You are here: Home > Blog

Citrix Has Your Back – Again

July 21st, 2010 | Posted by Sid Herron in Citrix | General | Mobile Computing | Remote Access | Security | XenApp | XenDesktop - (0 Comments)

I just read an interesting blog post over on ZDnet, entitled The Changing Face of IT: Five Trends to Watch. As I read through the article, I was struck by how Citrix solutions can enable IT organizations to deal with these trends. Consider:

  1. The consumerization of IT – “Workers are bringing their own laptops and smartphones into the office and connecting them to corporate systems. More people than ever are telecommuting or working from home for a day or two a week. And, the number of Web-based tools has increased dramatically…”

    Yep. In fact many companies are instituting “BYOPC” (Bring Your Own PC) policies, because in the long run it can be less expensive to give employees a fixed allowance and allow them to buy whatever they want than it is to issue – and maintain – a company-owned laptop. Citrix themselves instituted this policy a few years ago.

    If you’re using XenApp or XenDesktop to provide access to your key line-of-business applications, you don’t care what the endpoint is. If your employee prefers a MacBook, fine. Want to use an iPad? No problem. Connecting in from your home PC because your kids are sick? We’ve got that covered, too. Just install the Citrix Receiver and you’re good to go.

  2. The borderless network – “…today’s IT security model is more about risk management than network protection. Companies have to identify their most important data and then make sure it’s protected no matter who’s accessing it and from wherever and whatever device they’re accessing it from.”

    Citrix likes to say that their products are “Secure by Design,” meaning that security is built into them from the ground up. First of all, when you’re accessing your virtual desktop remotely, or running a published application from a XenApp server, the data never leaves the data center. The remote endpoint (whatever it is) is just sending keystrokes and mouse movements to the data center and getting back pixel updates. On top of that, we can encrypt that data connection using the Citrix Access Gateway.

    Citrix also gives you very granular control over whether files can be copied between client and server, and/or whether print jobs can be directed to a client-attached printer. In fact, using Advanced Access Control policies, those controls can be context-sensitive, i.e., you might allow files to be copied to the client device if the client device is a company-owned laptop, but not if it is a home PC; or you might allow client-attached printing if the client is connecting from a branch office, but not if the same user, using the same client device, is connecting from home, or from a hotel.

  3. The cloudy data center – Let me go on record as saying that the most cloudy thing about the cloud is trying to understand what someone means when they say the word. Not unlike the word “portal” a few years ago, the first question that usually needs to be asked in any discussion about cloud computing is: “When you say ‘cloud,’ what exactly do you mean?”

    But the point to remember is that when you’re delivering applications via Citrix, users don’t know and don’t care where the data center is or where the applications are being executed. It doesn’t matter. Want to move your entire infrastructure to a co-lo? Fine. Want to have multiple data centers with automatic failover from one to the other? We can do that, too. By some definitions of the term, we’ve been building “private clouds” since the release of WinFrame back in the mid-90s.

  4. The state of outsourcing – “Outsourcing is thriving in many different forms, and it’s reasonable to expect that it will accelerate.”

    We made the point above that users don’t know and don’t care where the data center is. The fact is, for about 90% of what they need to do, neither do the administrators. Virtualization in general, and Citrix products in particular, make it very easy to administer, troubleshoot, and repair issues remotely. We built the entire Evans Fruit Company infrastructure without ever having our engineer set foot on site. In fact, actually dispatching an engineer to a customer location is now the exception rather than the rule.

  5. The mobilization paradigm – “While PCs still make sense on the desks of knowledge workers, for all of these other workers who regularly move around as part of their daily job, the stationary PC often changes the natural flow of their routine because they have to stop at a system to enter data or complete a task. That’s about to change. Mobile computers in the form of smartphones and touchscreen tablets (like the iPad) have taken a big leap forward in the past four years. They are instant-on, easy to learn because of the touchscreen, and they have a whole new ecosystem of applications designed for the touch experience…”

    Very true…but these same users are going to still need to access your traditional line-of-business applications, which will not be transformed overnight into touchscreen enabled apps. It is axiomatic that, in IT, nothing ever actually goes away – instead, new technology just gets layered over the top of old technology…which is why you’ll still find applications running on big mainframes in a lot of enterprises. So how do you manage that transition?

    Once again, Citrix comes through. There’s a Citrix Receiver for the iPhone, one for the iPad, one for Windows Mobile phones, one for the Android, and just a couple of months ago, Citrix released a version of the Receiver for BlackBerry devices. And, of course, Receivers for Windows, Mac, and Linux PCs have long been available. I don’t know of any other product or technology that offers this kind of flexibility in delivering applications to users regardless of location, connection, or endpoint device.

    6. So a big “Thank you!” to Jason Hiner for an excellent post. You’ve just described, in a nutshell, why Moose Logic is still excited to be a Citrix partner after all these years. Just remember, as you work to adapt to all of these trends that are indeed changing the IT landscape, we’ve got your back.

