Archives for June 2013

XenDesktop 7 Pt 3: Install VDA

This installment of the XenDesktop installation series will show you how easy it is to install the XenDesktop 7 VDA (Virtual Delivery Agent). The VDA can be installed on client VMs, servers (for XenApp), or physical PCs if you want to remote high-powered 3D graphics. It contains the ‘secret HDX sauce’ that is used to deliver the HDX experience to the Citrix Receiver.

XenDesktop 7 Series

Part 1: Role Installation
Part 2: Configure Desktop Studio Site
Part 3: Install VDA
Part 4: Create Machine Catalog
Part 5: Configure StoreFront
Part 6: Create Delivery Group
Part 7: Receiver Configuration
Part 8: Install Server VDA
Part 9: Create Server Machine Catalog
Part 10: Create Application Delivery Group

XenDesktop 7 VDA Installation

1. I logged into my Windows 7 master VM, mounted the XenDesktop ISO, and started the installer. This time we want to install the Desktop Delivery Agent. The installer also clearly shows you the OS I’m running the installer on is incompatible with the server roles, such as Citrix Director. Very nice to quickly see what I can and can’t install on a particular OS without having to refer to documentation. Very nice touch!

6-30-2013 8-26-52 PM

2. Now I have to decide if I want this VM to be a master image, or just provide remote access. Since we are doing VDI, I left the default option.

6-30-2013 8-28-50 PM

3. If I were installing the VDA on a high powered physical workstation and needed to remote 3D professional graphics, such as AutoCAD, then I would install HDX 3D Pro. Since this is a VM, I’ll choose the standard VDA.

6-30-2013 8-31-32 PM

4. I’ll let the installer install the Citrix Receiver into the image as well. That way I can access XenApp apps down the road, if I want.

6-30-2013 8-32-50 PM

5. Here we have to enter the desktop delivery controller name(s). If you are using a NetScaler to load balance your controllers you could enter that FQDN here. In my case I’ll just enter the controller’s FQDN. A nice touch here is a Test button, to validate the server name is correct. Yet another way Citrix is help ensuring a successful deployment.

6-30-2013 8-36-51 PM

6. The VDA has a few features you can select from. I want the whole nine yards, so I chose all of them.

6-30-2013 8-39-25 PM7. Just like in the server role installation, Citrix provides you a full list of firewall ports that are needed.

6-30-2013 8-40-59 PM

8. A summary screen is then displayed, and the VDA starts installing. At the end you should have a successful message.

6-30-2013 9-25-41 PM

Now that the VDA is installed, we can proceed to making a machine catalog and provision some VDI VMs. Stay tuned for Part 4!

XenDesktop 7 Pt 2: Configure Citrix Studio Site

In Part one of my Citrix XenDesktop 7 installation guide we installed all of the XenDesktop 7 components on a single Windows Server 2012 VM. In this second edition we will setup the Citrix Studio site, which connects the XenDesktop 7 Studio to a database, vCenter, storage, and virtual networks.

XenDesktop 7 Series

Part 1: Role Installation
Part 2: Configure Desktop Studio Site
Part 3: Install VDA
Part 4: Create Machine Catalog
Part 5: Configure StoreFront
Part 6: Create Delivery Group
Part 7: Receiver Configuration
Part 8: Install Server VDA
Part 9: Create Server Machine Catalog
Part 10: Create Application Delivery Group

Configure Citrix Studio Site

1. Launch Desktop Studio and you will see this nice welcome screen. Click on Get Started.

XenDesktop 7 Studio

2. We want to configure a full site, so I enter a site name. Queenstown is one of my favorite cities in New Zealand, so let’s use that.

6-30-2013 5-45-50 PM

3. Next up is configuring a database. The information for SQL express was pre-populated, so I didn’t have to type in anything. You can also test the database connection, which is a great feature. If you don’t have SQL permissions, then it can generate a script to give to your DBA to run.

