So What's This All About

The purpose of this site

I started off my career in IT 25 years ago as a COBOL Programmer in South Africa and have progressed (or some may say regressed) to consulting on virtualization technologies. I created this site to share my experiences with virtualization and cloud computing, as well as the latest virtualization news, tips, tricks and tools from other experts in the field.

Online Training

Free XenApp 7.6 Training

This free, one-hour online course provides an introduction to Citrix XenApp 7.6. Students will explore key components required in a XenApp 7.6 implementation, the FMA-based architecture, as well as key use cases.

Click here for the course details

Keep Tabs on Me

Social media links

RSS Feed 2.0


XenApp/XenDesktop Site Design (v2015)

An article by Nick Rintalan from Citrix Blogs

A couple years ago, I wrote an article called “XenApp Farm and Zone Design,” which was based on the IMA architecture and was specific to XenApp, as the article’s name implies. This is, essentially, “Part 2″ of that article, so if you haven’t had a chance to read the first one (or you can’t remember what I was arguing in that article), then please go check out Part 1 first.

Here, I am going to talk about FMA Site Design, which applies to both XenApp & XenDesktop 7.x, which use the FMA architecture. And really I’d like to shed some light on some interesting designs we’re doing in the field when there is more than one data center. Because you actually have options, despite what you’ve probably been told. ;)

The Absence of Zones in FMA

No, the current shipping version of XenApp & XenDesktop (7.6 FP1) does not have a “zone” feature similar to what we had in IMA. And a “site” in FMA is really analogous to a farm in the IMA world. So, when there are multiple data centers in the mix, we have to implement multiple FMA sites, right? That is certainly what our documentation says (buried towards the bottom of this page in eDocs we essentially tell you to implement 1 site per data center and leverage StoreFront aggregation). And if you call Support, that is probably what they’ll tell you as well (“you have to create a separate site for each data center to be officially supported”).

But what if you have 2 data centers that are connected via dark fiber? What if those 2 data centers are in the same city, but literally across town from each other? What if the latency between your data centers is sub-5 ms? What if it is 50 ms? 100 ms? Where does the VDA-DDC and DDC-SQL communication within FMA really break down and start to cause performance degradation? Those are the questions a few of our customers have been wondering as they make the transition from IMA to FMA, so our Consulting and Product teams decided to dig a little deeper and figure it out.

As it turns out, we have quite a few customers with “well-connected” data centers within close proximity of one another and we really can get away with a single site.

Well-Connected Sites

This is the tricky part: defining just what the heck “well-connected” means. Because if you’ve got 2 data centers that are well-connected to each other, you absolutely can get away with a single FMA site (and I would argue it is fully supported if it meets the requirements I’m about to lay out). Most vendors and industry experts seem to agree that well-connected means they are connected via high-speed link and that link has very low latency. But what does “high” and “very low” mean in this context? What does “close proximity” really mean? It will vary slightly depending on who you talk to, but most folks seem to agree on the following:

  • High Speed Network Link = 1 Gbps+
  • Very Low Network Latency = sub-5 ms
  • Close Proximity = 50 miles or less

So, if you have 2 data centers connected via dark fiber and they are, say, 15 miles apart and the average network latency is 3 ms, then you can definitely treat those as one logical data center if you so choose (and implement 1 FMA site). We’ve done this a number of times already in the field and there are honestly no performance issues whatsoever. And again, I think this is a fully supported scenario and you can point to this article if someone tells you otherwise.

Where it becomes a little grayer is when you have two data centers that are connected via 10 Mbps and say 30 ms latency (or even 1 Mbps and 100 ms latency). What is the tipping point and when should you definitely implement multiple FMA sites?

Not-So-Well-Connected Sites

First off, I have to say that if you don’t meet the requirements I outlined above, then you’re not going to be officially supported by Citrix. This may change in a future version of XenApp/XenDesktop, but with 7.6, if you decide to do what I’m about to tell you, then you’re taking a risk, as you’re relegated to “best effort” support.

