Category: Other

Virtual attendance to Microsoft Build 2019

New features and cool stuff – Microsoft 365, Office 365, Azure, Edge, Windows 10, and everything else Microsoft

There are so many cool things you can do with new types of disruptive technology that was not even imaginable a decade ago. Impressive progress has been made across several disciplines within IT, and it doesn’t look like it will slow down at all. Automation, augmented reality and analytics, AI-driven development, and digital twins just to mention a few areas that come to my mind as examples of groundbreaking new tech-trends – thanks to Gartner’s report Top 10 Strategic Technology Trends for 2019. All of these new technology trends are possible thanks to extremely talented researchers, mathematicians, and developers to name a few. A lot of this new tech is built on or with technology from Microsoft – that’s why Microsoft Build is such an interesting conference.

Even though my daily work is around project management, end user computing and the operations side of digital infrastructure, I’m always curious on what’s to come and try to find the next big thing or cool features that can improve the EUC-experience for all of our current and future customers.

One impressive technology, albeit rather old, is virtual presence and live online streaming. That’s something I’m very thankful for a day like this. Last evening and night, was the first day of Microsofts annual developer conference Build in Seattle, WA, and I was able to watch a few hours of presentations from my couch instead of having to go to the US. Even though attending in person would have been a bit more exciting and fun, my couch is much better than nothing at all. 😃

Being able to listen to Microsoft vision and plan for the future, and also learn about the latest new features from the couch might not sound reasonable for everyone, but a completely logical move to me.

After a good night’s sleep I have been trying to come up with a list of the most interesting parts from the presentation I saw last night, from a EUC standpoint. Obviously, there will be lots and lots of more neat new features and updates to products presented during the conference but that might be for another blog post.

Microsoft Edge Chromium

Three major updates were announced for Microsoft edge last night. Thanks to Microsoft’s decision to move to a fork of the open source browser Chromium my bet is that we will see a lot of more news around the browser in the months to come.

If you would like to try the new public version of the Edge Chromium browser you can do so here!

  1. IE Mode

This is a big one for EUC enthusiasts like myself. There has always been a push-pull struggle to decide on which browser to use for end users in an enterprise environment and that usually, not always, has to do with compatibility to do.

Microsoft’s announcement last night hopefully means that we won’t have to trade off new features in modern browsers and being able to work effectively in old and legacy LOB applications. I think we all can agree on the fact that most bigger enterprises have a handful of “extremely important” old web apps that won’t disappear in the forseeable future.

What Microsoft announced is the possibility for Edge Chromium to load an old web app straight into the new browser but with the old Internet Explorer rendering engine. Previously Edge started a separate IE-process and users had to switch between the two browsers, this news means that you can have IE-tabs and Edge Chromium-tabs within the same browser, really neat.

IE Enterprise Mode works well, but I think this will be much much better. We’ll see!

  1. Collections

Another cool feature presented during the keynote was Collections. In summary, I’d say that is the next generation of the old favorites feature. You will be able to create collections of links, pictures, text, and other information within the browser.

If you want to it’s then possible to export/share that collection with your co-workers via Excel or Word. The Edge Chromium browser generates good looking files with headers, aligned pictures, and URLs/sources.

  1. Privacy

You will be able to select from one of three predefined privacy configurations. Unrestricted, balanced or strict. The strict mode blocks most trackers and trackers but sites might break. The unrestricted is the complete opposite, and the balanced mode is what we swedes say is lagom – not too much, not too little tracking.

The World’s Computer (Azure)

It’s no surprise to see that there’s a lot of focus on Microsoft Azure during the conference. Some interesting news that might be of extra interest for the EUC community I’d say are these:

Of course, there are loads of other new features but i found these to stand out.

To see all Microsoft Azure announcements, check out this link.

Windows Terminal

WOW! Finally, the old terminal will be replaced with something new! The new terminal will support shells like Command Prompt, PowerShell, and WSL.

To get a glimpse of the amazing future of Windows Terminal, check this out.

The new console is open source and you can build, run, test, for the app right now. Their repo can be found here.

