866-764-TECH(8324) · Subscribe to Application Solution Providers, Inc.News FeedSubscribe to Application Solution Providers, Inc.Comments

Security has been blamed as the biggest barrier to cloud adoption. Organizational leaders are walking into IT departments with their brand new iPads and demanding access to the network from these convenient devices. And, the beast known as compliance continues to breathe down our necks.

Whether you’re primarily concerned about the cloud, endpoint protection or data security, one thing is for sure – security is broken. Organizations routinely spend way too much on security measures that mostly serve to frustrate users, while contributing little to the overall security of truly sensitive data. And, legacy security practices such as end-to-end ownership, malware signatures and full physical isolation continue to be challenged by end-user demands, highly evolved attacks and new usage patterns.

All is not doom and gloom though – virtualization presents some innovative ways to respond to these business challenges and transcend security challenges that have plagued computing for decades.

In the CTO Crystal Ball session at Synergy Berlin, I’ll be demonstrating the following security trends and more:

  • Situational Security – protective measures that are fine-tuned to specific data needs and context
  • BAOC (Bring Any Old Computer) – providing realtime device control to take endpoint security concerns out of the equation
  • Flying through the Clouds – architecting true multitenant and mixed-mode data cloud security

Please join me along with Harry Labana, Martin Duursma, and Simon Crosby from the Citrix CTO office as we look into the future at Synergy Berlin!

More info on this demo-filled session and the CTO team’s prognostication can be found at:
http://citrix.g2planet.com/synergyberlin2010/public_session_view.php?agenda_session_id=305

In my first post I introduced all the great new features and enhancements to the XenClient software that runs on the laptops and desktops. Now I wanted to turn the attention to the Synchronizer for XenClient. This is the centralized delivery system that can deploy, update, backup, and secure virtual machines running on XenClient.  We will also have a few more surprises before GA that I’ll share in late September.
 

Dynamic Image Mode (Experimental)

This is one of the most exciting capabilities that we added in RC2 and it really spans both the backend and the client. This capability allows layering of VM images. By separating the image into different layers (Base OS, Apps, User profile) administrators can maintain a single copy of the base image in the datacenter. As the base image is updated the Synchronizer will automatically generate a delta to upgrade the image deployed on existing XenClient systems or send the latest version to new XenClients. This not only allows for upgrades to your deployed virtual desktop images but allows roll-to any version of an image. So you can rollback or roll forward to any version of the VM image with a few mouse clicks. So if you deploy an update and it has some unintended interaction, no problem just flip a switch and roll everyone back. The user profile data is stored in a separate layer that allows it to remain untouched as the rest of the system is updated or rolled back. Additionally by separating the user data into a separate layer backup sizes are dramatically reduced. This is being delivered as an experimental feature in this release as it’s a new model for image deployment and we want to get feedback on how it works for you in your environment.

Simplified disk space expansion for image and backup storage

Administrators will now be able to easily increase the amount of storage available for storing VM images and user backups. Now you can simply shutdown the Synchronizer appliance, increase the data disk drive in XenCenter and boot up the appliance. The Synchronizer will automatically find and use the newly added space it’s as simple as that.

 

Simplified and Expanded Synchronizer Setup

We have revamped the Synchronizer setup process to be cleaner and easier to use. This includes streamlined HTTPS support and support for static networking configurations.

In place upgrade for Synchronizer

Just as you can move XenClient from RC1 to RC2 we also added the ability to upgrade Synchronizer to RC2 while keeping existing settings, images, and backups intact.

Scalability enhancements

Our Synchronizer wizards have been doing a bunch of scalability testing and optimization to increase the data transfer throughput and increase the number of XenClients per Synchronizer server. We will share some more detailed results including rules of thumb by the time we GA. We have also optimized the storage of compressed VM image and user backup data to reduce the amount of storage space required on the backend.

