1Y0-A03 Citrix XenDesktop 2.0 Enterprise Edition: Administration Study Guide
Defining Citrix XenDesktop 2.0 Enterprise Edition Architecture
Consoles and Utilities
v Most XenDesktop management tasks are performed from the Access Management Console.
v The Desktop Delivery Console enables session management tasks to be performed.
v Configuring of printing and policies is performed in the Presentation Server Console.
¨ XenApp Advanced Configuration Tool is the new name for the Presentation Server Console in XenApp 5.
v XenCenter is used in XenServer management, including the creation and management of resource pools.
v The Provisioning Server Console is used to manage components within a Provisioning Server farm, including vDisks.
v The XenDesktop Setup Wizard automates parts of the creation, delivery and maintenance of large installations of virtual desktops.
¨ This wizard integrates Citrix components so that systems administrators can quickly create multiple desktops.
Endpoint Devices
A Citrix Ready desktop appliance:
v Is optimized for use with a virtual desktop.
v Provides users access to a single virtual desktop.
v Runs on Windows XP Embedded, Windows CE, Linux or custom operating systems like Wyse Thin OS.
v Comes preinstalled with the Desktop Receiver Embedded software to access a virtual desktop.
A repurposed personal computer:
v Provides users access to a single virtual desktop.
v Does not require access to the local desktop.
v Has to have the Desktop Receiver Embedded software installed on it.
v Is joined to a domain.
v Runs on Windows XP or Windows XPe operating systems.
A fat client:
v Runs on Windows Vista, Windows XP Professional, Windows Server 2003, Windows 2000 Professional, Linux, UNIX or Macintosh OS X operating systems.
v Has to have the Desktop Receiver software installed on it or downloaded and installed from a web site.
v Provides users access to the local desktop and provides users access and control over one or more virtual desktops.
A remote system:
v Provides users with access to their virtual desktops from outside of the LAN through Access Gateway.
v Runs on Windows Vista, Windows XP Professional, Windows Server 2003, Windows 2000 Professional, Linux, UNIX or Macintosh OS X operating systems.
v Uses a fat client device.
Technologies used with XenDesktop
XenDesktop uses SpeedScreen to:
v Ensure that screen updates are smooth.
v Mouse and keyboard movements are responsive.
v Multimedia has excellent performance over any network.
The universal print driver allows XenDesktop to deliver a consistent and fast printing experience for users without requiring specific local print drivers.
XenMotion allows virtual desktops from one XenServer to another for high availability and simplified server maintenance.
Secure remote access is provided by Citrix Access Gateway technology to secure communications between the client and the XenDesktop environment.
Session reliability allows users to resume their work from where they left off after a connection is lost and then re-established.
v Session reliability uses port 2598.
XenDesktop Components
The Desktop Delivery Controller:
v Brokers connection requests from endpoint devices.
v Assigns a desktop to each user on demand.
v Manages licensing.
v Manages the data store.
¨ The data store contains the persistent configuration information for the farm.
The Virtual Desktop Agent:
v Runs on each desktop that will be delivered to users.
v Provides the ICA service that manages communication between a user’s desktop and endpoint device.
The Desktop Receiver runs on the endpoint device and displays a user’s desktop.
The Virtual Machine Infrastructure creates the foundation for delivering virtual desktops and offers advanced management features.
Application delivery is provided by XenApp for Virtual Desktops.
v XenApp for Virtual Desktops delivers applications to virtual desktops on demand.
Provisioning Server for Desktops is used to stream a single desktop image (vDisk) to multiple virtual desktops hosted in the VM infrastructure.
Desktop Delivery Process
1. The endpoint device submits user credentials to a Web Interface site through Access Gateway.
2. The Web Interface passes the user credentials to the Desktop Delivery Controller.
3. The Desktop Delivery Controller verifies user authorization.
4. The Desktop Delivery Controller queries the data store for the user’s assigned desktop groups.
5. The Desktop Delivery Controller queries the VM Infrastructure about virtual desktop status.
6. Provisioning Server for Desktops binds a vDisk to the virtual desktop.
7. The Desktop Delivery Controller identifies which desktop has been assigned for this session.
8. Web Interface sends an .ICA file to the Desktop Receiver.
9. An ICA connection is established.
10. The Virtual Desktop Agent verifies the license file with the Desktop Delivery Controller.
11. The Desktop Deliver Controller queries the license server.
12. The Desktop Delivery Controller sends policies to the virtual desktop.
13. The virtual desktop requests profile data.
14. The virtual desktop is displayed to the user.
15. Applications are delivered on demand.
User Experience
Users who will only need access to a single virtual desktop and are on the local LAN connecting with a desktop appliance:
v Turn on their local appliance > Wait for the Welcome screen > Enter their credentials and log on > Wait for the desktop to appear.
Users connect to a single, full-screen-only-mode desktop by the following process:
v Turn on their local machine and connect to the XenDesktop Services site > Wait for the Windows logon screen > Enter their domain credentials > Wait for the desktop to appear.