, , , , ,

Seven Days and Counting

June 23rd, 2010 | Posted by Sid Herron in Citrix | Licensing | VDI | Virtualization | XenApp | XenDesktop - (1 Comments)

Just in case you haven’t heard, there’s one week to go on the Citrix XenDesktop 4 Trade-Up Promotion. Here’s a quick recap:

  • The XenDesktop 4 Enterprise and Platinum Editions include all of the functionality of the corresponding XenApp edition. In other words, if you buy XenApp licenses today, you get XenApp. If you buy XenDesktop licenses, you get XenDesktop and XenApp.
  • however, the license model changes: XenApp licenses have always been – and continue to be – based on concurrent use. If you own 100 XenApp licenses, it doesn’t make any difference how many users hit your XenApp farm, you’re just limited to a maximum of 100 at any given time. XenDesktop Enterprise and Platinum licenses are non-concurrent – they are either per user or per device (your choice).
  • on the other hand, XenDesktop licenses are only about half the price per license as XenApp licenses. That means if your concurrency ratio (the ratio of total users to concurrent users) is less than 2-to-1, you’re better off buying XenDesktop licenses even if all you plan to use today is XenApp! You’ll pay less money, and you’ll have all that XenDesktop functionality in your back pocket ready to be deployed when you’re ready.
  • The current trade-up promotion allows you to convert your existing XenApp licenses to XenDesktop licenses at a price that you will probably never see again. This promotion is ending June 30.
  • If your Citrix Subscription Advantage is current, and you trade up all of your XenApp licenses, Citrix will give you two XenDesktop licenses for every XenApp license you trade up. E.g., if you have 100 XenApp licenses, your Subscription Advantage is current, and you trade up all 100 of them, you’ll end up with 200 XenDesktop licenses.
  • If your Subscription Advantage has been expired for a while, you may find that it’s less expensive to trade up to XenDesktop (which will come with a year of Subscription Advantage) than to pay the fee to get Subscription Advantage reinstated on your XenApp licenses. You won’t get the 2-for-1 deal, so you’ll have to look closely at whether the new license model will mean you have to buy additional licenses, which will obviously affect whether or not the total cost is advantageous to you, but it’s worth running the numbers to find out.
  • If the Subscription Advantage renewal on your XenApp licenses is coming due soon, consider the benefits of redirecting those renewal dollars to help pay for the trade-up. That can make an already-sweet deal even sweeter.

Citrix has a helpful on-line trade-up calculator that you can use to help you compare costs. You’ll need to enter (1) how many XenApp licenses you own, (2) how many of them you want to trade up, (3) what version of XenApp you own, (4) what version of XenDesktop you want to trade up to, and (5) whether or not your Subscription Advantage is current.

I suppose it’s possible that, come July 1, Citrix will announce that they’re extending the promotion…but I doubt it. So far, everyone I’ve talked to at Citrix has assured me that it will not be extended. I’m sure that there will still be an upgrade path after July 1, but it will cost you more money than the current promotion.

One more thing – if you’re going to do this, please don’t wait until the afternoon of June 30 to issue your purchase order! June 30 is like the “triple witching hour” – it’s end-of-month, end-of-quarter, and end-of-promotion. So it’s bound to be crazy busy in the Citrix order entry department. We’ve been requesting that all of our customers get their orders to us by end of business on the 29th, just to make sure that we can get the order placed through distribution and into Citrix’s hands before end of business in Fort Lauderdale on the 30th.

P.S.: We’re frequently asked why Citrix is making the change to non-concurrent licensing for XenDesktop. The main rationale is that if you’re looking at a serious desktop virtualization initiative, your concurrency ratio is probably going to be close to 1-to-1 anyway, so you won’t get much benefit from a concurrent license model. It also aligns more closely with the Microsoft VDI licensing model.

The important thing to remember is that if you are in that situation, you’ll actually spend less money and get more functionality for it, because the XenDesktop licenses will cost you roughly half of what it would cost to buy an equivalent number of XenApp licenses.

And if your use case is primarily to support a large pool of remote users, but you will never have more than half of them logged on at any given time, you can still purchase XenApp licenses to support those users, and they will still be concurrent use licenses.

, , , , , , ,

XenApp – Beyond Application Virtualization

May 28th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | Virtualization | XenApp - (0 Comments)

A couple of days ago, in the post entitled “What Is Application Virtualization?” I made the statement that, although application virtualization is a component of XenApp, and has been since the release of Presentation Server v4.5, XenApp is more than just application virtualization. To fully understand what I mean by that, you need to understand the Citrix vision of how applications should be delivered to users.

Over the years, there have been a lot of ways to connect client devices to server-based applications and desktops: Program Neighborhood, Program Neighborhood Agent, “Project Charlotte” which became Nfuse which became Web Interface, etc., etc. But if you look back over the last 15+ years, you will see an evolution toward the Citrix vision of “Any” – any application, to any device, anytime, anywhere, over any kind of connection – and you will see an ongoing effort to make it simple and easy for users to access the applications they need, as well as easier for the IT staff to deliver the right applications to the right users.

In Citrix’s view, the delivery of applications to users should be as simple as the delivery of broadcast content over your satellite TV network. Think about that model for a moment – you generally don’t have to worry about whether you have a big or small TV set, or whether it has a traditional picture tube (yes, there are still some of those around), an LCD screen, or a Plasma screen…because you have a receiver that conforms to an accepted standard, and that will connect to any TV. You bring the TV home, take it out of the carton, and connect it to your satellite receiver, and with little or no additional configuration, you can watch the channels you’ve subscribed to. And you get to decide what you watch and when. If you have a DVR built into your receiver (as most do these days), you can even cache the programming content and watch it later.

