Archive
Converged Microsoft Account and Azure Active Directory Programming Model – #Microsoft, #Azure
Wow, finally Microsoft is doing something about the Microsoft Account and Azure AD identity “mess”! 🙂
Until now, building an application that worked with both personal and business accounts from Microsoft required integrating with two different technology stacks. Not only that, you had to have separate buttons in your app where your user needed to choose, up front, to sign-in with a personal account or a work or school account.
With the v2 app model preview, it is possible to sign-in both personal and work users with a single button. Let’s take a quick look at the end user’s experience. We begin with your application, with the addition of a “Sign-in with Microsoft” button.
We’re using the Microsoft brand because end users don’t know about Azure or Azure Active Directory. But they do know that Windows, Outlook, OneDrive, Xbox, and Office 365 are services from Microsoft and they need an account from Microsoft to sign-in there.
When the user clicks the button, they come to a consolidated sign-in page:
The user enters their username. Under the covers we figure out if the username corresponds to a personal account or a work account. Then we take the user to the right page to enter their password. Today this may involve a redirect – in the future we’ll optimize this out.
Read more here!
//Richard
#Citrix #XenDesktop 7 on #vSphere Validated Design Guide is available now!
Really good design guide by Citrix and blog post by Carisa Powell:
We are pleased to announce the availability of the Citrix Solutions Lab 5000-user XenDesktop 7 on vSphere Validated Design Guide.
Yes, you read that right, XenDesktop on vSphere. XenDesktop is also known to many vSphere customers as the best VDI solution for vSphere, and this design guide showcases the latest release of XenDesktop features and functionality all being hosted on a vSphere hypervisor. XenDesktop is the best of both virtual apps and desktops from a single platform, so XenDesktop is VDI, XenDesktop is app virtualization, XenDesktop is server-hosted apps and desktops, XenDesktop is secure remote access, XenDesktop is mobility…and with XenDesktop 7 you get all of this functionality from a single platform.
This design guide combines everything that is XenDesktop 7 and delivers it from vSphere to showcase how you can provide an app, desktop, remote access, and more solution for any type of user:
- VDI – XenDesktop offers a variety of VDI use cases, whether the user needs a standardized, corporate desktop that remains consistent and routine, or the user needs a personalized virtual desktop that he or she can customize to meet their business needs. This design guide validates XenDesktop Provisioning Services central image management technology for Pooled VDI on vSphere and XenDesktop Personal vDisk technology for delivering Personal VDI on vSphere.
- Server-hosted Apps and Desktops – XenDesktop also offers server-hosted apps and desktops by leveraging Microsoft Remote Desktop Shared Hosted (RDSH) technology to enable multiple users to connect and share resources from a single server. This design guide showcases XenDesktop server-hosted resources from Windows Servers on vSphere.
- Remote Access – XenDesktop leverages Citrix NetScaler appliances to provide secure, remote access from any location. NetScaler can be a virtual or physical appliance, and this design guide highlights the implementation and configurations of NetScaler Gateway virtual appliances on vSphere.
So why showcase all the features and functionality of XenDesktop 7 on vSphere? Staying true to the Citrix vision, XenDesktop continues to remain the only hypervisor agnostic app and desktop virtualization solution – including VDI, virtual apps and more. This means XenDesktop 7 seamlessly integrates with any hypervisor including Microsoft Hyper-V, Citrix…
Continue reading here!
//Richard
#Microsoft – On the right track! – #Windows, #BYOD, #Citrix
I don’t know if you all agree but I find that Microsoft is making some really good strategic decisions to align themselves and be ready for the “next generation” workplace and client services. Everyone has been talking about BYOx and that everyone will bring their own device and consume business services and functions on that device in parallel to doing personal stuff.
But has BYOD taken off yet?
I personally think that it hasn’t to the extent that many thought it would, there are some companies in some countries that have adopted it for some use cases and user categories, but the majority is still struggling with it though their business apps and functions aren’t really there to support this way of working yet.