Users that have the choice to connect to more than one desktop from inside of Windows on a LAN:
v After they have already logged on Windows, they open a web browser and browse to a XenDesktop web site > When the Welcome screen appears, they type in their credentials and log in > They will see a Desktops tab and have their choice of desktops to choose from > The first time they connect it downloads the Desktop Toolbar > They choose their desktop and it appears in the Desktop Toolbar > Users can then interact with the desktop by using the Desktop Toolbar.
Remote users running Windows to connect to their desktops via XenDesktop:
v They will already be logged into Windows > Open a web browser and browse to the XenDesktop web site that was secured by Access Gateway > Log on to the site > Select a desktop from the Desktops tab > Click Connect and the desktop will appear in the Desktop Toolbar > Use the Desktop Toolbar to interact with the desktop.
Desktop Groups
Desktop groups consist of users and desktops assigned through Active Directory.
The data store contains the desktop groups to which each user is assigned.
Assigned desktop groups are for users that:
v Need to need to install and manage applications on their desktops.
or
v Need to store data not covered by profile management.
Pooled desktop groups:
v Are for users that do not need to install applications or store data on their desktop.
v Are allocated to users on a per-session, first come, first served basis.
v Pooled desktops can take advantage of virtual desktop provisioning, which streams a single image to multiple desktops.
v XenApp for Virtual Desktops and end user profiles are used to personalize the applications, settings and data for each user.
v There are two types of pooled desktop groups:
¨ Virtual desktops in pre-assigned groups are permanently assigned to an individual user as soon as the group is created.
- As a result, the user can safely customize the desktop to suit her needs.
¨ Virtual desktops in assigned-on-first-use groups are permanently assigned to the first user to connect to them.
- As a result, the user can safely customize the desktop to suit their needs.
Desktop Delivery Component
The Desktop Delivery Component installation process automatically creates multiple Web Interface sites to provide a flexible user experience.
v A Web Interface site passes the user credentials to the Desktop Delivery Controller.
Using the desktop group that it obtained from the data store, the Desktop Delivery Controller queries the VM infrastructure about the status of virtual desktops in that group.
The Desktop Delivery Controller:
v Cannot be installed on a Domain Controller.
v Brokers connection requests from endpoint devices.
v Manages licensing and the data store.
v Verifies user authorization by performing a Microsoft Active Directory query with the user’s credentials.
Some Protocols used in XenDesktop
SSL/HTTPS:
v Carries secure, encrypted data between the Desktop Receiver and the datacenter, providing secure remote access for users outside of the corporate LAN.
ICA:
v Is used to deliver hosted applications to virtual desktops on demand, separating the application logic from user input and screen refreshes.
v Communication between the Desktop Receiver and the Virtual Desktop Agent occurs over ICA, providing PC like responsiveness of any content to any location and device.
SMB:
v Streams applications to virtual desktops, allowing users to run a new application locally without requiring a new, custom image.
Some Ports used in XenDesktop
Port 2598 is used to deliver hosted applications with session reliability.
Port 1494 is used to deliver hosted applications without session reliability.
Port 445 is used to stream applications to virtual desktops.
Identifying Pre-Install Considerations
Active Directory
The Active Directory Configuration Wizard is integrated in the Desktop Delivery Controller installation.
v It is accessible on the Desktop Delivery Controller in the Start menu by selecting All Programs > Citrix > Administrator Tools > Active Directory Configuration Wizard.
v Before an administrator can create desktop groups, they need to create and configure the Active Directory Organizational Unit (OU) using this wizard.
The two main reasons that the Desktop Delivery Controller uses Active Directory are:
v 1) Security – Confirm that any outbound communications come from authorized controllers in the appropriate farm and maintain confidentiality of data exchanged by the virtual desktops and the controllers.
¨ Active Directory’s inbuilt security infrastructure is used by virtual desktops to check that incoming communications from controllers come from authorized controllers in the appropriate farm.
¨ Active Directory’s security infrastructure also ensures that the data exchanged by virtual desktops and controllers is confidential.
¨ Desktop Delivery Controller uses Active Directory's inbuilt Kerberos infrastructure to guarantee the authenticity and confidentiality of communication.
v 2) Controller discovery – Active Directory is used by XenDesktop to discover the controllers that constitute a farm.
¨ Administrators can add new controllers to a farm without having to reconfigure all virtual desktops in the farm because this information is automatically updated in Active Directory by controllers.
DHCP in a XenDesktop Environment
When the vDisk boots from a network using PXE:
v DHCP sends a request to the Provisioning Server for an IP address and boot file options.
v The PXE server delivers the information to the vDisk.
In a XenDesktop environment, the DHCP service delivers the following to the vDisks:
v An IP address
v The boot file location
When configuring boot options for DHCP:
v Enable option 066 Boot Server Host Name.
v Type in the IP address of the boot server.
v Enable option 067 Bootfile Name.
v Enter name of the boot file.
v Configure option 060 PXEClient for PXE support.
