Extract the Application Groups from a Delivery Group – XenApp/XenDesktop 7.x


This is going to be a quick post to explain how you can extract all the AD groups that are currently being used for the various applications that you serve in XenApp/XenDesktop 7.x farms. This came very handy when I had a large number of applications that need to be migrated to a new XenApp 7.15 LTSR farm. This will also come very handy for documentation purposes.

First up, you will need to find the Delivery Group Name UUID that you need to extract the details from. If you have multiple delivery groups, you will need to find the UUIDs for all the Delivery groups.

To find the UUID, run the command below in a PowerShell window in admin mode

asnp Citrix*
Get-BrokerDesktopGroup

This returns the details of all the Delivery groups in the XenApp farm.

Take a note of the UUID value

Now run the below to show the application names and the assigned user AD groups

Get-BrokerApplication -AssociatedDesktopGroupUUID 918bd477-6848-4d27-b98d-28296e78d6a1 | select ApplicationName,AssociatedUserFullNames

27

You can get all sorts of results by changing the filters. To know the available filters, please refer here

Or simply run the below which shows the various filters that you can use for a given application

Get-BrokerApplication

That’s it for now. I hope this helps someone with their PowerShell journey in Citrix

Storefront Load balancing using NetScaler


It’s been a while since I wrote on my blog so let’s get straight into the post without much mucking around. This time we will discuss how to go about setting up Storefront load balancing using NetScalers. This can be configured on a standalone NetScaler or a NetScaler pair in HA. The recommendation is obviously to get this setup on a HA NetScaler pair so that NetScaler outage wouldn’t result in Storefront also being unavailable.

My Storefront version is 3.11 and have a cluster with 2 Storefront servers. NetScaler version is 11.1 but the NS version shouldn’t matter much as the steps would be more or less the same for other NetScaler firmware versions – newer or older. (unless you are too far behind)

Pre-Requisites

To configure Storefront load balancing we need the following –

  • 2 or more Storefront servers
  • an IP address for the virtual server that hosts the LB configuration
  • SSL certificate that points to the intended load balanced URL of Storefront – the certificate can be a wild card or a named certificate

First Things First

Logon to your NetScaler and navigate to System — Settings — Configure Basic Features. Ensure that Load Balancing is selected, if not select it and click OK

1

NetScaler Configuration

Create Servers

Now, navigate to Traffic Management — Load Balancing — Servers. Click Add

2

Give the Storefront server a name and enter the IP address of the server. Ensure that “Enable after creating” is selected. Click Create

Add the second Storefront server following the above steps. If you have more than 2  servers, add all of them.

3

Create Monitors

New NetScaler version come with a built-in Storefront monitor so we are going to make use of it here. Go to Traffic Management –Load Balancing — Monitors and click Add

Here I am only going to create a single monitor to probe all my Storefront servers. You can choose to create multiple monitors depending upon the number of Storefront servers that you have. In my case, i will create just one.

Give a name to the monitor and select the type as STOREFRONT

5

Now select Special Parameters tab and provide the name of the Store that you have created in Storefront. Check the 2 entries – Storefront Account Service and Check Back End Services. 

4

Click on the Standard Parameters tab. Ensure that Secure is selected as below. Click Create

6

Create Service Groups

Go to Traffic Management –Load Balancing — Service Groups

Give a name to the service group and select the protocol as SSL. Check the entries below

  • State
  • Health Monitoring
  • AppFlow Logging (only if you have NetScaler MAS in your environment)

Click OK

7

Under Service Group Members, add the server entities that we created earlier. Once done, they will look like the below

8

Under Settings, type the Header as X-Forwarded-For

9

Under Monitors, bind the monitor that we created before

10

Under SSL Parameters, setup the settings as below

11

Under Ciphers, setup the ciphers based on your company security policy.

12

Once done, Service Group for Storefront should look like this

13

Now, it’s time to create the Virtual Server

Virtual Server

As mentioned in the pre-requisites section , we need an IP address for this. If the NetScalers are sitting in the DMZ, a DMZ IP address is required. In my case, NetScalers are hosted internally so i will use an internal unused IP address.

We will also need the SSL certificate here.

Go to Traffic Management –Load Balancing — Virtual Servers

Click Add

Give a Name to the virtual server and select the protocol as SSL

Specify the IP address under IP Address field and specify the port # as 443

14

Click More and specify the settings as below (note, that AppFlow logging only needs to be enabled if you have a NetScaler MAS setup or other monitoring solutions that could make use of AppFlow logs)

15

 

Under Services and Service Groups, click on Load Balancing Virtual Server ServiceGroup Binding

Click Add Binding and select the Service Group that you created in the previous step. Click OK

Once completed, the page should look like the below. Click Close and click Done

16

It’s time to attach the certificate. Go to Traffic Management — SSL — Manage Certificates / Keys / CSRs

17

 

Click on Upload button and upload your certificate file to NetScaler

Go to Traffic Management — SSL — Certificates — Server certificates

Under Certificate, click on Server Certificate and then Install

Give a certificate key-pair name and choose the certificate that was just uploaded in the previous step. Click Install

Now, go back to Traffic Management –Load Balancing — Virtual Servers

Select the Virtual server created for Storefront and click Edit. Under Certificates, select Server Certificate and then Click Add Binding

Under SSL Ciphers, select the ciphers that you would like to be in place. I am going with the default one. This is not the most secure for a production setup so go with something that’s secure enough for your organization.

