Introduction

How often have you found that there is a lot of "How To" or run-book style documentation out there, but none of them seem to completely address the combination of your requirements? And while you have expertise in one or more product areas, have you found that making the pieces work together seems challenging sometimes?

I ran into such an example not too long ago. I had to configure an Access Gateway SSL VPN to a XenDesktop environment, accelerate the traffic, and support Single Sign On. There was not a comprehensive document out there that I could leave behind with the customer.

So I took a different approach. Rather than create an exhaustive document, I just listed the steps and referenced only the specific sections in existing product documentation, knowledge base documents, and some custom information.

For my specific project needs, (User/AGEE PlugIn/Repeater PlugIn > NetScaler AGEE > Repeater > XenDesktop) I came up with the following set of instructions that I left behind with the customer.

Step One - Create the XenDesktop Environment

I, personally, was OK with setting this up. Otherwise I would have used the Evaluating XenDesktop section (Section 4) of the XenDesktop product documentation available from the Citrix eDocs site. This can be retrieved from http://support.citrix.com/proddocs/index.jsp and selecting XenDesktop.

Step Two - Install the Citrix Repeater

To insert the Citrix Repeater into the data flow, I simply performed the steps outlined in the Citrix Repeater Quick Installation Guide. This document comes with the product, or can be downloaded from the Citrix product download site(http://citrix.com/English/ss/downloads/index.asp in my case.

One note was that on the second page of this guide, the "Gateway" address referred to is the default gateway that is used by the management dialogs - not the default gateway for user traffic.

Then I added the licenses to the Repeater. The licensing process is driven by the "License Host ID" that is shown in the Repeater Management GUI. I found the details of this procedure in the Citrix Branch Repeater Licensing Guide, which was part of the product documentation set I downloaded.

Lastly, I set up the Signaling IP address. This is the Repeater-hosted IP address that the client-based repeater plug-in-in connects to in order to establish acceleration with the repeater appliance. This is discussed on page 7-84 of the Citrix Branch Repeater Family Installation and User's Guide document available from the product download section of the Citrix web site. This IP address is set in the Repeater GUI > Configure Settings > WANScaler Client panel. Note that this Signaling-IP must be enabled in the menu as well.

Step Three - Configure the NetScaler Access Gateway

In this step, I added the configuration elements to the NetScaler Access Gateway such that it would allow the Repeater to optimize the traffic to the XenDesktop infrastructure behind it. I used the instructions in the "Turbocharge Access Gateway" document which is available for download from: http://support.citrix.com/article/CTX121035.

Since I was using NetScaler Access Gateway Enterprise Edition, I used only Section 7 for the details of how this is done.

Section 9 of this handy document pertains to customizing the Repeater Client software - used at the remote user's laptop, etc. - in order to pre-populate the signaling IP address. In volumes, this is good to do for ease of distribution. Because mine was a simple, limited-user configuration, I chose to let the user customize the parameter after installing the Repeater Plugin.msi (from the Citrix product download site(http://citrix.com/English/ss/downloads/index.asp in my case) on their own.

Then they simply do the following:

• Open the Receiver and right click the Acceleration Plug-in in the list.
• Selecting Manage Acceleration will present a menu to specify the Signaling-IP address.

Also, since my configuration goes straight to the XenDesktop system and not to a landing page, updating the NavUI home page as discussed on page 25 in the above document, was not required.

Lastly, because the acceleration traffic policy set above breaks the Single Sign On process, I needed another Access Gateway Traffic Policy. This traffic policy causes Repeater-specific optimization to be bypassed for all http traffic sent to the XenDesktop Desktop Delivery Controller.

I simply repeated the steps on pages 18-19, but using SSO-Policy and SSO-Profile. The specific overrides will include:

• Policy -> DestIP == <IP address of DDC> Netmask 255.255.255.255
• Profile-> Protocol = HTTP; WanScaler = OFF

Then I bound the two policies to the Traffic section in the Virtual Server's Policies tab. There I made sure that the exclusion policy is set to a higher priority (lower numeric value) than that of the generalized traffic policy. This causes optimization to be turned OFF for http (the SSO traffic) requests to the Desktop Delivery Controller only.