Reducing Storage
An administrator can reduce the number of unique desktop images stored in the datacenter through:
v Virtual desktop provisioning
¨ Virtual desktop provisioning reduces storage by streaming a single image to multiple desktops.
v Roaming profiles
¨ By storing users’ profiles separately from the OS and applications, administrators can dramatically reduce the number of unique images while still providing a personalized desktop to each user.
Private and Standard Image vDisks
Private Image vDisks require more storage space than Standard Image vDisks.
v A Standard Image vDisk can be shared by one or more target devices.
v A Private Image vDisk can only exist for one target device.
Provisioning Server Cache
The Provisioning Server write cache can be located:
v As a file on the target device’s hard drive.
¨ Frees up the Provisioning Server since it does not have to process write requests and doesn’t have the finite limitation of RAM.
v In the target device’s RAM.
¨ Provides the fastest method of disk access since memory access is always faster than disk access.
v As a file on the Provisioning Server.
¨ All writes are handled by the Provisioning Server, which can increase disk IO and network traffic.
Provisioning Server write cache need only be enabled for Standard Image vDisks since they don’t allow read and write access on the image like Private Image vDisks do.
Installing Citrix XenDesktop 2.0 Enterprise Edition
Installing Desktop Delivery Controller
A Desktop Delivery Controller:
v Cannot be installed on a domain controller.
v Should be installed using a domain account with local administrator rights.
v Should not be installed using RDP.
v Automatically installs Web Interface during installation.
A Desktop Delivery Controller requires:
v Active Directory to store information about Desktop Delivery Controllers and to detect controllers in the farm.
v A database to host the data store that holds configuration information about the controllers and administrator account information.
v Access to a Citrix License Server with valid licenses.
v The Citrix Access Management Console to view and manage the farm
v The Citrix Presentation Server Console to configure printing and policies for the virtual desktops.
Citrix Licensing
The following must be licensed for continued functionality:
v XenServer
¨ Although XenServer does not use the same license server as the other components in the XenDesktop environment, it still utilizes Citrix licensing.
v Provisioning Server
v XenApp for Virtual Desktops
v Desktop Delivery Controller
To license some Citrix products, including the Desktop Delivery Controller:
v Install the license server in the environment.
¨ It is not required to be installed on the Desktop Delivery Controller server, but can be.
v Download the license file from www.mycitrix.com.
v Copy the license file to the license server.
v If the license server is installed on a different server than the Citrix product, use the Access Management Console to configure the product to point to the license server by IP address or name and specify the port number being used for the license server communications.
v Use the License Management Console to manage licenses.
XenServer / Provisioning Server Licensing
An overview of XenServer and Provisioning Server licensing:
v XenServer requires installation of two licenses:
¨ One for the XenServer hosts.
¨ Another for the Provisioning Server.
v The XenServer license keys are installed directly on each XenServer host.
v Provisioning Server uses the Citrix License Server to provide pooled licensing management.
v In the License Management Console you will see four Provisioning Server licenses for each XenServer Platinum Edition you have purchased.
v Provisioning Server consumes one of these for the XenServer host to which the virtual machines are being streamed.
v The remaining three licenses are available for provisioning additional physical machines.
Installing XenServer in a XenDesktop / Provisioning Server Implementation
To install and configure XenServer for a XenDesktop implementation including Provisioning Server:
v Install the XenServer Host on a dedicated server.
v Install the XenCenter management console on a separate, remote computer.
v Use the XenCenter management console to connect the XenCenter Host and install the licenses.
v Create a new resource pool and add all XenServer Hosts to it.
v Create the virtual machines and add them to Active Directory.
v Install the Virtual Desktop Agent on the virtual machines.
v Install the XenServer Tools on the virtual machines.
Resource Pools
A resource pool comprises multiple XenServer Host installations, bound together into a single managed entity which can host Virtual Machines.
When combined with shared storage, a resource pool enables VMs to be started on any XenServer Host which has sufficient memory and then dynamically moved between XenServer Hosts while running with minimal downtime using XenMotion.
v In order to use Provisioning Server to provision virtual machines that will be migrated with XenMotion, you must create them with a small disk attached.
If an individual XenServer Host suffers a hardware failure, then the administrator can restart the failed VMs on another XenServer Host in the same resource pool.
Resource pool members must have similar networking including:
v NICs across all members must connect to the same networks.
v Although there can be a different number of NICs on each machine, the NICs must be in the same order on each machine.
v NICs should be the same speed but can be from different vendors.
Discovery
The Access Management Console relies on the discovery process to check the environment for the addition or removal of devices.
The discovery process runs automatically the first time the Access Management Console is opened.
An administrator should manually Run discovery on a regular basis so that the information being viewed is up-to-date.
vDisks
Before creating a vDisk, an administrator needs to know:
v The type of vDisk being created.
v The directory in which the vDisk will be stored.
v The disk size required to host the operating system and other files.
To create a new vDisk:
v Open the Provisioning Server Console on the Provisioning Server.
v Right-click a server in the console and choose New Virtual Disk.
After a vDisk is created using Provisioning Server, an image containing the operating system must be copied to the vDisk using the Provisioning Server Image Builder utility.
