Monthly Archives: September 2013

XenDesktop 7 and Configuration Manager (Project Loki)

With the release of XenDesktop 7 I was eager to see if there were any integrations with Configuration Manager, but no not yet….
Citrix also recently released an update to the Configuraiton Manager connector (Project thor) and there it was announced that Citrix is wokring on a new project called Loki, which is a connector between XenDesktop 7 and Configuration Manager!

You can see it here –> http://blogs.citrix.com/2013/09/25/getting-started-with-the-xenapp-sccm-connector-youll-find-this-useful/#comment-111648

Will this allow you to use the App-V capabilities from within Configuration Manager to XenDesktop instead of having a standalone App-V enviroment ?

Looking forward to it!

Creating a virtual network for Virtual Machine Manager

This is going to be a long one, and I want it done properly! Smilefjes Since I have seen multiple blogs containing the same recipe over and over again on how to setup networking within Virtual Machine Manager I have yet to see a blog post that actually describes and shows how it all links together, yeah everyone can create a network within VMM and describe how to do it but to show the “big picture” is something else.

So the things I am going to go trough.
1: Logical Networks
2: VM Networks
3: Port profiles and Port Classifications (Uplinks and how to attach VLANs to a host)
4: Logical Switch and NIC Teaming
5: The Big Picture how it is all linked together.
 
Lets start with the first things first, the Logical Network.
Logical Network is a container. When you create a logical Network you need to create Network Sites within it. Network Sites might be different locations or depending on the site of your company different networks.

For instance I can create a Logical Network called Sandbu, within it I have 3 sites, which will be for my different networks. Within these sites I need to attach all my VLANs which I need on my virtulization hosts.
Important to note that I do not attach a logical network to something, but  I attach my network sites to a host group or multiple host group.  I can also create an IP-pool from each VLAN I associate with each of the Network Sites. In my case I only needed an IP-pool for where my Virtual Machines are going to be placed, the rest will be using DHCP. The IP-pool is associated with a VLAN, so when I want to provision my VMs I can use from the IP-pool which the VMM maintains or I can use DHCP. The overview will look like this.

image

So what actually happens to the hyper-v hosts when I attach a network site to the host groups ? Not much actually, the hosts get the site “linked” to them, so when I go to Hardware of the host and look on the Network Adapters I can see that my newly created network site appears under.
image

This is because I linked the network site to the host group this host resides in.
What happens if I associate a logical network with the sites to this host ?
Not much, it limits the host to the use of these VLANs if I for instance wanted to create a network switch.

image

Ill leave it at that at the moment.
Now we have created a logical network, attached network sites added VLANs and created a IP-pool of adresses. Next we need to create VM Networks.
VM Network are virtual network which are networks useable for virtual machines or virtual nic who are part of a NIC team.

Since our network sites are VM traffic, Storage and management which will all go trough the a virtual NIC and trough a switch we need to create VM Networks for them.
After we have created the VM networks for each VLAN.

So in my case I need to create three networks, one for virtual machines, one for management and one for storage. Important to note that VM networks are associated with a VLAN within a network site. Here I can now create a vm network for my virtual machines from the network site I created earlier with an IP-pool.

image

Now since the VM networks are linked to the Logical Networks, and the Logical Networks are linked to the Host groups the hosts will have them as well. We can see this when we try to edit the network settings of a virtual machine on one of the hosts.

Now since I have three VM networks I can choose from each of them.

image

I have three VM networks to choose from in my case. I can also create a hardware profile which uses the VM network by default so I dont have to change network settings each time.

Now the next parts are port profiles and port classifications.
Port Classifications
are just to describe a virtual port profile (even thou you can not link it directly, you can only link it when you create a logical switch)
So when we create a port classifications this is all we do

image

Note there are alot of predefined port classifications here as well.
Next is the port profiles.
There are two types of port profiles. One is an Uplink Port Profile (Which is actually a profile for how to setup NIC teaming)  Here we select what kind of NIC teaming we want.
image

Uplink Port Profiles are also linked to a Network Site. If we want the three network sites trunked via the Uplink Port (NIC teaming) we need to add all sites.