6-30-2013 5-48-40 PM

4. Licensing is always fun, NOT! Citrix has included a 30-day trial, so you don’t have to futz with the Citrix licensing portal. It also verifies a licensing server connection, and verified a trusted SSL connection. What’s new in XD7 is the ability to allocate licenses from this wizard instead of navigating through the Citrix licensing portal maze. Great time saving feature and extremely welcomed.

6-30-2013 5-52-44 PM

5. Next up is configuring the connection to vCenter. Desktop Studio is picky, as it should be, about the SSL certificate used on the vCenter server. If Desktop Studio has problems contacting the hypervisor, unlike previous versions that were quite unhelpful, you now get this godsend of an error message which takes you directly to the relevant CTX article. You can also view the exact error, which is also entirely understandable:

Citrix.Console.Models.Exceptions.ScriptException Cannot connect to the VCenter server due to a certificate error. Make sure that the appropriate certificates are installed on the VCenter server, and install the appropriate certificates on the same machine that contains all instances of the Host service.

6-30-2013 6-01-30 PM

Since I just built up my vCenter server yesterday, I haven’t gone through the process of configuring it for trusted certs. It’s a bit complicated and I still have to follow my own blog to do it properly. So there’s a nice Citrix CTX article on how to trust the self-signed vCenter certificate. Certainly should never do this for production but in my PoC I want to take the easy route. The solution in the article is to download the vCenter self-signed cert and place it in the computer’s Trusted People certificate store. Quick and easy!

5. Next up you need to set a resource name, choose a cluster, and pick the portgroups that the VDI VMs will use.

6-30-2013 6-07-29 PM

6. Configuring storage is easy. Pick the datastores where the provisioned VMs should go. Desktop Studio does NOT support vSphere datastore clusters, which is a huge bummer.

6-30-2013 6-09-03 PM

7. I’m not doing App-V, so I skipped that configuration screen. A nice summary is shown at the end of the wizard.

6-30-2013 6-09-52 PM

8. A few minutes later I get this nice site configuration screen. New to XD7 is the Test Site feature, which runs through 177 tests to ensure everything is properly setup. Very nice touch.

6-30-2013 6-16-28 PM

6-30-2013 6-19-29 PM

At this point my Desktop site is up and it’s in a healthy state, just by clicking next through the entire install (minus trusting the vCenter certificate). Next up is installing the VDA on a Windows 7 x64 client, in preparation for creating a machine catalog. You can check out Part 3 here.

XenDesktop 7 Pt 1: Role Installation

6-30-2013 5-06-28 PMIn case you missed the announcement or my blog post last week, Citrix XenDesktop 7 finally hit the streets. It is a very major release of the product, merging XenDesktop and XenApp into a single management system. Gone are the days of a dozen or more different consoles to manage everything. XenApp has now taken on the XenDesktop model of provisioning and management. It now fully supports Windows 8, Windows Server 2012 and SQL 2012.

I wanted to walk through a PoC setup of XenDesktop 7, so you get a feel of the major changes in this release and the new streamlined installation and configuration process. Prior versions of XenDesktop were not terrible to install, but had different installers for different pieces (such as StoreFront) and didn’t have a unified feel. For the most part, that is now history.

For this PoC I’ll install all of the components on a single Windows Server 2012 with a SQL 2012 express database. In a production environment you’d want redundant Desktop Controllers (brokers) and StoreFront servers (web interfaces), with a clustered database. Both roles can easily be load balanced by a Citrix NetScaler, for high availability. The Citrix NetScaler can also be configured for secure remote access via an ICA/HDX proxy, or full SSL VPN.

