This is another one of Citrix hidden gems, Netscaler Insight. This product has been available from Citrix some time now, but with the latest update in became alot more useful. Insight is an virtual applance from Citrix which gathers AppFlow data and statistics from Netscaler to show performance data, kinda like old Edgesight. (NOTE: In order to use this functionality against Netscaler it requires atleast Netscaler Enterprise or Platinum)
Insight has two specific functions, called Web Insight and HDX insight.
Web Insight shows traffic related to web-traffic, for instance how many users, what ip-adresses, what kind of content etc.
HDX Insight is related to Access Gateway functionality of Citrix to show for instance how many users have accessed the solution, what kind of applications have they used, what kind of latency did the clients have to the netscaler etc.
You can download this VPX from mycitrix under Netscaler downloads, important to note as of now it is only supported on Vmware and XenServer (They haven’t mentioned any support coming for Hyper-V but I’m guessing its coming.
The setup is pretty simple like a regular Netscaler we need to define an IP-address and subnet mask (Note that the VPX does not require an license since it will only gather data from Netscaler appliances that have a platform license and it does not work on regular Netscaler gateways)
After we have setup the Insight VPX we can access it via web-gui, the username and password here is the same as Netscaler nsroot & nsroot
After this is setup we need to enable the insight features, we can start by setting up HDX insight, here we need to define a expression that allows all Gateway traffic to be gathered.
Here we just need to enable VPN equals true. We can also add mulitple Netscalers here, if you have a cluster or HA setup we need to add both nodes.
After we have added the node, just choose configure on the node and choose VPN from the list and choose expression true.
Now for Web insight we need to define an expression for instnace I can use an hostname expression and define a website that I have using DNS. This will start gathering appflow data when clients are accessing websites having the hostname web in it.
After a while now we can see that info is starting to appear in Insight, we can “drill” down in the data to show different metrics.
I can go into a user and show his sessions
And I can show what kind of applications the user has been running
For web insight we can see what kind of URLs that are accessed
And I can see what clients have accessed the URL
Now that is the first part, the Insight will not just sit there and gather data. The next part is to integrate this with Director to allow helpdesk users to user this data together with the Edgesight feature which is now a part of XenDesktop 7.
To integrate this we need to install Director on a server, next we need to run a command C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /confignetscaler
After this is done do an IIS reset and log into Director again.
We can now go into the Network pane and see the data that is collected.
Note: There are some requirements that need to be in place in order for it to function properly.
- NetScaler HDX Insight must be v10.1 or above.
- XenDesktop VDA version 7.0 and above are supported by HDX Insight and NetScaler.
- Storefront from the XenDesktop 7.0 installer or above versions can be used to launch the user sessions.
- Receiver for Mac v11.8 and Windows Receiver 14.0 (4.0) and above are required for accurate ICA RTT metrics.
Citrix released yesterday a tech preview of their Service Template for XenDesktop 7.1 for System Center Virtual Machine Manager.
This template allows for rapid and easy deployment of an entire XenDesktop 7 infrastructure, including setup of Director, License Server, Desktop Delivery Controller and Storefront.
It does not by default include Netscaler as part of the that template but that is something we can add to the “mix” later.
the Techpreview of the template can be downloaded from mycitrix here –> https://www.citrix.com/downloads/xendesktop/betas-and-tech-previews/system-center-service-template-tech-preview.html (This requires a valid mycitrix account) it has a template for XenDesktop and for PVS.
ill continue on with the XenDesktop template and show how it is deployed.
The template contains a bunch of PowerShell scripts, XenDesktop 7.1 ISO file and the template file itself, in order to fully setup the template it needs to VMM ISO file and a generalized 2012 VHD file.
After we have downloaded the template file open VMM –>
Then go into Library and Import Template –>
Then point to the extracted XenDesktop folder.
Then choose next, now we need to point the template to the different ISO files and generalized 2012 template.
After that is done and the mappings are correct we can contine on with the importing.
This will take some time since it needs to import the XenDesktop to the library. When we now go into Service Templates we can see XenDesktop listed as an option there. If we right click and choose “Open Designer” we can see how the layout will look like.
Now if we wanted to we could use the Netscaler integration as well to deploy multiple DCC and Storefronts and automatically setup a load balancing of these services as part of the deployment. Lets see how that can be done using the Service Template. (Note that this integration is still not support in 2012 R2) (UPDATED: IT WORKS) but for the purpose of demonstrating how it CAN be done ill show it anyways. So after we have installed the addon and created a VIP template for DCC and one for Storefront we can open the designer again.