The current Citrix delivery method is darned close to this, and completely unique in the market, in my opinion. There are four basic components:

  • The Citrix Receiver, together with several plug-ins for the Receiver.
  • The Citrix Merchandising Server, which is a virtual appliance designed to run on either XenServer or VMware. My expectation is that it will also soon be ported to Hyper-V.
  • Citrix Dazzle, which is a mechanism for user self-service.
  • Citrix Update Service, which is an on-line service provided by Citrix that is responsible for notifying Merchandising Servers of available plug-in updates.

Let’s look at these in turn, then see how they all play together.

Receiver
Citrix used to have a lot of separate clients, that all had to be installed separately. You had a client for XenApp. You had another client for XenDesktop. You had one for the Access Gateway, one for Single Sign On (a.k.a. Password Manager), one for Branch Repeater acceleration, one for receiving streamed apps – you get the picture. It was getting a little ridiculous, not to mention difficult to manage, and cluttered up your System tray with multiple little icons. By contrast, the Receiver is a sort of “universal client” that is responsible for managing a variety of plug-ins on the client desktop. Instead of multiple client icons in your System Tray, you’ll have just one – the Receiver. The plug-ins are modules of client functionality that are managed by the Receiver. At the moment, you have plug-ins for:

  • Secure Access (for Access Gateway Enterprise Edition)
  • Secure Access (for Access Gateway Standard Edition)
  • Online Plug-in (for XenApp hosted applications/desktops and connecting to XenDesktop-managed virtual PCs)
  • Offline Plug-in (for streamed applications)
  • App-V Plug-in (for Microsoft App-V streamed applications)
  • Communications Plug-in (for EasyCall)
  • Acceleration Plug-in (Branch repeater)
  • Service Monitoring Plug-in (enables Edgesight for Endpoints to gather data from the client)
  • Profile Management Plug-in (enables Citrix Profile Manager)
  • Dazzle Plug-in (enables application self-service via the Dazzle interface)

Merchandising Server
The Merchandising Server is the virtual appliance responsible for managing and delivering the Receiver and its various plug-ins to end users. The Merchandising Server can contact the Citrix Update Service via the Internet and download the latest versions of the Receiver and plug-ins. Once you have those, you create rules that stipulate what the Merchandising Server will push to different users as they authenticate, depending on such parameters as Machine Name, User Domain Membership, Machine Domain Membership, Operating System, and IP Address Range.

The first time the user connects, s/he will point a browser at a designated URL and enter login credentials, and the Merchandising Server will push down the specified package, which will be automatically installed. One installed, the Receiver will periodically check back with the Merchandising Server for updates, so you can dynamically add, remove, or update plug-ins as required.

Dazzle
Dazzle is a new variation on the old Program Neighborhood Agent theme that enables user self-service. Those who have worked with Citrix technology for a while will remember that the PN Agent communicated “behind the scenes” with a special Web Interface site to retrieve a list of the published applications available to the user. Icons for those applications could be pushed onto the Start Menu, or accessed by right-clicking on the PN Agent icon in the System Tray. The Dazzle plug-in also communicates with a special Web Interface site, but allows the user to open a window, view the available applications, and select the ones s/he wants to use (see below):

Dazzle User Experience

Dazzle User Experience


Applications can be organized into multiple “Stores” by the Administrator, and can be tagged to appear in a “Featured” list to draw the user’s attention. There’s a friendly description of each available application, and a column that indicates whether that application will work offline (i.e., whether it will be streamed to the client machine) – and, by the way, it doesn’t matter whether the app was packaged for streaming using the Citrix tools or using Microsoft’s App-V, so long as you’ve delivered the correct plug-in to them. Applications that are not tagged as working offline are, by implication, going to be executed on a XenApp server, and therefore will only be available when the client has connectivity to the XenApp server farm.

The user can browse through the list, or use a search function, which is extremely valuable in an enterprise that may have dozens – or even hundreds – of applications. To select an application, the user simply clicks on the “Add” button. The selected applications will appear in a “Dazzle Apps” folder on the Start Menu tree:

Dazzle Apps Folder

The Dazzle Apps Folder


So let’s summarize what we have with this system:

  • Administrators can easily publish applications, and organize them into “App Stores.” Applications from multiple server farms can be integrated into a single App Store, or multiple App Stores can be created as desired (e.g., one for Human Resources, one for Engineering, etc.).
  • Users no longer have to install or configure anything – all required client software is transparently pushed out to them and installed, and automatically updated, by the Merchandising Server.
  • Users can help themselves to the applications they need to be productive, and to only those applications. Just because an application is available to them doesn’t necessarily mean they will have an icon for that application cluttering up their desktop or Start Menu.

I don’t think that application delivery can get much easier than that.

And why, you may ask, is User Self-Service something you should be concerned about? Well, in addition to the obvious fact that is makes life easier for both your users and your IT staff, take a peek at the following video. Increasingly, these are the people you are going to want to attract and retain as employees. They’ve grown up with technology, and they have their own preferred ways of using it to be productive. Here’s what they had to say about corporate computing:

This is why I contend that XenApp is substantially more than just application virtualization, and substantially more than “something I add to my Remote Desktop Servers to make things run faster.” It is a new and unique way of delivering to your users the applications they want and need, and only those applications, with minimal muss and fuss on both ends of the transactions. Increasingly, your users are used to the self-service model (e.g., the Apple on-line store), they find it intuitive, and they like it. It enables BYOC (“Bring Your Own Computer”) policies. It makes life simpler for everyone. And no one else has anything like it at the moment.

