Monthly Archives: November 2016

Citrix Workspace Enviroment Manager–Configuration part 2

In the first post on WEM –> http://msandbu.org/introduction-to-citrix-workspace-enviroment-manager-part-1/ I decribed the setup process. In this blogpost I will focus more on configuring the policies and deploying them to a set of users and agents based upon filters.

The setup in WEM is split into a couple of pieces, some of the settings can be applied to a user based upon different filters, some settings a of a global level and cannot be defined to a users or group. So let’s start with the first thing which is an Actions.

image

here we can define most of the properities which are defined in GPP. Printers, Applications, etc and so on. So for instance we can specify map network drive

image

So we can speficy the regular settings here and we can also under options speficy more options like reconnect, self-healing and such as we have in GPP. Now next we have filters, which helps us sort out how and who should get actions applied to them. Now there are bunch of different options here to choose from.

image

So we can have one or multiple filters in a rule. So for instance we can have actions applied on a user based upon XenDesktop farm name, where the client is coming from and time of day for instance. When you have created the filters we need to create a rule and bind the filters to it. So go into Filters –> Rules –> Add

image

So there specify the filters and click OK. So now that we have a couple of actions specified and an filter we can assign the actions based upon the filter to a set of users.
So go into Assigment –> Configured Users and search for a particular user –> and from there just double click on which action we want to assign to the users. When we bind an action we have the option to add it based upon a filter, for instnace if the users are connecting externally we do not want them to have printers mapped up from the office for instance

Showing assigned actions to a user

image

Assigning action with filter

image

So now that we have applied some actions, we can also specify some other settings like Resource Optimization and more Advanced features.  So let’s start with Memory Optimization. For instance, Working Set Optimization which defines that when an application becomes idle for a certain amount of time it is forced to release excess memory until they are no longer idle.

image

This screenshot shows the difference between optimized memory and non-optimized memory usage. On this two sessions there is one user opening the same PDF document, and after the idle walue kicks inn the memory usage goes down

66 MB vs 3,2 MB memory usage for PDF

We also have other settings which are of a global applied. We can configure, rules to hide the common UI elements, like My computer and so on. Remember also that by default it excludes Administrators from being processed so do not test with administratior accounts unless you remove that value.

image

From here we can also specify settings for Microsoft USV, Citrix UPM and VMware Persona settings, note that this is for certain versions of these features. The documentation from Citrix is of now quite lacking on that part. The only reference in the PDF documentation states

Please note that some options only work with specific versions of UPM; please consult the
relevant Citrix documentation for detailed instructions.”

From a client perspective there is an taskbar icon which the end-user can interact with the update settings and send feedback from. So for instance applications which are published to an user will end up here and they can start applications directly from here.

image

There are also other options like Capture screen which will allow end-users to take a screenshot directly and send it to support

image

The end-users can self-refresh settings which have been applied to the desktop. Or the administration can force update from within the console directly after adding printers / folder or something like that.

Docker platform management for Windows Containers

Previously I’ve blogged about what Containers and some a little bit abou the container ecosystem –> http://msandbu.org/what-is-containers-and-container-ecosystem/ Now lately I’ve been involved in being able to deliver Windows Containers and there lack of container orchestration tools (as of now) Now Windows Container came in Windows Server 2016 & Windows 10 and it is still pretty new. So why? There are plenty of enterprise applications which run for instance .Net based applications or web services and could be converted to a docker container and the same goes for database instances and other smaller services as well so make it easier to scale and deploy.

But linux containers has been here a while already, and of course in the container lifecycle management space there are alot of different vendors in this space. So what does a Container solution deliver in terms of features?

  • 1: Universal Management Plane (Across multiple docker hosts)
  • 2: Common registry
  • 3: An orchestration solution (Swarm, Kubernetes, Marathon)
  • 4: Source code management and integration
    5: Monitoring / Loggings
    6: Persistent Storage configuration
    7: Service Discovery
    8: Deployment and management of Network
    9: Deployment private / public / host

The list is long but this are most of the required features for being able to deliver a CaaS solution. Now for Linux Containers there are alot of tools that we can use (Mesosphere, Kubernetes, Rancher, Openshift, Docker Datacenter) but of course the majority of platforms are running like this, Netflix for instance.

Now as of now Windows Containers are lacking this managmenet platform, as of now we cannot even use Swarm with Windows Containers (ref: https://github.com/docker/docker/issues/27612#issuecomment-255457426) another limitation to our Windows implementation of container networking is lack of support for service discovery, since they also cannot use any type of overlay network for multi-host nodes as well such as what Kubernetes and Openshift are using with VXLAN which is also another limitation.

But as of now Microsoft is doing rapid deployment to their public Docker Images https://hub.docker.com/u/microsoft/

Now I’ve been so fortunate to hear that Docker Datacenter is soon coming with Docker Datacenter for Windows (Beta) you can sign up for the beta here –> https://goto.docker.com/MicrosoftWindowsServers2016_LP.html

Also that Rancher will be supporting Windows Server 2016 Containers as well –> https://github.com/rancher/rancher/issues/4576 in an upcoming build.

introduction to Citrix Workspace Enviroment Manager–Part 1

So with the purchase of NorScale, Citrix again has enterede the UEM market. Now instead of going with RES or AppSense (Which is now at Landesk) they aimed for a product which is pretty small in comparison but I belive that this will makes it easier for Citrix to mold it into a product of their own. Now I’ve been eager to try it out for a while, but time has been quite limited over the last couple of months.

