Author Archives: msandbu

Netscaler masterclass presentation Oktober 2014

Today I presented on the Netscaler masterclass on the subject,  System Center and Netscaler and here is my presentation –>

My talk consisted about using the different integrations between System Center and Netscaler, primarly on

* Virtual Machine Manager and Netscaler (Using the load balancer extention to deploy load balancing rules for service templates)
* Operations Manager and Netscaler (How to setup monitoring for Netscaler and use it together with Distributed Applications)
* Orchestrator and Netscaler (How to setup automation tasks against Netsacler using the NITRO SDK)

And as promised in the presentation here is my scripts that I use for the different tasks.


Add-Server activity (Note that this requires that the SDK is added to C:\SDK folder and that the different DLL files are added to the global assembly cache.

Set-location «c:\sdk»
[System.Reflection.Assembly]::Load(«System.EnterpriseServices, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a»)
$publish = New-Object System.EnterpriseServices.Internal.Publish

(ADD THE DLL files to the global assembly for Orcehstrator to use for reference)



$path1 = Resolve-Path «C:\sdk\lib\Newtonsoft.Json.dll»
$path = Resolve-Path «C:\sdk\lib\nitro.dll»

$user = «»
$pass = «»
$nsip = «»


$nitrosession = new-object com.citrix.netscaler.nitro.service.nitro_service($nsip,”http”)
$session = $nitrosession.login($user,$pass)

$server1 = New-Object com.citrix.netscaler.nitro.resource.config.basic.server
$ = «»
$server1.ipaddress = «»


$service1 = New-Object com.citrix.netscaler.nitro.resource.config.basic.service
$ = «»
$service1.servicetype = «»
$service1.monitor_name_svc = «»
$service1.port= «»
$service1.servername= «»

Create Load balanced Service

$nitrosession = new-object com.citrix.netscaler.nitro.service.nitro_service($nsip,”http”)
$session = $nitrosession.login($user,$pass)

$lbvserver1 = New-Object

$lb_to_service = New-object
$ = «»
$lb_to_service.servicename = «»

MVP another year for Enterprise Client Management

I received an email today, saying that I am MVP for another year. I am honored since this represents many of the elite it-pros all around the world

Also on the same day, Microsoft released vNext previews of Windows Server and System Center also Windows 10. Alot of documentation has been released, but remember its a preview (alpha or beta stage)

But it can be downloaded from MSDN for those who have access there, I will add another blogpost when I have more information about the different releases.

Using Netscaler Application firewall to protect against ShellShock

With the recent announcement of the ShellShock vulnerability many vendors have done a great job with coming with patching / fixes to close the vulnerability. Citrix has released an knowledge article which shows what Citrix products are affected here –>

But! Citrix has also released an update to AppFirewall signature to include fixes to services which are exposed via Netscaler. For instance if we have an load balanced service which is load balanced via Netscaler, and the services running in the back are affected or vulnerable we can use AppFirewall to protect them from the attack.

First we need to update the signature files (Citrix released an update yesterday) (Update version)

Then we can see that the new signature files include fixes for shellshock.


The actions are by default set to block. So when creating an appfirewall policy we can bind this to an particular vServer or URL.


Important to set signature action to block



But note that these rules only apply to services that are exposed via the Netscaler, and not the netscaler itself. Refer to the document which is posted above.

System Center Configuration Manager 2012 R2 CU3

Today Microsoft released CU3 version of ConfigMgr 2013 R2, and there are some minor bugfixes but there is also one important new change here!

That is the ability to define allowed Management Points for a client to communicate with,

This cumulative update introduces a new registry key on clients that will restrict which management point (MP) a client can communicate with. This can be useful in environments with multiple MP’s in different forests, and the clients are only able to communicate with a subset of them. Setting the registry value to only those MP’s reachable by the client can improve overall efficiency. The new registry value is AllowedMPs, a REG_MULTI_SZ (multi-string) type under HKEY_LOCAL_MACHINE\Software\Microsoft\CCM

Each entry is the Fully Qualified Domain Name of the management point(s) with which the client is allowed to communicate. This value does not affect the selection of any other site systems such as distribution points, software update points, etc.; it only affects the primary site MP selection. Note: Once defined, there is no “fallback” or other method for clients to communicate with other MP’s. It is not intended for mobile clients.”

