Saturday, 26 February 2011

Citrix XenDesktop VDI and What It Means To You

The idea of this non-technical post is to come up with a personal document, that could be distributed to end users to explain/sell a Citrix XenDesktop VDI solution to them. This is only a draft and - in the spirit of sharing - please feel free to copy in any way or leave comments (good or bad.)


Citrix XenDesktop VDI and What it Means to You

Definition: VDI = Virtual Desktop Infrastructure

Dear Work Colleague

As part of the natural lifecycle of desktop systems, the IT Department are soon to be replacing your current workstation with a thin-client and Citrix XenDesktop 5 utilizing Windows 7. We want this to be a positive experience for you and have prepared this brief advance introduction.

1: Preparation

Prior to your allocated time for switch-over to VDI, the IT team will be migrating your profile so that when you log on to the VDI for the first time, your application and desktop settings are in place. We highly recommend you contact IT support prior to your switch-over time, if you have any concerns about applications and/or data on your workstation, and their availability in the VDI.

2: Connecting from inside the office

When you arrive at your desk at a time after switch-over, all you need to do is power on your thin-client and monitor(s) - if they are not already powered on - and the 'Log on' box (like below) will appear. Log on with your domain user name and password, and you're in!


You will be greeted by the 'Welcome to your Citrix XenDesktop' welcome screen, close this and you are ready to begin going about your business.


3: Working from outside the office

The same virtual desktop you work from in the office can be used from anywhere in the world where you have internet access and an available PC, Mac, smartphone or tablet (like the iPad.)

Example - connecting from a PC with Internet Explorer:

Point your internet browser to https://cag.adomain.com
If not already installed - accept the prompts to download and install any ActiveX controls, and the CitrixOnlinePlugWeb.exe
Log on and you're in!


Why Citrix XenDesktop VDI?

The Citrix XenDesktop VDI solution is designed around allowing you to work flexibly and creatively*. Some advantages of a Virtual Desktop Infrastructure (VDI) over a Physical Desktop Infrastructure (PDI) / traditional terminal services:

i: Your workspace is truly personal (advantage over traditional terminal services)
ii: Flexibility to work from the same desktop from many different devices, and wherever there is an internet link
iii: Data is stored centrally and securely
iv: Provisioning new or additional workspaces can be done in seconds
v: Smaller carbon footprint when using thin-clients
vi: Enhanced and more efficient IT Helpdesk support
vii: Greater resilience of desktop workspace systems


Credits

*Part quote (... designed entirely around allowing people to work flexibly and creatively) taken from a Louise Matthews blog post - see: blogs.citrix.com

Monday, 21 February 2011

Configuring Citrix Access Gateway (CAG) VPX 5.0.1 with XenDesktop 5

Prerequisities:

CAG with basic configuration – that is:
- IP Addressing for web, internal, and management interfaces (this could be the same interface)
- host name matching external web address and SSL certificate
- license (express edition or better)
SSL Certificate Installed on CAG
{If required} SSL Certificate Imported into CDDC
Connection to working Citrix Desktop Delivery Controller
Connection to working Windows Active Directory


Walkthrough:

Part 1: Configuration on the CAG

Log in to the CAG Web UI at

From 'Management' configure:

System Administration

1) Name Service Providers:
Enter the internal DNS server(s) IP Address
Enter a DNS suffix
Can manually add any internal controller(s) into the 'HOSTS File' to be sure of name resolution

2) Date and Time
Either set manually or point to an NTP server

Access Control

3) Logon Points
Create a new logon point

Fields to be completed:
Under 'General Properties'
Name: << choose a name for the Logon Point >>
Type: Basic
Tick 'Authenticate with Web Interface'


And set the logon point as default (so https://cag.adomain.com interfaces with the XenDesktop installation)

Applications and Desktops

4) XenApp or XenDesktop
Create a new ICA Access Control List for ICA protocol and
Create a new ICA Access Control List for Session reliability protocol
with beginning and ending IP address for range used by IP Addresses