If this has caught your interest and you’d like to see more detail, check out the video below. It’s a bit long (about 30 minutes), but does an excellent job of explaining how everything works:

, , , , ,

What Is Application Virtualization?

May 26th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | Microsoft | Virtualization | VMware | XenApp - (2 Comments)

Some folks out there are still scratching their heads over the Citrix decision to change the name of Presentation Server to XenApp. There were actually several reasons for that change. For one thing, we’ve all seen Remote Desktop Services (formerly known as Terminal Services) get better and better with every release of Windows Server – and don’t think for a minute that Citrix didn’t see that coming. As closely as they work with Microsoft, of course they did. So it became obvious to Citrix long ago that they needed a better value proposition for their product than “something that I add to Terminal Services to get better performance.”

In point of fact, Citrix does have a considerably better value proposition than that – but not everyone was “getting it.” One way to help people get it is to re-frame the conversation by repositioning the product, and sometimes changing the product name can help make that happen.

But why XenApp? Well, that goes back to the acquisition of XenSource a few years ago. It seems that, after making that aquisition, Citrix decided that, in their vocabulary, “Xen” = “Virtualization.” Therefore…

  • “XenServer” = “Server Virtualization”
  • “XenDesktop” = “Desktop Virtualization”
  • “XenApp” = “Application Virtualization”

But does it, really? (XenApp, I mean.) Well, sort of. These days, application virtualization is a component of XenApp, but XenApp is more than just application virtualization.

Which brings me back to the question: What is application virtualization? I would suggest, as a good working definition, that, just as server virtualization is the abstraction of a server operating system from the underlying hardware, application virtualization is the abstraction of an application from the operating system it’s executing on.

We virtualize servers by interposing a layer of software – the hypervisor – between the hardware and the operating system. Although some operating systems, like Windows Server 2008, are virtualization-aware, meaning that they know when they’re running on a hypervisor and modify their behavior accordingly, earlier OS versions had to be fooled into thinking that they were running directly on server hardware when in fact they were not.

Applications today are still at the stage of development where they have to be fooled into thinking that they’ve been installed normally when in fact they have not. When they’re installed, applications typically write specific information to specific locations in the Windows registry. They place .DLL files into specific folders (most frequently into C:\Windows\System32) – and sometimes these .DLL files overwrite or conflict with others, which is why you can’t, for example, run two different versions of Microsoft Access on the same PC workstation without some kind of application virtualization. Application virtualization places a sort of “software wrapper” around the application – sometimes referred to as an “isolation environment,” or a “sandbox.” It causes these Registry keys and files to be written to an application specific location, and redirects the application calls so they can be found when the application executes.

By contrast, when an application is executed via Remote Desktop Services (with or without the involvement of XenApp), you’re really virtualizing the presentation of the application. The application is executing on the server, and the user interface is being presented remotely at a client device, using a protocol such as RDP (Microsoft) or ICA (Citrix) to transport keystrokes and mouse movements from the client to the server, and screen updates from the server to the client.

In the old days – and often today as well – that application was installed directly on the Remote Desktop server. Today, we can instead use application virtualization to deliver the application to the server for execution on demand rather than installing the application in advance in the traditional way. But it’s important to understand that presentation virtualization – running the application in one place and displaying the user interface in another – is not the same thing as application virtualization, which, as we have defined it, has to do with how that application is installed on the desired execution platform and how it behaves when it executes.

The first product to do application virtualization on a large scale for Windows apps was Softricity, by a company called SoftGrid. Softricity evolved into App-V after Microsoft acquired SoftGrid. App-V not only virtualizes the application as described above, it also allows the application to be streamed on demand to the computer that needs to execute it. Application streaming works better than you might think, because it turns out that for most Windows apps, most of the code is seldom (if ever) used. (Just think of all the arcane features in Word or Excel that the average user will probably never use.) So we can stream down just enough code to get the user interface up and running, and continue to stream additional code in the background as features are actually required.

The combination of (1) not having to explicitly install applications on workstations (or Citrix servers, for that matter), and (2) not having to worry about applications conflicting with one another can make life much easier for the IT staff:

  • You no longer have to run around from workstation to workstation with a backpack full of installation CDs.
  • It can potentially eliminate the old practice of having multiple “silos” of servers within a Citrix server farm to run applications that would not play nicely with one another.
  • It makes image management for both workstations and XenApp servers much simpler, because if all of your applications are baked into your OS image, then any application change requires that you change (and regression test) your OS image – but if a streamed application changes, all you have to change is that application.

Meanwhile, back in Fort Lauderdale, Citrix had been working on its own approach to application isolation, which was added to the Enterprise and Platinum editions of Presentation Server when v4.0 was released. This “Application Isolation Environment” then evolved into application streaming with the release of Presentation Server v4.5. For those who are familiar with the Citrix application publishing paradigm, you can now:

  • Run the application through the Citrix packaging utility
  • Park the resulting package on a shared folder that’s accessible by your target machines
  • Step through the process of publishing the application, with a new twist: “I want to make this application available to this group of users, on this set of XenApp servers, and here’s the path to the application package.”