From the KB

New book project, Azure IaaS free ebook

This is something that I have been thinking about for some time, since I have written two books for publisher in the last year. Now and I saw that when writing the books that much of the stuff I wrote about became outdated pretty fast after the books were released.

So therefore I came up with an idea, what if I wrote it as an ebook and was responsible for the distribution myself ? This would make it alot easier to keep it up to date since I didn’t need to have a publisher to keep “control” over the source, and since it is only in ebook form I can easily update the content to keep it “up-to-date”

So therefore I present my current ebook project,

Azure – IaaS Getting started

this book will cover the basics about the most, but will deep dive into the IaaS features of Azure. I am about 20% in the writing process so it is not ready for release yet, since I’m only one guy.

If you are above average skilled in Azure and want to contribute to the writing process, please get in contact with me on my whole goal with this book is to make it easier to get the “whole” picture of Azure and having up to date content.

So stay tuned for the release!

Pricing difference between vCloud Air and Microsoft Azure

Now lately I’ve seen alot of blogpost talking about how cheaper one of them is compared to the other. Now most of the time I don’t read them as much, but this time I’ve decied to write a post about it to do a comparison.

Note I am not being prejudice even if I have a MVP logo, I’m trying to get a clear picture of what the pricing actually is. If anyone has any feedback to this post I would really appriciate getting feedback in the comment field below.

For the comparison I’m going to show difference between Virtual Private Cloud offering from Vmware and Virtual Machines from Microsoft Azure.

First of Virtual Private Cloud offering from Vmware is more of a cloud container you gain access to a set of resources and you define yourself what you want to do with those resources, while Microsoft Azure is based upon virtual machines, you have a predefined size based upon the template.

So let us define for this example that we have 5 virtual machines with 2 GHZ each and 4 GM RAM. (Note there are no sizes in Azure that are the equal size so I’m going with Medium based instances which have about 3,5 GB RAM and 2x 1,6 GHZ) and I’m only comparing with the information that I can find on the vendors websites.


First of Virtual Private Cloud from VMware has an 99.9% SLA for virtual machines
Microsoft Azure has 99,9% SLA for single virtual machines and 99,95% for multiple role instances. (NOTE: f you deploy a single VM instance within an availability set, you will receive no advanced warning or notification of platform maintenance)

Other features:

The base configuration from Virtual Private Cloud from Vmware contains

10 GHz
2 TB of Standard Storage

10 Mbps of Bandwidth (this is official bandwidth for connections out of the data center)

2 Public IP Addresses + support

This is for the price of €727 a month. So for this I can configure 5 virtual machines with 2 GHZ and 4 GB of RAM each and with ~400 GB of disks each.

From Azure I can configure 5x Medium virtual machine instances (Linux based since I don’t want a licensing discussion here)

This will cost about €332.44 a month, and for 2 TB of storage for page blobs is about €74.47 a month. (Locally redundant) + Support which is €223.41 a month (Note that since the support is so different from the vendors, I will choose to exclude it from the price comparison) Public Ip addresses are given from a cloud service and can be one or more adresses. I also need to add storage transactions since all IO to the Blob storage is considered a transaction. So 200 million storage transactions each month equals to €7,45 a month

I also need to define bandwidth usage, for Azure I can define the bandwidth usage to for instance 100GB which costs about €8.49 a month(Note that this bandwidth cost is for US + Europe egress) (Vmware does not charge for data transfer). This sums up to €422,5 euro a month.

Performance: Principled Technologies did a test on virtual machine instaces on both Azure and Vmware and they concluded that the CPU performance is about 2x the performance in vCloud compared to Azure (Note that this is pr vCPU)

Which means that if we have 10 GHZ in vCloud (We would need atleast 20 GHZ in Azure to have the similiar performance CPU-wise)

vCloud Air Azure
10 GHz
2 TB of Standard Storage

10 Mbps of Bandwidth
2 Public IP Addresses

5x Medium Instances =
2 x 1.6GHz CPU * 5 = 16 GHZ
2x 3,5 GB RAM * 5 = 17,5 GB
2 TB Page blobs
200 Million storage transactions
100 GB Bandwidth usage
Cloud services public adresses
€644 each month €422,85 each month

Note that this price for Azure is if we use the virtual machines 24/7, we use all 2 TB of storage, we use all the 100 GB bandwidth. If we do not use this much the cost each month will be lower. NOTE: All medium instances have 200mbps bandwidth)

Now, both of them have other options for prepaid 12 months options since this is a cheaper option I going to add them to the option in the table.

