Configure RDP Proxy in NetScaler


The RDP Proxy functionality is provided as part of the Citrix Gateway and currently is available to all NetScaler Enterprise and Platinum customers.

The following RDP Proxy features provide access to a remote desktop farm or an RDSH session host server through Citrix Gateway:

  • Secure RDP traffic through CVPN or ICAProxy mode (without Full Tunnel).
  • Single sign-on (SSO) to RDP servers through Citrix Gateway. Also provides an option to disable SSO if needed).
  • Enforcement (SmartAccess) feature, where Citrix ADC administrators can disable certain RDP capabilities through Citrix Gateway configuration.
  • Single/Stateless(Dual)  Gateway solution for all needs (VPN/ICA/RDP/Citrix Endpoint Management).
  • Compatibility with native Windows MSTSC client for RDP without the need for any custom clients.
  • Use of existing Microsoft-provided RDP client on MACOSX, iOS, and Android.

Firewall Ports

RDP proxy requires port 3389 to be opened from the internet. You could also choose to use other port numbers if you don’t want to use the 3389 port. In a nutshell, just opening 443 port isn’t enough to get this to work.

Initial Configuration

Now to get started, we will need to enable RDP proxy feature if it isn’t turned ON. For that, navigate to SystemSettingsConfigure Advanced Features and ensure that RDP proxy is turned ON. if not, tick the box to Turn ON RDP proxy feature. You will need NetScaler Enterprise and above for this feature to work.

Create LDAP Profile and Policy

Create an LDAP profile for authentication. Navigate to NetScaler Gateway – Policies – Authentication – LDAP

Click on the Servers tab and click Add. Enter the required details such as AD server IP address, port details and a service account. For those who haven’t done this before, here is a helpful link from Citrix. It’s dead easy to set this up. https://docs.citrix.com/en-us/citrix-gateway/12-1/authentication-authorization/configure-ldap/ng-ldap-authen-configure-tsk.html If you have any questions, just pop it in the comments window and I will respond when I see them.

Now create the LDAP policy. Click on the Policies tab, click Add. Enter the entries as shown in the picture below. Ensure that the correct LDAP profile is selected.

Create the RDP Client Profile

Navigate to NetScaler Gateway – Policies – RDP Profiles and Connections – Client Profiles

Click Add

Give it a name such as RDProxy_Profile and leave the rest of the values default if you would like. I changed the RDP Cookie Validity from 60 sec to 120 seconds

Click OK

Create an RDP Server Profile

Create an RDP Server Profile. Click on the first tab that says Server Profile

Click Add and enter a name for the server profile. Enter the IP address (this is the IP address of the RDP Proxy Virtual Server that you will configure under the NetScaler Gateway). Enter the port number – You can choose to go with the default RDP port if you wish to or choose another one

Click OK

Create a Session Profile

Now, go to NetScaler Gateway – Policies – Session – Session Profiles. Click Add

Give the profile a Name

No changes under the Network Configuration tab. Leave everything as default there

Under Client Experience tab, change Clientless Access to ON and tick Single Sign-on to Web Applications and Credential Index to Primary. the last setting is turning ON Single Sign-on with Windows

Under the Security Tab, select Default Authorization to ALLOW and Secure Browse to ENABLED

Under Published Applications, set ICA PROXY to OFF

Under the Remote Desktop tab, pick the RDP Client profile that was created in the previous step

Click Create

Create a Session Policy

Now create a Session Policy that will be bound to the NetScaler Virtual Server. Remember that we haven’t created the virtual server yet.

Switch to Session Policies tab and click Add. Give the session policy a Name and pick the session profile that we just created in the previous step.

Create a Bookmark

Now create a Bookmark and this is what will appear to the users in the form of an application icon to click on.

Give a Name to the bookmark and enter the name of the string that you want to be displayed in the portal. Enter the Bookmark link in the format rdp://IPaddressOfTheBackendRDSServer

Click Create

Create the Gateway Virtual Server

Let’s create the Gateway Virtual server next. Navigate to NetScaler Gateway node, expand that and under Virtual Servers, click Add

Under Basic Settings, configure the below items

  • Name – RDPProxy_rdpproxy.fqdn.co.nz
  • IP Address type – IP Address
  • IP Address – X.X.X.X
  • Port – 443
  • Pick the RDP Server Profile – RDP Server Profile
  • Ensure that Enable Authentication, AppFlow Logging and State is turned ON
  • Disable ICA Only

Click OK

Attach a Server Certificate. The certificate can be a wild card cert or you could choose to get a named certificate that matches the external RDP proxy FQDN

Now bind the Primary authentication policy. We are going to use LDAP and hence I will use LDAP policy that we created in the steps above.

Under SSL Parameters, ensure that only TLS1.2 is turned ON for enhancing the security of client connections.

You can choose to go with the default SSL ciphers or modify the ciphers according to the company requirements.

Under Portal theme, I went with RfWebUI which I think is one of the cleanest UIs. You could choose to create a custom one and use that instead.

Under Published Applications, choose the URL Name and select RDP Link (this is the bookmark link that was created)

Under Policies, attach the Session Policy named RDP Session Policy

Click Create

Testing the Setup

Selecting the RfWebUI gives the below logon page and users could simply use their domain user name and password to log in. They don’t need to enter the domain name.

Upon login, you will be shown the Favorites page where you could add links for quick access. This is very similar to the subscriptions in Storefront.

Click on the Desktops tab and you will be able to see all the published Bookmarks there. I have one in there, you can choose to have any number of bookmarks.

Click on the RDP link to launch the application. It will first download the app.rdp file which could be used to launch the application. You will just need to give the users access to the servers locally by adding them to the Remote Desktop Users group or you could choose to do this via AD domain groups to manage it centrally.

Federating AZURE with VMware Identity Manager and Office 365 as a Service


In this post, we will discuss how to go about setting up federation between Microsoft Azure, Office 365 and VMware Identity Manager. We will be using a Microsoft developer account in this demo configuration so in the real world, you will need to replace the Office account with your customer one.

The blog is split into 5 sections so feel free to jump to the relevant sections depending on what you are after.

Part 1: Setting Up a Developer Account

Part 2 : Federating Office 365 with VMware Identity Manager

Part 3: Setting up the SAML between VMware Identity Manager and Office 365

Part 4 : Testing the Federation Setup

Part 5 : Inserting Office 365 Deep Links into VMware Identity Manager

Part 1: Setting Up a Developer Account

Firstly, we need to setup an Office 365 E3 Developer subscription account to be able to integrate with Workspace ONE. In this section we will cover the process of setting this up. Setting up a developer subscription allows you a 12 -month free trial.

Go to the link below to setup the Office 365 subscription account.

https://docs.microsoft.com/en-us/office/developer-program/office-365-developer-program-get-started

Click the join the Office 365 Developer Program hyperlink

You will now be re-directed a to Join the Office 365 developer program today!

Do not select  JOIN NOW

Instead, to the right of the page first select the Sign In icon

On Microsoft Sign in Page type in the email address of an  Microsoft account you own
(NB! If this account is already associated with an office 365 account you will have to create a new account)

Alternatively Create a new account, if required

Click on the user logo on the top right and ensure that there is a first and last name added for the account as below

Now go back to the developer program join page using an incognito window and sign back in using the same account

https://developer.microsoft.com/en-us/office/dev-program

Set the Country Code and Company info. Accept the EULA and email opt-in programs

Click Next

On the Office 365 Developer Program Preferences page, select enough check box and options to make sure the JOIN button becomes available and the select JOIN. That gives us the below confirmation screen.

Click on Set Up Subscription

In the Setup your developer subscription window, create a unique admin account , for example, your username could be any generic name such as CloudAdmin or office365admin and your Domain could be your first name and surname. Again these are just examples that I used for the demo, please feel free to choose what you like for your deployments.


NB! Ensure you document these credentials

When you are done, select Continue

On the Add phone number for security window type in your Country Code and your phone number

Select SEND code , follow through on the security picture block selecting your relevant pictures, and select Next Enter the Code from your phone and select Set up

Once your registration is complete you can login in using your new ADMIN account. On the your Office 365 Subscription page select and right click the Go to subscription hyper link and select Open Link in New Tab

On the Sign In window , Enter your password and select Sign in

On the Office 365 Page almost in the middle select Admin

On the sign in page pick your new Office365Admin (This is the name of my account) account

If you get prompted with a Welcome to Office 365 Admin Center Page select Skip

Notice the Office 365 E3 Developer Setup is incomplete msg. Select Go to Setup box

NB! Before moving onto the next section, ensure that you are 100% clear what YOUR registered Domain will be.

This is most likely your company’s domain name or if you are doing this for yourself, it is the domain name that you own personally or on behalf of your company.

Note when registering your own domain name with Office 365, there are several approaches. The most seamless and trouble free approach is to register your own Domain Name with GoDaddy. This provides a seamless experience and the verification takes seconds once you have your own domain name from GoDaddy.

There are 2 modifications that you usually make and they are as follows

1. MS record modification

2. MX record modification

Click Next once you enter your domain name in the field below

On the Verify domain page notice there are step-by-step instructions to follow,

Notice that there are DNS records called TXT name, TXT value and TTL

Each namespace will have Registered Zone database. Your Office 365 instance will need to be verified with this namespace

Click on the copy icon next to your MS record

Select Verify at the bottom of the screen

Next step is to update the zone records for the domain name that you hold. I am not going to list the steps in here as it is different for everyone depending on how the domain names are managed.

Go back to your Office 365 domain configuration and click on Verify. it might give you an error because of the time it takes to replicate DNS configuration and it might require you to click on verify button a couple more times.

On Add new users window select Got it, thanks, select Next

On the Assign licenses to unlicensed users page select Next

On Install your Office apps page select Next

On the Migrate email messages page, leave the default Don’t migrate email messages radio button and select Next

On the Choose your online services page, ensure that Exchange, Skype for Business and Mobile Device Management for Office 365 check boxes are selected and select  Next

On the Add DNS Records page.

When ready, select Verify at the bottom of the Add DNS Records window.

Notice that when Verify is successful the you just configured your Office 365 Tenant successfully will show and you are asked to provide feedback related to your experience.

However, If Verify is Not successful, ensure that the MS and MX records are updated in DNS correctly.

If successful, You should get a message saying “You’ve reached the end of the setup”, click on  Go to Admin Center

In Admin Center:

  1. Select the 3 parallel dots at the lower corner of the left pane, this will expand the console
  2. Select the Spanner icon for Setup and select Domains

In the Home > Domains interface, check to see if your namespace you have associated with your Office 365 setup has a (Default) next to it. If this is the case do the following.

  • Select your account name that is not set to default :
  • Select Set as default

Note!
Your custom domain cannot be the default domain when federating with VMware identity Manager.

Select Close. Check to see that you have a corresponding configuration in the domain portion of your setup as the screenshot

At the end of the exercise, it should look like the below

Part 2 : Federating Office 365 with VMware Identity Manager

From VMware Identity Manager version 2.8. Support has been added for User Provisioning in Office 365. In Part 2, we will now federate our Office 365 Tenant with a VMware Identity Manager SaaS tenant.

Using your Tenant Admin credentials, login into your SaaS VMware Identity Manager Tenant.

  • To the right of the Workspace ONE console under Tenant Admin select Administration Console

Select the Identity & Access Management tab

  • To the right in the Identity & Access Management tab select Setup > User Attributes

In the User Attributes interface, notice you have already set userPrincipalName and distinguishedName to Required and you have already created the objectGUID attribute.

These are pre-req requirements for Federating Office 365 with VMware identity Manager.

Now, go to your Domain Controller and open Active Directory Domains and Trusts

In Active Directory Domain and Trusts MMC snapin select and right-click Active Directory Domains and Trusts

Select Properties Under the UPN Suffixes Tab under Alternative UPN suffixes type your custom domain name

Eg auckland10.euc-livefire.com

Select Add , select OK to close the window

Now open Active Directory Users and Computers

Navigate to the OU where the users reside. For eg, Corp — Marketing OU

Find the user and right click the accounts and go to Properties.

Under the Accounts tab, change the domain name to Auckland10.euc-livefire.com in our example. Repeat the same for the rest of the users.

Switch back to your VMware Identity Manager SAAS tenant

  1. Under the Identity & Access Management tab select Manage
  2. Select Directories
  3. Select Sync Now for the Livefire Domain
  4. In the Review window, notice that a warning message that Directory Sync Safeguards will apply, select the Ignore Safeguards checkbox above the message
  5. Select Sync Directory

Download and Install the Microsoft Online Services Sign-in Assistant. The link to download the software is here

Install Azure AD Module by running the command below

Install-Module -Name AzureAD

You might need to restart the VM once these two binaries are installed.

Now, its time to delve into the PoSH world. Let’s try some commands ūüėČ

Open the PowerShell shortcut on the desktop named “Windows Azure Active Directory” under administrator account. Type the below command

Connect-Msolservice

It prompts an authentication dialog as above. Use the credentials that you created during the Office 365 setup.