NOTE: Yes, I know that not all applications can be successfully packaged for streaming. But most modern Windows applications can be. Yes, you’ll have to test your apps, or, if you have a lot of apps, use a tool like AppDNA to analyze them for compatibility.

Administrative options allow you to specify whether an application package will be streamed to a XenApp server to be executed there, or streamed directly to the client PC to be executed there, or conditionally streamed (e.g., stream to the client PC if a particular set of criteria is satisfied, otherwise execute the app via XenApp). You can also stream it and cache it on the client PC so, in the case of a laptop, it can be disconnected from the network and continue to run the app for a specified period of time.

So, in a sense, the application virtualization component of XenApp competes with App-V. Prior to the release of XenApp 6, our advice would have been to use XenApp to package and stream apps if your need was primarily to serve up apps to Citrix users, and use App-V if Citrix represented only a small piece of your infrastructure and you primarily needed to package and stream apps to Windows-based workstations. This was mostly based on the fact that App-V needed its own servers to control publishing and streaming of the applications – so if your primary need was to deliver apps to XenApp users, it didn’t make sense to build that App-V control infrastructure when your Citrix farm already had everything you needed to stream apps via XenApp.

One of the features of XenApp 6, however, is the ability to deliver App-V packages through the Citrix application publishing infrastructure, without having to build out the App-V back-end server infrastructure. So now you can use whichever packaging tool you prefer with your Citrix infrastructure. If your staff is more familiar with – or just prefers – App-V, it’s not a problem, because XenApp will support those packages natively.

A discussion of application virtualization wouldn’t be complete without mentioning VMware’s ThinApp. A while back, VMware, seeing which way the competitive winds were blowing, realized it needed an application virtualization solution of its own, so it went out and bought one. In addition to packaging and streaming, ThinApp can also wrap an application up as a free-standing executable, meaning that you could theoretically carry the entire Microsoft Office suite with you on a USB stick, and plug it into any Windows PC anywhere regardless of whether (or which version of) Office was installed on that PC. Of course, if you actually did that with a PC that wasn’t already legally licensed for Office, you’re violating your Microsoft Office license, but I digress.

There are other application virtualization products in the marketplace, but at the moment, the “big three” are App-V, ThinApp, and XenApp. However, as I said way back in the beginning of this post, XenApp is more than just application virtualization. And that will be the subject of my next post.

, , , , , , , ,

Cloning a XenApp 6 Server

May 18th, 2010 | Posted by Jeromy Carman in Application Virtualization | Citrix | Troubleshooting and How-Tos | XenApp - (4 Comments)

One of the many enhancements Citrix made in XenApp v6 is that cloning a server is now much easier that it was in previous versions. Here’s a step-by-step guide, with lots of screen caps:

  1. Install the updated XenApp Server Configuration Tool.
  2. Run the XenApp Server Role Manager (Start – All Programs – Citrix – XenApp Server Role Manager – XenApp Server Role Manager):
    XenApp Server Role Manager

    XenApp Server Role Manager

  3. Select “Edit Configuration:”
    Edit Configuration

    Edit Configuration

  4. Select “Prepare this server for imaging and provisioning:”
    Choose a Task

    Choose a Task

  5. On the next screen, check “Remove this current server instance from the farm,” as shown below, then click “Next.” As the pop-up tip indicates, this will save you from having to do it manually later. The server will automatically join the farm when you bring it back on-line.
    Provisioning Options

    Provisioning Options

  6. On the next screen, click “Apply:”
    Ready to Configure

    Ready to Configure

  7. The server runs through the items that are needed to prepare XenApp for cloning. Note the informational warning that the settings will be applied when you clone or reboot the server. This means that once your new server comes on-line, it will automatically join the farm that the original server was in (before you removed it in Step 5).
    Configuring Server

    Configuring Server

  8. Back at the XenApp Server Role Manager screen, you can choose to reboot the server (which you probably don’t want to do just yet), or simply close the window and proceed with any additional tasks you may need to perform before cloning, such as Sysprep.
    XenApp Server Role Manager

    XenApp Server Role Manager

  9. After you’ve finished any additional tasks, you can shut the server down, and clone it to your heart’s content. When your clones come back on-line, if they have a network connection on the correct IP subnet, they will automatically join the farm. However (“gotcha” alert), if you didn’t Sysprep them, they will all try to join the farm under the same machine name – the one your original server had. So if you didn’t change the name of the server, it’s best to disconnect it from the network, change the name and IP address, reconnect to the network, join it to the AD Domain, and then reboot it so it can join the XenApp farm using the correct name.

If you’re a Citrix “old-timer,” you’ve got to agree that it doesn’t get much easier that this!

, ,

Why Isn’t Desktop Virtualization More Widely Adopted?

May 12th, 2010 | Posted by Sid Herron in Citrix | Citrix Synergy | VDI | Virtualization | XenApp | XenClient | XenDesktop - (15 Comments)

I attended an interesting session at Citrix Synergy earlier today. It was conducted by Ron Oglesby, Chief Solution Architect of Unidesk, and the subject was why desktop virtualization has not taken off like server virtualization has. This is something I’ve wondered about myself, so I was eager to hear someone else’s view on the subject. Since a lot of the points he made could also be classified as “things to watch out for,” I thought others might also find it interesting.

