Monthly Archives: April 2013

Monitoring Hyper-V with Veeam One

I’m a huge fan of using Operations Manager for monitoring infrastructure, but in many cases, it’s just overkill.
However, I’m also a huge fan of Veeam, which has the right solution in place for the job, Veeam One.

Now veeam one which recently came out in version 6.5 allows you to monitor Vmware and Hyper-V infrastructure (with support for the latest version vSphere 5.1 and Hyper-V 2012)
It also allows for integration with Veeam backup and replication from the same console.

And it is pretty straightforward, it consist of the Veeam one server, which contains the database, and the server components which collects the data and does all the calculations and reports.
Then you have the Web UI, which is used to create reports against the one server. Then you have the Monitor Client which is the primary tool you are going to use to setup your infrastructure and this is the tool you are going to be using when adding your virtual infrastructure.

Now before you install these components check the firewall, there are some ports that you need to open

The installation is super easy and it installs all the prerequisites needed and SQL express as well,
After everything is installed you open the Veeam One Monitor client.

Make sure that the user are using to start the console with has rights on the Veeam One administrator or Veeam One users group on the veeam one server.

From here click client settings -> and enter the name of the veeam one server. After that is connected you can right click on virtual infrastructure and choose add server.

So in my case I have only hyper-v,

Next define a user which has admin access on the hyper-v server and choose connect.
So almost instant is starts gathering data about the server and the VM’s running on it.

You also have console access directly from this console.

It also comes equipped with many default alarms, which you can adjust, you can also make it send e-mail notifications or trigger a script or have it do multiple steps.

So a pretty easy and straight forward deployment of a complete monitoring solution for hyper-v and Vmware with the possibility of integration with Veeam Backup & Replication.

Customizing Storefront Interface for a stormtrooper

Since Citrix is going to kill of its previous web interface (version 5.4) solution, which is End of Maintance in 2014 (But hasn’t come with a new release since 2011) This is going to be replaced with StoreFront.
Storefront is also a part of Cloud gateway and is a key part of the remote access solution for Citrix.
And in Web Interface 5.4 we had huge options for customization, and therefore we have to explore the options we have with Storefront as well.

So this is how the default GUI looks like. Just like the Citrix receiver looks like but does not always fit everyone’s need.
So let’s go customizing. First of let’s declare where we can find the config files.

The web interface is installed by default in C:inetpubwwwrootcitrix(“nameofstorefrontweb”)
And it contains numerous folders.

And as with web interface a lot can be done in the web.config file, like for instance define a path to Receiver clients.

And if you open default.html you can change the title and which JS and CSS the site uses.

So in order to change something the easiest way to find out it so use Internet Explorer and fire up developer tools or Chrome (Or Firefox with Firebug) (Since it makes it easier to inspect elemets).

This will show you what attribute is connected (if it is added by CSS or by a media file) but what I can start with is to change the background image, which is located in the “media” folder. First of the image bg_bubbles is the image file that is used in the background. Therefore, I downloaded a star wars image, changed its name to bg_bubbles.jpg, and changed the name of the previous one in the images folder. Make also note that a lot of the media is also contained in the uiaareas folder as well.

There much better! J

Now I wish to change the text that is displayed in the attributes domainuser is not particular useful.
Go to the inetpubwwwrootCitrixAuthenticationApp_Dataresources and look in the ExplicitCommonsForms.resx and you can alter the value.

So now let’s add some customization to the CSS file under contrib and customstyle.css
First advice as I said before use Firefox + Firebug, Chrome or IE with Developer tools to find what CSS container you need to change.

If we wish to change the logontext add this to your customstyle.css

/* Logon text color, alignment and size. */ #logonbox-logonform label{

color:red;

display:table-cell;

font-size:20px;

height:20px;

vertical-align:bottom;

}

Now if we wish to change the logo that appears when authenticating on the left side we have to go to the inetpubwwwrootCitrixMinWebuiareasAuthenticationmedia folder and change the logo_notagline picture
Not really pretty but It works.