Next we have to create a Service Principal account type in the PowerShell

$sp = New-MSOLServicePrincipal -DisplayName 'ServPrinc1' -Type password -Value 'yourpassword'

Next we are going to assign a role to the ServPrinc1 user

Add-MsolRoleMember -RoleName 'User Account Administrator' -RoleMemberType ServicePrincipal -RoleMemberObjectId $sp.ObjectId

Next we will type echo $sp to get the GUID for the ServicePrincipalNames

Copy the ServicePrincipalNames value with out the {  }

Revert back to your VMware Identity Manager SaaS Tenant Admin Console

  1. Select the Catalog Tab in the Admin Console, select NEW
  2. In the New SaaS Application window under Definition select or browse from catalog
  3. In the DEFINITION window to the right in the search area type off
  4. Select Office365 with Provisioning by selecting the   +    sign to the right
https://media.screensteps.com/image_assets/assets/002/235/328/original/c4cff158-8f9d-4602-8664-d0f99dcc2640.png

On the New SaaS Application window select Next

https://media.screensteps.com/image_assets/assets/002/235/325/original/5ebe6ef4-c48a-448b-8d29-a096d7bcc07a.png

In the New SaaS Application window, in the Configuration section add the following:

Under Target URL, add the following

https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid+profile&redirect_uri=https%3a%2f%2foutlook.office365.com&domain_hint=auckland10.euc-livefire.com
  • In the New SaaS Application window, in the Configuration section leave the following as defaults:

      -Single Sign-On URL / Application ID / Username Format / Username Value

Add the following: under Application Parameters in the tenant line under Value add YOUR custom Fully Qualified Domain Name ie auckland10.euc-livefire.com

Under Application Parameters in the issuer line under Value add your custom domain name i,e. auckland10.euc-livefire

Make sure there are no hidden carriage returns if you paste this in (Note the issuer has a dash this value must match the IssuerURI in the powershell command)

In the New SaaS Application window, in the Configuration section under Advanced Properties leave the following as defaults:

Enable Multiple O365 Email Domains / Credential Verification / Signature Algorithm / Digest Algorithm / Assertion Time
-Under Custom Attribute Mapping in the UPN and ImmutableID keep the values default there too.

In the New SaaS Application window, in the Access Policies section select NEXT

In the New SaaS Application window, in the Summary section select SAVE

Notice you now have Office365 with Provisioning in the Catalog

  1. Select the check box next Office365 with Provisioning and select EDIT
  2. In the Edit SaaS Application window in the left pane, select Configuration, in the right pane, scroll down until you see Setup Provisioning. Notice you only 4 sections in the left pane.
  3. Change Setup Provisioning from No to Yes. Notice you now have 7 sections in the left pane. We will now go and configure Provisioning. It’s been a super fun ride, isnt it? ūüėČ Be patient please, we are almost there!!!

In the Edit SaaS Application window in the left pane select Provisioning

  • In the Provisioning Adapter Configuration¬†under Office 365 Domain¬†type your custom domain, eg. auckland10.euc-livefire.com
  • Under Client ID, add the ServicePrincipleNames value you recorded earlier
  • Under¬†Client Secret¬†area type the password your associated with the ServicePrinciple Name
  • In the Edit SaaS Application¬†window in the bottom right corner select Next

Under the User Provisioning tab, do the below

  • In the Attribute Name section, select Display Name, In the Edit Mapped Value window, in the Value container select the drop down arrow add the following, $(user.userName) and select SAVE
  • In the Attribute Name section, select User Principle Name, In the Edit Mapped Value window, in the Value container select the drop down arrow add the following, $(user.userPrincipalName) and select SAVE
  • In the Attribute Name section, select Guid, In the Edit Mapped Value window, in the Value container select the drop down arrow add the following, $(user.objectGUID) and select SAVE
  • In the Attribute Name section, select Mail Nickname, In the Edit Mapped Value window, in the Value container select the drop down arrow add the following, $(user.userName) and select SAVE
  • Select Next

At the end of the configuration, the User provisioning page will look like the below

https://media.screensteps.com/image_assets/assets/002/241/353/original/1ce4fdf1-035a-410b-af2f-325cba4cb553.png

In the Group Provisioning section,

  • Under Group Provisioning select + ADD GROUP
  • In the Add Group to Provision window under Group Name type Mark and then select Marketing@euc-livefire.com, Under Nickname type Livefire Marketing. (or anything that is relevant to your org) Select ¬†Save
  • select NEXT
  • click SAVE
https://media.screensteps.com/image_assets/assets/002/463/206/original/7f9bbe3a-b675-491f-85c8-448a3cc7914c.png

We will now Enable Provisioning and Save

  • In the Catalog for Web Apps select the Office 365 with Provisioning and select Edit
  • In the Edit SaaS Application window in the left pane select Configuration
  • Scroll down until you see Setup Provisioning and change No to Yes,
  • on your left pane, click on “4 Provisioning”, Scroll down, next to Enable Provisioning, change the toggle from No to Yes
    • Select TEST CONNECTION
    • Select NEXT, select NEXT, select NEXT, select SAVE

We will now do the Entitlement configuration of the Users

  • In the Catalog for Web Apps select the Office 365 with Provisioning and select Assign
  • In the Assign wizard type Mark in the search area under Users / User Groups, select Marketing@euc-livefire.com
  • Under Deployment Type, select the drop down arrow change the Deployment Type to Automatic
  • In the Assign wizard, review your configuration, in the bottom right hand corner select SAVE

Part 3: Setting up the SAML between VMware Identity Manager and Office 365

Login to your to the VMware Identity Manager Admin Console, as Admin, under the Catalog > Web Apps tab, to the right, select SETTINGS

  • In the Settings window under SaaS Apps, select SAML Metadata, in the right hand pane under the SAML Metadata heading select DOWNLOAD under Signing Certificate
  • Using Notepad++ Open the signingCertificate.cer from your default download location .

In the signingCertificate.cer, we will now need to remove all carriage returns the document

Do this with Notepad++ as i have found that it works best. Any hidden carriage returns will cause this config to FAIL

  • Remove the —–BEGIN CERTIFICATE—– and ¬†—–END CERTIFICATE—– lines from the certificate.
  • Then select the certificate portion of the file and click ctrl + F in the Replace tab at the top type \n in the Find what field.Leave the Replace with field empty. Make sure the Search Mode at the bottom is Extended. ¬†Then click on Replace All.
  • Your certificate should now no longer have carriage returns. Notepad++ will tell you how many instances were replaced and your certificate will look different.
https://media.screensteps.com/image_assets/assets/002/600/568/original/69f79ff3-872b-4a82-b29a-6380429e8dac.png
https://media.screensteps.com/image_assets/assets/002/600/566/original/33e0f46e-ffcf-4cb5-b9bf-68d7f15db44e.png

Go back to the PowerShell window and connect to Microsoft Online using the command below

Connect-Msolservice

Now run the command below to setup federation. Dont miss the certificate info at the end of the syntax. i haven’t added it to avoid the messy look.

Set-MsolDomainAuthentication -DomainName auckland10.euc-livefire.com -Authentication Federated -IssuerUri ‚Äúauckland10.euc-livefire.com‚ÄĚ -FederationBrandName ‚Äúauckland10Corp‚ÄĚ -PassiveLogOnUri ‚Äúhttps://lalm0204.vidmpreview.com/SAAS/API/1.0/POST/sso‚ÄĚ -ActiveLogOnUri ‚Äúhttps://lalm0204.vidmpreview.com/SAAS/auth/wsfed/active/logon‚ÄĚ -LogOffUri ‚Äúhttps://login.microsoftonline.com/logout.srf‚ÄĚ -MetadataExchangeUri ‚Äúhttps://lalm0204.vidmpreview.com/SAAS/auth/wsfed/services/mex‚ÄĚ -SigningCertificate

In the command above ensure that you add the certificate information at the end. This is very important to do.

We will now check the federation with the following command in powershell

Get-MsolDomainFederationSettings -domainName auckland10.euc-livefire.com

Part 4 : Testing the Federation Setup

Login back to your office 365 Tenant with your office Admin account with this url https://admin.microsoft.com/Adminportal/Home?source=applauncher#/homepage
and use your office365admin account . This is the same account that we created as a part of Office 365 setup.

Entering the password will take you to the Admin Center for O365.

  • In the left-hand pane under Home, select Users > Active users. Notice that Marketing group Users 1 – 4 ¬†has been automatically provisioned with the unique suffix appended for the user principle name. Also notice that your users are Unlicensed.
  • Click on User1
  • In the User 1 properties selectthe Product Licenses tab
  • In the location area select a Location ie New Zealand. Next to Office 365 Enterprise E3 Developer, there is a check box that is unchecked, check the checkbox and select Save.
  • In the User1 properties select Close.
  • NB! – Follow steps 1-5 for all the users including the Cloudadmin account to ensure that licensing is applied to all account.
https://media.screensteps.com/image_assets/assets/002/617/997/original/b539a3d3-4c11-4ea5-ad4a-886640de89da.png

On the User1 properties, in the license and apps tab, scroll down and you will notice that Mobile Device Managerment for Office 365 is Off. We will go and enable this in Azure so that we can do compliance with Workspace OneUEM. Select Cancel to close the Product Licenses window

In your existing browser, open up a new tab and type https://portal.azure.com Your Office365admin credentials should log you in automatically but if not, login with your office365admin account.

  • On the Welcome to Microsoft Azure window select Maybe later
  • In the Left-hand pane select Azure Active Directory, then in the middle pane select Mobility (MDM and MAM
  • In the right hand pane towards the top select Get a free Premium trial to use this feature –>
  • Under Activate you will see ENTERPRISE MOBILITY + SECURITY E5 highlighted in Purple, below this, select Free Trial
  • The ENTERPRISE MOBILITY + SECURITY E5 window will launch, to the bottom select Activate
    • Notice to the right that your free trial has been successfully activated pops up momentarily.

Go back to the tab with your Office 365 Admin console.

  • Click on User1 and click on the License and apps tab.
  • Notice that Enterprise Mobility + Security E5 is turned Off.
  • Next to Enterprise Mobility + Security E5, click on the checkbox, Notice you now have a whole range of Advance Azure security Features
  • Select Save
  • NB! Repeat the Licensing process you did for User 1 forUser 2 and on your Office365admin account.
    • In the Admin Console select both User 2 and Office365admin check boxes
    • in the menu bar at the top select manage product licenses,
    • select the radio button next to add to existing product license assignments and click next
    • turn on the switch for enterprise mobility + security and click add
    • on the summary window click Close

Now logon to the VIDM portal as a user to test it.

In this section we will insert Deep Links within VMware Identity Manager portal

Log in to your to your VMware Identity Manager Console as Admin and select the Catalog tab > Web Apps

  • Select NEW
  • In the New SaaS Application window under Name type Microsoft Word
  • You will need to have a .PNG file for the application icons stored somewhere accessible. I have stored mine locally. Under Icon, click on browse, search for the software link on your desktop, and navigate to \Applications\Azurefiles\icons. select your Word.png Icon and select Open. At the bottom right select NEXT
  • On 2. Configuration in the Single Sign-On section under Authentication type to the right select the drop down and then select Web Application Link

Copy the URL below and edit in Notepad++ the following text named “EXAMPLEDOMAIN.euc-livefire.com” with your assigned domain suffix and then copy the edited URL and Paste under the Target URL

https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=EXAMPLEDOMAIN.euc-livefire.com&wreply=https://office.live.com/start/Word.aspx?auth=2

Select NEXT > SAVE & ASSIGN

  • Under Users / User Groups in the Search area type Mark, select Marketing@euc-livefire.com
  • Under Deployment Type select Automatic and select SAVE

Repeat the above steps for the rest of the Office applications as follows

Excel

https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=auckland10.euc-livefire.com&wreply=https://www.office.com/launch/excel?auth=2&home=1

PowerPoint

https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=auckland10.euc-livefire.com&wreply=https://www.office.com/launch/powerpoint?auth=2

Outlook

 https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid+profile&redirect_uri=https%3a%2f%2foutlook.office365.com&domain_hint=auckland10.euc-livefire.comom 

Now log back into the ViDM user tenant portal to test the applications

With this, we have come to the end of this blog post. It was quite a journey for me to learn all these for the first time, I am sure they will be of second nature once we do this a few times at work. Cheers!!

Storefront Load balancing using NetScaler


It’s been a while since I wrote on my blog so let’s get straight into the post without much mucking around. This time we will discuss how to go about setting up Storefront load balancing using NetScalers. This can be configured on a standalone NetScaler or a NetScaler pair in HA. The recommendation is obviously to get this setup on a HA NetScaler pair so that NetScaler outage wouldn’t result in Storefront also being unavailable.

My Storefront version is 3.11 and have a cluster with 2 Storefront servers. NetScaler version is 11.1 but the NS version shouldn’t matter much as the steps would be more or less the same for other NetScaler firmware versions – newer or older. (unless you are too far behind)

Pre-Requisites

To configure Storefront load balancing we need the following –

  • 2 or more Storefront servers
  • an IP address for the virtual server that hosts the LB configuration
  • SSL certificate that points to the intended load balanced URL of Storefront – the certificate can be a wild card or a named certificate

First Things First

Logon to your NetScaler and navigate to System¬†—¬†Settings — Configure Basic Features.¬†Ensure that Load Balancing is selected, if not select it and click OK

1

NetScaler Configuration

Create Servers

Now, navigate to Traffic Management — Load Balancing — Servers. Click Add

2

Give the Storefront server a name and enter the IP address of the server. Ensure that “Enable after creating” is selected. Click Create

Add the second Storefront server following the above steps. If you have more than 2  servers, add all of them.

3

Create Monitors

New NetScaler version come with a built-in Storefront monitor so we are going to make use of it here. Go to Traffic Management –Load Balancing — Monitors and click Add

Here I am only going to create a single monitor to probe all my Storefront servers. You can choose to create multiple monitors depending upon the number of Storefront servers that you have. In my case, i will create just one.

