You are here: Home > Blog

What Licenses Do I Need….

May 16th, 2012 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | Licensing | Microsoft | Remote Access | VDI | Virtualization | XenApp | XenDesktop - (25 Comments)

Earlier this week, I had a long discussion with a client (you know who you are) about what licenses they would need for a deployment of “zero client” devices. We’ve written a lot about Microsoft and Citrix licensing, about XenDesktop and XenApp, about the Citrix trade-up, etc., but it occurred to me that it might be beneficial to pull all the licensing information together into one post instead of expecting you, gentle reader, to have to sort through multiple posts to pull it all together.

So, let’s discuss Citrix licensing first, then move on to the Microsoft licensing.

First of all, if all you want to do is to deploy VDI (Virtual Desktop Infrastructure), and you have a limited number of users, then you should probably purchase VDI-in-a-Box. You can read more about this in our April Moose Views article about XenDesktop vs. VDI-in-a-Box.

If you decide that VDI-in-a-Box is not the right fit foryou, the next question you need to answer is whether to use XenApp licenses or XenDesktop licenses. Beginning with the introduction of XenDesktop v4.0, Citrix concluded, reasonably enough, that an organization that was deploying VDI probably wouldn’t get much leverage from a concurrent-use licensing model, because their concurrency ratio (by which I mean the ratio of total users to concurrent users) would be pretty close to 1:1. So XenDesktop v4.0 was introduced with a per-named-user or per-device license model. These licenses were roughly half the cost of the comparable XenApp concurrent-use license: XenApp Enterprise Edition, for example, carries an MSRP of $450 per concurrent user. XenDesktop Enterprise Edition carries an MSRP of $225 per user/device.

At the same time, Citrix made the decision to include XenApp rights in the XenDesktop license. So if you buy XenApp, you get only XenApp. But if you buy XenDesktop, you get both XenDesktop and XenApp – so you can use XenApp to stream applications to your virtual desktops, or have your virtual desktops function as client devices that run published applications that execute on the XenApp servers, or simply deploy a mixture of XenDesktop and XenApp to your user community depending on what delivery method is best for a particular use case. This is what Citrix refers to as the “FlexCast” delivery model.

This created the interesting situation where, because of the difference in license cost, if your concurrency ratio was less than 2:1, you were better off financially to purchase XenDesktop licenses even if all you really wanted to run was XenApp. And, since delivering what Citrix calls “hosted shared” desktops from XenApp servers makes more efficient use of the underlying hardware and storage infrastructure, the bias should probably be toward XenApp unless there is a clear use case for why users need to connect to individual desktop OS instances rather than a shared XenApp desktop (and it isn’t just appearance, because with XenApp v6.5 on Windows Server 2008 R2 we can deliver a XenApp desktop that looks and feels like a Windows 7 desktop). But, for the sake of this discussion, let’s move on down the XenDesktop trail.

Citrix has re-introduced a concurrent-use license option for XenDesktop, which is a better choice for organizations who want to deploy both XenDesktop and XenApp, but have a concurrency ratio greater than 2:1, but so far, I haven’t seen very many use cases where that license model made sense.

If you already have XenApp licenses, and want the ability to deliver VDI as well, you can take advantage of the Citrix trade-up program to transform your XenApp licenses into XenDesktop licenses. And if you trade up all of your XenApp licenses, you can get two XenDesktop user/device licenses for each XenApp license. So 250 XenApp licenses would become 500 XenDesktop user/device licenses. If you want more information on how the trade-up program works, and what your trade-up options are, check out the handy Citrix Trade-Up Calculator.

As of the release of XenDesktop v5.0 Feature Release 1, the license service got pretty smart in terms of how it managed those user/device licenses. This is good news for, say, a hospital, which may have devices that are used by multiple users and other users who use multiple devices. The license server can intelligently and dynamically reassign licenses between users and devices to make the most efficient use of the available licenses. For example, consider the following scenario for a brand-new environment where no licenses have yet been assigned:

  • User 1 logs on from client Device 1. The license server will, by default, check out a license to User 1.
  • User 1 logs off, and User 2 logs on from the same client device. The license server, now sensing that two different users have logged on from the same device, will take the license that was assigned to User 1, and reassign it to Device 1. Any subsequent users who log in from Device 1 will not cause any action by the license server, because Device 1 is already licensed.
  • If User 1 logs on again from a different client device, the license server will again check out a license to User 1 (so, at this point, two licenses are checked out: one to Device 1 and one to User 1). Since User 1 has logged on from two different devices, the license will remain assigned to User 1 unless/until manually released by an administrator (e.g., in the case of the employee leaving the organization), or unless User 1 doesn’t log on for a period of 90 days, in which case it will be automatically released due to inactivity.
  • Likewise, since two different users have logged on from Device 1, that license will remain assigned to that device unless manually released or automatically released due to 90 days of inactivity.

So…how do you know how many licenses you really need? There is actually a formula that will tell you that. You need to know how many total users you have (let’s call that number “A”), how many shared devices you have (let’s call that “B”), and how many of your users will use only shared devices (let’s call that “C”). The formula is A – C + B. So, if you have 1,000 total users, 300 shared devices, and 600 of your users will use only shared devices, you need 1,000 – 600 + 300 = 700 total licenses.

For more information on exactly how this works, see the Citrix Community Blog post by Christophe Catesson, which in turn links to a recorded session from Synergy 2011 that was a deep dive discussion of XenDesktop licensing.

Now for the Microsoft licensing component.

If you have users who will be executing applications on a XenApp server, you will need a Remote Desktop Services (RDS) CAL for that user, or for the client device that user is using. It is very difficult to manage a mixture of user CALs and device CALs in a Remote Desktop Services environment, so, in most cases, you’re going to be better off purchasing user CALs.

