Citrix released yesterday a tech preview of their Service Template for XenDesktop 7.1 for System Center Virtual Machine Manager.
This template allows for rapid and easy deployment of an entire XenDesktop 7 infrastructure, including setup of Director, License Server, Desktop Delivery Controller and Storefront.
It does not by default include Netscaler as part of the that template but that is something we can add to the “mix” later.
the Techpreview of the template can be downloaded from mycitrix here –> https://www.citrix.com/downloads/xendesktop/betas-and-tech-previews/system-center-service-template-tech-preview.html (This requires a valid mycitrix account) it has a template for XenDesktop and for PVS.
ill continue on with the XenDesktop template and show how it is deployed.
The template contains a bunch of PowerShell scripts, XenDesktop 7.1 ISO file and the template file itself, in order to fully setup the template it needs to VMM ISO file and a generalized 2012 VHD file.
After we have downloaded the template file open VMM –>
Then go into Library and Import Template –>
Then point to the extracted XenDesktop folder.
Then choose next, now we need to point the template to the different ISO files and generalized 2012 template.
After that is done and the mappings are correct we can contine on with the importing.
This will take some time since it needs to import the XenDesktop to the library. When we now go into Service Templates we can see XenDesktop listed as an option there. If we right click and choose “Open Designer” we can see how the layout will look like.
Now if we wanted to we could use the Netscaler integration as well to deploy multiple DCC and Storefronts and automatically setup a load balancing of these services as part of the deployment. Lets see how that can be done using the Service Template. (Note that this integration is still not support in 2012 R2) (UPDATED: IT WORKS) but for the purpose of demonstrating how it CAN be done ill show it anyways. So after we have installed the addon and created a VIP template for DCC and one for Storefront we can open the designer again.
Next we can connect the VIP profiles to the different components, one DCC VIP template for DCC and one for Storefront which has different load balancing mechanisms setup.
Now If I where to configure a deployment of this. I can configure the amount of each server I want in order to ensure scailability and redudancy.
When I start the deploy wizard I get a question to define what is my management network.
Here I can define what is the backend of the netscaler and what the VIP addres of the load balancing solution is going to be.
But since the integration between Netscaler and VMM is not functioning in R2 ill need to get back on that in a later post (UPDATE IT WORKS). But if I go into one of the servers I can see the application scripts that are run in order to setup a functional site.
If I for instance have ComTrade installed on Operations Manager in order to have monitoring of my Citrix enviroment I can add this as a Application Configuration in the last step to have a complete, XenDesktop 7 setup with load balanced Netscaler solution and have complete monitoring using Operations Manager.
This is the power of Citrix and Microsoft!
Wow this has been a huge day for both Microsoft and Citrix.
First of Microsoft announced today publically that they are making RemoteFX clients for all mobile platforms (Maybe part of the Mohoro DaaS?) Which means that Microsoft VDI and with Storage dedup might make MIcrosoft a better alternative and gain some lost grounds there, because this has been one of Citrix’s best features broad platform support. So about time Microsoft came aboard as well!
Anyhow… Citrix also made an announcent today that they will release XenDesktop 7.1 as of 23th of October, this release will support all of the new platforms that Microsoft will release the 18th great news! That means VDA on Windows 8.1 and Windows Server 2012 R2, and that XenDesktop can leverage all of the SMB features and SCVMM 2012 R2 with MCS.
(Still eager to see the PVS features here)
So that means you can upgrade your infrastructure first and then Citrix later
Hopefully this means that we can use XenDesktop 7.1 against New gen VMs, and hopefully 7.1 also includes provisioning against Azure it might be….
This is going to be a long one
Always wanted to document this myself but never had the time, so I figured why not knock two birds with one stone and blog it as well since many are probably wondering about the same thing.
This is a typical deployment for many right? You have your internal XA/XD which are tied to a StoreFront web server and for remote access you have Netscaler Gateway/AG
And depending on the setup you might have a Netscaler in DMZ behind a NAT firewall, or directly connected to the internet from the DMZ or you might have a double hop network where you have multiple DMZ sones and firewalls.
So how to tie them together ?
First I suggest you read my previous post regarding XenDesktop 7 with StoreFront and Appcontroller deployment.
Lets head over to our Netscaler deployment. We can start by cheching our network connection.
We have different types of networking within the NS, we have VIP( Virtual IP) which are typically tied to load balanced service. We have SNIP (Subnet IP) which are used to initiate a connection to the back-end servers (XenDesktop Servers, Storefront etc) and you have a NSIP (Netscaler IP which is used for management)
So for a user the connection will look like this.