Give a name to the monitor and select the type as STOREFRONT

5

Now select Special Parameters tab and provide the name of the Store that you have created in Storefront. Check the 2 entries РStorefront Account Service and Check Back End Services. 

4

Click on the Standard Parameters tab. Ensure that Secure is selected as below. Click Create

6

Create Service Groups

Go to¬†Traffic Management –Load Balancing — Service Groups

Give a name to the service group and select the protocol as SSL. Check the entries below

  • State
  • Health Monitoring
  • AppFlow Logging (only if you have NetScaler MAS in your environment)

Click OK

7

Under Service Group Members, add the server entities that we created earlier. Once done, they will look like the below

8

Under Settings, type the Header as X-Forwarded-For

9

Under Monitors, bind the monitor that we created before

10

Under SSL Parameters, setup the settings as below

11

Under Ciphers, setup the ciphers based on your company security policy.

12

Once done, Service Group for Storefront should look like this

13

Now, it’s time to create the Virtual Server

Virtual Server

As mentioned in the pre-requisites section , we need an IP address for this. If the NetScalers are sitting in the DMZ, a DMZ IP address is required. In my case, NetScalers are hosted internally so i will use an internal unused IP address.

We will also need the SSL certificate here.

Go to¬†Traffic Management –Load Balancing — Virtual Servers

Click Add

Give a Name to the virtual server and select the protocol as SSL

Specify the IP address under IP Address field and specify the port # as 443

14

Click More and specify the settings as below (note, that AppFlow logging only needs to be enabled if you have a NetScaler MAS setup or other monitoring solutions that could make use of AppFlow logs)

15

 

Under Services and Service Groups, click on Load Balancing Virtual Server ServiceGroup Binding

Click Add Binding and select the Service Group that you created in the previous step. Click OK

Once completed, the page should look like the below. Click Close and click Done

16

It’s time to attach the certificate.¬†Go to Traffic Management — SSL — Manage Certificates / Keys / CSRs

17

 

Click on Upload button and upload your certificate file to NetScaler

Go to Traffic Management — SSL — Certificates — Server certificates

Under Certificate, click on Server Certificate and then Install

Give a certificate key-pair name and choose the certificate that was just uploaded in the previous step. Click Install

Now, go back to¬†Traffic Management –Load Balancing — Virtual Servers

Select the Virtual server created for Storefront and click Edit. Under Certificates, select Server Certificate and then Click Add Binding

Under SSL Ciphers, select the ciphers that you would like to be in place. I am going with the default one. This is not the most secure for a production setup so go with something that’s secure enough for your organization.

Under SSL Parameters, configure the settings as below. Click OK

18

Under Method, Select LEASTRESPONSETIME for the Load Balancing Method. Configure a Backup LB Method, I choose LEAST CONNECTION

You can read more about the LB Methods here

19

Click OK

Under Persistence, select COOKIEINSERT for Persistence with a time-out value of 0. You can also read why I selected the timeout value of 0 here

Under Backup persistence, select SOURCEIP with a timeout of 60. Fill in the Netmask as in the picture

20

Click OK and then Done

We have now completed almost 90% of the config. There are a couple of things left so hold on tight.

The configuration so far will ensure that load balancing will be performed between the Storefront servers ( I know, i know I haven’t setup the DNS entries for the load balanced VIP)

If someone type in the http URL of LB Storefront in their browser, it will not go anywhere. It will show them the IIS page instead. So how do we ensure that the users are redirected to the correct Storefront page (https version) every single time? We will setup another virtual server on port 80 with a redirect URL configured.

Let’s do that now.

Under Traffic Management –Load Balancing — Virtual Servers,¬†Click Add

Under Basic Settings, give the virtual server a Name and select protocol as HTTP

Specify the same IP address as for the Storefront LB VIP and provide 80 for the Port #

Click OK/Create

Under Persistence, select SOURCEIP with a timeout of 2 mins

21

Click OK

Under Protection, type in the correct HTTPS URL that you would want the users to be redirected to under Redirect URL field

22

Click OK. Then click Done

You will notice that the virtual server will be marked as down

23

DNS Changes

Now head over to the DNS server and open the DNS Console

Create an A record pointing to the Storefront LB name with the IP address configured on the vServer for LB configuration.

Storefront Changes

This is the last step, I promise. Head over to the Storefront servers and it’s time now to run some Powershell commands

Now, the monitors that we created earlier will be marked as Down if we didn’t perform this step prior to creating them on the NetScaler. That’s because the monitor created was based on HTTPS and by default, Storefront monitoring is done on HTTP

To change this to HTTPS. We need to configure the monitor service to use HTTPS instead. On all the StoreFront 3.0 servers perform the following steps.

Run PowerShell as an administrator.

Navigate to the Scripts (C:\Program Files\Citrix\Receiver StoreFront\Scripts) folder via the Powershell on the Storefront server,

Run ImportModules.ps1

24

Run the below command

 Get-DSServiceMonitorFeature

25

Now, type the below to setup the Storefront Monitor on HTTPS

Set-DSServiceMonitorFeature -ServiceURL https://localhost:443/StoreFrontMonitor

 

Repeat the above steps on all the Storefront servers.

Now, head back to the NetScaler and you can see that the monitor will be in GREEN and showing a status of UP

That’s all we need to do to setup Storefront load balancing using NetScalers.

 

 

 

 

Don‚Äôt let your user-experience be a ‚ÄúSpectre‚ÄĚ of itself after ‚ÄúMeltdown‚ÄĚ


Bust your ghosts not your user experience

The names Spectre and Meltdown invoke feelings of dread in even the most seasoned IT engineer.  To those uninitiated, let me get you up-to-speed quickly.

Spectre is a vulnerability that takes advantage of ‚ÄúIntel Privilege Escalation and Speculative Execution‚ÄĚ, and exposes user memory of an application to another malicious application.¬† This can expose data such as passwords.

Meltdown is a vulnerability that takes advantage of ‚ÄúBranch prediction and Speculative Execution‚ÄĚ, and exposes kernel memory.¬† A compromised server or client OS running virtualized could gain access to kernel memory of the host exposing all guest data.

Both vulnerabilities take advantage of a 20-year-old method of increasing processor performance.

Server_Protection

As a result, code will need to be updated to address these vulnerabilities at OS and OEM-manufacturer levels, at the expense of system performance.

On their part, Microsoft reluctantly admits that performance will suffer.¬† ‚ÄúWindows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance,‚ÄĚ wrote Terry Myerson, Executive Vice President for the Windows and Devices group.

According to Geek Wire, these two vulnerabilities which take advantage of a 20-year-old design flaw in modern processors can be ‚Äúmitigated;‚ÄĚ the word we‚Äôre apparently using to describe this new world in 2018, in which servers lose roughly 10 to 20% performance for several common workloads.

This affects not only workloads executed against local, on-site resources but even those utilizing services, such as AWS, Google Public Cloud or Azure.

cpu_utilReader submission @ The Register showing CPU before / after patches

We‚Äôve heard from some of our insiders who use Login VSI to validate system performance that they’re seeing a reduction of 5% in user-density after performing Microsoft recommendations. Knowing that the vulnerability wasn‚Äôt solved by OS updates alone we, at Login VSI, wanted the ability to test the impending hardware vendor firmware / BIOS changes.

Now is the time to capture your baseline performance

How do you know how much of an impact the fixes for Spectre and Meltdown will be if you don’t have anything to compare it to? Keep in mind that these patches will need to be installed on a number of systems in your solution including server hardware, operating systems, storage subsystems and so on.

Many of our customers perform tests where they compare a known good solution, or a baseline, with changes that have been made. This gives them the ability to accurately assess the performance impact of that change, which in turn allows them to compensate with more hardware, or further tuning of the applications and OS. The patented methods used by Login VSI provide a quantifiable result for determining the impact of a change in virtual desktop and published application environments.

Using Login VSI

If you wish to test the changes before pushing them into your production environment, then use Login VSI to put a load, representative of your production users, on the system. This will objectively show how much more CPU will be used as a result of the Spectre or Meltdown patches. It is expected that the end users will incur increased latency to their applications and desktops as a result of the higher CPU utilization.

Using Login PI

While it is not recommended, if you are planning on pushing the patches into your production environment to ‚Äúsee how it goes‚ÄĚ, then install Login PI now to get an accurate representation of performance related to user experience. This will give you the ability to then compare to that same experience after the patches have been installed. We expect that you will see latency to the end user increase as a result of higher CPU utilization. If you already struggle with CPU utilization in your solution, there is a good chance you‚Äôll be also using Login PI to test your availability.

As we complete our testing we will be sharing our findings in a series of articles.

‚ÄúIf your computer has a vulnerable processor and runs an unpatched operating system, it is NOT SAFE TO WORK WITH SENSITIVE INFORMATION‚ÄĚ. ‚Äď Security Experts who discovered Meltdown / Spectre¬†

If sensitive data is part of your business (Such as ours!) patching is not a matter of if, but when.

Ask yourself:

How long can you afford to have your company’s data exposed to malicious intent?¬† Do you want to be the next Equifax or Target?

In this article series, we will provide some insight from our lab environments. Be aware your results may vary based upon individual workload and configuration.

Microsoft has released a Security Advisory

The vulnerability affects both the client and server OSs of Windows.  This is compounded when dealing with large-scale published application and desktops deployments.  The advisor can be found at the following location:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

The specific details addressed in the security update and Windows KB are outlined in the Common Vulnerabilities and Exposures database.

Included are:

To completely protect yourself there are two phases of patching this vulnerability.

1 ‚Äď Windows OS updates

2 ‚Äď OEM device manufacturer firmware updates (not yet available)

Microsoft acknowledges addressing these vulnerabilities from a software perspective is limited, and therefore, without the OEMs providing updates the loop is not closed.

In the interim we can start measuring the impact of the Microsoft fixes.

They offer guidance for both Desktop and Server OSs:

Desktop –¬† January 2018 Security Update. Security Advisory: Click Here!

Server –¬† KB405690. Security Advisory: Click Here!

NOTE ‚Äď Certain AV solutions are not compatible with the security update released by Microsoft. As such, unless an AV vendor has a registry flag, QualityCompat, they will not receive the January Security update and will still be vulnerable.¬†

With the upcoming OEM hardware patch releases we expect to be able to produce a variety of interesting and informative results.  Please stay tuned for the next articles!

Reference materials:

https://meltdownattack.com/

https://www.theregister.co.uk/2018/01/09/meltdown_spectre_slowdown/

https://www.geekwire.com/2018/microsoft-admits-meltdown-spectre-patches-will-hit-windows-server-performance/

Citrix AppDisk – All that you need to know!!


AppDisk is an awesome technology from Citrix but it comes with its own quirks which admins/consultants should be aware of. Below are some of the items that i thought are important to know about the technology and how to set it up.

There are a few things to keep in mind before attempting to create an AppDisk.

firefox_screenshot_2016-11-29t00-48-41-888z

AppDisk additional permissions

  • when you specify a size for the AppDisk, you wouldn’t be able to utilize all the size that you allocated. for eg, for an AppDisk size of 5 GB only, 3.66 are useable so always give some extra when creating appdisks
  • Don‚Äôt create snapshots of the machine prior to creating the AppDisk when using MCS Catalogs
  • There is currently no way to resize the AppDisk from within the Studio. PowerShell is the way to go.
  • There is NO versioning built into AppDisks at this stage. All that you are doing when clicking on “Create New Version” is creating a clone of the existing AppDisk which could be used to edit and update the AppDisk
  • Enable both the¬†Shadow Copy and Microsoft Software Shadow Copy Service Provider services. https://support.citrix.com/article/CTX211853
  • Some of the commands that you will find useful when working with AppDisks are as follows
>Get-AppLibAppDisk
>Get-AppLibTask

To get a list of all the active tasks running, run the below

>Get-AppLibTask -active $true

To stop a particular task, run the Get-AppLibTask and take a note of the task ID

>Stop-AppLibTask

The above stop command will not remove the failed task from the Studio console. to remove it completely from the studio, run the following command

>Remove-AppLibTask
  • In many cases, AppDisks work on different OSs. For example, you can add an AppDisk that was created on a Windows 7 VM to a Delivery Group containing Windows 2008 R2 machines, as long as both OSs have the same bitness (32 bit or 64 bit) and both support the application. However, Citrix recommends you do not add an AppDisk created on a later OS version (such as Windows 10) to a Delivery Group containing machines running an earlier OS version (such as Windows 7), because it might not work correctly.
  • Finally, the link here from Citrix is a MUST READ as it covers a lot of information on MCS type and PVS type deployments https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/install-configure/appdisks.html

Creation Process

  • Boot the reserved VM into the Maintenance environment and leave it at the login screen
  • Head to the Studio console and select the AppDisk node. Click Create AppDisk
  • Specify the size of the disk and a name of the AppDisk in the wizard.
  • As soon as the AppDisk creation begins, the VM will be restarted. Boot the VM back into the Maintenance vDisk
  • Now wait for the process to complete
  • In the mean time, you would be able to see a drive mapping with label (Citrix) being created on the VM with the specified disk size of the AppDisk (5 GB in my case)drive-map
  • Refresh the Studio console to ensure that the VM is powered ON and is registered.studio
  • Be patient as this could take while to complete.
  • If the process gets stuck at “Creating…..” state, run the command
    Get-AppLibTask -active $true

    Check the value of TaskProgress and if it is at 95%, its time to restart the VM. studio

  • Once restarted, boot the machine back into the Maintenance disk
  • Ensure that the VM is registered. Login to the VDA now and make sure that the AV agent isnt running (I have seen that logging into the server helps speed up things)
  • The AppDisk creation process should now be complete.
  • Its time now to install the applications- Right click the AppDisk name and select Install Applications
  • Once you are happy with the app install, its time to seal the disk
  • Right click and select “Seal AppDisk”
  • When the sealing process is started, the VM will restart. Just ensure that the VM restarts back into the maintenance disk
  • Once the server is back up, log into the server to speed up the sealing process. if there are AV agents running, temporarily disable it
  • The VM will restart again
  • choose the maintenance disk again and boot into it
  • it is at this stage, it will start AppDNA disk analysis (assuming that you have AppDNA integration configured)importappdiskdna
  • Refresh the Studio now and you can see the Appdisk is at Ready(AppDNA:Capturing) state
  • Soon the process should complete. The AppDisk should now be ready for app delivery readystate
  • Head on to the PVS console and delete the Maintenance vDisk that was initially created for AppDisk . Once the AppDisk is sealed, you MUST boot into the vDisk version before the Maintenence version to be able to see the applications installed on the AppDisk. Strange but true ūüôā
  • If you need to edit(add more apps) a Sealed Appdisk, create a fresh Maintenance vDisk and continue with the updates. The older Maintenance vDisks will not work once sealed and should be removed from PVS console (Versioning)

 

Assigning an AppDisk

As previously stated, AppDisks require a machine catalog that isnt assigned to any delivery groups. So naturally the first step after creating an AppDisk is to create a delivery group and attach the AppDisk to it.

