machine replication without producing actual replication traffic. The appliance provides command-line tools to configure replication for any VM in a vSphere Virtual Center. The replication is established in preview mode and thus requires no storage space. Networking traffic, required for the replication, is measured and displayed in an easy-to-understand graphical format that allows you to estimate the network bandwidth required.

Use this tool to get an accurate calculation on how virtual machine replication will impact your network. Once you do this, you should get a better estimate on how much bandwidth you’ll need as well. I hope this was helpful, and if you find yourself needing additional estimates or tweaks, I’d suggest checking the fling site out.

Of course, if you’re ever in need of something, don’t hesitate to drop us a line.

For future updates, follow us on Twitter and Facebook at@VMwareSMBandFacebook.com/VMwareSMB.

 

Ivan Talley has over 20 years of experience as a Network Engineer in medium size business data centers. His expertise also includes multiple verticals such as consulting engineering, contract electronics manufacturing, waste management, and legal services.

 

A Different Approach to a Single FQDN for StoreFront and NetScaler Gateway

An article by Brooks Cunningham from Citrix Blogs

How can users be educated to use a single URL, while still having a StoreFront base URL that is different from the NetScaler Gateway URL? We’re going to show you.

Please keep in mind this solution works best for Receiver for Web. This solution does work with the Native Receiver, but the Provisioning file would be the easiest way to configure the Native Receiver in my opinion.

In this scenario, I will use connect.example.com for external access to the Citrix environment. Int-connect.example.com will be used for internal access to the Citrix environment.

Here is an overview of the requirements for the scenario:

  1. SAN certificate for int-connect.example.com and connect.example.com.
  2. Connect.example.com will resolve to the publicly accessible NetScaler Gateway VIPs.
  3. Int-connect.example.com will resolve to the internal StoreFront Load Balanced VIPs.
  4. CNAME on the internal DNS. connect.example.com –> int-connect.example.com.
  5. Responder Policy to redirect from connect.example.com to int-connect.example.com.

Now for the magic of creating the single FQDN that users need to know.

In this example, the “single URL” for users is connect.example.com. On the internal DNS infrastructure, create a CNAME for connect.example.com to point to int-connect.example.com. Then, on the NetScaler appliance, create a Responder Policy that redirects traffic with the HTTP Host header of “connect.example.com” to “int-connect.example.com”. Bind this policy to the StoreFront LB VIP on NetScaler.

So, what is the expected user behavior?

A user on the internal network types connect.example.com into their browser. Connect.example.com resolves as a CNAME for int-connect.example.com. The user will resolve int-connect.example.com. After obtaining the IP address for int-connect.example.com, the user connects to the SF LB VIP using the IP address and the HTTP host header connect.example.com. The Responder policy redirects the user to int-connect.example.com. The user’s browser follows the redirect and is able to access the StoreFront LB VIP. By using a SAN certificate with the names we need, the user will not receive a certificate warning.

 

Read More

 

How to install vSphere 6 ESXi using the Interactive Installer

An article by Graham Daly from VMware Blogs

Interactive installations are recommended for small deployments of four or less hosts. Installation using this method involves booting from the ESXi 6.0 installation media by inserting the media in to the host and following the prompts from the installation wizard to choose a destination disk in the host and begin the installation. Our video today […]]> Interactive installations are recommended for small deployments of four or less hosts. Installation using this method involves booting from the ESXi 6.0 installation media by inserting the media in to the host and following the prompts from the installation wizard to choose a destination disk in the host and begin the installation. Our video today demonstrates how to install vSphere 6 ESXi using the Interactive Installer.

The ESXi installation media can be connected to the host in a few different ways:

  • Inserting the CD/DVD in to the DVD-ROM drive in the server
  • Plugging in a bootable USB device
  • Mounting an ISO remotely

When instructed to begin, the installer reformats and partitions the target disk and installs the ESXi boot image. If you have not installed ESXi on the target disk previously, all data located on the drive is overwritten, including hardware vendor partitions, operating system partitions, and associated data.

Note: The formatting and partitioning done by the ESXi installer is permanent and overwrites existing data. To ensure that you do not lose any data, migrate any important data from the host to another machine before you install ESXi. If you are installing ESXi on a disk that contains an installation of ESXi/ESX or a VMFS datastore, you are presented with upgrade options.

For additional information, see VMware Knowledge Base article Methods for installing ESXi 6.0 (2109708).

 

Setting a Default Landing Folder for Receiver for Web

An article by Feng Huang from Citrix Blogs

Recently I implemented a customization for a customer to set a default landing folder for Receiver for Web 2.6. As this may be useful for customers who used to follow CTX119550 to customize Web Interface to get this functionality, I am making it available here.

First, follow the instruction here to configure the related Store to be a mandatory store.

Then, configure the Applications view as the default view for the Receiver for Web site as described here.

After that, append the following code snippet to custom.script.js in the contrib folder under the Receiver for Web site (typically C:\inetpub\wwwroot\Citrix\<Store-Name>Web\contrib) and change the value of landingFolderPath in the code to be the path of your desired landing folder.

$(document).ready(function () {
        var landingFolderPath = '/Microsoft/Office/2013';
        $.ctxs.ctxsMyApps.prototype._renderMyApps = function() {
            var self = this;
            self.element.html(self._generateTreeViewMarkup());
            var path = $.localization.string('MyAppFolderRootPathName') + landingFolderPath;
            self._setCurrentPath(path);
            self.element.wrap('<div id="myapps-scroller"></div>').parent().ctxsMakeScrollable();
        };
});

Your desired landing folder will be displayed after users log in to Receiver for Web.

Read More