User –> VIP –> SNIP –> XenDesktop (Servers)
Next we can add authentication.
Go into Netscaler Gateway –> Policies –> Authentication –> LDAP –> Add
For named expression I choose General and True and choose Add.
((What does this do ? specifies that IF the traffic is going trough the NS appliance then this policy should be applied)
Then give it a name and choose new server and enter the information to the AD server. After you have entered the info “Press Retrieve Attributes”
Remember that this command uses the IP address of the server you are using the browser on.
If you are having trouble with authentication fire up console to the Netscaler Appliance type in shell then cd /tmp then type the command cat aaad.debug
This will display in real time information regarding the authentication tries.
After that is done, add a DNS server.
Now lets add a certificate (for this purpose I have a Enterprise Root CA on Windows Server 2012 which I used to create a web server certificate which contained the host name of the access gateway) nsgw.msandbu.local in my case and I choose to export it as a PFX file including the private key (You will need the private key!!) In production you should use a third party CA to isse a certificate to you.
You can upload the PFX file under Traffic Management –> SSL –> Manage Certificates –> then you can upload the PFX.
After this is done open Netscaler console and extract the certificate and the key from the PFX.
This can be done by running openssl from the Netscaler Console
openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem (Extract keys)
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem (Extract Certs)
Next we create a virtual server under Netscaler Gateway and assosiate it with an IP-address.
Since we just want ICA-proxy and no VPN (Smart Access solution) we can choose Basic Mode.
Under Protocol choose SSL (After this is done the service will go down unless you have a valid ceritificate installed)
If you go into the Authentication Tab (mark the Enable Authentication)
and under Primary Authentication Policiess choose insert policy. (By default the one we created earlier will appear)
Now if you wish to have two-factor authentication you can add another Primary authentication policy.
After this is done head over to policies. We need to add a Session Policy, here as well we use ns_true as an expression. Give it a name and press create New Request Profile.
Here we enter the information about the backend storefront servers. (NOTE I already have one stored there this is because I have created this earlier
Now there are a couple of options here we need to define.
First under Published Applications.
1: We have to define ICA-proxy, this will tunnel ICA traffic via port 443 back to the user.
2: Web Interface address this has to be Storefront web address.
3: Single sign-on domain should be your local AD domain. (Don’t enter anything here in case you have multiple domains)
Next is under Client Experience –>
Define Single Sign-ON to web applications using Primary Credentials, this allows the Netscaler gateway to authenticate to the Storefront site.
We have to define at the NS should use SSO to the storefront web adress using the Primary authentication mechanism which is AD in my case.
Last but not least, Security so we can allow users to actually enter.
You should also enable TCP profile for this virtual server set to nstcp_default_xa_xd_profile (This profile works best for internal usage and high bandwidth networks)
Then we also have to add STA (Of the XD controllers in my case) Go back to Published Applications.
Click Add and enter the URL of the XD controller. After you save and refresh the page it will show up like mine did now.
Remember to save the config!
After that is done we have head over to Storefront
Now there are a couple of things we need to fix there. First we need to add an authentication option from Netscaler.
This will allow the Storefront to authenticate users coming from Netscaler. (To pass the credentials forward)
Next we have to go to Stores –> Enable Remote Access –> Choose Add netscaler appliance –>
Here enter the info regarding your netscaler.
SNIP here is the one that you entered inn earlier on the Netscaler, StoreFront uses this to validate that any incoming connections comes from a trusted host.
The CallBack URL is the Internal IP-address of the Netscaler.
Then you setup it as a NO VPN Tunnel and choose the Gateway appliance to use.
You also have to add the STA’s here as well.
And last but not least, Beacons.
Beacons are used to identify if the end-user comes from an internal or external connection.
For instance you can put an external beacon for a public accessable website and internal for a website that is ONLY available for internal users.
This is what decides if the ICA-file the end-user receives is going to be used via ICA-proxy or a plain ICA-connection straight to the server.
In this case since it’s a demo enviroment all are on the same network. But I could remove the nsgw as an external beacon. And just have www.citrix.com and another external site.
Now since the AppController connected to the Storefront service we don’t need to anything else inorder to view Apps deployed from AppController.
NOTE: There is a couple of things if you are doing to deploy for instnace WorX apps from appcontroller and going to use mVPN solution to iOS and Andriod.