Customizing Storefront Interface for a stormtrooper

Since Citrix is going to kill of its previous web interface (version 5.4) solution, which is End of Maintance in 2014 (But hasn’t come with a new release since 2011 ) This is going to be replaced with StoreFront.
Storefront is also a part of Cloud gateway and is a key part of the remote access solution for Citrix.
And in Web Interface 5.4 we had huge options for customization, and therefore we have to explore the options we have with Storefront as well.

So this is how the default GUI looks like. Just like the Citrix receiver looks like but does not always fit everyone’s need.
So let’s go customizing. First of let’s declare where we can find the config files.

The web interface is installed by default in C:inetpubwwwrootcitrix(“nameofstorefrontweb”)
And it contains numerous folders.

And as with web interface a lot can be done in the web.config file, like for instance define a path to Receiver clients.

And if you open default.html you can change the title and which JS and CSS the site uses.

So in order to change something the easiest way to find out it so use Internet Explorer and fire up developer tools or Chrome (Since it makes it easier to inspect elemets). This will show you what attribute is connected (if it is added by CSS or by a media file) but what I can start with is to change the background image, which is located in the “media” folder. First of the image bg_bubbles is the image file that is used in the background. Therefore, I downloaded a star wars image, changed its name to bg_bubbles.jpg, and changed the name of the previous one in the images folder. Make also note that a lot of the media is also contained in the uiaareas folder as well.

There much better! J

Now I wish to change the text that is displayed in the attributes domainuser is not particular useful.
Go to the inetpubwwwrootCitrixAuthenticationApp_Dataresources and look in the ExplicitCommonsForms.resx and you can alter the value.

So now let’s add some customization to the CSS file under contrib and customstyle.css
First advice as I said before use Firefox + Firebug, Chrome or IE with Developer tools to find what CSS container you need to change.

If we wish to change the logontext add this to your customstyle.css

/* Logon text color, alignment and size. */ #logonbox-logonform label{

color:red;

display:table-cell;

font-size:20px;

height:20px;

vertical-align:bottom;

}

Now if we wish to change the logo that appears when authenticating on the left side we have to go to the inetpubwwwrootCitrixMinWebuiareasAuthenticationmedia folder and change the logo_notagline picture
Not really pretty but It works.

Changing base URL on Citrix Storefront

When setting up storefront for the first time you might forget to bind it to a certificate and make it over HTTPS.

So If you get a certificate and wish to change this to HTTPS later you have no visual options to change this.
You have to run a PowerShell script to change this. First, you have to alter the site binding on the IIS manager and allow for https traffic and bind it to a certificate.

Then you have to open a PowerShell promt as administrator à
Then run the set-executionpolicy unrestricted

Then run the script SetHostBaseUrl.ps1 from the folder C:program filescitrixreceiver storefrontscripts
And this script requires so-called ‘dot-sourcing’ so you have to type the command as

. .sethostbaseurl.ps1 “https://nameoftheurl.domain.domain”

After this is done you can refresh the Storefront console and voila!

Study Resources for 70-415 and 70-416

If you are planning (as myself) to go for the MSCE Desktop Infrastructure there is some core technologies that you need to be pretty familiar with.

* WDS 2012
* Configuration Manager 2012
* MDT 2012
* USMT 2012
* RDS + RemoteFX 2012
* WSUS 2012
* MAP 8
* App-V 5
* GPO

and how these solutions integrate with each other.
The exam is pretty much based around how to deliver a desktop or an application to the end-user with the technologies I mentioned above.
So here you will find some links to download and some resources I self-found useful

MDT 2012
http://technet.microsoft.com/en-us/solutionaccelerators/dd407791.aspx

MAP (Is pretty much a agentless monitoring solution to see the usage of specific applications and see if your infrastructure is ready for migrate to the cloud or new versions of Windows)
http://technet.microsoft.com/en-us/solutionaccelerators/dd537566.aspx

