Archive
Top 10 #CitrixSynergy sessions…watch them today!
Have a look at the 10 most popular Citrix synergy sessions! They are now uploaded and ready for you to see:
- SYN501: Geek Speak Tonight! (Desktop Virtualization panel) & SYN501 (Mobility panel)
- SYN415: Advanced best practices for migrating from Web Interface to StoreFront
- SYN321: Next-generation desktop and app delivery with XenDesktop 7, Microsoft System Center 2012
- SYN334: What’s new in XenDesktop and XenApp Platinum
- SYN320: XenDesktop 7: what you should know about FlexCast management architecture and XenApp migration
- SYN299: One Step Beyond – An audience with the Citrix CTO’s
- SYN322: XenDesktop 7: reinventing HDX for mobile, 3D graphics and beyond
- SYN222: Architecting a global XenApp farm with regional users using NetScaler and StoreFront
- SYN404: Introducing the Citrix Diagnostic Toolkit
- SYN206: What’s new in ShareFile Enterprise
Continue reading here!
//Richard
#Citrix Knowledge Center Top 10 – March 2013
Citrix Support is focused on ensuring Customer and Partner satisfaction with our products.
One of our initiatives is to increase the ability of our Partners and Customers to leverage self-service avenues via our Knowledge Center.
Find below the Citrix Knowledge Center Top 10 for March 2013.
Top 10 Technical Articles
| Article Number | Article Title |
|---|---|
| CTX129229 | Recommended Hotfixes for XenApp 6.0 and Later on Windows Server 2008 R2 |
| CTX129082 | Application Launch Fails with Web Interface using Internet Explorer 9 |
| CTX804493 | Users Prompted to Download ICA File, Launch.ica, Instead of Launching the Connection |
| CTX132875 | Citrix Receiver Error 2320 |
| CTX105793 | Error: Cannot connect to the Citrix server. Protocol Driver Error |
| CTX127030 | Citrix Guidelines for Antivirus Software Configuration |
| CTX115637 | Citrix Multi-Monitor Configuration Settings and Reference |
| CTX133997 | Citrix Receiver 3.x – Issues Fixed in This Release |
| CTX325140 | Manually and Safely Removing Files after Uninstalling the Receiver for Windows |
| CTX101644 | Seamless Configuration Settings |
Top 10 Whitepapers
| Article Number | Article Title |
|---|---|
| CTX131577 | XenApp 6.x (Windows 2008 R2) – Optimization Guide |
| CTX132799 | XenDesktop and XenApp Best Practices |
| CTX101997 | Citrix Secure Gateway Secure Ticket Authority Frequently Asked Questions |
| CTX136546 | Citrix Virtual Desktop Handbook 5.x |
| CTX136547 | StoreFront Planning Guide |
| CTX133185 | Citrix CloudGateway Express 2.0 – Implementation Guide |
| CTX129761 | XenApp Planning Guide – Virtualization Best Practices |
| CTX134081 | Planning Guide – Citrix XenApp and XenDesktop Policies |
| CTX130888 | Technical Guide for Upgrading/Migrating to XenApp 6.5 |
| CTX122978 | XenServer: Understanding Snapshots |
Top 10 Hotfixes
| Article Number | Article Title |
|---|---|
| CTX136714 | Hotfix XS61E016 – For XenServer 6.1.0 |
| CTX132122 | Hotfix Rollup Pack 1 for Citrix XenApp 6.5 for Microsoft Windows Server 2008 R2 |
| CTX126653 | Citrix Online Plug-in 12.1.44 for Windows with Internet Explorer 9 Support |
| CTX136483 | Hotfix XS61E014 – For XenServer 6.1.0 |
| CTX133882 | Hotfix Rollup Pack 2 for Citrix XenApp 6 for Microsoft Windows Server 2008 R2 |
| CTX133066 | 12.3 Online Plug-In – Issues Fixed in This Release |
| CTX136253 | Hotfix XS61E010 – For XenServer 6.1.0 |
| CTX136482 | Hotfix XS61E013 – For XenServer 6.1.0 |
| CTX136085 | Hotfix XA650R01W2K8R2X64061 – For Citrix XenApp 6.5 |
| CTX136674 | Hotfix XS61E012 – For XenServer 6.1.0 |
Top 10 Presentations
| Article Number | Article Title |
|---|---|
| CTX135521 | TechEdge Barcelona 2012 PowerPoint and Video Presentations – Reference List |
| CTX129669 | TechEdge 2011 – Overview of XenServer Distributed Virtual Switch/Controller |
| CTX121090 | Planning and implementing a Provisioning Server high availability (HA) solution |
| CTX133375 | TechEdge 2012 PowerPoint and Video Presentations – Reference List |
| CTX135356 | TechEdge Barcelona 2012 – Understanding and Troubleshooting ICA Session Initialisation |
