Category Archives: Uncategorized

BriForum2014-Profile Madness with Nick and Dan from CCS

Profile Madness: Roaming, UE-V, AppSense & UPM.  WTF Should I do?

Nick Rintalan and Dan Allen from Citrix Consulting  They both have been there for over 10 years.

Every OS had to change the Start Menu and Desktop have to change because they hate us and they may be a little evil.

Keep updating NTUSER.DAT versions and we had v1 for a very long time and now v2 for Vista\7 and v3 for 8 and v4 now for 8.1 if you didn’t know we went from 1-4 in just 4 years.

3rd Party isn’t always the answer you would expect and the complexity some of them have outweighs the benefits they could provide as a profile management solution.

Nick is using GPP plus roaming profiles with exclusions and using folder redirection and beat AppSense with 1 second at a client.

Bad expectations trying to do a lot of things that are not possible with a physical workstation that you are trying to replace like desktop background or word files needing to be replicated to another session instantly or to another datacenter.

Mandatory, Roaming, UE-V, UPM/VPM and 3rd Party are your Profile Hell Options.

Every folder should be redirected other than LocalAppData in most cases.

Redirecting AppData is the biggest fighting within redirecting fight and Shawn Bass and Nick like the battle about it on a regular basis.

The largest Citrix customer using 250,000 users is using Mandatory Profiles and it is fast and does not care about what someone changes because it will not write anything.

Server and Desktop and 64 and 32 bit device types should be separated on the profile side because of all the known incompatibilities

UE-V requires MDOP to have access, so smaller shops may not have it and might be able to afford it.  UE-V will exclude everything until you tell it what to include which is better in a couple ways and can make it easy to skip things.  UE-V isn’t the only answer but it does bolt on well even with other solutions.

Future Thoughts:

It will keep changing as V4 and V5 start happening and then Microsoft is on the AA 12 step program to try and make itself better to change things up.  3rd Parties will still be out there to fill the void and to add on things that Microsoft will not be able to. The biggest thing for the future is the keep realistic expectations that you don’t want to promise the Profile Panacea and everything is synced to everything everywhere all the time and your dictionaries, app settings and background picture will follow you to any OS from and to any device.

Real World Example with Dan Allen:

50,000 Users, 4 Datacenters around the word, traditional fat PC deployment, tons of branch locations and they centralized Exchange and File shares and then noticed that everything was slower so CCS came in to do XenApp and XenDesktop.  20% stayed on fat PCs (Remote and High End), 20% of the users were on laptops, 20% migrated persistent XenDesktops (Using SSCM to tame the madness) and 40% XenApp Published Desktops.

Profiles for this customer Physical Desktops

Short Term was to just keep local profiles and didn’t want to change anything.

Long Term was to evaluate UE-V and or UPM and recommended the customer to only redirect the Documents folders

Profiles for this customer Laptops

Local Profiles and use a simple script they made to sync documents folder and dump them back to the home directory on their desktops. Short Term didn’t change anything

Long Term check out UE-V

Profiles for this customer Persistent VDI

Implemented UPM didn’t delete the local profile at logoff and didn’t turn on Profile Streaming or Active Write back.  Implement Folder Redirection and Did NOT redirect the AppData and Shawn Basss was happy and only use Folder Redirection for the documents.

Profiles for this customer using Published Desktop

Implemented UPM, enabled profile delete at logoff and didn’t turn on Profile Streaming or Active Write back.  Implemented Folder Redirection and redirected everything including AppData and Shawn Bass was sad.  NetApp Profile Share was 10GB away on a NetApp Filer.

Profiles for this customer using Published Apps

Used the same settings as above from the Published Desktop if they were in the same silo.  There were some App Silos  that had some different settings to include and exclude based on the needs of the applications.

Started was a fresh profile with this deployment and just kept Favorites, Desktop and stuff like that.  Kept the profiles per Datacenter and didn’t setup replication between US and Europe so there wasn’t any value based on the users habits of launching the same thing from the same datacenter for the next X years.  It wasn’t worth 5 million dollars based on the quote they got.

User always mapped their home directory and kept Home, Roaming Profile and Redirected Folders in separate directories and they plan on using Version numbers to those shares and V3 and V4 becomes a possibility.  WAN links are faster and SMB 2.1 has made things a little better with remote data and file as it relates to profiles more okay.

#SYN513, Risks and Challenges with NetScaler Gateway and Storefront

#SYN513, Risks and Challenges with NetScaler Gateway and Storefront.

Went over how to load balance and showed the traffic flow for StoreFront and WI and spoke on the importance of also Load Balancing your authentication provider. Make sure and have TCP 8008 of you are using HTML 5 client.