Even if they have a NetScaler or similar remote access capabilities with some sort of Desktop and App virtualization (like Citrix XenDesktop) to run the apps it’s still not enough. How do you solve the offline working scenario? And isn’t hosted apps and desktops just a legacy workaround until those business processes have been SaaS’ified? And what about “dropbox” alternatives, H: drives and G: drives, Sharepoint data etc. There is still a user data mess (read my earlier post on this) that needs to be solved and especially a “mega aggregator” tool for getting data/content and synch across devices in a secure manner (data also encrypted at rest on ALL devices and not just mobiles)…
Microsoft is kind of stepping up here I must say from a strategy point of view that makes me believe in them, even though I’ve said that no one ever will take my MacBook Air from me! Have a look at the features that are coming with Windows 8.1 to support a more “semi-controlled” or “semi-trusted” device, and the new cloud services like Azure AD, Windows Intunes offerings in combination with the online messaging and collaboration Office 365 services. And they are apparently also working on a “legacy” cloud service to offer desktops as a service (DaaS) as I wrote in a previous blog post as well.
I think that Microsoft is moving in the right direction towards offering the next generation enterprise IT services and to support the new way of working, and fast!
Have a look at these posts/articles on the news in Windows 8.1:
Everything you need, right from (the) Start
Microsoft is focused on delivering one experience across all the devices in your life. The centerpiece of that strategy and experience are the Microsoft services and apps that come right from (the) Start on your new Windows device.
This is the first blog post in a series that will highlight the apps and services driving toward this “one experience” vision. This experience comes to life through more than 20 new and improved Microsoft apps and services that come as part of Windows 8.1, including a new one that we are announcing today – Skype, right from (the) Start!
It’s where you want to go today….
#Citrix Knowledge Center Top 10 – March 2013
Citrix Support is focused on ensuring Customer and Partner satisfaction with our products.
One of our initiatives is to increase the ability of our Partners and Customers to leverage self-service avenues via our Knowledge Center.
Find below the Citrix Knowledge Center Top 10 for March 2013.
Top 10 Technical Articles
| Article Number | Article Title |
|---|---|
| CTX129229 | Recommended Hotfixes for XenApp 6.0 and Later on Windows Server 2008 R2 |
| CTX129082 | Application Launch Fails with Web Interface using Internet Explorer 9 |
| CTX804493 | Users Prompted to Download ICA File, Launch.ica, Instead of Launching the Connection |
| CTX132875 | Citrix Receiver Error 2320 |
| CTX105793 | Error: Cannot connect to the Citrix server. Protocol Driver Error |
| CTX127030 | Citrix Guidelines for Antivirus Software Configuration |
| CTX115637 | Citrix Multi-Monitor Configuration Settings and Reference |
| CTX133997 | Citrix Receiver 3.x – Issues Fixed in This Release |
| CTX325140 | Manually and Safely Removing Files after Uninstalling the Receiver for Windows |
| CTX101644 | Seamless Configuration Settings |
Top 10 Whitepapers
| Article Number | Article Title |
|---|---|
| CTX131577 | XenApp 6.x (Windows 2008 R2) – Optimization Guide |
| CTX132799 | XenDesktop and XenApp Best Practices |
| CTX101997 | Citrix Secure Gateway Secure Ticket Authority Frequently Asked Questions |
| CTX136546 | Citrix Virtual Desktop Handbook 5.x |
| CTX136547 | StoreFront Planning Guide |
| CTX133185 | Citrix CloudGateway Express 2.0 – Implementation Guide |
| CTX129761 | XenApp Planning Guide – Virtualization Best Practices |
| CTX134081 | Planning Guide – Citrix XenApp and XenDesktop Policies |
| CTX130888 | Technical Guide for Upgrading/Migrating to XenApp 6.5 |
| CTX122978 | XenServer: Understanding Snapshots |
Top 10 Hotfixes
| Article Number | Article Title |
|---|---|
| CTX136714 | Hotfix XS61E016 – For XenServer 6.1.0 |
| CTX132122 | Hotfix Rollup Pack 1 for Citrix XenApp 6.5 for Microsoft Windows Server 2008 R2 |
