Your are here: Home > Blog

Beware of Vendor-Sponsored “Analysis” Reports

June 16th, 2011 | Posted by Sid Herron in Citrix | VDI | Virtualization | VMware | XenDesktop - (2 Comments)

Mark Twain allegedly came up with the famous line: "Figures don’t lie, but liars figure." That’s a good thing to keep in mind any time you’re looking through a report that was sponsored ("sponsored" = "paid for") by a vendor that concludes that their product is better than the other guy’s.

Maybe it is better than the other guy’s. But you might want to look closely at what was tested, how it was tested, and whether they were, shall we say, selective in the facts they present.

Case in point: The Tolly Group’s report, released May 27, comparing VMware View 4.6 Premier Edition to Citrix XenDesktop 5 Platinum edition. There are several interesting aspects to this report, which are dealt with in detail in Tal Klein’s blog over on the Citrix Community blog site. Here are a few of the more egregious items:

  • VMware View 4.6 Premier licensing costs less than XenDesktop 5 Platinum. Absolutely true, and absolutely irrelevant. That’s like pointing out that if you load every possible dealer option onto your new car, it’s going to cost more than the basic model. Thank you, Captain Obvious. If you want an "apples-to-apples" comparison, you need to compare VMware View to the XenDesktop VDI Edition. But wait, if you do that, XenDesktop is actually less expensive, and that would be an awkward point to publish in a paper that’s being paid for by VMware.
  • VMware’s PCoIP provides a more consistent multi-media experience than XenDesktop 5. (Over a LAN. Using a single thin client device that did not support any of the Citrix HDX media acceleration features.) Sorry, guys, but once again this is not an apples-to-apples comparison. And did they publish any results of testing across a WAN link? Nope…and for the same reason they didn’t use XenDesktop VDI Edition for their price comparison.
  • It’s easier to upgrade View 4.5 to View 4.6 than it is to upgrade XenDesktop 4 to XenDesktop 5. Once again, both true and irrelevant. It’s easier to give your kitchen a new coat of paint than it is to rip out the cabinets and completely remodel it. Anybody surprised by that? There are significant architectural changes from XenDesktop 4 to XenDesktop 5. It shouldn’t be surprising to anyone that this will involve more effort than a "dot release" upgrade.

I’ve always been skeptical of vendor-sponsored "analysis" reports, and, to be fair, Citrix has used the Tolly Group in the past for its own sponsored reports – but it seems to me that this one is just over the top. Apparently, former Gartner analyst Simon Bramfitt agrees. His pithy assessment of the report: "There are undiscovered tribes lost in the darkest parts of the Amazon jungle that would know exactly what to do if a vendor airdropped a pile of competitive marketing literature authored by the Tolly Group; send it back, and asked [sic] that it be re-printed on more absorbent paper."

What do you think?

, , , , , ,

Thin Clients vs. Cheap PCs

June 1st, 2011 | Posted by Sid Herron in Licensing | Microsoft | VDI | Virtualization | Windows 7 - (1 Comments)

We have, for a long time, been fans of thin client devices. However, if you run the numbers, it turns out that thin-clients may not necessarily be the most cost-effective client devices for a VDI deployment.

Just before writing this post, I went to the Dell Web site and priced out a low-end Vostro Mini Tower system: 3.2 GHz Intel E5800 dual-core processor, 3 Gb RAM, 320 Gb disk drive, integrated Intel graphics, Windows 7 Professional 64-bit OS, 1 year next-business-day on-site service. Total price: $349.00.

When you buy a new PC with an OEM license of Windows on it, you have 90 days to add Microsoft Software Assurance to that PC. That will cost you $109.00 for two years of coverage. You’re now out of pocket $458.00. However, one of the benefits of Software Assurance is that you don’t need any other Microsoft license component to access a virtual desktop OS. You also have the rights, under SA, to install Windows Thin PC (WinTPC) on the system, which strips out a lot of non-essential stuff and allows you to administratively lock it down – think of WinTPC as Microsoft’s own tool kit for turning a PC into a thin client device.

Now consider the thin client option. A new Wyse Winterm built on Embedded Windows 7 carries an MSRP of $499. There are less expensive thin clients, but this one would be the closest to a Windows 7 PC in terms of the user experience (media redirection to a local Windows Media Player, Windows 7 user interface, etc.). However, having bought the thin client, you must now purchase a Microsoft Virtual Desktop Access (VDA) license to legally access your VDI environment. The VDA license is only available through the Open Value Subscription model, and will cost you $100/year forever. So your total cost over two years is $699 for the Wyse device vs. $458 for the Dell Vostro.