Talked about the Platform license and how it cannot move between MPX and VPX and then get the LM Host ID from the command line. Keep track of your MACs on VPXs if you need to redeploy the instance. Talked about the access gateway platform license (basic mode) for just basic XA and XD access and the Access gateway universal license (smart access) is for the full VPN and XenMobile micro VPNs which could be a gotcha for some clients now. Use /var/log/license.log to troubleshoot license problems.

Went over common authentication errors where the parts are not open, bind account expired, 636 isn’t enabled on the DC. Then you can use the cat aaadebug file to go further. If you get “cannot complete request” check to see if your storefront server can resolve the FQDN of the AG vServer.

If the application cannot launch telnet 1494 and 2598 from the NetScaler to check that access. Check your STAs to make sure they are up and the list is the same on the NetScaler and StoreFront.

Did a great overview of Session Policies and Profiles and how to make expressions.

Great command to see what AGEE policies are being used
Nsconmsg -d current -g pol_hits

Really great information for anyone who is using NetScaler, StoreFront and Web Interface and how the traffic flows and how to troubleshoot it when something goes wrong.

#SYN236, NetScaler SDX Deployment Overview. The nerdiest NetScaler presentation ever

#SYN236, NetScaler SDX Deployment Overview. The nerdiest NetScaler presentation ever.

Discuses the Pros and Cons of using a Out-of-Path and In-Path NetScaler deployments. Great summary of that happens when a NetScaler is In-Path NetScaler with CIFS and SQL and how depending on the type of the data it could just add 1.75 seconds for CIFS and over 5 minutes for SQL for the same 1GB operation.

Got into the weeds on ZebOS and how it is just one of the routing protocols alongside the NetScaler FIB. NetScaler FIB always wins over ZebOS.

HA Heartbeats happen on port 3003 using UDP and it comes out untagged by default. Make sure you configure your NetScaler because that ARP will go out all the interfaces. Enabling VMACs will enable VRRP which will bypass the default GARP.

Fail-Safe Mode enables the load balances to stay up in the event that both peers experience a partial outage so it should be on so if one interface goes down could cause a failover.

Talked about Disaster Recovery and how to plan accordingly. GSLB did a great job with DR but DNS servers out on the internet won’t listen to the TTLs you set.. route a host injection only works internally because of the limit of a 32 bit address limit.

Using OTV is another great option to make failover transparent to the applications. When using OTV you also need to use LISP to separate the advertiser of the route RLOC from the subnet route EID.

This was the best and nerdiest deep dive technical session for NetScaler ever. Awesome job!!

#SYN402, NetScaler Troubleshooting

#SYN402, NetScaler Troubleshooting, was a nerdy session that had a good overview and some troubleshooting examples.

NetScaler Log Locations
/var/log unix logs
/var/nslog NetScaler specific logs
/var/nstrace trace file locations
/var/core crash file location ( each crash will have its own directory numbered)

Troubleshooting Tools and Techniques:
Using the Tech Support Bundle is the best way to backup and troubleshoot a NetScaler and it will be located in that /var/tmp/support/collector_P-NameDateOfFile. Collector files will have a P if it is from the primary and a S if it is from the secondary.
Upload the support file to TaaS which is now called Predictive Support which can find issues that are known and common to make it easy to troubleshoot it.

Common Client Show a Commands:
show node (Use when troubleshooting HA problems)
Show info (Use to see all the nerdy bits about your NetScaler)
Show license (Use when you are having licensing problems)

Common Client Stat a Commands:
stat CPU (Use to see the CPU utilization)
Stat NS (Use to see a great summary about the NetScaler)
Stat interface (Use to see details on a interface)

Super Logging
Use “nsconmsg” under the /var/nslog direcotry

Two great common troubleshooting use cases were shown

HA Sync Issues
Slow XA and XD support
CTX136926 that goes over how to VLAN your NetScaler to keep the Management a interfaces separate.

Nsconmsg -K newnslog -d statst0 | grew nic_err. This will show if packets are being dropped.

#SYN251, #ProjectVRC is back with State of the Union Survey Updates and some new tests

#SYN251, #ProjectVRC is back with State of the Union Survey Updates and some new tests.

Ruben and Jeroen do not disappoint with their yearly update on what Tests they have done. They are using UCS and a Hitachi SAN and of LoginVSI for all their tests this year.

Went over some of the State of the VDI & SBC union survey and a couple tests that were great as usual. Upgrade to vSphere 5.5 was the main thing and Hyper-V is really close and Office 2013 stinks.

Office 2007, 2010 and 2013:
72% use office 2010. 20% less users when using 2013 over 2007 and 2010 but it is CPU and 4 times the RAM. Performance tuning for 2013 are negligible also.