Managing Passwords with Active Directory
To allow Active Directory to manage passwords:
v Disable Active Directory controlled automatic re-negotiation of machine passwords by enabling the Disable machine account password changes security policy.
v Enable machine account password management in the properties of a vDisk in the Provisioning Server Console.
v Enable automatic password management in the properties of a Provisioning Server in the Provision Server Console.
Virtual Desktop Agent
In a XenDesktop implementation using XenServer as the hosting infrastructure, the Virtual Desktop Agent will be installed on the virtual machines.
The Virtual Desktop Agent consists of the following components that reside on the virtual desktop:
v The Citrix Desktop Service
¨ Communicates with the Desktop Delivery Controller.
¨ Handles the initial brokering of connections and the interactions with sessions from the Access Management Console.
v The Citrix ICA Service
¨ Communicates with the Desktop Receiver and handles graphics and input.
v Supporting services
¨ Help with features such as auto-reconnection, printing and encryption.
The Virtual Desktop Agent:
v Is used to facilitate the connection to a virtual desktop.
v Can be installed on Windows XP and Vista.
v Must be installed on each system that will become a virtual desktop.
v Must be configured with the port number used to communicate with the Desktop Delivery Controller.
v Requires that the firewall on the system be properly configured.
v Must be configured to point to a farm.
Virtual Machine Templates
A Provisioning Server virtual machine (VM) template is a diskless template that is associated with a Provisioning Server vDisk.
To create a virtual machine template in XenCenter:
v Select the desired resource pool.
v Select VM > New.
v Select the desired operating system template.
v Enter the name and description.
v Select the location of the operating system installation media.
v Set the number of CPUs and memory.
v Leave the Virtual Disk screen default.
v In the virtual network interfaces option, select the default.
v Deselect Start VM automatically.
v After clicking Finish, select the newly create VM and select the Storage tab.
v Select Delete to remove the storage from the VM.
v From the menu bar, select VM – Convert to Template.
Diskless Virtual Machines
To create a diskless virtual machine in XenCenter:
v Select the desired resource pool.
v Select VM > New.
v Select Other install media at the bottom of the operating system list.
v Enter the name and description.
v Select the location of the operating system installation media.
v Set the number of CPUs and memory.
v In the virtual disk option, do not add a disk.
v In the virtual network interfaces option, select the default.
v After clicking Finish, the virtual machine can be utilized or converted to a template.
v After creating a diskless virtual machine, it must be set to network boot to properly interoperate with Provisioning Server.
Desktop Receiver
The Desktop Receiver software can be installed from:
v The product media
v A XenDesktop web site
v Active Directory GPO
v Another software distribution product
Building vDisks
Building Operating System Images
To create a Windows Vista, Windows XP, Windows Server 2003 or Windows 2008 operating system image that is able to boot from a XenServer virtual machine and leverage Provisioning Server streaming:
v Install and configure the Provisioning Server Streaming Server and XenServer Platinum.
v Create and format a Provisioning Server vDisk for the image-build process.
v Create the master target device with the appropriate operating system, updates, applications and configurations.
v Install XenServer Tools on the target virtual machine.
v Install Provisioning Server Target Device on the master target device (the device that has the appropriate operating system installed).
v Build the image on the vDisk using Provisioning Server Image Builder.
v Create a new vDisk for each desired operating system to be used with virtual machines in a XenDesktop deployment including XenServer and Provisioning Server.
Creating and Configuring vDisks
The high-level steps involved in creating and configuring a vDisk include:
v Configuring the vDisk mode
¨ Private or Standard
v Formatting the vDisk
¨ From the target device or Provisioning Server
v Creating the new target device entry.
v Setting the boot properties
v Assigning the vDisk to a target device
Creating vDisks in Disk Pool
To create a vDisk in a disk pool:
v In the Provisioning Server Console, right-click on the vDisk Pool where you want to add those vDisks and select the Create vDisk menu option.
v In the drop-down menu of the Create vDisk dialog box, select the store where this vDisk should reside
¨ If creating the vDisk from the store, then the site would be selected at this step.
v In the Server used to create the vDisk drop-down menu, select the Provisioning Server that will create the vDisk.
v Select the size to allocate to this vDisk.
v Type a filename for this vDisk and a description if desired.
v Select either Fixed or Dynamic in the VHD Format text box.
v Click Create vDisk.
v In the Provisioning Server Console, right-click on the new target device and select Properties.
v Select where to boot from in the Boot from drop-down list.
XenDesktop Wizard
The XenDesktop Wizard:
v Allows the automatic creation of large installations of virtual desktops.
v Adds these desktops to Active Directory.
v Creates a desktop group in the Access Management Console.
v Optimizes the idle pool count for that group based on the number of virtual desktops that were created.
Pooled Desktop Group Security
If you plan to configure virtual machines for use in a pooled desktop group, you must ensure that the operating system image installed on those machines is configured to prevent end users from making any modifications. Typically, this means that:
v End users can be members of the Users group.
v End users cannot be members of the Power Users or Administrators groups.