First of all, it is important to recognize that “Virtual Desktop” does not equal “VDI.” (And by “VDI,” I mean turning your physical PCs into virtual machines that are running on some kind of hosting infrastructure, such as VMware, XenServer, or Hyper-V.) VMware has done a pretty good job in many cases of framing the conversation as though these terms were equivalent, because VDI is what they do, and it’s in their best interests to frame the conversation that way. Hats off to them for the degree to which they’ve accomplished that.

But VDI is just one form of desktop virtualization. The fact is that we’ve been virtualizing desktops since the debut of WinFrame a decade and a half ago. And it can be argued that XenApp is still the most cost-effective way to virtualize a desktop. I can pretty much guarantee that, on a given piece of server hardware, I can support more concurrent users with XenApp than I can by building individual virtual PCs.

But what seems to be happening in some cases is that management has seen the tremendous cost savings that have been achieved through server virtualization, so they decide that they should virtualize desktops the same way they virtualized servers, expecting that they will see the same kind of dramatic cost savings. Often, they are painfully disappointed.

Dramatic cost reduction through server virtualization is a no-brainer. You take a bunch of servers that are already in the data center, most of which are probably idling along at less than 10% processor utilization (if that), and consolidate them onto a smaller number of servers. You save space. You save power (both the power it takes to run the servers and the power it takes to cool them). You gain agility and fault tolerance through things like live motion technology. The CAPEX (capital expenditure) savings are obvious. You can probably show a positive return on investment in the first year.

Near-term CAPEX savings are almost impossible to show in a VDI project, because of the back-end infrastructure you have to put in place to host your virtual desktops. (Note that we’re talking here specifically about VDI as I defined it earlier in this post.) Your savings are primarily in ongoing operating expenses, and (according to the Burton Group in a different session I attended) it may take as long as 3 – 5 years to see a significant ROI. Beyond that, you’re talking about things that are very hard to quantify at all, such as the benefit of giving your employees the flexibility to be productive from anywhere. Great idea, difficult to quantify.

Unless you are using some kind of tool that will let you provision multiple virtual desktops from a single shared image, your storage costs are going to skyrocket, because you’re replacing cheap SATA storage on the desktop with expensive SAN storage in the data center – and a Windows 7 image with all the apps on it can easily run 30 Gb. Moreover, the way a desktop OS uses storage is completely different from the way a server uses storage. Your typical Windows server probably averages about 5 IOPS (Input/Output Operations Per Second), with a read/write ratio of 2:1 to 3:1 (more reads than writes). A Win7 system averages more like 30 IOPS, and the read/write ratio is just the opposite.

In other words, workstations aren’t servers, and they won’t behave like servers just because you move them into your data center and put them on a SAN, and therefore you can’t treat them as though they were servers. If you do, you probably won’t be happy with the result.

Finally, although IT guys love standardization, users don’t. They’re used to being able to personalize their personal computers, and they won’t easily give that up. And they definitely won’t be happy if all of the personalization they’ve done suddenly disappears when you replace their PCs with virtual desktops. Unfortunately, there is no magic wand you can wave that will transform a bunch of diverse PCs that have been highly personalized into a single shared image while still preserving all of the personalization. There are some tools that will help you with this, but you have to plan, you have to test, you have to be careful, and you need to have a roll-back plan.

So does this mean that desktop virtualization is a bad idea? No, not at all. It does mean that you need to take the time to understand your users, and come up with a desktop strategy that encompasses all of your use cases. And you need to recognize that classic VDI is probably not a “one-size-fits-all” solution for all of your users:

  • Task-based workers (e.g., call centers) are probably very well served by “Hosted Shared Desktops,” a.k.a., virtual desktops running on XenApp servers.
  • Remote workers may also be covered by Hosted Shared Desktops, although those who need more power, or need the flexibility of a dedicated OS, may be well served by a hosted virtual PC – traditional VDI. For example, a contract programmer may be a continent away, and may need the ability to do things that cannot be done on a shared server OS, like modifying the registry or rebooting the system, but the employer may also want the security of knowing that the code never leaves the datacenter. VDI is a perfect solution for this use case.
  • Office workers may be served by hosted virtual desktops (VDI), but could also be served by streaming the PC operating system from a central shared image directly to the PC hardware on their desks. Managing that central image beats running around to all the desktops with a backpack full of CDs to do your upgrades!
  • Power users who might, for example, need the power of a dedicated 3D graphics processor might be best served by streaming a central shared image to a blade PC in the datacenter, which the user then accesses via a thin-client desktop device.
  • Mobile users, by definition, need to work when they’re not connected to the corporate network. This is the use case addressed by XenClient.
  • In all of the cases above, having a provisioning tool that allows you to boot and run multiple systems from a single shared image is going to save you a bundle on storage.

The cool thing about XenDesktop 4 is that you can handle all of these use cases, and mix and match the best virtual desktop deployment method to each group of users, and they’re all included in your XenDesktop 4 Enterprise or Platinum license. No other vendor offers that flexibility.

, , , , , , ,

XenApp 6 Worker Groups

April 5th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | XenApp - (0 Comments)

In case you missed the announcement, about a month ago, Citrix announced the release of XenApp 6. This is the version of XenApp that will run on Windows Server 2008 R2 – but there are also a lot of features in XenApp 6 that will make your life a lot simpler if you have to manage a XenApp farm. One of those is the concept of “worker groups.”