If you have users who will be attaching to a virtual desktop instance, the licensing requirements are different, depending on the client device. If the client device is a Windows PC whose Operation System is covered by Software Assurance, you do not have to purchase any additional Microsoft license to use that PC to connect to a virtual desktop. If the client device is not a Windows PC, or that copy of Windows is not covered by Software Assurance, you need a Virtual Desktop Access (VDA) license for that client device. VDA licenses are only available under the Open Value Subscription license model at present, meaning that you will continue to pay for them every year. Forever.

But wait! That’s not all! As Gabe Knuth outlines in a recent article on Techtarget.com, there is a very strange loophole in the VDA license terms. If you have a VDA license for your primary device (or if it’s covered by Software Assurance), you have what Microsoft calls “Extended Roaming Rights,” which allow you to also use your home computer to access your virtual desktop, or use your iPad when you’re at home or traveling. But, technically, it does not entitle you to bring your iPad into the office and use it there! To solve that (using the term “solve” loosely), Microsoft recently announced something called a “Companion Device License” (CDL) which allows you to use up to four other devices (in addition to the primary licensed device) to access your virtual desktop. No word yet on what the CDL will cost.

So let’s see if we can summarize what our client would need for a deployment of “zero client” devices (like, for example, the Wyse Xenith thin client).

  • You’re going to need some kind of Citrix license, either VDI-in-a-Box, XenDesktop, or XenApp.
  • Since the thin client is not a Windows PC, and therefore cannot be covered by Software Assurance, you would need to purchase a Microsoft VDA license for it.
  • If the thin client will be used only to attach to a virtual PC desktop and execute applications within that desktop OS environment, no additional Microsoft license is needed. However, if the thin client will also be used to attach to applications that are executing on a XenApp server – either directly or indirectly by having the Citrix client baked into the virtual PC desktop – you will also need a Microsoft RDS CAL.
  • You do not need an RDS CAL if you are only using XenApp to stream packaged applications to a virtual (or physical, for that matter) desktop for execution there. Since you are not actually utilizing Remote Desktop Services by executing code remotely on a Remote Desktop Server, no RDS CAL is required.
  • If you want to institute a BYOD program, where users can bring whatever client device they wish into the office and use it to access your VDI, you’ll probably need some of the new Microsoft CDL licenses.

If I’ve overlooked anything, feel free to submit questions via comments on this post, and we’ll try to get them answered. Let the discussion begin!

, , , , , , , , ,

The Future Is Now

March 21st, 2011 | Posted by Sid Herron in Application streaming | Application Virtualization | Best Practices | Branch Repeater | Citrix | Mobile Computing | Remote Access | VDI | Virtualization | XenApp | XenClient | XenDesktop - (0 Comments)

I recently discovered a video on “Citrix TV” that does as good a job as I’ve ever seen in presenting the big picture of desktop and application virtualization using XenApp and XenDesktop (which, as we’ve said before, includes XenApp now). The entire video is just over 17 minutes long, which is longer than most videos we’ve posted here (I prefer to keep them under 5 minutes or so), but in that 17 minutes, you’re going to see:

  • How easy it is for a user to install the Citrix Receiver
  • Self-service application delivery
  • Smooth roaming (from a PC to a MacBook)
  • Application streaming for off-line use
  • A XenDesktop virtual desktop following the user from an HP Thin Client…
    • …to an iPad…
    • …as the iPad switches to 3G operation aboard a commuter train…
    • …to a Mac in the home office…
    • …to a Windows multi-touch PC in the kitchen…
    • …to an iPhone on the golf course.
  • And a demo of XenClient to wrap things up.

I remember, a few years ago, sitting through the keynote address at a Citrix conference and watching a similar video on where the technology was headed. But this isn’t smoke and mirrors, and it isn’t a presentation of some future, yet-to-be-released technology. All of this functionality is available now, and it’s all included in a single license model. The future is here. Now.

I think you’ll find that it’s 17 minutes that are well-spent:

, , , , , , , , , , , ,

Citrix Formally Announces XenClient and XenVault

August 26th, 2010 | Posted by Sid Herron in Application Hosting | Application streaming | Application Virtualization | Citrix | Security | Virtualization | XenApp | XenClient | XenDesktop - (0 Comments)

Yesterday (August 25), Citrix formally announced XenDesktop 4 Feature Pack 2. It’s expected to be available by the end of September, and, of course, will be available at no charge to existing XenDesktop customers whose Subscription Advantage is current. The big news in this Feature Pack is the incorporation of XenClient and XenVault.

We’ve talked a lot about XenClient here, but haven’t said much about XenVault. It’s high time we did, because it’s a pretty cool piece of technology in its own right.

If you’ve used Citrix products in the past, you know that we have administrative control over whether, for example, users who are running applications on a XenApp server are able to save data back to a disk drive on their client device. With the advent of Smart Access (enabled by Access Gateway Enterprise policies), we can get even more granular: we might allow a user to save data to a client drive if they’re connecting from within the protected network, or connecting from a corporate-owned laptop, but deny that same user the ability to do so if they’re connecting from a personal device or public location like a hotel business center.

Unfortunately, once the data is on a client device, you now have a security risk. It could potentially be copied to a USB drive. The corporate laptop could be lost or stolen. (For some of the more high-profile examples, check out the “laptop losers hall of shame.”) Nevertheless, it’s often viewed as a risk we have to take so that our mobile users can be productive.