After the initial two year term, you’ll have to renew Software Assurance on the PC for another two years. That will continue to cost you roughly $54.50/year vs. $100/year to keep paying for that VDA license.

Arguably, the Wyse thin client is a better choice for some use cases. It will work better in a hostile environment – like a factory floor – because it has no fan to pull dust and debris into the case. In fact, it has no moving parts at all, and will likely last longer as a result…although PC hardware is pretty darned reliable these days, and at that price point, the low-end PC becomes every bit as disposable as a thin client device.

So, as much as we love our friends at Wyse, the bottom line is…well, it’s the bottom line. And if you’re looking at a significant VDI deployment, it might be worth running the numbers both ways before you decide for sure which way you’re going to go.

, , , ,

IntelliCache and the IOPS Problem

May 20th, 2011 | Posted by Sid Herron in Best Practices | Citrix | Provisioning Services | VDI | Virtualization | VMware | XenDesktop - (0 Comments)

If you’ve been following this blog for any length of time, you know that we’ve written extensively about XenDesktop, and spent a lot of time on best practices and problems to avoid. And one of the biggest problems to avoid is poor storage design resulting in poor VDI performance.

In a nutshell, the problem is that a Windows desktop OS uses disk far differently than a Windows server OS. Thanks to the way Windows uses the swap file, disk writes outnumber disk reads by about 2 to 1. You can build your virtual desktop infrastructure on the latest and greatest server hardware, with tons of processing power and insanely huge amounts of RAM, but if all of the disk I/O for all of those virtual desktops is hitting your SAN, you’ve got a scalability problem on your hands.

Provisioning Services (“PVS”) can help to mitigate this in two ways (assuming for sake of argument that you’re provisioning multiple virtual systems from a common, read-only image): First, if you build your Provisioning Servers correctly, you should be able to serve up most of the OS read operations from the Provisioning Server’s own cache memory. Second, you can use the virtualization host’s local disk storage as the required “write cache” – because all of those write operations have to go somewhere while the virtual system is running.

But XenDesktop 5 introduced a new way to provision desktops called “Machine Creation Services” (“MCS”). We wrote about this in the April edition of our Moose Views newsletter, so if you’re not familiar with all the pros and cons of MCS vs. PVS, I’d encourage you to take a brief time out and read that article. Suffice it to say that, despite all the advantages of MCS, the biggest downside of using MCS to provision pooled desktops was that all of the IOPS hit your SAN storage, which limited the scalability of an MCS-provisioned VDI deployment.

But all of that just changed, with the release of XenDesktop 5 Service Pack 1, which was made available for download a week ago (May 13). With SP1, XenDesktop 5 is now able to take advantage of the “IntelliCache” feature that was introduced as part of XenServer v5.6 Service Pack 2. Using MCS with the combination of XenDesktop 5 SP1 and XenServer SP2…

  • The first time a virtual desktop is booted on a given XenServer, the boot image is cached on that XenServer’s local storage.
  • Subsequent virtual desktops booted on that same XenServer will boot and run from that locally cached image.
  • You can use the XenServer’s local storage for the write cache as well.

The bottom line is that you can move as much as 90% of the IOPS off of the SAN and onto local XenServer storage, removing nearly all of the scalability limitations from an MCS-provisioned environment.

With most of the IOPS for running VMs taking place on local storage, it’s pretty straightforward to figure out how many VMs you can expect to support on a given virtualization host. Dan Feller’s blog post does a great job of walking through the process of calculating the functional IOPS that your local XenServer storage repository should be able to support, and inferring from that number how many light, normal, or power users you should be able to support as a result.

This also means that using XenServer as the hypervisor for your XenDesktop 5 deployment is going to yield a significant performance advantage over any other hypervisor, unless or until the other guys come out with similar local caching features. So, if you’re a VMware shop, my advice is this: Go ahead and virtualize all of the supporting XenDesktop server components on your VSphere infrastructure. Run your XenDesktop 5 VMs on XenServer hosts, and just don’t tell anyone! If you’re asked, just say, “Oh, yeah, these are my XenDesktop host systems – they’re completely separate from our VSphere infrastructure, because we don’t need the (insert favorite VSphere feature) function for these systems.” Your infrastructure will run better, and no one will know but you…

, , , , , , ,

Machine Creation Services and KMS

March 30th, 2011 | Posted by Sid Herron in Citrix | Licensing | Microsoft | VDI | Virtualization | Windows 7 | XenDesktop - (0 Comments)

We’ve written extensively here about the challenges of using Citrix Provisioning Services to provision VMs that require key activation (i.e., Vista, Win7, and Server 2008/2008R2). We publicly rejoiced when the news broke that PVS v5.6, SP1, supported both KMS and MAK activation.

