// This is the script to give summary on the main page.
Think IPM

Monday, October 17, 2016

Running NetApp? New Blog and Free Book!

If you one of the many customers out there running a NetApp storage system,  here’s a hot lead to a new blog run by Neil Anderson (@flackboxtv).  It’s cloud, Netapp, and more cloud. 

Neil has a great step by step e-book that he is giving away for free that details a step by step process for creating a NetApp ONTAP 9 lab using VMware Workstation and the NetApp simulator.  As a blogger, he has put a lot of work and effort into this and is reaching out to share it back with the community.  That’s pretty cool – Thanks Neil!
Click Here to Continue Reading >>

Tuesday, October 4, 2016

Dude, where’s my Citrix Client Printers Utility?

Image result for easy hard choiceTime marches on and it’s time to upgrade your XenApp Servers.  7.x, here we come.  But your users have been nicely trained to use the Citrix Client Printers Utility and it’s now GONE in XenApp 7.x!  You have 2 options:  

1) Change your policies to auto-create *all* of a user's client printers, a revolting option if you consider that a traveling user's laptop may have *dozens* of printers defined, most of them obsolete or inaccessible.  Biggest culprits: those damned consultants!

2) Copy the binaries (printcfg.exe and at least its English UI DLL – resource\en\printcfgUI.dll) from a XenApp 6.5 server to your new 7.x servers and you are good to go! Works just as before, and maintains the argument that you only really need to auto-create users' *default* client printer since you can give them the option of selecting more if they really need them.  The argument is especially strong if you also auto-create their generic Citrix UNIVERSAL Printer (with Preview enabled) via policy, for occasional access to additional printers without their having to be auto-created or auto-retained within their sessions.

The choice is obvious!
This great Citrix tip came straight from JB – Follow him at @Jacqbens.

Click Here to Continue Reading >>

Monday, September 26, 2016

Stuck in Maintenance mode after 5.5 ESXi upgrade

Image result for maintenance modeI received a call from a client asking for help removing maintenance mode from an ESXi host.  The 5.5 host was put into maintenance mode, had some patches applied to it and when it came back to vCenter, the client was unable to exit Maintenance Mode.  vCenter complained that the host was unavailable on the network or that the ‘Exit Maintenance Mode’ command was invalid for the specific state.  Weird.

I connected to the ESXi Host directly from the VI client and the host showed it was NOT in Maintenance mode.  Immediately that told me that the vCenter was not updating it’s status correctly.  From the direct connection, I put the host back into Maintenance mode to match up what vCenter believed.  At that point, I removed the ESXi host from the cluster and from vCenter and gave the Host a reboot.  Freshen things up.  Once returned it refused to be added back into the Cluster.

But then I remembered that pesky VMware KB 2140304 that states that ESXi hosts upgraded are not manageable by a vCenter of a lower patch version!  The easiest fix for this is a quick patching of vCenter to the now current 5.5 Update 3e.

This was a blast from the past for me as most of my clients have upgraded to vSphere 6.x by now but for those out there still holding the line on 5.5, this was an easy one to fix. (Although be sure to always take a snapshot!  - Damn you Murphy!)

Click Here to Continue Reading >>

Tuesday, September 20, 2016

A quick look at the Horizon 7 Access Point Appliance

In case you missed it, VMware has been moving toward more and more appliance driven applications.  vCenter, vRealize and now Horizon Access Points.  The Access Points are replacements for the Windows based Security server we would normally build out in a Horizon View environment.   This server is on the edge of the connection before the user’s endpoint (usually in a DMZ or utilized with a firewall NAT).

Having this server as a VMware hardened appliance seems great!  I’m in.  Let’s check it out…

First off, it’s an OVF appliance.  I like that.  I am deploying 2.7 here.