XenDesktop 7 Series

Part 1: Role Installation
Part 2: Configure Desktop Studio Site
Part 3: Install VDA
Part 4: Create Machine Catalog
Part 5: Configure StoreFront
Part 6: Create Delivery Group
Part 7: Receiver Configuration
Part 8: Install Server VDA
Part 9: Create Server Machine Catalog
Part 10: Create Application Delivery Group

XenDesktop 7 Role Installation

The XenDesktop 7 download is a single ISO, with the optional Provisioning services which is a separate ISO. I’m opting to use MCS (Machine Creation Services) with my vSphere 5.1 hosts, so I don’t need the provisioning services ISO. I prepared a Windows Server 2012 VM and mounted the XenDesktop 7 ISO.

1. Launch the installer and you will see a unified installer. Since this will be a simple all-in-one server, I clicked in the leftmost box. If you are doing a distributed production install you can use the boxes on the right to install individual components as needed.

XenDesktop 7

2. Next up I was presented a list of all the roles which I could chose from. Again, I wanted all roles since everything will be on one server.

6-30-2013 5-01-14 PM

3. Since I didn’t want to use an external database (SQL Server 2012 with AlwaysOn is a supported configuration) I opted for the built-in SQL Express.

6-30-2013 5-01-26 PM

4. Next up the wizard showed me a nice list of ports that each role needs to communicate over. I’m using the Windows firewall, so I let it automatically configure all of the required rules.

6-30-2013 5-01-37 PM

5. That’s it! A nice summary page is shown and then I kicked off the installer. It estimated the installation to take 26 minutes. That was quite wrong, and in fact only took 13 minutes on my home QNAP!

6-30-2013 5-01-46 PM

6-30-2013 5-22-11 PM

At this point you are now ready to launch the Desktop Studio MMC and start doing the configuration. You will also need to configure StoreFront, and a little SSL work. Stay tuned for Part 2, where we start the basic configuration tasks to bring XenDesktop 7 to life.

CloudVolumes Pt 4: Testing the AppStack

This is the fourth installment of my CloudVolumes spin around the block. So far the installation as has been quick, encountered no product problems, and the experience seems polished even for a v1.0 product. Given my good experience thus far, I can’t wait to see CloudVolumes AppStack in action. Can I really instantly provision Office 2013 or browsers extensions to a running VM, or will I get a blue screen of death? Read on. If you want to start back at the beginning of this series, go here.

To recap we’ve created an AppStack of Office 2013, Adobe Reader IX, Java 7 update 25, and Adobe Flash Player 11. These are very common products probably in many golden images, and they often get regular security updates. My browser of choice is Internet Explorer 10, so let’s see how CloudVolumes handles browser-plugins.

Assigning an AppStack

Since we created an AppStack I now have to assign it, otherwise it won’t be of any use to me. The assignment process is very straight forward and completely AD integrated. First I locate my AppStack in the console and click Assign. I can then pick from a variety of AD objects (users, groups or computers) to assign the AppStack to. In today’s world we are moving away from device-centric application management to user-centric (the apps follow the user around), so I decided to select my administrator account. Next you check the box next to my user account. If I was doing an AppStack for a server then I’d of course pick a computer account.

CloudVolumes AppStack assignment

One of the killer features of the product is the ability to assign an AppStack to a running VM with a logged-in user (i.e. instantly provision apps). The apps should appear in mere seconds, ready for immediate usage. Seems almost too good to be true. Does it work?

6-30-2013 6-27-21 AM

I logged into my Windows 7 x64 VM and looked at the start menu, prior to assigning the AppStack. As you can see it’s a very bare bones install, and there’s no Office or Adobe Reader. Also, my desktop has no application icons on it.

6-30-2013 6-29-19 AM

Testing CloudVolumes AppStack

Now comes the moment of truth..I click the Assign button and eagerly listen to my QNAP and watch the VM for signs of life..or death. And do I get a blue screen of death, does the console crash, or does my AppStack magically appear in seconds on my desktop? After ~7 seconds of QNAP and vCenter activity, appearing on my desktop is the AppStack! Did not have to even log out….I’m amazed.

6-30-2013 6-45-23 AM

Anyone can make icons appear on the desktop, but let’s look at Add/Remove software. Yup..I see all of the programs in my AppStack.