Automatically Adding Target Devices to Provisioning Server
Target devices can be imported into the Provisioning Server database:
v From a .CSV file using the Import Target Device Wizard.
v The target devices inherit the properties of a template.
Using the Provisioning Server Console, an administrator can create new target device entries in the Provisioning Server database:
v Manually by selecting Create Device and adding the information.
¨ Optionally using a collection template.
v Using the Auto-add feature on the Farm Properties Options tab.
¨ Optionally using a collection template.
To configure Provisioning Server to automatically add all new target devices to the database:
v In the Provisioning Server Console, right-click on the Farm node,
v Select Properties and set Auto-add on the Options tab.
v Optionally, a template can be used so that all of the newly added target devices have the same properties as the template.
To use Image Builder:
v Select the destination drive and click Build.
v Optionally, choose to optimize virtual disk performance and delete all of the files and folders in the destination path before building the image.
Creating a Diskless Virtual Machine
The Provisioning Server provides the ability to stream vDisks to diskless virtual machines. To create a diskless machine in XenCenter:
v Connect to a XenServer and click on the New VM icon.
v The New VM wizard launches.
v In the Select an operating system for the new virtual machine dialog, select Other install media at the bottom of the list and click Next.
v In the Enter a name and description for the new virtual machine dialog, type a name in the Name field, optionally type a description in the Description field, and click Next.
v In the Enter the location of the guest operating system installation media dialog, select Physical DVD Drive and click Next.
v In the Set the number of CPUs and the initial memory allocation for the new VM dialog, select the Number of vCPUs and Initial memory options and click Next.
v In the Enter the information about the virtual disks for the new virtual machine dialog, do not add a new disk and click Next.
v In the Add or remove virtual network interfaces for the virtual machine dialog, keep the default and click Next.
v In the Your new virtual machine configuration is complete dialog, uncheck the Start VM automatically box and click Finish.
v Once the virtual machine is created it can be utilized or created into a template.
To properly interoperate with Provisioning Server and allow Provisioning Server to stream vDisks to virtual machines, an administrator must:
v Create a diskless virtual machine.
v Set the virtual machine to network boot.
Configuring Citrix Desktop Delivery Controller for XenDesktop 2.0 Enterprise Edition
Creating Desktop Groups
Desktop groups can be created using either the XenDesktop Setup Wizard or the Access Management Console.
To create a desktop group with the XenDesktop Setup Wizard:
v Click Next on the Welcome screen.
v Select a desktop farm from the Desktop Farm drop-down list and click Next.
v Select a hosting infrastructure from the Hosting Infrastructure drop-down list.
v Specify the address of the hosting infrastructure (IP address or FQDN) and click Next.
v Type a VM infrastructure user name and password in the Credentials dialog box and click Next.
v Select a VM template to use as the base desktop image and click Next.
v Select the vDisk that will be associated with the VM template and click Next.
v Type the number of virtual desktops to create in the No. of virtual desktops field.
v Type a base desktop name in the Start of all desktop name field.
v Type the index number of the first VM in the Start number field and click Next.
v Select an Organizational Unit location in Active Directory to add the virtual desktops that will be created by the setup wizard and click Next.
v Type a name for the new desktop group and click Next.
v Review the settings on the Desktop Creation page and click Next.
Administrators can use the Access Management Console to create a desktop group of pre-existing desktop images.
To create a desktop group with the Access Management Console:
v Select Desktop Groups from the console tree.
v Click Create desktop group in the Common Tasks pane.
v Click Next on the Welcome screen.
v Select either Pooled or Assigned as the desktop group assignment.
v If Assigned is chosen, then select Pre-Assigned or Assign on First Use and click Next.
v Select the type of VM infrastructure hosting the virtual desktops to be added to the group and click Next.
¨ Select None for the type of VM infrastructure to create a Blade PC based desktop group.
v Type the address of the VM infrastructure in the Address field.
v Type the administrator user name and password required to log on to the VM infrastructure in the User name and Password fields and click Next.
v Click Add to display available desktops.
v Select each desktop to add it to the desktop group, click OK and click Next.
v Click Add to select Active Directory users or groups to add to the desktop group.
¨ Using the Access Management Console, Active Directory computer names can be mapped to desktop images during the creation of a desktop group.
v Type a name for the new desktop group in the Display name field.
v Type a description in the Description field and click Next.
v Optionally, change the icon and click Next.
v Click Finish.
SpeedScreen
SpeedScreen Image Acceleration:
v Offers a trade-off between the quality of photographic image files as they appear on client devices and the amount of bandwidth the files consume on their way from the server to the client.
v Is configured with one of four lossy compression levels:
¨ High compression
¨ Medium compression
- The default setting is Medium compression, which is recommended for lower bandwidth connections while desiring good image quality.
¨ Low compression
¨ No compression
Heavyweight compression:
v Allows you to increase the compression of the SpeedScreen Image Acceleration and SpeedScreen Progressive Display without impacting image quality.
v Because heavyweight compression is CPU intensive and affects server scalability, it is recommended for use only with low bandwidth connections.