Key features according to Microsoft is:

  • Multiple tabs
  • Beautiful text (GPU accelerated DirectWrite/DirectX-based rendering, emojis, powerline, icons, etc.)
  • Lots and lots of configuration possibilities (profiles, tabs, blur/transparency/fonts… you name it)

So, get a new graphics card and get started working in the new terminal 😃

Office 365 Fluid Framework

A new framework called the Fluid Framework was announced. The new framework will make it seem like users are working together in real time, charts and presentations will be updated in an instant, and translations into loads of languages will be live.

During the keynote, the presenter wrote in a document at the same time as others did, and it really looked like there was no latency. The live translation part was really cool and I recommend you to watch it in action to get why this is something that might be of real interest for your business.

Watch it in action here.

Windows Hello, FIDO2 certification

Windows Hello is now FIDO2 certified. What does that mean?

Without digging into the details the new certification hopefully means that more websites and online services will be able to allow other forms of authentication than just username/password. Passwordless authentication is proven secure and with Microsoft adhering to the new specification it will be easier to allow user-friendly authentication methods like fingerprint and face recognition.

FIDO2 is the overarching term for FIDO Alliance’s newest set of specifications. FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

Windows Subsystem on Linux 2 (WSL2)

The new version of WSL will be running from a completely open source Linux Kernel that Microsoft will build themselves. There are probably 100s of reasons why Microsoft do this but one of them is performance. The kernel version will be 4.19 which is the same version that is used by Azure.

The new WSL-version will make it possible to run containers natively which means that locally hosted Virtual Machines won’t be necessary anymore.

Like before there won’t be any userspace binaries within WSL which means that we will still be able to select which flavor we want to run.

The first public versions of WSL2 will be available sometime this summer.

Honorable mentions or too cool not to mention

  • Mixed reality services within Teams and Hololens, for example, the live Spatial meetings using AR
  • Hololens 2 and the Mittel presentation
  • Cortana updates where the AI Bot is integrated and helps even further with scheduling and assisting you during your workday
  • All news regarding containers, Docker, and Kubernetes/AKS
  • Microsofts new Fluent Design System
  • Xbox Live for new devices (Android and iPhone) and new collaborations with game studios
  • Some kind of Minecraft AR game for mobile phones being released on May 17

Psst. Did you know that you can watch loads of presentations and also the keynote here?

What do you think? Have I missed anything obvious?



Printix – The Secure Cloud Print Management Solution

Are you looking for a new print solution that will work for a modern workplace? A solution that will let you get rid of those nasty on-premise print servers? A solution that will make print management more easy and fun? Look no further, you just found one!

With Printix solution you will get a serverless, simple, cloud service that integrates with Microsoft or Google which gives you a single sign-on experience. Printix will provide a centralized management portal with support for all USB and network printers, mobile and secure printing, high document security and Print Anywhere at any time. The setup is easy and you will be able to use it almost instantly.

So how does this work? 

Instead of dedicated print servers, you will leverage the Printix Cloud together with the Printix client from a device of your choice (Windows, Mac, Chrome OS, Andriod, iOS). Once you installed the Printix Client it will detect your existing printers on your network and automatically configure these in the Printix Cloud and even upload the current drivers(!). You can also manually add printers from the Printix dashboard if you want. Once your printers are configured in the Printix Cloud you don’t need your on-premise servers anymore since the document will be (re)directed to the printer either directly to the printer on your network or via the Printix Cloud through the installed Printix Clients on your computers.

There is a number of ways to print your documents.

From the Printix dashboard, which you will be provided, you can configure everything related to your printing environment, like print queues, user settings, network settings, cloud storage, analytics, downloading the Printix client and much more.

The license method is per user-based which can be setup on a monthly or annual year subscription. An active user is any user that logged into Printix (client and admin interface) at least once during the monthly billing cycle.

Please note that this solution also works with Citrix and RDS environments.


Does this sound interesting for your organisation? Maybe you want to try it out and feel how easy it is to setup and get going? If so, please let me know at tobias.sandberg@xenit.se and I will get you a trial right away since Xenit is a partner of Printix.

If you have any other questions, feel free to email me at tobias.sandberg@xenit.se or comment down below. I will try to answer you as soon as possible.



What is FSLogix Cloud Cache?