6-29-2013 9-07-58 PM

But do they launch?

6-30-2013 6-47-51 AM

Word 2013

How about those pesky IE plug-ins? That looks pretty normal…except..wait..where’s Flash Player? Hmmmmm

6-30-2013 6-51-45 AM

Let’s try and watch a YouTube video clip to see what happens..maybe it’s just a cosmetic issue. Viola…Flash Player DOES work. I also went to various other Flash Player test sites and everything worked as expected. Note to self: Don’t try and watch Flash videos via the ESXi console. It will bomb after a few seconds, totally unrelated to CloudVolumes. RDP into your test VM to try out Flash or use your VDI solution.

6-30-2013 7-06-13 AM

Let’s try out Java. IE prompted me to allow the Java plug-in, and after acknowledging a Java application security warning, all is well! I actually realized after my testing that the VM I provisioned the AppStack to was using IE 9, but my AppStack master VM had IE. But the plug-ins worked. I then updated my production VM to IE 10, rebooted, and the plug-ins continued to work. So the browser plug-ins seem fairly resilient to IE version changes.

 6-30-2013 7-11-46 AM

Needless to say I was very impressed that everything worked just like in the videos. Through some further testing with Office 2013 I did run into one issue. If I tried to use some of the built-in templates that get downloaded from the internet I got a font error as shown below. The template still opens up, just minus the custom fonts. Other than this font error, all the Office functionality I tested worked flawlessly.

6-30-2013 8-13-09 AM

Now that we have a working CloudVolumes AppStack, how does one update the AppStack with newer versions of the app or add additional apps? Stay tuned for Part 5.

CloudVolumes Pt. 3: Create AppStack

Welcome to Part 3 of installing and configuring CloudVolumes. In Part 1 I provided a short introduction on what CloudVolumes is and started the management console installation process. In Part 2 I configured basic settings such as Active Directory, vCenter, and datastores. Now we are ready to install the CloudVolumes agent and build a CloudVolumes AppStack of Office 2013 and a few other applications.

I mounted the CloudVolumes ISO image and started the agent installation on my AppStack packaging Windows 7 x64 VM. The only two questions I had to answer was the CloudVolumes Manager address and the port. There wasn’t a button to validate the agent could talk to the manager (hint, feature request). After the agent installed I had to reboot the VM. As we will later find out, due to a network configuration error on my part the agent was unable to contact the manager, hence the need for a ‘validation’ button of some sort.

CloudVolumes Agent

Creating a CloudVolumes AppStack

Here comes the exciting part! We now have a VM which we can install our applications and start building up AppStacks. The following two warnings are included in their admin guide:

Important: The provisioning of AppStacks must be performed on a clean base image; that being a VM that resembles as closely as possible the target environment to which you later plan to deploy the AppStack. For example, the provisioning VM and target should be at the same patch and Service Pack level and, if applications are included in the base image, they should also be in the provisioning VM.

Provisioning should be done on a VM that did not have any AppStacks previously assigned to it. If there were any AppStacks assigned to the VM, that VM should be rebooted before provisioning a new AppStack.

Back in the management console I clicked on Create AppStack.

6-29-2013 7-18-19 PM

The console had been sitting idle for an hour, and as soon as I clicked on the button I saw two red warnings for a split second and it booted me out to the login screen. I thought oh crap, a bug. I logged in again and this time the wizard came up so clearly it was just a timeout issue and the warning needs a little tweaking. I decided to go for broke, and try Office 2013 Professional Plus as my first AppStack.

CloudVolumes AppStack

After the wizard completed I now saw an unprovisioned AppStack. I do have one grip about this screen. In the VMDK filename it puts exclamation points in for spaces, which I think is a bit odd. It would make it a lot more readable to use an underscore or hyphen, IMHO. VMFS can support spaces, so not sure why they need to substitute characters.