You will need to enable a couple of things here.
* Clientless Access URL Encoding = Clear
You also need to enable Secure Browsing
After this is done, we can open up our virtual IP URL.
In my case it is https://nsgw.msandbu.local
Login with my username and password and start a desktop connection (For the purpose of this demonstration I have also added a weblink from AppController that points to yammer.com
This is huge news! Microsoft Azure has for some time now had a solid IaaS platform with suppor for most of the different Windows Server roles and features, except the most importent one RDS.
Since Microsoft until recently didn’t allow for use of RDS or other options like Citrix to run against Azure, (because of the licensing) people would have to use on-premise solutions until that was allowed / fixed
But now with the latest changes on the Volume Licensing agreement http://www.microsoft.com/licensing/about-licensing/product-licensing.aspx#tab=2 you can now bring SPLA based RDS sal usage in the cloud.
Now this brings two options for a service provider in Azure.
* Session Shared Terminal Servers
* Server VDI Workers (VM/Server Isolation)
So first of, this makes ALL of the different Citrix components supported in Azure not just XenDesktop 7, of course this restricts itself such as RemotePC cannot be used there.
And Citrix has also created two design guides for how you can setup Citric XenApp / XenDesktop in Microsoft Azure. This also requires that users enter to the citrix servers trough a Netscaler gateway on-premise.
http://bit.ly/12podxp XenDesktop 7
http://bit.ly/185lKOv XenApp 6.5
And im guessing with the next release of XenDesktop 7 (Project Merlin) will include provisioning options against Azure but until that arrives we will have to manually provision and use PowerShell. Since also Citrix and Microsoft has a strong relationship im guessing that more options on how to host Citrix in Azure will appear.
Citrix has released a number of training videos regarding Project Excalibur, you can find them in the links below.
Part 1, Excalibur introduction
Part 2, Excalibur installation
Part 3, Citrix Studio
Part 4, Master Image
Part 5, Citrix Storefront
Part 6, Machine Catalog
Part 7, Deliver Groups
Part 8, Delivering Applications
Part 9, Citrix Receiver
Part 10, Citrix Director
For those that have been living under a rock for the last month or so (or hasn’t been to much involved in Citrix in a while) Citrix has just released a tech preview of their new solution (Which is at the
moment called Project Excalibur) Project Excalibur is the merging of XenDesktop and XenApp also with other components such as Storefront, the DDC and Citrix Studio(Desktop Studio)
And now with the merging of these products, the whole XenApp architecture is gone, there is no more IMA just FMA so no more Zones, Data Stores and so on.. It is much more reliant on the SQL database.
Now for those that aren’t so familiar with the Citrix terms and product names ill give a brief intro:
Receiver provides users with self-service access to resources published on
XenApp or XenDesktop servers. Receiver combines ease of deployment and use, and
offers quick, secure access to hosted applications, desktops, and data. Receiver also
provides on-demand access to Windows, Web, and Software as a Service (SaaS)
StoreFront authenticates users to XenDesktop sites and manages stores
of desktops and applications that users access.
Studio enables you to configure and manage your XenDesktop deployment.
Studio provides various wizards to guide you through the process of setting up your
environment, creating your desktops, and assigning desktops to users.
The Delivery Controller is responsible for distributing
applications and desktops, managing user access, and optimizing connections to
applications. Each site has one or more delivery controllers.
Server OS Machines. (XenApp)
VMs or physical machines based on Windows Server operating
system used for delivering applications or hosted shared desktops to users.
Desktop OS Machines. (XenDesktop)
VMs or physical machines based on Windows Desktop
operating system used for delivering personalized desktops to users, or applications
from desktop operating systems.
This is a quick overview of how the topology is:
Also for those that are familiar with XenApp the term farm is now gone, it is now called a site
The Zone master function is also gone, in this release the function is distributed evenly across all controllers in a site.
Now lets take a walkthrough of the installation.
BTW: All of this was installed on one virtual server.
Now as you see there are basically two components here, Delivery Controller and you have the Deliver Agent.
The Studio can be installed as part of the delivery controller.
So since this is my first setup I’m going to install the Delivery Controller.With all the components!
This setup will also install a local SQL Express 2008 R2 if you choose it, (Which I only recommend for test / labs etc )
The Setup will also configure the firewall for incoming connections. After the setup is completed, you can have auto launch of the Studio where we can configure everything.
And now remember that farms are now switched out with Sites. So we are going to start with creating an empty site.
