Citrix Cloud Testing on Amazon EC2 M4


Citrix Cloud on AWS

I was recently afforded the unique opportunity to collaborate on a project to test capacity out of a Citrix XenApp on AWS deployment. The goal of the project was to independently determine the maximum user density for a few different EC2 instance types running XenApp 7.14.

EC2 instances are on-demand and elastic hosted server resources. Which means that they are provisioned dynamically within a pool of available resources, and with an OS you deploy ontop. Amazon provides a variety of templates to easily install Windows, Linux or your other favorite OS. EC2 instances are broken down into a few varieties. They are optimized for storage, memory, compute or graphics. The designation before the name of the instances illustrates their configuration. G3 indicates graphics optimized instance third generation.

The other difference between instance type is the cost. If you are provisioning a 2vCPU 4GB of RAM machine the price per hour would be significantly less than that of a 16vCPU 64GB of RAM machine.

1st

This would allow the customer to match the exact machine size to the purpose of their deployment, and optimize the amount of money they were spending on their hosted application solution.

Utilizing Login VSI’s virtual users I ran a predetermined user count against a Citrix XenApp deployment managed from Citrix Cloud.

For this blog, I will only discuss one data point, and the Citrix Cloud configuration on AWS. We have a significant amount of results, and we will make those available on www.loginvsi.com/blog.

For those of you not familiar Citrix Cloud is providing Citrix capabilities traditionally delivered on premise through a HTML web based user experience therefore installing a receiver is no longer required.

Some of the key components as they move into their cloud forward offerings are StoreFront / Netscaler and Studio.

2nd

StoreFront and NetScaler are completely managed now through a web page. This completely removes the administrator’s responsibilities of configuring hardware / software solutions for Citrix. You simply fire this up, attach it via their “Citrix Cloud Connector” and configure to start deploying your desktops or apps. It works completely flawlessly.

Studio is managed through the connector as well, and provides the Citrix HTML 5 receiver for management access through the Citrix Cloud web portal.

During my time working with it, it proved to be very flexible, easy to configure and reliable for all testing. I would recommend this to any administrator looking at future proofing their Citrix deployments. It is truly ready for market.

Some images below of the management interface:Some images below of the management interface:

There will be a management icon within your Citrix Cloud Dashboard. Select “XenApp and XenDesktop Service” “manage”

3rd

You will then go to the management interface for XenApp / XenDesktop; you have two options Creation and Delivery. Creation – Studio / Delivery – StoreFront / NetScaler:

4th

Management interface for Studio. Notice the Citrix Receiver icon in the middle. Studio is provided through the Citrix HTML 5 receiver. Interesting touch.

5th

Management for Citrix NetScaler / StoreFront:

6th

AWS Configuration for demonstration purposes:

7th

Color coded

8th

Delivery group configuration:

9th

11th

There is only one XenApp host in each delivery group. This is to determine the maximum amount of users for one M4.

2XLarge instance backing the XenApp host. We are delivering Office 2016 applications, and the standard set of VSI Knowledge worker actions.

It is very easy to change the instance type in EC2. You simply select the “Instance” and change the “Instance Type” through the context menu.AWS_Change_Instance_Types

There are a variety of different configuration, which allows you to really get the most out of the testing. If you are aiming for user density numbers you can size it exactly. This allows you to pay for EXACTLY what you need as opposed to over provisioning. This will help drive the cost of VDI / SBC deployments down ultimately, and increase end user experience quality.

If you are sizing your images with Login VSI and backing them up with EC2 AWS instances you are getting an optimal user experience exactly sized right for your needs.

Information on instances:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html

VSI Results

12th

Testing Configuration

For our testing purpose we provisioned a m4.2xlarge machine on EC2. This instance has a machine profile of 8 vCPU and 32 GB of memory. This is either running a XENO E5-2686 or 2676. Mostly a general use machine which is balanced.

Our testing configuration was 50 test users over the course of 48 minutes. We utilized the industry standard Knowledge Workload. This mostly presents a large portion of the VDI / SBC user base. Office application and standard office applications like Adobe Reader.

 

Application start times are all over the place for the most part, but staying for the most part under 12 seconds. Which would be reasonable for the users. Login process takes under 16 seconds even under VSI Max settings.

 

What does the backend look like?

16th

When the CPU is at 100% the VSIMax is being reached within the user session. This means the numbers are indicating the bottleneck to be the CPU provisioned for the M4.2Xlarge instance which is approximately.

