So What's This All About

The purpose of this site

I started off my career in IT 25 years ago as a COBOL Programmer in South Africa and have progressed (or some may say regressed) to consulting on virtualization technologies. I created this site to share my experiences with virtualization and cloud computing, as well as the latest virtualization news, tips, tricks and tools from other experts in the field.



Online Training

Free XenApp 7.6 Training

This free, one-hour online course provides an introduction to Citrix XenApp 7.6. Students will explore key components required in a XenApp 7.6 implementation, the FMA-based architecture, as well as key use cases.

Click here for the course details



Keep Tabs on Me

Social media links

RSS Feed 2.0

 
Articles

Two factor authentication with specific customized NetScaler Gateway logon pages.

An article by Steven Wright from Citrix Blogs

Those who know me are aware that I’ve got a keen interest in two-factor authentication.  So, I was very interested when my colleague, Chris Jeffrey, called attention to the fact that two-factor doesn’t work with multiple NetScaler Gateway logon points when using specific customized logon pages.

Specific customized logon pages allow you to display a different logon page for each NetScaler Gateway vServer.  This could be a real advantage in a cloud-hosting environment where multiple customers connect via the same VPX and each logon point needs to include unique company branding elements.

But, a significant problem occurred because users don’t see a second password prompt on any customized logon point beyond the first. The password prompt used for PIN or token simply doesn’t appear despite CTX123736 having been followed perfectly even with the most minimal of customizations and it’s not at all clear why. I like a puzzle and decided to investigate.

Read on to learn the cause and the solution.

Read More



 

Installing XenApp or XenDesktop 7.x, Does It Matter Which One You Select?

An article by Carl Webster from Carl Webster

I am writing some “How To” articles for a customer. I am trying to figure out exactly what happens when XenApp and XenDesktop 7.6 are installed.  There are two options for the install:

Figure 1

Figure 1

From my testing I see no difference in what gets installed regardless of which option is selected.

I was supplied with current licenses for XenApp 6.5 and XenDesktop with Subscription Advantage dates of 11/11/14 for my testing.

I created two Virtual Machines (VM) using Server 2012 R2. In one I installed the XenApp option and in the other, I installed the XenDesktop option.

Using the built-in 30-day evaluation license, there was no difference in functionality between the two installs.

I installed the XenApp 6.5 license file into my XenApp VM and changed the Product Edition to XenApp Platinum, Concurrent User.

Figure 2

Figure 2

I then went to create a Machine Catalog in my XenApp VM to see if I had the option to create a Desktop OS catalog. And yes, I did have that option.  Only Remote PC was greyed out.

Figure 3

Figure 3

When I tried to create a Delivery Group, there was a message that Desktops are not available for this license edition.

Figure 4

Figure 4

Note: The applications option is for VM Hosted Apps.

I then removed my XenApp license file, returned and reallocated my XenDesktop license to my XenApp server and changed the product edition from XenApp Platinum to XenDesktop Platinum.

Figure 5

Figure 5

And I could now create a Delivery Group for Desktop OS.

Figure 6

Figure 6

It makes no difference which option you select when you install XenApp or XenDesktop 7.x. All functionality is controlled by the license file and product edition.

I did not uninstall, reinstall or change anything in the installation.  All I had to do was install a new license file and change the product edition to gain new functionality.

Thanks

Webster

 

 

You just finished reading Installing XenApp or XenDesktop 7.x, Does It Matter Which One You Select? by Carl Webster. Please consider leaving a comment!

 

XenApp 6.5 to 7.6 Migration: Selectively Importing Applications

An article by Evin Safdia from Citrix Blogs

The XenApp 6.5 to XenApp 7.6 Migration Tool consists of a series of easy to use PowerShell Scripts

These export Farm and Policy data from XenApp 6.5 to XML files. These XML files are then imported via script into an existing XenDesktop 7.6 site. The scripts are available from the XenApp 7.6 product download page, you will have to login with an appropriate Login ID in order to access the Product Software page: http://www.citrix.com/downloads/xenapp.html

Using the scripts is straightforward and Citrix eDocs provides detailed instructions:  http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-xamigrate.html  

Once you have the exported the XML files you can do selective imports by adding the –MatchFolder  or –NotMatchFolder modifiers. For example, your XenApp 6.5 farm has an application folder named EMEA that contains the following folders: Sales, IT Support and Accounting. You can use the following command to import the applications from the Sales and Accounting folders, but skipping the IT Support folder:

Import-XAFarm –XmlInputFile myFarmFile.xml
 –MatchFolder "Applications/EMEA" –NotMatchFolder "Applications/EMEA/IT Support"

Additionally, you could instead specify just the Sales and Accounting folders for import, skipping all others with the following command:

Import-XAFarm –XmlInputFile myFarmFile.xml
 –MatchFolder "Applications/EMEA/(Sales|Accounting)"

Read More



 

Should I upgrade from XenApp 7.5 to XenApp 7.6?

