How to monitor your Internet facing service globally – #Azure, #ApplicationInsights, #Citrix, #NetScaler, #EnvokeIT
Hi again all!
It’s been quite a long time since I wrote a blog post.. I’ve just been too busy working! :-)
But this is a really cool capability that I think that many of you will like, how often do your company or service provider have a good way of monitoring availability, performance etc. from the public Internet? And if they do then most of the time the larger service providers will build a service and install their own probes on different geographical locations and then they charge quite a lot for this service, and every time you change your application the charge you again for modifying the scripts that the probes use etc.
What I’ve tried and now think is going to be great for both smaller and larger organisations is the Azure Application Insights service. It’s really great and can assist with just this, it’s a service that microsoft provide from their locations globally where you can test your apps in Azure or course but also any web site out there on the Internet. And it doesn’t stop there, you can also use the server installer to also provide metrics from your Windows IIS server up to Azure to get more detailed statistics about the web server itself and requests etc.
Just think about how much it would take for you to setup monitoring from APAC, Americas and Europe for your NetScaler environment.. that would not be done in 10 minutes if you talk to your standard service provider. It took me 10 minutes to setup this reporting to ensure that the NetScaler is available from different locations around the world:
And this is just a simple url ping test to ensure that we get a proper 200 OK response from our EnvokeIT Lab environment that my colleague Björn have setup and modified so nicely with the X1 StoreFront look & feel.
Of course you can make a more proper test than just a url ping test like in this case, the service supports multi-step tests and also content matching etc. It’s also very easy to create one application/service that then consists of multiple locations that you want to monitor, for instance if you’re using GSLB FQDNs as well as regional to ensure that you get the full picture.
Highly critical “Ghost” allowing code execution affects most Linux systems – #Vulnerability, #Security, #Linux
And here it continues, another critical vulnerability that affects most Linux systems. Ensure that your system is updated and rebooted!!
More information about Citrix affected systems can be found here:
Citrix Security Advisory for glibc GHOST Vulnerability (CVE-2015-0235)
Here is a great article on the vulnerability itself from arstechnica.com:
An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed “Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.
The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that’s invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module.
“A lot of collateral damage on the Internet”
The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago. The specter of so many systems being susceptible to an exploit with such severe consequences is prompting concern among many security professionals. Read more…
Citrix have released a couple of good blog posts on the new version of XenMobile 10:
Ten Benefits XenMobile 10 Offers To Channel Partners
XenMobile 10 marks the simplification milestone in our Enterprise Mobility Management journey. Today, at Summit Las Vegas we are happy to announce the release of XenMobile 10. XenMobile brings great benefits for both end users and IT administrators.
And here are ten benefits I can think of, from the top of my head that XenMobile 10 brings to our Citrix channel partners:
- Better for Business:
With the 20+ enterprise workflow efficiencies and design improvements that enable business users’ productivity on smartphones and tablets, XenMobile is focused on empowering mobile users. With Citrix’s dedicated focus on user experience, the Worx apps and the Worx Gallery apps are designed to enable enterprise user workflows.
- Enterprise-grade Product: XenMobile architecture is built for complex and sophisticated network topologies that exist in a typical large enterprise with its offices and users across the world.
- Consolidated Architecture: XenMobile 10 integrates the mobile device and application management consoles along with some NetScaler Gateway controls, into one product. This consolidated architecture in this release makes it easy to use and deploy thereby ensuring our channel partners remain successful in their service engagements.
- Intuitive Dashboard:XenMobile 10 brings a fresh look with the redesign of the administrative dashboard. Channel partners can now manage and deploy XenMobile with a complete understanding of the deployments.
- Faster Deployment: With the consolidated architecture for mobile device and application management along with the additional controls for NetScaler Gateway, the deployment time with XenMobile 10 is reduced by 75%!
- Mobile User Workflows: True Mobility is about enabling the user not with a bunch of applications, but with the applications that let the user get their job done without exhaustingly navigating through multiple apps. XenMobile has always focused on enabling user workflows; XenMobile 10 now delivers additional enhancements to allow the end users remain productive without having to be tethered a specific device or a location.
- Automation: We recently announced the automation of APNS Certificate Signing process with which partners can now renew the APNS certificates for their customers. The concept of automation is now extended to ISV partners’ self-verification of their wrapped applications and a self-service portal for end users that allows them to location, track and wipe their lost/stolen device themselves.