App-V vs ThinApp:
When using View almost 49% and 38% when using XenDesktop from the survey
App-V 5.0 has some performance problems

Anti Virus Being Used:
Microsoft, Symantec and McAfee and Trend Micro are the top 4.
Trend Micro Deep Security tests were done and with and without tuning are close on the CPU but the Read IO differences are huge but overall just 10% overhead for this.

Windows 7, 8 and 8.1:
80% of those surveyed are using windows 7 with a majority using 64 bit and 2 CPUs.
32 bit desktop OS are closes and use windows 8.1 does have a overhead compared to 8 and 7.
64bit desktop OS are not as close with 8.1 costing 30% overhead.
32 vs 64 bit in windows 7 doesn’t have any huge differences
Windows 8 Tuning can get you 20% more density (scheduled task)
Server 2008 R2 , 2012 and 2012 R2:
Almost 70% from the survey are using 2008 R2
2012 R2 has a 30% performance hit.
Optimizing 2012 will only by you 1%

persistent and share desktops:
Shared image is dominant our there
Office 2010 Indexing impacts are around 5% and it requires a lot of IO, outlook search can be a painful aspect of use VDI environment.

VDI and SBC:
54% use SBC and VDI in the survey
When VDI only is deployed View had 60% adoption
vSphere 5.5 with server 2008 R2 can have 30% difference over 5.1 so upgrade

Hypervisor Battle:
VMware dominates at 70% with XenServer at 10%
5.5 and 2012 R2 is a close battle and 5.1 is over 15% slower than 5.5 on VDI and SBC

5x VMs with 8 CPU gave more density over 10x 4 CPUs
Less than 2% overhead when doing bare metal compared to 5.5 and 2012 R2

Win7 and 2008 R2 as DaaS:
Single user terminal server you will get 20% more users with a server OS over a desktop OS.






SYN258, XenDesktop Monitoring BakeOff with #jariangibson

#SYN258, XenDesktop Monitoring BakeOff with #jariangibson #CitrixSynergy

Shane and Jarian dive into what options there are natively available and then what third parties are needed based on your requirements. Used Dell and Nutanix to host the test environments.

Director and HDX Insight, are more Helpdesk focused and some very basic health checks and troubleshooting. Good first level management console.

ComTrade MP, management packs within SCOM, so if you use SCOM for monitoring then it makes sense for you as the next step. Has a cool map,

Smart-X Control Up, no databases, no appliance or servers. Works with RDS, View and Citrix XA or XD and has a great Realtime logging and dashboard, it had a very light agent that runs in RAM so it can be easily rolled into non-persistent desktops/servers and agents. Cool feature is taking a screenshot from their session which is nice if you see something whacky.

Splunk with UberAgent, Extrahop, has a backend database that is based on size and not agents and UberAgent is free addon for metrics of the desktops or servers. Extrahop can see the wire data and see what is behind the curtain and is really easy to read and understand (My 4 VDINinja Extrahop Rules, Green is good, Red is bad, too much of something may not be good and slow round trips are bad mmmmkay). With this trifecta of tools you can see user, machine and wire details that can help prove it isn’t your fault and if it is we are sorry.

EG Innovations EG Enterprise, the agent goes on everything to see what matters and it can even do change tracking and baseline performance analysis. This is a whole standalone system. Has a good dashboard that makes sense and can make a topology like ComTrade.

Goliath Technologies MonitorIT and HyperThetical, would be a Splunk competitor because of its SYSLOG and SNMP. There will be new release that will do what EdgeSight Active Application Monitoring as that product dies. Has a older looking console compared to the others.

Lakeside Software SysTrack, has been used to do pre-VDI assessments and then can use it from that point forward to monitor the new desktops and servers and it can integrate with AppDNA and Project Accelator. Can make a custom dashboard which is great for NOCs.

Liquidware Labs Stratusphere UX, has a appliance that is imported and uses agents. It is normally used for assessments also just like Lakeside SysTrack software that can be converted.

Shane’s and Jarian’s tips on Choosing A Solution:

Think about your requirements
Match your requirements to features and functionality
Demo several options
BakeOff solutions in your environment
Work with your Vendor so you know what the product can and cannot do
Post BakeOff feedback internally and to the vendor

#SYN317, HP MoonShot, what it is and isn’t.