Updating an AppDisk

  • Create a Maintenance vDisk from the PVS Console
  • Change the VM type to Maintenance in the PVS Console (Device Collections)
  • If the Prep machine is already a member of a Delivery group, remove it from the delivery group.
  • Boot the Prep VM into the Maintenance vDisk and leave it at the login screen
  • Go to AppDisk node in Citrix Studio and select the AppDisk that needs to be updated.
  • Choose Create New Version
  • Give it a name and select the Machine catalog name where the prep machine resides
  • Click Create New Version
  • At this point, it creates a Control Disk

control-disk

  • The Prep VM will now restart. the next step is to “Reserve” the Virtual machine
  • Boot the VM back into the Maintenance vDisk

reservevm

  • It then proceeds with the Layer creation and completes it. It would say ready to install applications in Studio
  • Proceed to install applications as you would normally do
  • Seal the Appdisks when completed.
  • Delete the Maintenance version from the PVS console and change the VM type to Production from Maintenance

 

Diagnosing issues with AppDisk

AppDisks come with a logging tool that could be found here at C:\Program Files\Citrix\personal vDisk\bin\CtxAppDisksDiag.exe

Run the above tool as an admin and select the folder where you would like to see the log files and click OK

 

Importing an AppDisk

There are times you will need to import a pre-created AppDisk to the Studio. This method will also work for the manually built virtual machines.

Carl Stalhood has detailed the process to import AppDisks in his blog post here

Setting Up HDX Flash Redirection – XenApp & XenDesktop


Setting up flash redirection to work in Citrix could sometimes be a daunting task. There are a multitude of moving parts to this solution and a slight error could lead to days of troubleshooting and remediation work. I thought i will document the procedures that I followed to successfully setup Flash redirection to work on  XenApp 7.5 farm and thin clients for a customer environment.

I am not going into the details of this technology and what each versions flash redirection does as you can read about them here

I strongly recommend you read the PDF document from Citrix on HDX redirection in general.

The below procedures apply to all the versions of XenApp and XenDesktop where flash redirection is applicable. My particular case was XenApp 7.5 with IE 11

Please also check the pre-requisites section on this Citrix KB article https://support.citrix.com/article/CTX205558

We will split the setup into 2 parts – Server side (VDA or Citrix Servers) setup and Client side setup

Server Side setup

  • Citrix Policies – Setup the Citrix policies for flash in Studio or Delivery Services Console as the case may be. Below is how they should look like if they are correctly configured. Also note that the latency threshold may differ according to your network conditions.

Capture

  • Flash Hotfixes – Look out for any specific hotfixes by Citrix to enable Flash acceleration. There is one required for XenApp 7.5 VDA and is available here . You may have a different version so go online and check if there is a specific hotfox availabe for Flash redirection to work. I had to download the hotfix and install on the VDA

cap1

  • Version of IE – 32 bit Internet Explorer must be used for Flash redirection to work even if you are using a 64 bit OS like Windows Server 2012 R2. Citrix recommends using IE 11
  • Flash Player Active X Plugins – Active X plugins are required on the server side for flash acceleration to work. These plugins integrate with Internet Explorer and could be installed separately if you are using IE 10 and below. You may visit Adobe Flash website to download a specific version of the Active X component. With IE 11, the Active X components are built-in alongside the browser (not a good thing in my opinion) and update are available as Windows updates from Microsoft’s site.

cap2

  • Flash Player NPAPI Plugins – It’s good to keep the IE Active X Controls and the NPAPI plugin versions the same. Though NPAPI plugins are required only for non-IE browsers according to theory, this seem to have an effect on the success of flash redirection

cap3

  • Special IE Settings – Disable Enhanced Protection Mode in IE, Some websites like YouTube.com need to be added to compatibility view mode for flash redirection to work. you may also need to add the website to Trusted Sites in IE in certain cases.

Client Side Setup

  • Flash Player Active X Plugins/Controls – This is a critical piece. This should either be equal to or greater than the version being run on the server.
  • Flash Player NPAPI Plugins – I would say this is the most important bit as we found out that even though you use IE in the Citrix session, NPAPI versions are compatibility checked and matched. If the check failed, flash redirection stopped working regardless of the Active X (IE) version. Keep client side NPAPI version the same or above as your NPAPI version on the server for Flash redirection to work.
  • Configure the ADM file for HDX Mediastream for Flash on all the corporate domain joined clients. This is not a requirement but still nice to have configured. Without this, your clients will still work if they meet the rest of the requirements

Other key things to note

  • Dont perform an upgrade of an existing Flash player plugin for client or server. Always install a fresh copy.
  • Flash Logging is a must have when you setup flash redirection. In most of the cases, logging will be turn ON by default and will be found under Event Viewer > Applications and Service Log > Citrix >Multimedia >Flash
  • When Flash redirection works, PseudoContainer.exe will run on the client device. Spot it using Task Manager >Details/Processes Tab
  • There is a troubleshooting guide for Flash redirection from Citrix and could be found here http://support.citrix.com/article/CTX127188
  • Citrix has got a How to guide for setting up Flash and could be found here http://support.citrix.com/article/CTX124190
  • Flash Logging could be enabled following the KB http://support.citrix.com/article/CTX141595
  • Check the Flash Redirection compatibility KB from Citrix here http://support.citrix.com/article/CTX136588

That’s it folks. Feel free to post your comments below

 

XenApp & XenDesktop 7.x – Citrix Director Load Balancing using NetScaler


Here is a quick and easy way to load balance your Citrix Director instances in a XenApp or XenDesktop environment.

Below is my environment

  • Citrix Director servers ( Controller servers in most cases) – director-1 and director-2
  • A NetScaler HA pair ( you can do this on a stand alone NetScaler as well)

 

Monitors

Firstly, create a monitor for the Director services

Navigate to Traffic Management >Load Balancing >Monitors and click Add

mon1

Give it a name and select type as HTTP ( if there are no SSL certificates installed on the Director servers). Click on the Special Parameters tab and under the HTTP Type box, enter GET /Director/LogOn.aspx?cc=true

mon3

Before you click Create, ensure that it is enabled and Secure box is ticked if SSL certs are being used.

mon4

Click Create

Servers

  • Second step is to create Servers

Navigate to Traffic Management >Load Balancing >Servers and click Add

mon5

Add your Director servers here

mon6

Similarly, add the second Director servers as well

Service Groups

  • Now create the Service Group

Navigate to Traffic Management >Load Balancing >Service Groups and click Add

mon7

Give the Service Group a name and protocol is HTTP and click OK

mon8

Now Edit the service group that was just created and click on Service Group members and add the newly created services, director-1 and director-2

mon9

Once added, it will look like the below

mon10

 

Click Close. Click on the Monitors link as below and add the monitor that was created in Step 1

mon11

Once add the screen will look like the below. Click Close

mon12

The service group will look like the below once the above steps are completed.

mon13

Click Done

Responder Policy

A Responder policy needs to be created to redirect the users from the root of the IIS web server to the Director page.

Please note that Responder feature may need to be enabled first before you can use it.

Click on the + sign next to AppExpert and select Responder. Right click and choose Enable Feature. The yellow exclamation mark will disappear when you do that.

Once enabled, Navigate to AppExpert >Responder > Actions

mon14

Now think of a nice name to call the load balanced Director instance. you will need to add a DNS host entry later on for this name. the name that i have chosen is director

Give it a descriptive name and use the drop down for Type to select Redirect

Under Expressions, type the string here with the quotes as below

"http://director.domain.co.nz/Director"

mon15

Click Create

Time now to create the Responder policy. The one that we created earlier was a Responder action.

Give a descriptive name to the Responder policy and under the Action drop down menu, select the name of the action that was created in previous step. Under the Expressions field,  type

HTTP.REQ.URL.CONTAINS(“Director”).NOT

mon16

Click Create

Virtual Server for Load balancing

Reserve an IP address to use for the virtual server.

On the left, navigate to Traffic Management >Load Balancing >Virtual Servers and click Add on the right. Give it a name and select the Protocol as HTTP

Specify the IP address for virtual server and the port number as 80. Click OK.  Note that in production environments, use secure Director access by using an SSL certificate. For the purpose of demo, we are using an unsecure connection

mon17

On the page where it says, Services and Service Groups, click No Load Balancing Virtual Server ServiceGroup Binding

mon18.PNG

Add the service group that was created in earlier steps

Click Continue

On the right hand side under Advanced Settings, Click Persistence

Select SOURCE IP as the Persistence and change the timeout value to 245 ( the default time out value for Director is 245 mins). Leave the rest of the settings as defaults and Click OK

mon19

Now, move on to the right hand side again and select Policies

Select Responder as the policy and Type as Request and click Continue

mon20.

Select the redirect policy created earlier and click Bind

mon21

Click Done

Ensure that the virtual server is marked as UP in green.

DNS Config

Create a host A record in DNS for the name which in my case is director

Test the Director URL and ensure that it redirects you to the correct URL and also login and confirm that Director is usable.

That’s all you need to do to setup Director load balancing using NetScaler.

 

 

 

 

Tuning HDX policies for optimal end user performance – XenApp/XenDesktop 7.6 FP3


With the release of 7.6 feature pack 3, the default graphics delivery behavior has changed and the enhanced Thinwire Compatibility mode is not available via user policies. You will need to take into consideration about the different use cases and the importance of policy precedence to ensure the intended delivery method is used. If FrameHawk is specifically applied to a subset of users, they will use FrameHawk even if a higher priority policy specifies Thinwire Compatibility mode. here is a cheat sheet from Citrix to make your life a lot easier when configuring HDX policies

Capture2

XenApp / XenDesktop 7.x – All the PowerShell cmdlets


Here is a dump of all that you can do via the PowerShell cmdlets in a XenApp /XenDesktop 7.x world. Note that the below has been taken from a XenApp 7.5 controller so there might be SDK updates in the newer releases.