| CTX135358 | TechEdge Barcelona 2012 – XenDesktop Advanced Troubleshooting |
| CTX133374 | TechEdge 2012 – Monitoring your NetScaler Traffic with AppFlow |
| CTX135361 | Troubleshooting Tools: How to Isolate and Resolve Issues in your XA and XD Env Rapidly |
| CTX135360 | TechEdge Barcelona 2012 – Planning, Implementing and Troubleshooting PVS 6.x |
| CTX135357 | TechEdge Barcelona 2012 – Implementing and Troubleshooting SF and Rec for Windows |
Top 10 Tools
| Article Number | Article Title |
|---|---|
| CTX122536 | Citrix Quick Launch |
| CTX135075 | Citrix Diagnostics Toolkit – 64bit Edition |
| CTX130147 | Citrix Scout |
| CTX111961 | CDFControl |
| CTX106226 | Repair Clipboard Chain 2.0.1 |
| CTX109374 | StressPrinters 1.3.2 for 32-bit and 64-bit Platforms |
| CTX124406 | StressPrinters 1.3.2 for 32-bit and 64-bit Platforms |
| CTX113472 | Citrix ICA File Creator |
| CTX123278 | XDPing Tool |
Continue reading here!
//Richard
How to check which #NetScaler policy that your #Citrix #Receiver or web browser hits?
Ok, this is a common issue that you’ll end up in when setting up Access Gateway access scenarios:
How do you know which policy that is hit when your different Receivers are logging in?
Well, there are a couple of nice commands that can help you troubleshooting your access scenario! I guess that most of you have a simple scenario where you have one domain to authenticate against and some simple PNA, CVPN and potentially SSL VPN policies and profiles to deal with, and they are all linked to the virtual server like something like this simple example:
But in more complex scenarios you may end up controlling which browser the user is accessing with (for giving nice error messages instead of Citrix default messages when users may use an unsupported browser etc.), or when you have multiple AD domains and AD groups to link different policies to etc. Then it may be complex and you have multiple policies and profiles for the same config with minor changes like the SSO domain name etc. So how do you then troubleshoot that easily?
First we have the must know command that hooks into the auth process of the NetScaler and gives you a view of the authentication process:
cat /tmp/aaad.debug
When you run that and you authenticate you’ll see the result of your auth process agains for instance LDAP and RADIUS sources like the result here when I logged in to our little environment:
At the top of the output you see all the AD groups that I’m a member of that needs to match the group that you like to use on the NetScaler side, and last you see that accept from AD for my authentication request.
Then you know that you’re authentication ok, but which of the session polices are we hitting? Then you need to have a look at this great command:
nsconmsg -d current -g pol_hits
This is the output when I access using my Receiver on OS X:
New v3 #AWS CloudFormation Template for #XenApp with support for #NetScaler and #StoreFront
Great info and post from Peter Bats!
Since Paul Wilson and myself first introduced a CloudFormation template in the blog “Jumpstarting your XenDesktop Farm in AWS with a CloudFormation Template,” we’ve added support for multiple Regions and Availability Zones in a v2 version of this CloudFormation template in the blog “Announcing the Multi-Region AWS CloudFormation Template for XenDesktop”.
We are now announcing the third version of our AWS CloudFormation template which adds the new Asia Pacific Sydney region and support for StoreFront and NetScaler Access Gateway Enterprise. This release makes use of the NetScaler VPX instances available via AWS MarketPlace, and replaces Web Interface with StoreFront to be able to support all the advanced features of our latest Citrix Receivers.
Version 3 of the CloudFormation JSON template can be downloaded from here.
We’ve also made a video available for you that walks you through the whole process on Citrix TV. Check it out here.
For detailed instructions on using the v3 CloudFormation template, download the setup guide here.