Prepaid 12 Month Vmware Prepaid 12 Month Azure
€8,203 (Where €8724 is normal) cost €3805 (€5074 is the normal cost)

Its clear to see that Azure is cheaper over the long run, since it has a really good discount when buying for certain amounts prepaid.

But it does not perform as well as Vmware. If we were to compare performance/cost we would have another calculation. Since as I mentioned we would need atleast twice the amount of CPU power to be able to have the same amount of performance and in this case I would need to add another virtual machine instance.

vCloud Air Azure
10 GHz
2 TB of Standard Storage
6x Medium Instances =
~20 GHZ
€644 each month €489.33 each month

This takes the CPU/memory calculation in the mix but it does not say anything about storage performance. Note that Azure Datadisks for medium instances have max 500 IOPS. (While a storage account can have up to 20.000 IOPS) and the maximum size of a blog disk is 1 TB. And Medium instance can have up to 4 Datadisks and therefore a max amount of 2000 IOPS.

Now as I see it, we can’t compare these two solutions equally. So it is not an apple vs apple comparison. vCloud has the flexibility that you “purchase” a bunch of resources and you can form and mold them as you want. It has better performance since it is mostly a IaaS platform, while on the other hand you have Azure which has different forms and shapes that you can purchase depending on what the customers needs.

Also important to note that vCloud Air (Is as I have read about) that it is priced upon recourses you buy, not what you use so If you have bought 10GHZ and only use 50% you still need to pay the same amount, while Azure is based upon what you use.

Also the options around the ecosystem is also completely different. So I appriciate any feedback here! If I have done a wrong calculation or if statements are wrong.

Dell vWorkspace EOP–Configuration

For those who do not know what vWorkspace is, take a look at my previous blogpost regarding vWorkspace –>

EOP (Enhanced Optimized Protocol) is an enhancement to the RDP protocol which Dell (or Quest) have developed which is a part of vWorkspace. Now Microsoft has made alot of improvements to the RDP procotol in 2012 and 2012 R2, but it is nowhere near Citrix in how it performs over WAN and the ability to deliver high-graphic content. EOP contains mulitple enhancements to the procotol to even the difference, like:

EOP Xtream. Accelerates RDP and EOP traffic on wide area networks (WANs). This provides for an improved user experience by providing faster RDP screen responses and improved performance of all EOP features.

EOP Print. A single-driver printing solution that satisfies both client-side and network printing needs in a vWorkspace environment.

EOP Audio. Enables support for applications that require the use of a microphone, such as dictation, collaboration, and certain Voice Over Internet Protocol (VOIP) applications such as Office Communicator and Lync.

EOP Multimedia Acceleration. Enables the redirection of Flash content and Microsoft DirectShow content (anything that can be played in Microsoft Windows Media Player) from the VDI or Windows RDSH Session through an RDP Virtual Channel to the client access device. There it is played using the local compression/decompression technology (CODEC).

EOP Flash Acceleration. Allows playing of Flash content.

EOP Graphics Acceleration. Reduces bandwidth consumption and dramatically improves the user experience, making RDP usable over WAN connections.

EOP Universal USB. EOP Universal USB enables the use of virtually any USB connected device, such as PDAs, local printers, scanners, cameras, and headsets to be used in conjunction with VDI.

EOP MultiMon. Enables support for multiple monitors, which is monitor aware.

Where do I configure EOP ? Firstly under Connection policies, choose create new


Then during the wizard, define which EOP enhancements you want to enable to the end user


Remember to assign it to a user as well.


You also need to enable Graphics acceleration on the particular desktop as well.
In my case I have a RemoteFX enabled VDI machine. So right click and choose Properties.


And under EOP Graphics choose enable –>


How can I verify that it is working ?
For instance Flash Redirection, when starting a Flash video on the remote session the flash redircetion engine should fire up a local flash instance and show the video from your device instead of being rendered on the host.


From Netbalancer I can see that PNFMMRHost.exe starts when I start a flash video, this process is part of the Quest Flash Redirection engine.

Text echo (Now this is inded a very good feature to have in a RDP session with high latency) since it displays in real time what the user is typing, even thou it might not appear in the desktop right away.


So with testing Graphic accleration I did a basic test, opened a remote session and from within the session I opened Internet Explorer and opened URL after the page was fininshed loading I logged out of the session.