Over the years, Citrix has added the ability to control more and more XenApp features through policy settings – either through Active Directory Group Policies or through Citrix policies. But some things were still fairly tedious to manage.

For example, when you published an application on your XenApp farm, the information of which servers that application was published on was part of the application properties. If you had a set of applications published on a set of servers, and you wanted to add (or remove) a server from that set, you had to edit the properties of each application in the application set.

With XenApp 6 on Server 2008 R2, you can now create a new AD container called a “worker group.” Settings like computer policies, load balancing policies, and even which applications are published can be set on the worker group, and will be automatically inherited by any server that is added to that group. This literally makes it possible to fully configure a new XenApp server and add it to the farm without even opening the XenApp management console! (And, of course, if you’re using application streaming to deliver the applications to the designated XenApp servers, you don’t have to install those applications – simply assign them to the worker group, and they will be streamed to any server that is part of, or added to, that worker group.)

For a better understanding of how this works, take a look at this “Citrix TV” video by Leo Singleton:

, , ,

Using Web Interface 5.2 with a Presentation Server 4.0 Farm

March 23rd, 2010 | Posted by Ryan Parlee in Application Virtualization | Citrix | XenApp - (0 Comments)

We here at Moose have been working with Web Interface 5.2 (hereafter referred to as WI 5.2) more and more these days, and the question was bound to come up, “Can I use the new WI 5.2 with my old Presentation Server 4.0 farm AND my new XenApp 5.0 farm at the same time?”

Yes, you absolutely can.  The Admin guide for WI 5.2 states that it is compatible with the Windows 2003 and UNIX versions of Presentation server 4.0 up through the current XenApp 5.0 versions.  However, it is not 100% compatible right out of the box.

You can configure your old Presentation Server 4.0 farm in the WI 5.2 farm properties and then login to the WI and see all of your published apps, but when you go to launch one you will receive the following message:

“An error occurred while making the requested connection.”

Citrix Web Interface Screenshot

Screenshot courtesy Citrix’s KB article CTX123003

The solution is detailed below.  These exact steps are from Citrix KB article CTX123003

  1. On the Web Interface 5.2 server, locate the WebInterface.conf file (\Inetpub\wwwroot\Citrix\XenApp\Conf) and open it with a text editor.
  2. Locate the following entry around line# 169:
    RequireLaunchReference=On
  3. Replace it with the following entry:
    RequireLaunchReference=Off
  4. Save the WebInterface.conf file and test.
  5. Users should be able to launch applications from the XenApp 4.0 farm successfully.

That said, it is important to note that Presentation Server 4.0 hit “End of Life” on Dec. 31, 2009. (Citrix lists product lifecycle information for all of their products on their Web site.) This means that product downloads and hotfixes are no longer available, and tech support is limited to whatever information you may be able to dig out of the Citrix on-line Knowledge Base. So we sincerely hope that the only time you would ever be using the information in this post is when you’re in the process of transitioning from Presentation Server 4.0 to your new XenApp 5 (or, very shortly, XenApp 6) farm!

, ,

It’s Official – XenApp 6 Is On the Way

March 10th, 2010 | Posted by Sid Herron in Application streaming | Application Virtualization | Citrix | XenApp - (1 Comments)

As most of you know, XenApp 5 is not compatible with Windows Server 2008 R2. Citrix has been working diligently on an R2-compatible version. The “technology preview” has been out for several weeks now. Apparently the new product is sufficiently different that Citrix decided it warranted a major release number – so a few days ago, Citrix announced the release of XenApp v6. Here are some of the high points of the new release:

  • The biggie, of course, is compatibility with Windows Server 2008 R2. This means, among other things, that it will be a 64-bit-only release (since R2 is strictly 64-bit). And that has obvious implications for things like print driver and application compatibility.
  • New setup wizards reportedly cut installation time in half.
  • New “AppCenter” application management console. Includes the ability to manage and deliver streamed apps using both Microsoft App-V and Citrix application streaming from a single point.
  • Better integration with Microsoft management tools, including PowerShell.
  • “HDX” (High Definition User Experience) support for:
    • Real-time audio and video collaboration using Microsoft Office Communicator and VoIP soft phones
    • CD-quality audio with 90% less bandwidth
    • Plug-n-play support for USB devices like Point-of-Sale interfaces, webcams, microphones, scanners, digital cameras, etc.
  • Support for the new “Dazzle” self-service application storefront
  • New Citrix Receiver for Android mobile devices (and a promise that BlackBerry support is coming soon)

Along with the release of XenApp 6, Citrix is also releasing XenApp 5 Feature Pack 3, which will port as many of these features as possible back to Windows Server 2003 and Windows Server 2008 (non-R2) users.

Customers with current Subscription Advantage as of March 17 will be able to download XenApp 6 starting March 24. And, since XenDesktop 4 Enterprise and Platinum editions include full access to XenApp functionality, this applies to XenDesktop 4 customers as well as XenApp customers.

For more on the announcement, check out the following video from Citrix TV:


And for even more product information, see the XenApp 6 product page on the Citrix Web site.

, , , ,

Licensing Office in a Remote Desktop Environment

January 20th, 2010 | Posted by Sid Herron in Citrix | Licensing | Microsoft | XenApp - (5 Comments)

Judging from the questions we continue to be asked, lots of people are confused about how to license the Microsoft Office Suite if you are accessing it via Microsoft’s Remote Desktop Services (a.k.a. Terminal Services) and/or Citrix XenApp. Hopefully, this will clear up the confusion.