And the other port profile is virtual network adapter port profile (Here we can define offload settings and what type of security settings and bandwitdth settings). Note that a virtual network adapter port profile is not linked to a network site or a logical network.
After we have created the uplink port profiles and the virtual network adapter port profiles we have to create a last magical component which is a Logical Switch.

A Logical Switch is just a template actually. Its based upon the extensible switch which comes with 2012 and includes the uplink port profile, and virtual port adapter profile and what extensions that is going to be included.

And there we link the port classification to the virtual network port profiles. So when we create the logical switch it bind (Different Port Profiles, Extensions) and adds the template to a switch.

And since the uplink port profile is linked to the host group we can now create a logical switch on a host group. So to be able to create a logical switch on a host we need to make sure that the logical network and network sites are assosiated with the host.

So after the switch is created we can add it to a host.
image

After we have created the logical switch we can then add virtual network adapters for the different services, then the virtual network adapter can be added to a VM network and added a port classification.

image

Note that these virtual network adapters are not the ones that can be created by using NIC teaming manager (These network adapters can only be created via powershell or via SCVMM)
So now when I check my virtual machines on this host I can move them to the newly created switch and choose Subnet.

image

So the big picture. (This took some time to create via Visio)
Logical Overview

image

Physical Overview

image

Done for to now, hopefully this post made sense for some! Smilefjes

My first sponsor – Veeam

Many might have noticed that little banner on the right side of my blog, well of right now I have my first official sponsor and of course it had to be veeam Smilefjes
I have had some offers before but Veeam is something I work with everyday and enjoy working with.

Veeam is an interesting product and I will when I have more time focus on more posts with Veeam in the middle.

XenMobile vs Configuration Manager & Intune

So this is a discussion I often meet, and will come across more the next weeks and months ahead I belive Smilefjes
Many of the customers I work with are often a full blowen Citrix customer or more forwards Microsoft.

Many are facing the discussion mobility how do we embrace it ? (or from another point of view, how do we manage it ?) and they are doing some research and find often that XenMobile or Intune shows up. So whats the difference between the two ?

Citrix has a long time been the master of delivering workspaces to a user and to any type of device, and with the release of CloudGateway Enterprise they were entering towards delivering mobile based features (for instance allowing them to deliver mobile based applications to a user device trough Citrix client) and with the purchase of ZenPrise last year they went full in. Zenprise was a fullblown MDM solution and now they have integratet CloudGateway (Cloudgateway was the old product which included Storefront, Gateway and AppController) with ZenPrise which is now known as XenMobile Enterprise.

This fits well for Citrix’s image (any device anywhere) and now they can manage any device as well (as long as it is mobile). Also they have developed sandboxed based applications under the category Worx and they can also deploy any applications from the vendors different stores. These Worx applications use Micro-VPN functionality to connect to the infrastructure and are completely seperated from other apps inside the mobile client.
To break it down in components XenMobile (Enterprise) consists of
* Netscaler (Gateway)
* Storefront
* AppController
* XenMobile MDM
* Sharefile

Then on the other side you have Microsoft, which is coming from a client management standpoint, and they have been there for quite some time. With the latest release of Configuration Manager, Microsoft released a connection with Intune which allowed buisneses to manage mobile devices via Intune directly from Configuration Manager.
So all mobile devices needed to be setup to talk to Intune in order to be managed.
Configuration Manager has also expanding it support to include Linux / Mac / Thin Clients as well as mobile devices with Intune, so microsoft has operated in the management part for a long time.
Instead of aiminig for a on-premise solution Microsoft har put everything in their cloud. So whenever Microsoft deployes a new feature to Intune every customer of Intune gets it without needing to do anything.
They also have an integration to exchange to allow the IT-guys to control mobile devices trough Active Sync (this also includes Office 365)
There is a new intune release coming with a new release of Configuration Manager the 18th of October.