Wrap-up

Seeing is believing and after testing it I can confirm that Amazon EC2 is ready for the prime time. We were able to support 42 concurrent users on a M4.2Xlarge and we were able to have a continuous level of excellent user experience while doing so.

Amazon is ready to supplement your traditional on premise solutions with readily available and quickly scalable resources in the cloud. Using Citrix Cloud services you can very easily scale your delivery out to support your user base as it dynamically changes.

Using VSI you can validate your configurations with support your users and put a check box next to user experience.

Using these three solutions you can future proof your company, and deliver on a promise of value & experience

Finally, if you are looking for some testing for your deployment please reach out to me here or b.martynowicz@loginvsi.com.

As always stay tuned for more results.

Advertisements

Citrix AppDisk – All that you need to know!!


AppDisk is an awesome technology from Citrix but it comes with its own quirks which admins/consultants should be aware of. Below are some of the items that i thought are important to know about the technology and how to set it up.

There are a few things to keep in mind before attempting to create an AppDisk.

firefox_screenshot_2016-11-29t00-48-41-888z

AppDisk additional permissions

  • when you specify a size for the AppDisk, you wouldn’t be able to utilize all the size that you allocated. for eg, for an AppDisk size of 5 GB only, 3.66 are useable so always give some extra when creating appdisks
  • Don’t create snapshots of the machine prior to creating the AppDisk when using MCS Catalogs
  • There is currently no way to resize the AppDisk from within the Studio. PowerShell is the way to go.
  • There is NO versioning built into AppDisks at this stage. All that you are doing when clicking on “Create New Version” is creating a clone of the existing AppDisk which could be used to edit and update the AppDisk
  • Enable both the Shadow Copy and Microsoft Software Shadow Copy Service Provider services. https://support.citrix.com/article/CTX211853
  • Some of the commands that you will find useful when working with AppDisks are as follows
>Get-AppLibAppDisk
>Get-AppLibTask

To get a list of all the active tasks running, run the below

>Get-AppLibTask -active $true

To stop a particular task, run the Get-AppLibTask and take a note of the task ID

>Stop-AppLibTask

The above stop command will not remove the failed task from the Studio console. to remove it completely from the studio, run the following command

>Remove-AppLibTask
  • In many cases, AppDisks work on different OSs. For example, you can add an AppDisk that was created on a Windows 7 VM to a Delivery Group containing Windows 2008 R2 machines, as long as both OSs have the same bitness (32 bit or 64 bit) and both support the application. However, Citrix recommends you do not add an AppDisk created on a later OS version (such as Windows 10) to a Delivery Group containing machines running an earlier OS version (such as Windows 7), because it might not work correctly.
  • Finally, the link here from Citrix is a MUST READ as it covers a lot of information on MCS type and PVS type deployments https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/install-configure/appdisks.html

Creation Process

  • Boot the reserved VM into the Maintenance environment and leave it at the login screen
  • Head to the Studio console and select the AppDisk node. Click Create AppDisk
  • Specify the size of the disk and a name of the AppDisk in the wizard.
  • As soon as the AppDisk creation begins, the VM will be restarted. Boot the VM back into the Maintenance vDisk
  • Now wait for the process to complete
  • In the mean time, you would be able to see a drive mapping with label (Citrix) being created on the VM with the specified disk size of the AppDisk (5 GB in my case)drive-map
  • Refresh the Studio console to ensure that the VM is powered ON and is registered.studio
  • Be patient as this could take while to complete.
  • If the process gets stuck at “Creating…..” state, run the command
    Get-AppLibTask -active $true

    Check the value of TaskProgress and if it is at 95%, its time to restart the VM. studio