| CTX126653 | Citrix Online Plug-in 12.1.44 for Windows with Internet Explorer 9 Support |
| CTX136483 | Hotfix XS61E014 – For XenServer 6.1.0 |
| CTX133882 | Hotfix Rollup Pack 2 for Citrix XenApp 6 for Microsoft Windows Server 2008 R2 |
| CTX133066 | 12.3 Online Plug-In – Issues Fixed in This Release |
| CTX136253 | Hotfix XS61E010 – For XenServer 6.1.0 |
| CTX136482 | Hotfix XS61E013 – For XenServer 6.1.0 |
| CTX136085 | Hotfix XA650R01W2K8R2X64061 – For Citrix XenApp 6.5 |
| CTX136674 | Hotfix XS61E012 – For XenServer 6.1.0 |
Top 10 Presentations
| Article Number | Article Title |
|---|---|
| CTX135521 | TechEdge Barcelona 2012 PowerPoint and Video Presentations – Reference List |
| CTX129669 | TechEdge 2011 – Overview of XenServer Distributed Virtual Switch/Controller |
| CTX121090 | Planning and implementing a Provisioning Server high availability (HA) solution |
| CTX133375 | TechEdge 2012 PowerPoint and Video Presentations – Reference List |
| CTX135356 | TechEdge Barcelona 2012 – Understanding and Troubleshooting ICA Session Initialisation |
| CTX135358 | TechEdge Barcelona 2012 – XenDesktop Advanced Troubleshooting |
| CTX133374 | TechEdge 2012 – Monitoring your NetScaler Traffic with AppFlow |
| CTX135361 | Troubleshooting Tools: How to Isolate and Resolve Issues in your XA and XD Env Rapidly |
| CTX135360 | TechEdge Barcelona 2012 – Planning, Implementing and Troubleshooting PVS 6.x |
| CTX135357 | TechEdge Barcelona 2012 – Implementing and Troubleshooting SF and Rec for Windows |
Top 10 Tools
| Article Number | Article Title |
|---|---|
| CTX122536 | Citrix Quick Launch |
| CTX135075 | Citrix Diagnostics Toolkit – 64bit Edition |
| CTX130147 | Citrix Scout |
| CTX111961 | CDFControl |
| CTX106226 | Repair Clipboard Chain 2.0.1 |
| CTX109374 | StressPrinters 1.3.2 for 32-bit and 64-bit Platforms |
| CTX124406 | StressPrinters 1.3.2 for 32-bit and 64-bit Platforms |
| CTX113472 | Citrix ICA File Creator |
| CTX123278 | XDPing Tool |
Continue reading here!
//Richard
How to check which #NetScaler policy that your #Citrix #Receiver or web browser hits?
Ok, this is a common issue that you’ll end up in when setting up Access Gateway access scenarios:
How do you know which policy that is hit when your different Receivers are logging in?
Well, there are a couple of nice commands that can help you troubleshooting your access scenario! I guess that most of you have a simple scenario where you have one domain to authenticate against and some simple PNA, CVPN and potentially SSL VPN policies and profiles to deal with, and they are all linked to the virtual server like something like this simple example:
But in more complex scenarios you may end up controlling which browser the user is accessing with (for giving nice error messages instead of Citrix default messages when users may use an unsupported browser etc.), or when you have multiple AD domains and AD groups to link different policies to etc. Then it may be complex and you have multiple policies and profiles for the same config with minor changes like the SSO domain name etc. So how do you then troubleshoot that easily?
First we have the must know command that hooks into the auth process of the NetScaler and gives you a view of the authentication process:
cat /tmp/aaad.debug
When you run that and you authenticate you’ll see the result of your auth process agains for instance LDAP and RADIUS sources like the result here when I logged in to our little environment:
At the top of the output you see all the AD groups that I’m a member of that needs to match the group that you like to use on the NetScaler side, and last you see that accept from AD for my authentication request.
Then you know that you’re authentication ok, but which of the session polices are we hitting? Then you need to have a look at this great command:
nsconmsg -d current -g pol_hits
This is the output when I access using my Receiver on OS X:
Designing a virtual desktop environment? – #XenDesktop, #Citrix
This is a good blog post by Niraj Patel.
Questions: How do you successfully design a virtual desktop solution for 1,000 users? How about 10,000 users? What about 50,000 users? What are the questions you should be asking? Most importantly, where do you start?