Now that the disclaimer is out there … we have a few customers who have the classic branch office scenario or “mini” data centers (DCs). These branches or mini DCs have data that can’t be migrated to a central office/DC, but at the same time, it’s neither a ton of data nor users, so we don’t need a ton of workers/VDAs to support the load. These scenarios are perfect for extending a single FMA site to distributed sites that are not-so-well connected to the main DC (where SQL and the Brokers live).

So, what does “not-so-well-connected” mean and where does it fall over? After running this through the lab with a WAN Emulator testing, literally, dozens of different link speeds and latency combinations (and also proving this out in the field at a few willing customers!), we found that things start to deteriorate if you exceed 50 ms latency or have less than 256 kbps bandwidth. And while I mentioned bandwidth/speed there, it really didn’t play as big a factor as we thought and we were even getting decent results with ~100 kbps! Like most applications, it’s really all about the latency.

So, what did we test exactly and what should you expect if you do this? Well, that’s a bit out of scope for this article (and maybe I can do a follow-up article with all the gory details if folks are interested), but a few things I’ll highlight:

Read More


Deployment Guide For Microsoft Lync 2013 In VDI Environment

An article by Mayank Singh from Citrix Blogs

With the release of the Feature Pack 1 for Citrix XenDesktop 7.6, we now support audio and video optimization for Microsoft Lync 2013 Client and Server deployments using the Citrix HDX RealTime Optimization Pack for Lync. This level of Lync optimization is unique in the market.

While the optimization pack is the best way to deliver Lync to end-users in most scenarios, XenApp and XenDesktop also provide additional options which should be considered as part of the project planning phase.

These options are:

  1. Using Citrix HDX RealTime Optimization Pack for Lync
  2. Using Microsoft Lync 2013 VDI Plugin
  3. Citrix Generic HDX Delivery
  4. Citrix Local App Access
  5. Lync Online and Office 365

This deployment guide discusses all options in detail, provides best practice recommendations and step-by-step installation instructions.

Read More


Citrix X1 StoreFront High Availability

An article by Trond Eirik Haavarstein from xenappblog

In my latest posts I’ve shown you how to secure and customize your CItrix X1 StoreFront solution.

Now let’s take a look at how you can remove single point of failure by configuring a multiple-server deployment. Did you know it doesn’t work as expected?

I’m deploying all my servers with my Automation Framework, let’s take a look at the Task Sequence.

Citrix X1 StoreFront High Availability 017

So the Task Sequence will install Citrix X1 StoreFront unattended and also Import and Bind the SSL Certificate because the Task Sequence variable is set to True in CustomSettings.ini. Read more about it in my post Securing Citrix X1 StoreFront with Powershell.

Citrix X1 StoreFront High Availability 018

Priority=ByVM, UUID, Default
Properties=XenAppRole, PVSTemplate, WindowsUpdate, ImportCertificate, ConfigureSite, JoinSite, vCenterCertificate
WindowsSource=%DeployRoot%Operating SystemsWindows Server 2012 R2sourcessxs


Let’s start the Citrix X1 StoreFront console for the first time on SF-02.

Citrix X1 StoreFront High Availability 003

To get High Availability you need to click on Join existing server group. This will ask for the Authorizing server and code.

Citrix X1 StoreFront High Availability 004

To get this Code you need to head over to your Primary X1 StoreFront server, in my case SF-01.

Select Server Group – Add Server. This will give you the code.

Citrix X1 StoreFront High Availability 005

Head back to your Secondary X1 StoreFront Server and type in the information above.

Citrix X1 StoreFront High Availability 006

Citrix X1 StoreFront High Availability 007

Citrix X1 StoreFront High Availability 008

Now let’s test the new site on SF-02.

Citrix X1 StoreFront High Availability 009

Citrix X1 StoreFront High Availability 010

Citrix X1 StoreFront High Availability 011

Hey, Wait a Minute Citrix! Where’s my customization that I made according to the post Citrix Netscaler Gateway and X1 StoreFront Customization?