Next we can connect the VIP profiles to the different components, one DCC VIP template for DCC and one for Storefront which has different load balancing mechanisms setup.
Now If I where to configure a deployment of this. I can configure the amount of each server I want in order to ensure scailability and redudancy.
When I start the deploy wizard I get a question to define what is my management network.
Here I can define what is the backend of the netscaler and what the VIP addres of the load balancing solution is going to be.
But since the integration between Netscaler and VMM is not functioning in R2 ill need to get back on that in a later post (UPDATE IT WORKS). But if I go into one of the servers I can see the application scripts that are run in order to setup a functional site.
If I for instance have ComTrade installed on Operations Manager in order to have monitoring of my Citrix enviroment I can add this as a Application Configuration in the last step to have a complete, XenDesktop 7 setup with load balanced Netscaler solution and have complete monitoring using Operations Manager.
This is the power of Citrix and Microsoft!
So the purpose of this post is to post different tips and tricks with Netscaler, so this is going to be updated from time to time. So it’s what I call a dynamic post
Now there are a tons of different areas to explore here, but im going to start easy.
1: Password reset Netscaler MPX / VPX
Now from time to time you might come by this, you have a customer which has a Netscaler setup and they have forgotten the password for the device. What do you do ?
If you have a MPX you need to connect to the device using a serial cable and use for instance Putty to connect to the serial port. If you have an VPX you just need to open the console. Now when the device boots you need to press CTRL + C now on the VPX it is simple the boot menu appears
Then you just press 4 and go into single user mode. On the MPX we have to press CTRL + C simultaneously as well when the following appears in the console
Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in 2 seconds…
Now to start the MPX in single-user mode you have to type either boot –s or reboot — -s to restart in single user mode. When you are in single user mode the console will look like this.
Next we have to mount the flash device since this is where the config file resides. Now on different devices this flash device has different names http://support.citrix.com/article/CTX121853
For VPX this device is called /dev/ad0s1a
So first we have to check disk consistency first before we can mount the device.
fsck /dev/ad0s1a (This checks disk consistency)
mount/dev/ad0s1a/flash (This mounts the drive under the folder /flash )
df –l (List the devices and where they are mounted)
Next we use a grep command to create a new config file but without the line which contains the passoword string.
grep –v “set system user nsroot” ns.conf > new.conf
Next we need to rename the current config to another name
mv ns.conf old.ns.conf
mv new.conf ns.conf
After this is done we have a new config file without the password for nsroot and we can reboot.
2: Use of profiles
A feature that I don’t see so commonly used and I think that is because of its not a obvious known feature, so let’s change that. When setting up virtual services you have the option to define a network profile attached to this service.
For instance the netscaler has many built-in TCP profiles which can help with improving the perfomane on a service either over LAN or WAN. These profiles tune different settings on the TCP stack and a desricption for each TCP profile can be found here –> http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-ac-confg-tcp-profl-tsk.html
For instance on virtual services you have an profile pane where we can define which Profile to use.
If for instance you are using this only in a LAN you should use the nstcp_lan_profile. By changing this you will note the performance increase it has.
3: Change GUI on Gateway portal
Now in many cases you want to customize the GUI of the default Netscaler Gateway Vserver.
Now this is possible but not as easy as with Storefront…
First of we need to do some changes within the Netscaler Gateway GUI.
Change setting to Green Bubble under global settings on a Access Gateway vServer (if you want to use it as an template)
Then we can make customizations, we can do this by opening for instance a FTP connection to the netscaler (with for instance winSCP) The gui is located under /netsacler/ns_gui
Changes which are done here can be viewed in real-time.
For instance if we wish to change the background image we can add a new image to the folder /var/netscaler/gui/vpn/media by added a new image by the name bg_bubbles.jpg to replace the old background. (Now I’ve changed it with a picture from the familiy album.
If we wish to change the text that appears in the portal we can change this under /vpn/resources/en.xml (This file contains most of the text that appears in the portal.
So after a few changes here we can get this.
Now if we want to same this custom theme, we first need to create a folder called ns_gui_custom under the /var/ folder.
This can in shell by writing mkdir /var/ns_gui_custom
Next change directory to /netscaler by typing: cd /netscaler
Now we to archive the ns_gui folder: tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/* This is because when the netscaler boots it exports the tar file to the nsgui folder.
After this is done we need to change the vServer global settings to custom theme and reboot to make sure it applies properly
4: Trouble with VIP in a DMZ site
So you have a two armed Netscaler solution where you have a SNIP, NSIP in the LAN network which talk to your backend servers and AD and DNS as such, and then you setup a VIP in the DMZ sone where you host your Access Gateway vServer, you reckon it should work.