Answer: Hire Citrix Consulting for your next virtual desktop project! OK, that is one right answer, but not the only way to do it. The successful way to design a virtual desktop environment is to follow a modular approach using the 5 layers defined within the Citrix Virtual Desktop Handbook. Breaking apart a virtual desktop project into different layers provides a modular approach that reduces risks and increase chances for your project’s success no matter how larger you’re planned deployment is. What are the 5 layers and some examples of the decisions are defined within them?
- User Layer: Recommended end-points and the required user functionality.
- Access Layer: How the user will connect to their desktop hosted in the desktop layer. Decisions for local vs. remote access, firewalls and SSL-VPN communications are addressed within this layer.
- Desktop Layer: The desktop layer contains the user’s virtual desktop and is subdivided into three components; image, applications, and personalization. Decisions related to FlexCast model, application requirements, policy, and profile design are addressed in this layer.
- Control Layer: Within the control layer decisions surrounding the management and maintenance of the overall solution are addressed. The control layer is comprised of access controllers, desktop controllers and infrastructure controllers. Access controllers support the access layer, desktop controllers support the desktop layer, and infrastructure controllers provide the underlying support for each component within the architecture.
- Hardware Layer: The hardware layer contains the physical devices required to support the entire solution, and includes servers, processors, memory and storage devices.
Want to know how to get started? Try the Citrix Project Accelerator. Input criteria around your business requirements, technical expertise, end user requirements, applications, etc. to get started on your architecture based on the 5 layer model.
Lastly, don’t forget to come see SYN318…
Continue reading here!
//Richard
Demystifying Citrix Excalibur Architecture – via @kbaggerman
A great blog post by Kees Baggerman! 🙂
For all XenApp admins and consultants out there Project Avalon will bring a big change as we are used to having XenApp servers running on the (what seemed to be) everlasting Citrix Independent Management Architecture and we’re heading to Citrix FlexCast Management Architecture (already included in XenDesktop at this moment) and will be included in the Citrix Excalibur Architecture.
IMA
When looking up IMA in the eDocs you’ll find:
Independent Management Architecture (IMA) is the underlying architecture used in XenApp for configuring, monitoring, and operating all XenApp functions. The IMA data store stores all XenApp configurations.
Basically IMA exists to manage the XenApp or Presentation Server farms by enabling the communications between servers. As stated it transfers information about all XenApp functions like licenses, policies, sessions and server loads. All management tooling within these versions of Citrix’s PS/XA rely on this service for information.
According to Communication ports used by Citrix Technologies IMA uses the following ports:
| Ports | Source | Prot. | Comment |
| 2512 | Common Citrix Communication Ports | TCP | Independent Management Architecture (IMA) |
| 2513 | Access Gateway 5.0 Controller administration | TCP | IMA-based Communication |
As we can see IMA uses 2512 (by default) to communicate with other servers and the Access Gateway Controller uses 2513 (by default) for IMA-based communication. The port IMA uses can be changed or queried via the commandline tool IMAPORT.
Brian Madden did a blogpost way back in 2007 but it’s definition of IMA is still current:
Independent Management Architecture is:
- A data store, which is a database for storing MetaFrame XP server configuration information, such as published applications, total licenses, load balancing configuration, MetaFrame XP security rights, and printer configuration.
- A protocol for transferring the ever-changing background information between MetaFrame XP servers, including server load, current users and connections, and licenses in use
FMA
With the introduction of XenDesktop we got a new architecture called Flexcast Management Architecture. This new architecture has got an agent-based setup where we can install the operating system including the basic applications that need to be installed and after that we can install an agent. This agent registers itself to a controller and is offered through StoreFront to the end user.
This will be delivered by two different types of agents, one to support Windows Server OS’s and one for Windows Desktop OS’s.
Andrew Wood did an article on Excalibur and used this diagram to explain the architecture:
Citrix FlexCast Management Architecture
- Receiver provides users with self-service access to published resources.
- StoreFront authenticates users to site(s) hosting resources and manages stores of desktops and applications that users access – Web Interface as a platform is essentially resting, but it will cease to be.
