Monthly Archives: November 2013

Allow users to choose between Access Gateway and XenApp connection

I some cases you want users to have the option to choose between a regular VPN connection when connecting to your solution or they just want to access their applications and desktops using receiver, of course you can create multiple session policies for users or based on something else but there is also another option which displayes the different options in the web GUI.

If you have a Netscaler Gateway vServer setup with a session policy we can do a change here, open the session policy and go into “request policy” and choose modify –>

NOTE: This requires Smart Access Mode and Smart Access requires the use of Universal licenses
image

Under Client Experience choose Advanced –>

image

Here you have a setting called “Client Choices”

image

When users now login they will be presented with this screen
Which allows them to choose between Network Access, XenApp or Clientless Access.
If I disallowed Clientless Access here it would not appear on the menu.

ill come back in detail later on how to setup Access Gateway for users with plugin or java client.

image
NOTE: If Netscaler is unable to communicate with the Storefront or WebInterface the XenApp choice will not appear.

And there are three options regarding clientless access.

  • On. Enables clientless access. If client choices are disabled and the Web Interface is not configured or disabled, users log on using clientless access.
  • Allow. Clientless access is not enabled by default. If client choices are disabled, and the Web Interface is not configured or disabled, users log on using the Access Gateway Plug-in. If endpoint analysis fails when users log on, users receive the choices page with clientless access available.
  • Off. Clientless access is turned off. When this setting is selected, users cannot log on using clientless access and the icon for clientless access does not appear on the choices page.

Study resources 74-409 Server Virtualization with Windows Server Hyper-V and System Center

NOTE: This is work in progress
Now its a long time made since I made any of these, but been busy Smilefjes
Here is a new exam from Microsoft which just released earlier this november, this is the first Microsoft exam which contains Azure technology from an “it-pro” perspetive and it also contains stuff from the latest 2012 R2 release.
The exam also goes trough stuff like Generation 2 VMs, Hyper-V recovery manager and so on.
You can read more about the exam here –> http://www.microsoft.com/learning/en-us/exam.aspx?ID=74-409 This exam replaces the earlier MCTIP Server Virtualization for Windows Server 2008.

The exam will contain the following. So im addind study resources under each section.

Configure Hyper-V

  • Create and configure virtual machine settings.
    • This objective may include but is not limited to: Configure dynamic memory; configure smart paging; configure Resource Metering; configure guest integration services; create and configure Generation 1 and 2 virtual machines; configure and use extended session mode, and configure RemoteFX

Dynamic Memory –> http://technet.microsoft.com/en-us/library/hh831766.aspx
Enable Resource Metering –> http://technet.microsoft.com/en-us/library/hh848481.aspx
Configure Guest Integration –> http://www.techrepublic.com/blog/data-center/configure-integration-services-options-for-hyper-v-vms/
Create Gen 2 VMs –>http://blogs.technet.com/b/jhoward/archive/2013/10/24/hyper-v-generation-2-virtual-machines-part-1.aspx
Extended session –> http://technet.microsoft.com/en-us/library/dn282274.aspx
Configure RemoteFX –> http://social.technet.microsoft.com/wiki/contents/articles/16652.remotefx-vgpu-setup-and-configuration-guide-for-windows-server-2012.aspx

  • Create and configure virtual machine storage.
    • This objective may include but is not limited to: Create VHDs and VHDx; configure differencing drives; modify VHDs; configure pass-through disks; manage checkpoints; implement a virtual Fibre Channel adapter; configure storage Quality of Service

Create VHD and VHDX –> http://technet.microsoft.com/en-us/library/hh848503.aspx
Create Differeing disks –> http://lyncdup.com/2012/06/creating-hyper-v-3-differencing-disks-in-server-2012-with-gui-and-powershell/
Pass-trough disks –> http://www.petri.co.il/convert-hyper-v-pass-through-disk-to-a-vhdx.htm
Implement virtual fibre channel –> http://www.virtualizationadmin.com/articles-tutorials/microsoft-hyper-v-articles/storage-management/first-look-hyperv-vs-virtual-fibre-channel-feature-part2.html
Configure Storage QoS –> http://technet.microsoft.com/en-us/library/dn282276.aspx
Modify VHD –> http://technet.microsoft.com/en-us/library/dn282284.aspx