#SYN317, HP MoonShot, what it is and isn’t
One chassis supports up to 180 users to make scaling very simple as you add users. Using PVS is still the preferred method and keeping the OS physical. The new cartridge “Andrew” is coming. Network 2x180GB network uplinks to allow each blade to have toe PassThrough NICs. It holds 45 cartridges which hold 3 desktops. Will have 64GB per user now for persistent workloads. 10x 4.3 U chassis per rack which equals 1,800 users. CTX131796 with WinPE version newer than 3.0. Power management requires a little more thought so you can use the HP PowerShell API or PVS API. There are some known limitations with AMD graphics vs. NVIDIA and a new CTX Article is coming to show the Pros and Cons. New wizard is coming that will use the IPMI/ILO interface to build a Moonshot deployment and fetches all the dentils you need to add them to the device collection and makes the AD accounts. Working on making a SDK that will allow the Citrix Studio to make it feel like a hypervisor connection to allow power on commands. The price point is 130k per chassis for 180 desktops which is nice because that comes out to just $700 per user which is a great bang for your buck. No plans for any Cisco networking options in the near future. Great for power users but not super high end graphics users yet but there are plans to make a cartridge. Cannot put the different cartridges on the same chassis right now but this is a known issue they are working on.

Day 2 Citrix Synergy Keynote Summary #CitrixSynergy

Citrix Synergy Day 2 Keynote

Steve Deheb kicks it off this morning.

Design, Build and Deliver is the theme they will be going over today. Work from anywhere and made from anywhere is another saying they are rolling around. When Brad gets up there it is now design, deploy and manage, come on guys keep it the same. Brad walked through the design and deployment steps with their “Citrix Design and Automation Services” right up to the manage step with a nice looking dashboard. This seems to be a new color scheme on last years “app orchestration 2.0” release with some new wizards.

Showed a clip of View and XenDesktop and how Citrix handless network lackey loss and it made VMware View look silly.

Showed a windows media file running on a Citrix desktop from a MAC client and using content redirection for MACs now, it isn’t released yet but it is showing they are loving on the MACs some.

Had 3 examples from customer deployments which are below:

A rerun of the Taco video that was edited differently for today and then Dennis Raichele came on stage for some questions. Taco has been using Citrix for 17 years since WinFrame and are about to start XenMobile and ShareFile. POCing PureStorage To try and speed up their systems.

A rerun of the Westpac Bank video that was edited differently and then Suzy Mann came up for some questions also. 15k desktops being delivered but didn’t specify XenApp of XenDesktop. Already using XenMobile unlike Taco and I would guess the last client will be running CloudPlatform and everything to build it up. Using IBM as a service provider.

A new video of CSC which is a partner and customer and then Gary Budzinski came up for some questions also. They are all about BYOD and being always connected. They are using the whole shebang just as I predicted. Discussed about how his partnerships with multiple companies has empowered them to provide a end to end solution. #CSC

Talking about a Citrix and Dell partnership that is coming in the 2nd half of 2014 that will cost $250 per user, which is nice if that includes all the backend hardware. HP MoonShot brought Tom Bradicich to talk about their solution. They are trying to speak to that you don’t need a hypervisor with MoonShot, that sounds cool until new cartridges come out, all I can hope is they like PVS.

From AMD MoonShot to Intel which makes me laugh because HP is still up there with his MoonShot cartridge. New V3 processor being announce CrystalWell. They are putting a Xeon E3 CPU, Iris Graphics and ED RAM on a chip which means HP may be able to make a Intel version of MoonShot. This is beating up on NVIDIA that you don’t need a discrete graphics card, very mixed messages. XenServer will have access to the new Iris GPUs on these chips. Brad Demos the GPU abilities using the new system using AutoDesk, PhotoShop. Just as predicted a new cartridge Xeon V3 processor because Intel got left behind a year ago when AMD jumped up to the table, so I guess HP sold enough to catch Intels eye. Poor NVIDIA, they will have to partner with another hardware vendor to make another cartridge system, but that would mean using a different CPU since they don’t want to have a CPU with any GPU on it.

Citrix Synergy SYN301

#CitrixSynergy #SYN301
Branch Repeater Party with XenDesktop a d XenApp.
Main three things that Branch Repeater can help.
1. TCP Flow Control, open up the TCP windows and unleash the beast.
2. De-Duplication of the same things coming to a branch office like a corporate email.
3. traffic Shaping, VoIP and Video that are sensitive to time delays.

Citrix Synergy SYN308

#CitrixSynergy #SYN308 SQL and NetScaler DataStream
First Speaker went over SQL 2012 and the changes in the availability groups. SQL Mirroring will be dying in a couple more versions and replaced with Availability groups. Go to to vote for new features. The NetScaler guys has a great overview slide of all the features a NetScaler can do, so make sure and get it when it comes out next week. The NetScaler guy Craig Currmins bashing SQL 2012 for its faults and how using a NetScaler is the best thing ever for TCP controls and visibility. I will deploy DataStream next week and I will let you know my thoughts.