Using this new template, in only a couple of hours you’ve constructed a XenApp farm in your selected Region within the AWS cloud using Netscaler and StoreFront technology. You can use the farm for a number of purposes, including:
- Application Testing
- Business Continuity
- Proof-of-Concept
- Testing XenApp performance in the cloud
- Learning how to manage AWS resources
We welcome your…
Continue reading here!
//Richard
#Citrix #NetScaler 10 on Amazon Web Services – #AWS
Yes, it’s here! 🙂
Mainstream IT is fast embracing the enterprise cloud transformation and selecting the right cloud networking technologies has thus quickly emerged to be an imperative. As mainstream IT adopts IaaS (Internet as a service) cloud services, they will require a combination of the elasticity and flexibility, expected of cloud offerings and the powerful advanced networking services used within emerging enterprise cloud datacenters.
Citrix® NetScaler® 10 delivers elasticity, simplicity and expandability of the cloud to enterprise cloud datacenters and already powers the largest and most successful public clouds in the world. With NetScaler 10, Citrix delivers a comprehensive cloud network platform that mainstream enterprises can leverage to fully embrace a cloud-first network design.
Citrix and Amazon Web Services (AWS) have come together to deliver industry-leading application delivery controller technology. NetScaler on AWS delivers the same services used to ensure the availability, scalability and security of the largest public and private clouds for AWS environments. Whether the need is to optimize, secure or control delivery of enterprise and cloud services, NetScaler for AWS can help accomplish these initiatives economically, and according to business demands.
The full suite of NetScaler capabilities such as availability, acceleration, offload and security functionality is available in AWS, enabling users to leverage tried-and-true NetScaler functionality such as rewrites and redirects, content caching, Citrix Access Gateway™ Enterprise SSL VPN, and application firewall within their AWS deployments. Additional benefits include usage of Citrix CloudBridge™ and Citrix Branch Repeater™ as a joint solution.
Citrix NetScaler transforms the cloud into an extension of the datacenter by eliminating the barriers to enterprise-class cloud deployments. Together, NetScaler and AWS delivers a broad set of capabilities for the Enterprise IT:
Hybrid Cloud Environment
Hybrid clouds that span enterprise datacenters and extend into AWS can benefit from the same cloud networking platform, significantly easing…
Continue reading here!
//Richard
Heads Up – issues with Access Gateway Plug-in for Mac OS X Version 2.1.4 – #Citrix, #NetScaler
Well, I guess that you’ve already read all the good things about the new capabilities of the newer Access Gateway plug-in, Receiver and Access Gateway Enterprise that together with StoreFront will add additional features and functions that haven’t existed before. It’s now built to work together with the Receiver on the Windows and Mac OS X platforms and promises a lot by various blog posts from Citrix and others (incl. myself).
Here is an example of what it can (should) do: What’s new with Access Gateway MAC Plug-in release 2.1.4
But is the Access Gateway Plug-in that great? Well, before you plan to implement version 2.1.4 on OS X and especially if you want to leverage the SSL VPN functionality and host checks (EPA) then read the Important notes and Known issues for this release:
Important Notes About This Release:
- The Access Gateway Plug-in for Mac OS X Version 2.1.4 supports Citrix Receiver Version 11.7
- Import the secure certificate for Access Gateway into the Keychain on the Mac OS X computer.
- The Access Gateway Plug-in for Mac OS X Version 2.1.2 and earlier versions are not supported on Mac OS X Version 10.8.
- Endpoint analysis scans for antivirus, personal firewalls, antispam, Internet security, and EPAFactory scans are not supported for Mac OS X.
- Client certificate authentication is not supported for Mac OS X.
First of all I’d say that these notes are not that great if you ask me! Why do I have to add the cert into the Mac Keychain? Why doesn’t the plug-in support the more “advanced” host checks like personal firewalls, certificates etc.?