Usability Enhancements

We spent a lot of time on incorporating usability feedback into this release. We have a crack team of UX experts at Citrix that watched ITPros first use of the system and we learned some great information about how to make the product even simpler to use. While we made a host of enhancements and these are some of the ones that stand out:

Revamped web console

We have done a big revamp of the web admin interface touching almost every square inch of the UI. We got a chance to incorporate a lot of valuable feedback from the UX testing and feedback from users in our beta programs. And we are not done yet, look for additional enhancements in the GA release as well. Some highlights are below:

New user and group details pages with ability to easily view and modify user and group assignments

New multi-step assignment wizard

Version and author information display enhancements

Device filtering support

So you can see our engineering team has been hard at work adding some great new capabilities to both XenClient and the Synchronizer for XenClient. If you are using RC1 today upgrade and check out the new features if you have not tried it yet now is the time.

You can download XenClient and the Synchronizer for XenClient RC2 here.

I’m excited to let everyone know that we just posted the second release candidate of XenClient and the Synchronizer for XenClient to the web. This will be our last stop before GA and I wanted to tell you about some of the great new features and enhancements in this release in XenClient, tomorrow I’ll share more details about enhancements to the Synchronizer for XenClient. We will also have a few more surprises before GA that I’ll share in late September.

Windows 7 x64

This was one of the top requests as we are seeing about a 50/50 split with customer deployments of Windows 7 between 32bit and 64bit. The Xen virtualization technology we use in XenClient is 64bit so adding this support was really a matter of porting the graphics, USB, and other supporting drivers over to 64bit. The storage and networking drivers were already 64bit ready courtesy of the XenServer group.

Improved USB

Another top request was improvements to USB device support. So we spent a lot of time making major improvements to the USB support in XenClient. This includes support for integrated USB devices such as webcams and fingerprint readers. Also we built a new user interface for routing USB devices between VMs and setting up persistent connections between VMs and USB devices. At this point most USB devices should work with the platform. If not let us know. I’ve listed some of the top requests below.

Added support for the following devices:

Apple iPod, iPhone, iPad

Microsoft Windows Phones

Android Phones

Headsets

Fingerprint Readers

Webcams

Smart Card Readers

3G data modems

And many more…

 

Bluetooth

With our new improved USB support comes support for a variety of Bluetooth devices. On most systems in our HCL the Bluetooth system is actually a USB device that can be assigned to a virtual machine. This allows that virtual machine to talk to your Bluetooth devices.

Usability Enhancements

We spent a lot of time on incorporating usability feedback into this release. We have a crack team of UX experts at Citrix that watched ITPros first use of the system and we learned some great information about how to make the product even simpler to use. While we made a host of enhancements and these are some of the ones that stand out.

Simplified VM upload and download process

We removed combined steps and even removed a number of steps to make the process of uploading a VM image to a Synchronizer super simple. We also removed the duplicate publish VMs that were cluttering the UI.

Improved display of upload/download progress

Along with enhancements to the actual upload and download process we enhanced the display of upload and download progress information and now include this information on the main Receiver for XenClient UI.

Enhanced client authentication experience

Here again we combined steps and cleanup up the UI to make the authentication experience on XenClient simpler to use and understand.

In VM alerting system

We have a brand new in VM alerting system that will make sure users are aware of critical issues affecting the system such as low disk space, policy actions, or impending lease time expiries. Previously this type of information was only available in the Receiver for XenClient UI.

Mouse pointer trails support

We have starting extended XenClient to be more accessible to all users and the first area of focus was on the mouse and trackpad. In this release we added pointer trails support 

Automatic slipstream of Intel Graphics drivers

XenClient has some amazing 3D graphics support that lets a virtual machine have direct access to the Intel graphics system for a native graphics experience. Now in this release we automatically slipstream the Intel graphics drivers into most versions of Windows. So you can flip on the 3D graphics feature and be ready to go without having to download any drivers.

Intel AMT KVM Remote Control

The latest version of Intel vPro technology includes a great new feature called AMT KVM Remote Control. This allows you to remotely view and control a laptop using a VNC viewer. This works on systems shipped this year with Intel vPro on Core i5 and i7 systems.  We did some nice integration work that allows you to remote control not only the XenClient UI but also switch between all of your VMs. It’s useful for remote troubleshooting and training with users. I also find it helpful for doing demos of XenClient over Go2Meeting. You need a second PC running Go2Meeting and then you can connect via a VNC viewer to the XenClient system. This lets everyone on the Go2Meeting see everything on the XenClient system.