But you are unable to ping the VIP address and you are uanble to open the vServer HTTPS.
You can see that the Default Gateway is going trough the LAN interface and when you want to change the gateway you get this error
The solution you need to have a SNIP address in the DMZ sone with the VIP address, this is because a VIP address is not “fully” features network IP unless it has a SNIP on the same network.
As Citrix promised, XenDesktop 7.1 is now available for downloading requires mycitrix –> http://bit.ly/H1i0of but with this release they include support for Microsoft R2 plattforms and Windows 8.1
For those that wish to update from XenDesktop 7 can look at the information at eDocs here –> http://support.citrix.com/proddocs/topic/xendesktop-71/cds-xd-upgrade-xd7-to-7-1.html
ill post my experience regarding the update later on today
So this is a discussion I often meet, and will come across more the next weeks and months ahead I belive
Many of the customers I work with are often a full blowen Citrix customer or more forwards Microsoft.
Many are facing the discussion mobility how do we embrace it ? (or from another point of view, how do we manage it ?) and they are doing some research and find often that XenMobile or Intune shows up. So whats the difference between the two ?
Citrix has a long time been the master of delivering workspaces to a user and to any type of device, and with the release of CloudGateway Enterprise they were entering towards delivering mobile based features (for instance allowing them to deliver mobile based applications to a user device trough Citrix client) and with the purchase of ZenPrise last year they went full in. Zenprise was a fullblown MDM solution and now they have integratet CloudGateway (Cloudgateway was the old product which included Storefront, Gateway and AppController) with ZenPrise which is now known as XenMobile Enterprise.
This fits well for Citrix’s image (any device anywhere) and now they can manage any device as well (as long as it is mobile). Also they have developed sandboxed based applications under the category Worx and they can also deploy any applications from the vendors different stores. These Worx applications use Micro-VPN functionality to connect to the infrastructure and are completely seperated from other apps inside the mobile client.
To break it down in components XenMobile (Enterprise) consists of
* Netscaler (Gateway)
* XenMobile MDM
Then on the other side you have Microsoft, which is coming from a client management standpoint, and they have been there for quite some time. With the latest release of Configuration Manager, Microsoft released a connection with Intune which allowed buisneses to manage mobile devices via Intune directly from Configuration Manager.
So all mobile devices needed to be setup to talk to Intune in order to be managed.
Configuration Manager has also expanding it support to include Linux / Mac / Thin Clients as well as mobile devices with Intune, so microsoft has operated in the management part for a long time.
Instead of aiminig for a on-premise solution Microsoft har put everything in their cloud. So whenever Microsoft deployes a new feature to Intune every customer of Intune gets it without needing to do anything.
They also have an integration to exchange to allow the IT-guys to control mobile devices trough Active Sync (this also includes Office 365)
There is a new intune release coming with a new release of Configuration Manager the 18th of October.
But can these two products compete?
Well… they have some of the same features which is device management, Citrix has more advanced features with XenMobile and with Worx and Micro-VPN etc. Microsoft has full support for Windows phone and Windows RT (And coming with iOS and Android with an company portal app pretty soon) and Intune might have what you need but nothing fancy.
What we need to remember is that Configuration Manager is a fullblown client management suite, with patching, deploying operating systems, applications, baselining, antivirus, with Intune it gets mobile device management capability. XenMobile is not in this category, it gives you mobile management, mobile application management, sandboxing applications, give any device application delivery trough Citrix Receiver.
So if you are a System Center customer with Configuration Manager and your IT-guys use ConfigMgr for management, adding Intune might be an easy way to go ahead, and by using Intune you leave the feature set to Microsoft, they need to continue development and will add more features as new release become available (So you will get the new releases for free since its a cloud based solution which you get buy a monthly basis). For other customers which needs advanced features such as selective wipe and the ability to seperate buisness and private data and more advanced security features and deep suppor for all vendors (Except Windows) XenMobile is for you. Zenprise was one of the market leading vendors before Citrix bought them up.
If you compare the cost (for Intune the cost pr user is 6$ pr month so for one year you have 72 USD. You also need Configuration Manager for it to make any sense.) You can also get a discount if you are EAS or EA agreement already which makes Intune more viable.
XenMobile Enterprise on the other hand is not so much more expensive then a regular Intune subscribtion of course it requires alot more infrastructure then Intune does.
So hopefully you got a bit more understanding on what seperates Intune from XenMobile!