Background

Last year FSLogix released its award winning (at Citrix Synergy) technology Cloud Cache, and I for one was very curious about what this meant and what I could use it for. The fact that is was included in the license for Office 365 Container and Profile Container was a really nice surprise, but I was somewhat confused about what it actually does, I mean, have FSLogix developed their own cloud service? It sure sounds like it, that was however not the case. First off, this is a technology that will make your profiles or Outlook cache easily available cross-platform and a kind of built in High Availability so you don’t have load or create a fail-over file-cluster. But there are some things you should take in consideration before implementing this to your environment, but first let me explain what Cloud Cache really is and what the target benefits are!

What is Cloud Cache, really?

As I mentioned you might think that is has something to do with the cloud, or the cloud services, that’s wrong, or at least regarding the technology. Cloud Cache contains primarily 3 features:

  1. Automatic Replication
  2. Cache of “hot” data from your container
  3. Use of Azure blob storage as VHD location

Automatic Replication

Before Cloud Cache you could in FSLogix set multiple paths for the VHD-files and it would automatically check the second path specified if the first was unavailable, the problem was that you needed to set up the replication between the two file locations yourself, and that was complicated since the VHD-disks will be locked during use, and it was hard to do an incremental copy since the changes in data resides within the VHD file, the replication would potentially take a lot of time and load the network considerably.

With Cloud Cache they solved that issue, it is now built in to the product. It will automatically copy the data between the two locations. The pretty neat part of their solution is that the replication begins when the user logs on to their environment and copies the incremental part of the container since its now open and happens automatically. As you can figure out, this is also a great way of migrating your containers to a new location. Just add a new location, wait a couple of days and then remove the old path, really smooth, no hassle, no downtime, no late night service-windows.

Cache of hot data from your container

It’s known that FSLogix will solve the high CPU (on the file-server) issue you normally would see if you would redirect the ost-file to a file share, but it will still demand quite fast disks and some network-load. With FSLogix Cloud Cache you will now be able to place your containers in Microsoft Azure, which is cool but there are two fundamental issues with this approach 1. Azure bills in consumption and 2. high latency to access the data. FSLogix has solved this by caching the hottest data from the containers to the actual Server/Client you reside on, this will minimize the cost in Azure and the load of the network, this is ideal if you use your FSLogix container on different platforms (On your client and a VDI-solution) or on a VDI-environment where the cache will be saved and not downloaded again.

Client profile management

Before Cloud Cache, if you want to manage the profiles of a clients with FSlogix you would have some issues, since it will require you to have the client online all the time. Fortunately with Cloud Cache, you will now not be affected by offline sessions, it will continue with the cached data and as soon its online again it will update the original VHD with the new changes that happen offline.

 

What to consider before using Cloud Cache

Now when you know what Cloud Cache is and what’s makes it good you should also know what to consider in some scenarios. First thing to consider is the cached data, how much will it cache? That is a good question, a question I have not yet received an answer to, from what I gathered this cannot be specified, meaning you cannot control the amount of data it cached, therefor you cannot control the size of the cached data on the potential Citrix server, this can in some environment be a really risky approach. I have some examples below when you really need to assess the value against the risk regarding Cloud Cache:

Citrix Provisioning Services with Citrix Virtual Apps and Desktop

When using Cloud Cache in this setup you will have issues, the cache is suppose to be persistent on the location where you are, which it will not be when using PVS and Citrix Virtual Apps and Desktop. Within this setup your cache will download every time you logon to Citrix, if you also are using “Cache on RAM with overflow on disk” you will also potentially fill your page file-disk.

Citrix Virtual Apps and Desktop

You need to be sure how to set it up, the C-drive must be large, to handle the amount of cached data every user will download, and you must set “Delete Cache on logoff” otherwise one user can potentially download his/hers cache to multiple Citrix server during logoff and logon, and that also means your user will download the cached data every time they logon. Wtich might not be the best experience you had in mind when implementing the solution. There is however a solution to this, you can redirect the cached data to another server, but if you do that, it is highly recommended to place it on fast disks and in a High availability-mode.