But can these two products compete?
Well… they have some of the same features which is device management, Citrix has more advanced features with XenMobile and with Worx and Micro-VPN etc. Microsoft has full support for Windows phone and Windows RT (And coming with iOS and Android with an company portal app pretty soon) and Intune might have what you need but nothing fancy.

What we need to remember is that Configuration Manager is a fullblown client management suite, with patching, deploying operating systems, applications, baselining, antivirus, with Intune it gets mobile device management capability. XenMobile is not in this category, it gives you mobile management, mobile application management, sandboxing applications, give any device application delivery trough Citrix Receiver.

So if you are a System Center customer with Configuration Manager and your IT-guys use ConfigMgr for management, adding Intune might be an easy way to go ahead, and by using Intune you leave the feature set to Microsoft, they need to continue development and will add more features as new release become available (So you will get the new releases for free since its a cloud based solution which you get buy a monthly basis). For other customers which needs advanced features such as selective wipe and the ability to seperate buisness and private data and more advanced security features and deep suppor for all vendors (Except Windows) XenMobile is for you. Zenprise was one of the market leading vendors before Citrix bought them up.

If you compare the cost (for Intune the cost pr user is 6$ pr month so for one year you have 72 USD. You also need Configuration Manager for it to make any sense.) You can also get a discount if you are EAS or EA agreement already which makes Intune more viable.
XenMobile Enterprise on the other hand is not so much more expensive then a regular Intune subscribtion of course it requires alot more infrastructure then Intune does.

So hopefully you got a bit more understanding on what seperates Intune from XenMobile! Smilefjes

Storage Tiering for Scale-out file server JBOD SAS

Well I had the pleasure of playing around with Windows Server 2012 R2 scale-out file server with a JBOD SAS chassis. Then I wanted to try the storage tiering feature in R2.

So in my case I had a SAS chassis with 4 SSD drivers and 12 7K

screenshot

First I created a storage pool for the one with tiering.

screenshot2

Next we have to create a virtual disk from the storage space.
When we create a new virtual disk on the pool, here we have to define a storage tier.
screenshot3
Next we have to define a layout of the Storage, I created a simple layout for both pools.

screenshot4
Next we have to define what size we would use on the SSD and on the HDD volume.

screenshot5

After I have created two virtual drivers on top on the storage spaces and used fsutil file create new to create a random file on both of the drives.

Next I tried sqlio.exe to do a random 8k IOs againt the newly created file on each of the pools.
image

The below is the storage tiereing virtual drive (310k IOPS) the file I used then did not use the whole cache drive. Next run I created a file which in theory would fill the SSD drives and had to move it over to the HDD drive.

image

More blog post will come when I have tested some more! Smilefjes

Creating VHD from Configuration Manager

Another fancy feature from within Configuraiton Manager is the ability to create VHDs direcly from the console by using a task sequence. Think of the possibilities of creating golden images by bulding a VHD file and then importing this direcly into SCVMM.

In order to do this process there are a couple of requirements.
* You need a physical computer which runs Hyper-V (Window 8 or 2012 +) (NOTE: Had some trouble running the R2 Configmgr on Hyper-v 2012 R2 so I used 2012 for this guide.
* you need the Configuration Manager console installed on the physical computer
* Should not be the site server

Now first thing we do after installing the R2 console is to go into Software Library –> Operating Systems –> Task Sequences.
Then right-click and choose “Create a new task sequence” –> “Install an existing image package to a virtual hard disk”

1

Next we follow the procedures here and enter the information.
Now after we are done with creating the task sequence we can continue on with creating the VHD. We go into Software Library –> Operating Systems –> Virtual Hard disks, right-click and choose “Create Virtual harddisk”

2

3
Now we have to define which task sequence should be assosiated with the VHD file

4
Now after this is done and you have choosen the correct Distribution point that image building will process

5

Now first of it builds an ISO file with the task sequence and creates a VM in hyper-v.