6-29-2013 7-23-54 PM

Clicking on Provision brought up a screen where it should list all computers that have the CloudVolumes stack installed. This list was empty. Since my name resolution in my home lab is a bit unique, I figured it was a DNS problem. I fixed that problem, but the VM still wasn’t registering with the manager. I looked on the Win7 VM logs and could find no CloudVolumes error messages. I tried to telnet to port 3000 and that worked, so I knew it wasn’t a firewall problem.

After poking around in the console a bit I found the System Messages tab. Apparently, the provisioning VM needs to be joined to the domain. Probably makes sense, but I wasn’t sure if the VM should be as pristine as possible. It would be most helpful if during the agent installation it provided a warning, and also logged error messages in the application log on the Win7 machine about not being domain joined. After I joined the computer it immediately appeared in the CloudVolumes console.

6-29-2013 7-42-55 PM


6-29-2013 7-45-13 PM

I re-ran the AppStack provisioning wizard and came to the screen below. I clicked on the computer name (without clicking the radio button) and it immediately changed to the computers tab. That threw me for a loop, until I figured out I had to click on the radio button to actually provision the application. Minor usability issue.

6-29-2013 7-48-19 PM

Click the radio button then click Provision to get:

6-29-2013 7-51-18 PM

In the Windows 7 provisioning VM I got this pop-up:

CloudVolumes provisioning

So I then mounted the Office 2013 Professional Plus ISO, and ran through the whole install. I also ran Windows update to get it fully patched. While that was running for a while I decided to look at the Win7 VM properties. As you can see CloudVolumes mounted a second VMDK to the VM, which is where all of the application bits are being written.

6-29-2013 7-54-34 PM

During the AppStack capture process I had an “Oh crap” moment. I forgot to take a snapshot of the VM prior to doing the Office 2013 capture. I checked the snapshot history, and no snapshots were present. So I thought to myself I’ll have to rebuild my VM for the next AppStack. Because of what I thought was a mistake on my part I also decided to bundle in Flash Player, Acrobat Reader and Java in this AppStack. I was very curious how browser plug-ins worked, if at all, with CloudVolumes.

After Office 2013 installed I ran Windows update so that it was fully patched. The VM rebooted, and the CloudVolumes agent reminder that I was in provisioning mode was still on the screen. Next up was Flash Player 11, Adobe Reader 11, and Java 7 update 25. After those programs were done installing I clicked on the OK button to end provisioning. The VM rebooted, and after I logged in I got this successful message:
6-29-2013 8-22-15 PM

To my delight I saw that the VM was returned to the pre-AppStack creation state! No Office, no Flash player, no Adobe Reader, no Java. I thought sweet….I didn’t screw up after all! Pretty neat. Back in the Manager console I see the Status is now Enabled, and it even shows how long I took to provision the AppStack.

CloudVolumes AppStack

I wondered what the CloudVolumes datastore looked like and how big the VMDK was, so I browsed to the datastore and found a 4.2GB VMDK.

6-29-2013 8-48-20 PM

Now all I needed to do was install the agent into my “production” Windows 7 x64 VM, assign the AppStack, and see if the magic worked! Check out Part 4 to see how to assign an AppStack and see if this really works….or not.

CloudVolumes Pt 2: Manager Config

In Part 1 of “Installing CloudVolumes” I covered the basic concept of what CloudVolumes does, and we provisioned a Windows Server 2008 R2 VM for their management console. We are now ready to configure the CloudVolumes Manager console to interface with AD, vCenter, and setup the vSphere datastores. So far the CloudVolumes installation has been smooth and extremely easy.

As a quick refresher I’m now staring at the image below on my CloudVolumes Manager VM.

Configuring CloudVolumes Manager


I clicked on Get Started, and next up was uploading my evaluation license key. That was super easy, and clearly shows what I’m licensed for and when my evaluation expires.

CloudVolumes license

Next up was to configure Active Directory. Again, this was very simple, and I’m very glad to see that it supports LDAP over SSL. Since this is just a test environment I didn’t create a service account, but in production I would.