Policies
To create a policy:
v Right-click the Policies node in the Presentation Server Console and select Create Policy.
v Type a name and a description.
v Optionally, configure the policy for a connection type.
v Configure the policy rules.
v Apply the policy using a filter.
¨ Client names
¨ Access control
- When a policy is filtered by Access Control, it is applied to connections made through Access Gateway.
¨ Users and user groups
¨ Servers
¨ Client IP addresses
Policy priority rules:
v Each policy receives a number upon creation.
v By default, a new policy has the lowest priority of all policies.
v The number assigned is based on the number of policies that exist in a server farm.
To prioritize a policy:
v In the Presentation Server Console, click the Policies node.
v Right-click the policy in the right pane and click Priority.
¨ If you want to assign the policy the highest priority, click Make Highest Priority.
¨ If you want to assign the policy the lowest priority, click Make Lowest Priority.
¨ If you want to increase the priority of the policy one level, click Increase Priority.
¨ If you want to decrease the priority one level, click Decrease Priority.
When you create policies for groups of users, clients, or servers, you may find that some members of the group require exceptions to some policy rules:
v To more effectively manage exceptions:
¨ Create new policies for only those group members needing the exceptions.
¨ Rank the new policy higher than the policy for the entire group.
If you change the name of a desktop group that has a Citrix policy applied to it, remember to update the Citrix policy filter with the new name.
Logoff Behavior of Desktop Groups
In assigned desktop groups that belong to a hosting infrastructure, the logoff behavior can be configured.
Desktop groups that do not have a hosting infrastructure, including PC-based and Blade-based desktop groups do not have logoff behavior and idle pool settings.
Configuring Time Zone
To allow Windows XP virtual desktop users to see their local time instead of the server’s local time:
v Give them rights to change the time on the system on which the desktop is running.
v Change the time zone registry area.
v After you do this, users who connect to Windows XP virtual desktops see their local time zone reflected in the desktop.
v When they log off or disconnect, the time zone of the desktop is reset to what it was before they logged on.
To allow Windows Vista virtual desktop users to see their local time instead of the server’s local time:
v Make sure they have the Change the time zone privilege.
¨ This privilege is granted by default.
RDP Connection
If a user makes an RDP connection to a virtual desktop, an ICA connection is not possible until either:
v A user logs on interactively on the console of the computer hosting the virtual desktop.
or
v The computer hosting the virtual desktop is restarted.
Disconnecting the RDP session or logging off from RDP is not sufficient.
v To avoid this issue, consider disabling RDP.
Configuring Logoff Behavior
Configure pooled virtual desktops to revert to a clean state after users log off:
v Create the virtual machine to use as your base image and install:
¨ Citrix Virtual Desktop Agent
¨ XenServer Tools
¨ Citrix Provisioning Server Target Device for x 86 Platform
v Using the Provisioning Server Virtual Image Builder, create a Provisioning Server vDisk based on the virtual machine image.
v Set the access mode for the vDisk to Standard Image (multi-client, write cache enabled).
v Assign the vDisk to the virtual machines you will use as pooled virtual desktops.
v On the Logoff Behavior page of the Create Desktop Group wizard, select Reboot on logoff.
When Shut down the VM is configured, the VM will be restarted the next time the user tries to reconnect to it.
v Choosing this option keeps disk usage on the hosting infrastructure to a minimum.
v The disadvantage is that subsequent reconnections will be slower because they need to wait for the operating system to start up.
Since PC-based and Blade-based desktop groups do not have logoff behavior settings, configure an Active Directory policy to remove the shutdown command from the virtual desktops.
Idle Pool Count
Idle pool count settings:
v Are available only for pooled desktop groups that are part of a hosting infrastructure.
¨ For example, XenServer.
v Enable you to configure the number of VMs to be kept in a powered-on state ready for users to connect.
¨ If idle pool count is set at 0, then all of the VMs are kept in a powered-off state and take longer to connect to.
- If an administrator does not want to maintain an idle pool, the administrator should set the idle desktop count for all periods to 0.
When a desktop group is created with the setup wizard, the idle pool settings are automatically optimized with the correct number of virtual desktops.
v If more desktops are added, the idle pool values are not automatically updated and must be manually adjusted.
The Idle Desktop Count is configured for periods during the day.
v During the peak hours the most desktops are going to need to be available.
Desktop Receiver Modes
Full-screen-only mode:
v Users who will connect to a single desktop and will not have a choice are configured for full-screen-only mode.
v Full-screen-only mode uses the Desktop Receiver Embedded software to provide users access to a single virtual desktop.
v The desktop is displayed automatically on the user’s endpoint device in full-screen-mode.
v Full-screen-only mode does not allow users to control the appearance of their desktop.
Window-view mode:
v Users in window-view mode use the Desktop Receiver software to provide access to more than one virtual desktop.
v The virtual desktop is displayed within a window and the desktop of the local device remains accessible.
v Users are allowed to control the appearance of their virtual desktops.