Configuration Manager 2012
http://technet.microsoft.com/en-us/library/gg682129.aspx (Technet site)
https://msandbu.wordpress.com/tag/sccm-2012/ (I also have numerous posts around the subject)
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/ (Niall Brady also has a lot of guides you can find here)
http://technet.microsoft.com/en-us/library/hh397288.aspx (Management of Boot Images)
http://technet.microsoft.com/en-us/library/gg712266.aspx (Deployment PXE)
http://technet.microsoft.com/en-us/systemcenter/bb741049.aspx (SCUP 2011)
http://blogs.technet.com/b/ptsblog/archive/2011/06/17/private-cloud-management-with-vmm-2012-part-3-adding-an-update-server-and-enable-orchestrated-update-management.aspx (Baseline with VMM 2012)

WDS 2012
http://technet.microsoft.com/en-us/library/hh974416.aspx (What new in 2012)

APP-V
http://blogs.technet.com/b/keithmayer/archive/2013/01/04/managing-app-v-5-virtual-applications-with-system-center-2012-configuration-manager-service-pack-1.aspx#.UXDX_LUo59U
http://technet.microsoft.com/en-us/windows/hh826068.aspx

WSUS
http://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx (Different deployment types.

RDS 2012
http://technet.microsoft.com/en-us/library/hh831447.aspx
http://blogs.msdn.com/b/rds/archive/2012/11/13/easier-user-data-management-with-user-profile-disks-in-windows-server-2012.aspx (User Profile disks)
http://blogs.msdn.com/b/rds/archive/2012/11/26/remotefx-features-for-windows-8-and-windows-server-2012.aspx (RemoteFX)
http://technet.microsoft.com/en-gb/library/ff817609%28v=ws.10%29.aspx (More RemoteFX)
http://social.technet.microsoft.com/wiki/contents/articles/7263.customizing-rd-webaccess.aspx (Customizing RDweb)
http://www.microsoftvirtualacademy.com/training-courses/windows-server-2012-virtual-desktop-infrastructure (VDI in Windows Server 2012)

ACT 5.6
http://www.microsoft.com/en-us/download/details.aspx?id=7352

Bitlocker Windows 8
http://technet.microsoft.com/en-us/library/hh831412.aspx (What’s new)

Credential Roaming
http://social.technet.microsoft.com/wiki/contents/articles/11483.credential-roaming.aspx
www.grouppolicy.biz/2012/03/how-to-configure-a-primary-computer-a-k-a-msds-primarycomputer-property-in-windows-8/ (Primary User in Windows 20212)

Working with ImageX
http://technet.microsoft.com/en-us/library/cc749490%28v=ws.10%29.aspx

Event Viewer
http://technet.microsoft.com/en-us/library/cc749408.aspx

Virtual Machine Servicing Tool
http://www.microsoft.com/en-us/download/details.aspx?id=30470

 

General Availability for Microsoft Azure IaaS

Microsoft just announced general availability of its IaaS solution on Microsoft Azure. Which allows you to host Virtual Machine in Azure.
In addition, this opens for more for a lot more possibilities for a hybrid cloud solutions think of the possibilities you have if you could migrate virtual machines to Azure when you are doing maintance or when you just do not have any resources available locally.
You can sign up for a free trial at 90 days -> microsoftazure.com to try it yourself

So what else is new in the Azure front?
Microsoft also announced some more exciting news.

  • New VM Image Templates (including SQL Server, BizTalk Server, and SharePoint images)
  • New VM Sizes (including Larger Memory Machines)
  • New VM Prices (we’ve reduced prices 21%-33% for IaaS and PaaS VMs)

I have also written before about how to manage Windows Azure trough PowerShell https://msandbu.wordpress.com/2013/01/09/managing-windows-azure-via-windows-powershell/
Windows Azure as Disaster Recovery Solution à
https://msandbu.wordpress.com/2013/04/08/disaster-recovery-as-a-service-meet-azure/
And Integration with Orchestrator à
https://msandbu.wordpress.com/2012/10/24/azure-integration-pack-for-sp1-beta/