Under SSL Parameters, configure the settings as below. Click OK

18

Under Method, Select LEASTRESPONSETIME for the Load Balancing Method. Configure a Backup LB Method, I choose LEAST CONNECTION

You can read more about the LB Methods here

19

Click OK

Under Persistence, select COOKIEINSERT for Persistence with a time-out value of 0. You can also read why I selected the timeout value of 0 here

Under Backup persistence, select SOURCEIP with a timeout of 60. Fill in the Netmask as in the picture

20

Click OK and then Done

We have now completed almost 90% of the config. There are a couple of things left so hold on tight.

The configuration so far will ensure that load balancing will be performed between the Storefront servers ( I know, i know I haven’t setup the DNS entries for the load balanced VIP)

If someone type in the http URL of LB Storefront in their browser, it will not go anywhere. It will show them the IIS page instead. So how do we ensure that the users are redirected to the correct Storefront page (https version) every single time? We will setup another virtual server on port 80 with a redirect URL configured.

Let’s do that now.

Under Traffic Management –Load Balancing — Virtual Servers, Click Add

Under Basic Settings, give the virtual server a Name and select protocol as HTTP

Specify the same IP address as for the Storefront LB VIP and provide 80 for the Port #

Click OK/Create

Under Persistence, select SOURCEIP with a timeout of 2 mins

21

Click OK

Under Protection, type in the correct HTTPS URL that you would want the users to be redirected to under Redirect URL field

22

Click OK. Then click Done

You will notice that the virtual server will be marked as down

23

DNS Changes

Now head over to the DNS server and open the DNS Console

Create an A record pointing to the Storefront LB name with the IP address configured on the vServer for LB configuration.

Storefront Changes

This is the last step, I promise. Head over to the Storefront servers and it’s time now to run some Powershell commands

Now, the monitors that we created earlier will be marked as Down if we didn’t perform this step prior to creating them on the NetScaler. That’s because the monitor created was based on HTTPS and by default, Storefront monitoring is done on HTTP

To change this to HTTPS. We need to configure the monitor service to use HTTPS instead. On all the StoreFront 3.0 servers perform the following steps.

Run PowerShell as an administrator.

Navigate to the Scripts (C:\Program Files\Citrix\Receiver StoreFront\Scripts) folder via the Powershell on the Storefront server,

Run ImportModules.ps1

24

Run the below command

 Get-DSServiceMonitorFeature

25

Now, type the below to setup the Storefront Monitor on HTTPS

Set-DSServiceMonitorFeature -ServiceURL https://localhost:443/StoreFrontMonitor

 

Repeat the above steps on all the Storefront servers.

Now, head back to the NetScaler and you can see that the monitor will be in GREEN and showing a status of UP

That’s all we need to do to setup Storefront load balancing using NetScalers.

 

 

 

 

AUTOMATION OF A XENDESKTOP/XENAPP DEPLOYMENT – PART 3


This article will cover how to install the Citrix Studio component.  For those of you who are unfamiliar this will act as your centralized point of control for your Citrix environment.  You can also interact with it as you’ve seen in previous examples through command line operations as well.

In order to install the Studio for management the process is straight forward.  Run the executable with a few switches –

[C:\Downloads – “Your download location”]\x64\XenDesktop Setup\XenDesktopServerSetup.exe /PASSIVE /NOREBOOT /CONFIGURE_FIREWALL /COMPONENTS DESKTOPSTUDIO

Once your Studio component is installed, you can validate the installed components by reviewing their accessibility form your server where the command was executed.

Studio

Next up would be installing your StoreFront component.  This will provide front end access to your delivered applications and desktops.

StoreFront

The process is the same.  Utilizing your Citrix installed, you will call the following executable with the following switches:

[C:\Downloads – “Your download location”]\x64\StoreFront\CitrixStoreFront-x64.exe -silent -logfile “%am_logpath%\StoreFrontSetup.log”

For adding additional Storefront servers to a load balanced group, you can utilize a variety of different scripts to determine if the server is already part of a group, and if not join it.

Creates a script to review if the Citrix services are running on the server where the scripts are executing, and if so join the new StoreFront sever to a group. If not create a group of its own.

Set a conditional statement to evaluate the value of this being returned, and execute one of the following scripts.

For Creating:

Set-DSInitialConfiguration -hostBaseUrl [Hostname]-farmName [FarmName] -port [ListeningPort] -transportType [TransferType] -sslRelayPort [RelayPortforSSL] -servers [ServerToAdd] -loadBalance [LoadBalancer] -farmType [FarmType] -clusterId [ID]

 

Or, For Joining an Already Existing:

Obtain the passcode and store value –

Start-DSClusterJoinService

$Passcode = (Get-DSClusterJoinServicePasscode).Response.Passcode

and finally join,

Start-DSClusterJoinService

Start-DSClusterMemberJoin -authorizerHostName $ExistingNode -authorizerPasscode $JoinPass

 

The final portion would really only be interesting if you were automating the same process over and over again.  This is where a product like Login AM which organizes your scripts, and variables would become handy.  If you are interested in any information about Login AM or automation of Citrix Deployments please reach out and let me know or drop and comment I would like to have meaningful conversations about automation, and increase my understanding of the products as well.