// This is the script to give summary on the main page.
Think IPM

Wednesday, May 20, 2015

Document Starter: Deploying an Application / Desktop

Sometimes you just need a little help creating documents.  Just a starting point to really get the juices going and head start to get the documentation ball rolling.  Aaron Silber has a nice starter document for anyone looking to document their XenApp/XenDesktop groups.

You can download the actual Word Document here: <ShareFile Location Here>

This document will detail the steps necessary to deploy an application or desktop to users via StoreFront or the Receiver. At a high level, the process is broken down into two steps,

  • Creating a Machine Catalog, which is a collection of desktops or physical computers that are managed as a single entity.
  • Once the catalog has been created, the administrator assigns applications from the machine catalog to users via delivery groups.

In the new world of XenApp/XenDesktop v7.x, in order to publish an application, you create and add applications in the Citrix Studio and make them available to Delivery Group Users. Create Delivery Groups for specific teams, departments, or types of users. Delivery groups specify the groups of users who access desktops or applications. Users can be members of multiple delivery groups to enable various access to applications and / or desktops.

Creating a Machine Catalog

Launch the Citrix Studio Console


Select Machine Catalog


Right click and select Create Machine Catalog


Click Next


Select Windows Server OS


Click Next


Select Another service or technology


Click Next


Select the computer accounts to be part of this machine catalog.


Click Add Computers



Enter in the Computer Name


Click Next


Fill in a Machine Catalog Name and optionally a description for administrators to see.


Click Finish


End of Machine Catalog Creation

Creating Delivery Group

Click on the node called Delivery Groups


Right-Click and select Create Delivery Group


Click Next


Select a machine Catalog to be used to publish the applications to.


Increase the number of machines to the amount of machines that should be made available to this group.


Click Next


Select Desktops and applications


Click Next


Click Add users, to add in users and/or groups


Click Next


XenApp will automatically scan the server for applications and display them for easy publishing.


If you want to customize an application, click it and select the Application Properties button for more details.


Click Next


Click Next


Enter in a Group name and a Display name.


Click Finish


End of Delivery Group Creation

You should now be able to log into a StoreFront server and access the application(s) / Desktop(s) that were just configured.

Click Here to Continue Reading >>

Friday, May 15, 2015

PSA: VENOM Exploit on Citrix XenServer

I’ve had some clients ask about a new exploit making it’s way around security desks lately.  It’s called VENOM and it leverages a buffer overrun scenario that has been detected in certain code used to process commands from a Virtual Floppy controller on a VM to gain unauthorized access across the entire HOST and all VMs running within it. VENOM exploits the hypervisors specifically to gain unauthorized access to additional Virtual Machines running on the host platform.


After some research, it looks as though this is primarily an issue with the QEMU floppy controller code found in some open source Hypervisors including Citrix’s XenServer. 

VMware and Hyper-V are not known to be affected by this exploit.

EDIT: As of this post, Citrix has not issued patches for XenServer but AND has opened up a KB article to track the progress of the exploit.  (http://support.citrix.com/article/CTX201078)

This is also a good time to discuss whether it makes sense to even have Virtual Floppy Drives on VMs.  It’s such a legacy thing and is typically a default configuration setting for new VMs.  It might be worth looking at your templates to see if there are any unnecessary devices that should be removed to avoid future exploits.

Click Here to Continue Reading >>