So the built in Synchronization takes care of my Application Subscriptions, Trusted Domains and Feature App Groups, but why not Customize Website Appearance?

Citrix X1 StoreFront High Availability 012

Citrix wants us to leverage Netscaler Gateway for Load Balancing, but what help does that do if StoreFront can’t replicate my Customizations!

Well, fix it yourself. Run the following script to replicate the Customization:


copy-item \$PriSFc$inetpubwwwrootCitrix$StoreLocationcustom* \$SecSFc$inetpubwwwrootCitrix$StoreLocationCustom -Recurse
copy-item \$PriSFc$inetpubwwwrootCitrix$StoreLocationreceiverimages2xReceiverFullScreenBackground_46E559C0E6B5A27B.jpg \$SecSFc$inetpubwwwrootCitrix$StoreLocationreceiverimages2xReceiverFullScreenBackground_46E559C0E6B5A27B.jpg -Recurse

PowerShell Customization Replication

Let’s check Customize Website Appearance once more.

Citrix X1 StoreFront High Availability 016

I’ve recently found the class for the Login Page Logo and added that to my StoreWebcustomstyle.css file which at the moment look like this:

Citrix X1 StoreFront High Availability 014

/* Edit this file to customize the User Interface by overriding the existing CSS Styles. 
 * You can use browser development tools to identify the CSS classes you want to customize.

/* When using the StoreFront Authentication SDK to return custom forms, a class "customform" is added to each form.
 * The following commented CSS rule illustrates how to modify the width of form field labels for custom forms.

.customform .field {
    width: 400px;

/* The following section of the file is reserved for use by StoreFront. */
.is-hdpi .logo-container{
	background-image: url('Receiver_Logo_2x.png');
	background-size: 110px 39px;
	background-image: url('Receiver_Logo_1x.png');
	background-size: 110px 39px;
/* You may add custom styles below this line. */
	background-image: url('xenappblog_Logo.png');

Citrix X1 StoreFront High Availability 013

I tried a couple of hours to replace the background image in the Body, but it didn’t work out to good. Probably because the body is calling another CSS file. If anyone have solved this issue, please share in the comment below.

I want to specify location and e.g. Custom_BG.jpg in Style.css instead of using the ridiculous long name ReceiverFullScreenBackground_46E559C0E6B5A27B.jpg.

The post Citrix X1 StoreFront High Availability appeared first on xenappblog.


How To Double Your VSAN Performance

An article by Chuck Hollis from VMware vSphere Blog » vSphere

How To Double Your VSAN Performance

VSAN 6.0 is now generally available!

Among many significant improvements, performance has been dramatically improved for both hybrid and newer all-flash configurations.

VSAN is almost infinitely configurable: how many capacity devices, disk groups, cache devices, storage controllers, etc.  Which brings up the question: how do you get the maximum storage performance out of VSAN-based cluster?

Our teams are busy running different performance characterizations, and the results are starting to surface.  The case for performance growth by simply expanding the number of storage-contributing hosts in your cluster has already been well established — performance linearly scales as more hosts are added to the cluster.

Here, we look at the impact of using two disk groups per host vs. the traditional single disk group.  Yes, additional hardware costs more — but what do you get in return?

As you’ll see, these results present a strong case that by simply doubling the number of disk -related resources (e.g. using two storage controllers, each with a caching device and some number of capacity devices), cluster-wide storage performance can be doubled — or more.

Note: just to be clear, two storage controllers are not required to create multiple disk groups with VSAN.  A single controller can support multiple disk groups.  But for this experiment, that is what we tested.

This is a particularly useful finding, as many people unfamiliar with VSAN mistakenly assume that performance might be limited by the host or network.  Not true — at least, based on these results.

For our first result, let’s establish a baseline of what we should expect with a single disk group per host, using a hybrid (mixed flash and disks) VSAN configuration.

Here, each host is running a single VM with IOmeter.  Each VM has 8 VMDKs, and 8 worker tasks driving IO to each VMDK.  The working set is adjusted to fit mostly in available cache, as per VMware recommendations.