Acceleration is performed, however for all other (TCP) traffic to the rest of the subnet because this traffic does not match the criteria of the first policy in the list.

Summary

In following the above steps, I quickly created a configuration which authenticated and accelerated user traffic to the XenDesktop virtualized environment.

Furthermore, using the Repeater Plug-in dialogs, the user can see the actual acceleration realized.

View Online | Add Comment

The best representation of this type of license is a service such as mobile phones. For years now consumers have paid for usage when it comes to mobile phone services. Starting with voice, you pay so much per month for each voice "minute" used. The currency can be different but typically the unit of measure is the same... minutes per currency. You don't own the network and you don't own the software that enables the voice traffic to traverse the many repeaters, routers and uplinks, but you still get the service... every month with a similar Service Level Agreement. This is a pay-as-you-go or pay-as-you-consume minutes model. This is a basic definition of Consumption Based Licensing.

The next phase of licensing in the mobile phone market was to set a "term" for usage. The phone company asked the consumer to pay a set amount based on a number of used minutes in a fixed number of months (usually a 12 or 24 month "term"). So the contract was a certain currency per month for a maximum number of voice minutes over a 12 or 24 month term. If the consumer used more than the allocated minutes, the usage reverted back to a pay-as-you-go model. Certainly the currency for usage for this "overage" was a premium because the usage was not a part of the "Term" contract.

Phone companies next introduced data services called "text messaging" which started once again in a pay-as-you-go (or consumption based) model. Each text message cost a certain amount of currency. Once the market became established a new contract was set in place again based on a term. For "n" number of text messages per month a fixed fee was allocated over a certain term (once again usually 12 or 24 months).

This service is a good representation for a consumption licensing model. The business implications of such a licensing model are not as straight forward. For instance a simple calculation of owning an asset versus renting it (or using it as it is consumed) carries some interesting implications. Take for instance the asset we call software. The government allows corporations to depreciate their assets as a portion of their costs. Assets (whether software or hardware) carry with them a schedule of depreciation that spans a term of time (usually between 3 to 5 years... sometimes longer). These assets are considered "capital" and are depreciated because they lose their value over time. The depreciated asset is a part of what most accountants would call the Capital Expense portion of a profit and loss statement.

Assets that are not owned (leased or rented) may not be depreciated because they are typically a monthly expense. These expenses become a part of the Operating costs of a business and are usually represented as an "operational expense". The advantage of purchasing assets versus renting or buying them is that the business can continue to use the asset even after it has been fully depreciated and so there is a tax benefit for the depreciation taken off of the balance sheet but the asset remains valuable all the way through its life even after being "fully" depreciated.

If all of this sounds complex... IT IS! The important thing to understand is that capital assets are fixed costs. They are an asset that is owned and the company that purchases the asset also purchases the liability of that asset (i.e. its depreciated or loss of value). When renting or leasing an asset the cost is variable in that it only hits the balance sheet during the period of use. In most cases this is month by month. Assets that are purchased in this way would be considered pay-as-you-go or consumption based.

Why is all of this accounting so important to running a business when you are considering consumption based licenses? Because the state of your business will often times dictate how you are going to pay for an asset. For instance, if you have a growing business and you are "cash poor" (not a good deal of cash in the bank) you may want to use a consumption model to pay for your assets and use the cash on hand for hiring additional people (expanding your payroll)... something you can't pay over extended periods of time. In this case, cash flow may in fact demand that you use a consumption model.

Another reason to use a consumption based pricing model is to insure your assets are on the Operational Expense side of your balance sheet. This allows you to show the asset as a cost on a monthly basis and not a depreciated cost over several years. You may save additionally on maintenance of that asset because you don't own it. If it becomes worn out or obsolete, you simply rent/lease the newer item.