An article by Daniel Feller from Citrix Blogs

Questions

After delivering the XenApp 7.6 Upgrade webinar

I received a few questions asking if it is a good idea to upgrade from XenApp 7.5 to XenApp 7.6.

My first reaction is, “Of course you should. Why wouldn’t you?”

 

But I’m a little biased J

You need to ask yourself if the new features within XenApp 7.6 are important enough to upgrade. Look at the following subset of features and determine if they are something that would be valuable for your users and admin:

  1. Unauthenticated Logons: This feature allows a user to access an application without being required to authenticate. This feature is mostly used in healthcare. If you need this, you must go to XenApp 7.6 feature
  2. Connection Leasing: You ever watch Star Trek and you hear the engineers talk about having secondary backups? A secondary backup won’t let your starship reach Warp 9, but it will keep your ship from exploding. That is essentially what connection leasing does for your XenApp site. Your first layer of backup is configuring your database to be highly available (mirroring, clustering or AlwaysOn). If that fails, you want to have a secondary backup, which is connection leasing. Another XenApp 7.6-only feature

Read More



 

Citrix Director 7.6 Deep-Dive Part 6: Better performance, easier workflows

An article by Bharathi Issac from Citrix Blogs

We have improved Director in many ways, not only with added features but also continuing to improve performance and capabilities.  We have improved the performance of the user search, in addition to adding the ability to search for machines and endpoints.  Easing workflow, from Filters view to the various Details views, drill down capability in the Trends tables provide details around each of the Trend reports, helps the administrator to reduce the time to resolution, ultimately improving customer satisfaction.

Search Users, Endpoints and Machines

Expanded search capabilities

Using the new improved search, you can not only search for users connected to your site but also search for machines and endpoints. The machines include the desktops and workers being used by the users and the endpoints include client devices. Searching using the endpoints is especially useful in case of anonymous (unauthenticated) users. Additionally, the UI has been updated and provides a better user experience.

Improved Search

 

Imagine this, a Help Desk Admin receives a call from a nurse (end user) at the hospital. In the health care industry, thin clients are predominately used.  Many times the end user who is having the problem doesn’t know the username of the session, as they are not required to login because the session is “unauthenticated”.  Instead, the user can use the client endpoint name that the end user is accessing (physical device).  A lot of times, the endpoint name has been documented using a sticker stuck to the thin client or on the screen. When the nurse reports a problem, they can now give the client endpoint name shown on the sticker and the Help Desk Admin is able to search for that name and returned the client session details view to begin troubleshooting and quickly resolve the issue.

Machine search is a handy way to search for a specific machine name and troubleshoot issues related to specific machines.  For example, XenApp users are complaining about slowness of their hosted application.  Let’s say that the hosted application is published on the server “XAWorkerA”.  The admin can now select the machine for the search and enter “XAWorkerA”.  They will be returned the Machine Details view and are able to troubleshoot that machine.

Grouping Machines and Endpoints

Director queries the broker when asked to search for machines or endpoints. In a large environment the search response may be slow as it enumerates all of the machines/endpoints. In order to improve performance, we have provided the ability to “group” machines/endpoints. This is accomplished via the Director Config Tool, which restricts the search within a defined group. How do you group machines? All you have to do is run the Director Config Tool, select /createsitegroups, provide the IP and a name and your done!  Once the configuration is complete, the “Select a group” option will be available as shown below.

Read More



 

Citrix Director 7.6 Deep-Dive Part 5: Monitoring & Troubleshooting Anonymous User Sessions

An article by Vindhya Gajanan from Citrix Blogs

Anonymous (unauthenticated) user session support

A new feature of XenDesktop 7.6.