- Studio is a single management console that enables you to configure and manage your deployment, a dramatic reduction over the 23 consoles you could well have today. Studio provides various wizards to guide you through the process of setting up an environment, creating workloads to host applications and desktops, and assigning applications and desktops to users.
- Delivery Controller distributes applications and desktops, manages user access, and optimizes…
Continue reading here!
//Richard
Windows Azure Active Directory (AD) has reached General Availability!
This is cool! And I think that it’s a great step in the right direction for many companies! 🙂
Windows Azure Active Directory
Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. Now you have one identity service across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and other 3rd party cloud services. Windows Azure Active Directory provides a cloud-based identity provider that easily integrates with your on-premises AD deployments and full support of third party identity providers.
Use Windows Azure AD to:
Integrate with your on-premises active directory
Quickly extend your existing on-premises Active Directory to apply policy and control and authenticate users with their existing corporate credentials to Windows Azure and other cloud services.
Offer access control for you applications
Easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory
Build social connections across the enterprise
Windows Azure AD Graph is an innovative social enterprise graph providing an easy RESTful interface for accessing objects such as Users, Groups, and Roles with an explorer view for easily discovering information and relationships.
Provide single sign-on across your cloud applications
Provide your users with a seamless, single sign-on experience across Microsoft Online Services, third party cloud services and applications built on Windows Azure with popular web identity providers like Microsoft Account, Google, Yahoo!, and Facebook.
Read more about the service here!
Pricing
Access Control
Access Control is available at no charge. Historically, we have charged for Access Control based on the number of transactions. We are now making it a free benefit of using Windows Azure.
Directory
The base directory, Tenant, User & Group Management, Single Sign On, Graph API, Cloud application provisioning, Directory Synchronization and Directory Federation, is available at no charge. Certain additional capabilities such as Azure AD Rights Management will be available as a separately priced option.
Read more about pricing here!
//Richard
Configuring Email-Based Account Discovery for #Citrix #Receiver
Check out this great blog post from Avinash Golusula:
Configuring Email-Based Account Discovery
1 Add DNS Service Location (SRV) record to enable email based discovery
During initial configuration, Citrix Receiver can contact Active Directory Domain Name System (DNS) servers to obtain details of the stores available for users. This means that users do not need to know the access details for their stores when they install and configure Citrix Receiver. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.
To enable Citrix Receiver to locate available stores on the basis of users’ email addresses, configure Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named “discoverReceiver” to identify a StoreFront/AppController server.
You must install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your users’ email accounts.
To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone.
- Log in to your DNS server
- In DNS > Right-click your Forward Lookup Zone
- Click on Other New Records
- Scroll down to Service Location (SRV)
- Configuring Email-Based Account Discovery
- Choose Create Record
Vulnerability in #Citrix Access Gateway Standard Edition 5.0 – #AG
Vulnerability in Citrix Access Gateway Standard Edition 5.0 Could Result in Unauthorized Access to Network Resources
Document ID: CTX136623 / Created On: Mar 5, 2013 / Updated On: Mar 5, 2013
(1 ratings)
Description of Problem
A vulnerability has been identified in Citrix Access Gateway Standard Edition that could allow an unauthenticated user to gain access to network resources.
This vulnerability has been assigned the following CVE number:
• CVE-2013-2263
This vulnerability affects all 5.0.x versions of the Citrix Access Gateway Standard Edition appliance firmware earlier than 5.0.4.223524.
Citrix Access Gateway Standard Edition versions 4.5.x and 4.6.x are not affected by this vulnerability.
What Customers Should Do
A patch for version 5.0.4 of the Citrix Access Gateway Standard Edition firmware has been released to address this vulnerability. Citrix strongly recommends that all customers using affected versions of Citrix Access Gateway Standard Edition apply this patch to their appliances as soon as possible.
This patch can be found at the following location under the Appliance Firmware section (you will need to login with your MyCitrix ID):
http://www.citrix.com/downloads/netscaler-access-gateway/product-software/access-gateway-504.html
Acknowledgements
Citrix thanks Ben Williams, David Middlehurst and James Eaton-Lee of NCCGroup (http://www.nccgroup.com) for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners…
Continue reading here!
//Richard
The IT Melting Pot! 