More details: each host is using a single S3700 400GB cache device, and 4 10K SAS disk drives. Outstanding IOs (OIOs) are set to provide a reasonable balance between throughput and latency.


On the left, you can see the results of a 100% random read test using 4KB blocks.  As the cluster size increases from 4 to 64, performance scales linearly, as you’d expect.  Latency stays at a great ~2msec, yielding an average of 60k IOPS per host.  The cluster maxes out at a very substantial ~3.7 million IOPS.

When the mix shifts to random 70% read / 30% writes (the classic OLTP mix), we still see linear scaling of IOPS performance, and a modest increase in latency from ~2.5msec to ~3msec.  VSAN is turning it a very respectable 15.5K IOPS per host.  The cluster maxes out very close to ~1m IOPS.

Again, quite impressive.  Now let’s see what happens when more storage resources are added.

For this experiment, we added an additional controller, cache and set of capacity devices to each host.  And the resulting performance is doubled — or sometimes even greater!


Note that now we are seeing 116K IOPS per host for the 100% random read case, with a maximum cluster output of a stunning ~7.4 million IOPS.

For the OLTP-like 70% read / 30% write mix, we see a similar result: 31K IOPS per host, and a cluster-wide performance of ~2.2 million IOPS.

For all-flash configurations of VSAN, we see similar results, with one important exception: all-flash configurations are far less sensitive to the working set size.  They deliver predictable performance and latency almost regardless of what you throw at them.  Cache in all-flash VSAN is used to extend the life of write-sensitive capacity devices, and not as a performance booster as is the case with hybrid VSAN configurations.

In this final test, we look at an 8 node VSAN configuration, and progressively increase the working set size to well beyond available cache resources.  Note: these configurations use a storage IO controller for the capacity devices, and a PCI-e cache device which does not require a dedicated storage controller.

On the left, we can see the working set increasing from 100GB to 600GB, using our random 70% read / 30% OLTP mix as before.

Note that IOPS and latency remain largely constant:  ~40K IOPS per node with ~2msec latency.  Pretty good, I’d say.

On the right, we add another disk group (with dedicated controllers) to each node (flash group?) and instead vary the working set size from an initial 100GB to a more breathtaking 1.2TB.  Keep in mind, these very large working set sizes are essentially worst-case stress tests, and not the sort of thing you’d see in a normal environment.


Initially, performance is as you’d expect: roughly double of the single disk group configuration (~87K IOPS per node, ~2msec latency).  But as the working set size increases (and, correspondingly, pressure on write cache), note that per-node performance declines to ~56K IOPS per node, and latency increases to ~2.4 msec.

What Does It All Mean?

VSAN was designed to be scalable depending on available hardware resources.  For even modest cluster sizes (4 or greater), VSAN delivers substantial levels of storage performance.

With these results, we can clearly see two axes to linear scalability — one as you add more hosts in your cluster, and the other as you add more disk groups in your cluster.

Still on the table (and not discussed here): things like faster caching devices, faster spinning disks, more spinning disks, larger caches, etc.

It’s also important to point out what is not a limiting factor here: compute, memory and network resources – just the IO subsystem which consists of a storage IO controller, a cache device and one or more capacity devices.

The other implication is incredibly convenient scaling of performance as you grow — by either adding more hosts with storage to your cluster, or adding another set of disk groups to your existing hosts.

What I find interesting is that we really haven’t found the upper bounds of VSAN performance yet.  Consider, for example, a host may have as many as FIVE disk groups, vs the two presented here.   The mind boggles …

I look forward to sharing more performance results in the near future!


Chuck Hollis





Reducing PIN Prompts with NetScaler Gateway and Smart Cards

An article by Nicholas Czabaranek from Citrix Blogs

Smart Cards and NetScaler Gateway are a common XenApp/XenDesktop access scenario for many of our customers – especially in the U.S. Federal space where smart card usage has been mandated for most government agencies. One of the most common requests that we get when implementing Smart Cards is to reduce the number of PIN prompts that a user receives before they can get to their Windows applications or desktops. In this article I’m going to outline what configurations result in different PIN prompts, primarily in the context of Windows-based client devices accessing the NetScaler Gateway through a web browser.