XenVault, which was first previewed at the Synergy event last May, is designed to address this risk. XenVault is a new plug-in for the Citrix Receiver. As such, its deployment and configuration are controlled through the Citrix Merchandising Server. To quickly review, Merchandising Server is the preferred tool Citrix has provided for installing and configuring client software. The first time a user authenticates to the Merchandising Server (through a simple browser interface), the Citrix Receiver will be pushed down and installed on the client device, together with whatever plug-ins and configuration details the administrator has defined for that user. Subsequently, the Citrix Receiver will check back with the Merchandising Server behind the scenes, and receive any configuration updates that may be available.

The XenVault plug-in creates a secure, encrypted (256-bit AES) storage area on the client hard disk. Typically, any application that is running remotely on a XenApp server or XenDesktop virtual PC will only be able to store data in the secure, encrypted location, if it is allowed to store data on the client drive at all. Same for an application that has been streamed via XenApp for local execution on the client (regardless of whether it was packaged with the Citrix streaming tools or with App-V). While the user will be able to use Windows Explorer to look at the secure location and see what files are there, the user will not be able to copy files from the secure location to a non-secured area of the hard disk, nor open the files with applications other than those specified by the administrator. For a deeper explanation of how this works, see Joe Nord’s blog post on the subject.

If the laptop is lost or stolen, the administrator can issue a “kill pill” that will cause the secure, encrypted area to be locked or deleted the next time the Receiver checks in with the Merchandising Server. Pretty cool.

If you can’t wait until the end of September to try it out, and you have a mycitrix login, you can download the XenVault technology preview now. And keep watching this space, because I’ve got a feeling that this will be a good subject for a future video blog.

, , , , , , , , , ,

XenApp – Beyond Application Virtualization

May 28th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | Virtualization | XenApp - (0 Comments)

A couple of days ago, in the post entitled “What Is Application Virtualization?” I made the statement that, although application virtualization is a component of XenApp, and has been since the release of Presentation Server v4.5, XenApp is more than just application virtualization. To fully understand what I mean by that, you need to understand the Citrix vision of how applications should be delivered to users.

Over the years, there have been a lot of ways to connect client devices to server-based applications and desktops: Program Neighborhood, Program Neighborhood Agent, “Project Charlotte” which became Nfuse which became Web Interface, etc., etc. But if you look back over the last 15+ years, you will see an evolution toward the Citrix vision of “Any” – any application, to any device, anytime, anywhere, over any kind of connection – and you will see an ongoing effort to make it simple and easy for users to access the applications they need, as well as easier for the IT staff to deliver the right applications to the right users.

In Citrix’s view, the delivery of applications to users should be as simple as the delivery of broadcast content over your satellite TV network. Think about that model for a moment – you generally don’t have to worry about whether you have a big or small TV set, or whether it has a traditional picture tube (yes, there are still some of those around), an LCD screen, or a Plasma screen…because you have a receiver that conforms to an accepted standard, and that will connect to any TV. You bring the TV home, take it out of the carton, and connect it to your satellite receiver, and with little or no additional configuration, you can watch the channels you’ve subscribed to. And you get to decide what you watch and when. If you have a DVR built into your receiver (as most do these days), you can even cache the programming content and watch it later.

The current Citrix delivery method is darned close to this, and completely unique in the market, in my opinion. There are four basic components:

  • The Citrix Receiver, together with several plug-ins for the Receiver.
  • The Citrix Merchandising Server, which is a virtual appliance designed to run on either XenServer or VMware. My expectation is that it will also soon be ported to Hyper-V.
  • Citrix Dazzle, which is a mechanism for user self-service.
  • Citrix Update Service, which is an on-line service provided by Citrix that is responsible for notifying Merchandising Servers of available plug-in updates.

Let’s look at these in turn, then see how they all play together.

Receiver
Citrix used to have a lot of separate clients, that all had to be installed separately. You had a client for XenApp. You had another client for XenDesktop. You had one for the Access Gateway, one for Single Sign On (a.k.a. Password Manager), one for Branch Repeater acceleration, one for receiving streamed apps – you get the picture. It was getting a little ridiculous, not to mention difficult to manage, and cluttered up your System tray with multiple little icons. By contrast, the Receiver is a sort of “universal client” that is responsible for managing a variety of plug-ins on the client desktop. Instead of multiple client icons in your System Tray, you’ll have just one – the Receiver. The plug-ins are modules of client functionality that are managed by the Receiver. At the moment, you have plug-ins for:

  • Secure Access (for Access Gateway Enterprise Edition)
  • Secure Access (for Access Gateway Standard Edition)
  • Online Plug-in (for XenApp hosted applications/desktops and connecting to XenDesktop-managed virtual PCs)
  • Offline Plug-in (for streamed applications)
  • App-V Plug-in (for Microsoft App-V streamed applications)
  • Communications Plug-in (for EasyCall)
  • Acceleration Plug-in (Branch repeater)
  • Service Monitoring Plug-in (enables Edgesight for Endpoints to gather data from the client)
  • Profile Management Plug-in (enables Citrix Profile Manager)
  • Dazzle Plug-in (enables application self-service via the Dazzle interface)

Merchandising Server
The Merchandising Server is the virtual appliance responsible for managing and delivering the Receiver and its various plug-ins to end users. The Merchandising Server can contact the Citrix Update Service via the Internet and download the latest versions of the Receiver and plug-ins. Once you have those, you create rules that stipulate what the Merchandising Server will push to different users as they authenticate, depending on such parameters as Machine Name, User Domain Membership, Machine Domain Membership, Operating System, and IP Address Range.

The first time the user connects, s/he will point a browser at a designated URL and enter login credentials, and the Merchandising Server will push down the specified package, which will be automatically installed. One installed, the Receiver will periodically check back with the Merchandising Server for updates, so you can dynamically add, remove, or update plug-ins as required.

