BriForum 2010 will take place at the Chicago Hilton from June 15-17 this year. The regular registration price is $1495, although we're currently in the final few days of our early-bird promo where you can register for only $995. The early-bird rate...(read more)

This is the final installment in our series of articles about Hype-V security. Thus far, we have looked at how to configure Hyper-V security using Authorization Manager and how to use Hyper-V and Authorization Manager together for maximum security. This article will explain in greater detail how to secure Hyper-V Server and virtual machines using Authorization Manager and best practices. It will focus on Hyper-V security best practices and provide an example of Hyper-V security using Authorization Manager.

Ben Armstrong a.k.a. "Virtual PC Guy" explains which files make up a virtual machine and where virtual machine files are stored.

Install, stream, host, Oh My!!! 

Many of you have heard me talk about the different ways to deliver applications into a virtual desktop: installing, streaming, hosting and VM-hosting.  As with all options in life, each one of these has their pros/cons.  However, I recently found a way to remove one of the cons out of the equation for installed applications.

Although we like to say "No" to installing applications, for some organizations and applications it might still makes sense. It is easier (because we are used to it), installing supports every application, and it gives the fastest application launch time compared to any other option.  My recommendation has been to install your common applications in your golden desktop image.  If everyone needs the applications, then just install it to give the users the fastest experience possible. 

Makes sense so far. But what about those applications that we want to run on the desktop but do not stream?  We would install them. But unfortunately, when you install an application into a desktop image, everyone who uses that image will see the application - D'oh!  This is probably not something most people will want to happen.  Why am I seeing this application if I don't need it? Most administrators when faced with this situation, would take the most logical course of action... Build a new desktop image for a particular group of users.  Sounds reasonable, but this now requires you to maintain a different image with additional locally installed applications.  The maintenance requirements starts to increase exponentially. 

BUT, what if you could use a single image and put all of your installed applications into that image while still allowing the users to see only what they need to see?  Seems like we could reduce the number of desktop images.  It is possible and it can be summed up in two works: Published Content.

Published Content is a little used feature in XenApp. Instead of publishing applications, you essentially publish content which are links, URLs, shortcuts.  If we publish a shortcut link to the installed application, we can determine which users will see icon.  When a user selects the icon, which is pointing to the executable file on the desktop, the application starts immediately.  And with the use of Dazzle, we can allow the users to configure their start menu with the icons as they see fit. 

Of course this doesn't do anything for those users who are smart enough to go searching on the local virtual desktop C: drive and can find the physical executable file.  But you can use Active Directory policies to disable certain users from executing certain applications.  (User Configuration - Administrative Templates - System - Don't run specified Windows applications)

Of course to set this up, you have to get the application installed, publish content, and set an Active Directory security policy. But once it is configured, you have one less desktop image to maintain and adding/removing users to a particular application just involves adding/removing users from a particular Active Directory group membership. 

Now you have another option in your bag of tricks.  Hope it helps

Daniel

Lead Architect - Worldwide Consulting Solutions
Follow Me on twitter: @djfeller
Blog for Next-Gen Desktop: Ask The Architect
Questions, then email Ask The Architect
Facebook Fan Page: Ask The Architect

View Online | Add Comment

Citrix just released Citrix Receiver for Windows 1.2 for download. Citrix Receiver for Windows together with the Citrix Merchandising Server is used to deliver enterprise computing as a service....

Citrix just released Citrix Receiver for Mac v1.2 for download! With Receiver for Mac, along with Citrix XenApp and Dazzle, you will be able to search for and run Windows apps as if they were locally installed on your Mac....

Citrix just released Citrix Dazzle 1.1.1 for download. Citrix Dazzle is a self-service ?storefront? for enterprise applications....

Citrix just released the Citrix Merchandising Server 1.2 virtual appliance for download. ...

The following Citrix support article describes how to deploy and configure HDX MediaStream for Flash....

Delivering desktops as a service to users anywhere is already a reality that can be easily implemented, and is precisely the solution for tackling the challenges that healthcare IT is facing today. Virtual computing can help you dramatically reduce costs, improve patient care and satisfaction, and enhance operational efficiencies to meet your organizational challenges head on. ...

Hogan Consulting Group, Inc, a privately owned IT solutions provider based out of Chesterton IN, is pleased to announce that it has attained Platinum status in the Citrix Solution Advisor Program. This promotion in partner status makes Hogan Consulting Group the only Platinum partner in Indiana. ...

Citrix just announced Citrix XenApp 6 will be available for download on March 24, 2010! XenApp 6 was purpose-built for Windows Server 2008 R2, XenApp 6 is packed with a slew of new features and enhancements for advanced management and scalability, a rich multi-media experience over any network and self-service applications on any device ? from PC to Mac to smartphone....

In the following special episode of DABCC TV, Douglas Brown walks you through the new DABCC Virtualization News Player for the iPhone and iPod Touch! ...

In the following special episode of DABCC Radio, Douglas Brown will walk you through the new DABCC Virtualization News Player for the iPhone and iPod Touch! ...

There have been a number of predictions that say that the Internet address space is going to run out either this year or next. And if you look at the numbers, then it looks like this might well happen soon. We all expect the Internet to see world wide adoption, with the biggest growth in Asia and Africa in the next 10 years. If we assume that "wide adoption" means that 20% of the world population have a device that they can use to connect to the internet, then we would need more than twice the number of /8 subnets than can be accommodated under the currently prevailing IPv4 addressing scheme (some say we'd need over 700 vs. the 256 available).