ScreenClip

There are a couple of different scenarios for NICs.  there are 3 selections. 1, 2 and 3 NICs.  Single NIC is for NAT’d environments, 2 and 3 would be for DMZ installations.  (3 NICs if you want to additionally isolate the management traffic)

ScreenClip

Here is where it gets kind of annoying.  You need to create an IP Pool for the network settings. Even though the next screen will allow you to add in a variety of IP settings.

ScreenClip

ScreenClip

On this screen, BE SURE to give the admin user a password since all configuration will have to be done via the REST API via JSON.  What?!?  Yeah .. that’s it for me.  I’m not dealing with that.   Here are the rest of the screenshots for completeness but at this point, I’ve made up my mind to use the Windows Based Security Server.

ScreenClip

ScreenClip

After this screen is a nice summary screen and then the appliance will get deployed.  Like I said earlier, this is not for me or my clients.  The manageability needs to be increased substantially before I would consider deploying it to my clients.  Maybe 3.0 or 4.0.  I’ll keep a close eye on the developments of this product.

Click Here to Continue Reading >>

Wednesday, September 14, 2016

Upgrading VMware Site Recovery Manager from 5.8 to 6.1.1

Image result for fall upgrades

So the Summer is over, school is back, Fall is here, iOS10 has been released and everyone is itching to upgrade stuff.  It’s what you do before the end of the year.  Finish crossing things off your lists before starting new lists. #NewYearResolutions

Today, I am upgrading a client’s VMware  Site Recovery Manager from 5.8 to 6.1.1 (the latest at the time of this writing).  Not so fast though…  Looks like there is no direct upgrade from SRM 5.8 to 6.1.1. Sad smile  

Looks like you have to take a slight detour to 6.0 first and then upgrade to 6.1.1.  Whew!

image

Click Here to Continue Reading >>

Monday, July 18, 2016

Stopping that unstoppable service!

A client (and friend) contacted me recently with a challenge.  Following what we assume was a bad pattern update, his Microsoft System Center Endpoint Protection service (aka Forefront Security, aka Microsoft Antimalware Service, aka MsMpSvc), running on all the servers in his XenApp farms, was suddenly timing out during the scanning of all web downloads and effectively preventing them from completing. 

His question was simple:  “How do I stop this service?”
image

Needless to say, he only asked because this particular service (like many services one encounters in one’s travels) has permissions set to not only protect itself from being stopped via normal means, like the Services snap-in or “Net Stop …”, but also to prevent the forcible termination of its service executable (in this case MsMpEng.exe) via Task Manager or “TaskKill /F …”, regardless of the privileges held by the account attempting it (including SYSTEM).  The two methods I eventually came up with after some testing on a home VM that happens to be running the same Endpoint Protection certainly worked in the case of this particular service, but should be applicable to a variety of similarly protected services (when they’re suspected of causing issues and provide no alternate way of gracefully shutting them down).  Both methods can be summarized simply as “use the SYSTEM account to give Administrators full control over the service in question, which includes the right to stop it, then stop the service normally”  -- they differ only in that the first method uses a GUI and the second uses command line, making it appropriate for scripting and mass deployment to multiple machines.  They both use SysInternals’ PSExec to launch a process as SYSTEM.  [When attempting this with services other than Endpoint Protection, you’ll of course substitute the appropriate executable and service name into what follows].

Method 1 – Using SysInternals’ Process Explorer:

(1) Run Process Explorer as SYSTEM (PSExec -s -i ProcExp.exe).  The -i is very important to see the program run interactively, and of course -s to run as SYSTEM.

(2) Find MsMpEng.exe in the Process Explorer process tree, right-click and select Properties

(3) Go to the Services tab, make sure MsMpSvc is selected, then click the Permissions button.

(4) In the MsMpSvc Permissions dialog, select Administrators, then give Full Control (see red arrow in screenshot below) and click OK.

(5) You should now be able to stop the service (via Server Manager, command line, whatever).