But now, with the advent of XenDesktop 5, there is a new way to provision desktops: Machine Creation Services (“MCS”). As a public service to those who follow this blog, I thought I’d share Citrix’s official statement regarding MCS and KMS activation:

MCS does not support or work with KMS based Microsoft Windows 7 activation by default, however the following workaround has been provided and will be supported by Citrix Support should an issue arise.

For details on the workaround, click through the link above to the KB article.

It does not appear that there is a workaround that will allow MCS to be used with MAK activation, and I saw a comment by a Citrix employee on a forum post that indicated that there were “no plans to support it in the near future.” So…MCS with KMS, yes; MCS with MAK, no.

Not having MAK support probably isn’t a big deal, since the main reason why you would go with MAK activation rather than KMS activation would be if you had fewer than 25 desktops to activate, and if you have fewer than 25 virtual desktops, you may as well just stick with 1-to-1 images instead of messing around with provisioning anyway. But we thought you should know.

You’re welcome.

, , , , , , ,

The Future Is Now

March 21st, 2011 | Posted by Sid Herron in Application streaming | Application Virtualization | Best Practices | Branch Repeater | Citrix | Mobile Computing | Remote Access | VDI | Virtualization | XenApp | XenClient | XenDesktop - (0 Comments)

I recently discovered a video on “Citrix TV” that does as good a job as I’ve ever seen in presenting the big picture of desktop and application virtualization using XenApp and XenDesktop (which, as we’ve said before, includes XenApp now). The entire video is just over 17 minutes long, which is longer than most videos we’ve posted here (I prefer to keep them under 5 minutes or so), but in that 17 minutes, you’re going to see:

  • How easy it is for a user to install the Citrix Receiver
  • Self-service application delivery
  • Smooth roaming (from a PC to a MacBook)
  • Application streaming for off-line use
  • A XenDesktop virtual desktop following the user from an HP Thin Client…
    • …to an iPad…
    • …as the iPad switches to 3G operation aboard a commuter train…
    • …to a Mac in the home office…
    • …to a Windows multi-touch PC in the kitchen…
    • …to an iPhone on the golf course.
  • And a demo of XenClient to wrap things up.

I remember, a few years ago, sitting through the keynote address at a Citrix conference and watching a similar video on where the technology was headed. But this isn’t smoke and mirrors, and it isn’t a presentation of some future, yet-to-be-released technology. All of this functionality is available now, and it’s all included in a single license model. The future is here. Now.

I think you’ll find that it’s 17 minutes that are well-spent:

, , , , , , , , , , , ,

New XenDesktop Trade-up – and a New License Model

January 17th, 2011 | Posted by Sid Herron in Citrix | Licensing | VDI | Virtualization | XenApp | XenDesktop - (0 Comments)

Today, Citrix announced a new, permanent XenDesktop trade-Up program. (Well, mostly permanent – the special offer to users with expired Subscripion Advantage only runs through the end of 2011.) This new offer shouldn’t come as a big surprise, as all indications were that there would be some kind of upgrade path provided after the last trade-up program expired at the end of 2010. What did come as a surprise is the announcement of a concurrent-use (“CCU”) license model for XenDesktop Enterprise and Platinum. The new CCU license is good news for XenDesktop v3 customers, some of whom have not upgraded to XenDektop v4 or v5 because they didn’t want to give up the CCU license model.