  • Create and configure virtual networks.
    • This objective may include but is not limited to: Configure Hyper-V virtual switches; optimize network performance; configure MAC addresses; configure network isolation; configure synthetic and legacy virtual network adapters; configure NIC teaming in virtual machines

Configure Hyper-V virtual Switches –> http://www.serverwatch.com/server-tutorials/harnessing-the-power-of-hyper-v-network-virtual-switches.html
Optimize network performance –> http://www.aidanfinn.com/?p=15414
Configure network isolation –> http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_pvlan
Configure NIC teaming in virtual machines –> http://www.msserverpro.com/configuring-windows-server-2012-nic-teaming-to-a-hyper-v-virtual-machine/

Configure and Manage Virtual Machine High Availability

  • Configure failover clustering with Hyper-V.
    • This objective may include but is not limited to: Configure shared storage; configure Quorum; configure cluster networking; restore single node or cluster configuration; implement Cluster Aware Updating; upgrade a cluster; configure and optimize clustered shared volumes; and configure clusters without network names

Configure shared storage –> http://blogs.technet.com/b/keithmayer/archive/2012/12/12/step-by-step-building-a-free-hyper-v-server-2012-cluster-part-1-of-2.aspx
Configure Quorum –> http://technet.microsoft.com/en-us/library/jj612870.aspx
Configure cluster networking –> http://www.msserverpro.com/implementing-windows-server-2012-hyper-v-failover-clustering/
Optimizate clustered shared volumes –> http://technet.microsoft.com/en-us/library/jj612868.aspx
Restore cluster configuration –>
Configure clusters without network names –> http://technet.microsoft.com/en-us/library/dn265970.aspx
Cluster aware updating –> http://technet.microsoft.com/en-us/library/hh831694.aspx

  • Manage failover clustering roles.
    • This objective may include but is not limited to: Configure role-specific settings including continuously available shares; configure VM monitoring; configure failover and preference settings; and configure guest clustering

Configure VM monitoring –> http://blogs.msdn.com/b/clustering/archive/2012/04/18/10295158.aspx
Configure guest cluestering –>  http://technet.microsoft.com/en-us/library/dn265980.aspx 

  • Manage virtual machine movement.
    • This objective may include but is not limited to: Perform Live Migration; perform quick migration; perform storage migration; import, export, and copy VMs; configure Virtual Machine network health protection; configure drain on shutdown; manage Physical-to-Virtual (P2V) and Virtual-to-Virtual (V2V) migrations; and implement virtual machine migration between clouds

Live Migration –> http://technet.microsoft.com/en-us/library/hh831435.aspx http://technet.microsoft.com/en-us/library/jj860434.aspx
Virtual Machine network health protection –> http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_VMHealth
Virtual Machine Drain on shutdown –> http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_VMDrain
Physical-to-Virtual –> http://blogs.technet.com/b/scvmm/archive/2013/10/03/how-to-perform-a-p2v-in-a-scvmm-2012-r2-environment.aspx
V2V migration –> http://technet.microsoft.com/en-us/library/gg610672.aspx

Implement a Server Virtualization Infrastructure

  • Implement virtualization hosts.
    • This objective may include but is not limited to: implement delegation of virtualization environment (hosts, services, and virtual machines) including self-service capabilities; implement multi-host libraries including equivalent objects; implement host resource optimization; integrate third-party virtualization platforms; and deploying Hyper-V hosts to bare metal

Bare Metal –> http://technet.microsoft.com/en-us/library/gg610634.aspx
Host Resource optimization –> http://technet.microsoft.com/en-us/library/gg675109.aspx
Selv-service capabilites –> http://technet.microsoft.com/en-us/library/gg610573.aspx
Integrate third-party virtualization –> http://technet.microsoft.com/en-us/library/gg610687.aspx

  • Implement virtual machines.
    • This objective may include but is not limited to: Implement highly available VMs; implement guest resource optimization including shared VHDx; configure placement rules; create a Virtual Machine Manager template

Shared VHDx –> http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_SharedVHDX
Placement rules –> http://technet.microsoft.com/en-us/library/jj860428.aspx
Create template –> http://technet.microsoft.com/en-us/library/hh427282.aspx