First of all, it is important to keep in mind that desktop applications such as the Office Suite are licensed per device, not per user. The following comes directly from the Microsoft “Product Use Rights” document dated January, 2010: “You must acquire a license for each device on or from which you access or use the software (locally or remotely over a network)…You may access copies of the software installed on a network device only from a device that has a license for the software.”

In other words, if you can walk up to a device and use it to interact with an Office application, you must have an Office license for that device. It doesn’t matter whether that device is a PC or laptop that has the Office bits installed on its local hard drive, or whether it is a thin client device that allows you to connect to a XenApp server, you need to have “assigned” a license to that device.

That begs the question of what “assigned” means, and the answer – particularly for devices like thin clients, where you couldn’t install the application locally if you wanted to – is that you are on the honor system. You decide, in the privacy of your own conscience, which licenses you are assigning to which devices – with the caveat that, if you’re ever audited, you’d better be able to produce a license for every device people are using to run Office apps. You can reassign a license from one device to another, but not more often than every 90 days.

But that’s not all. Quoting again from the Product Use Rights document: “The device you use to remotely access software must be licensed for the same or higher edition, but not a lesser edition.” That means that if you have Office Professional Plus installed on your XenApp server, you are not entitled to access it from a device that only has an Office Standard license assigned to it (because it’s a “lesser” edition); but you are entitled to access it from a device that has an Office Enterprise license assigned to it (because it’s a “higher” edition). Likewise, if you have Office 2007 installed on your XenApp server, you are not entitled to access it from a device that is only licensed for Office 2003 (or any other earlier edition).

You do not, never have had, and probably never will have the right to access Office on a XenApp server from a device that has an OEM Office license installed on it. If your PC or laptop came from the manufacturer with Office pre-installed on it, then you have an OEM license, and you do not have “network storage and use” rights. There is an excellent blog post over on the Microsoft SMB Community Blog that explains this in detail. Yes, it’s an old post (from July, 2005). No, the policy hasn’t changed.

Basically, it comes down to this: Why do people tend to purchase Office bundled with their new PC? Because it’s less expensive. Why is it less expensive? Because the license you’re buying contains fewer usage rights than more expensive licenses. You do not have the right to transfer that license to a different PC – it dies when the PC you bought it with dies. You typically do not have the right to downgrade it to an earlier version. And you don’t have the right to access the application over a network.

However, there is a way for you to obtain those rights if you buy an OEM license. Microsoft allows you to purchase Software Assurance for your OEM license within a 90-day window of acquiring the license. (It’s one of only two cases where you can purchase Software Assurance as a stand-alone purchase – the other case is when you’re renewing it.) Software Assurance will do a number of things for you:

  • It removes pretty much all of the OEM license limitations, e.g., you now have the right to transfer the license to a different PC, the license will survive the demise of the hardware, and you gain network use rights.
  • You get upgrade protection for the term of the Software Assurance coverage (two years if purchased on an Open Business agreement, three years if purchased on an Open Value agreement).
  • You gain “Home Use Rights.” For each Office license covered by Software Assurance, you have the right to designate one employee who can install Office on his/her home PC. (Which, by the way, would then give them the right to access Office on your XenApp server when they’re working from home.) These Home Use Rights evaporate if you allow your Software Assurance coverage to lapse. Also, the employee loses his/her right to run the software if they leave your employ.
  • You probably qualify for some e-learning benefits as well.

Bottom line: Volume Licensing is your friend. If you’re planning to deploy Office via Remote Desktop Services (with or without XenApp), the right thing to do is buy your Office licenses through a Microsoft Volume License agreement. In fact, last time I checked, you couldn’t even install Office on a Remote Desktop Server unless you were installing from Volume License media. If, for convenience, you want to buy OEM licenses with your new hardware, you should also budget for adding Software Assurance to those licenses, or you’re probably not going to be happy with the limited license rights.

One final item: The license terms for Volume License editions of Office include something called “Portable Use” rights. Quoting again from Microsoft: “You may install a copy on a portable device for use by the single primary user of the licensed device.” In other words, if you have purchased an Office license for Joe’s or Mary’s desktop PC, and Joe (or Mary) also has a laptop, you are entitled to install Office on that laptop (the “portable device”) without having to purchase an additional license. By extension, since that laptop is now legally licensed, it could then be used to remotely access the Office apps via XenApp from wherever Joe or Mary may happen to be.

Disclaimer: I do not work for Microsoft, nor do I define their license terms, which are subject to change, particularly when new product versions are released. I have, however, worked with them for a very long time, and had lots of discussions about what is, or is not, legal under the terms of various license models. The foregoing is my own interpretation of information that is publicly available on the Microsoft Web site – and I have helpfully provided you with links to that information. I highly recommend that, if you have any questions, you download the Product Use Rights document and read it for yourself.

, , , ,

Latest Blog Feeds
Go to our Blog Page
Testimonials
“Our business is all about process and margins; we rely on Moose Logic to install and manage network solutions that enable us to control both. Moose Logic created solutions that transformed our business relationships and processes.”
Ron Horowitz
Birchwood Park Homes
Read our Newsletter
Copyright © 2010 All rights reserved.
Wordpress Delicate template designed by NattyWP