Now the product became available for download a couple of weeks back, still lacking quite alot on the documentation and information available but it has now been rebranded of their own. So what about the product, what does it do? It can alter the user enviroment, mapping drives, resources, printers, hide and lockdown the desktop, we can do this based upon different filters for instance LDAP OU, Groups and so on (ill come back to this part a bit later) so think of it as a more powerfull way to do Group Policy Preferences but without the limitations.
Another cool feature is the resource optimization part which allows us to save CPU / Memory.

The infrastructure components as of now are pretty simple deployment, we need to setup the solution to a license server or else you will get an error message(Like the one below)

image

and also you need to correct license as well which is XenApp and XenDesktop Enterprise and Platinum edition customers with active Software Maintenance.

image

Now to get started there are a couple of things that need to be in place, before we start installing it.

1: License Server VPX – Version 11.14.0.1

2: Database server (SQL 2012 +)
3: Server to install the console and the infrastructure role (If you are testing this in a lab don’t install the DB part on the DDC! and not on a domain controller it won’t work properly)

So when you setup the SQL database server, use windows authentication. The Workspace Enviroment Manager download consists of three components, Agent, Console and Infrastructure components. It also contains some Group Policy setting which we will import later.

After installing the infrastructure role on a server you will get a couple of applications available to do the further setup (Administration Console is only after you install the admin console MSI)

image

Start with Database Management

Then enter the information on the SQL server and name of the database to be created

image

NOTE: If you are encountering any errors on the setup. Look into the Program files folder of NorScale, there is a log file, “Citrix WEM Database Management Utility log”

image

On the final page you have a create database button, which would either give you a

Or if something fails you need to take a look at thelog file or in the SQL Server agent log. When the database is created we can go ahead and configure the broker service. Start the Broker Configuration options on the desktop

From there configure the licensing server

image

Configure the service account

image

Configure the Database settings

image

Then lastly save the broker configuration

image

If everything now is completly setup we now copy the ADMX templates and configure the group policy settings for the agents to connect to the broker. So the ADMX templates needs to be copied into the Central Store and PolicyDefinitions.

And this policy should only be created and applied for machine objects where we want the agent to be used.
Adding the ADMX policy will add a new Citrix policy settings for WorkSpace enviroment management. From there we need to configure the connection broker name and Agent post which it should communicate with. If you wish to alter the port number you need to configure the broker settings configuration again.

image

If for some reason agents are not connecting to the broker server you can check registry under the following value. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\norscale\Agent host

image

So the agent can be installed manually using the MSI downloaded or using silent install using the regular flags. After the agent is installed on a host and you’ve done gpupdate on it, it should start appearing inside the management console, under administration and agents

image

Stay tuned for Part two of Workspace Enviroment Manager where we will take a closer look at defining actions, filters and assigments.

Getting started with Docker Containers monitoring using Microsoft OMS

So been using alot of days the last couple of weeks working with OMS, it is becoming a powerhouse of features, even though you need to be aware of that the data usage can get totally out of control if it is not tuned properly, so it is becoming more like its big brother Operations Manager….

Anyway lets stick to OMS and Docker Container monitoring, which now is a preview feature as of now. It can be used either as a Container running the OMS agent (which is for CoreOS) or installing the OMS agent on a linux host

3-OMS-082416

Now this was released in august, but then I looked at the OMS agent at Docker hub and noticed that this was now changed –> https://hub.docker.com/r/microsoft/oms/  now we can push the OMS container agent to any of the supported Linux distributions & Docker versions

  • Docker 1.10 thru 1.12.1
    Ubuntu 14.04 LTS, 16.04 LTS
    CoreOS(stable)
    Amazon Linux 2016.03
    openSUSE 13.2
    CentOS 7
    SLES 12
    RHEL 7.2
    ACS Mesosphere DC/OS 1.7.3, 1.8.4

  • They way to use it is pretty simple you need

  • 1: OMS workspace with workspace ID & Primary key & you need to Docker integration enabled

  • 2: One Docker host

  • From the docker host you run the following to download the OMS agent image to the host.

  • sudo docker pull microsoft/oms

  • After the image has been downloaded you run the following

  • sudo docker run –privileged -d -v /var/run/docker.sock:/var/run/docker.sock -e WSID=”your workspace id” -e KEY=”your key” -p 127.0.0.1:25225:25225 –name=”omsagent” –restart=always microsoft/oms

Now eventually if the docker host has network access you can see the information being updated to OMS

image

From the solution we can get alot of performance information from the different containers

image

It can also show the different containers host and docker images that are available in the repository

image

As of now this ONLY supported Linux Containers and not Windows Containers…. Hopefully Microsoft is moving forward with a Microsoft OMS agent for Windows Containers here as well.