  • Once restarted, boot the machine back into the Maintenance disk
  • Ensure that the VM is registered. Login to the VDA now and make sure that the AV agent isnt running (I have seen that logging into the server helps speed up things)
  • The AppDisk creation process should now be complete.
  • Its time now to install the applications- Right click the AppDisk name and select Install Applications
  • Once you are happy with the app install, its time to seal the disk
  • Right click and select “Seal AppDisk”
  • When the sealing process is started, the VM will restart. Just ensure that the VM restarts back into the maintenance disk
  • Once the server is back up, log into the server to speed up the sealing process. if there are AV agents running, temporarily disable it
  • The VM will restart again
  • choose the maintenance disk again and boot into it
  • it is at this stage, it will start AppDNA disk analysis (assuming that you have AppDNA integration configured)importappdiskdna
  • Refresh the Studio now and you can see the Appdisk is at Ready(AppDNA:Capturing) state
  • Soon the process should complete. The AppDisk should now be ready for app delivery readystate
  • Head on to the PVS console and delete the Maintenance vDisk that was initially created for AppDisk . Once the AppDisk is sealed, you MUST boot into the vDisk version before the Maintenence version to be able to see the applications installed on the AppDisk. Strange but true 🙂
  • If you need to edit(add more apps) a Sealed Appdisk, create a fresh Maintenance vDisk and continue with the updates. The older Maintenance vDisks will not work once sealed and should be removed from PVS console (Versioning)

 

Assigning an AppDisk

As previously stated, AppDisks require a machine catalog that isnt assigned to any delivery groups. So naturally the first step after creating an AppDisk is to create a delivery group and attach the AppDisk to it.

Updating an AppDisk

  • Create a Maintenance vDisk from the PVS Console
  • Change the VM type to Maintenance in the PVS Console (Device Collections)
  • If the Prep machine is already a member of a Delivery group, remove it from the delivery group.
  • Boot the Prep VM into the Maintenance vDisk and leave it at the login screen
  • Go to AppDisk node in Citrix Studio and select the AppDisk that needs to be updated.
  • Choose Create New Version
  • Give it a name and select the Machine catalog name where the prep machine resides
  • Click Create New Version
  • At this point, it creates a Control Disk

control-disk

  • The Prep VM will now restart. the next step is to “Reserve” the Virtual machine
  • Boot the VM back into the Maintenance vDisk

reservevm

  • It then proceeds with the Layer creation and completes it. It would say ready to install applications in Studio
  • Proceed to install applications as you would normally do
  • Seal the Appdisks when completed.
  • Delete the Maintenance version from the PVS console and change the VM type to Production from Maintenance

 

Diagnosing issues with AppDisk

AppDisks come with a logging tool that could be found here at C:\Program Files\Citrix\personal vDisk\bin\CtxAppDisksDiag.exe

Run the above tool as an admin and select the folder where you would like to see the log files and click OK

 

Importing an AppDisk

There are times you will need to import a pre-created AppDisk to the Studio. This method will also work for the manually built virtual machines.

Carl Stalhood has detailed the process to import AppDisks in his blog post here

The curious case of NetScaler access with error message ” The Connection to “Desktop” failed with status (Unknown client error 1110)”


I was pulled into to look at a problem for one of our customers with their Netscalers which stopped the user connections intermittently throwing a very “helpful” error message ” the connection to the desktop failed with status (unknown client error 1110).

The customer description was “it only started to happen a few weeks ago and these days its quite impossible to land a successful connection from the outside of our corporate network”

I managed to get a couple of screenshots of error messages from the users and they appeared like below. When queried, the internal access via Storefront is working fine.

image001

Looking at the error message, there are a multitude of reasons why you would get that and i am outlining the common areas to look in such cases.

  • Check if the Root certificates and intermediate certificates are available on the client devices. If frequently patched, the client will most probably have the latest and update Root CA’s from various public CAs. Check the IE’s / Other browsers’ certificate store to verify the Root and Intermediate CA SSL certs
  • If using non-IE browsers for connectivity, switch over to IE to see if it connects. IE is the safest bet when it comes to connectivity to Citrix environments.
  • Check for SSL ciphers attached to the NetScaler Gateway vServer. If high security ciphers are used, this issue may occur. relax the cipher suites to see if that makes a difference. Again, if cipher suites are an issue, the issue will occur every single time when you connect and not sporadically.
  • Check the STAs on the NetScaler and ensure that it matches with the STAs configured on the  WI/Storefront. This is one of the most important setting to check and probably the first one to check if the issue occurs only sporadically. There is a high possibility of an STA mismatch as it turned out to be in my case.
  • Check the FW from the NetScaler to the VDA – As the title says ensure that the Citrix ports to the VDA are open from the Netscaler

XenApp & XenDesktop 7.x – Citrix Director Load Balancing using NetScaler


Here is a quick and easy way to load balance your Citrix Director instances in a XenApp or XenDesktop environment.