6-29-2013 5-39-15 PM

Next it wanted to know who should be a CloudVolumes administrator. In my test environment I selected Domain Admins, but in production I’d create a delegated group.

6-29-2013 5-41-15 PM

Next I had to configure the hypervisor credentials. Again, because this is a quick test I just used my domain admin account. In production I’d create a CloudVolumes service account and configure the proper rights in vCenter. In this case I’m using a vCenter 5.1 U1 instance. It may come as a shock to some, but I hadn’t yet configure vCenter for trusted SSL certificates (did a fresh install this morning). CloudVolumes didn’t complain about any certificate issues (which I would hope it would if the cert was self-signed).

6-29-2013 5-43-04 PM

The last configuration task is to setup the datatores. What is nice about this screen is that I can specify different datastores for the AppStacks and the writeable volumes. That’s a great feature, so that you could use data tiering. Perhaps put the AppStacks on higher speed storage for quick access, and put the writeable volumes on somewhat slower mass storage. I think they said you can also use Datastore clusters, but I didn’t have one configured to try that out.

What’s also nice on this screen is that it tells you if the datastore is local or shared among hosts. Of course if you use local storage only VMs on that host could access the AppStack or writeable volume.

6-29-2013 5-46-23 PM

A nice summary screen is shown after all of that work.

6-29-2013 5-50-36 PM

In Part 3 we will install the CloudVolumes agent in my Windows 7 64-bit VM, so we can start capturing applications. So far I haven’t run into any hitches, and the installation guide they provide walks you through the entire process with a plethora of screenshots.

CloudVolumes Pt 1: Intro and Installation

CloudVolumesLast weekend I was catching up on my RSS feeds with Feedly (great Google Reader replacement BTW), and stumbled on an article on Brian Madden’s site about a new way to enable non-persistent VDI. In that article, and accompanying video, they demoed a stack of software that I found very interesting. They discussed Atlantis Computing ILIO, CloudVolumes and Immidio.

I’m actually using ILIO in my current VDI architecture, so I was quite familiar with the performance (which is great!). But I had never heard of CloudVolumes. CloudVolumes is a startup and their v1.0 product went GA within the last two months. Immidio is somewhat similar to AppSense, and provides user environment personalization/control.

What I found particularly compelling about CloudVolumes was the ability to live add applications to running VMs (client and server OS), and just store one copy of the app that thousands of VMs could share. Big space savings! “Hot adding” apps literally appeared in seconds on the desktop when the administrator assigned them to a running VM. Check out the videos on Vimeo for demos.

What the product could enable is the use of non-persistent VDI base VMs which run from a single golden image, yet to the user seem persistent. There’s an ability for the user to install their own apps (which you can disable), and retain personalized information. So you could have a pool of non-persistent VMs, assign CloudVolume “AppStacks” to a user, and when the user gets their random VM it gets assembled on the fly with their applications and personal data (if enabled).

You can leverage native VDI products to create and maintain your VMs, such as VMware Composer and XenDesktop MCS/PVS. This is different from some competing solutions that use their own technology to assemble a desktop and bypass native VDI image management. Personally I’d lean towards native VM image management tools that VMware and Citrix provide.

Frankly, all of this sounded almost too good to be true. And the company says the technology is coming to physical computers as well, but declined to give a public timeframe when that might happen. This isn’t a VDI only solution either, as they tout providing support for server workloads such as SQL, IIS and XenApp. Instantly assign an “AppStack” to your XenApp server, so they claim, and provision dozens of apps with a few clicks.

Anyone that has worked with me knows I don’t hold back with vendors and giving candid input on how their product really sucks (a lot really do suck), or is really awesome. So I wanted to put their technology to the test and see for myself whether it really works as well as they tout. It’s only a 1.0 product, so I’ve tempered my expectations and expect a few rough edges. I shot the company over a list of 20+ questions which we discussed in a conference call this past week. Given their answers, I felt it was worth trying out in my personal lab to see if it’s spectacular or a flop. I have yet to use the product, so I’m blogging about this as I do my first install and I honestly don’t know what the end result will be.