- Faster Migration: With the migration tools that will be released for XenMobile 10, channel partners can easily migrate the existing XenMobile customers.
- Security and best-in-class User Experience: Traditionally, security and user experience of products never coexisted. However, XenMobile is proud to bear an exception for this norm by delivering an end user experience that is Better For Business without compromising security. XenMobile offers end-to-end FIPS compliant solution for mobility.
- Specialization Benefits:…
This is a really good blog post by Christopher Fife, it touches on a couple of scenarios and explains the solution to how best you would accommodate the solution to them. Good work Christopher! :-)
The Citrix Connector 7.5 for System Center 2012 Configuration Manager, also known simply as the Citrix Connector, integrates XenApp and XenDesktop 7 with Configuration Manager 2012 (CM). The Connector streamlines use of Configuration Manager deployment technology to automate Citrix server and desktop image management. The Connector leverages the new Application/Deployment Type (App/DT) feature of Configuration Manager 2012 to orchestrate deployment to the right images at the right time. Administrators can optionally use the App/DT model to deliver the actual application publications.
Many of our customers are still early in migrating to the App/DT model. They are still leveraging their extensive library of Packages and Programs developed with great care over many years. These Citrix customers want to know how to use all the goodness of the Connector with these Packages and Programs. So, if you are interested in using the Citrix Connector to deploy Packages and Programs to your Citrix servers and desktop, this post is for you.
In many cases deploying Packages and Programs with the Citrix Connector is a straight forward process familiar to any CM administrator. However there are two scenarios in which specific actions are required to avoid unintended consequences when deploying Packages and Programs with the Citrix Connector.
Scenario 1 – Deploying to Image Managed (MCS or PVS) Citrix hosts
The first scenario that requires special consideration is deploying Packages and Programs to VMs created with Citrix XenDesktop Machine Creation Services (MCS) or Citrix Provisioning Services (PVS). As an administrator, you want to deploy software on the master image of a Machine Catalog and rely on XenDesktop/XenApp to clone worker VMs. Deploying directly to VM clones wastes compute, storage, and network resources because each clone will discard the changes on reboot.
Thus, the Citrix Connector is optimized to only install applications on the master image of a Machine Catalog while entirely skipping application installation on the clones of the master image. The key enabler that allows us to selectively install applications is a CM client policy that puts a 3rd party agent like the Citrix Connector in charge of when to install application or updates.
Here’s the problem. CM client policy does not stop the installation of Packages and Programs or Task Sequences; it only applies to the App/DT model and Windows Updates. This means that the Citrix Connector cannot prevent the installation of Packages and Programs on MCS or PVS clones, leading to unnecessary resource utilization.
Create a device collection that contains just the update device and deploy Packages and Programs to this device collection instead of the device collection created by the Citrix Connector.
Scenario 2 – App Publishing from the CM Console
The second scenario comes into play when using the CM Console to publish the Package/Program as a XenApp-hosted application. The Citrix Connector uses CM application detection logic to ensure that the application is installed before publishing it to Citrix Receiver. This is to prevent an icon from appearing in Receiver before all the servers in a Delivery Group have the application installed.
Unfortunately Package/Program deployments do not have reliable, ongoing application detection logic. Consequently, this orchestration feature of the Citrix Connector cannot be supported when using the Citrix Application Publishing Wizard to publish apps from the Configuration Manager Console.
Use Citrix Studio to publish the application instead of the Citrix Application Publishing Wizard in the CM Console.
If you are using CM Application Catalog and want the Citrix hosted version of the installed program to appear there, you will need to create a new application with a Script deployment type and a Citrix deployment type. The Script DT supplies the application detection logic by looking for the application’s executable, while the Citrix DT creates the application publication in XenDesktop.
The remainder of this post is divided into two sections and will give specific examples of how to implement the solutions discussed above. The first focuses on image management and precisely targeting the program deployment at the update device for a Citrix device collection. The second section focuses on publishing the program installed by CM as a Citrix hosted app.
Solution for Image Management and Resource Utilization
As previously mentioned, the Citrix Connector cannot prevent the installation of Packages and Programs on pooled Citrix session hosts created with Machine Creation Service (MCS) or Provisioning Service (PVS). To prevent this potential inefficiency, a new device collection must be created that only contains the update device. There are 4 steps to accomplish this:
- create the new device collection,
- deploy the program to the new device collection,
- monitor for deployment success on the update device, and
- update the pooled Citrix session hosts with the updated image.