Part 2: Configuration on the Citrix Desktop Delivery Controller

Open 'Citrix Desktop Studio' Management Console
Expand Access -> Citrix Web Interface -> XenApp Web Sites
Select the Internal Site ( http://CDDC.ADOMAIN.priv/Citrix/DesktopWeb )
Select the 'Secure Access' tab
Click 'Edit secure access settings'


Click 'Add' to Specify a new Access Method
Enter IP address and subnet mask of the CAGs internal interface
Select 'Gateway alternate' for an internal CAG behind a NAT firewall


Click OK
Click Next

Specify the Address (FQDN) of the Access Gateway
Port: 443
Enable session reliability (default)


Click Next

Add the Secure Ticket Authority URLs: << https://CDDC.ADOMAIN.priv/scripts/ctxsta.dll >>
Click Finish



All done and ready to test XenDesktop 5 via the external CAG interface!


Postscript:

1) LDAP authentication profile and working Secure Ticket Authority (STA) setup are not required on the CAG here since the CAG redirects straight through to the XenDesktop internal login page

2) Following through these four articles posted this month -
- will result in a fully working web accessible XenDesktop proof of concept (or Small Business setup) with £0 Citrix Licensing costs – thank you Citrix for making this possible (request to Citrix – this might be asking a little too much but please can the 12 month CAG VPX express up to 5 concurrent connections license be turned into perpetual? Cheers!)



CORRECTION: The CAG VPX express license does not work with the XenDesktop Express  past a short grace period. In order to use CAG VPX with XenDesktop, at a minimum will need the XenDesktop VDI license. 

Sunday, 20 February 2011

Setting up a Basic XenDesktop 5 Proof Of Concept – Part 2 of 2: Walkthrough from Desktop Deployment (Using 'Host Type' None) to Testing

Continuing from Part 1....

1: Initial Configuration

From 'Desktop Studio'
'Initial configuration' tab
Select 'Desktop Deployment'




Provide a Site name
Select Edition -> Express Edition
Browse to the license file delivered with the XenDesktop5 Express Edition download ( http://deliver.citrix.com/go/citrix/XDExpress )
And use default database
Next ->





Click OK to let XenDesktop create a database automatically





The Host type in this scenario is 'None' (no access to hosting companies virtual infrastructure servers)
Next ->
Finish ->



Initial configuration is complete!
And the Navigation Pane under Desktop Studio will populate with more options.


2: Creating a Catalog



Desktop Studio -> Machines -> Create Catalog (either right-click Machines or select from the Action Pane)



i: Machine Type
Machine type: Physical
Next ->





ii: Machines & users
Add Computers and optionally assign to users
Next ->





iii: Administrators
Choose Administrators or leave on default
Create a Catalog description
Next ->



iv: Summary
Provide a Catalog name:
Finish ->


3: Completing User Assignment



From 'Desktop Studio'
'Initial configuration' tab
Click 'Configure' next to 'User assignment'




Select the recently created Catalog and click Next




Place a tick next to the 'Machine name' under 'User Assignments'
Next ->
Next ->



Enter a 'Display name'
Enter a 'Desktop Group name'
Finish ->


3: Testing
From an endpoint machine with network connectivity to the Citrix controller (e.g. workstation or laptop)
Point your browser to the Internal Site URL for the XenDesktop installation - which will be something like






Tick the 'I agree with the Citrix license agreement' box and click INSTALL to install the CitrixOnlinePluginWeb.exe





Click 'Run' if the File Download - Security Warning appears
Click 'Run' again if the Internet Explorer - Security Warning Appears
Click 'OK' to the Installation Completed Succesfully Prompt

Then Log On with your domain credentials





Test complete - welcome to the virtual workstyle!






Appendix - A couple of problems

A couple of problems that might be encountered:

1: Sysprep problem when using VMware's deploy from template / clone - “Windows could not finish configuring the system. To attempt to resume configuration, restart the computer.” The fix is to download a patch for Windows 7 - (KB981542) - from http://support.microsoft.com/kb/981542  (this is due to be included in Windows 7 SP1)
The installer error 0x80070422 occurs when installing the patch if the Windows 7 Optimizer has been used and allowed to disable the Windows Update service.