Delivering Desktops
Data Store Database
In a large XenDesktop implementation, use either Microsoft SQL Server or Oracle for the data store.
v When using either of these databases for the data store, the database must be installed before the Desktop Delivery Controller can be installed.
A Microsoft Access database is installed locally on the Desktop Delivery Controller and is only used for smaller XenDesktop implementations.
Manually Adding Target Devices to Provisioning Server
A new target device can be manually added to the Provisioning Server database using Bios prompts when the server is started using the PXE client.
Virtual Desktop Delivery Process
To make a virtual desktop available to users:
v Configure the Desktop Delivery Controller and Active Directory.
v Install and configure XenServer.
v Including all components and licensing.
v Add the virtual machine to the Provisioning Server database.
v Image a vDisk to be used for the virtual desktop.
v Add the virtual desktop to a desktop group in the Access Management Console.
Managing a XenDesktop 2.0 Enterprise Edition Implementation
Creating a Web Interface Site
For remote access through Access Gateway, you need to create a new Web Interface site:
v Install the Web Interface and the Access Management Console Web Interface extension.
Access Gateway Filters
In a desktop group, the default Access Control connections allow all connections to desktops in the group.
v Access Control can be modified to restrict connections with criteria specified through Access Gateway filters.
Remote Access
Workers who need remote secure access are typically routed from their client devices through Access Gateway and Web Interface.
Troubleshooting Desktop Images for Virtualized Delivery
vDisk Doesn’t Appear in XenDesktop Setup Wizard
A vDisk will not show up in the XenDesktop Setup Wizard if you specify a name or a description that contains one or more extended characters or DBCS characters (such as the Euro sign, U+20AC).
v To resolve this issue, you must change the vDisk parameters so that the Description and the Name fields contain only standard, printable ANSI characters.
Virtual Desktop is Not Registered
If a Virtual Desktop is listed as Not Registered in the under Desktop State in the Access Management Console, it is probably because the Virtual Desktop Agent has failed to be in communication with the Desktop Delivery Controller.
According to best practices, if a virtual desktop has failed to register with a Desktop Delivery Controller, the administrator should:
v 1) Check the virtual desktop’s farm membership.
v 2) Check firewall configuration.
v 3) Run IPCONFIG and PING on both machines.
v 4) Check both systems’ time.
v 5) Rejoin both machines to their domain.
v 6) Inspect the Service Principal Names.
v 7) Disable all but one network adapter on the virtual desktop.
If the Virtual Desktop Machine or the Desktop Delivery Controller sees an incorrect IP address for the other party, registration will fail.
To see if an incorrect IP address is an issue, on both machines, launch a command shell window and run the following commands:
v IPCONFIG
v PING <OTHERMACHINE.DOMAIN.COM>.
¨ Both machines should be able to ping each other successfully by FQDN.
¨ The IP address reported for the remote machine by the PING command in each case should match the IP address reported by the IPCONFIG command on the relevant machine.
- If there is any discrepancy, fix the problem with your DNS configuration and restart either the Virtual Desktop Machine and/or the Desktop Delivery Controller, as appropriate.
The communication between Virtual Desktop and Desktop Delivery Controller is secured using Kerberos, which relies upon Tickets with a limited life span.
v If the difference in system time between the two ends of the communication is too great, the Tickets will always be considered to have timed out when they are accessed and communication fails.
v Check that the system time on both systems is within 5 minutes, which is the default domain-wide Kerberos setting.
Stop Error 0x0000007B
Differences in the network interface card, video card or processor on the Master Target and target device are most likely the cause of stop error 0x0000007B.
v This usually occurs on a XenServer that had more than one virtual network interface.
¨ In other words, this issue occurs most often when the network ID does not match.
Issues with the XenDesktop Setup Wizard
To help troubleshoot XenDesktop Setup Wizard issues, a log file key can be added to the setup wizard executable.
The following issues can occur with the XenDesktop Setup Wizard:
v Desktop group not listed
v vDisk not listed
v MMC3 Error
To make sure that a desktop group shows up in the XenDesktop Setup Wizard:
v Use the same text to identify the connection.
¨ If the FQDN was used in the Access Management Console, be sure to keep it consistent by using the FQDN in the XenDesktop Setup Wizard.
¨ If the IP address was used in the Access Management Console, be sure to keep it consistent by using the FQDN in the XenDesktop Setup Wizard.
The XenDesktop Setup Wizard installation program generates an error if it detects that MMC3 is not already installed on the server on which an administrator tries to install the wizard and the installation program ends.
v This issue can occur when Windows Server 2003 Service Pack 2, which is a XenDesktop prerequisite, is not installed.
¨ To resolve the issue, install Windows Server 2003 Service Pack 2 on the server on which the wizard will be installed.
Virtual Machine Unable to Run on Windows
If an administrator encounters a message pertaining to a virtual machine cannot be run on Windows, the administrator should:
v Check that the device on which XenServer is installed has a CPU that supports hardware virtualization.
v Make sure the BIOS is enabled for hardware virtualization support.
v Perform a hardware reset of the host server.
v Restart the installation.
v Check the support site for the hardware manufacturer for BIOS upgrades.