The new trade-up program will allow XenApp users to trade up to either the user/device-based license model or the new concurrent use license model. New concurrent use licenses cost roughly 2x the cost of a user/device license. Here are the high points of the new trade-up program:

  • As was the case with the earlier trade-up programs, XenApp users can choose a straight one-for-one deal, where they receive one user/device XenDesktop license for each XenApp license, or, if they trade up all of their XenApp licenses, they can choose a two-for-one deal, where they receive two user/device licenses for each XenApp license. It will just cost you a little more than it would have if you had done it before the end of 2010.
  • Through the end of 2011, customers with expired Subscription Advantage can trade up their licenses for the same price as customers with current Subscription Advantage – and take advantage of the two-for-one deal. After December 31, 2011, it will cost an additional $50/license if your Subscription Advantage is expired.
  • You can now choose to trade up your XenApp licenses one-for-one to XenDesktop concurrent use licenses – although it’s more expensive than trading up to user/device licenses.
  • “Trade-up PLUS” – If you trade up all of your XenApp licenses, you can purchase additional XenDesktop licenses (on the same order) for 10% off the suggested retail price. These additional licenses do not have to be the same product version as the version you’re trading up to, i.e., you could trade up to XenDesktop Platinum Edition, and purchase additional XenDesktop Enterprise licenses (although I’m not sure why you’d want to).
  • “Trade-up MAX” – If you trade up all of your XenApp licenses, and purchase additional XenDesktop licenses for all of your remaining users (on the same order), the additional licenses would be 35% off the suggested retail price. Again, the additional licenses do not have to be the same version as the trade-up licenses. The order must total a minimum of 2,500 XenDesktop licenses, including both the licenses received via the trade-up offer and the additional licenses. Citrix will accept data from Dun & Bradstreet or Hoovers.com, or the user count from an active Microsoft Enterprise Agreement as evidence of how many users you have.

Here is a summary of the new trade-up suggested retail prices:

Trade-up From Trade-up 2:1 (User/Device) Trade-up 1:1 (User/Device) Trade-up 1:1 (CCU)
XD-E XD-P XD-E XD-P XD-E XD-P
XenApp Platinum n/a $185 n/a $135 n/a $220
XenApp Enterprise $130 $275 $85 $225 $155 $330
XenApp Advanced $190 $330 $140 $280 $230 $395
XenApp Fundamentals n/a n/a $140 $280 n/a n/a

Note that if your Subscription Advantage is expired, all of the prices above will go up after December 31, 2011. Note also that if you purchased XenApp Fundamentals bundled with Microsoft Terminal Services CALs, and you want to keep those Terminal Services CALs after the trade-up, you must specify that on your trade-up order. Otherwise, the Terminal services CALs will be rescinded along with the XenApp Fundamentals licenses that you’re trading up.

Citrix has provided a new Trade-Up Calculator that makes it really easy to figure out what your trade-up cost will be. You simply enter your data – how many XenApp licenses you own, how many you’re trading up, what edition your trading up from and to, whether your Subscription Advantage is current, whether you’re trading up all of your licenses, and whether you want to purchase additional licenses along with your trade-up – and the calculator will give you the various options available to you, along with the suggested retail price of each option.

You can also download a Trade-Up Brochure, and a Trade-Up FAQ Document from the Citrix Web site.

, , , , , ,

Top Ten VDI Mistakes (According to Dan Feller)

January 13th, 2011 | Posted by Sid Herron in Application Virtualization | Best Practices | Branch Repeater | Citrix | Provisioning Services | Storage | VDI | Virtualization | XenDesktop - (1 Comments)

Dan Feller is a Lead Architect with the Citrix Consulting group, and has written extensively about XenDesktop. We found his series on the top ten mistakes people make when implementing desktop virtualization to be quite enlightening. In case you missed it, we thought we’d share his “top ten” list here, with links to the individual posts. We would highly recommend that you take the time to read through the series in its entirety:

#10 – Not calculating user bandwidth requirements
Back in the “good old days” of MetaFrame, when we didn’t particularly care about 3D graphics, multimedia content, etc., we could get by with roughly 20 Kbps of network bandwidth per user session. That’s not going to cut it for a virtualized desktop, for a number of reasons that Dan outlines in his blog post. He provides the following estimates for the average bandwidth required both with and without the presence of a pair of Citrix Branch Repeaters (which have some secret sauce that is specifically designed to accelerate Citrix traffic) between the client device and the virtual desktop session:

Parameter XenDesktop Bandwidth without Branch Repeater XenDesktop Bandwidth with Branch Repeater
Office Productivity Apps 43 Kbps 31 Kbps
Internet 85 Kbps 38 Kbps
Printing 553 – 593 Kbps 155 – 180 Kbps
Flash Video (with HDX redirection) 174 Kbps 128 Kbps
Standard WMV Video (with HDX redirection) 464 Kbps 148 Kbps
HD WMV Video (with HDX redirection) 1812 Kbps 206 Kbps

NOTE: These are estimates – your mileage may vary!