So here we just defined a name for the Site, and assigned a license to that site. After that is done we can start the “real” configuration.
Search: says itself
Machine Catalog: A group of VMs or physical machines (For earlier XA people think of it as Worker Groups
Deliver Groups: This is where you assign applications and desktops to users.
Applications: This is where to publish applications you wish to use.
HDX policy: Old Group Policy management
Logging: Configuration logging.
Administration: Here you set site administrator
Controllers: Here you have an overview of the site controllers
Hosting: Here you have the overview of what hosting environment you have, vSphere, SCVMM or XenServer.
Licensing: Overview of the license server.
Profile Management: Here you can define policy settings such as folder redirection etc (You can see how it is defined in the picture below)
Now Citrix has also implemented a lot of other nice to have features in the GUI for instance the PowerShell pane, shows all the commands that have been run as PowerShell commands.
And you also have a nice overview of the license usage.
Now part 1 of Excalibur post is complete, more will follow. Stay tuned
But for System Center people like me there are new possibilities to get here.
Citrix recently released Project Thor which allows for an integration for XenApp into Configuration Manager. I’m exited to see what kind of integrations you can get here.
So something missing here, session lingering and session prelaunch where did it go?!!?
Wow! The last couple of days there has been a storm of Twitter activity around the Synergy conference in Barcelona (and for those that weren’t able to attend, including myself) There is a lot of new stuff happening around Citrix these days, so therefore I thought it would be a good idea to try to summarize what’s new on the Citrix front (Note that I can’t cover everything so if someone has more info regarding certain subjects or news that flew straight passed me, please send me some feedback either by adding a comment on the post or sending me an e-mail firstname.lastname@example.org or pref twitter https//twitter.com/msandbu
Now I want to start first with (what I think is a huge deal)
Citrix and Cisco have now made an “alliance” what that means is still yet to come, but you can read more about it at this news article here –> http://www.citrix.com/news/announcements/oct-2012/cisco-and-citrix-expand-partnership/_jcr_content.html
But there will be focused on integrating Netscaler and ASA appliances, V1000 coming to XenServer, integrating Cisco Jabber client with Receiver
And since Cisco has stopped down further production of their load-balancing module ACE (Which will be EoL in 2015)Citrix has now announced a campaign to convert from ACE to Netscaler and get 20% of regular MPX prices –> http://blogs.citrix.com/2012/10/17/introducing_amp/ So this is indeed going to be interesting to see what happens further into the future.
Second thing is the Citrix and NetApp alliance, where NetApp is coming with own components which integrates with for instance XenServer.
You can read more about it here –> http://www.citrix.com/news/announcements/oct-2012/citrix-and-netapp-collaborate-to-simplify-cloud-storage/_jcr_content.html
And a couple of days before that, Citrix also announced a partnership with Palo Alto (Which is firewall provider) You can read more about it here –> http://researchcenter.paloaltonetworks.com/2012/10/perspective-on-the-citrix-and-palo-alto-networks-partnership/
So what is Citrix doing with all these partnerships?
Well what is Citrix good at? on the networking front they have one of the best load-balancing solution (Of course Netscaler can do more then just that) but by joining forces with Cisco and Palo Alto they can get the best of three worlds within Networking. And with the alliance with NetApp they have more storage integration. So with this they will cover all of the components within an infrastructure.
Now with partners like Windows, Cisco, NetApp, Palo Alto it is indeed going to be interesting.
Windows 8 Welcome!
Citrix has embraced Windows 8 and will therefore come with support Windows 8 very soon.
And there is already a Citrix Receiver client out in the Windows Store for Windows 8. But more will come later.and
New version of HDX Optimization pack for Microsoft Lync 1.1
This new feature includes featuring PBX/PSTN integration (Enterprise Voice), conformance to Microsoft Call Admission Control specifications, Enhanced Emergency Services support, and other valuable enhancements that truly round out this important new capability for customers planning to embrace Lync video chat at scale.
New VDI-IN-A-BOX 5.2 review will demonstrate optimizations for Microsoft Lync, support for the latest hypervisor technologies including Microsoft Windows 2012 HyperV, Citrix XenServer® 6.1 and VMware vSphere 5.1. The tech preview will support the Citrix Storefront for unified access to any Citrix CloudGateway delivered service.