  • Implement virtualization networking.
    • This objective may include but is not limited to: Configure Virtual Machine Manager logical networks including virtual switch extensions and logical switches; configure IP address and MAC address settings across multiple Hyper-V hosts including network virtualization; configure virtual network optimization; plan and implement Windows Server Gateway; implement VLANs and pVLANs; plan and implement virtual machine networks; and implement converged networks
  • Implement virtualization storage.
    • This objective may include but is not limited to: Configure Hyper-V host clustered storage; configure Hyper-V virtual machine storage including virtual Fibre Channel, Internet SCSI (iSCSI), and shared VHDx; plan for storage optimization; and plan and implement storage by using SMB 3.0 file shares
  • Manage and maintain a server virtualization infrastructure.
    • This objective may include but is not limited to: Manage dynamic optimization and resource optimization; integrate Operations Manager with System Center Virtual Machine Manager and System Center Service Manager; update virtual machine images in libraries; implement backup and recovery of a virtualization infrastructure by using System Center Data Protection Manager (DPM)

Monitor and Maintain a Server Virtualization Infrastructure

  • Plan and implement a monitoring strategy.
    • This objective may include but is not limited to: planning considerations including monitoring servers using Audit Collection Services (ACS) and System Center Global Service Monitor, performance monitoring, application monitoring, centralized monitoring, and centralized reporting; implement and optimize System Center 2012 Operations Manager management packs; and plan for monitoring Active Directory
  • Plan and implement a business continuity and disaster recovery solution.
    • This objective may include but is not limited to: plan a backup and recovery strategy; planning considerations including Active Directory domain and forest recovery, Hyper-V replica including using Windows Azure Hyper-V Recovery Manager, domain controller restore and cloning, and Active Directory object and container restore using authoritative restore and Recycle Bin; and plan for and implement backup and recovery by using System Center Data Protection Manager (DPM)

My little System Center book project!

For sometime now I have been occupied with my little book project, it has taken a lot of time from my blogging since it has been completely new territory for my part. But! it has been a unique learning experience and I think that I’ve never been this good a using Word… Ever!

A while back a publisher contacted me and asked if I was interested in writing a book for them, at first I thought nah… don’t have the time and capasity to finish this in time.. But after thinking about it a couple of days I thought when am I going to get this opportunity again ? Therefore I said yes! and fast forward a couple of months ahead and here I am with the finished product.

So allow me to introduce my little book

Configuration Manager 2012 High-availability and Performance Tuning

Microsoft SCCM High Availability and Performance Tuning

 http://www.packtpub.com/microsoft-sccm-high-availability-and-performance-tuning/book

FThis is the first time I’ve ever written anything that was over 10 pages (Yes including school as well) and it has been a unique experience and I wish to thanks the publisher Packt www.packtpub.com who has given me this opportunity.

I also wish to thank my reviewers
Marius Skovli and Dragos Madarasan for good feedback in the review process.

Netscaler Insight and Integration with XenDesktop Director

This is another one of Citrix hidden gems, Netscaler Insight. This product has been available from Citrix some time now, but with the latest update in became alot more useful. Insight is an virtual applance from Citrix which gathers AppFlow data and statistics from Netscaler to show performance data, kinda like old Edgesight. (NOTE: In order to use this functionality against Netscaler it requires atleast Netscaler Enterprise or Platinum)

Insight has two specific functions, called Web Insight and HDX insight.
Web Insight shows traffic related to web-traffic, for instance how many users, what ip-adresses, what kind of content etc.
HDX Insight is related to Access Gateway functionality of Citrix to show for instance how many users have accessed the solution, what kind of applications have they used, what kind of latency did the clients have to the netscaler etc.

You can download this VPX from mycitrix under Netscaler downloads, important to note as of now it is only supported on Vmware and XenServer (They haven’t mentioned any support coming for Hyper-V but I’m guessing its coming.