 

Intel Extended Page Tables support

In this release we added support for hardware acceleration of virtual memory operations for increased memory performance. In the past the Xen hypervisor we use in XenClient did an admirable job of page table virtualization but nothing beats hardware assist and this will give us an extra boost in overall performance for memory operations.

 

In place upgrade for XenClient

We have had a tremendous response to the first release candidate and every time I go to a field event I get people showing me their laptops running XenClient. We have a legion of fans running XenClient as their daily software and so we wanted to make sure they had a path to move to the latest version of the software. So you can boot your existing system with an RC2 CD and the installer will find your existing setup and upgrade it. Once the software is upgraded be sure to update the XenClient tools software in each of your virtual machines. And as usual be sure to backup your system before doing the upgrade.

Local authentication enhancements

We made some nice changes to the authentication experience on XenClient simplifying the way you enter credentials as part of the usability upgrade mentioned above. We also added support for manual and automatic locking of the system. This means if you walk away from your XenClient system we can lock it automatically to protect your VMs and configuration.

Secure Application Sharing

We made a large number of enhancements to the secure application sharing feature to make it easier to use and provide helpful guidance if a publishing VM is not active.  Below are a list of some of the enhancements that have been made:

Automatic resolution changes when attaching a projector or external monitor

Notifications if the publishing VM is alseep or powered off

Ability to adjust thickness and color of secure shared application windows

Blacklisting of non-essential Windows utilities and built-in apps

Expanded hardware compatibility

This was also a big area of feedback from RC1 and over the next few releases you will see a big increase in the number of systems and peripherals we support. You will even see some new additions by the time we get to XenClient 1.0 GA.

Added support for the following laptops:

HP EliteBook 2540p

Dell Latitude E4310

Dell Latitude E4200

Added support for the following desktop:

HP Compaq 8000 Elite

Added support for the following wireless adapters:

Support for Dell Wireless™ 1501 adapters

Support for Dell Wireless™ 1520 adapters

Support for Intel 5150 Wireless adapters (WiFi Only)

Support for Intel 6250 Wireless adapters (WiFi Only)

Support for Broadcom 4312G Wireless adapters

Support for Broadcom 4322AGN Wireless adapters

So that’s some of the great new features and enhancements we have made to XenClient, see my second post to find out about some of the great new features in the Synchronizer including our new Dynamic image mode.

You can download XenClient and the Synchronizer for XenClient RC2 here.

Companies migrating their users to Windows 7 desktops are facing the challenge of supporting legacy IE 6 enterprise web apps on Windows 7 OS. Since IE 6 is not supported on Windows 7, customers need to find a way to deliver IE 6 to these users. The supported and cost effective way of doing this is using XenApp. Several XenApp customers are doing this today by hosting the IE 6 browser on XenApp and seamlessly delivering it to both virtual and physical desktops. And the reasons for doing that are

  • IE 6 delivered via XenApp on RDS is supported by Microsoft. In this option, you are hosting the IE6 browser on an RDS server and delivering it using XenApp
  • This is the most scalable and cost effective way to deliver IE 6 to all your enterprise Windows 7 desktop users
  • Since most companies average around 3-5 IE 6 enterprise web apps they need to deploy, they probably get high concurrency among their users and can use 1 XenApp CCU license for every 5 to 10 users

For those who are new to XenApp, I have recorded a short video to demonstrate how simple it is easy for administrators to deliver IE 6 using XenApp 5 on Windows Server 2003 and how seamless it is for end users to access IE 6 enterprise web apps in conjunction with other Windows 7 desktop apps

It’s numbers week in the U.S. again. The time of the month when the official government employment data makes its appearance, influencing stock markets worldwide, and corporate hiring decisions nationally. Predictions of what Friday’s labor report from the U.S. Bureau of Labor Statistics will show are already beginning to appear. A Dow Jones Newswire survey of economists says that on average... (more...)