Basic CloudVolumes Installation

I reviewed the system requirements and found that the CloudVolumes Manager was supported on Windows Server 2008 R2, vSphere 5.0 or later, and worked with IE 9, 10 and FireFox 10, 11. Support for Windows Server 2012 and Hyper-V were not available in this version. For the CloudVolumes agent it supports Windows 7 32-bit, Windows 7 64-bit, and Windows Server 2008 R2. No official fully tested support for Windows 8 or Windows Server 2012, although the company did say it “should” work but hasn’t gone through the full QA cycle. A remote SQL database is optional and only needed when deploying multiple Cloud Manager environments.

I provisioned a Windows Server 2008 R2 VM for the CloudVolumes Manager, and created two Windows 7 x64 VMs. One was a “clean” master that will be used to create the AppStacks and the other will be a target computer. At this point I didn’t want to yet stand up VMware View or XenDesktop, since I wasn’t even sure how well the product would work.

Next up, which I found a little strange, is the need to copy a .zip file to a VMware Datastore then run an unzip and convert command to create their special VMDK files. Normally I’m used to deploying OVA files to create VMs/VMDKs. But the process was easy enough, and just required SSH to be turned on the ESXi host to run the script. The result was the following directory structure on my datastore.

6-29-2013 4-30-51 PM

Now that the VMDK files were ready (NO VMs were created or harmed during this process), I moved over to my Windows Server 2008 R2 server so I could install the CloudVolumes manager.  I started the installation wizard, chose the Manager role, and it then proceeded to install SQL express (or you could point it to an existing SQL server). The installer finished without any problems, and I then launched the CloudVolumes Manager console in IE 10.


That’s it for Part 1 of my CloudVolumes installation. At this point my Windows 7 packaging VM is patching, and I un-installed my regular baked-in apps so that it’s as clean as possible. In Part 2 we configure licensing, Active Directory, vCenter credentials, and datastores. Check it out!

Citrix XenDesktop 7.0 is out!

XenDesktop 7XenDesktop 7 is a milestone in the Citrix end user computing experience. Citrix has merged XenDesktop (VDI) with XenApp, into a consolidated set of common consoles with common policies and HDX experiences. It also features full Windows 8, Windows Server 2012, and SQL Server 2012 (with AlwaysOn clustering) support. Last year I had the pleasure of participating in a private beta, and really liked where Citrix was taking the product. You can now download it for yourself and give it a spin.

The entire installation experience is significantly improved, vastly easier, and reduced the number of consoles you had to deal with. The biggest change is for XenApp customers, as the administration experience is vastly different. For previous XenDesktop users it’s a welcomed evolution of Desktop Studio, Desktop Director, and StoreFront.

Briefly the ISOs appeared this morning, then disappeared, and re-appeared tonight. I grabbed a copy this morning, and have pretty much gone through a full install of Desktop Studio, StoreFront 2.0, licensing server, and configuring a NetScaler for load balancing StoreFront and the Desktop controllers. The experience was extremely smooth and only ran into one minor speed bump with SSL that I easily resolved.

Before you dive right into installing it, thoroughly read the release notes and install guide. You can find XenDesktop 7 on Citrix eDocs here. You can also download the highly detailed admin guide here. Once you login to My Citrix you can easily locate the install ISOs.