Let’s go through the different places where we expect to see a PIN prompt in a non-optimized NetScaler Gateway + Smart Card configuration:

  1. Authentication to NetScaler. We need to authenticate the user with their PIN + Certificate before we can do anything else on the system. This is accomplished by requiring a client certificate to make the initial SSL connection to NetScaler Gateway.
  2. ICA Connection to NetScaler. After a user selects a published application or desktop to launch, Citrix Receiver will connect them to the NetScaler Gateway over SSL to begin the ICA session. If the Gateway vServer asks for a client certificate, the user will receive a PIN prompt.
  3. Windows Authentication to Desktop or XenApp Server. If single sign-on hasn’t been configured, or isn’t available, the Windows machine hosting the application or desktop that we want to connect to will also ask for the user’s PIN to logon.

Some would say that’s a lot of prompts, and I would tend to agree. Most users expect that they authenticate only once with their PIN as this is what they are used to on their traditional local Windows devices.

The good news is…it can be done!

Based on the three PIN prompts above let’s talk about how each one can be handled:

  1. Authentication to NetScaler. This prompt is normally needed as it allows us to authenticate the user at the NetScaler before allowing them access to internal resources. At a minimum the user will need to select their certificate if their Smart Card is configured with multiple certs. If their PIN is cached by a middleware application from their Windows client logon (like ActivClient), then they won’t need to enter a PIN here. Otherwise we expect both a certificate selection and PIN entry here.
    1st Prompt – Removable!

    If the client device has middleware that supports and is configured for PIN caching, the user can bypass the PIN prompt for the initial NetScaler Gateway connection.

  2. ICA connection to NetScaler. This is the easiest prompt to get rid of completely, and just requires that you setup a second NetScaler Gateway vServer that only handles ICA proxy. This NetScaler Gateway will not be configured to prompt for Client Certificate Check, meaning the SSL ICA connection doesn’t need to prompt the user again. At Web Interface we would setup Secure Access to point to this vServer instead of the initial authentication NetScaler Gateway. For information on how to do this in StoreFront using Optimal Gateway Routing, check out Bill Hackley’s blog post :

    Read More


X1 Skin for NetScaler Gateaway

An article by Richard Hayton from Citrix Blogs

One comment I’ve heard repeatedly is that whilst the new X1 UI is great, the users accessing it need to access this via NetScaler Gateway. So, the question becomes, can we please re-brand that as well?

The short answer is yes – that is very much on the list of active work. However, it isn’t part of the tech preview. So, in this blog I’m going to explain a quick and dirty way of moving NetScaler into the X1 era.

What we are going to do in this blog is rebrand the NetScaler login screen with something more X1-ish. This isn’t a full reskin – but is just enough to make the UX seamless. Here is what we are going to achieve:



We are going to use a feature in NetScaler to support ‘themes.’ NetScaler currently has two built in themes called ‘Default’ and ‘Green Bubbles.’ Plus, there is support for a third ‘custom’ theme. Initially, I looked at providing a custom theme. But. it turns out this is both version specific to the ‘dot’ release of NetScaler, and is also a little too powerful. Getting a custom theme wrong can break the admin UI.

For simplicity and breadth of support, I’m going to simply replace the existing ‘Green Bubble’ theme with a new X1 styled one. That change is easier to make, and as has the advantage that one file will work with all 10.x NetScalers.

I’ve pre-created a theme for NetScaler 10 here (located here: and all you need to do is install it.

Uploading the Theme

The first step is to upload the theme onto the NetScaler box. To do this I’m using WinSCP ( ). For references I’m using NetScaler 10.5, but this should work with any 10.x variant.