A group calling itself the .JOBS Charter Compliance Coalition is asking the Internet addressing authority to reconsider its decision to allow the use of almost any name in conjunction with a .jobs extension. Composed of several high-profile organizations and companies, the Coalition claims the .jobs expansion and the plan for allocating the new names violates the charter from the Internet Association... (more...)

Update
We have delivered the Tech Talk on Essentials for using Windows PowerShell with XenApp and XenDesktop and both the recording and presentation are now available for viewing. We also have a separate blog for the Q&A from the session.

Session Description
Learn how to simplify your XenApp and XenDesktop administration using simple but effective PowerShell scripts. This session will provide a high-level overview of the PowerShell SDK for XenDesktop 4 and XenApp 6, and will focus primarily on live demos of PowerShell scripts for automating various aspects of these environments.

Programming knowledge is not required – an administrator with a basic scripting background can leverage the knowledge gained in this session and put it to use within their own environment. We hope to see you there!

Reference Materials
Mike and I have started to put together a blog series on the XenDesktop and XenApp PowerShell SDKs to be used as reference materials for the Tech Talk. If you haven’t already seen them, feel free to check out the links below. We will be giving live demos of several of the scripts mentioned as part of these blogs.

XenDesktop 4 PowerShell SDK blog series – by Ed York

XenApp 6 PowerShell SDK blog series – by Mike Bogobowicz

About the Presenters
Ed York – Senior Architect – Worldwide Technical Readiness
Ask-the-Architect Site: http://community.citrix.com/p/product-automation#home
Follow Ed on twitter: http://twitter.com/citrixedy

Mike Bogobowicz – Principal Consultant – Worldwide Consulting Solutions
Blog Site: http://community.citrix.com/blogs/citrite/michaelbog
Follow Mike on twitter: http://twitter.com/mcbogo

Thank you to all those that attended the Essentials for using Windows PowerShell with XenApp and XenDesktop Tech Talk on August 24, 2010 – we had a fantastic turnout! For those of you that missed it, both the recording and presentation have been posted.

Mike Bogobowicz and I co-presented this session where I led the XenDesktop PowerShell SDK side, and Mike let the XenApp PowerShell SDK side. This blog will focus on just the XenDesktop SDK questions that came from the session. Mike will have a separate blog post on the XenApp SDK questions.

XenDesktop SDK Q&A
Here’s the list of questions we received specific to the XenDesktop PowerShell SDK. In no particular order:

Q: Are you going to post the scripts you used in today’s session?
A: All the scripts we demonstrated are contained in the blog series that was posted prior to the session. You can find links to the blog series at the bottom of this article.

Q: What does “DDC” mean?
A: First, this is a great question!! If you are a XenApp admin that hasn’t touched XenDesktop, DDC is a brand new term. DDC stands for Desktop Delivery Controller. It is the component of XenDesktop 4 that brokers virtual desktops to end-users, much like how the XenApp Zone Data Collector (ZDC) brokers published applications to end-users.

Q: This looks a lot like the PowerShell SDK for XenServer, just different commands. Is it similiar?
A: Yes, I believe Engineering made the PowerShell SDKs for XenServer, XenDesktop, and XenApp similar in structure on purpose. In that way, once you learn one, learning the others will be much simpler.

Q: The 4th XenDesktop PowerShell script from the Tech Talk showed how to shut down a single virtual desktop session. How would you modify this script to interact with an entire Desktop Group or multiple users?
A: The key here is to play with the parameters of the Get-XdSession cmdlet. If you provide the -User parameter, you can get specific user sessions. If you provide the -Group parameter, you can get all sessions from a particular desktop group. If you don’t include either of these parameters, you’ll get back all sessions across the entire farm. To get started, I would encourage you to check out the full help details for this cmdlet.