Traditionally, we have dealt with the shortage in IP addresses by creating private subnets (such as a company or home network) and arranging network address translation (NAT) at the edge. The level of separation between subnets and between each subnet and the wider Internet also provides an opportunity for inserting a firewall to provide more security. So, we have a way of putting off the event of running out of addresses and are doing it with a nice security advantage.

But we are using ever more devices that require a direct connection to the Internet. For example, the number of mobile phones with browsers has exploded. Consumer devices such as games consoles are expected to communicate with others across the globe and from anywhere. A number of innovations in industry, retail, and transport sectors involve devices that can interact with others, and thus require an IP address.

The only solution to the problem is to substantially increase the address space, and IPv6 [RFC 1752] is the way to do this. IPv6 was developed into a standard between 1995 and 2006. In 2007, the OECD produced a ministerial background report on the economic considerations of a switch from IPv4 to IPv6. It identified the need for government action, and acknowledged that there would be a significant costs associated with a switch of this kind. And the benefit from the switch: the Internet keeps working ... without brown-outs ... but without any new features that can be sold to customers to help pay for the huge necessary investment. No wonder that Internet Service Providers are dragging their feet.  And enterprise network managers are equally worried, because renumbering a network is about the most frightening thing for them to undertake: it will break all sorts of things that cannot be predicted. In a period of economic slowdown, such jobs get put off. This state of affairs makes government action and legislation the most likely drivers for IPv6 adoption.

There are also many rumours and stories abound on the differences between IPv4 and IPv6 . I found chapter 2 in "Global IPv6 Strategies: From Business Analysis to Operational Planning" very well written. And it is available for you to read online here. If you are interested in the history of IPv6, the drivers for the change from IPv4 and a clear explanation of how IPv6 will deal with routing, multi-homing, plug and play autoconfiguration, quality of service, mobility, security, and renumbering, then I would thoroughly recommend you take a look at chapter 2 in this book.

 OECD report: http://www.oecd.org/dataoecd/7/1/40605942.pdf

RF 1752   http://www.ietf.org/rfc/rfc1752.txt

"Global IPv6 Strategies: From Business Analysis to Operational Planning", chapter 2 "IPv4 or IPv6 - Myths and Realities": http://media.techtarget.com/searchNetworking/downloads/IPv4_or_IPv6.pdf

View Online | Add Comment

Citrix today announced Citrix XenApp 6.. XenApp 6 offers major new enhancements that simplify computing for IT, including easier central management, enhanced enterprise scalability and seamless integration with Microsoft technologies like App-V and Windows Server 2008 R2. XenApp......

UniPrint today launched UniPrint Version 7.0. Incorporating an enhanced printer driver, UniPrint Version 7.0 significantly improves overall printing quality, speed, manageability and security for Windows and Mac users working in a 32- or 64-bit physical or virtual desktop environment. ...

?I?m extremely happy to announce the release of the DABCC Virtualization News Player for the iPhone or iPod Touch for download from Apple?s App Store!? ? Doug Brown...

We've heard it loud and clear that most XenDesktop implementations are based on either totally new Citrix implementation based on XenDesktop implementation and/or existing XenApp environments that are adding XenDesktop, whether based on XenDesktop for a distinct group of pilot users or presenting XenApp hosted apps through XenDesktop....

Today, CA announced that they have agreed to acquire Nimsoft for $350 USM (an all cash deal). Given their recent acquisition of 3Tera, it doesn't take a brain surgeon to see that Nimsoft is another piece to their cloud playbook. It appears that CA is positioning itself to be a big player in cloud management. Nimsoft -- for those who don't know -- has software that monitors service providers.

Why would you want to monitor service providers? After all, doesn't the cloud obfuscate the service details and thus doesn't need monitoring tools?

Uhhhh, no. 

Although cloud allows IT organizations to externalize applications and workloads, providers still need to be monitored to ensure they are meeting service levels including performance, availability, security, chargeback, etc. Furthermore, the idea of transparency in the cloud is a bit of a myth. Customers really do need to know the vendor's underlying infrastructure so they can make intelligent decisions about whether or not the service provider can meet the application's requirements, avoid data management issues, be available, ensure security, etc.

So these moves (3Tera and Nimsoft) is about CA putting the pieces together to build a comprehensive suite to manage the cloud holistically, i.e. discover, monitor, configure, update, diagnose, provision internal and external cloud resources.

Now, it isn't all unicorns and rainbows. CA has a lot of work to do to integrate these pieces into a product suite (step 1) and convince customers that heterogeneous cloud management is the way to go (step 2) and is still missing a few ingredients (step 3)...because they are absolutely going to experience some competition in the cloud management arena. The virtualization vendors, cloud providers, and cloud brokers will also be moving to manage the cloud. Many of these potential competitors bring a lot to the table including "iTunes" like repositories of pre-configured workloads allowing users to easily spawn new services into the cloud, some have a stranglehold on the virtualization management space, some have large, established user-bases, others have ability to more than management services into the equation.

Should be fun to watch this space because it's a key area in the maturation of cloud computing.

[posted by: Drue Reeves]