Monday, October 20, 2014

Citrix StoreFront for dummies (v2x)

StoreFront key components

Authentication service: An integral part of StoreFront,  authenticates users to XenDesktop sites, XenApp farms. The authentication service ensures that users only need to log on to StoreFront/Receiver once.

Store: Retrieves user credentials from the authentication service to authenticate users to the components providing the resources. The store enumerates and aggregates the resources currently available from XenDesktop sites, XenApp farms. Users access the store through Citrix Receiver or a Receiver for Web site.

Application Subscription Store (Data Store):This store saves and indexes the application or desktop subscriptions of the users on a per - StoreFront Store basis. Tthe new Application Subscription Store uses the built-in Microsoft Windows Extensible Storage Engine to store details of users’ app subscriptions locally on StoreFront servers. When joining a StoreFront server to a Server Group the replication of data between all members is configured automatically.

Receiver for Web site:This site enables users to access stores through a webpage. If a version of Receiver installed locally it can be upgrade or if not detected it can be installed. Where Receiver cannot detected or installed the HTML5 client can start in compatible web browsers (IE over HTTP, Chrome/Firefox over HTTP/S).

Desktop Appliance site: Desktop Appliance sites provide users of non-domain desktops with an experience similar to that of user with domain-joined desktops. The web browsers is configured to start in full-screen mode displaying the logon screen for a Desktop Appliance site.

XenApp Services site: Used as a service to support PNAgent (Receiver for Enterprise), seamless desktop experience, Fast Connect, and Desktop Lock for repurposed PCs. or other devices like IPAD etc.

Authentication to StoreFront
  1. User enters username and password on StoreFront server. The authentication service validates (the user credentials) with a domain controller.
  2. StoreFront checks the data store for existing user subscriptions and stores them in memory
  3. StoreFront forwards the user credentials as part of a XML query to the backend XenApp / XenDesktop
  4. Delivery Controller validates (the user credentials) with a domain controller
  5. Delivery Controller checks which resources have been published to this user within its database
  6. Delivery Controller sends an XML response to StoreFront which contains all resources available for the user from the XenDesktop site
  7. StoreFront sends the list of available resources including the existing subscriptions to the Citrix Receiver installed locally or displays them in Receiver for Web

image

A Non blank interface for new users

To avoid users from having a blank screen when they first logon, automatically subscribe users to a few core applications. Add KEYWORDS:Auto to the application or desktop description in XenApp or XenDesktop. Another option that can be used to organise applications is KEYWORDS:Featured. The Featured keyword only places apps in the Featured category

Local apps used via StoreFront

In addition the string KEYWORDS:prefer="application" can be used to specify that the locally installed version of an application should be used in preference to the equivalent delivered instance if both are available

Thanks to this white paper for the details, I have simplified it where I thought relevant : http://support.citrix.com/servlet/KbServlet/download/33432-102-697177/StoreFrontPlanningGuide.pdf 

Thursday, October 16, 2014

Citrix HTML5 client on StoreFront Server

I put this together as official Citrix material is a bit ambiguous on what is needed, it is all there, but obtuse.

What is it? Receiver for HTML5 enables users to access desktops and applications directly within HTML5-compatible web browsers without needing to install Citrix Receiver.

StoreFront:

On the StoreFront use the Deploy Citrix Receiver task to configure the behaviour of a Receiver for Web site (HTML5 client) when a Windows or Mac OS X user without the Citrix Receiver installed accesses the site. By default, Receiver for Web sites automatically attempt to determine whether Citrix Receiver is installed when accessed from computers.

Specify the response of the Receiver for Web site if Citrix Receiver cannot be detected on a user's device.

  • If you want the site to prompt the user to download and install Citrix Receiver but fall back to Receiver for HTML5 if Citrix Receiver cannot be installed, select Use Receiver for HTML5 if local install fails. Users without Citrix Receiver are prompted to download and install Citrix Receiver every time they log on to the site.
  • If you want the site to enable access to resources through Receiver for HTML5 without download and install Citrix Receiver, select Always use Receiver for HTML5. With that option selected, users always access desktops and applications on the site through Receiver for HTML5, provided they use an HTML5-compatible browser. Users without an HTML5-compatible browser have to install the native Citrix Receiver.
XenApp and XenDesktop:

For local users on the internal network, access through Receiver for HTML5 to resources provided by XenDesktop and XenApp is disabled by default. To enable local access to desktops and applications using Receiver for HTML5, you must enable the ICA WebSockets connections policy on your XenDesktop and XenApp servers. XenDesktop and XenApp use port 8008 for Receiver for HTML5 connections.

Ensure your firewalls and other network devices permit access to this port.

Client browsers:

Receiver for HTML5 can only be used with Internet Explorer over HTTP connections. To use Receiver for HTML5 with Firefox over HTTPS connections, users must type about:config in the Firefox address bar and set the network.websocket.allowInsecureFromHTTPS preference to true.

Wednesday, October 15, 2014

PVS Soap service member of Local Administrators on Server

 

For PVS images that use KMS, when you switch modes from Private to Standard and select Key Management Service on the vDisk, the PVS server performs a volume operation on the server that requires elevated privileges, specifically the ability to perform volume maintenance tasks.

If you are running Soap/Stream as Network Service or a custom account, it not have the permissions required.

You can test the GPO \Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\ “Perform Volume Maintenance Tasks” but I have not.

 

Hat tip: http://pvsguy.com/2014/02/12/why-is-it-important-to-be-a-local-admin-in-pvs/

Tuesday, October 07, 2014

Snapshot of Active Directory in Windows Server 2012 R2

Open a PowerShell window and type:

  • NTDSUTIL
  • SNAPSHOT
  • ACTIVATE INSTANCE NTDS
  • CREATE

clip_image002

Note the GUID that is created (above mine is 4f54…….), or just leave the CMD prompt open. You can LIST ALL to see the GUIDs later.