Get-Help Get-XdSession -Full

Q: With the virtual desktop session shutdown script, is there a way to allow the user to prevent the shutdown?
A: I don’t believe so. Once you call the Stop-XdSession cmdlet to shut down the session, it’s going to perform an immediate shutdown of that virtual desktop. That’s why in the demo I mentioned sending a warning message to the user to give them a heads up of the shut down, perhaps 10 to 30 minutes prior for them to save their work.

Q: Do we need to provide some credential (i.e. username/password) in order to be able to run the PowerShell script from a remote domain machine?
A: You can execute all of the scripts I’m providing in the blog series from a remote domain machine. I did some additional research on this and it looks like your logged on account to that remote machine needs to be both a XenDesktop admin and have access to the XenDesktop database. This would make sense from a security perspective to not allow any domain user to manipulate your farm. So the security is performed with your logged on machine account. We don’t need to pass a XenDesktop credential to the XenDesktop cmdlets.

Q: Can you create a desktop group in a specific folder?
A: I checked the New-XdDesktopGroup cmdlet that is used for creating a new desktop group and I couldn’t find a parameter for specifying a folder as part of the desktop group creation process. It does appear, however, we can move a desktop group to a new folder immediately after it’s been created. You would use commands like below:

#************************************************************
#Move desktop group to a different folder
#************************************************************

#Add the XenDesktop snap-in to the current Powershell session
Add-PSSnapin "XdCommands"

#Set up variables for the script
$strDDCAddress = "10.10.10.56"
$strDesktopGroupName = "Windows XP"
$strTargetFolderName = "Folder1"

#Get the target XenDesktop folder 
$xdfolder = Get-XdFolder -Name $strTargetFolderName -AdminAddress $strDDCAddress 

#Get a particular desktop group 
$xdgroup = Get-XdDesktopGroup -Name $strDesktopGroupName -AdminAddress $strDDCAddress -HostingDetails

#Display the current folder assignment for the desktop group
echo $xdgroup.Folder 

#Change the folder assignment for the desktop group
$xdgroup.Folder = $xdfolder

#Apply the change to the DDC
Set-XdDesktopGroup $xdgroup

#Verify the update 
echo $xdgroup.Folder

Q. Is it possible to enable the “User-driven desktop restart” setting for a desktop group as part of creating the desktop group with PowerShell?
A. Just as with the last question, I checked the New-XdDesktopGroup cmdlet for creating a new desktop group and couldn’t find a way to enable this setting as part of executing that command. However, you can enable this setting immediately after creating the new desktop group. You would use commands like below:

#*************************************************************************************
#Enable "User-driven desktop restart" setting for a desktop group
#*************************************************************************************

#Add the XenDesktop snap-in to the current Powershell session
Add-PSSnapin "XdCommands"

#Set up variables for the script
$strDDCAddress = "10.10.10.56"
$strDesktopGroupName = "Windows XP"

#Get a particular desktop group 
$xdgroup = Get-XdDesktopGroup -Name $strDesktopGroupName -AdminAddress $strDDCAddress -HostingDetails

#Enable user-drive desktop restart
$xdgroup.AllowUserDesktopRestart = $true

#Apply the change to the DDC
Set-XdDesktopGroup $xdgroup

#Verify the update 
echo $xdgroup.AllowUserDesktopRestart

Q: If you have multiple DDCs, do you have to specify each, or just the master DDC to run against?
A: In a multiple DDC environment, if you point your scripts to the “master” DDC you should be fine. My XenDesktop farm only has one DDC so I can’t verify this one, but I’m thinking you might be able to point the scripts to any of the DDCs in the farm. If someone has a larger farm out there that can verify for us, please post a note at the bottom. Essentially, check out the scripts from the blog series and look for the -AdminAddress parameter I’ve been using for several of the XenDesktop cmdlets. If you have multiple DDCs, experiment putting the different IP addresses for that parameter and see if the script runs fine against each DDC in the farm.

Q: How can you check for disconnected sessions? Can you tell how long they’ve been disconnected?
A: The code snippet below explains how to get all the disconnected sessions for the XenDesktop farm. It looks like the properties of the $xdsession object will tell you the start time of the session, but not when it was disconnected.