Dazzle
Dazzle is a new variation on the old Program Neighborhood Agent theme that enables user self-service. Those who have worked with Citrix technology for a while will remember that the PN Agent communicated “behind the scenes” with a special Web Interface site to retrieve a list of the published applications available to the user. Icons for those applications could be pushed onto the Start Menu, or accessed by right-clicking on the PN Agent icon in the System Tray. The Dazzle plug-in also communicates with a special Web Interface site, but allows the user to open a window, view the available applications, and select the ones s/he wants to use (see below):

Dazzle User Experience

Dazzle User Experience


Applications can be organized into multiple “Stores” by the Administrator, and can be tagged to appear in a “Featured” list to draw the user’s attention. There’s a friendly description of each available application, and a column that indicates whether that application will work offline (i.e., whether it will be streamed to the client machine) – and, by the way, it doesn’t matter whether the app was packaged for streaming using the Citrix tools or using Microsoft’s App-V, so long as you’ve delivered the correct plug-in to them. Applications that are not tagged as working offline are, by implication, going to be executed on a XenApp server, and therefore will only be available when the client has connectivity to the XenApp server farm.

The user can browse through the list, or use a search function, which is extremely valuable in an enterprise that may have dozens – or even hundreds – of applications. To select an application, the user simply clicks on the “Add” button. The selected applications will appear in a “Dazzle Apps” folder on the Start Menu tree:

Dazzle Apps Folder

The Dazzle Apps Folder


So let’s summarize what we have with this system:

  • Administrators can easily publish applications, and organize them into “App Stores.” Applications from multiple server farms can be integrated into a single App Store, or multiple App Stores can be created as desired (e.g., one for Human Resources, one for Engineering, etc.).
  • Users no longer have to install or configure anything – all required client software is transparently pushed out to them and installed, and automatically updated, by the Merchandising Server.
  • Users can help themselves to the applications they need to be productive, and to only those applications. Just because an application is available to them doesn’t necessarily mean they will have an icon for that application cluttering up their desktop or Start Menu.

I don’t think that application delivery can get much easier than that.

And why, you may ask, is User Self-Service something you should be concerned about? Well, in addition to the obvious fact that is makes life easier for both your users and your IT staff, take a peek at the following video. Increasingly, these are the people you are going to want to attract and retain as employees. They’ve grown up with technology, and they have their own preferred ways of using it to be productive. Here’s what they had to say about corporate computing:

This is why I contend that XenApp is substantially more than just application virtualization, and substantially more than “something I add to my Remote Desktop Servers to make things run faster.” It is a new and unique way of delivering to your users the applications they want and need, and only those applications, with minimal muss and fuss on both ends of the transactions. Increasingly, your users are used to the self-service model (e.g., the Apple on-line store), they find it intuitive, and they like it. It enables BYOC (“Bring Your Own Computer”) policies. It makes life simpler for everyone. And no one else has anything like it at the moment.

If this has caught your interest and you’d like to see more detail, check out the video below. It’s a bit long (about 30 minutes), but does an excellent job of explaining how everything works:

, , , , ,

What Is Application Virtualization?

May 26th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | Microsoft | Virtualization | VMware | XenApp - (2 Comments)

Some folks out there are still scratching their heads over the Citrix decision to change the name of Presentation Server to XenApp. There were actually several reasons for that change. For one thing, we’ve all seen Remote Desktop Services (formerly known as Terminal Services) get better and better with every release of Windows Server – and don’t think for a minute that Citrix didn’t see that coming. As closely as they work with Microsoft, of course they did. So it became obvious to Citrix long ago that they needed a better value proposition for their product than “something that I add to Terminal Services to get better performance.”

In point of fact, Citrix does have a considerably better value proposition than that – but not everyone was “getting it.” One way to help people get it is to re-frame the conversation by repositioning the product, and sometimes changing the product name can help make that happen.

But why XenApp? Well, that goes back to the acquisition of XenSource a few years ago. It seems that, after making that aquisition, Citrix decided that, in their vocabulary, “Xen” = “Virtualization.” Therefore…

  • “XenServer” = “Server Virtualization”
  • “XenDesktop” = “Desktop Virtualization”
  • “XenApp” = “Application Virtualization”

But does it, really? (XenApp, I mean.) Well, sort of. These days, application virtualization is a component of XenApp, but XenApp is more than just application virtualization.

Which brings me back to the question: What is application virtualization? I would suggest, as a good working definition, that, just as server virtualization is the abstraction of a server operating system from the underlying hardware, application virtualization is the abstraction of an application from the operating system it’s executing on.

We virtualize servers by interposing a layer of software – the hypervisor – between the hardware and the operating system. Although some operating systems, like Windows Server 2008, are virtualization-aware, meaning that they know when they’re running on a hypervisor and modify their behavior accordingly, earlier OS versions had to be fooled into thinking that they were running directly on server hardware when in fact they were not.

Applications today are still at the stage of development where they have to be fooled into thinking that they’ve been installed normally when in fact they have not. When they’re installed, applications typically write specific information to specific locations in the Windows registry. They place .DLL files into specific folders (most frequently into C:\Windows\System32) – and sometimes these .DLL files overwrite or conflict with others, which is why you can’t, for example, run two different versions of Microsoft Access on the same PC workstation without some kind of application virtualization. Application virtualization places a sort of “software wrapper” around the application – sometimes referred to as an “isolation environment,” or a “sandbox.” It causes these Registry keys and files to be written to an application specific location, and redirects the application calls so they can be found when the application executes.

By contrast, when an application is executed via Remote Desktop Services (with or without the involvement of XenApp), you’re really virtualizing the presentation of the application. The application is executing on the server, and the user interface is being presented remotely at a client device, using a protocol such as RDP (Microsoft) or ICA (Citrix) to transport keystrokes and mouse movements from the client to the server, and screen updates from the server to the client.