6

You can see a random VM name appears.
Note: you can view the smsts.log for any errors that might occure during the running of the task sequence inside the VM (Before formatting this is placed on the X: drive)
To troubleshoot the hyper-v server you can view CreateTSMedia.log and DeployToVHD.log which are located under %ProgramFiles(x86)%Microsoft Configuration ManagerAdminConsole

Remeber that this process creates a local VM instance on that hyper-v server that is spins up and runs the particular task sequence (when it is done it shuts down the VM and removes it from Hyper-V) and you get left with the VHD.

System Center Management Pack for SQL

Must say that the product teams are working 110% releasing new managemnet packs almost weekly! the lastest update came from the SQL team, which has been updated 3 times the last year. (there has also been alot of changes within SQL)

You can download the management pack from here –> http://bit.ly/187uMJJ
And the lastest update contains some bugfixes and a new DB dashboard which is very useful for the DBA admins.

Now as a warning which is imporatant to note with this management pack:

We recommend that you monitor no more than 50 databases and 150 database files per agent to avoid spikes in CPU usage that may affect the performance of monitored computers.

Now this management pack has a lot of monitors which comes included, some are enabled by default and some are not to reduce the noise.
Since it logs typical stuff like.
* Deadlocks
* User Activity
* Space report for database, logs etc
* Disk latency

So of course YOU can use it for more then 50 databases, its just that the monitores require some tuning before you can installed the management pack on other servers. Since its hard for Microsoft to determine if you want to monitor a particular component within SQL or not.

And with the new DB dashboard here you get a complete overview!
(Had some issues with the SQL server agent at the time of the writing so therefore I have a blank DB overview)

sqlscom

Cloud based distribution points

Well, along time since I’ve managed to blog! Smilefjes But ill give a quick update about the book im writing. Im writing a book about Configuration Manager which is going to cover high-availability and performance tuning, really exiting times! It takes up alot of my time therefore my lack of blogging lately.
Anways, this is something I’ve post poned some while now, which is cloud based distribution points!

Cloud-based distribution points is something that came with Service Pack 1 in System Center. Cloud-based DPs are really much like a regular DP except for the following:

* You cannot use a cloud-based distribution point to host software updates
* You cannot use a cloud-based distribution point for PXE or multi-cast deployments
* You cannot use a cloud-based distribution point during a task sequence that requires a task to Download content locally when needed by running task sequence.
* You cannot use a cloud-based distribution point to offer packages that are setup with run from Distribution Point
* You cannot use a cloud-based distribution point to host virtualized applications
* You cannot set a cloud-based distribtuion point as pull-based or as source distribution point.

Content that is sent from the Configuration Manager to Azure is copied encrypted. In order to setup a Cloud DP you need a couple of things.
First of you need a management certificate which you can use against Azure you can follow my recipe from my previous post.
http://msandbu.wordpress.com/2013/01/09/managing-windows-azure-via-windows-powershell/

You also need to generate a certificate which should be created using the same PKI structure as for the regular Configuration Manager solution. This certificate should be created using the web server template. This certificate should contain a FQDN which your clients should be able to resolve using DNS.
You can read more about the certificate here –> http://technet.microsoft.com/en-us/library/230dfec0-bddb-4429-a5db-30020e881f1e#BKMK_clouddp2008_cm2012

After these two prerequsites are in place we can create the distribution point (if you have SP1 the option to create one are under Administration –> Hierachy –> Cloud –>
1

Here we have to enter the subscripbtion ID this we can get from Azure and the management certificate.

2

Next we choose what region and what site this DP should be assosicated with, as well as add a certificate generated by our internal PKI for the DP.
3
Next we configure alerts and thresholds. After this is done we have to change the client policy to allow access to cloud DP

4

And we can se in the monitoring pane that the cloud DP is functional.