One thing that should come across loud and clear from the table above is what a huge difference the Citrix Branch Repeater can make in your bandwidth utilization. And as we’ve always said: you only buy hardware once – bandwidth costs go on forever!

#9 – Not considering the user profile
It should go without saying that user profiles are important. But if it’s number 9 on the list of things people most often screw up, then apparently it doesn’t. In a nutshell: If you mess up the users’ profiles, the users won’t be happy – logon/logoff performance will suffer, settings (including personalization) will be lost. If the users aren’t happy, they will be extremely vocal about it, and your VDI deployment will fail for lack of user buy-in and support. There are some great tools available for managing user profiles, including the Citrix Profile Manager, and the AppSense Environment Manager. AppSense can even maintain a consistent user experience across platforms – making sure that the user profile is the same regardless of whether the user is logged onto a Windows XP system, a Windows 7 System, or a Windows Server 2008 R2-based XenApp server.

Do yourself a favor and make sure you understand what your users’ profile requirements are, then investigate the available tools and plan accordingly.

#8 – Lack of an application virtualization strategy
How many applications are actually deployed in your organization? Do you even know? Are the versions consistent across all users? Which users use which applications? You have to understand the application landscape before you can decide how you’re going to deploy applications in your new virtualized desktop environment.

You have three basic choices on how to deliver apps:

  1. You can install every application into a single desktop image. That means that whenever an application changes, you have to change your base image, and do regression testing to make sure that the new or changed application didn’t break something else.
  2. You can create multiple desktop images with different application sets in each image, depending on the needs of your different user groups. Now if an application changes, you may have to change and do regression testing on multiple images. It’s worth noting that many organizations have been taking this approach in managing PC desktop images for years…but part of the promise of desktop virtualization is that, if done correctly, you can break out of that cycle. But to do that, you must…
  3. Remove the applications from the desktop image and deliver them some other way: either by running them on a XenApp server, or by streaming the application using either the native XenApp streaming technology or Microsoft’s App-V (or some other streaming technology of your choice).

Ultimately, you may end up with a mixed approach, where some core applications that everyone uses are installed in the desktop image, and the rest are virtualized. But, once again, it’s critical to first understand the application landscape within your organization, and then plan (and test) carefully to determine the best application delivery approach.

#7 – Improper resource allocation
Quoting Dan: “Like me, many users only consume a fraction of their total potential desktop computing power, which makes desktop virtualization extremely attractive. By sharing the resources between all users, the overall amount of required resources is reduced. However, there is a fine line between maximizing the number of users a single server can support and providing the user with a good virtual desktop computing experience.”

This post provides some great guidelines on how to optimize the environment, depending on the underlying hypervisor you’re planning to use.

#6 – Protection from Anti-Virus (as well as protection from viruses)
If you are provisioning desktops from a shared read-only image (e.g., Citrix Provisioning Services), then any virus infection will go away when the virtual PC is rebooted, because changes to the base image – including the virus – are discarded by design. But you still need AV protection, because the virus can use the interval between infection and reboot to propagate itself to other systems. The gotcha here is that the AV software itself can cause serious performance issues if it is not configured properly. Dan provides a great outline in this post for how to approach AV protection in a virtual desktop environment.

#5 – Managing the incoming storm
In most organizations, the majority of users arrive and start logging into their desktops at approximately the same time. What you don’t want is dozens, or hundreds, of virtual desktops trying to start up simultaneously, because it will hammer your virtualization environment. There are some very specific things you need to do to survive the “boot storm,” and Dan outlines them in this post.

#4 – Not optimizing the virtual desktop image
Dan provides several tips on things you should do to optimize your desktop image for the virtual environment. He also has specific sections on his blog that deal with recommended optimizations for Windows 7, and recommended optimizations for Windows XP.

#3 – Not spending your cache wisely
Specifically, we’re talking about configuring the system cache on your Provisioning Server appropriately, depending on the OS and amount of RAM in your Provisioning Server, and the type of storage repository you’re using for your vDisk(s).

#2 – Using VDI defaults
Default settings are great for getting a small Proof of Concept up and running quickly. But as you scale up your VDI environment, there are a number of things you should do. If you ignore them, performance will suffer, which means that users will be upset, which means that your VDI project is more likely to fail.