These steps are detailed below.
For background information about master image management with the Citrix Connector and the role of the update device, watch the Master Image Management video http://www.citrix.com/tv/#videos/11534 on CitrixTV.
Before you start, use the machine catalog properties to make sure there is a designated update device, the Update Method property value is “update device”, and the Update Device property value contain a machine name. This is a very important step. If an update device is not defined for a Citrix image managed device collection, the steps outlined below will result in a new device collection with zero members.
Step 1: Use the Configuration Manager Console to create a device collection
- In the Assets and Compliance section of the Configuration Manager Console, click the “Create device collection” action on toolbar ribbon.
- On the General Page of the Create Device Collection Wizard,
Have a look at the new version of the Microsoft Azure Cost Estimator Tool, here is a good summary by Courtenay Bernier. It currently only supports US pricing but would give you a good estimate at least and hopefully it’s updated with all other country pricing as well soon!
Back in August of 2014 Microsoft released version 1.0 of the Azure (IaaS) Cost Estimator Tool (view my previous post here). Today I’m happy to announce the release of version 1.2!
The following new features have been updated/added:
- Support for all regions (apart from US) along with associated currencies.
- Support for D-Series virtual machines.
- Export data with new regions and currency symbols.
- Updated instance prices for all regions and currencies.
- Total monthly costs are now calculated over 31 days that’s 744 hours and is aligned with the costs displayed in the Azure portal. (In version 1.0 costs were calculated over 30 days).
Estimated runtime of 31 days
D-Series VMs Added Read more…
Another great blog series from Thomas W Shinder – MSFT and contributors!
The Cloud Platform Integration Framework (CPIF) provides workload integration guidance for onboarding applications into a Microsoft Cloud Solution. CPIF describes how organizations, Microsoft Partners and Solution Integrators should design and deploy Cloud-targeted workloads utilizing the hybrid cloud platform and management capabilities of Azure, System Center and Windows Server
Table of Contents
Joel Yoker – Microsoft
David Ziembicki – Microsoft
Tom Shinder – Microsoft
Cloud Platform Integration Framework Overview and Patterns:
The Cloud Platform Integration Framework (CPIF) provides workload integration guidance for onboarding applications into a Microsoft Cloud Solution. CPIF describes how organizations, Microsoft Partners and Solution Integrators should design and deploy Cloud-targeted workloads utilizing the hybrid cloud platform and management capabilities of Azure, System Center and Windows Server. The CPIF domains have been decomposed into the following functions:
Figure 1: Cloud Platform Integration Framework
By integrating these functions directly into workloads….
Continue reading here!
This series of blog posts by Thomas W Shinder – MSFT and contributors is really great and do cover the best practises and principles behind building Microsoft based private or hybrid IaaS services. Have a look at their great work!
The goal of the Infrastructure-as-a-Service (IaaS) Foundations series is to help enterprise IT departments and cloud service providers understand, develop, and implement IaaS infrastructures. This series provides comprehensive conceptual background that combines Microsoft software, consolidated guidance, and validated configurations with partner technologies such as compute, network, and storage architectures, in addition to value-added software features.
The IaaS Foundations Series utilizes the core capabilities of the Windows Server 2012 R2 operating system, Hyper-V, System Center 2012 R2, Windows Azure Pack and Microsoft Azure to deliver on-premises and hybrid cloud Infrastructure as a Service.
Table of Contents
Chapter 1: Microsoft Infrastructure as a Service Foundations (this article)
Microsoft Infrastructure as a Service Foundations is written and presented in a way that enables architects, designers, implementers and operators to view the content that is most relevant to them. Some readers will choose the read the entire “book”, while others will focus on areas that are most interesting and relevant to them.
At this time, the Microsoft IaaS Foundations “book” is available in web format only. In the coming days, individual files (one for each chapter) and a single file that represents a compilation of all the chapters, will be made available for download. A link to these files will be included in this article, and in each of the articles included in this “book”.
The world of cloud computing moves quickly and the underlying technologies supporting the infrastructure that powers the cloud change and improve just as fast. For this reason, each of the chapters includes a published date and the versions of the software that are discussed in the text. For non-versioned software and services (such as Microsoft Azure), a note of “feature set and capabilities as of…” date is included.
Your feedback is crucial
A lot of time, energy and expense goes…
Continue reading here!