2: Virtual Desktops coming up as unregistered in Desktop Studio:
On the Virtual Desktop -> Programs and Features -> Citrix Virtual Desktop Agent -> Change -> Reconfigure the VDA

There are these options for controller Location:
i: Manually enter controller location(s) << FQDNs >>
ii: Select from Active Directory
iii: Configure at a later time - Use Group Policy or this wizard to specify the controller
And can configure as preferred.

Setting up a Basic XenDesktop 5 Proof Of Concept – Part 1 of 2: Walkthrough from Install to Desktop Deployment


Prerequisites

XenDesktop5 ISO (available from http://deliver.citrix.com/go/citrix/XDExpress )
XenDesktop Express Edition License (available from http://deliver.citrix.com/go/citrix/XDExpress )
Hosting Environment - Citrix XenServer / VMware vSphere / Microsoft Hyper-V
Domain Controller (vDmC) - Windows 2003 or higher with domain functional level Windows 2000 native or higher
+ DNS
+ DHCP (not totally essential depending on hosting model used)
+ Windows updates and antivirus as necessary
Windows 2008/2008R2 Std/Ent (vContoller) – domain joined
+ Windows updates and antivirus as necessary
Windows 7 Master Image (vMaster) – domain joined
+ Windows updates and antivirus as necessary


Part 1: Walkthrough from Install to Desktop Deployment

Everything from this point should be done using a domain login with sufficient permissions on vDmC, vController, vMaster to install software

vMaster
Attach XenDesktop5 ISO
Select 'Install Virtual Desktop Agent'


Choose 'Quick Deploy'
Click 'Yes' if the prompt 'XenDesktop will disable the WDDM driver before continuing' appears (this may temporarily stop mouse and keyboard integration with guest tools)


Select 'Install'
Click 'Close' and then the virtual desktop will restart
Install Adobe Reader, Adobe Flash Player, Microsoft Silverlight, and other software as required (if have access to a XenApp server then install the Citrix Receiver,) also now would be a good time to run through some desktop optimizations (e.g. could use VDI Optimizer tool from as written by one of the MCS deployment team – see http://www.autoitscript.com/files/tools/VDIOptimizer.zip )  


vController
Install Adobe Flash Player (used for the consoles)
Attach XenDesktop5 ISO
Select 'Install XenDesktop'


Accept default settings and click 'Next'

Default settings include all of the following components:
1) XenDesktop Controller – Creates and manages virtual desktops for users
2) Web Access – Provides users with web access to their virtual desktops
3) Desktop Studio – XenDesktop configuration and management console
4) Desktop Director – XenDesktop daily operations and helpdesk web site
5) License Server – Manages XenDesktop Licenses
6) SQL Server Express 2008 R2 – Used for the controller database

Click 'Next' to enable default ports on the Windows firewall
(defaults ports are 27000, 7279, and 8082; as used by the License Server)
Click 'Install'
Verify installation process was successful and click 'Close'


Desktop Studio will automatically open
From Desktop Studio, either select 'Quick Deploy' or can choose from the other options for a more advanced deployment configuration. The options are:

Quick Deploy - Streamlined configuration ideal for proof-of-concept or smaller production environments
Join existing deployment - Add the XenDesktop Controller installed on this server to an existing site
Desktop deployment - Advanced configuration ideal for large production environments
Application deployment - Configuration of VM Hosted Applications


Here can select the Quick Deploy wizard which will get a working proof-of-concept up and running in minutes. The second part of this article follows a different approach that can be used if access to the hosting environment's management servers is not allowed (e.g. no access permitted to VMware Virtual Center, Citrix XenServer, or Microsoft Hyper-V)

Wednesday, 16 February 2011

Corruption of Filesystem Occurs After Veeam Backup of Uploaded Physical to Virtual (P2V) Conversion

(Must stress here that the problem is not with Veeam Backup, just that it was after the Veeam Backup that the filesystem corruption occured - the problem is down to the P2V conversion itself)