#*****************************************************************
#Checking for disconnected virtual desktop sessions 
#*****************************************************************

#Add the XenDesktop snap-in to the current Powershell session
Add-PSSnapin "XdCommands"

#Set up variables for the script
$strDDCAddress = "10.10.10.56"

#Get all disconnected sessions for the XenDesktop farm
$xdsession = Get-XdSession -AdminAddress $strDDCAddress -SessionDetails | where { $_.State -eq "Disconnected" }

#Display the disconnected sessions
echo $xdsession

Q: Can you monitor what is happening on the virtual desktop through PowerShell?? Or interact with a specific session (SendKeys style)?
A: The XenDesktop SDK doesn’t provide much in way of getting the details inside the session. In the Tech Talk, I demo’d how you can send messages to the session. You can also get some attributes for the session such as the client name and client IP that launched it. This blog goes into some of that. You can probably run other types of PowerShell scripts from within the virtual desktop session to get some additional metrics or details. Plus, there’s Citrix EdgeSight as well to have an agent running on the virtual desktop to collect performance metrics and other details!

Q: When doing an automated desktop deployment using MDT or other image deployment tool, what is the best way to have the desktop imported into it’s appropriate Desktop Group as part of the post install task sequence? These desktops are not pre-staged in AD and would prefer not to have the SDK installed on each VM. Can it execute a script on a remote server to do the import?
A: The XenDesktop PowerShell scripts do not need to be executed on the virtual desktops nor the DDC for that matter. They can be executed from any domain machine that can reach the DDC. You can use this blog for a sample script on adding virtual desktops to a desktop group. As part of your MDT automation process, you are going to want to install the virtual desktop agent (VDA) software on the virtual desktops prior to adding them to the desktop group. You’ll also want these machines added to your domain prior as well.

Q: Is it possible to create an advanced presentation for those comfortable with PowerShell and SDKs?
A: This is something that we’ve been discussing for a bit. Now that we have laid out the groundwork for the XenDesktop 4 SDK Primer, we can now think about adding in some more complex scripts to build on top of that knowledge. If you are experienced with the XenDesktop SDK and have some suggestions for what you would like to see, please post a comment below. For the more complex stuff, it’s always good to have a goal in mind for something practical that is needed out in the field.

Q: Do you cover VMware as a hypervisor in your blogs?
A: I didn’t cover VMware specifically, but the scripts I provided in the Tech Talk and blogs should also work with a VMware ESX host. If you are using VMware ESX to host virtual desktops, you are still considered to be using a VM-based desktop group. In the blogs I created, they were focused on interacting with VM-based desktop groups with XenServer as the host. My understanding is that the syntax should be very close if not identical. If anyone has used the XenDesktop PowerShell SDK for a VMware host, feel free to provide a comment at the bottom regarding your experience. Were the commands pretty much the same? Did you find any differences with using the SDK compared to my scripts with a XenServer host?

Tech Talk Resources
As a reminder, we based the Tech Talk on the blog series we posted prior to the session. You can find all the sample scripts we demonstrated in the Tech Talk within these blogs.

XenDesktop 4 PowerShell SDK Primer blog series – by Ed York

XenApp 6 PowerShell SDK blog series – by Mike Bogobowicz

About the Presenters
Ed York – Senior Architect – Worldwide Technical Readiness
Ask-the-Architect Site: http://community.citrix.com/p/product-automation#home
Follow Ed on twitter: http://twitter.com/citrixedy

Mike Bogobowicz – Principal Consultant – Worldwide Consulting Solutions
Blog Site: http://community.citrix.com/blogs/citrite/michaelbog
Follow Mike on twitter: http://twitter.com/mcbogo

Indian government worries that online and mobile communications are being used by terrorists

Proposals from Research In Motion (RIM) for lawful access of its networks by law enforcement agencies in India are being put into operation immediately, the government said Monday.

Sneaky laser attack fools detector

A Norwegian team claims it has come up with a new way to hack quantum key distribution (QKD) systems that would allow an attacker to intercept a key without being detected.