The setup is pretty simple like a regular Netscaler we need to define an IP-address and subnet mask (Note that the VPX does not require an license since it will only gather data from Netscaler appliances that have a platform license and it does not work on regular Netscaler gateways)

After we have setup the Insight VPX we can access it via web-gui, the username and password here is the same as Netscaler nsroot & nsroot

image

After this is setup we need to enable the insight features, we can start by setting up HDX insight, here we need to define a expression that allows all Gateway traffic to be gathered.
Here we just need to enable VPN equals true. We can also add mulitple Netscalers here, if you have a cluster or HA setup we need to add both nodes.

image

After we have added the node, just choose configure on the node and choose VPN from the list and choose expression true.

image

image

Now for Web insight we need to define an expression for instnace I can use an hostname expression and define a website that I have using DNS. This will start gathering appflow data when clients are accessing websites having the hostname web in it.

image

After a while now we can see that info is starting to appear in Insight, we can “drill” down in the data to show different metrics.

image

I can go into a user and show his sessions

image

And I can show what kind of applications the user has been running

image

For web insight we can see what kind of URLs that are accessed

image

And I can see what clients have accessed the URL

image

Now that is the first part, the Insight will not just sit there and gather data. The next part is to integrate this with Director to allow helpdesk users to user this data together with the Edgesight feature which is now a part of XenDesktop 7.

To integrate this we need to install Director on a server, next we need to run a command C:inetpubwwwrootDirectortoolsDirectorConfig.exe  /confignetscaler

image

After this is done do an IIS reset and log into Director again.
We can now go into the Network pane and see the data that is collected.

image

Note: There are some requirements that need to be in place in order for it to function properly.

  • NetScaler HDX Insight must  be v10.1 or above.
  • XenDesktop VDA version 7.0 and above are supported by HDX Insight and NetScaler.
  • Storefront from the XenDesktop 7.0 installer or above versions can be used to launch the user sessions.
  • Receiver for Mac v11.8 and Windows Receiver 14.0 (4.0) and above are required for accurate ICA RTT metrics.

XenDesktop 7.1 TechPreview Service Template

Citrix released yesterday a tech preview of their Service Template for XenDesktop 7.1 for System Center Virtual Machine Manager.
This template allows for rapid and easy deployment of an entire XenDesktop 7 infrastructure, including setup of Director, License Server, Desktop Delivery Controller and Storefront.

It does not by default include Netscaler as part of the that template but that is something we can add to the “mix” later.
the Techpreview of the template can be downloaded from mycitrix here –> https://www.citrix.com/downloads/xendesktop/betas-and-tech-previews/system-center-service-template-tech-preview.html (This requires a valid mycitrix account) it has a template for XenDesktop and for PVS.

ill continue on with the XenDesktop template and show how it is deployed.
The template contains a bunch of PowerShell scripts, XenDesktop 7.1 ISO file and the template file itself, in order to fully setup the template it needs to VMM ISO file and a generalized 2012 VHD file.

After we have downloaded the template file open VMM –>
Then go into Library and Import Template –>

image

Then point to the extracted XenDesktop folder.
Then choose next, now we need to point the template to the different ISO files and generalized 2012 template.

image

After that is done and the mappings are correct we can contine on with the importing.

image

This will take some time since it needs to import the XenDesktop to the library. When we now go into Service Templates we can see XenDesktop listed as an option there. If we right click and choose “Open Designer” we can see how the layout will look like.

image

Now if we wanted to we could use the Netscaler integration as well to deploy multiple DCC and Storefronts and automatically setup a load balancing of these services as part of the deployment. Lets see how that can be done using the Service Template. (Note that this integration is still not support in 2012 R2) (UPDATED: IT WORKS) but for the purpose of demonstrating how it CAN be done ill show it anyways. So after we have installed the addon and created a VIP template for DCC and one for Storefront we can open the designer again.

Next we can connect the VIP profiles to the different components, one DCC VIP template for DCC and one for Storefront which has different load balancing mechanisms setup.

image

Now If I where to configure a deployment of this. I can configure the amount of each server I want in order to ensure scailability and redudancy.
When I start the deploy wizard I get a question to define what is my management network.

image

Here I can define what is the backend of the netscaler and what the VIP addres of the load balancing solution is going to be.

image

But since the integration between Netscaler and VMM is not functioning in R2 ill need to get back on that in a later post (UPDATE IT WORKS). But if I go into one of the servers I can see the application scripts that are run in order to setup a functional site.

image

If I for instance have ComTrade installed on Operations Manager in order to have monitoring of my Citrix enviroment I can add this as a Application Configuration in the last step to have a complete, XenDesktop 7 setup with load balanced Netscaler solution and have complete monitoring using Operations Manager.

This is the power of Citrix and Microsoft!