[In the case of this particular service, Administrators once again lost Full Control when I restarted the service to take the screenshot, so the elevated permission were temporary].

clip_image002

Method 2 – Using Helge Klein’s SetACL:

As always with the incredibly powerful SetACL, figuring out the syntax is a bit daunting, but this eventually worked:

PSExec -s SetACL-x64.exe -on MsMpSvc -ot srv -actn ace -ace "n:Administrators;p:full"

The parameters passed above to SetACL-x64.exe can be roughly interpreted as “object name MsMpSvc, object type Service, action add/modify an ACE (Access Control Entry), ACE details: give account name Administrators the permission Full control).

Once this is done, the service can again be stopped using any Administrator account (via Net Stop, sc.exe, PSService.exe, whatever).

I can’t guarantee they’ll all yield to the same techniques, so good luck with your own unstoppable services.

Jacques.
Follow Jacques Bensimon on Twitter @JacqBens

Click Here to Continue Reading >>

Monday, June 27, 2016

Centralized policy definitions - Bad idea! ... with a remedy.

imageOn several occasion in the past few years (and twice in the past month, probably the result of interest in piloting Windows 10 and/or Office 2016), I noticed a very bad Microsoft idea being implemented in a client’s domain environment:  a central policy definitions store is created at


\\dns.domain.name\sysvol\dns.domain.name\Policies\PolicyDefinitions

and is populated with some collection of ADMX/ADML policy definition templates (in both recent cases copied from a Windows 10 machine of unknown vintage).

Doing this prevents *all* machines in the environment from which any policy editing is ever done (my XenApp  6.5 servers being just one example of such) from being able to use their own platform-specific, version-specific and custom policy definitions.  For my situation at these clients, any ADMX/ADML collection older or newer than the most current Windows 2008 R2 definitions is bad and/or confusing – I want to see all the policy settings that are applicable to the 2008 R2 XenApp servers, and none that aren’t – and anything other than the Microsoft Office policy definitions for the version installed on XenApp means that I (for example) can’t properly manage Office policies because they are seen by the policy editor as just “Extra Registry settings” that are not explained and cannot be modified.  Adding more policy definitions (e.g. for additional Office versions) into the central store is *not* a good solution to this, because it further confuses the situation and doesn’t solve the problem of a different Windows version’s policies being displayed (e.g.  there are like millions – okay, hundreds – of new policies defined for Windows 10 and Server 2016 and, while editing policies for Windows 7/8.x or 2008/2012 R2, it would be torture to wade through them and ignore the inapplicable ones if the Windows 10 definitions were the ones placed in the central definitions store).

Bottom line:  the central store idea was, at the time it first appeared, one of the worst ones Microsoft ever had, because they initially and for a long time thereafter provided no way for a domain machine to say “no thanks, I’ll use my own definitions”) and should even now probably only ever be used in incredibly uniform environments where every machine in the joint is running the same version of Windows, Office, etc., no machine uses custom or modified policy templates, and all machines are always updated at the same time (in lockstep with the central policy definitions) – yeah, I know of no such environment either!   My message to those who might unthinkingly implement a central policy store is “If you’re so in love with your set of policy definitions, put them where you use them without imposing them on everybody else!”.

However, should you run into this situation and can’t talk sense into your client (a shameful consulting fail, by the way J), Microsoft did at some point released a hotfix (An update is available to enable the use of Local ADMX files for Group Policy Editor) which, when installed and the following Registry entry added (set to 1), allows a Windows 7/8.x or 2008/2012 R2 machine to force the continued use of its own local policy definitions during editing, i.e. a “thanks but no thanks” setting:

Key:   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\EnableLocalStoreOverride

Type: REG_DWORD

Value: 0      (use PolicyDefinitions on Sysvol if present - Default)

1      (always use local PolicyDefinitions)

You’ll need to reboot after applying this hotfix (which is not delivered through Windows Update).

Thought you’d want to know.