In the old days – and often today as well – that application was installed directly on the Remote Desktop server. Today, we can instead use application virtualization to deliver the application to the server for execution on demand rather than installing the application in advance in the traditional way. But it’s important to understand that presentation virtualization – running the application in one place and displaying the user interface in another – is not the same thing as application virtualization, which, as we have defined it, has to do with how that application is installed on the desired execution platform and how it behaves when it executes.

The first product to do application virtualization on a large scale for Windows apps was Softricity, by a company called SoftGrid. Softricity evolved into App-V after Microsoft acquired SoftGrid. App-V not only virtualizes the application as described above, it also allows the application to be streamed on demand to the computer that needs to execute it. Application streaming works better than you might think, because it turns out that for most Windows apps, most of the code is seldom (if ever) used. (Just think of all the arcane features in Word or Excel that the average user will probably never use.) So we can stream down just enough code to get the user interface up and running, and continue to stream additional code in the background as features are actually required.

The combination of (1) not having to explicitly install applications on workstations (or Citrix servers, for that matter), and (2) not having to worry about applications conflicting with one another can make life much easier for the IT staff:

  • You no longer have to run around from workstation to workstation with a backpack full of installation CDs.
  • It can potentially eliminate the old practice of having multiple “silos” of servers within a Citrix server farm to run applications that would not play nicely with one another.
  • It makes image management for both workstations and XenApp servers much simpler, because if all of your applications are baked into your OS image, then any application change requires that you change (and regression test) your OS image – but if a streamed application changes, all you have to change is that application.

Meanwhile, back in Fort Lauderdale, Citrix had been working on its own approach to application isolation, which was added to the Enterprise and Platinum editions of Presentation Server when v4.0 was released. This “Application Isolation Environment” then evolved into application streaming with the release of Presentation Server v4.5. For those who are familiar with the Citrix application publishing paradigm, you can now:

  • Run the application through the Citrix packaging utility
  • Park the resulting package on a shared folder that’s accessible by your target machines
  • Step through the process of publishing the application, with a new twist: “I want to make this application available to this group of users, on this set of XenApp servers, and here’s the path to the application package.”

NOTE: Yes, I know that not all applications can be successfully packaged for streaming. But most modern Windows applications can be. Yes, you’ll have to test your apps, or, if you have a lot of apps, use a tool like AppDNA to analyze them for compatibility.

Administrative options allow you to specify whether an application package will be streamed to a XenApp server to be executed there, or streamed directly to the client PC to be executed there, or conditionally streamed (e.g., stream to the client PC if a particular set of criteria is satisfied, otherwise execute the app via XenApp). You can also stream it and cache it on the client PC so, in the case of a laptop, it can be disconnected from the network and continue to run the app for a specified period of time.

So, in a sense, the application virtualization component of XenApp competes with App-V. Prior to the release of XenApp 6, our advice would have been to use XenApp to package and stream apps if your need was primarily to serve up apps to Citrix users, and use App-V if Citrix represented only a small piece of your infrastructure and you primarily needed to package and stream apps to Windows-based workstations. This was mostly based on the fact that App-V needed its own servers to control publishing and streaming of the applications – so if your primary need was to deliver apps to XenApp users, it didn’t make sense to build that App-V control infrastructure when your Citrix farm already had everything you needed to stream apps via XenApp.

One of the features of XenApp 6, however, is the ability to deliver App-V packages through the Citrix application publishing infrastructure, without having to build out the App-V back-end server infrastructure. So now you can use whichever packaging tool you prefer with your Citrix infrastructure. If your staff is more familiar with – or just prefers – App-V, it’s not a problem, because XenApp will support those packages natively.

A discussion of application virtualization wouldn’t be complete without mentioning VMware’s ThinApp. A while back, VMware, seeing which way the competitive winds were blowing, realized it needed an application virtualization solution of its own, so it went out and bought one. In addition to packaging and streaming, ThinApp can also wrap an application up as a free-standing executable, meaning that you could theoretically carry the entire Microsoft Office suite with you on a USB stick, and plug it into any Windows PC anywhere regardless of whether (or which version of) Office was installed on that PC. Of course, if you actually did that with a PC that wasn’t already legally licensed for Office, you’re violating your Microsoft Office license, but I digress.

There are other application virtualization products in the marketplace, but at the moment, the “big three” are App-V, ThinApp, and XenApp. However, as I said way back in the beginning of this post, XenApp is more than just application virtualization. And that will be the subject of my next post.

, , , , , , , ,

Five Cool Products from Synergy 2010

May 18th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | Citrix Synergy | Provisioning Services | VDI | Virtualization | XenDesktop - (1 Comments)

As many readers know, I spent last week attending back-to-back Citrix conferences in San Francisco. Monday and Tuesday (“Summit”) was for Citrix Partners, Wednesday through Friday (“Synergy”) was for the larger user community. In the coming days, I expect to be writing a lot about stuff I learned there – to the extent that I can without violating the Non-Disclosure Agreement that all attendees agree to as part of the registration process.

Today’s post is about five cool products that I think are worthy of further investigation. I should stress that, aside from Wyse, we do not currently sell any of these vendors’ products, and we may or may not partner with them in the future. So this should not be interpreted as an endorsement other than to say that these products intrigued me and I believe them to be worth looking into.

Wyse XenithTM “Zero Client”
Finally, a non-Windows-based thin-client device with HDX MediaStream video support! I can hardly wait for us to get our hands on one of these for testing. Up until now, if you wanted high performance video, you needed to buy a Windows-embedded thin-client, and install the same Citrix Receiver and plug-ins that you would install on a full-blown desktop PC. And, unfortunately, a Windows-embedded thin-client can easily cost as much as a low-end PC. While I don’t have firm cost numbers yet, I was told it would be “sub-$300” (which I assume to mean $299).