And Microsoft has also created a new management pack for deep monitoring on Azure resources including Virtual Machines. So these are truly exciting times.
One of the largest telecom company in the world (Telenor) which is primarily located in Norway has already embraced IaaS on Microsoft Azure; you can read more about how they used the cloud.
http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=710000002349

now in order to bridge the gap between your local cloud and the public cloud you need some form of gateway.
Citrix has recently announced that its platform Cloud gateway with added support for Azure, this allows you to bridge your Azure cloud with your private cloud.
https://www.citrix.com/downloads/cloudbridge/betas-and-tech-previews/cloudbridge-azure-integration
(Note that this requires mycitrix login) This technology uses an IPsec tunnel to encrypt data back and forth and is transparent to all applications running over it.

Cloudbridge can be bought as an separate applicance or as a part of Netscaler.

System Center Advisor and Operations Manager

Microsoft recently announced that System Center Advisor (A cloud service) was going to be free of charge.
For those that do not know what System Center Advisor is, it is as I said a cloud service powered on Azure and SQL. It consists of a web service, which communicates with agents through a gateway server.

So the agents and the gateways are installed in your infrastructure. And it can monitor the following workloads.
The following workloads are analyzed:

  • Windows Server 2012 and Microsoft Hyper-V Server 2012 (new in March 2013)
  • Windows Server 2008 and 2008 R2:
    • Active Directory
    • Hyper-V Host
    • General operating system
  • SQL Server 2008 and later
    • SQL Engine
  • Microsoft SharePoint 2010 and later (new in V1.1)
  • Microsoft Exchange Server 2010 and later (new in V1.1)
  • Microsoft Lync Server 2010 (new in November 2012)

So is it an alternative to Operations Manager or an Extension? It provides you with information about best practice and gives you access to current and historical configuration data as well as reducing downtime by proposing improvements and notifying you of updates.
It is not a real-time monitoring solution since it by default uploads data every 24-hours.

To start with Advisor is straight forward just go to à
https://www.systemcenteradvisor.com/ and create an account.
From the portal on the right side à Setting up System Center Advisor

And from there download the setup file and the certificate

And start the setup

And specify which component you would like to install

And after the installation is complete you have to specify the certificate which the gateway uses to authenticate with the web service

(or if you need to specify a proxy server for connection)
After you have installed a Gateway and an agent on server which fits the requirements for a supported workload you can log into the console and see which agents are connected from the gateway.

In case you wish to alter the upload frequency, you need to alter some registry keys.
http://onlinehelp.microsoft.com/en-us/advisor/hh442889.aspx

Now in order to integrate this with Operations Manager you need to apply the Operations Manager 2012 SP1 Update Roll Up 2 which you can download here à
http://support.microsoft.com/kb/2802159
This makes it a lot easier to deploy because now you do not require manual certificate installation or separate agent & gateway downloads.

Therefore, after you have updated your environment to RU2 you can install the Advisor Connector (which you can download from here à
http://www.microsoft.com/en-us/download/details.aspx?id=38199
So after you have downloaded the file from Microsoft ( It is basically just some Management Packs that you need to import )

After that is done you have to restart the console, and a new option should appear under Administration à

From here we have to setup a connection in case we don’t have an active account on System Center Advisor.

After that is done all you have to do is add a computer that supports the workload that Advisor analyzes.

And the alerts will appear in the Monitoring tab under System Center Advisor



 

Software restriction on Terminal Servers

So a friend on mine asked me yesterday if it was possible to disable users from running *.exe files from the local user profile on the terminal server?
And my quick response was yes this is possible!
But what options do we have?

Microsoft has numerous options out-of-the-box for locking down the environment through group policy, the first policy that comes into mind is
“Don’t run specified Windows Applications” which allows you to make a list of executables which users are not allowed to run.