Jacques.
Follow Jacques on twitter (@JacqBens)

Click Here to Continue Reading >>

Thursday, June 16, 2016

New IPM utility Net2SwapFlag -- solves infamous KB2536487 issue

Here is a great new utility written by my colleague Jacques Bensimon.


 

Microsoft Knowledge Base article KB2536487, entitled  Applications may crash or become unresponsive if another user logs off Remote Desktop session in Windows Server 2008 or Windows Server 2008 R2 , describes a situation whereby applications run directly from a network share can suddenly stop working for all existing and new users of a given Remote Desktop Services / Terminal Server / XenApp server as a result of one user logging off.  Having butted head with this issue, I can further clarify that once all running instances of the app on that server are fully closed, the app will once again start working, … until it occurs again (the main symptom is an application crash, either immediately upon launch or later when a particular app feature is invoked).  If online forum threads are any indication, this issue has been plaguing many environments for years (don’t let the recent date of that article fool you, it’s revision 5.0 and still as borderline incomprehensible as ever), and Microsoft is reported to have privately told some who’ve opened support cases that it doesn’t plan to provide a fix for this issue (because it entails a network File Control Block management strategy embedded deep within the redirector – I thought FCBs had gone out with 16-bit DOS applications, so I’m guessing Microsoft has recycled the term to denote something of a similar nature – think handle or the like).

 

Before I get to Microsoft’s suggested workarounds, let me first quickly dispense with a couple of urban myths that have grown up around solving the issue (I’ve tried them all, none of them work):

·        Run the app directly from a UNC path rather than a mapped drive (even if the app allows it, doesn’t work).

·        Make sure no mapping even exists to that share before using the UNC path (nope).

·        Use a DFS share, either mapped or via UNC (nyet and nyet).

 

Now here are Microsoft’s suggestions (verbatim from the KB article):

 

1.      Do not run shared applications from a mapped folder; instead install the shared application locally on the Terminal Server.

 

That right there is some solid technical support work!  … but let’s move on.

 

2.      Use WebDAV shares as opposed to mapped folders if remote binary sharing is required.

 

Not at all disruptive I’m sure (!) but, as you’d suspect, those who tried it reported horrible performance, so let’s move on again.

 

3.      Compile the application using the "Swap run from network" linker setting. This setting is described here.

 

I was ready to laugh this one off as well (the main affected app being a complex network-installed third-party application for which our client obviously didn’t have the source code and the means to recompile it), but I read the description of that linker setting anyway and found out that an executable (EXE/DLL/OCX) linked with that setting is treated differently by Windows when it is loaded, i.e. it is first copied to the local swap file and loaded from that location.   Well, that doesn’t sound like any kind of code change, merely some instruction to the OS about how the executable should be handled, the sort of thing one might find specified by something in the executable’s header maybe?  Armed with the Microsoft PE Header Specification and the experience of previously having investigated the Terminal Server Aware Flag, also found in the PE header and the subject of the IPM TSFlag utility, I found out that this setting is indeed also a single-bit flag (officially called IMAGE_FILE_NET_RUN_FROM_SWAP, value 0x0800 in the header’s so-called Characteristics word) and that it could therefore in theory be set into an already compiled executable … and thus was born the IPM Net2SwapFlag utility:

 

clip_image002

 

I applied it to every executable in the application’s network folder [For %F in (*.exe *.dll *.ocx) do Net2SwapFlag-x64 %F /QY] and the app crashes have completely disappeared since.  If the utility is launched interactively on one of the executables, it now displays something like

 

clip_image004

 

I have yet to run into an executable “in the wild” that already had that flag set, so I’m guessing not a lot of developers are even aware of the feature (which by the way as a side-effect should somewhat speed up the overall performance of network-based applications).

 

But there was one more piece of information provided as part of that last workaround given in the KB article:

 

If the application is a managed app, instead use the “Shadow Copy” feature described here.