#1 – Improper storage design
This shouldn’t be a surprise, because we’ve written about this before, and even linked to a Citrix TV video of Dan discussing this very thing as part of developing a reference architecture for an SMB (under 500 desktops) deployment. We’re talking here about how to calculate the “functional IOPS” available from a given storage system, and what that means in relation to the number of IOPS a typical user will need at boot time, logon time, working hours (which will vary depending on the users themselves), and logoff time.

Just to round things out, Dan also tossed in a few “honorable mentions,” like the improper use of NIC teaming or not optimizing the NIC configuration in Provisioning Servers, trying to provision images to hardware with mismatched hardware device drivers (generally not an issue if you’re provisioning into a virtual environment), and failing to have a good business reason for launching a VDI project in the first place.

Again, this post was intended to whet your appetite by giving you enough information that you’ll want to read through Dan’s individual “top ten” posts. We would heartily recommend that you do that – you’ll probably learn a lot. (We certainly did!)

, , , , , , ,

VM Hosted Apps – and Why You Should Care

December 27th, 2010 | Posted by Sid Herron in Application Virtualization | Citrix | Microsoft | VDI | Virtualization | Windows 7 | XenApp | XenDesktop - (0 Comments)

I’ve found that one of the least-understood features of XenApp is “VM hosted apps.” So, gentle reader, I thought it was time to try to bring some clarity to what is actually a very cool piece of technology, and may actually be the solution for how to continue to deliver IE6 for the Web apps that require it, even after you upgrade to Win7. (As you probably know, Microsoft has, so far, taken the position that packaging, streaming, or otherwise delivering IE6 by itself is a violation of their license – much to the consternation of users who have applications that depend on it.)

Why it exists
Anyone who has been around the block a few times with XenApp knows that there are some applications that just don’t play nicely in a multi-user environment. I can tell you that our own engineering team has become quite talented at making applications run in a XenApp environment even when the application vendors themselves said it couldn’t be done. And as the older DOS-based and 16-bit Windows applications gradually die of old age, things in general are getting better. Tools like application isolation and application streaming can help as well. But every now and then, you’ll run into an application that either just won’t run in a Remote Desktop Services (formerly Terminal Services) environment, or won’t play nicely with other applications, or misbehaves when more than one person at at time tries to run it.

We also occasionally run into applications that require some kind of hardware “dongle” as a license enforcement mechanism. Other applications have license mechanisms that are dependent on IP or MAC addresses, and/or save user-specific information that will require the application user to go back to the same system each time s/he wants to run the application. Finally, there may be users who need a very high-performance graphics processing unit, e.g., to run a graphics-intensive CAD program.

To help you deal with this, Citrix included a little bit of XenDesktop technology in XenApp, beginning with XenApp 5 Feature Pack 2. It’s only fair, after all, since XenApp functionality is now included in XenDesktop Enterprise and Platinum Editions, but while XenDesktop 4 (and now XenDesktop 5) includes all the functionality of XenApp for delivering applications to your XenDesktop users, XenApp’s VM hosted apps feature contains just enough XenDesktop functionality to create virtual – or physical – desktop systems specifically to run individual applications. In fact, that’s all those systems do. You can’t deliver multiple VM hosted apps from a single PC Operating System (well, not very easily anyway).

How it works
First of all, you have to build out the basic components of a XenDesktop farm. Yes, it can share some components with the rest of your infrastructure, but you’re going to need to build a Desktop Delivery Controller, you’re going to need a XenDesktop farm database, you’re going to need either a virtualization host (if you’re going to use virtual PC instances) or some physical PCs or blades, and you’re going to need an Operating System image with the target application installed into it. You may also deploy Provisioning Services if you want to stream the OS image either to your virtual infrastructure or to your blade PCs. In short, you go through the same process that you would go through if you were putting together a XenDesktop infrastructure to deliver a virtual desktop…but in this case, we’re delivering an application, not a desktop.

Here’s a high-level overview of the process:

  • Create an OS image.
  • Install the XenDesktop Virtual Desktop Agent into the image.
  • Install the desired application. If the application needs “helper apps” (e.g., an accounting app may require Microsoft Excel to display reports), you can install them too. You can even install the Citrix Online Plugin, Offline Plugin, Single Sign-On Plugin, etc., if you want to launch those helper apps on a XenApp server or have XenApp stream them down to the desktop image for local execution.
  • Create a shortcut for your desired application. If you really need to launch multiple applications, or launch something like the Citrix Online Plugin, create a script or batch file to launch the applications you want to launch, then create a shortcut to that script or batch file instead.
  • Place that shortcut into the C:\Program Files\Citrix\ICA Service\SeamlessInitialProgram folder of your desktop image. NOTE: If you try to put more than one shortcut in that folder, you will get an error!
  • Using the Citrix XenDesktop tools, convert your image into a VHD if you’re going to be streaming it via Provisioning Services or deploying it in a virtual environment. Like any other XenDesktop image, it can be a private image that is either preassigned to a specific user or assigned on first logon, or it can be a public image that you use with Provisioning Services to boot and run multiple instances.
  • Publish that application. It can be displayed via the Citrix Web Interface right alongside other applications that are being delivered via XenApp.