Something I’ve been wanting to write for a long time since I always get some questions regarding licensing on either Access Gateway / Netscaler Gateway or Netscaler I thought I would write a post so others stumbling in the dark might benefit from it as well.
Now Netscaler Platform licenses (This depending on what Netscaler you have, gives you features inside the Netscaler appliance (for instance Standard, Enterprise or Platiunm)
The physical appliance (MPX or SDX) and VPX (virtual) on the Netscaler is licended pr Mac address this can be obtained from the CLI by running the command lmutil lmhostid –ether
(So for the sake of it, when you buy a platform license of Netscaler which is Standard or higher) you will get a Netscaler Gateway Platform license as well.
root@ns1# lmutil lmhostid –ether
lmutil – Copyright (c) 1989-2006 Macrovision Europe Ltd. and/or Macrovision
Corporation. All Rights Reserved.
The FLEXlm host ID of this machine is «00d068107316″
This info has to be entered in mycitrix.com license site and allocated to.
If you get any error messages these can be viewed under the /var/log/license.log file.
Access Gateway Platform license on the other hand are licensed on the hostname of the appliance. You must upload this license to increase the Independent Computing Architecture (ICA) connections up to 10000.
root@ns# grep hostname /nsconfig/rc.conf
Netscaler Gateway platform license also uses the hostname to generate a license file.
The same goes for Universal licenses for both Netscaler and Access Gateway editions.
Import note thou that Citrix Receiver DOES NOT USE a Universal license (they only need platform license) This is only needed for Smart Access and endpoint scan etc.
Another import note is that with version 10.1 it will say 0 ICA users, this is because of with version 10.1 it is unlimited ICA connections http://support.citrix.com/article/CTX138561
You can view this by using show license
Now for older solutions like CAG 5.0 (You can either use a license server or a license on the same host) http://support.citrix.com/article/CTX128869 for Standard edition
If you wish to install the license on a CAG 5.0 appliance you need the MAC address of the appliance if you wish to install it on a license server you need to specify the host name of the licensing server.
Access Gateway VPX Express gives you rights for 5 concurrent users on a 12-month plan.
This is huge news! Microsoft Azure has for some time now had a solid IaaS platform with suppor for most of the different Windows Server roles and features, except the most importent one RDS.
Since Microsoft until recently didn’t allow for use of RDS or other options like Citrix to run against Azure, (because of the licensing) people would have to use on-premise solutions until that was allowed / fixed
But now with the latest changes on the Volume Licensing agreement http://www.microsoft.com/licensing/about-licensing/product-licensing.aspx#tab=2 you can now bring SPLA based RDS sal usage in the cloud.
Now this brings two options for a service provider in Azure.
* Session Shared Terminal Servers
* Server VDI Workers (VM/Server Isolation)
So first of, this makes ALL of the different Citrix components supported in Azure not just XenDesktop 7, of course this restricts itself such as RemotePC cannot be used there.
And Citrix has also created two design guides for how you can setup Citric XenApp / XenDesktop in Microsoft Azure. This also requires that users enter to the citrix servers trough a Netscaler gateway on-premise.
http://bit.ly/12podxp XenDesktop 7
http://bit.ly/185lKOv XenApp 6.5
And im guessing with the next release of XenDesktop 7 (Project Merlin) will include provisioning options against Azure but until that arrives we will have to manually provision and use PowerShell. Since also Citrix and Microsoft has a strong relationship im guessing that more options on how to host Citrix in Azure will appear.
This guide has been written with Netscaler build 73 and Operations Manager 2012 SP1 (on WS2012) with the management pack from Citrix.
Operations Manager 2012 supports monitoring network devices either through SNMP (v1, 2 and 3) or through just basic ICMP.
Citrix has made a management pack solution, which you can use to enhance the monitoring capabilities in SCOM.
The pack also includes VMM PRO management pack (Which is not gone through in this guide, just the basic management pack)
The management pack can be downloaded from mycitrix (Requires login)
(Just a side note: Comtrade is a Citrix Partner who is currently making a new management pack for Netscaler so stay tuned for the new release )
So when we have a functional Operations Manager server up and running we have to install the SNMP service on one of the servers.
This can be done via Server Manager.
After that is installed go into services.msc and choose «Accept SNMP packets from any host» or just enter the IP of the Netscaler server.
Make sure that firewall on the OpsMgr server allows for SNMP traffic in.
After that is done you can install and open the management pack folder.
You will see that it includes a Guide and MP folder (which contains the Management Packs)
Now open Operations Manager console and go to administration and choose Management Packs, right-click and choose import.
And from there browse to the directory and choose the regular NS MP (Not the PRO)
And choose Install.