It this good enough?
Nah, users can easily change the name of the executable and it would still work, and you would also have to maintain the list of executeables. Then it might be the case of some executables having the same name as other
normal executables.

Then you have Applocker, where you can define file paths, hash of a file name or the publisher of a executable which you don’t want the user to use. An example if you wish to block dropbox for a user.
I could use the file path option what nothing blocks the user from moving it another folder I define. I could for example block the whole C: drive but in case the user maps up his/hers local drives im still screwed.
NOTE: Before you start using Applocker you need to start the service Application Identity (It is not automatically started)

If you want to do this on a local computer to try you can open secpol.msc

And from here right click on Executable Rules -> First create the default rules, this will create all the allow rules and then you can start creating the other rules for the endusers.
For the case of Dropbox, I have it installed on my computer and I wish to create a publisher rule for deny that software from running.
Right click on executable and create new rule.

Here you define who and if they are allowed or denied. (I just used everyone here but you should use a more scoped down group like “remote desktop users”)
Click next à
Here I define conditions

I could use a path but as I described earlier a user could move the executable around, but I could use file hash as well (This is useful for non-digital verified publishers)
But for a case such as dropbox which comes around with a update now and then it changes the file hash completely.

So I select publisher à And I find my executable
Funny thing is that Dropbox by default installs in Roaming folder of the user.

So now I have my rule

I could drag the slider upwards so it would stop all executables from just the publisher and not look for product name or file name and version

Be careful so you don’t drag it all the way up to “any publisher” since this will block everyone from using any executable which has a publisher Its executable.

In case you need more flexible security for your users workspace environment I would suggest taking a look on RES or AppSense

Disaster Recovery As A Service ? Meet Azure

Microsoft has done a lot of work behind the concept «Cloud OS» which is a term for Windows Server 2012 and as the name implies it has a lot of integration to Azure.
As a standard function in Windows Server you have the ability to do backup directly to Azure (Using Windows Server Backup) you can also do this by using Data Protection Manager in Service Pack 1 or via Windows Server Essentials.
This allows you do automate backup jobs to Azure, but what is it missing?

Sure, you can backup data to Azure but you need a disaster recovery solution, which allows you to start up if your primary site dies.
Then meet Hyper-V Recovery Manager!
http://www.windowsazure.com/en-us/home/features/recovery-services/

This is a new feature, which is in preview in Azure, which allows for automated and orchestrated replication of VMs from a hyper-v 2012 cluster to Windows Azure.
The ongoing asynchronous replication of each VM is provided by Windows Server 2012 Hyper-V Replica and is monitored and coordinated by Hyper-V Recovery Manager and integrates with System Center Virtual Machine Manager SP1.

Right now this feature is not public available so if you cannot sign up for it
If you would like to be considered for this program please complete the Microsoft survey located here

Countdown to Veeam V7 and news for Windows Server and Veeam MP

Veeam recently just announced that there are more awesome features that will be available in B&R Version 7 (Which is going to be available Q3 2013) Which are vPower and Virtual Lab. These features have been available for a while but just not for Hyper-V just Vmware, but it seems that Veeam sees that Hyper-V is become more and more popular.

* vPower (Is a feature that allows you to power up a vm directly from the backup repository ) This allows for VMs to be up and running in a short amount of time ( The picture below shows an illustration of how it works)

* Virtual Lab (Is an extension to vPower, which allows you to boot a vm directly into a closed environment, which is not connected to the regular corp network. Let’s think that you need to do a boot of a backup of Exchange, in that case you would need your domain controller as well, then you can boot both of them into a closed environment and fetch out the data you needed to restore (or you could use SureBackup, U-AIR or on demand sandbox

Also, Veeam just announced a new version of it’s managmenet pack for System Center Operations Manager in version 6.
Which includes support for Windows Server 2012, Vmware vSphere 5.1 and System Center 2012 SP1, the release includes loads of new dashboards, widgets, trend and utilization reports to give a deeper knowledge of your infrastructure.

You can read more about what’s new here à

http://bit.ly/10I5s96