Run the below command below in a PowerShell administrative window

Get-Command -Module citrix*

Output is below

CommandType     Name                                               ModuleName                                          
-----------     ----                                               ----------                                          
Cmdlet          Add-AcctADAccount                                  Citrix.AdIdentity.Admin.V2                          
Cmdlet          Add-AcctIdentityPoolScope                          Citrix.AdIdentity.Admin.V2                          
Cmdlet          Add-AdminPermission                                Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Add-AdminRight                                     Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Add-BrokerApplication                              Citrix.Broker.Admin.V2                              
Cmdlet          Add-BrokerDesktopGroup                             Citrix.Broker.Admin.V2                              
Cmdlet          Add-BrokerMachine                                  Citrix.Broker.Admin.V2                              
Cmdlet          Add-BrokerMachineConfiguration                     Citrix.Broker.Admin.V2                              
Cmdlet          Add-BrokerMachinesToDesktopGroup                   Citrix.Broker.Admin.V2                              
Cmdlet          Add-BrokerScope                                    Citrix.Broker.Admin.V2                              
Cmdlet          Add-BrokerTag                                      Citrix.Broker.Admin.V2                              
Cmdlet          Add-BrokerUser                                     Citrix.Broker.Admin.V2                              
Cmdlet          Add-ConfigRegisteredServiceInstanceMetadata        Citrix.Configuration.Admin.V2                       
Cmdlet          Add-ConfigServiceGroupMetadata                     Citrix.Configuration.Admin.V2                       
Cmdlet          Add-HypHostingUnitMetadata                         Citrix.Host.Admin.V2                                
Cmdlet          Add-HypHostingUnitNetwork                          Citrix.Host.Admin.V2                                
Cmdlet          Add-HypHostingUnitStorage                          Citrix.Host.Admin.V2                                
Cmdlet          Add-HypHypervisorConnectionAddress                 Citrix.Host.Admin.V2                                
Cmdlet          Add-HypHypervisorConnectionMetadata                Citrix.Host.Admin.V2                                
Cmdlet          Add-HypHypervisorConnectionScope                   Citrix.Host.Admin.V2                                
Cmdlet          Add-HypMetadata                                    Citrix.Host.Admin.V2                                
Cmdlet          Add-LicGlobalMetadata                              Citrix.Licensing.Admin.V1                           
Cmdlet          Add-ProvSchemeControllerAddress                    Citrix.MachineCreation.Admin.V2                     
Cmdlet          Add-ProvSchemeMetadata                             Citrix.MachineCreation.Admin.V2                     
Cmdlet          Add-ProvSchemeScope                                Citrix.MachineCreation.Admin.V2                     
Cmdlet          Add-ProvTaskMetadata                               Citrix.MachineCreation.Admin.V2                     
Cmdlet          Add-SfServerToCluster                              Citrix.Storefront.Admin.V1                          
Cmdlet          Add-SfStorefrontAddress                            Citrix.Storefront.Admin.V1                          
Cmdlet          Add-XDController                                   Citrix.XenDesktop.Admin                             
Cmdlet          Clear-CtxTraceSession                              Citrix.Common.Commands                              
Cmdlet          ConvertTo-CtxAppVLauncherArg                       Citrix.AppV.Admin.V1                                
Cmdlet          Copy-AcctIdentityPool                              Citrix.AdIdentity.Admin.V2                          
Cmdlet          Copy-CtxSystemInformation                          Citrix.Common.Commands                              
Cmdlet          Copy-CtxTraceLog                                   Citrix.Common.Commands                              
Cmdlet          Disconnect-BrokerSession                           Citrix.Broker.Admin.V2                              
Cmdlet          Export-BrokerDesktopPolicy                         Citrix.Broker.Admin.V2                              
Cmdlet          Export-ConfigFeatureTable                          Citrix.Configuration.Admin.V2                       
Cmdlet          Export-CtxGPTemplate                               Citrix.Common.GroupPolicy                           
Cmdlet          Export-LogReportCsv                                Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Export-LogReportHtml                               Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-AcctADAccount                                  Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctDBConnection                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctDBSchema                                   Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctDBVersionChangeScript                      Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctIdentityPool                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctInstalledDBVersion                         Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctScopedObject                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctService                                    Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctServiceAddedCapability                     Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctServiceInstance                            Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AcctServiceStatus                              Citrix.AdIdentity.Admin.V2                          
Cmdlet          Get-AdminAdministrator                             Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminDBConnection                              Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminDBSchema                                  Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminDBVersionChangeScript                     Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminEffectiveAdministrator                    Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminEffectiveRight                            Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminInstalledDBVersion                        Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminPermission                                Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminPermissionGroup                           Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminRevision                                  Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminRole                                      Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminRoleConfiguration                         Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminScope                                     Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminService                                   Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminServiceAddedCapability                    Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminServiceInstance                           Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-AdminServiceStatus                             Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Get-BrokerAccessPolicyRule                         Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerAppAssignmentPolicyRule                  Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerAppEntitlementPolicyRule                 Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerApplication                              Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerApplicationInstance                      Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerAssignmentPolicyRule                     Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerCatalog                                  Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerConfigurationSlot                        Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerConfiguredFTA                            Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerConnectionLog                            Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerController                               Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerDBConnection                             Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerDBSchema                                 Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerDBVersionChangeScript                    Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerDelayedHostingPowerAction                Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerDesktop                                  Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerDesktopGroup                             Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerDesktopUsage                             Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerEntitlementPolicyRule                    Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerHostingPowerAction                       Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerHypervisorAlert                          Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerHypervisorConnection                     Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerIcon                                     Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerImportedFTA                              Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerInstalledDbVersion                       Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerMachine                                  Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerMachineCommand                           Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerMachineConfiguration                     Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerMachineStartMenuShortcutIcon             Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerMachineStartMenuShortcuts                Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerPowerTimeScheme                          Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerPrivateDesktop                           Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerRebootCycle                              Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerRebootSchedule                           Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerRemotePCAccount                          Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerResource                                 Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerScopedObject                             Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerServiceAddedCapability                   Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerServiceInstance                          Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerServiceStatus                            Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerSession                                  Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerSharedDesktop                            Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerSite                                     Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerTag                                      Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerUnconfiguredMachine                      Citrix.Broker.Admin.V2                              
Cmdlet          Get-BrokerUser                                     Citrix.Broker.Admin.V2                              
Cmdlet          Get-ConfigDBConnection                             Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigDBSchema                                 Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigDBVersionChangeScript                    Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigEnabledFeature                           Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigInstalledDBVersion                       Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigLicensingModel                           Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigLocalData                                Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigProduct                                  Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigProductEdition                           Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigProductFeature                           Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigProductVersion                           Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigRegisteredServiceInstance                Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigService                                  Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigServiceAddedCapability                   Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigServiceGroup                             Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigServiceInstance                          Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigServiceStatus                            Citrix.Configuration.Admin.V2                       
Cmdlet          Get-ConfigSite                                     Citrix.Configuration.Admin.V2                       
Cmdlet          Get-CtxAppVApplication                             Citrix.AppV.Admin.V1                                
Cmdlet          Get-CtxAppVApplicationInfo                         Citrix.AppV.Admin.V1                                
Cmdlet          Get-CtxAppVServer                                  Citrix.AppV.Admin.V1                                
Cmdlet          Get-CtxAppVServerSetting                           Citrix.AppV.Admin.V1                                
Cmdlet          Get-CtxConfigurationLogReport                      Citrix.Common.Commands                              
Cmdlet          Get-CtxIcon                                        Citrix.Common.Commands                              
Cmdlet          Get-CtxProfileApplication                          Citrix.Common.Commands                              
Cmdlet          Get-CtxTraceProvider                               Citrix.Common.Commands                              
Cmdlet          Get-CtxTraceSession                                Citrix.Common.Commands                              
Cmdlet          Get-EnvTestConfiguration                           Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestDBConnection                            Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestDBSchema                                Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestDBVersionChangeScript                   Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestDefinition                              Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestInstalledDBVersion                      Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestService                                 Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestServiceAddedCapability                  Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestServiceInstance                         Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestServiceStatus                           Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestSuiteDefinition                         Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-EnvTestTask                                    Citrix.EnvTest.Admin.V1                             
Cmdlet          Get-HypConfigurationDataForItem                    Citrix.Host.Admin.V2                                
Cmdlet          Get-HypConfigurationObjectForItem                  Citrix.Host.Admin.V2                                
Cmdlet          Get-HypConnectionRegion                            Citrix.Host.Admin.V2                                
Cmdlet          Get-HypDBConnection                                Citrix.Host.Admin.V2                                
Cmdlet          Get-HypDBSchema                                    Citrix.Host.Admin.V2                                
Cmdlet          Get-HypDBVersionChangeScript                       Citrix.Host.Admin.V2                                
Cmdlet          Get-HypHypervisorPlugin                            Citrix.Host.Admin.V2                                
Cmdlet          Get-HypInstalledDBVersion                          Citrix.Host.Admin.V2                                
Cmdlet          Get-HypScopedObject                                Citrix.Host.Admin.V2                                
Cmdlet          Get-HypService                                     Citrix.Host.Admin.V2                                
Cmdlet          Get-HypServiceAddedCapability                      Citrix.Host.Admin.V2                                
Cmdlet          Get-HypServiceInstance                             Citrix.Host.Admin.V2                                
Cmdlet          Get-HypServiceStatus                               Citrix.Host.Admin.V2                                
Cmdlet          Get-HypVMMacAddress                                Citrix.Host.Admin.V2                                
Cmdlet          Get-HypVolumeServiceConfiguration                  Citrix.Host.Admin.V2                                
Cmdlet          Get-HypXenServerAddress                            Citrix.Host.Admin.V2                                
Cmdlet          Get-LicAdministrator                               Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicCertificate                                 Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicEffectivePermission                         Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicEntitlements                                Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicGlobalMetadata                              Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicInventory                                   Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicLACEnabledState                             Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicLACLocation                                 Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicLocation                                    Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LicServerInfo                                  Citrix.Licensing.Admin.V1                           
Cmdlet          Get-LogDataStore                                   Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogDBConnection                                Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogDBSchema                                    Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogDBVersionChangeScript                       Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogHighLevelOperation                          Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogInstalledDBVersion                          Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogLowLevelOperation                           Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogService                                     Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogServiceAddedCapability                      Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogServiceInstance                             Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogServiceStatus                               Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogSite                                        Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-LogSummary                                     Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Get-MonitorConfiguration                           Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorDataStore                               Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorDBConnection                            Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorDBSchema                                Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorDBVersionChangeScript                   Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorInstalledDBVersion                      Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorService                                 Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorServiceAddedCapability                  Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorServiceInstance                         Citrix.Monitor.Admin.V1                             
Cmdlet          Get-MonitorServiceStatus                           Citrix.Monitor.Admin.V1                             
Cmdlet          Get-ProvDBConnection                               Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvDBSchema                                   Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvDBVersionChangeScript                      Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvInstalledDBVersion                         Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvObjectReference                            Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvScheme                                     Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvSchemeMasterVMImageHistory                 Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvScopedObject                               Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvService                                    Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvServiceAddedCapability                     Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvServiceConfigurationData                   Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvServiceInstance                            Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvServiceStatus                              Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvTask                                       Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-ProvVM                                         Citrix.MachineCreation.Admin.V2                     
Cmdlet          Get-SfCluster                                      Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfDBConnection                                 Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfDBSchema                                     Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfDBVersionChangeScript                        Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfInstalledDBVersion                           Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfIsStorefrontInstalled                        Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfService                                      Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfServiceAddedCapability                       Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfServiceInstance                              Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfServiceStatus                                Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfStorefrontAddress                            Citrix.Storefront.Admin.V1                          
Cmdlet          Get-SfTask                                         Citrix.Storefront.Admin.V1                          
Cmdlet          Get-UserProfileDefinition                          Citrix.UserProfileManager.Admin.V1                  
Cmdlet          Get-UserProfileManagerServiceAddedCapability       Citrix.UserProfileManager.Admin.V1                  
Cmdlet          Get-UserProfilePath                                Citrix.UserProfileManager.Admin.V1                  
Cmdlet          Get-XDDatabaseSchema                               Citrix.XenDesktop.Admin                             
Cmdlet          Get-XDLogging                                      Citrix.XenDesktop.Admin                             
Cmdlet          Get-XDMonitor                                      Citrix.XenDesktop.Admin                             
Cmdlet          Get-XDSite                                         Citrix.XenDesktop.Admin                             
Cmdlet          Grant-HypSecurityGroupEgress                       Citrix.Host.Admin.V2                                
Cmdlet          Grant-HypSecurityGroupIngress                      Citrix.Host.Admin.V2                                
Cmdlet          Group-BrokerDesktop                                Citrix.Broker.Admin.V2                              
Cmdlet          Group-BrokerMachine                                Citrix.Broker.Admin.V2                              
Cmdlet          Import-AdminRoleConfiguration                      Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Import-BrokerDesktopPolicy                         Citrix.Broker.Admin.V2                              
Cmdlet          Import-ConfigFeatureTable                          Citrix.Configuration.Admin.V2                       
Cmdlet          Import-CtxGPTemplate                               Citrix.Common.GroupPolicy                           
Cmdlet          Import-LicLicenseFile                              Citrix.Licensing.Admin.V1                           
Cmdlet          Lock-ProvVM                                        Citrix.MachineCreation.Admin.V2                     
Cmdlet          New-AcctADAccount                                  Citrix.AdIdentity.Admin.V2                          
Cmdlet          New-AcctIdentityPool                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          New-AdminAdministrator                             Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          New-AdminRole                                      Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          New-AdminScope                                     Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          New-BrokerAccessPolicyRule                         Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerAppAssignmentPolicyRule                  Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerAppEntitlementPolicyRule                 Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerApplication                              Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerAssignmentPolicyRule                     Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerCatalog                                  Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerConfigurationSlot                        Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerConfiguredFTA                            Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerDelayedHostingPowerAction                Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerDesktopGroup                             Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerEntitlementPolicyRule                    Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerHostingPowerAction                       Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerHypervisorConnection                     Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerIcon                                     Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerMachine                                  Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerMachineCommand                           Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerMachineConfiguration                     Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerPowerTimeScheme                          Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerRebootSchedule                           Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerRemotePCAccount                          Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerTag                                      Citrix.Broker.Admin.V2                              
Cmdlet          New-BrokerUser                                     Citrix.Broker.Admin.V2                              
Cmdlet          New-CtxAppVServer                                  Citrix.AppV.Admin.V1                                
Cmdlet          New-CtxInformationPackage                          Citrix.Common.Commands                              
Cmdlet          New-EnvTestDiscoveryTargetDefinition               Citrix.EnvTest.Admin.V1                             
Cmdlet          New-HypVMSnapshot                                  Citrix.Host.Admin.V2                                
Cmdlet          New-LicAdministrator                               Citrix.Licensing.Admin.V1                           
Cmdlet          New-LicAllocation                                  Citrix.Licensing.Admin.V1                           
Cmdlet          New-ProvScheme                                     Citrix.MachineCreation.Admin.V2                     
Cmdlet          New-ProvVM                                         Citrix.MachineCreation.Admin.V2                     
Cmdlet          New-SfCluster                                      Citrix.Storefront.Admin.V1                          
Cmdlet          New-SfStorefrontAddress                            Citrix.Storefront.Admin.V1                          
Cmdlet          New-UserProfileConfiguration                       Citrix.UserProfileManager.Admin.V1                  
Cmdlet          New-UserProfileShare                               Citrix.UserProfileManager.Admin.V1                  
Cmdlet          New-XDDatabase                                     Citrix.XenDesktop.Admin                             
Cmdlet          New-XDSite                                         Citrix.XenDesktop.Admin                             