When the user clicks the icon, the application will be launched within the desktop OS, but will run as a “seamless app,” meaning that it looks and feels to the user as though it was running locally (just as applications published from the XenApp farm do). The user will never know, or care, which apps are running on XenApp servers and which are running on desktop OS instances.

Just as you would with any other XenDesktop deployment, you can configure, via the Desktop Delivery Controller, how many OS instances you want running in an idle state at any given point in time during the day – this eliminates the need for the user to wait for the PC/OS to boot before launching the app. Remember, though, that a desktop OS is not multiuser…meaning that if you have ten people who may need to run that application at the same time, you have to provide resources for ten virtual PC instances (or ten blades, as the case may be). And if you have two different applications that need to be deployed this way, you’re probably going to need to provide separate resources for each application. (Yes, I suppose you could create a script that launched both apps – but do you really want your users to click on a single icon and launch two completely different apps? Never mind the fact that the users who need one of the apps may have no overlap with the users who need the other one.)

Here are a couple more things to remember:

  • Your users are going to be remotely interacting with a Microsoft Desktop OS. That means you’re going to have to comply with Microsoft’s VDI licensing requirements. We’ve beat that horse to death elsewhere in this blog, so we won’t go into it again here.
  • Citrix never expected that VM hosted apps would be used for more than one or two percent of all the applications you may need to deploy in a XenApp environment. But sometimes that one or two percent represent business-critical apps, even if they’re only business-critical to a handful of your users.
  • You do not need XenDesktop licenses to do this. Users who launch a VM hosted app will consume a concurrent-use license from your XenApp license server. Users who launch multiple apps, e.g., a VM hosted app and several other apps delivered via XenApp, will still consume a single license.
  • You could also use VM hosted apps to quickly deploy an application while you’re figuring out how to make that application run on XenApp. Once you’ve figured that out, just re-publish the application. The users will never know – they’ll go to the same Web Interface and click on the same icon, and the app will launch.

So – back where we started this: If you’re one of those who are struggling to figure out how you’re going to continue to support IE6 in your environment while still migrating your users off of Windows XP, this is one potential answer for you. Deploy IE6 on Windows XP using VM hosted apps. Your users will never see the XP desktop, so they’ll never know.

A very cool tool to have in your toolbox, in our opinion.

If you want to know more about VM hosted apps, here are a couple of videos from Citrix TV. The first is from the XenApp Expert Series, with our old buddy Vinny Sosa (on the left) and Modesto Tabares talking about various use cases for the feature. This one will take you about 25 minutes if you watch the whole thing:

…and here’s a more technical video from the Learning Lap series that actually takes you through the installation and configuration of VM hosted apps. This one is about 20 minutes long:

, , , , , , ,

Citrix Fixes the Provisioning Services – KMS Problem!

November 17th, 2010 | Posted by Sid Herron in Citrix | Licensing | Microsoft | Provisioning Services | VDI | Virtualization | Windows 7 | XenDesktop - (8 Comments)

This is big news for anyone who wants to use XenDesktop to facilitate a Windows 7 migration. Here’s why: It only takes a moment’s thought to realize that if your desktop virtualization project simply trades inexpensive desktop SATA storage for expensive data center SAN storage, it’s not going to do good things for your ROI. So provisioning your virtual desktops from a shared Standard Image is a must. And that’s what Provisioning Services (“PVS”) allows you to do. If your standard Windows 7 OS image is, say, 15 Gb, you only need one instance of it on your SAN regardless of how many virtual PCs you’re provisioning from it. Then, using the Citrix Profile Management tool in conjunction with standard Group Policy folder redirection techniques, you can merge user personalization at logon time.

There was only one problem…turning a Win7 vDisk into a Standard Image broke the Microsoft license key. The only way around that was to use Key Management Services (KMS) to auto-activate systems as they were provisioned, but there were problems in using KMS with PVS, as we’ve documented in earlier posts.