Problem:

After a physical to virtual conversion of a Windows 2003 Small Business Server, using the VMware Converter coldclone bootable CD onto a network share on a laptop (because there is no direct access to a hosting companies Virtual Center.) The uploaded P2V conversion runs well until an attempt is made to back it up using Veeam (Veeam Backup 5 in this case.) The backup completes with the warning below and fails to commit the temporary snapshot:

Removing snapshot
Failed to retrieve "SCSI (0:0) Hard disk 1" disk information. Check VM virtual hardware configuration.
Wrong number of extents - 81, descriptorFile "nfc://conn:vcenter,nfchost:host-1705,stg:datastore-7019@SBS/SBS-000001.vmdk"
Veeam Backup will attempt to remove snapshot during the next job cycle, but you may consider removing snapshot manually.
Possible causes for snapshot removal failure:
- Network connectivity issue, or vCenter Server is too busy to serve the request
- ESX host was unable to process snapshot removal request in a timely manner
- Snapshot was already removed by another application

Then, after manually committing the snapshot, the server starts reporting NTFS errors, corrupt file errors, and upon reboot falls into a completely unrecoverable state.


Solution:

The fix in this case was to do a Virtual to Virtual (V2V) conversion on a pre-backup copy of the server (had done a cold clone of the original uploaded server prior to it being backed up) using the coldclone bootable CD, pointing directly to vCenter. After this the backup ran fine.

The problem was down to the original P2V being done using the coldclone bootable CD onto a network share on a laptop, which was then uploaded to the hosting environment (the P2V had not been done directly to the vCenter as this was not possible.)


One additional step:

After the V2V, the VMware tools status was OK but mouse capture and release had stopped working, to fix:

From vSphere client:
VM -> Guest -> Install/Upgrade VMware Tools
Interactive Tools Upgrade
Repair


Sunday, 13 February 2011

Setting Up Citrix Access Gateway VPX 5.0.1 and SSL Certificate for use with Citrix Desktop Delivery Controller - Walkthrough

Credit: This is an edit of Lupa Mooncak's (another anagram of real name) document, published with permission. Thanks Lupa!


Part A: Download OVF template and import to your vSphere environments

1: Go to http://www.citrix.com/accessgateway or Google “Get Citrix Access Gateway” and click on the first result

2: On the web page there is a 'Try it' button and from here follow the prompts to download cag_5.0.1.183500.ova or similar

3: Once the .ova file is downloaded, via the vSphere client click File → Deploy OVF Template...



Browse to the .ova file, and follow the wizard (mostly next, next, next ...) to import the CAG (Citrix Access Gateway) VPX to the virtual infrastructure.

The CAG requires 13GB free space on a datastore (12GB disk, 1GB memory)


Part B: Configure Citrix Access Gateway VPX 5.0.1

1: Before booting it up, choose the networks that the CAG will be connected to. The CAG comes with 4 virtual network adapters. This walkthrough will only use 3 of the virtual network adapters.

Network adapter 1: DMZ
Network adapter 2: Management Network
Network adapter 3: Server Network (with access to the Citrix Desktop Delivery Controller)

Feel free to set this up as preferred; it will work fine with just one network adapter configured for web access, management, and internal server communication. If this is a hosting environment, additional network adapters might be used to talk to different controllers.


2: Power on the CAG VPX

3: Once the CAG has completed boot up, log in to the console with the default credentials -

login: admin
password: admin

Access Gateway, 5.0.1.183500, { date }

----------------------------------
Main Menu
----------------------------------
[0] Express Setup
[1] System
[2] Troubleshooting
[3] Help
[4] Log Out
----------------------------------
Choice:

Choose 0 for Express Setup

4: Express menu – run through the options inputting configuration as required

----------------------------------
Express Menu
(After all the required configuration changes, please use '[6]Commit Changes' to save the changes.)
----------------------------------
[0] Internal Management Interface
[1] Interface IP, Netmask
[2] Default Gateway
[3] DNS Server
[4] NTP Servers
[5] AG Deployment Mode
[6] Commit Changes
[7] Back to Main Menu
----------------------------------
Choice:

Only options 0,1, and 2 need to be completed here, the rest can be done via the Web UI

5: Once options 0,1, and 2 from the Express Setup Menu have been configured via the console, and the option 6 to commit changes has been applied; after reboot of the CAG connect to the Management Console on

https://AccessGatewayIPAddress/lp/adminlogonpoint  (Note after the IP Address it is 'ell' 'pee')

- and login with the default credentials – username = admin , password = admin

After login, the Access Gateway Management web page loads:

6: Further configuration via the Access Gateway Management (ACM) Web UI

The ACM Web UI contains a lot of menus and settings, which will be left for another time, another article, or the excellent Citrix documentation at http://support.citrix.com/proddocs . Here we will skip to Part C regarding getting the SSL certificate to work with the Citrix Desktop Delivery Controller.

A quick overview of things to be configured via the Management web page include:

Networking (set the 'Host Name' to be the same as what is to be on your external SSL certificate)
Name Service Providers (enter internal DNS server's IP, a DNS suffix, and can add any internal controllers into the 'HOSTS File' to be sure they resolve)
Password (change from default one ASAP)
Date and Time
Licensing (either point to the internal license server, upload an express license {the express license must match the host name of the CAG, and is case sensitive} … )
Authentication Profiles (configure an LDAP profile for Active Directory communication)
Logon Points (point the CAG to Web Interface of your XenApp/XenDesktop web interface)
XenApp or XenDesktop (type in your internal IP address ranges for both ICA and Session Reliability, which creates an access control list, also include the VDI IP Address range)
Secure Ticket Authority (type in the IP or hostname to the internal secure ticket authority)



Part C: Install SSL certificate on CAG for use with the Citrix Desktop Delivery Controller (CDDC)

1: Obtain an SSL certificate for the external DNS name (e.g cag.mycompany.com)

If this is a proof of concept then can use a free for 12 month SSL certificate from https://www.startssl.com
The startssl cert will be of type .p12 (Personal Information Exchange/PFX) and will need to be converted to a .pem file with the password used when the cert was created. Can convert from .p12 to .pem at https://www.sslshopper.com/ssl-converter.html

2: Log on to the Access Gateway Management Web UI and go to 'Certificates'

Under 'Certificate Management'
Select the 'Import' drop down
Choose 'Server (.pem)' or 'Server (.pfx)'
Enter the password for the private key as required
Mark the imported SSL certificate as active (the CAG comes with an internal self-signed SSL cert which is initially marked as the active SSL certificate)

Note: At this point the certificate can be tested on the external web address to check all is okay

Steps 3 to 7 resolve proxy connection type errors if these are encountered:

3: On the Citrix Desktop Delivery Controller (CDDC) open a new mmc and add to it two snap-ins -
Certificates → My user account
Certificates → Computer account

4: Take screenshots of -
Certificates – Current User → Personal → Certificates
Certificates – Current User → Trusted Root Certification Authorites → Certificates
Certificates – Current User → Intermediate Certification Authorities → Certificates
(this step is required to identify new keys that get installed when the import is done in step 5)

5: Import the key -
Download the .p12 key to the CDDC
Right-click and choose 'Install PFX'
Follow the 'Certificate Import Wizard' entering password for the private key, leaving the tick on 'Include all extended properties', let it 'Automatically select the certificate store based on the type of certificate', finish

6: For convenience copy newly installed certificates from -
Certificates – Current User → Trusted Root Certification Authorites → Certificates
Certificates – Current User → Intermediate Certification Authorities → Certificates
- into -
Certificates – Current User → Personal → Certificates
- also taking note of the newly installed certificate in Personal

7: Copy all the new installed certificates from -
Certificates – Current User → Personal → Certificates
- into -
Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates
Certificates (Local Computer) → Intermediate Certification Authorities → Certificates
Certificates (Local Computer) → Third-Party Root Certification Authorities → Certificates

And voila! The proxy connection type errors should be resolved.