5

Under the FQDN enter a name for the server (which resembles the certificate name) this record has to be added the the DNS-zone either internally (if only for internal clients) or on the external zone) the IP-adress of the Distribution Point in Azure is found under cloud services.

image

After this is done, we also have to modify the clients policy settings to allow clients access to the distribution point. If you go into the storage blob and under containers you can see the different packages that have been distributed to the cloud DP.

image

If you want to scale out with more cores to the cloud DP you can go into the cloud service and use the scale function
image

after I have distributed content I can see the package ID under the container in the storage pane.

image

And there we go, will try to write up a follow-up which covers multi cloud DP points.

Pull-based distribution point and rate limiting

One of the awesome features in Configuration Manager SP1 is the ability to define a distribution point as pull based. In essence what it does is that instead of pushing content from a site server to all the distribution points within a site, you define a pull DP and a source DP.

Regular content distribution.
1

Then when you distribute content from a site server to a group of source DPs and the pull-based will get the content from the source DPs, this way you will reduce the load of the site server itself, and you might as well this way more effeciently distribute data. Think of it what if the site server has a low bandwidth connection to DP2 in the branch office but DP1 has a high-bandwidth connection to DP2 ?
This way it allows for more effecient data distribution.

Pull-based distribution

2

You can define a DP as pull-based under the properties of the DP (here we can define which source DPs the DP should use. As you can see you can define multiple source DPs.
image

and please note:
You can’t use a site server DP as pull-based
You can’t use a cloud-based DP as pull-based or as a source
A distribution point set with rate limiting which is then configured as pull-based distribution point will ignore any rate limiting configuration set.

Another nice feature on the DP which im going to cover in another post is cloud-based distribution point and of course rate limiting.

This allows you to define a schedule and bandwidth in % when sending content from a site server to a DP. (Remeber that these settings are only visible for DPs that are not on the site server. When you define rate limiting you have three options.

1: Unlimited
Uses all the available bandwidth (no restrictions)

2: Pulse Mode
Allows you do define that the content is to be split up in chucks in terms of KBs and how often they should be transmitted (with a delay between blocks)

3: Limited to specified maximum transfer rates by hour
Important to note that this options does not register how much bandwidth is available to Configuration Manager. For instance if you set this to 50% for 0 to 1 hours ConfigMgr will send data the first 30 mins then stop sending data the next 30 mins.

ratelimit

Netscaler releases!

So alot is happening on the Netscaler front from Citrix this day!
Citrix just released a new build version for all of their platforms.

The latest build is 120.13
Which can be downloaded from here –> http://bit.ly/1eMoKFP (Requires mycitrix)
This includes some new features in the wizard for XenDesktop and the setup wizard and alot of bug fixes.

https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/NS_10_1_120_13.html

Citrix also released a new version of Insight Center (Still not for hyper-v) but this comes in version 120.13 as well (so it looks like Citrix is releasing Insight at the same time a new build for Netscaler is released)

But Citrix hasen’t released the release notes for 120.13 yet so hard to know what is new Smilefjes
There is some of the new features in the download page.

With this release we extend the Insight visibility offering from Web traffic (Web Insight) to HDX traffic (HDX Insight) analytics.

It will now collect ICA AppFlow records generated by NetScaler ADC appliances and populate analytical graphs over Layer 3 to Layer 7 statistics. The HDX Insightwill provide in-depth analysis over real time and historical data across last 5min (real time) and last one hour, one day, one week, one month as historic data.

You can download it here –> http://bit.ly/1aIumfa

Citrix as well! released a new management pack for Netscaler 10.1 which also supports 2012 SP1 but they haven’t released a new documentation for it but still it offers a lot of new options.  You can download it here –>
http://bit.ly/1a1m9Sq

Anyways interesting times ahead! still waiting for Insight center to be released for hyper-V ! Smilefjes