All of this is to say that simple comparisons for costing capital based assets versus consumption based assets may not be valid unless you take into account all of the elements of the business. Cash flow, cost of currency (inflation), rapid growth and asset depreciation all must be considered when considering consumption versus capital models.

An example of this difference is the Microsoft SPLA program program. Assets (Microsoft software) that were once considered capital can now be relegated to the Operations Expense of a company by having third party hosting companies "rent" the software to you. Hosting companies in the CSP program work the same way CSP program.

View Online | Add Comment

In my January blog entry “Application delivery and the evolution of endpoints” I referenced how Citrix and VMware were starting to position themselves to be able to offer mobile hypervisors. At the time I suggested that while the technology did offer interesting opportunities, there was little immediate demand. However in light of one of the announcements from last week's RSA conference in San Francisco, it looks like I may have spoken too soon. Derek Brown and Daniel Tijerina’s announcement at RSA of the creation of an 7,800 node botnet consisting of both Android phones and jailbroken iPhones running their WeatherFist... Simon Bramfitt

There are two interesting trends going on in healthcare at this time (no, I am not talking about the current debate in congress). One is that we will see more and more healthcare providers use electronic medical records - a trend that is fueled by financial incentives through "stimulus money". The other is one of the consumerization of IT - specifically healthcare IT.
We see this trend in other areas as well - like employees using their personal cell phones of choice to access corporate email, or even bringing their personal laptops to work.
In healthcare, doctors are already heavy users of mobile technology - cell phones, smart phones, the ubiquitous pager etc. But today we're at a point where the consumer technology is good enough to be used for clinical purposes and can actually contribute to giving doctors a little bit of their free time and their personal life back.
Case in point: The patient calls their on-call doctor after hours with a rash or burn. In the old days, it would have required the physician to drive a possibly long distance to see the patient in order to recommend treatment. Today, she can simply ask the patient to take a picture of the ailment with a smart phone and simply email it over. In many cases, the image quality is good enough to recommend treatment and help the patient immediately.

This trend is obviously troublesome for healthcare administrators. Many actually recommend against their physicians employing "unapproved" avenues to make remote diagnosis out of fear of litigation and legal compliance violations. The dilemma is that both patients and doctors use technology out of convenience where it makes sense. It is against doctor's nature to hold back care if it is obvious how the patient can be helped right then and there.
However, I stipulate that this is actually nothing new.

• For a long time, doctors have consulted their patients over the phone and gathered enough information to diagnose and make a recommendation for treatment, so the digital information exchange actually reduces risk in many cases.
• The patients are the only rightful owner (note that I am not saying the only legal owner, this would be a different discussion) of their medical data. If they choose to share some of it over less than secure connections with their physician, it's their choice. In the age of social media and Internet-based commerce, people have become accustomed to giving up some privacy and security in exchange for faster and better service online.

So, can both groups - doctors and their patients on one side and privacy advocates, regulators, and lawyers on the other side be happy? Yes.
Some electronic medical record system vendors incorporate an internal, secure messaging feature that allows patients to communicate with their doctors and nurses directly, but through the established channels of an existing EMR implementation. In addition (or in lieu) of this capability, healthcare providers can use their smart phones, netbooks, tablets, home computers etc. to securely connect to their employers system to upload data, annotate patient notes in real time etc, check for potentially harmful allergies, etc. If the EMR implementation does not expose a fully functional web based user interface, both desktop and application virtualization technologies can make it so.
Instead of getting into the cold car and driving 50 miles through snow and ice to see a patient, the doctor on call can simply pause the movie on the living room TV, switch the set to the connected PC and securely connect to the patient's medical record, review pertinent information, write a prescription electronically (a must have under the proposed "meaningful use" criteria) and finally go back to being a private person. More personal life for caregivers, faster service for patients - enabled through technology.

Follow me on twitter: @florianbecker

View Online | Add Comment

BriForum 2010 will take place at the Chicago Hilton from June 15-17 this year. The regular registration price is $1495, although we're currently in the final few days of our early-bird promo where you can register for only $995. The early-bird rate...(read more)

Install, stream, host, Oh My!!! 