Netscaler tips and tricks

So the purpose of this post is to post different tips and tricks with Netscaler, so this is going to be updated from time to time. So it’s what I call a dynamic post Smilefjes
Now there are a tons of different areas to explore here, but im going to start easy.

1: Password reset Netscaler MPX / VPX
Now from time to time you might come by this, you have a customer which has a Netscaler setup and they have forgotten the password for the device. What do you do ?

If you have a MPX you need to connect to the device using a serial cable and use for instance Putty to connect to the serial port.  If you have an VPX you just need to open the console. Now when the device boots you need to press CTRL + C now on the VPX it is simple the boot menu appears

image

Then you just press 4 and go into single user mode. On the MPX we have to press CTRL + C simultaneously as well when the following appears in the console

Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in 2 seconds…

Now to start the MPX in single-user mode you have to type either boot –s or reboot — -s to restart in single user mode. When you are in single user mode the console will look like this.

image

Next we have to mount the flash device since this is where the config file resides. Now on different devices this flash device has different names http://support.citrix.com/article/CTX121853

For VPX this device is called /dev/ad0s1a
So first we have to check disk consistency first before we can mount the device.

fsck /dev/ad0s1a (This checks disk consistency)

mount/dev/ad0s1a/flash (This mounts the drive under the folder /flash )

df –l (List the devices and where they are mounted)

image
Next we need to change directory to the flash drive where the config file is located.
cd /flash/nsconfig from there

image

Next we use a grep command to create a new config file but without the line which contains the passoword string.
grep –v “set system user nsroot” ns.conf > new.conf

Next we need to rename the current config to another name
mv ns.conf old.ns.conf
mv new.conf ns.conf

After this is done we have a new config file without the password for nsroot and we can reboot.

2: Use of profiles
A feature that I don’t see so commonly used and I think that is because of its not a obvious known feature, so let’s change that. When setting up virtual services you have the option to define a network profile attached to this service.

For instance the netscaler has many built-in TCP profiles which can help with improving the perfomane on a service either over LAN or WAN. These profiles tune different settings on the TCP stack and a desricption for each TCP profile can be found here –> http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-ac-confg-tcp-profl-tsk.html

For instance on virtual services you have an profile pane where we can define which Profile to use.

image

If for instance you are using this only in a LAN you should use the nstcp_lan_profile. By changing this you will note the performance increase it has.

3: Change GUI on Gateway portal

Now in many cases you want to customize the GUI of the default Netscaler Gateway Vserver.

Now this is possible but not as easy as with Storefront… Smilefjes
First of we need to do some changes within the Netscaler Gateway GUI.

Change setting to Green Bubble under global settings on a Access Gateway vServer (if you want to use it as an template)

image

image

Then we can make customizations, we can do this by opening for instance a FTP connection to the netscaler (with for instance winSCP) The gui is located under /netsacler/ns_gui
Changes which are done here can be viewed in real-time.

For instance if we wish to change the background image we can add a new image to the folder /var/netscaler/gui/vpn/media by added a new image by the name bg_bubbles.jpg to replace the old background. (Now I’ve changed it with a picture from the familiy album.

image

If we wish to change the text that appears in the portal we can change this under /vpn/resources/en.xml (This file contains most of the text that appears in the portal.
So after a few changes here we can get this.

image

Now if we want to same this custom theme, we first need to create a folder called ns_gui_custom under the /var/ folder.

This can in shell by writing  mkdir /var/ns_gui_custom

Next change directory to /netscaler by typing: cd /netscaler

Now we to archive the ns_gui folder: tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/* This is because when the netscaler boots it exports the tar file to the nsgui folder.
After this is done we need to change the vServer global settings to custom theme and reboot to make sure it applies properly Smilefjes

4: Trouble with VIP in a DMZ site

So you have a two armed Netscaler solution where you have a SNIP, NSIP in the LAN network which talk to your backend servers and AD and DNS as such, and then you setup a VIP in the DMZ sone where you host your Access Gateway vServer, you reckon it should work.
But you are unable to ping the VIP address and you are uanble to open the vServer HTTPS.

You can see that the Default Gateway is going trough the LAN interface and when you want to change the gateway you get this error

The solution you need to have a SNIP address in the DMZ sone with the VIP address, this is because a VIP address is not “fully” features network IP unless it has a SNIP on the same network.