Wait, it get even worse!! And before you go to the whole list I’d highlight these top ones that I’m kind of surprised about:
- It doesn’t support LAN access
- Upgrading doesn’t work
- Doesn’t apply proxy settings configured in session profile
- It doesn’t support SAN certificates
- Users cannot start the Access Gateway plug-in if the Receiver is already started, you first have to shut down the Receiver
Here you see the full Known Issues list for this release:
- When users disable wireless on a Mac OS X computer and connect by using a 3G card, the Access Gateway Plug-in does not upgrade automatically through Citrix Receiver. If users select Check for Updates to upgrade the plug-in, the upgrade fails and users receive the error message “Updates are currently not available.” [#45881]
- If you run stress traffic for HTTP, HTTPS, and DNS simultaneously, the Access Gateway Plug-in fails. [#46348]
- When users disable wireless on a Mac OS X computer and connect by using a Vodafone Mobile Broadband Model K3570-Z HSDPA USB 3G stick, the Access Gateway plug-in does not tunnel traffic. [#256441]
- If you configure an endpoint analysis policy and also enable the client choices page and proxy servers in a session profile, occasionally a blank choices page appears after users log on. When you disable the choices page in the session profile, the choices page appears correctly. [#316331]
- If users connect to Access Gateway with the Access Gateway Plug-in for Mac OS X and then run ping with a payload of 1450 bytes, the plug-in fails to receive the ICMP reply. [#321486] Read more…
Configuring Email-Based Account Discovery for #Citrix #Receiver
Check out this great blog post from Avinash Golusula:
Configuring Email-Based Account Discovery
1 Add DNS Service Location (SRV) record to enable email based discovery
During initial configuration, Citrix Receiver can contact Active Directory Domain Name System (DNS) servers to obtain details of the stores available for users. This means that users do not need to know the access details for their stores when they install and configure Citrix Receiver. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.
To enable Citrix Receiver to locate available stores on the basis of users’ email addresses, configure Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named “discoverReceiver” to identify a StoreFront/AppController server.
You must install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your users’ email accounts.
To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone.
- Log in to your DNS server
- In DNS > Right-click your Forward Lookup Zone
- Click on Other New Records
- Scroll down to Service Location (SRV)
- Configuring Email-Based Account Discovery
- Choose Create Record
Explaining #Citrix Pass-through Authentication
Check out this great blog post from Joel Bejar:
Introduction
Pass-through authentication is a simple concept. User credentials are passed to a Web Interface site and then to the XenApp/XenDesktop servers, preventing users from having to explicitly authenticate at any point during the Citrix application launch process. While this authentication method seems straightforward, there are some moving pieces, and this article aims to break these down to provide a more detailed understanding of how this process truly works within Citrix.
Pass-Through Authentication – Web Interface Site
The first step to the pass-through process occurs at the Web Interface site. Users are able to navigate to the web interface site, and their credentials are passed through and they are presented with their Citrix delivered resources. Web Interface is built on Internet Information Services (IIS). For pass-through authentication to work, IIS Integrated Windows Authentication must be leveraged. Formerly called NTLM, this authentication method hashes the user credentials before they are sent over the network. When this type of authentication is enabled, the client browser proves its is authenticated through a cryptographic exchange with the Web Interface server, involving hashing. Because of this, the web browser is responsible for authenticating with the Web Interface Server (IIS). It is important to note, though, that credentials are actually never exchanged. Instead, the signed hash is provided to IIS, proving that said user had already been authenticated at the Windows desktop. The web interface user uses the user’s AD context (sometimes referred to as a token) to retrieve the user’s AD group membership and pass this list of groups directly to the XML service for authentication. At this point, the user has successfully passed through to the Web Interface site, and can now view his/her Citrix resources.
- The WI server must be in the same domain as the user, or in a domain that has a trust relationship with domain of the user.
- If the WI server and user are in different domains, and resources are published using Domain Local AD groups in the user domain, then the WI will not be able to enumerate these, even with a proper AD trust relationship (due to the very nature of Domain Local groups).
- The WI site should be added as a Trusted Site or Intranet Zone site in Internet Explorer. In addition, the security settings should be modified so that User Authentication\Logon is set to ‘Automatic Logon with Username and Password’.
- Pass-through authentication is not supported on Web Interface for NetScalerPlease Note: Pass-through authentication and Kerberos authentication are not interchangeable and they have different requirements.
Pass-Through Authentication – XenApp/XenDesktop Session
One of the biggest misconceptions with Pass-Through authentication in Citrix is that it only occurs when a user navigates to the Web Interface site and he/she is automatically passed through. As mentioned above, this IIS authentication method that is being used does not actually exchange the user password. In other words, Web Interface is never in control of the user credentials. This brings up the question: How are users passed through to the actual XenApp/XenDesktop ICA session?
While the web browser has a role in authenticating the user to the web site, the Citrix client (Citrix Receiver) plays an integral role in making sure the user is fully passed through to the application or desktop. Citrix Receiver installs a process called SSONSVR.exe, which is the single sign-on component of the client (no, not password manager SSO, but rather desktop credential pass-through authentication SSO.) This process is fully responsible for passing the user credentials to XenApp or XenDesktop. Without this piece, pass-authentication will not function.