Instead of requiring users to log into Citrix Receiver with Active Directory user credentials, a combination of network security and authentication within the application itself is relied upon.

Anonymous Session Support -refers to running sessions as a set of pooled, local user accounts.

1.  This feature is popular in XenApp in the healthcare industry, since their applications typically have server back-ends with their own logons, separate from users’ AD accounts. Thus, the Windows account running the client application is irrelevant.

2,  Anonymous Session support consists of a pool of local user accounts that are managed by XenDesktop and typically named AnonXYZ, where XYZ is a unique 3-digit value.

More information on Anonymous Session Support feature is available here.

With anonymous sessions, the end user will not know the actual username.}

Each anonymous session is assigned a random name such as ANON001, ANON002, etc.,

1,  Citrix Director helps administrators to view details of each session of XenApp via User Search.  But here is the catch, how to view details of anonymous user session as they do not use Active Directory credentials for the session and the end user has no way to know what the username is?

2,  The Helpdesk Admin needs a way to be able to search for the user’s specific anonymous session, return the Help Desk view and User Details views in order to follow their standard troubleshooting processes.

 

EndPoint Search

The new functionality introduced for Citrix Director 7.6

It can be leveraged to view details of anonymous user sessions. Typically, the end user will know the name of their endpoint as many times there is a sticker attached to the screen or device with the device (endpoint) name.  When the end user calls into the help desk, they can now tell the Help Desk admin the endpoint name so the Help Desk administrator can start the troubleshooting process using Director.

1,  Sessions running on a particular endpoint device can be viewed through Endpoint Search functionality.

2,  Administrators can search for the client device and a list of all the sessions launched by that particular client are provided (as shown in the below screenshot), from which the administrator can choose the required session to view details of that session.

3,  Searching for an endpoint can be expensive across a large number of sites.

In order to improve performance, we have provided the ability to “group” endpoints. This is accomplished via the Director Config Tool, which restricts the search within a defined group. How do you group endpoints? All you have to do is run the Director Config Tool, select /createsitegroups, provide the IP and a name and your done!  Once the configuration is complete, the “Select a group” option will be available as part of the search view.

 

Note: Endpoint Search results include all clients from which a session is launched irrespective of whether the session is an anonymous user session or not.

If Director is monitoring multiple sites, the landing page after login will have search option for endpoint.

 

 

Within another view of Director, administrators can search for endpoint sessions using the new Search button on the ribbon bar of Director:

 

Read More



 

Citrix Director 7.6 Deep-Dive Part 4: Troubleshooting Machines

An article by Syed Pasha from Citrix Blogs

Overview

XenDesktop 7.6 now includes machine details in Citrix Director. These details enable IT administrators to get more insight about the machines in use. The machine details page consists of machine utilization, infrastructure details, number of sessions, and hotfix details. With this new addition, the administrators can view machine-level details on the Director console itself.

As shown in the screenshot below, after logging into Director, you can now search for a machine directly by selecting “Machine” in the dropdown list on the left and then entering the name of the machine in the “Search for machine” field on the right.

Machine Search

 

 

 

 

 

 

 

 

The Director administrator can now configure Site groups as an additional search filter to narrow down results to these specific groups. Create the groups in the Director server by running the configuration tool with the following command prompt:

C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /createsitegroups

Then provide a Site group name and an IP address of the Site’s Delivery Controller to create the Delivery Group, as shown in the following screenshot:

 

Create SiteGroup

 

 

 

 

 

 

 

 

 

 

 

 

After the Site groups are created, the administrator can select a group from the newly added “Select a group” field:

Select a SiteGroup

 

 

 

 

 

 

 

 

 

 

 

 

 

All machines that match the search string entered appear in the “Search for machine” dropdown. Then the administrator can select the appropriate machine to navigate to machine details page.