Mobile Desktop Virtualization
Xenclient Enterprise 4.5 XenClient extends Citrix XenDesktop® FlexCast to include the management of physical PCs and secures mobile laptops for disconnected operation. The tech preview includes support for third-generation Intel® Core™ processors, Microsoft Windows 8, and ultrabooks. You can read more about it here –> http://www.citrix.com/news/announcements/oct-2012/citrix-extends-xenclient-to-windows-8-and-ultrabooks
Speeding Migration to Windows 7 and Beyond – Supporting the upcoming general availability of new Microsoft technologies, the next release of Citrix AppDNA application lifecycle management software includes early access features for application testing on Windows 8, Internet Explorer 10 and Windows Server 2012.http://blogs.citrix.com/2012/10/16/expanded-no-charge-application-compatibility-trial-for-application-migration-initiatives-even-windows-8/
GotoAssist to deliver “one-stop” shop for IT Support
This will provide the tools to monitor servers, and with helpdesk support tools that follows ITIL. (Much like SCOM and SCSM from MIcrosoft)
On-premise storage available! It allows you to make existing folders available for the users so you don’t have to create new folders for the users. There are also loads of more features available
- ShareFile with StorageZones – Organizations now have the flexibility to manage their data on-premises in customer-managed StorageZones or choose Citrix-managed StorageZones (secure cloud options available in seven locations around the world) or a mix of both. With customer-managed StorageZones, IT can place data in their organization’s own datacenter to help meet unique data sovereignty and compliance requirements while optimizing performance by storing data in close proximity to the user. By defining where data should be stored, IT is able to build the most cost-effective and customized solution for their organization. Customer-managed StorageZones can be easily integrated with an organization’s existing infrastructure as it is designed to support any Common Internet File System (CIFS)-based network share.
- ShareFile StorageZones MPX Appliance – To further simplify deployment of customer-managed StorageZones in a customer’s private datacenter, Citrix will deliver a new purpose-built StorageZones MPX appliance powered by Citrix NetScaler®. The device will add value to customer-managed StorageZones deployments by offering integrated security and optimizing networks and will work effortlessly with existing storage environments.
- StorageZone Connectors – The company’s follow-me data strategy now extends beyond the data stored in ShareFile. Working in conjunction with customer-managed StorageZones, StorageZone Connectors let IT create a secure connection between the ShareFile service and user data stored in existing network shares. This innovative capability makes it easy for end users to securely access their work documents on mobile devices through ShareFile apps for iPad and iPhone (support for other devices coming soon), regardless of where the data is actually stored. This approach extends all the simplicity and mobile access benefits of ShareFile to existing data storage platforms, without the need for data migration. Using the new ShareFile StorageZone Connectors, it is now possible to securely view and share documents from network file shares, which otherwise cannot be accessed outside of corporate networks or on mobile devices.
- On-demand Sync – The new on-demand sync capability of ShareFile for Windows is designed for pooled and hosted shared virtual desktop environments, including those powered by Citrix XenDesktop® and Citrix XenApp®. Typically in such environments, users sync all their data every time they log into their virtual desktops, putting substantial load on the network, bandwidth and storage. With on-demand sync, users will continue to view all their files and folders within their virtual desktop just like they do today. However, files download and sync only when the user views, edits, saves or shares, resulting in huge reductions in Input/Output Operations Per Second (IOPS) and slashing storage requirements.
- Windows 8 Compatibility – Citrix announced availability of compatible versions of ShareFile Sync for Windows and Microsoft Outlook Plug-in.
- ShareFile for Microsoft Azure – To provide more cloud storage options to customers, Citrix announced plans to deliver Citrix-managed StorageZones onMicrosoft Azure in 2013. This integration will allow ShareFile customers to leverage all the reliable and powerful capabilities of Microsoft Azure by letting them designate data across a seamless global network of Microsoft-managed datacenters. These additional locations will also allow IT to place data close to users to enhance performance.
Present content from the IPad with Citrix GoToMeeting
- Launch a meeting and invite attendees with just a few taps.
- Change presenter so another person can show their screen.
- Present your content by simply browsing to it or opening email attachments (iPad only).
- Easily share content from ShareFile or Dropbox during a meeting (iPad only).
- Brainstorm with the onscreen highlighter and whiteboard (iPad only).
Secure E-mail and Web on mobile with @WorkMail @WorkWeb apps
Which allows secure e-mail reading and surfing from iOS and Android.
Excalibur and Merlin releases, which is the next release of Avalon
Access to remote PC from Kindle Fire and Android Phones or Tablets.