Large Number of Virtual Desktops and Pools in a Desktop Group
If you want to create a desktop group containing a large number of virtual desktops and multiple Citrix XenServer pools, a tool is provided with that allows several pools to be used by one desktop group:
v %ProgramFiles%\Citrix\VmManagement\XenMultiPool.exe.
¨ Note that all Citrix XenServer hosts must have the same username and password to configure them for use with one desktop group.
Delivering and Managing Applications
Printer Policies
Some printer policies and their uses:
v Auto-create all client printers automatically connects all the printers on a client device.
v Use universal driver only makes sure that only the universal printer driver is used.
v Do not automatically install drivers makes sure that the native drivers are not installed in the environment.
v In some instances, it might be preferable to not auto-create client printers.
¨ An administrator can use the Turn off client printer mapping rule to auto-create only network printers or printers connected directly to the server.
¨ Do not auto-create client printers turns off the auto-create option for all client printers when users log on.
- No client printers will be created.
v By enabling the Universal driver rule Use only printer model specific drivers, the administrator makes sure that only the manufacturer’s drivers that she installed will be used for the five printers.
v By not allowing native print drivers to automatically be installed from auto-created printers, an administrator can make sure that no rogue drivers make it into the farm.
v By using a driver compatibility list, an administrator will control which drivers are allowed in the farm.
v If an administrator knows the drivers that are allowed, but doesn’t know which drivers might try to install later, the administrator can select Allow only drivers in the list and add the known acceptable drivers to the list.
v By selecting the Use universal driver only if the requested driver is unavailable rule, an administrator can make sure that there is always a driver available, whether it’s the manufacturer’s driver or the universal driver.
v By using the rule Auto-create local client printers only, only the printers connected directly to the user’s client device through an LPT or other local port will be automatically connected.
¨ Enabling this setting ensures any network printers defined on the client device are not auto-created within the ICA session and logon times will be reduced for those who have several network printers configured on their client device.
v To allow the manufacturer’s print drivers to be used in the farm, the policy Native driver auto-install can be set to the rule Install Windows native drivers as needed.
v To allow the printers to first try to use the manufacturer’s drivers, but fall back on the universal driver if they are not available, the policy Universal driver can be set to the rule Use universal driver only if requested driver is unavailable.
v The Session printers policy rule allows an administrator to control the assignment of network printers.
¨ Administrators can assign the default printer as well as designate the connection to network printers based on the desired policy filter.
v The Print job routing rule determines whether or not a client printer is auto-connected.
¨ When this rule is configured to Connect directly to network print server if possible, the print jobs are routed directly from the Presentation Server to the network print server.
¨ If Always connect indirectly as a client printer is configured, print jobs are routed through the client device via the ICA protocol and redirected to the network print server.
v To ensure that users in a work area are assigned to printers in their area, an administrator typically filters the printer policy by client IP address.
Application Streaming
The two main components of application streaming are:
v The Citrix Streaming Profiler
¨ Used to package an application.
¨ Configures a profile that matches the operating system, service pack level, drive letter and language of the client device.
- After an application profile is created it can be made ready to stream to users by publishing it using the Access Management Console.
v The Citrix Streaming Client
¨ Locates the streaming application.
¨ Sets up an isolation environment on the client device for the application.
¨ Streams the application on demand.
Supported Application Streaming Clients
A streamed application can be requested through:
v The Program Neighborhood Agent
or
v A Web Interface site
Configuring Application Streaming
Accessed from server enables:
v An application installed and published on a Presentation Server to be launched and accessed in an ICA session.
v An application to be installed by the Installation Manager or an application to be streamed to the server.
Streamed if possible, otherwise accessed from server is also called dual mode streaming.
v An administrator can make sure:
¨ The application will be streamed to those that have the Citrix Streaming Client.
¨ The application will be available on a Presentation Server as
- A published application
- An application to be installed by the Installation Manager
- An application to be streamed to the server to those that don’t have the Citrix Streaming Client.
Streamed to client enables an application to be streamed from a file server to the virtual desktop so users can launch the application locally.
If an administrator wants to:
v Stream applications through the Web Interface using XenApp:
¨ The XenApp Web site is chosen as the type of site to create.
v Stream applications through the Citrix XenApp Plugin using XenApp:
¨ The XenApp Services site is chosen as the type of site to create.
Citrix Streaming Profiler
Before publishing a streaming application, you must prepare the application with the Citrix Streaming Profiler:
v On the workstation with the Streaming Profiler installed, make sure the application’s setup program is available from the profiling workstation.
v From the Start menu, open the Streaming Profiler and select to create a New Profile.
v In the profiling wizard, select the operating systems that match your end-users' operating systems.
¨ This is the initial target in the profile.
v Follow the wizard steps to install the application in the streaming application profile.
v Finally, save the completed profile on a network file share that your end-users can access.
Comments are closed 