Many of you have heard me talk about the different ways to deliver applications into a virtual desktop: installing, streaming, hosting and VM-hosting.  As with all options in life, each one of these has their pros/cons.  However, I recently found a way to remove one of the cons out of the equation for installed applications.

Although we like to say "No" to installing applications, for some organizations and applications it might still makes sense. It is easier (because we are used to it), installing supports every application, and it gives the fastest application launch time compared to any other option.  My recommendation has been to install your common applications in your golden desktop image.  If everyone needs the applications, then just install it to give the users the fastest experience possible. 

Makes sense so far. But what about those applications that we want to run on the desktop but do not stream?  We would install them. But unfortunately, when you install an application into a desktop image, everyone who uses that image will see the application - D'oh!  This is probably not something most people will want to happen.  Why am I seeing this application if I don't need it? Most administrators when faced with this situation, would take the most logical course of action... Build a new desktop image for a particular group of users.  Sounds reasonable, but this now requires you to maintain a different image with additional locally installed applications.  The maintenance requirements starts to increase exponentially. 

BUT, what if you could use a single image and put all of your installed applications into that image while still allowing the users to see only what they need to see?  Seems like we could reduce the number of desktop images.  It is possible and it can be summed up in two works: Published Content.

Published Content is a little used feature in XenApp. Instead of publishing applications, you essentially publish content which are links, URLs, shortcuts.  If we publish a shortcut link to the installed application, we can determine which users will see icon.  When a user selects the icon, which is pointing to the executable file on the desktop, the application starts immediately.  And with the use of Dazzle, we can allow the users to configure their start menu with the icons as they see fit. 

Of course this doesn't do anything for those users who are smart enough to go searching on the local virtual desktop C: drive and can find the physical executable file.  But you can use Active Directory policies to disable certain users from executing certain applications.  (User Configuration - Administrative Templates - System - Don't run specified Windows applications)

Of course to set this up, you have to get the application installed, publish content, and set an Active Directory security policy. But once it is configured, you have one less desktop image to maintain and adding/removing users to a particular application just involves adding/removing users from a particular Active Directory group membership. 

Now you have another option in your bag of tricks.  Hope it helps

Daniel

Lead Architect - Worldwide Consulting Solutions
Follow Me on twitter: @djfeller
Blog for Next-Gen Desktop: Ask The Architect
Questions, then email Ask The Architect
Facebook Fan Page: Ask The Architect

View Online | Add Comment

Citrix just released Citrix Receiver for Windows 1.2 for download. Citrix Receiver for Windows together with the Citrix Merchandising Server is used to deliver enterprise computing as a service....

Citrix just released Citrix Receiver for Mac v1.2 for download! With Receiver for Mac, along with Citrix XenApp and Dazzle, you will be able to search for and run Windows apps as if they were locally installed on your Mac....

Citrix just released Citrix Dazzle 1.1.1 for download. Citrix Dazzle is a self-service ?storefront? for enterprise applications....

Citrix just released the Citrix Merchandising Server 1.2 virtual appliance for download. ...

The following Citrix support article describes how to deploy and configure HDX MediaStream for Flash....

Delivering desktops as a service to users anywhere is already a reality that can be easily implemented, and is precisely the solution for tackling the challenges that healthcare IT is facing today. Virtual computing can help you dramatically reduce costs, improve patient care and satisfaction, and enhance operational efficiencies to meet your organizational challenges head on. ...

Hogan Consulting Group, Inc, a privately owned IT solutions provider based out of Chesterton IN, is pleased to announce that it has attained Platinum status in the Citrix Solution Advisor Program. This promotion in partner status makes Hogan Consulting Group the only Platinum partner in Indiana. ...