Search For Machine in Sitegroup

 

 

 

 

 

 

 

 

 

 

The machine details page has five sections:

  1. Machine Details
  2. Machine Utilization – CPU and memory usage
  3. Sessions – The total number of connected and disconnected sessions
  4. Infrastructure Panel – Hypervisor and Delivery Controller sections
  5. Hotfixes

 

Machine Details

The panel consists of the following fields:

  1. Machine name: The domain\machine name of the machine selected.
  2. Display name: The display name of the machine as configured while creating and publishing the Delivery Group.
  3. Delivery Group: The Delivery Group that contains the machine selected.
  4. Machine Catalog: The catalog that contains the machine selected.
  5. Remote PC access: Indicates whether the selected machine is configured for Remote PC Access.
  6. Site name: The Site name with which the machine is associated.
  7. Registration state: Indicates whether the machine is registered with the Delivery Controller.
  8. OS type: Indicates the operating system running on the machine.
  9. Allocation type: Indicates whether the allocation is static or random.
  10. Machine IP: Gives the IP address of the machine (Ipv4/Ipv6).
  11. Organizational unit: Gives the organizational unit with which the machine is associated in Active Directory.
  12. VDA version: Gives the version of the XenDesktop VDA installed on the machine.
  13. Host: Indicates the name of the hypervisor host as configured on Studio.
  14. Server: Indicates the name of the hypervisor as seen on the hypervisor console, such as XenCenter/VSphere/SCVMM console.
  15. VM name: Indicates the name of the virtual machine as seen on the hypervisor console.
  16. vCPU: Indicates the number of vCPUs allocated on the hypervisor for the machine.
  17. Memory: Indicates the memory allocated on the hypervisor for the machine.
  18. Hard disk: Indicates the hard disk allotted to the machine on the hypervisor.
  19. Avg. disc sec/transfer: The average time in seconds per every disk transfer as seen on the performance monitor tool on the machine.
  20. Current disk queue length: The disk queue length as seen on the performance monitor tool on the machine.
  21. Load evaluator index: This field, which is only present for server OS machines, gives a measure of the load on the server machine distributed across CPU, memory, disk and session count.

Read More



 

Citrix Director 7.6 Deep-Dive Part 3: Determining installed hotfixes

An article by Guihua Yang from Citrix Blogs

Overview

XenApp 6.5 administrators used the Access Management Console to provide information about the patch level of the product on a per server basis. Customers need a way to understand how to maintain and troubleshoot their FMA environments. Because of the quantity, variety, and life cycle of VDAs in the FMA, XenDesktop needs a central and scalable patch inventory system for sites.

Existing enterprise customers address quality issues in their environments by installing hotfixes. They need the ability to inventory XenDesktop product versions and patches for support, troubleshooting, and compliance. This inventory needs to be available for any controllers and VDAs on the site and should not depend upon VDAs being online.

Details of hotfix installed on any user session

When a VDA user has an issue, and if the administrator wants to see if the issue might be because of a missing hotfix on the VDA, there is no easy way to find that out, prior to XD 7.6. But with XD 7.6, Director provides the administrator with a view of the current Citrix hotfixes that are installed on a specific machine (physical or VM) VDA, so that he/she can manually determine if this machine has the correct hotfixes installed.

In Director 7.6, the User Details view now has an extra hotfix section displaying all the hotfixes installed on the machine for that user on machine details panel.

Details of Hotfixes Installed on Any Machine

When a machine has an issue or fails, and if the administrator wants to see if the issue might be because of a missing hotfix on the machine, similarly, it was difficult to find that out prior to XenDesktop/XenApp 7.6. But with XD 7.6, the administrator can see what hotfixes are installed on a particular machine to ensure all the required hotfixes are installed on the machine. Also detailed information about the hotfix such as version, KB article is displayed.

In Director 7.6, when administrator searches for a particular machine and lands on Machine Details view, there is a hotfix panel which provides details about hotfixes installed. Details displayed include component, component version, hotfix name, hotfix file name, link to Knowledge Center article and effective date.

Machine details page:

Hotfixes panel:

Director 7.6 solves the simple question of “what hotfixes are installed on my machine”.

Sample Code

Read More


 

Citrix Director 7.6 Deep-Dive Part 2: Support for XenApp 6.5

An article by Kiran Kumar from Citrix Blogs

Citrix has brought back IMA Support  to allow users to troubleshoot XenApp 6.5 (IMA) sessions with enhanced features in Director 7.6. In addition to providing a short list of the available features of Director 7.6 with IMA architecture, I’ve created this post to detail and outline each feature.

Features:

  • Activity Manager for XenApp 6.5
  • Delegated Admin support
  • Shadow Session
  • Machine Details Panel
  • Session Details Panel
  • Personalization Panel
  • HDX panel

Global User Session Search across XenDesktop Sites and XenApp farms:

Director 7.6 now helps administrators search user sessions across XenDesktop sites and XenApp farms. This feature allows admins to get all the sessions for users in one search session.  We’ve also made it convenient to switch between the sessions quickly.