At the Wyse demo, they plugged in the box, turned it on, it auto-discovered the XenDesktop infrastructure and automatically configured itself accordingly, and was ready to use literally in a few seconds. Wow.

Kaviza’s “VDI-In-a-Box”
Kaviza has an intriguing product. It won the “Best of Synergy” award in the “Business Efficiency” category. As the product name implies, they make a virtual appliance that handles the provisioning, load-balancing, and management of virtual desktops in a single package. Their original appliance was designed to run on VMware, but the Beta of v3.0 they were showing at Synergy will run on XenServer. They do not require shared storage (i.e., a SAN), or a separate connection broker. When you add more of their appliances, their “grid” automatically reconfigures itself to incorporate the new appliances, replicating desktop template images as required.

They’re positioning this as an SMB solution – up to a couple hundred desktops. If you’re going to grow beyond that, you’re probably going to want the greater storage efficiency of storing your desktop images on a SAN and using the provisioning services of XenDesktop 4. Also, this is specifically a VDI solution, by which I mean a bunch of virtual PCs running on one or more virtualization hosts. As we’ve discussed in other posts, VDI is only one kind of desktop virtualization. If you want the flexibility of being able to leverage all the different kinds of desktop virtualization, XenDesktop gives you that flexibility.

Suggested list price is $125 per concurrent user. Citrix has a VDI-only version of XenDesktop (which does include provisioning services, but does not include any other form of desktop virtualization) which lists for $95 per named user, or $195 per concurrent user. So, taking into account the cost savings from reducing the back-end infrastructure requirements, Kaviza is certainly competitive for smaller deployments, if you’re looking for strictly a VDI solution. Kavisa estimates that, including the virtualization hosts, you’re still under $500/user.

Interestingly enough, Citrix recently made a “strategic investment” in Kaviza, and has licensed their HDX high-performance video technology to them. This suggests that, at some level, Citrix does not necessarily view Kaviza as a competitive threat to XenDesktop 4.

You can view a demo of an earlier version of Kaviza on Brian Madden TV, or go right to the source and sign up for a Webinar on their upcoming v3.0 release.

App-DNA
Good Lord, if we’d only had a tool like this a few years ago. Several years ago, we worked with a major financial institution that will remain nameless (you know who you are) to build an infrastructure of what was then called Presentation Server that would serve up roughly 300 different applications to roughly 1,000 users. Application Isolation wasn’t available at the time, so we had to do things the hard way. We had a team of several engineers who spent months on application compatibility testing – not only to see which apps would run in a Presentation Server environment, but to see which apps could co-exist in a single server image. It was a huge project, and cost the customer a very large pile of money.

The App-DNA AppTitudeTM software automates the process of application compatibility testing. You give it access to the installation packages of your applications, and it will tell you which Windows desktop and/or server Operating Systems they are compatible with, whether they’re 64-bit compatible, and whether you should be able to package and stream them with XenApp’s app streaming tool or with Microsoft’s App-V. Moreover, if there’s an issue with an application, it tells you what the issue is and makes suggestions as to how you may be able to remediate it!

This product won the “Best in Show” award at Synergy, as well as winning in the “Process Improvement” category. The people I talked to couldn’t give me pricing, but if you’re looking at a major upgrade or migration that involves a lot of applications, this could be a huge time-saver.

Liquidware Labs
Their Stratusphere FitTM product was a Best of Synergy finalist in the “Business Efficiency” category (the category that was won by Kaviza). This is a VDI assessment tool. It will monitor and log a bunch of desktop OS and user performance metrics, looking at network usage, application usage, disk and memory utilization, graphics intensity, disk IOPS, network latency between the current desktop location and the data center you’re hoping to move it to, etc.

After gathering information for a while (a minimum of two weeks is recommended), it will spit out both detail and summary reports that will identify good, fair, and poor candidates for virtualization, identify potential problem areas, and help you size the back-end infrastructure that will be needed to host all of the newly-virtualized desktops.

The cost of a time-limited license (90 days, if memory serves me correctly) is roughly $7 per user. Look at it this way: You can design your VDI hosting environment by the seat of your pants, and probably end up either over- or under-building the infrastructure, or you can spend a little bit of money to develop some hard data to guide the design decisions. If it helps you avoid design mistakes, and helps insure the success of your VDI project, that’s probably money well spent.

Unidesk
The Unidesk product competes directly with the provisioning services component of XenDesktop 4. Why, you may ask, would you want to pay extra for a third party product instead of using the provisioning functionality that comes with all versions of XenDesktop 4? Here are some possible reasons:

  • Unidesk integrates patching and version management into their provisioning tool.
  • Unidesk can deliver boot-time drivers such as antivirus software, VPN software, and printer drivers as components that are separate from your master OS image.
  • Unidesk integrates application management into their provisioning tool, including applications that have been packaged for streaming via XenApp, App-V, or ThinApp.
  • The big one: Unidesk treats user-installed applications as part of “user personalization” – yes, you can provision from a single master OS image and still allow users to install their own apps. (And you can also – relatively easily – repair the damage when a user installs an app that breaks something else.)

In some organizations, user acceptance will make or break a desktop virtualization project. In a native XenDesktop 4 deployment, if you want to allow the user to install applications, you have to dedicate an OS image to that user. If this is a requirement for a lot of your users, you’re going to burn up a lot of expensive SAN storage. If internal company politics will allow you to lock down the corporate desktop, great! Your life will be much easier. And, as we’ve observed elsewhere, XenClient promises to address this by giving the user multiple desktops: a corporate desktop that’s locked down, and a personal desktop where they can install their own applications. But if you are forced, for whatever reason, to allow your users to install their own applications on top of the corporate desktop image, Unidesk could save you a bunch of storage space, and maybe even your sanity.