After that is installed, go back to monitoring and you will see that a new folder has appeared under Citrix Netscaler
by default all Performance monitoring are mostly disabled so we have to enable these to actually get some data.
So go into Authoring -> Rules and scope it to Citrix Netscaler
First of we can enable Virtual Servers current up
So we create a override rule for Netscaler Devices
and choose Enabled and save it into a Management Pack where we save our overrides.
After that is done we alter the SNMP settings on the Netscaler devices, im going it in CLI
add snmp manager IP
add snmp community enternamehere ALL (The last one is used to define which rights this community string has)
Add the IP of the SCOM MS and add a community string (In my case I used «com»)
After that is done we have to add the network device into Operations Manager.
Open Administration -> Network Management -> Right Click and choose Discovery Wizard from the wizard choose Network Devices ->
From there specify a name and which MS and resource pool to manage the device
Click next -> choose Explicit
Click Next -> Here we add the community string which we will use to authenticate with the NS
We have to add a new run as account which includes the Community String
Next we add the device IP and choose what type of service it will use to communicate with the device
After the Device Discovery Wizard is done, go into Discovery Rule and choose Run.
After a while the Device will appear under Network Devices pane.
You can check the Application Log on the Operations Manager server for info and you can check the snmp stats option in Netscaler.
So after this is complete we can see the device health properties
We also have some Performance counters for CPU and Memory we can see.
After you have enabled other Performance Monitors they will appear here as well, this allows you to create a baseline for how connections should be on your box.
This also allows for Operations Manager to generate alarms in case of DDoS attacks.
When Citrix released Excalibur they also included a whole bunch of Powershell which allows you to run Powershell cmdlets to alter anything.
If you are inside the Studio console you can see that there is a PowerShell window there, which shows all of the cmdlets that you have run.
and how does this help ? With the combination of Orchestrator, we can add automation to the equation.
What if we could automate the assignment of application to users via Orchestrator? and we could also add an approval workflow if we used it with Service Manager.
If a new users want a set of 20 new desktop for his or hers company we could create a new workflow which would run a PowerShell script against MCS and do this automatically.
However, I’m not going to go ahead of myself here, this is a start post to show what we can do with the provided PowerShell modules.
First I’m going to show how to import the modules that Citrix provides in this release.
Head over to the Studio server and open Powershell ISE
From there you can run this import commands.
There are more modules but these cover most of the administrative tasks.
If you refresh the ISE modules list now, the Citrix components will show up.
If we created a simple «Publish Application task» We can use the New-BrokerApplication to publish notepad.
New-brokerApplication -CommandLineExecutable C:\windows\notepad -displayname notepad -Applicationtype HostedonDesktop
NOTE: A bit of advice if you are unsure of how the cmd should look like, create an application with the wizard and extract the info after using the get-brokerapplication cmdlet.
Now we have a functional PowerShell cmd to publish Notepad to the studio.
So we know now that we have to import the modules first, then we can run the command to publish notepad, but how do to this via Orchestrator?
First set set-executionpolicy unrestricted on the Studio server.
And your script should be saved.
Now we simplest way is to use the Run Command activity in Orchestrator
I saved the script file locally on the Studio server, and the script looks like the output from the PowerShell ISE above.
So when I run this runbook what happens ?
This just publishes the application in Desktop Studio, it still isn’t assigned a user yet, that requires a bit more in PowerShell ill come back to that later this is just to show the abilities you have with Excalibur and PowerShell
Now Citrix released a beta build of Excalibur a couple of months ago, which shows the next generation of XenDesktop and XenApp architecture. (Well actually just XenDestkop, since the XenApp architecture is disappearing)
In addition, with this release we have some fancy choices for how to manage the machines within XenDesktop.
Excalibur will add additional WMI classes to all its desktop.
Which are listed here à
This allows you to create collections based upon if it’s VDI or Session host based, and even if it is assigned to a user or not.
Now in order to make these attributes available in Configuration Manager we have to add some WMI classes.
Go into Client Settings -> and alter the clients policy -> Go into hardware inventory and choose add classes. And from the list choose Add Hardware inventory class. From there you can browse to a remote computer that is installed as a VDA and in the namespace you can type \root\citrix\desktopinformation
And choose «Citrix_VirtualDesktopInfo»
Then Press OK
This will give you some more attributes on that WMI class
Which you can again use to create collections based on the variables.
Since Excalibur does not have any direct integration with for instance App-V you can now create user-based assignments to delivery groups.
So the user has multiple options of application deliveries.
Either via Software Portal and Configuration or Storefront with Citrix.