Use win SCP to log in to NetScaler. Use the IP address you normally use for the admin console, and the admin credentials. (Default values are &##8216;nsroot’ and ‘nsroot’ – obviously on a production system you will have changed them!)

Navigate the local machine (left) and NetScaler (right) until you can see your local copy of the new theme on the left, and the NetScaler copy on the right. (Note these will have the same name)

Read More


X1 Customization: Going deeper with CSS

An article by Richard Hayton from Citrix Blogs

This is my third blog post in a series related to the Receiver X1 Tech Preview. We have shared some background about X1 and practical tips to deploy X1. In this post we will dive deeper on how to customize with CSS.



The key to customization in X1 is Cascading Style Sheets (CSS). This is a standard part of the HTML specification familiar to web developers. For those who are new to web programming, it can be a bit daunting, but simple changes are really easy in CSS.

We have deliberately focused on standard technologies when looking at the X1 APIs to make customization extremely easy instead of forcing everyone to learn a new tool. CSS is the first and foremost means for customization. In fact if you use the StoreFront admin console to make changes under the covers CSS is created to match those changes (see last blog).


To do much more you need to break out an editor – notepad will do, but I recommend something like Visual Studio or Visual Studio Express Web. These tools will warn you of any syntax errors and save you time in the long run.

In this blog I’ll use Visual Studio Express for Web and Chrome as my browser, as it has excellent development tools. IE and FireFox are pretty good as well, so choose your own poison.

Be sure to run your tool as administrator, or you won’t be able to write any of the files. (Later I’ll show you how you can take a copy of the web site to develop away from the server, but let’s keep it simple for now).

In Visual Studio, use ‘Open Web Site’, select local file system and then your site. For me this is C:\inetpub\wwwroot\Citrix\PurpleWeb’ (Substitute your own store name in for ‘Purple’).

If you’d prefer to stick with notepad, note that it will also has to run as admin to allow you to edit the style.css and script.js files in the PurpleWeb\custom directory. For those just cutting and pasting from the blog, this will be just fine.

Note that once the site is loaded into a tool like Visual Studio it looks a bit overwhelming. This is because it contains all of X1 and all of the classic ‘green bubble’ Receiver. You can ignore 99% of this. All we care about is the contents of the ‘custom’ directory, and specifically the style.css and script.js files.

Let’s open style.css and make some simple changes

Add the following to the bottom of the file:

#customTop {

This says. “Find the area called ‘customTop’ (strictly with id=’customTop’) and set its height to 30 pixels and its background color to red.

Reload the X1 UI and you will find it has acquired a new region.

This region is exclusively for customization. A red stripe is fine – but you probably want to put other stuff into it – custom toolbars, messages etc. We will talk more about this next blog. There are two other regions called #customScrollTop and #customBottom. Let’s define them all and take a look.

Add the following to the bottom of style.css. Save, and reload the web page




(Note the pink strip clashes with the copyright message. This will be fixed by release :-) )

The blue strip (#customScrollTop) scrolls with the rest of the page, the other two are fixed. You can make these larger or smaller, or hide/show in different circumstances. As a simple example try adding the following lines:

.myapps-view #customTop {

Back to the web site and you will see that the blue region, is no longer shown on the ‘Favorites’ page. This new statement says “If the ‘customTop’ element lives under an element marked with the ‘myapps-view’ class, then hide it”. (myapps-view is the internal name for ‘favorites’).

Read More


Deploying and Branding Receiver X1

An article by Richard Hayton from Citrix Blogs

This is my second blog post in a series related to the Tech Preview of Receiver X1. In my first, I provided background and explained the rational behind X1. This blog is more practical – a step-by-step guide to help you deploy X1. I’ll also show you how to make some simple but powerful customizations to brand X1 to your company colors.

The Tech Preview download is StoreFront 2.7. This is an iteration on 2.6. While there are features beyond X1, I’m going to focus exclusively on X1. For the tech preview, there is no upgrade support. So, please start with a clean machine, or uninstall StoreFront first. (The GA release will support upgrade from earlier releases, but not from the Tech Preview itself).