, , , , , , , , ,

XenApp 6 Worker Groups

April 5th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | XenApp - (0 Comments)

In case you missed the announcement, about a month ago, Citrix announced the release of XenApp 6. This is the version of XenApp that will run on Windows Server 2008 R2 – but there are also a lot of features in XenApp 6 that will make your life a lot simpler if you have to manage a XenApp farm. One of those is the concept of “worker groups.”

Over the years, Citrix has added the ability to control more and more XenApp features through policy settings – either through Active Directory Group Policies or through Citrix policies. But some things were still fairly tedious to manage.

For example, when you published an application on your XenApp farm, the information of which servers that application was published on was part of the application properties. If you had a set of applications published on a set of servers, and you wanted to add (or remove) a server from that set, you had to edit the properties of each application in the application set.

With XenApp 6 on Server 2008 R2, you can now create a new AD container called a “worker group.” Settings like computer policies, load balancing policies, and even which applications are published can be set on the worker group, and will be automatically inherited by any server that is added to that group. This literally makes it possible to fully configure a new XenApp server and add it to the farm without even opening the XenApp management console! (And, of course, if you’re using application streaming to deliver the applications to the designated XenApp servers, you don’t have to install those applications – simply assign them to the worker group, and they will be streamed to any server that is part of, or added to, that worker group.)

For a better understanding of how this works, take a look at this “Citrix TV” video by Leo Singleton:

, , ,

It’s Official – XenApp 6 Is On the Way

March 10th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | XenApp - (1 Comments)

As most of you know, XenApp 5 is not compatible with Windows Server 2008 R2. Citrix has been working diligently on an R2-compatible version. The “technology preview” has been out for several weeks now. Apparently the new product is sufficiently different that Citrix decided it warranted a major release number – so a few days ago, Citrix announced the release of XenApp v6. Here are some of the high points of the new release:

  • The biggie, of course, is compatibility with Windows Server 2008 R2. This means, among other things, that it will be a 64-bit-only release (since R2 is strictly 64-bit). And that has obvious implications for things like print driver and application compatibility.
  • New setup wizards reportedly cut installation time in half.
  • New “AppCenter” application management console. Includes the ability to manage and deliver streamed apps using both Microsoft App-V and Citrix application streaming from a single point.
  • Better integration with Microsoft management tools, including PowerShell.
  • “HDX” (High Definition User Experience) support for:
    • Real-time audio and video collaboration using Microsoft Office Communicator and VoIP soft phones
    • CD-quality audio with 90% less bandwidth
    • Plug-n-play support for USB devices like Point-of-Sale interfaces, webcams, microphones, scanners, digital cameras, etc.
  • Support for the new “Dazzle” self-service application storefront
  • New Citrix Receiver for Android mobile devices (and a promise that BlackBerry support is coming soon)

Along with the release of XenApp 6, Citrix is also releasing XenApp 5 Feature Pack 3, which will port as many of these features as possible back to Windows Server 2003 and Windows Server 2008 (non-R2) users.

Customers with current Subscription Advantage as of March 17 will be able to download XenApp 6 starting March 24. And, since XenDesktop 4 Enterprise and Platinum editions include full access to XenApp functionality, this applies to XenDesktop 4 customers as well as XenApp customers.

For more on the announcement, check out the following video from Citrix TV:


And for even more product information, see the XenApp 6 product page on the Citrix Web site.

, , , ,

What is Virtualization? – Application Virtualization

December 15th, 2009 | Posted by Shane Kalles in Application Hosting | Application streaming | Application Virtualization | General | Virtualization - (1 Comments)

To continue the discussion of “What is Virtualization?” that I started back on December 4, I bring you the next installment – Application Virtualization.

Application Virtualization is the isolation and separation of an application from its underlying Operating System (OS) as well as from other applications. The application is fooled into believing that it is working as normal, interacting with the OS and using those resources as if the application had been installed directly on the OS as normal.

Additionally, the application can be installed once within the datacenter and preserved as a “golden image” to be delivered out to the end users. This gives you one instance to manage, one instance to patch, one instance to maintain – all housed in one location. This will help cut IT application maintenance costs as well as help control licensing costs as it will be easier to track application utilization.

Since each virtualized application is isolated from other applications it becomes possible to deploy, on the same piece of hardware, applications that typically didn’t play nicely together in the past. This cuts down on the time needed to test application compatibility since each application resides inside its own “bubble” (much like teenagers).application silos

Traditionally, both desktop admins and admins who were in charge of Terminal Servers (and XenApp servers) spent hours and hours on application compatibility testing. When a new application was added to the official desktop or server image, or an existing application was upgraded, regression testing was necessary to insure that the new or upgraded application didn’t break some other application by, for example, overwriting a shared DLL file. By providing a method for virtualizing Registry entries and calls to particular folder locations, application isolation overcomes most of these headaches.

The real trick with application virtualization is the delivery method, since the delivery methods of these virtual applications is what separates the different vendor solutions in this field. The big three application virtualization solutions are Citrix XenApp, VMware ThinApp, and Microsoft Application Virtualization (a.k.a. “App-V”). These three vendors use either one method or a combination of delivery methods to get the applications to the end users.

Application Streaming: This refers to streaming the application over the network to the client PC on demand. The “secret sauce” here is in figuring out how to stream down just enough of the code to launch the application and allow the user to begin interacting with it. The rest of the code can be streamed down when the user attempts to use a feature that requires it, or it can be simply streamed down in the background until all of the application code is cached locally. An added benefit of streaming all of the code down is that it allows the application to continue to be used when the PC is not connected to the network. (E.g., you can unplug your laptop and take it on the road.)