Citrix just announced Citrix XenApp 6 will be available for download on March 24, 2010! XenApp 6 was purpose-built for Windows Server 2008 R2, XenApp 6 is packed with a slew of new features and enhancements for advanced management and scalability, a rich multi-media experience over any network and self-service applications on any device ? from PC to Mac to smartphone....

In the following special episode of DABCC TV, Douglas Brown walks you through the new DABCC Virtualization News Player for the iPhone and iPod Touch! ...

In the following special episode of DABCC Radio, Douglas Brown will walk you through the new DABCC Virtualization News Player for the iPhone and iPod Touch! ...

There have been a number of predictions that say that the Internet address space is going to run out either this year or next. And if you look at the numbers, then it looks like this might well happen soon. We all expect the Internet to see world wide adoption, with the biggest growth in Asia and Africa in the next 10 years. If we assume that "wide adoption" means that 20% of the world population have a device that they can use to connect to the internet, then we would need more than twice the number of /8 subnets than can be accommodated under the currently prevailing IPv4 addressing scheme (some say we'd need over 700 vs. the 256 available).

Traditionally, we have dealt with the shortage in IP addresses by creating private subnets (such as a company or home network) and arranging network address translation (NAT) at the edge. The level of separation between subnets and between each subnet and the wider Internet also provides an opportunity for inserting a firewall to provide more security. So, we have a way of putting off the event of running out of addresses and are doing it with a nice security advantage.

But we are using ever more devices that require a direct connection to the Internet. For example, the number of mobile phones with browsers has exploded. Consumer devices such as games consoles are expected to communicate with others across the globe and from anywhere. A number of innovations in industry, retail, and transport sectors involve devices that can interact with others, and thus require an IP address.

The only solution to the problem is to substantially increase the address space, and IPv6 [RFC 1752] is the way to do this. IPv6 was developed into a standard between 1995 and 2006. In 2007, the OECD produced a ministerial background report on the economic considerations of a switch from IPv4 to IPv6. It identified the need for government action, and acknowledged that there would be a significant costs associated with a switch of this kind. And the benefit from the switch: the Internet keeps working ... without brown-outs ... but without any new features that can be sold to customers to help pay for the huge necessary investment. No wonder that Internet Service Providers are dragging their feet.  And enterprise network managers are equally worried, because renumbering a network is about the most frightening thing for them to undertake: it will break all sorts of things that cannot be predicted. In a period of economic slowdown, such jobs get put off. This state of affairs makes government action and legislation the most likely drivers for IPv6 adoption.

There are also many rumours and stories abound on the differences between IPv4 and IPv6 . I found chapter 2 in "Global IPv6 Strategies: From Business Analysis to Operational Planning" very well written. And it is available for you to read online here. If you are interested in the history of IPv6, the drivers for the change from IPv4 and a clear explanation of how IPv6 will deal with routing, multi-homing, plug and play autoconfiguration, quality of service, mobility, security, and renumbering, then I would thoroughly recommend you take a look at chapter 2 in this book.

 OECD report: http://www.oecd.org/dataoecd/7/1/40605942.pdf

RF 1752   http://www.ietf.org/rfc/rfc1752.txt

"Global IPv6 Strategies: From Business Analysis to Operational Planning", chapter 2 "IPv4 or IPv6 - Myths and Realities": http://media.techtarget.com/searchNetworking/downloads/IPv4_or_IPv6.pdf

View Online | Add Comment

Citrix today announced Citrix XenApp 6.. XenApp 6 offers major new enhancements that simplify computing for IT, including easier central management, enhanced enterprise scalability and seamless integration with Microsoft technologies like App-V and Windows Server 2008 R2. XenApp......

UniPrint today launched UniPrint Version 7.0. Incorporating an enhanced printer driver, UniPrint Version 7.0 significantly improves overall printing quality, speed, manageability and security for Windows and Mac users working in a 32- or 64-bit physical or virtual desktop environment. ...

?I?m extremely happy to announce the release of the DABCC Virtualization News Player for the iPhone or iPod Touch for download from Apple?s App Store!? ? Doug Brown...