As a Demonstration,
I’m Going to Install and Use StoreFront on a Virtual Machine.

I’m using Windows 2012 R2 (see the release docs on the download page for full list of supported platforms). The machine should be domain joined, but there are no other pre-requisites.

Step-By-Step Guide

First, download and run the installer. You will need to be an admin to compete the steps I’m demonstrating.


Handle any UAC prompts. (Yes I know it says ‘Citrix Delivery Services’ not ‘Citrix StoreFront. Know that we are currently addressing this obvious bug.


Go through all of the obvious steps until you get to to this point.

Once you click ‘finish,’ the admin console will be opened. (You can open this again by running ‘StoreFront’ from the start screen).

Hint: Pin to task bar


The StoreFront UI should be familiar to previous StoreFront admins. No big changes here:

Read More


Wrapping and Uploading of Apps for Windows 8.1 Device

An article by Devdas Sagar from Citrix Blogs

This blog helps in understanding the steps to wrap apps to be used with Windows 8.1 devices. The process is same for XenMobile Server v9.0 and v10.0.

Below are the pre-requisites for wrapping apps for Windows 8.1 as on February 2015:

  1. Computer running 64 bit version of Windows 7 or 8.1 Operating system
  2. Latest MDX toolkit for Windows 8.1 downloaded from Citrix Download page
  3. Latest Worx Apps from Citrix Download page
  4. .NET Framework 4.5 or higher
  5. Microsoft Silverlight 5 runtime and SDK for Windows 8.1
  6. Microsoft Visual Studio 2013 (Update 3 or later) with Windows 8.1 SDK tools
  7. Open a Microsoft Windows Store Developer Account (Corporate account type). For more information, refer Account types, locations, and fees.
  8. Obtain a Publisher ID (PHONEPUBLISHERID) from the Windows Store developer account profile. For more information, refer Managing your profile.
  9. Acquire an enterprise certificate from Symantec to sign Windows mobile apps. For more information, refer Company app distribution for Windows Phone.
  10. Create an Application Enrollment Token (AET) using Windows Phone SDK tool. For more information, refer How to generate an application enrollment token for Windows Phone.

Download and Extract MDX Toolkit

You can download the MDX Toolkit from Citrix Download page. You need to login with your Registered ID to access the download page.

1. Download the MDX Toolkit from Citrix Download site:


2. Extract the MDX Toolkit zip file onto a local drive on your computer

Note: Make sure you have the pre-reqs in place, including the Worx Apps downloaded from Citrix Download page.

Wrapping of Apps

In order to publish the Worx Home and WorxApps, you need to wrap them. The command used to wrap WorxHome is different than that of WorxMail and WorxWeb.

Note: Signing an App and wrapping an App convey the same meaning.

Follow the below steps to wrap apps.

1. Make sure you have the Worx apps, Enterprise certificate and Application Enrollment Token (AET) downloaded and stored at a location on local drive

2. Login to Command prompt and navigate to the location where the MDX Tool kit is installed

Read More


NetScaler Policies – Simplifies Client-IP Insertion on Backend

An article by Abhilash Verma from Citrix Blogs

As the CDN networks and Secure Web Gateways grow in terms of practical usage, it becomes even more challenging to preserve the Client-IP throughout the path to the last leg. We get this question often. We addressed it directly in this 2012 blog post: ( What we did not cover was the actual implementation of this concept as how one can read the IP address from incoming TCP Options and insert it into the HTTP header going to backend server/app.


Using TCP Options To Insert Original Client-IP And Also Preserve It Through The Stream Has Become a Common Use Case

In most cases while NetScaler is deployed as reverse proxy, we sit close to the Server side on the network and hence we become the last proxy request passes through. At backend, it is required to get original Client-IP from logging, compliance and application perspective. Hence NetScaler becomes the logical place where you retrieve the IP from TCP options and insert it into the HTTP header going to the backend server/app. Here is an example of Rewrite policy/action which achieves the same for you.

Read More