I am happy to report that the problem has been addressed in PVS v5.6, SP1, which is now available for download at the Citrix download site. Not only that, but PVS v5.6, SP1, also works with a Multiple Activation Key (MAK) for smaller environments where KMS is not justified. Here’s the difference between the two activation methods:

KMS is a service that runs on a server in your own network. It supports Windows Server 2008 and 2008 R2, Vista, Win7, and Office 2010. However, it requires a minimum number of systems checking in for activation before any systems will be activated. That threshold is 8 systems for server activation, and 25 systems for workstation activation. Prior to SP1, systems provisioned from a Standard Image looked to the KMS server like the same system checking in again and again, so the threshold counter didn’t increment. SP1 fixes that. Please note, however, that you must be running KMS on a 2008 R2 server if you want virtual machines to increment the threshold counter.

With an MAK, the activation server is hosted at Microsoft. The MAK is a reusable key that’s good for a predefined number of activations. With SP1, PVS will cache the activation confirmation code for each system, so they will automatically reactivate on subsequent reboots.

Here is the configuration process, straight from Citrix. First of all, the Imaging Wizard allows you to choose which activation method you’re going to use:

PVS Imaging Wizard

Choosing the Activation Method

Once you’ve chosen either KMS or MAK, here are the next steps:

KMS Activation

  • Reset the activation status on the vDisk image:
    • Boot the master target device from vDisk in Private Image mode
    • Run slmgr.vbs -rearm in console on master target device
    • Shut-down master target device
  • Put disk in Standard Image mode and stream. Target devices will automatically register with KMS server, and activate (provided there are at least 25 systems checking in).

MAK Activation

  • Put disk in Standard Image mode and stream.
  • Use “Manage MAK Activations” to remotely activate streamed target devices. This is done only once per group of devices.
  • Provisioning Services will cache activation confirmation code for each device so that devices will automatically reactivate on subsequent reboots.

Kudos to the Citrix PVS development team for getting this done and out the door. Great job!

, , , , , , ,

Windows 7 and Security

November 10th, 2010 | Posted by Sid Herron in Best Practices | Microsoft | Security | VDI | Virtualization | Windows 7 - (1 Comments)

Volume 9 of the Microsoft Security Intelligence Report is out, and it makes for some pretty interesting reading. Among other things, it talks extensively about botnets – the various “families” of botnets, how they are used, how they work, and how access to them is sold and traded on the black market. Why? Because (quoting from the report), “When we look at that intelligence as a whole, it’s clear that botnets pose one of the most significant threats to system, organizational, and personal security.”

One of the things you’ll find in the report is a discussion of the infection rates of different versions of the Windows Operating System. You may have noticed that every now and then, as part of the critical patches and updates that Microsoft pushes to your PC, there’s something included called the “Malicious Software Removal Tool,” or “MSRT.” Microsoft keeps track of how often the MSRT actually finds malicious software when it runs, and that information is presented here as the number of computers cleaned of bot-related malware per 1,000 executions of the MSRT. Take a look at the following graph, which covers just Q2 of 2010 (click to view larger image):

Infection rate found per 1,000 executions of MSRT

I would like to particularly direct your attention to the fact that the infection rate for Windows XP SP3 is four times the infection rate for Windows 7, and the rate for Windows XP SP2 is five times the Win7 rate.

I understand that, for some people, the issue of upgrading from Windows XP to something else borders on being a religious discussion. But, honestly, if Windows 7 is that much more secure – which it clearly is – isn’t it getting a bit difficult to justify the “you can have my Windows XP when you pry it from my cold, dead fingers” position?

Of course, larger enterprises have some challenges to overcome. As we discussed in our September post about the cost of a Windows 7 migration, Gartner recently reported that, since most organizations weren’t planning to begin their Win7 migrations until 4Q2010, and with PC hardware replacement cycles typically running at four to five years at present, most organizations simply will not be able to complete a Windows 7 migration through the normal PC replacement cycle before Microsoft ends support for XP SP3. There just isn’t enough time left.

But even if there was enough time – why would you not want to move to an Operating System that’s four times more secure as quickly as you possibly can?

As Gartner pointed out, one alternative is to move some users to a “hosted virtual desktop” instead of a new PC. Translation: Making VDI part of your migration strategy can help get you out from behind the eight ball. It can also boost the overall security of your organization. Doesn’t that make it a conversation worth having?

, , , , ,