Cmdlet          Publish-ProvMasterVmImage                          Citrix.MachineCreation.Admin.V2                     
Cmdlet          Register-ConfigServiceInstance                     Citrix.Configuration.Admin.V2                       
Cmdlet          Remove-AcctADAccount                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Remove-AcctIdentityPool                            Citrix.AdIdentity.Admin.V2                          
Cmdlet          Remove-AcctIdentityPoolMetadata                    Citrix.AdIdentity.Admin.V2                          
Cmdlet          Remove-AcctIdentityPoolScope                       Citrix.AdIdentity.Admin.V2                          
Cmdlet          Remove-AcctServiceMetadata                         Citrix.AdIdentity.Admin.V2                          
Cmdlet          Remove-AdminAdministrator                          Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminAdministratorMetadata                  Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminPermission                             Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminRight                                  Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminRole                                   Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminRoleMetadata                           Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminScope                                  Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminScopeMetadata                          Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-AdminServiceMetadata                        Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Remove-BrokerAccessPolicyRule                      Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerAccessPolicyRuleMetadata              Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerAppAssignmentPolicyRule               Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerAppEntitlementPolicyRule              Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerApplication                           Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerApplicationInstanceMetadata           Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerApplicationMetadata                   Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerAssignmentPolicyRule                  Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerAssignmentPolicyRuleMetadata          Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerCatalog                               Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerCatalogMetadata                       Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerConfigurationSlot                     Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerConfigurationSlotMetadata             Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerConfiguredFTA                         Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerControllerMetadata                    Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerDelayedHostingPowerAction             Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerDesktopGroup                          Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerDesktopGroupMetadata                  Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerEntitlementPolicyRule                 Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerEntitlementPolicyRuleMetadata         Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerHostingPowerAction                    Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerHostingPowerActionMetadata            Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerHypervisorAlertMetadata               Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerHypervisorConnection                  Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerHypervisorConnectionMetadata          Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerIcon                                  Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerIconMetadata                          Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerImportedFTA                           Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerMachine                               Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerMachineCommand                        Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerMachineCommandMetadata                Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerMachineConfiguration                  Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerMachineConfigurationMetadata          Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerMachineMetadata                       Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerPowerTimeScheme                       Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerPowerTimeSchemeMetadata               Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerRebootCycleMetadata                   Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerRebootSchedule                        Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerRemotePCAccount                       Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerScope                                 Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerSessionMetadata                       Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerSiteMetadata                          Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerTag                                   Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerTagMetadata                           Citrix.Broker.Admin.V2                              
Cmdlet          Remove-BrokerUser                                  Citrix.Broker.Admin.V2                              
Cmdlet          Remove-ConfigRegisteredServiceInstanceMetadata     Citrix.Configuration.Admin.V2                       
Cmdlet          Remove-ConfigServiceGroup                          Citrix.Configuration.Admin.V2                       
Cmdlet          Remove-ConfigServiceGroupMetadata                  Citrix.Configuration.Admin.V2                       
Cmdlet          Remove-ConfigServiceMetadata                       Citrix.Configuration.Admin.V2                       
Cmdlet          Remove-ConfigSiteMetadata                          Citrix.Configuration.Admin.V2                       
Cmdlet          Remove-EnvTestServiceMetadata                      Citrix.EnvTest.Admin.V1                             
Cmdlet          Remove-EnvTestTask                                 Citrix.EnvTest.Admin.V1                             
Cmdlet          Remove-EnvTestTaskMetadata                         Citrix.EnvTest.Admin.V1                             
Cmdlet          Remove-HypHostingUnitMetadata                      Citrix.Host.Admin.V2                                
Cmdlet          Remove-HypHostingUnitNetwork                       Citrix.Host.Admin.V2                                
Cmdlet          Remove-HypHostingUnitStorage                       Citrix.Host.Admin.V2                                
Cmdlet          Remove-HypHypervisorConnectionAddress              Citrix.Host.Admin.V2                                
Cmdlet          Remove-HypHypervisorConnectionMetadata             Citrix.Host.Admin.V2                                
Cmdlet          Remove-HypHypervisorConnectionScope                Citrix.Host.Admin.V2                                
Cmdlet          Remove-HypMetadata                                 Citrix.Host.Admin.V2                                
Cmdlet          Remove-HypServiceMetadata                          Citrix.Host.Admin.V2                                
Cmdlet          Remove-LicAdministrator                            Citrix.Licensing.Admin.V1                           
Cmdlet          Remove-LicGlobalMetadata                           Citrix.Licensing.Admin.V1                           
Cmdlet          Remove-LogOperation                                Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Remove-LogServiceMetadata                          Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Remove-LogSiteMetadata                             Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Remove-MonitorServiceMetadata                      Citrix.Monitor.Admin.V1                             
Cmdlet          Remove-ProvScheme                                  Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvSchemeControllerAddress                 Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvSchemeMasterVMImageHistory              Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvSchemeMetadata                          Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvSchemeScope                             Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvServiceConfigurationData                Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvServiceMetadata                         Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvTask                                    Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvTaskMetadata                            Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-ProvVM                                      Citrix.MachineCreation.Admin.V2                     
Cmdlet          Remove-SfServerFromCluster                         Citrix.Storefront.Admin.V1                          
Cmdlet          Remove-SfServiceMetadata                           Citrix.Storefront.Admin.V1                          
Cmdlet          Remove-SfTask                                      Citrix.Storefront.Admin.V1                          
Cmdlet          Remove-SfTaskMetadata                              Citrix.Storefront.Admin.V1                          
Cmdlet          Remove-UserProfileShare                            Citrix.UserProfileManager.Admin.V1                  
Cmdlet          Remove-XDController                                Citrix.XenDesktop.Admin                             
Cmdlet          Remove-XDSite                                      Citrix.XenDesktop.Admin                             
Cmdlet          Rename-AcctIdentityPool                            Citrix.AdIdentity.Admin.V2                          
Cmdlet          Rename-AdminRole                                   Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Rename-AdminScope                                  Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Rename-BrokerAccessPolicyRule                      Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerAppAssignmentPolicyRule               Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerAppEntitlementPolicyRule              Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerApplication                           Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerAssignmentPolicyRule                  Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerCatalog                               Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerDesktopGroup                          Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerEntitlementPolicyRule                 Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerMachineConfiguration                  Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerPowerTimeScheme                       Citrix.Broker.Admin.V2                              
Cmdlet          Rename-BrokerTag                                   Citrix.Broker.Admin.V2                              
Cmdlet          Rename-ProvScheme                                  Citrix.MachineCreation.Admin.V2                     
Cmdlet          Repair-AcctADAccount                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Repair-UserProfileShare                            Citrix.UserProfileManager.Admin.V1                  
Cmdlet          Reset-AcctServiceGroupMembership                   Citrix.AdIdentity.Admin.V2                          
Cmdlet          Reset-AdminServiceGroupMembership                  Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Reset-BrokerLicensingConnection                    Citrix.Broker.Admin.V2                              
Cmdlet          Reset-BrokerServiceGroupMembership                 Citrix.Broker.Admin.V2                              
Cmdlet          Reset-ConfigServiceGroupMembership                 Citrix.Configuration.Admin.V2                       
Cmdlet          Reset-EnvTestServiceGroupMembership                Citrix.EnvTest.Admin.V1                             
Cmdlet          Reset-HypServiceGroupMembership                    Citrix.Host.Admin.V2                                
Cmdlet          Reset-LogDataStore                                 Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Reset-LogServiceGroupMembership                    Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Reset-MonitorDataStore                             Citrix.Monitor.Admin.V1                             
Cmdlet          Reset-MonitorServiceGroupMembership                Citrix.Monitor.Admin.V1                             
Cmdlet          Reset-ProvServiceGroupMembership                   Citrix.MachineCreation.Admin.V2                     
Cmdlet          Reset-SfServiceGroupMembership                     Citrix.Storefront.Admin.V1                          
Cmdlet          Revoke-HypSecurityGroupEgress                      Citrix.Host.Admin.V2                                
Cmdlet          Revoke-HypSecurityGroupIngress                     Citrix.Host.Admin.V2                                
Cmdlet          Send-BrokerSessionMessage                          Citrix.Broker.Admin.V2                              
Cmdlet          Set-AcctDBConnection                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Set-AcctIdentityPool                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Set-AcctIdentityPoolMetadata                       Citrix.AdIdentity.Admin.V2                          
Cmdlet          Set-AcctServiceMetadata                            Citrix.AdIdentity.Admin.V2                          
Cmdlet          Set-AdminAdministrator                             Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-AdminAdministratorMetadata                     Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-AdminDBConnection                              Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-AdminRole                                      Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-AdminRoleMetadata                              Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-AdminScope                                     Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-AdminScopeMetadata                             Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-AdminServiceMetadata                           Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Set-BrokerAccessPolicyRule                         Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerAccessPolicyRuleMetadata                 Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerAppAssignmentPolicyRule                  Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerAppEntitlementPolicyRule                 Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerApplication                              Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerApplicationInstanceMetadata              Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerApplicationMetadata                      Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerAssignmentPolicyRule                     Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerAssignmentPolicyRuleMetadata             Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerCatalog                                  Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerCatalogMetadata                          Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerConfigurationSlotMetadata                Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerControllerMetadata                       Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerDBConnection                             Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerDesktopGroup                             Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerDesktopGroupMetadata                     Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerEntitlementPolicyRule                    Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerEntitlementPolicyRuleMetadata            Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerHostingPowerAction                       Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerHostingPowerActionMetadata               Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerHypervisorAlertMetadata                  Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerHypervisorConnection                     Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerHypervisorConnectionMetadata             Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerIconMetadata                             Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerMachine                                  Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerMachineCatalog                           Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerMachineCommandMetadata                   Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerMachineConfiguration                     Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerMachineConfigurationMetadata             Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerMachineMaintenanceMode                   Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerMachineMetadata                          Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerPowerTimeScheme                          Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerPowerTimeSchemeMetadata                  Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerPrivateDesktop                           Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerRebootCycleMetadata                      Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerRebootSchedule                           Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerRemotePCAccount                          Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerSession                                  Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerSessionMetadata                          Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerSharedDesktop                            Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerSite                                     Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerSiteMetadata                             Citrix.Broker.Admin.V2                              
Cmdlet          Set-BrokerTagMetadata                              Citrix.Broker.Admin.V2                              
Cmdlet          Set-ConfigDBConnection                             Citrix.Configuration.Admin.V2                       
Cmdlet          Set-ConfigRegisteredServiceInstance                Citrix.Configuration.Admin.V2                       
Cmdlet          Set-ConfigRegisteredServiceInstanceMetadata        Citrix.Configuration.Admin.V2                       
Cmdlet          Set-ConfigServiceGroupMetadata                     Citrix.Configuration.Admin.V2                       
Cmdlet          Set-ConfigServiceMetadata                          Citrix.Configuration.Admin.V2                       
Cmdlet          Set-ConfigSite                                     Citrix.Configuration.Admin.V2                       
Cmdlet          Set-ConfigSiteMetadata                             Citrix.Configuration.Admin.V2                       
Cmdlet          Set-CtxAppVServerSetting                           Citrix.AppV.Admin.V1                                
Cmdlet          Set-EnvTestConfiguration                           Citrix.EnvTest.Admin.V1                             
Cmdlet          Set-EnvTestDBConnection                            Citrix.EnvTest.Admin.V1                             
Cmdlet          Set-EnvTestServiceMetadata                         Citrix.EnvTest.Admin.V1                             
Cmdlet          Set-EnvTestTaskMetadata                            Citrix.EnvTest.Admin.V1                             
Cmdlet          Set-HypAdminConnection                             Citrix.Host.Admin.V2                                
Cmdlet          Set-HypDBConnection                                Citrix.Host.Admin.V2                                
Cmdlet          Set-HypHostingUnitMetadata                         Citrix.Host.Admin.V2                                
Cmdlet          Set-HypHostingUnitStorage                          Citrix.Host.Admin.V2                                
Cmdlet          Set-HypHypervisorConnectionMetadata                Citrix.Host.Admin.V2                                
Cmdlet          Set-HypServiceMetadata                             Citrix.Host.Admin.V2                                
Cmdlet          Set-HypVolumeServiceConfiguration                  Citrix.Host.Admin.V2                                
Cmdlet          Set-LicAdministrator                               Citrix.Licensing.Admin.V1                           
Cmdlet          Set-LicLACEnabledState                             Citrix.Licensing.Admin.V1                           
Cmdlet          Set-LogDBConnection                                Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Set-LogServiceMetadata                             Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Set-LogSite                                        Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Set-LogSiteMetadata                                Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Set-MonitorConfiguration                           Citrix.Monitor.Admin.V1                             
Cmdlet          Set-MonitorDBConnection                            Citrix.Monitor.Admin.V1                             
Cmdlet          Set-MonitorServiceMetadata                         Citrix.Monitor.Admin.V1                             
Cmdlet          Set-ProvDBConnection                               Citrix.MachineCreation.Admin.V2                     
Cmdlet          Set-ProvScheme                                     Citrix.MachineCreation.Admin.V2                     
Cmdlet          Set-ProvSchemeMetadata                             Citrix.MachineCreation.Admin.V2                     
Cmdlet          Set-ProvServiceConfigurationData                   Citrix.MachineCreation.Admin.V2                     
Cmdlet          Set-ProvServiceMetadata                            Citrix.MachineCreation.Admin.V2                     
Cmdlet          Set-ProvTaskMetadata                               Citrix.MachineCreation.Admin.V2                     
Cmdlet          Set-SfCluster                                      Citrix.Storefront.Admin.V1                          
Cmdlet          Set-SfDBConnection                                 Citrix.Storefront.Admin.V1                          
Cmdlet          Set-SfServiceMetadata                              Citrix.Storefront.Admin.V1                          
Cmdlet          Set-SfTaskMetadata                                 Citrix.Storefront.Admin.V1                          
Cmdlet          Set-UserProfileDefinition                          Citrix.UserProfileManager.Admin.V1                  
Cmdlet          Set-XDLicensing                                    Citrix.XenDesktop.Admin                             
Cmdlet          Set-XDLogging                                      Citrix.XenDesktop.Admin                             
Cmdlet          Set-XDMonitor                                      Citrix.XenDesktop.Admin                             
Cmdlet          Set-XDSiteMetadata                                 Citrix.XenDesktop.Admin                             
Cmdlet          Start-BrokerCatalogPvdImagePrepare                 Citrix.Broker.Admin.V2                              
Cmdlet          Start-BrokerMachinePvdImagePrepare                 Citrix.Broker.Admin.V2                              
Cmdlet          Start-BrokerNaturalRebootCycle                     Citrix.Broker.Admin.V2                              
Cmdlet          Start-BrokerRebootCycle                            Citrix.Broker.Admin.V2                              
Cmdlet          Start-CtxTraceSession                              Citrix.Common.Commands                              
Cmdlet          Start-EnvTestTask                                  Citrix.EnvTest.Admin.V1                             
Cmdlet          Start-HypVM                                        Citrix.Host.Admin.V2                                
Cmdlet          Start-LogHighLevelOperation                        Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Stop-BrokerRebootCycle                             Citrix.Broker.Admin.V2                              
Cmdlet          Stop-BrokerSession                                 Citrix.Broker.Admin.V2                              
Cmdlet          Stop-CtxTraceSession                               Citrix.Common.Commands                              
Cmdlet          Stop-EnvTestTask                                   Citrix.EnvTest.Admin.V1                             
Cmdlet          Stop-HypVM                                         Citrix.Host.Admin.V2                                
Cmdlet          Stop-LogHighLevelOperation                         Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Stop-ProvTask                                      Citrix.MachineCreation.Admin.V2                     
Cmdlet          Switch-EnvTestTask                                 Citrix.EnvTest.Admin.V1                             
Cmdlet          Switch-ProvTask                                    Citrix.MachineCreation.Admin.V2                     
Cmdlet          Test-AcctDBConnection                              Citrix.AdIdentity.Admin.V2                          
Cmdlet          Test-AcctIdentityPoolNameAvailable                 Citrix.AdIdentity.Admin.V2                          
Cmdlet          Test-AdminAccess                                   Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Test-AdminDBConnection                             Citrix.DelegatedAdmin.Admin.V1                      
Cmdlet          Test-BrokerAccessPolicyRuleNameAvailable           Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerAppAssignmentPolicyRuleNameAvailable    Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerAppEntitlementPolicyRuleNameAvailable   Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerApplicationNameAvailable                Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerAssignmentPolicyRuleNameAvailable       Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerCatalogNameAvailable                    Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerDBConnection                            Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerDesktopGroupNameAvailable               Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerEntitlementPolicyRuleNameAvailable      Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerLicenseServer                           Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerMachineNameAvailable                    Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerPowerTimeSchemeNameAvailable            Citrix.Broker.Admin.V2                              
Cmdlet          Test-BrokerRemotePCAccountNameAvailable            Citrix.Broker.Admin.V2                              
Cmdlet          Test-ConfigDBConnection                            Citrix.Configuration.Admin.V2                       
Cmdlet          Test-ConfigServiceInstanceAvailability             Citrix.Configuration.Admin.V2                       
Cmdlet          Test-CtxAppVServer                                 Citrix.AppV.Admin.V1                                
Cmdlet          Test-EnvTestDBConnection                           Citrix.EnvTest.Admin.V1                             
Cmdlet          Test-HypDBConnection                               Citrix.Host.Admin.V2                                
Cmdlet          Test-HypHostingUnitNameAvailable                   Citrix.Host.Admin.V2                                
Cmdlet          Test-HypHypervisorConnectionNameAvailable          Citrix.Host.Admin.V2                                
Cmdlet          Test-LogDBConnection                               Citrix.ConfigurationLogging.Admin.V1                
Cmdlet          Test-MonitorDBConnection                           Citrix.Monitor.Admin.V1                             
Cmdlet          Test-ProvDBConnection                              Citrix.MachineCreation.Admin.V2                     
Cmdlet          Test-ProvSchemeNameAvailable                       Citrix.MachineCreation.Admin.V2                     
Cmdlet          Test-SfDBConnection                                Citrix.Storefront.Admin.V1                          
Cmdlet          Test-UserProfileShare                              Citrix.UserProfileManager.Admin.V1                  
Cmdlet          Unlock-AcctADAccount                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Unlock-AcctIdentityPool                            Citrix.AdIdentity.Admin.V2                          
Cmdlet          Unlock-ProvScheme                                  Citrix.MachineCreation.Admin.V2                     
Cmdlet          Unlock-ProvVM                                      Citrix.MachineCreation.Admin.V2                     
Cmdlet          Unregister-ConfigRegisteredServiceInstance         Citrix.Configuration.Admin.V2                       
Cmdlet          Update-AcctADAccount                               Citrix.AdIdentity.Admin.V2                          
Cmdlet          Update-BrokerImportedFTA                           Citrix.Broker.Admin.V2                              
Cmdlet          Update-BrokerNameCache                             Citrix.Broker.Admin.V2                              
Cmdlet          Update-HypHypervisorConnection                     Citrix.Host.Admin.V2