While I didn’t run into any show stopper or major issues, I do have some lessons learned from my install and some experience with StoreFront 1.2 that came in handy. Tips include:

  • If you configure two StoreFront servers for high availability, you may need to run the Citrix Configuration Replication service with Local System rights, or replication may fail between the two nodes.
  • StoreFront 1.2 really liked the Citrix Credential Wallet service startup mode set to Automatic (Delayed Start). Not sure if SF 2.0 needs that, but keep it in mind if you have issues after reboots.
  • NetScaler 10.1 has a new StoreFront monitor, which you should use to monitor the health of your StoreFront servers. Works like a charm for me.
  • If you install only the DDC role on a server, IIS is not installed. This is fine, but the DDC needs an SSL certificate bound to IP and port 443, or you can’t access the XML broker over SSL (which you should always do). This will also cause the NetScaler CITRIX-XD-DDC monitor to fail if you configure it for SSL. Use the following command on each DDC to bind your SSL certificate. The hash is the thumbprint value on the certificate, minus spaces. The appid is required, but you can use any valid GUID.

nettsh http add sslcert ipport=w.x.y.z:443 certhash=CertHash appid={8fbacae2-bd4e-8ef5-b202-1561845dd04f}

And that’s really about it. I haven’t yet created a machine catalog, but the bulk of the install is complete. SQL 2012 AlwaysOn is supported, and I verified that configuration works. So far this is looking like a solid release, and I look forward to beating up on it with Windows 8. I suspect a full install blog series is forthcoming.

Hands on labs from Synergy Los Angeles:

Taking a Tour of XenDesktop 7
Replacing Web Interface with StoreFront
What’s new in NetScaler 10.1
NetScaler Insight Center
NetScaler PoC
XenDesktop 7 Planning and Design

Updated on 6/30: 1800+ pg. XenDesktop 7 Administration Guide




Download Windows Server 2012 R2 Preview Now!

Windows Server 2012 R2

TechEd 2013 had a bunch of great sessions on Windows Server 2012 R2, which has a boatload of new features. You can now download Windows Server 2012 R2 Preview version now. Pick up your copy here. Windows 8.1 release preview will come out tomorrow, but you can get a jump start on seeing the new start button and other changes with Windows Server 2012 R2.

I have nine articles from TechEd 2013 that cover a wide range of new features in Windows Server 2012 R2, which should RTM later this year. Read up on many of those new features here. I’m really excited about this release, and will be beating up on the preview version in the coming weeks. And yes, you can now shutdown directly from the new start button!

You can check out more of the features in WS2012 R2 here.

Windows Server 2012 R2

Microsoft EMET 4.0 Released

EMET 4.0Back a few TechEd conferences ago I learned about a new tool called EMET (Enhanced Mitigation Experience Toolkit) from Microsoft that was designed to add additional layers of protection to Windows operating systems. Given my strong focus on secure solutions, I was a big fan of EMET. Over the years some Microsoft security bulletins listed EMET as a mitigation technique for some zero day attacks when a patch was not available.

What is EMET and why do I install it in all of my enterprise base images and run it on all my personal computers? One word: Protection. Although you may never have heard of DEP, ASLR, ROP, SEHOP or EAF those are important technologies to help limit the damage exploits can do to your system. Since third party software is the number one way machines get hacked these days, providing protection to these applications can be a big win.

The first version was very bare bones and not really designed for enterprise deployment or management. Since then it has gotten much more enterprise friendly, with features such as XML policy definition and GPO controls. During those enhancements the GUI changed very little, and was still quite basic.

EMET 4.0 is a drastic upgrade in every sense of the word. It sports a brand new GUI with the Office ribbon. It now supports certificate pinning, Windows event logging, various skins, and new protection profiles such as “maximum security settings”. There’s also a new configuration wizard with recommended settings, for easy one click manual deployment. Certificate pinning is supposed to help with man-in-the-middle attacks, although it only supports IE at this time. A MS blog post about certificate pinning is here.

EMET 4.0

Full support for Windows 8 and Windows Server 2012 are also a bonus for this release. If you want to check out the full Microsoft post about EMET 4.0, you can find it here. If you are super excited about this release like I am and just want to immediately download and install it, you can download it here. I installed it while writing this article, and really like the make-over and added protections. I highly recommend you test it out, and use it to help protect your systems.