 

I and a couple of .NET developers I spoke to couldn’t make any sense of that “Shadow Copy” feature for standalone apps (the linked article appears oriented to web development with ASP.Net), and it’s unclear from the KB article whether setting the magic flag in the header of a .NET executable would have the same desirable “run from swap” effect.  So for now I can only present  Net2SwapFlag as a working solution to the KB2536487 issue for unmanaged (i.e. non-.NET) applications.  I of course would be happy to know whether it works with managed apps, one way or the other – I’m leaning 51% toward it working there as well.   [If ever a utility required a disclaimer, this is it, so let’s keep it simple: You assume all the risks of using this utility, even if the resulting executables cause untold data and/or job loss!  Don’t even think of using the utility otherwise.  Capiche?]

 

Later,

Jacques.


You can find the utilities here.
Click Here to Continue Reading >>

Monday, May 9, 2016

Citrix Secure Gateway is dead. Long live CSG 3.3.4!

Even though Citrix’s Secure Gateway will be End of Life’d at the end of the year (soon? sometime? eventually?) (CSG EOL... Now What?), it seems as though the update department wanted to release at least one more version of the free ICA proxy software.
With this release, Citrix went ahead and added SHA-2, TLS v1.1 and v1.2 support.

You can read the release notes below:  

Assuming you are not also still running Windows 2003 or earlier (TLS v1.1 and v1.2 aren’t supported by those OSes), go ahead and grab it while it’s hot! Winking smile
Click Here to Continue Reading >>

Monday, April 11, 2016

Continue to build out your network

Like most of the rest of the world, I use Outlook as my primary CRM because of it’s seamless syncing with my iPhone (along with a million other reasons) and treat it as my central hub.  For a long time, I used the LinkedIn Toolbar for a single feature;  the ability to highlight someone’s signature and ‘grab’ it into an Outlook contact.  The LinkedIn toolbar would parse the copied information and put all the relevant information into the appropriate contact fields.  It was awesome!  Until it no longer worked. :( [Thanks Outlook 2013!]

Recently, I stumbled across a perfect replacement that I thought I would share.  It is a standalone freeware piece of Windows software called Signus. 

image

The software allows you to copy the signature into your clipboard and push it into Microsoft Outlook or Gmail.  They have a few other supported CRMs as well on their page.  [Website]

The software is about 2 years old and I’m not sure if it is still being updated but it works great now and fills the hole left by the defunct LinkedIn Toolbar.

Enjoy adding contacts!

Click Here to Continue Reading >>

Thursday, April 7, 2016

Catch Sam Jacobs at Citrix Synergy 2016!

If you are going to be at Citrix Synergy  this year, be sure to register for Sam Jacobs breakout session on Netscalers!  Check out the official promotional post below:

NetScaler Debugging A to Z
clip_image002You've spent the past few weeks implementing all the latest blog posts on configuring your NetScaler, and you're eager to see the fruits of your labors. You browse to your Access Gateway FQDN, and ... nothing but a blank screen! You review your configuration, and everything seems to be in order, but something obviously isn't. How do you go about figuring out what's wrong?
In this 90-minute breakout session, we will travel through the entire NetScaler data flow, including:
- Pre-logon (navigating to the logon page),
- Authentication,
- Session initiation (routing to StoreFront, Web Interface, or a custom home page),
- Desktop/application enumeration, and
- Desktop/application launch.
At each point along the way, you will learn the most common issues one might experience. Using the built-in NetScaler tools, as well as public-domain (free!) utilities you will learn how to diagnose, isolate, and correct them.

clip_image004Bulletproof your configuration
While having the knowledge necessary to debug and remediate NetScaler issues is critical, the best way to debug a NetScaler configuration is not to have to debug it at all! We will review a set of Best Practices to be used when setting up a NetScaler, so that the need for debugging will be greatly minimized.
NetScaler Rewrite Engine
clip_image006NetScaler has undergone a tremendous transformation since the Access Gateway was acquired from Net6 in 2004. One of the most powerful features of the NetScaler is its ability to dynamically rewrite URLs, allowing clientless access to internal resources. During the session, we will also dive deep into the rewrite engine, where we will examine how the NetScaler performs this process, what can go wrong, and what can be done about it.
clip_image008
So join me at Citrix Synergy for SYN317: NetScaler Troubleshooting and Debugging Best Practices, on Thursday, May 26th from 8:30-10:00AM PST in Bellini 2101A. Let’s go bug-hunting! Hope to see you there!