Running a QFARM command in XenApp 7.x


As most of you are aware by now, Qfarm command doesn’t run anymore in XenApp 7.x as it is a part of old IMA architecture.

With FMA, there are several ways to check the Server load, the easiest being using Citrix Studio and checking Load Index.

However, there is another method to check the load from using a PowerShell window and it is as below.

asnp citrix*
Get-BrokerMachine ‚ÄďFilter ‚ÄėSessionSupport ‚Äďeq ‚ÄúMultiSession‚ÄĚ‚Äô ‚ÄďProperty @(‚ÄėDNSName‚Äô,‚ÄôLoadIndex‚Äô)

qfarm1

if you need more details, you could add more parameters in your command line as below

Get-BrokerMachine ‚ÄďFilter ‚ÄėSessionSupport ‚Äďeq ‚ÄúMultiSession‚ÄĚ‚Äô ‚ÄďProperty @(‚ÄėDNSName‚Äô,'WindowsConnectionSetting','SessionCount',‚ÄôLoadIndex‚Äô)

The result from running the above command is as follows

qfarm2

Hope it’s useful for someone out there!!!

 

 

Power Management of XenDesktop 7.x Delivery Groups – Prevent workloads from powering off when not in use


There are many a times when you would want to prevent XenDesktop/XenApp 7.x power management from powering off virtual machines in the catalog. If you ever wondered how to do it, here are the steps

Open the PowerShell in administrative mode on the Controller server

asnp citrix*
Set-BrokerDesktopGroup "Delivery group Name" -AutomaticPowerOnForAssignedDuringPeak $True

if the above doesnt fix it, then run the below command as well which will ensure that all the VMs are ready for connections all the time

Set-BrokerDesktopGroup "<Delivery group Name>" -PeakBufferSizePercent 100 -OffPeakBufferSizePercent -100

Citrix License Usage Monitoring using PowerShell


The below PowerShell script could be used to deliver automated emails on the Citrix License usage for Citrix Admins.

Where do you run this script from?

Citrix License Server

How do you run this?

The script could be saved as a file with an extension of .ps1

Also ensure that you have a folder called report_do_not_delete created in the C: drive on the license server. Also, make the relevant changes in the script marked in Red. Run the script as a scheduled task at a specific time to receive the license usage reports in your mailbox or run it manually from a PowerShell window in Admin mode

#Region Settings
#Your License Server
$CitrixLicenseServer = ‚Äúyourlicenseservername‚ÄĚ

#Do you want to report on licenses with 0 users?
$ShowUnusedLicenses = $true

#Toggle an alert above this percentage of licenses used
$UsageAlertThreshold = 0

#EndRegion Settings

#Region CollectData
#retrieve license information from the license server
$LicenseData = Get-WmiObject -class ‚ÄúCitrix_GT_License_Pool‚ÄĚ -namespace ‚ÄúROOT\CitrixLicensing‚ÄĚ -ComputerName $CitrixLicenseServer

$usageReport = @()
$LicenseData | select-object pld -unique | foreach {
$CurrentLicenseInfo = ‚Äú‚ÄĚ | Select-Object License, Count, Usage, pctUsed, Alert
$CurrentLicenseInfo.License = $_.pld
$CurrentLicenseInfo.Count = ($LicenseData | where-object {$_.PLD -eq $CurrentLicenseInfo.License } | measure-object -property Count -sum).sum
$CurrentLicenseInfo.Usage = ($LicenseData | where-object {$_.PLD -eq $CurrentLicenseInfo.License } | measure-object -property InUseCount -sum).sum
$CurrentLicenseInfo.pctUsed = [Math]::Round($CurrentLicenseInfo.Usage / $CurrentLicenseInfo.Count * 100,2)
$CurrentLicenseInfo.Alert = ($CurrentLicenseInfo.pctUsed -gt $UsageAlertThreshold)
if ($ShowUnusedLicenses -and $CurrentLicenseInfo.Usage -eq 0) {
$usageReport += $CurrentLicenseInfo
} elseif ($CurrentLicenseInfo.Usage -ne 0) {
$usageReport += $CurrentLicenseInfo
}
}
#EndRegion CollectData
$usageReport |Select-Object @{name=‚ÄôDate-time‚Äô;Expression={Get-Date} },License,Count,Usage,PctUsed,Alert|ft -AutoSize|Out-File -Append C:\report_do_not_delete\$(get-date -uformat ‚Äú%Y-%m-%d‚ÄĚ).txt
#$usageReport | Format-Table -AutoSize | out-file ‚ÄúC:\reports\usagereport.txt‚ÄĚ

#mail
Send-MailMessage -From ‚Äúsender@sample.com‚ÄĚ -To ‚Äúreceiver@sample.com‚ÄĚ -Subject ‚ÄúCitrix XenApp license usage ‚Äď Daily Report‚ÄĚ -Body ‚ÄúCitrix XenApp license usage ‚Äď Daily Report‚ÄĚ -SmtpServer ‚Äúsmtp.sample.com‚ÄĚ -Attachments ‚ÄúC:\report_do_not_delete\$(get-date -uformat ‚Äú%Y-%m-%d‚ÄĚ).txt‚ÄĚ


Storefront Multi-Site and High Availability – Guidelines for an Active-Active datacenter design


I am currently working on a XenDesktop 7.6 project that is designed to span 2 datacenters, Auckland and Sydney. One of the critical customer requirement is to redirect the user connections to their primary site regardless of their location first and failover to secondary site if the primary site is down. They also have a bunch of call center users in Manila, Philippines who should be assigned to primary site Sydney and Auckland as a failover site. Auckland users must be directed to Auckland XenDesktop site and Sydney users must be redirected to Sydney datacenter for their primary apps and desktops. There were also some additional requirements that are outlined below. In summary, the below are the technical requirements

  1. Redirect users to their nearest NetScalers
  2. Provide single published application icons for the same applications across both sites so that the application access is seamless to the user
  3. Users will be mapped to a primary site( Auckland or Sydney) and will need to failover to the secondary site in case of primary site unavailability
  4. Provide a single URL for application access for the users in all the sites, Auckland, Sydney and Manila.
  5. Any unique applications from both sites should be enumerated.
  6. There are certain applications that should be launched from one particular site for all the users due to the application backend requirements (limitations)

How do we achieve the above? This was something that was impossible to do with Citrix Web Interface up to versions 5.4. Wait, there is some hope.

XenDesktop Site Details

Auckland XenDesktop site consists of XenDesktop 7.6 site alongside Storefront 2.6 cluster with 2 nodes and NetScaler 10.5 for GSLB.

Sydney site also has a distinct XenDesktop site with a SF cluster with 2 nodes and a NetScaler for GSLB ( All same versions as in Auckland)

Design

Let’s look at how each element should be designed to achieve the above stated requirements.

Requirement 1 – Redirect users to their nearest NetScalers

This is quite an easy one and we would have done this countless times in our previous projects – yes, the good old GSLB ( Global Server Load Balancing). I am not going to reinvent the wheel here as there are some fantastic literature about this already from Citrix and from Carl Stalhood. I recommend the one from Carl as he has the latest one based on NetScaler 10.5

Requirement 2 – Provide single published application icons for the same applications across both sites so that the application access is seamless to the user

I am sure this is quite new to a lot of people out there, at least for me it was. This is where Storefront comes in. Citrix has built some excellent intelligence around Storefront to achieve this quite easily. This feature is technically called Resource Aggregation. There is an good explanation on this from Citrix here which i recommend every one to read. The key for this to work is to keep the application and desktop names the same across both XenDesktop sites. The path of application executables must also match for this to work. if there are differences, then they will be shown up as separate applications.

Also please note that AppController applications cannot be aggregated via this method.

Here is an excerpt from Citrix edocs on the above with changes relevant to my setup “Where a desktop or application with the same name and path on the server is available from both Sydney and Auckland, StoreFront aggregates these resources and presents users with a single icon. This behavior is a result of setting the aggregationGroup attribute to AggregationGroup1 for both the Sydney and Auckland deployments. Users clicking on an aggregated icon are typically connected to the resource in their location, where available. However, if a user already has an active session on another deployment that supports session reuse, the user is preferentially connected to the resource on that deployment to minimize the number of sessions used.”