The application streaming technology you use will determine the control and security of the application once it has been streamed to the end user device. For example, Citrix allows you to administratively set a “time to live” limit on how long apps will run in a disconnected state. If the PC isn’t reconnected to the network within that time limit, the app simply stops working – giving you some level of protection if a PC is lost or stolen. For another example, ThinApp allows you to make an application completely portable – you could carry the Office Suite with you on a USB stick, plug it into any PC, use it, and leave no trace behind when you unplugged the USB stick. (Note: Doing this with the Office Suite could result in a violation of the Office EULA!)

Another “secret sauce” ingredient is the ability to allow limited communication between applications, even though they’re running in their own isolation environments (the “bubble” referred to earlier). For example, your accounting application may need to call Excel to render the output of a particular report. Early versions of application isolation required these applications to be “packaged” together, i.e., installed into the same isolation environment – otherwise, the accounting app wouldn’t know that Excel was available, and you’d get an application error. The latest implementations allow enough inter-isolation communication to take place to avoid problems like this while still avoiding application compatibility conflicts.

Application Hosting: This method can take a couple of different forms. The first is to virtualize the presentation of a typical Windows application by installing the application on a Terminal Server (in most cases, a Terminal Server with Citrix XenApp installed on it), and connecting to that Terminal Server using some kind of remote communications protocol (e.g., Microsoft’s RDP, Citrix’s ICA, etc.). We’ve been doing this for years, and thousands of customers and millions of users access applications this way every day.

Most readers of this blog are probably familiar with the advantages of this deployment model: centralized deployment and management, tighter security, granular control over what can be saved and/or printed at the client location, etc.

Application Streaming can work with this kind of Application Hosting by allowing you to stream applications to your Terminal Servers rather than having to explicitly install them or build them into your official server image. Citrix XenApp customers have the rights to use the Citrix streaming technology to do this, and Microsoft recently announced that the new Server 2008 R2 Remote Desktop Services CAL (formerly called a Terminal Services CAL) will include the rights to use App-V to stream applications to Terminal Servers.

Web-based applications can also be legitimately called “hosted applications” – whether they’re hosted in your own corporate data center, or by some kind of application service provider (e.g., Salesforce.com). In this scenario, all that’s required on the client PC is a browser – at least in theory.

In fact, the browser then becomes an application that must be managed! For example, you may find that you require a specific version of Java to access a particular hosted Web application – and if the user has local admin rights to the PC, the possibility exists that s/he will inadvertently install something that breaks its compatibility with your critical Web application. Some Microsoft applications require the use of Internet Explorer (e.g., Microsoft CRM is not compatible with Firefox). Some applications may even require a specific browser version. (When IE7 was first released, it caused compatibility issues for users of Microsoft CRM v3.0.)

Also, as a general rule, a Web application will require a more powerful client PC as well as more bandwidth between the client and the Web server to yield a good user experience, compared to an RDP or ICA client device connecting to a Terminal Server.

There is, of course, the option of installing an application directly on a device either by physically visiting the machine with installation media in hand or by using some kind of central management system to push the bits onto the client’s hard drive. These options, however, do not fall under the definition of application virtualization that we’re using here.

The important thing to take away from application virtualization is that no matter how you approach it, it will save you money:

  • Hardware – being able to host multiple applications on a single piece of hardware without worrying about application incompatibility. This can virtually eliminate the “silos” of servers with different configurations in large XenApp environments that used to be necessary to isolate those problem apps that wouldn’t play nicely with any others.
  • Licensing costs – with all your applications being housed in the data center you will have a better understanding of how many instances of each application you are using and will be able to better track your licensing needs
  • Maintenance – being able to update or patch a single instance of the application rather than needing to physically update and patch each machine.
  • Management – less hardware to look after, less time spent with helping end users with application issues, less time spent in application regression testing

Hope this clears up that “what is application virtualization” question. However if you have more questions feel free to use the comments or contact me directly.

, , , , , , , , ,

Which App Streaming Is Best?

October 28th, 2009 | Posted by Sid Herron in Citrix | Microsoft | VMware - (0 Comments)

For quite some time now, Citrix has had the ability to stream applications on demand, either to XenApp servers, or to desktop/laptop PCs. If you own current versions of XenApp, you can use it. Microsoft also has an application streaming product called App-V, which it evolved from its acquisition of Softricity a few years back. They recently announced that they were going to discontinue the App-V for Terminal Services licenses, and just bundle the rights into what is now (in Windows 2008 R2) called the Remote Desktop Services (“RDS”) CAL. So if you own Server 2008 TS CALs or 2008 R2 RDS CALs, you’ve got the rights to use App-V to stream apps to your Remote Desktop Servers a.k.a. Terminal Servers.

Not wanting to be left out of the application streaming game, VMware went shopping a while back, and bought ThinApp. They maintain that ThinApp is better – or at least safer – because it runs exclusively in user mode, whereas both App-V and Citrix App Streaming require the explicit installation of an agent that contains kernel components.

So what’s the real story? Which application streaming technology should you use? Which is really best? As is so often the case with IT, the answer is a resounding, “It depends.” It’s sometime frustrating, but the fact is that we work in an industry where there is often no single “right way” to do something. But today I ran across a blog entry over in the Citrix Community Blog area that did such a great job of delving into the differences that I thought it was worth linking to here.

Check it out and let us know what you think.

, , , , , ,

Latest Blog Feeds
Go to our Blog Page
Testimonials
“Our business is all about process and margins; we rely on Moose Logic to install and manage network solutions that enable us to control both. Moose Logic created solutions that transformed our business relationships and processes.”
Ron Horowitz
Birchwood Park Homes
Read our Newsletter
Copyright © 2010 All rights reserved.
Wordpress Delicate template designed by NattyWP