Continue reading here!
//Richard
Are you, or wanna become a Mobility or Networking guru? – #EnvokeIT, #Citrix, #XenMobile, #BYOD
Then you might be the one that we’re looking for!!
EnvokeIT is expanding and are looking for people with the following areas of expertise:
Mobility
Are you currently working within the mobility area or with any of the major Mobile Device Management products out there (MDM, MAM, MIM etc.)? Then we’d love to talk to you! We strongly believe in this area and are focusing on it and would like to have you onboard on this journey! And of course we’re focusing on the Citrix product portfolio but are mainly looking for people with experience within the area and not exclusively on the Citrix XenMobile/Zenprise products. And Enterprise Mobility Management is here to stay, it’s the future work-/play-ground!
Networking
Wow, this is an area that is exploding! And I must agree that I’m not the expert within this area, but there are so many new capabilities being developed right now and we and our customers see the business value here. We’re talking about everything from traditional old school SSL VPN to supporting the latest mobility, application and cloud delivery solutions out there! So if you have experience on the Citrix NetScaler product or are a current Cisco, F5 or Riverbed person; contact us to hear more on what we have to offer!
Contact us – EnvokeIT (form page),or if you rather contact me or Mathias directly:
Richard Egenas – CTO
Email: richard-at-envokeit-.-com
Phone: +46 (0) 768 81 01 62
Mathias Törnblom – CEO
Email: mathias-at-envokeit-.-com
Phone: +46 (0) 8 587 633 10
Thanks for taking your time reading this and I hope that you will join us on this journey!! 🙂
//Richard
How does #Citrix #NetScaler SDX isolate its instances?
Ok, I received this question the other day and this article is really spot on! Get a cup of coffee and enjoy! 😉
And remember this: YOU CAN ONLY HAVE 7 INSTANCES/1Gbps NIC!!!! So if you intend to host more than 7 VPX’s on your SDX then ensure that you plan your network design if you use 1Gbps otherwise go for the 10Gbps ports and SPFS.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
This article contains information about the Single Root I/O Virtualization (SR-IOV) and Intel Virtualization Technology for Directed I/O (Intel-VTd) technology and how NetScaler appliance uses this technology to achieve fully isolated high performance NetScaler instances.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
Server Virtualization presents both a tremendous opportunity and a major challenge for Enterprise Data Centers and Cloud Computing infrastructure. Current Hypervisors already facilitate the consolidation of many servers that are not utilized efficiently to a smaller number of physical servers delivering better space utilization, lower power consumption, and reduced overhead costs.
Virtualization architectures are built on a virtualization layer called a Virtual Machine Monitor or Domain 0 that becomes the primary interface between a virtual machine and the physical hardware. Even though virtualization allows multiple virtual machines to share the same hardware, it also creates additional overhead and can lower server performance as it becomes the bottleneck between a virtual machine and input/output (I/O) hardware as the number of virtual machines increase.
The NetScaler SDX appliance breaks through these performance bottlenecks by leveraging next generation of I/O virtualization technology called SR-IOV as defined by the PCI-Special Interest Group (SIG). SR-IOV enabled Intel chips along with Intel VT-d enable the NetScaler SDX appliance to significantly reduce virtualized network processing overheads, and provide more secure and predictable mechanisms for sharing I/O device among multiple virtual machines.
Intel Implementation of Single Root I/O Virtualization
Intel has worked with the PCI-SIG to define the SR-IOV specification. As shown in the following image, SR-IOV provides dedicated I/O to virtual machines bypassing the software virtual switch in the Virtual Machine Manager (VMM) completely, and Intel Ethernet Controllers improve data isolation among virtual machines. Another feature of SR-IOV is a feature called Virtual Functions. These are Lightweight PCIe functions that allow a single physical port to look like multiple ports. Therefore, multiple virtual machines can now have direct assignment on the same port. This increases the scalability of the number of virtual machines on the machine through more efficient I/O device sharing.
Intel VT-d Technology
Intel VT-d is a hardware enhancement for I/O virtualization that is implemented as part of core logic chipset. Intel VT-d defines an architecture for DMA remapping that improves system reliability, enhances security and…
Continue reading here!
//Richard
The IT Melting Pot! 