Requirement 3 – Users will be mapped to a primary site( Auckland or Sydney) and will need to failover to the secondary site in case of primary site failure

The idea here is to split the users into 2 groups and assign them a primary site – In the end, one group will have the primary site assigned as Auckland and the other with primary site assigned as Sydney.

The key here is to add the users to separate AD groups for each sites and configure the XenDesktop sites/farms in a specific order (Manage Delivery Controllers in SF) and use the word “Failover” in Storefront configuration. I will get to this in detail in the Setup section below.

Requirement 4 – Provide a single URL for application access for the users in all the sites, Auckland, Sydney and Manila.

GSLB could do this quite easily. Please refer to the above links

Requirement 5 – Any unique applications from both sites should be enumerated.

This is already explained in parts under Requirement 2. If there is a case where any unique applications are to be delivered from one site for all the users, all that is required to be done is to publish that application in the relevant site. The application will appear when the enumeration is done and clicking it will take the users to the site from where the application is published.

Requirement 6 – There are certain applications that should be launched from one particular site for all the users due to the application backend requirements (limitations)

This use case is relevant when there are 2 or more applications with the same name across datacenters and you would need your users to always go to one datacenter to launch it. if the application isnt available at the primary datacenter, then it will be launched from the secondary datacenter. This is done by adding “Primary” and Secondary” keywords in the application description. Doing this will override the application load balancing/Failover rules specified above and will attempt to launch first from the Primary site. if the primary site app isn’t available for any reason, launch it from the Secondary site.

How this is all setup in Storefront

All the configurations are made in Web.Config file residing on the Storefront servers. Please also note that the changes must be made to the config file of the Stores and not the Web version of the Stores.

Now before you get started with the configuration, there are a few things that you need to have beforehand to make your life easier. XML Notepad will be one of them and the other will be the sample configuration from Citrix which could be found here

I recommend using XML Notepad as it makes the Web.Config file look ridiculously simple.

Getting Started

Create the Store as you usually do via Storefront Console. Update the information under “Manage Delivery Controllers”. Also ensure that you add the secondary site info as well in here now. This piece is very important in the process as the names that are used here will be reused in the Storefront configs later on in the Web.Config file. Once you make changes to Web.Config file, you cant change the “Manage Delivery Controllers” section via the GUI anymore for that store.

My Sydney Storefront cluster store will look like this after configuration. Please also refer the order of the sites – very important. First one must be Sydney followed by Auckland.

Sydney Site is called SYD and Auckland site is called AKL

Capture7

Those who have keen eyes must also have noticed that the “Edit” button is missing from the above. This is the file after the changes are made.

My Auckland Storefront cluster will have the above settings reversed.

Now create 2 AD Groups – One to host Sydney users and another one for Auckland Users. Add the users accordingly to it.

Get the SID of these groups – I used Sysinternals PsGetSid tool

Now to the main part, Web.Config file changes

Web.Config file

All StoreFront store configurations can be found in the respective web.config file  .\inetpub\wwwroot\Citrix\\web.config.

This is where we add the configuration for StoreFront High availability.

For convenience, I made a backup copy of the web.config file before making any changes.

As you will be making a lot of changes it is much simpler to edit the file direct on the server and not have to keep copying it back and forth to your machine each time.

I recommend you copy the example configuration from Citrix from here

Then in XML notepad, expand citrix.deliveryservices ‚Äď> resourcesCommon and delete anything underneath resourcesCommon

Then right click citrix.deliveryservices and click paste.

Your web.config should now look like this

Capture8

Delete 2 references to “equivalentFarmSet” under the node “equivalentFarmSets” and the config file should look like the below. You would also need to remove one “farm” and a backup reference. Overall It should look like the below. If it doesn’t, you are not going to achieve what you need.

Capture9

Now start populating the data values on the right and mine looked like the below after the config.

Capture10

The ones marked with red dots are descriptors so you could add what you like there.

Once you have done that, you have half of the logic in place. now for the other half, copy the node “UserFarmMapping” and paste it under “UserFarmMappings”. Look for the extra “s” XD

Once copied, you will need to reverse the entries for the failover to work. The copied part looked like this after the final config

Capture12

This is the final configuration below for the Sydney Storefront cluster. Save the Web.Config file. Close the file. Make sure that the changes are propagated to the other SF servers in the Sydney cluster using the GUI.

Capture13

Now, I will have to repeat the same process for the Auckland Storefront cluster in residing in Auckland datacenter

Just reverse all the settings that are made above and to those who are still confused on how it all should look like at the other end, below are a couple of screenshots from Auckland side.

Capture14

This is how the Store config is via the GUI in Auckland. Look at the order as I want the Auckland site to be processed first followed by Sydney controllers

Capture15

Citrix Studio Configuration

Add the Auckland_Test_Users AD group to the Delivery Group in Auckland site.

Capture16

Now how do you get the failover to happen to Sydney for Auckland users?? Well, create another 2 groups – one for Auckland and another for Sydney. use the Sydney group and add it in Auckland Delivery group. I didn’t talk about the extra 2 groups in the beginning to keep it simple. In fact you will need 2 AD groups per datacenter site. In my screenshot above, i used an account for testing – sydctxuser

Now the Sydney Delivery group is configured as below

Capture17

Please note that the Auckland account is added for failover. Use the second Auckland group in here in a production setup.

There you have it. You have a storefront that is intelligent enough to route the users based on their mappings and provide high availability. Also here is a copy of the configuration part of the web.config file as a sample below. Just change the items marked in BOLD except for “Default” entries

Capture18

 
<resourcesWingConfigurations>
        <resourcesWingConfiguration name="Default" wingName="Default">
          <userFarmMappings>
            <clear />
            <userFarmMapping name="Sydney_user_mapping">
              <groups>
                <group name="BCS\Sydney_Test_Users" sid="S-1-5-21-1752688384-406871208-1000598102-10304" />
              </groups>
              <equivalentFarmSets>
                <equivalentFarmSet name="SYDNEY" loadBalanceMode="Failover" aggregationGroup="AggregationGroup1">
                  <primaryFarmRefs>
                    <farm name="SYD" />
                    <farm name="AKL" />
                  </primaryFarmRefs>
                  <backupFarmRefs></backupFarmRefs>
                </equivalentFarmSet>
              </equivalentFarmSets>
            </userFarmMapping>
            <userFarmMapping name="Auckland_user_mapping">
              <groups>
                <group name="BCS\Auckland_Test_Users" sid="S-1-5-21-1752688384-406871208-1000598102-10303" />
              </groups>
              <equivalentFarmSets>
                <equivalentFarmSet name="AUCKLAND" loadBalanceMode="Failover" aggregationGroup="AggregationGroup1">
                  <primaryFarmRefs>
                    <farm name="AKL" />
                    <farm name="SYD" />
                  </primaryFarmRefs>
                  <backupFarmRefs></backupFarmRefs>
                </equivalentFarmSet>
              </equivalentFarmSets>
            </userFarmMapping>
          </userFarmMappings>
        </resourcesWingConfiguration>
      </resourcesWingConfigurations>           
                    
                    
               

Find the Total Unique & Peak Licenses Usage in XenApp/XenDesktop


Okay, this is going to be a short one and I came across this while investigating an issue for a customer who runs a XenApp 7.15 LTSR farm. Well, “Citrix Virtual Apps” as it is called these days. Citrix, what’s up with changing product names every year? you gotta stop doing this for God’s sake. Peace.

Here is the command. Firstly, load the Citrix cmdlets by running

asnp Citrix*

Now, the actual command to find the information

Get-BrokerSite

The result will look like the below

Setting up VMware Workspace One Intelligence


Workspace ONE Intelligence Initial Setup

This post explains how to setup Workspace One Intelligence using the WS One UEM console. It is quite a simple process so here you go.

  • Log on to the VMware UEM console (AirWatch console) and click on the Monitor tab on the left

Click on Intelligence on the second pane

https://media.screensteps.com/image_assets/assets/002/614/018/original/2731d451-e535-4de2-b3ab-f3997519c885.png
  • It will now give you the information as to what Intelligence will collect from your UEM environment.

Click the check box next to  “Opt In” and select Next at the bottom of the page.

  • You will now need to fill in your details and select ACCEPT
  • You will now be re-directed to the Intelligence server.

You now have access to the WorkspaceOne Intelligence platform.

Workspace ONE Intelligence Integration Setup

We will setup the WorkspaceOne Intelligence integration with VMware Identity Manager. this will allow us to begin aggregating information based on logins to Workspace ONE UEM and AppLaunch.

1. On the left of the pane, navigate to and select the dropdown next to Settings , and select Integrations select SET UP under VMware Identity Manager

2. Select GET STARTED on the the wizard page

3. On the Authorize: VMware Identity Manager page select Provide Credentials and next to Tenant Domain* type your unique vIDM tenant URL for this course.
e.g https://lalm0204.vidmpreview.com

4.  Select CONNECT TO IDENTITY MANAGER

5. On the Workspace ONE Intelligence Integration window select  ACCEPT

6. On VMware Identity Manager authorised successfully window select FINISH

This concludes the setup of VMware Workspace One tenant.

How to verify that NetScaler COOKIEINSERT persistent sessions are working?


Ever had issues with your Storefront load balancing setup not working after painstakingly setting up NetScaler load balancing?

Now, let’s discuss a few reasons why cookie based persistence are better (in some scenarios) compared to Source-IP based persistence.

In some circumstances, using persistence based on source IP address can overload your servers. All requests to a single Web site or application are routed through the single gateway to the NetScaler appliance, even though they are then redirected to multiple locations. In multiple proxy environments, client requests frequently have different source IP addresses even when they are sent from the same client, resulting in rapid multiplication of persistence sessions where a single session should be created. This issue is called the ‚ÄúMega Proxy problem.‚ÄĚ You can use HTTP cookie-based persistence instead of Source IP-based persistence to prevent this from happening.

If all incoming traffic comes from behind a Network Address Translation (NAT) device or proxy, the traffic appears to the NetScaler appliance to come from a single source IP address. This prevents Source IP persistence from functioning properly. Where this is the case, you must select a different persistence type.

HTTP Cookie Persistence

When HTTP cookie persistence is configured, the NetScaler appliance sets a cookie in the HTTP headers of the initial client request. The cookie contains the IP address and port of the service selected by the load balancing algorithm. As with any HTTP connection, the client then includes that cookie with any subsequent requests.

When the NetScaler appliance detects the cookie, it forwards the request to the service IP and port in the cookie, maintaining persistence for the connection. You can use this type of persistence with virtual servers of type HTTP or HTTPS. This persistence type does not consume any appliance resources and therefore can accommodate an unlimited number of persistent clients.

Note: If the client’s Web browser is configured to refuse cookies, HTTP cookie-based persistence will not work. It might be advisable to configure a cookie check on the Web site, and warn clients that do not appear to be storing cookies properly that they will need to enable cookies for the Web site if they want to use it.

By default, the NetScaler appliance sets HTTP version 0 cookies for maximum compatibility with client browsers. (Only certain HTTP proxies understand version 1 cookies; most commonly used browsers do not.) You can configure the appliance to set HTTP version 1 cookies, for compliance with RFC2109. For HTTP version 0 cookies, the appliance inserts the cookie expiration date and time as an absolute Coordinated Universal Time (GMT). It calculates this value as the sum of the current GMT time on the appliance and the time-out value. For HTTP version 1 cookies, the appliance inserts a relative expiration time by setting the ‚ÄúMax-Age‚ÄĚ attribute of the HTTP cookie. In this case, the client‚Äôs browser calculates the actual expiration time.

So some of the benefits of using cookie based persistence are

  • Easy to configure
  • Load balancer does all the work without involving the back end services (mostly a web server)
  • No connection table to maintain
  • Activity based – Time out is based on idle connection and not the total connection time
  • caters to most of the load balancing scenarios
  • if proxies are involved in the setup where source IPs are masked, this makes it an easy choice

Cons of Cookie based persistence

  • can throw off the load balancing where timeouts are set to 0 or when time outs are long lived
  • when Type 0 cookie is used, time of the cookie value is absolute(GMT time). When type 1 is used, relative time is used (local time)
  • hard to troubleshoot

Testing COOKIEINSERT persistence

Use Putty or some other SSH clients to login to the NetScaler.

sh lb vserver vservername

If you take a closer look at the snippet above, the letters in yellow shows that COOKIEINSERT persistence is turned ON with a time out value of 0 mins. This means that the cookies doesn’t have an expiry time set by the NetScaler appliance. The backup persistence is set to SourceIP with a time out value of 60mins. You can also see the cookie values at the bottom of the results staring with NSC_xxxxxxx

You will now need to get into Shell with an account that has permissions. To get to shell, type shell and hit enter

Now type the following

nsconmsg -i vservername -s ConLb=1 -d oldconmsg

In the snippet above, the highlighted text in yellow shows that persistence is set to Cookieinsert and the number of hits for each service. You will also get values such as response times, CPU and memory utilization.

VIP value shows the total number of hits to the vServer hits
Each service has a line starting with S (IP Address) and its status.
Hits (x, x/sec) shows the initial (method) hits to the service for a new connection.
P (x, x/sec) shows hits to the service that are served using a persistence cookie

Also, check the current persistent session via the commands below

sh persistentsessions
sh persistentsessions -summary