QUIT and QUIT to exit from snapshot or you can mount that GUID

If you did quit, use

  • NTDSUTIL
  • SNAPSHOT
  • ACTIVATE INSTANCE NTDS
  • LIST ALL

If you  just enter the next command it is

  • MOUNT YOUR-GUID-YOU-WANT

clip_image003

QUIT and QUIT to exit from the mount process

To start the ADDS and export files from it find the name of the snapshot with DIR C:\$*.*

Then start it up with

  • DSAMAIN /DBPATH C:\$SNAP_date&time_VOLUMEC$\WINDOWS\NTDS\NTDS.DIT /LDAPPORT 6660

clip_image005

Leave DSAMAIN / CMD running in the background

Open Active Directory Users and Computers (or LDIFDE etc) and select CHANGE DOMAIN CONTROLLER YOURCOMPUTERNAME:6660

clip_image006

clip_image007

clip_image008

This is the old Active Directory from the backup.

clip_image009

Note what you need or export what you need etc.

When finished close the command prompt or press CTRL+C to stop DSAMAIN.EXE

To close the open snapshot issue the following commands

  • NTDSUTIL
  • SNAPSHOT
  • ACTIVATE INSTANCE NTDS
  • LIST ALL
  • UNMOUNT YOUR-GUID
  • QUIT, QUIT

Done. Now you just need a daily, weekly task to do the backup.

Thursday, October 02, 2014

Citrix Adaptive Display moving to GPUs

 

What is Citrix Adaptive Display and why should I care?

Before adaptive display there was Progressive Display which worked well back in the day, but if you wanted to tune it, it is was a manual dark art. It was often misconfigured resulting in a poor experience, so lets just move on.

Then came Adaptive Display, the first generation. It was based on progressive display but was auto tuning according to the available bandwidth and the capabilities of the client. Simply, it would use a different compression algorithm for moving images and still images and tune it on the fly.

Now there is Adaptive Display Second generation. It is now based on different codecs, the ‘SuperCodec’ from Citrix dynamically decide which compression is used for different parts of the screen. The most important codec is the H.264 deep compression codec known as HDX 3DPro. Add to this Desktop Composition Redirection.

If you want to offload you can also redirect Desktop Composition to the client if supported. This will work with the Microsoft applications like Internet Explorer, Office 2010+. You can also tune the quality of Desktop Composition Redirection can be configured in the following policy: Desktop_Composition_graphics_Quality

HDX 3DPro (H.264 Deep Compression codec) has now evolved and it can completely encode in host CPU. This new version, called the Deep Compression V2, uses even less bandwidth then before but hits the CPU harder. The load on the host side increases and can affect the scalability of the total solution, when CPU resources are limited or scalability is a concern in your environment you may need to tune this down or optimise it.

If you need to bring down the graphics performance you can turn on the legacy graphics mode policy to get the user density you are aiming for and scalability targets but this affects the user experience. And that kind of defeats the purpose of what we are aiming for.

So instead move to a Graphics Processing Units (GPU). The GPU can do the heavy graphics lifting.

In XenDesktop 7x you have the following options:

  • Leverage the GPU directly (Either physically or through the Hypervisor GPU pass-through)
  • Leverage the GPU indirectly through GPU virtualisation (Available by using Nvidia GRID and others)

Leveraging the GPU directly has been available for a while now but was one-to-one solution for Windows 7 VDI (Hosted shared desktops based on 2008 r2 etc. you could share a GPU with multiple sessions on the same server OS)

Graphics are first rendered and compressed in the GPU and then send down the client, so first the output of the GPU needs to be captured, compressed and tuned by the ICA client, this process is called screen scraping. Screen scraping, is not required when using a Nvidia GRID because it comes with an API which allows remote display protocols (ICA client) to access the frame buffer, (the encoding engine of the GRID card) directly. This means to you the job is rendered and sent remotely with almost no delay.

XenServer supports GRID GPU virtualisation and the remote display APIs. This is in early test for VMware and not on the map for HyperV.

So for the best graphics yet on VDI, get XenServer, XenDesktop and a bunch on NVidia GRID K1/2 Cards.

The newest Citrix Receivers supports the new codecs so stay current.

If you want to tune Adaptive Display you have the following settings, BUT ALWAYS leave it default until you have a test bed:

  • Max frames per second
  • Target Minimum Frame rate (up to 60 on newer receiver)
  • Minimum Image Quality
  • Moving Image Compression
  • Extra Colour Compression (Chroma and Luma)
  • Heavyweight Compression
  • Lossy Compression level
  • Legacy Graphics Mode
  • Visual Quality
  • Desktop Composition Redirection
  • Desktop Composition Redirection Quality

Wednesday, October 01, 2014

16, 24 and 32-bit colour...

 

16-bit colour (High colour, from back in the day), can display 65,536 colours, which is fine for most uses.

24-bit colour (True colour), can display 16,777,215 different colours.

32-bit colour, also supports 16,777,215 colours but also has an alpha channel and using the alpha channel can create gradients, shadows, and transparencies.

To explain the alpha channel? In 32-bit graphics systems there are four 8-bit colour channels, three 8-bit channels for red, green, and blue (RGB) and one 8-bit alpha channel. The alpha channel is a mask not a colour. The alpha channel specifies how the pixels colours should be merged with the next pixel when the two are overlaid, one on top of the other.

Can my eyes tell a difference?

Most users can't. But custom programs that use gradients, shadows, transparency, etc. you may notice a difference with 32-bit colour.

Blog Archive