Sam Jacobs is the Director of Technology Development at IPM, the longest standing Citrix Platinum Partner on the East Coast. With more than 25 years of IT consulting, Sam is a NetScaler customizations and integrations industry expert. He holds Microsoft MCSD, Citrix CCP-M and CCP-N certifications, and is the editor of TechDevCorner.com, a technical resource blog for IT professionals. He is one of the top Citrix support Forum contributors, and has earned industry praise for the tools he has developed to make NetScaler, Web Interface, and StoreFront easier to manage for administrators and more intuitive for end users. Sam became a Citrix Technology Professional (CTP) in 2015.
Sam can be reached at: sjacobs@ipm.com or on Twitter at: @WIGuru.



Click Here to Continue Reading >>

Monday, April 4, 2016

Stick to the Basics–vMotion fails at 21%

I was working with a client recently and after doing a memory upgrade and vSphere upgrade from 5.x to 6.0, my vMotion activity began to fail when moving VMs back to the host.

The vMotion migrations failed because the ESX hosts were not able to connect over the vMotion network

The error above popped into vCenter when trying to preform a vMotion.  It would stall at exactly 21%.  This being a client environment that I couldn’t be 100% sure of, I went to basic troubleshooting.  After inspecting the connected vNics and looking carefully at the CDP information provided, we noticed that one of the vNics had been connected to an incorrect switch.
image
Every time you get the above 21% error, check the physical connections.  I’m sure you will find your misconfiguration there.
Physically flipped it back to the right switch and vMotions were moving along without issue.
Click Here to Continue Reading >>

Thursday, March 31, 2016

Link Collection–Antivirus guides for Citrix & Terminal Servers

Some times you have a good bit of information to write about in a blog post, other times you just have a bunch of links.  ;)

Today is just a good group of links from Aaron Silber related to tuning Antivirus scanning on Citrix XenApp/Terminal Servers.   Some of these links are dated but the meat is good since AV hasn’t changed much in client environments.  I still don’t see much host side scanning done in the hypervisor (at least in the field) so these client recommendations are still very relevant in today’s VDI environments.


imageMicrosoft Window Server
http://support.microsoft.com/kb/822158

Citrix Servers
http://support.citrix.com/article/CTX127030

PVS Specific
http://support.citrix.com/article/CTX124185

AppV Specific – On Terminal Server
http://support.microsoft.com/kb/973366

SQL Server
Here is the Microsoft guide for AV on SQL server
http://support.microsoft.com/kb/309422

Symantec
http://www.symantec.com/connect/sites/default/files/SEP%20on%20Terminal%20Servers.pdf


Click Here to Continue Reading >>

Tuesday, March 29, 2016

Removing a Node (or 3) from a Nutanix Cluster

Recently, I had to retire some nodes from a client’s Nutanix cluster.  We were recycling 3 out of the 6 nodes down to DR in this particular case.  I’ve added nodes to a cluster but this was the first time I had to remove nodes from one.  I reached out to Alan Biren from Nutanix for some quick instructions.  As with all my dealings with Nutanix, I knew this would be a simple process.   Below is the short and long of it (which includes removing nodes from a live running system without any user disruptions or data interruptions). –Nice!


Since all nodes participate in data protection and replication, the process needs to be done one node at a time.