Below is my environment

  • Citrix Director servers ( Controller servers in most cases) – director-1 and director-2
  • A NetScaler HA pair ( you can do this on a stand alone NetScaler as well)

 

Monitors

Firstly, create a monitor for the Director services

Navigate to Traffic Management >Load Balancing >Monitors and click Add

mon1

Give it a name and select type as HTTP ( if there are no SSL certificates installed on the Director servers). Click on the Special Parameters tab and under the HTTP Type box, enter GET /Director/LogOn.aspx?cc=true

mon3

Before you click Create, ensure that it is enabled and Secure box is ticked if SSL certs are being used.

mon4

Click Create

Servers

  • Second step is to create Servers

Navigate to Traffic Management >Load Balancing >Servers and click Add

mon5

Add your Director servers here

mon6

Similarly, add the second Director servers as well

Service Groups

  • Now create the Service Group

Navigate to Traffic Management >Load Balancing >Service Groups and click Add

mon7

Give the Service Group a name and protocol is HTTP and click OK

mon8

Now Edit the service group that was just created and click on Service Group members and add the newly created services, director-1 and director-2

mon9

Once added, it will look like the below

mon10

 

Click Close. Click on the Monitors link as below and add the monitor that was created in Step 1

mon11

Once add the screen will look like the below. Click Close

mon12

The service group will look like the below once the above steps are completed.

mon13

Click Done

Responder Policy

A Responder policy needs to be created to redirect the users from the root of the IIS web server to the Director page.

Please note that Responder feature may need to be enabled first before you can use it.

Click on the + sign next to AppExpert and select Responder. Right click and choose Enable Feature. The yellow exclamation mark will disappear when you do that.

Once enabled, Navigate to AppExpert >Responder > Actions

mon14

Now think of a nice name to call the load balanced Director instance. you will need to add a DNS host entry later on for this name. the name that i have chosen is director

Give it a descriptive name and use the drop down for Type to select Redirect

Under Expressions, type the string here with the quotes as below

"http://director.domain.co.nz/Director"

mon15

Click Create

Time now to create the Responder policy. The one that we created earlier was a Responder action.

Give a descriptive name to the Responder policy and under the Action drop down menu, select the name of the action that was created in previous step. Under the Expressions field,  type

HTTP.REQ.URL.CONTAINS(“Director”).NOT

mon16

Click Create

Virtual Server for Load balancing

Reserve an IP address to use for the virtual server.

On the left, navigate to Traffic Management >Load Balancing >Virtual Servers and click Add on the right. Give it a name and select the Protocol as HTTP

Specify the IP address for virtual server and the port number as 80. Click OK.  Note that in production environments, use secure Director access by using an SSL certificate. For the purpose of demo, we are using an unsecure connection

mon17

On the page where it says, Services and Service Groups, click No Load Balancing Virtual Server ServiceGroup Binding

mon18.PNG

Add the service group that was created in earlier steps

Click Continue

On the right hand side under Advanced Settings, Click Persistence

Select SOURCE IP as the Persistence and change the timeout value to 245 ( the default time out value for Director is 245 mins). Leave the rest of the settings as defaults and Click OK

mon19

Now, move on to the right hand side again and select Policies

Select Responder as the policy and Type as Request and click Continue

mon20.

Select the redirect policy created earlier and click Bind

mon21

Click Done

Ensure that the virtual server is marked as UP in green.

DNS Config

Create a host A record in DNS for the name which in my case is director

Test the Director URL and ensure that it redirects you to the correct URL and also login and confirm that Director is usable.

That’s all you need to do to setup Director load balancing using NetScaler.

 

 

 

 

XenApp & XenDesktop 7.x – Error “Incompatible Settings on SDK” on Delivery Groups


My colleague came across this error message while working with a customer where he had to prevent Citrix Desktops from being shown to users if they are in a particular AD group. He didn’t recall what he did wrong but he ended up with Desktops doubling up for a standard user who isn’t a member of exclusion group.

Inspecting the delivery group, he noticed Desktops per user settings  under User Settings has a different value “Incompatible Settings on SDK

desktopsperuser

Querying the Delivery group

Get-BrokerEntitlementPolicyRule

Going through the results, there is an additional desktop without any filtering applied. The fix is to remove the additional desktop. In his case, it was named was “Desktop_2”

Remove-BrokerEntitlementPolicyRule -Name "Desktop_2"

Running the get command shows the below results.. the second desktop is gone!!!

startbutton

Hopefully this helps someone.