Note:  Director 7.6 supports three types of search: user, machine and endpoint search. XenApp sessions are supports only “user” search.

 

[Director Session Chooser showing sessions across XD/XA Sites and XA (IMA) Farms]

 

Activity Manager:

Director 7.6 will now display different applications and list the processes running on a XenApp server for a user session imitating the Windows task manager. As an administrator, you can close an application or kill the process remotely. One of the primary use cases to help diagnose slow applications is when a user calls the helpdesk complaining that session interactions are slow.  Now administrators can drill down to a process that is consuming high resource and kill it freeing up much needed resources.

 

[Director Activity Manager: Application and Process View]

 

Delegated Admin Support:

Director 7.6 supports XenApp delegated administrators in addition to the full administrator role. Full Admin, View Only Admin and Custom Admin are the types of administrators supported with the Delegated Admin Support feature. Permissions for each admin type can be configured (see the product documentation).

Director 7.6 now enables admins to shadow user sessions. This feature helps administrators quickly diagnose issues and get a direct look into  user sessions.  Admins have also been provided with access to applicable controls. To activate this feature, Microsoft Remote Assistance should be enabled in XA Server. Here is the link that will help you install and enable Remote Assistance on Windows Server 2008 R2.

 

[Director Shadow Session: Picture illustrates the ease of having a peek to user session]

 

Director Pages that are shown for XenApp

Activity Manager View:

This view gives the basic insight into the applications and process running on the user session. It contains the “terminate” and “shadow” buttons, helping the admin perform basic control operations.

 

User Details View:

The User Details view gives a bird’s eye view of the user session. This view displays complete information about the user session such as session machine details, the farm name, and the machine OU. It also helps find the client machine name and IP from which the session was launched, the session state and the total time for the session on current state.

 

 

Read More



 

Citrix Director 7.6 Deep Dive Part 1: License Monitoring

With Director 7.6, we really wanted to make sure users know when they are about to be impacted by a license issue. To address this, license alerts from the license server are now made available in the Dashboard view in Director 7.6. This new capability provides greater visibility into the licensing state of XenApp/XenDesktop so administrators are aware of impending current licensing conditions, which may affect the functionality of the product. Licensing errors in an environment can cause major outages or degraded service for customers and in previous versions of XenApp/XenDesktop, it is difficult to identify when license problems affect your site or are about to impact user connections.

Supplemental Grace

In previous versions of XenApp and XenDesktop, if the right licenses are not installed users will get session rejections via the license policy engine. To address this limitation, we introduced a new concept called Supplemental Grace Period (SGP). During the Supplemental Grace Period, the license policy engine will grant unlimited connections, providing a window of time to address the issue. SGP will be granted for overconsumption of licenses, adding 15 days to allow for fixing the issue. After the expiration of SGP, regular license limits are enforced.

Director Dashboard view

This feature is made available with two panels on Dashboard view under a new tab called Licensing Status. The Licensing Status tab will indicate the conditions detected by the licensing system (license server and controller). The number shown in the Licensing tab indicates the total number of alerts/alarms detected by the licensing server and each controller.

License Server Alerts panel – This displays status updates that are generated directly from the licensing server. Alerts/alarms are activated when triggered by the server. Alert messages include: Incomplete configuration, compatibility with the Delivery Controller, and activation of SGP. In addition, administrators are provided with recommended actions to resolve License Server issues.

License Server Panel

 

2. Delivery Controller Status panel –Displays license server connection status for each controller Delivery Controllers that belong to the same site and their license server connection status are displayed. Delivery Controllers which cannot connect to the license server will trigger an alarm. The administrator can further view the licensing information for each delivery controller in overview and details tabs.

Delivery Controllers Panel

 

a) Overview field: Contains licensing server state details, the SGP state and the time remaining before grace period expiration. An alarm is activated when the grace period expires, as the Delivery Controller can no longer checkout licenses to launch sessions from license server.

Overview

b) Details field: Indicates the additional details of the licensing status with the Delivery Controller. It details the grace state for the licensing server and also the last licensing event time stamp is shown. The licensing server’s fully qualified domain name, port used, product edition of the license applied, product identification, and the licensing model used are captured under details panel.

Read More