With Graphic Accleration enabled




So this was just few of the enhanced features that EOP brings, more to come. Note that next week the Beta 8.5 will be released.

Using Netscaler with UPN and Storefront

Had a case earlier today where a customer wanted to configure Netscaler to authenticate with UPN instead of SamAccountName. And using UPN instead of SamAccountName makes sense in many cases, since it easier for users to remember their email-address instead of their username.  So in this scenario my samAccoutName is msandbu and my UPN is

Now by default Netscaler is setup with samAccoutName under server logon name attribute. This defines what kind of account name you are allowed to logon with using Netscaler.

If you try to logon with UPN when SamAccountName is defined you will get this kind of error message on the StoreFront Server.


So Storefront strips the domain info sent from the Netscaler and tries to validate the credentials to Active Directory.

So how to fix this ?

You have to define the SSO name attribute in the LDAP credential, to samAccountName.


Then the Netscaler firstly validates the UPN, get the SamAccountName of the user and then forwards that to Storefront and logs in.

Important to remember that Storefront always tried to revalidate the info from Netscaler


Dell Generation 13 servers released

Yesterday, Dell annouced the launch of their next generation PowerEdge servers. This new generation contains a bunch of new servers. The new models can be seen here –>

Now one of the most important new models is the PowerEdge R730xd server, now one of the nifty features here is that it supports the new 1,8” SSD drives.

So this makes alot of different combinations.

  • 18 x 1.8” SSD + 8 x 3.5″ HDD + 2 x 2.5 (rear) – (17TB via 960GB) hot-plug SATA SSD + (48TB via 6TB) NL SAS HDD + (3.5TB via 1.8TB) SAS HDD
  • 24 x 2.5” HDD or SSD + 2 x 2.5” HDD or SSD (rear) – 43TB via 1.8TB hot-plug SAS HDD + 3.5TB via 1.8TB hot-plug SAS HDD. Up to 4 NVMe PCIe SSD (6.4TB via 1.6TB)
  • 12 x 3.5 HDD or SSD + 2 x 2.5 HDD or SSD (rear) – 72TB via 6TB NL SAS HDD + 3.5TB via 1.8TB SAS HDD
  • 16 x 3.5 HDD or SSD + 2 x 2.5 HDD or SSD (rear) – 96TB via 6TB NL SAS HDD + 3.5TB via 1.8TB SAS HDD


And with the new PERC9 which has increased cache and troughput available it’s quite a Powerhouse.

Now some of the new features from a managment perspectice with the new release are:

* iDrac Quick Sync

This allows users to take care of some basic management of their PowerEdge servers with a near-field communication (NFC) device, such as a smart phone or tablet. Users can set their IP address, boot devices, and even pull off inventory information and health reports while at the box.

* iDrac Direct

We have also added in the ability via iDRAC with Lifecycle Controller to perform system management tasks from the USB port that is in the front of the server. Customers can load a configuration file on a USB port, iDRAC with LC will detect that a USB key has been plugged in, will pull the configuration information off, and will configure the system quickly, simply, and error-free. Additionally, you can ditch the crash cart and use your tablet or laptop to plug directly into the USB port in the front of the system and launch into iDRAC with Lifecycle Controller.

There are also other new features like.

* SanDisk Cache

This is available on some of the new models, but this feature uses locally SSD drives on the servers to be used for caching –> this feature only works on Red Hat / SUSE Linux and Hyper-V this is because that this feature requires and os filter driver that is used to move data back and forth from the cache. Vmware support comes later next year.

Dell has also done some tests/benchmarks against the new servers and conclude that they host up to 18% more users than the old servers –>

StorageReviewand CRN  has already published a review of the new generation servers and are both impressed with the performance of these new generation servers –>

Now im sure that this is only one of the few big announcements from Dell this year. Also important to remember that Dell & Nutanix is releasing their XC-series later this fall. Also Dell is one of the few selected partners that have been choosen for deployment of Vmware EVO:RAIL / RACK

Presenting on Netscaler Masterclass

On the next Netscaler Masteclass in October I will be presenting a session, regarding System Center and Netscaler. To talk about different forms of integration and monitoring.

For those who aren’t familiar with the Masterclass it is a webinar series that is hosted by Citrix, which are hosted once a month.

So sign up here if you want to know more –>


Få nye innlegg levert til din innboks.

Bli med 44 andre følgere