First step would be to migrate all VMs from the node (ESXi) to the other nodes (use vCenter).   Since a CVM is running on each node, putting the node into maintenance mode can’t be done (can’t maintenance mode while a VM is running) so I instead opted to remove the nodes from the vSphere DRS cluster and reconfigure them as stand alone ESXi hosts.

Once all VMs are evacuated, remove the NFS Datastore from the node.

CVM needs to be up and running.

From PRISM, go to hardware, select the node from the Diagram and then click the Remove Node and OK the warning message.

image

This will start the process of moving the data that sits on the node to the other nodes/forcing the data locality.  This process could take up to 6 hours to complete depending on the amount of data.

image

The process will move through the paces of migrating all of the data from the node for removal to the remaining nodes in the cluster.  Once complete, the GUI will show success and a reduced number of nodes in the cluster.  Verify there are no remaining alerts before proceeding to the next node.

You can also check this has completed by running the cluster status and checking what nodes are in the Nutanix Cluster.
'ncli get-remove-status’, if ‘MARKED_FOR_REMOVAL_BUT_NOT_DETACHABLE is displayed, the process is not complete, if no output is returned then the process has completed.

Once the nodes have been removed from the Nutanix Cluster, you can clean up ESX side, by shutting down the CVM (triple verify in PRISM that no errors pop up when shutting down the CVM), putting node into maintenance mode and removing from ESX Cluster.

Click Here to Continue Reading >>

Tuesday, March 22, 2016

vCenter 5.5 Update 3b Upgrade Bug

Image result for computer bugGot bit by a pretty annoying vCenter 5.5 Update 3 bug.

https://kb.vmware.com/kb/2134141
Error 1053: The service did not respond to the start or control request in a timely fashion.


While upgrading a client to 5.5 Update 3b from vCenter 5.5 U2, you have to make a modification to a source file BEFORE running the upgrade.  If you just process the upgrade, vCenter fails to start at the end of the installation (after upgrading the SSO, Database, Web Client and Inventory service!).  There is NO RESOLUTION.  Just a work around or a roll back with work around.  Fortunately, I took a snapshot of vCenter before upgrading so I was able to roll back, make the change and process the upgrade successfully but UGH.. It should have been a lot easier. Smile 

In any event – If you are upgrading to vCenter 5.5 Update 3b, read the link above and be sure to always take snapshots before upgrading anything. Winking smile 

Oh and if you haven’t upgraded to the vCenter Appliance yet – read the above link again and tell me
WHY haven’t you made the switch yet?

Click Here to Continue Reading >>

Wednesday, March 16, 2016

High Level First Look at Citrix’s AppDisks

image
IPM’s Rajen Das took the opportunity to install Citrix AppDisks in the IPM labs and gave us this high level report:


imageFinally got around to implement this in the lab and I must say it works as advertised.

Lab setup:
(1) Citrix XenDesktop 7.8
(1) Citrix Provisioning server 7.8
(1) Citrix AppDNA server(latest)
(2) Microsoft Windows 10 VDA
(2) Microsoft Windows 2012 VDA (test pending)

Here are my findings so far:

1. The environment must be 7.8 all across including PVS 7.8 or use MCS.

2. You’ll need a separate server for AppDNA. Be patient during the installation; it took me 20 hours. It should be less on high-end servers.

3. AppDisk is available for all license types: XenApp Advanced, Enterprise and Platinum edition as well as XenDesktop VDI, Enterprise and Platinum edition.

4. AppDNA is only available on Platinum editions of XenApp and XenDesktop.

5. If you are using PVS, you’ll need the vDisk to be in maintenance mode. After the installation is completed and sealed, the maintenance version can be deleted.

6. Unlike App-V, new applications are only available after a reboot.

If you care about a having a pristine golden image and want to avoid having 100 applications on it, this solution may work for you. 

Questions for Rajen?  Leave them in the comments or follow him on @Neo124t

Click Here to Continue Reading >>