 

Summary

All in all this is a really nice feature and will add a lot to the product. But you need to assess it before activating Cloud Cache to see if it’s suitable to you and your environment. In the right scenario this could really improve the experience of your users and your IT-department. If you are curious about the product please don’t hesitate to contact me at jonas.agblad@xenit.se, or leave a comment below!

 

You can also find more information about FSLogix with my previous posts here:

Convert Citrix UPM to FSLogix Profile Containers

Teams in your mulit-user environment done right!

Outlook Search index with FSLogix – Swedish

FSLogix Profile Container – Easy and fast Profile management – Swedish

Office 365 with FSLogix in a Multi-user environment – Swedish

 

 



Keep your FSLogix VHD-files optimized

Background

When using either or both of FSLogix products Office 365 Containers and Profile containers you will have quite large VHD-files. However you could for example in Office 365 Container limit the size when specifying the Outlook cache limit but non the less it will require quite large storage space. Since the standard and recommended way of creating these VHD-files is setting Dynamic it will make it complicated for you when and if you run out of space, let me explain:

A dynamic disk will automatically expand when needed ensuring each disk will reserve only the actual size of the content of the disk, which is good, but it will however not shrink automatically. This means the disk will have the size of when the it contained the most, but not actually represent the actual size inside. Over time this this might be an issue, if not else, waste of disk-space.

To create a script that will shrink the disk is complicated and there is a risk that the disk will be corrupt, instead I we will focus on how to maintain an efficient use of the stored data to minimize the disk of growing in size.

Solution

There is however no solution from FSLogix to tackle this yet, so you we would need to focus on what we can do with the VHD-files witch is essentially standard virtual disks. When searching for a good long time solution to this problem I found a great script created by David Ott that Optimize the disks that is available at the given time you run the script.

How it works

The script will check the VHD-files if they are available (if the user is logged on the disk is locked), it will then proceed with the one´s available and mount them, run a Optimization Job, close them and mail a complete report of the result. The best way of using this script would be to Schedule it to run after office hours (preferably after the Session hosts has restarted) to maintain the most efficient size of the disk. This will minimize the growths of the disk and in the long run save you some space.

Where to find it

As mentioned above I found the script from the creator David Ott and you can find the original post with script here!

If you have want to know more about FSLogix you can email me at jonas.agblad@xenit.se or check out my earlier posts here:

Convert Citrix UPM to FSLogix Profile Containers

Teams in your mulit-user environment done right!

Outlook Search index with FSLogix – Swedish

FSLogix Profile Container – Easy and fast Profile management – Swedish

Office 365 with FSLogix in a Multi-user environment – Swedish



New generation of Imprivata appliances

With every major release of Imprivata’s OneSign product, they also release an updated version of the appliance the product is running on. With the release of Imprivata OneSign & Confirm ID version 6.1 this December, they also released a new generation of the appliance. This version, called generation 3 (G3), is only available as a virtual appliance.

The G3 appliance provides an updated operating system and database, together with the latest security patches.

What does this mean?

Version 6.1 and all subsequent versions of the OneSign product, will only be supported on this new appliance. This means, that if you want to update Imprivata OneSign to version 6.1 or later, you must first migrate to the new G3 appliance. You must purchase the new virtual appliances, along with new licenses, to replace the existing generation 2 appliances.

Generation 2 (G2) appliances will continue to receive patches and hotfixes until their respectively EOL (End of life). This date is set to December 31, 2020 for the virtual and April 30 2019 for the physical appliances. After these dates, Imprivata will no longer provide product updates or patches.

What are the requirements?

The G2 appliances and all Imprivata agents must run at least version 5.2 or later before beginning the migration to G3. The G3 appliance is not backwards compatible with agents operating at 5.1 SP1 or earlier. So, if you haven’t already, it may soon be time to start thinking about upgrading.

Feel free to contact us if you need any assistance with the migration.



Wireless Networking in Windows Server 2019

The other day I installed a NUC with an integrated wireless NIC. I installed Windows Server 2019 to the NUC and installed the wireless networking drivers from Intel’s website. The problem was that after I’ve installed the network drivers they didn’t work. After a lot of trial and error I discovered that you cannot use wireless NICs without the “Wireless-Networking” role installed. Install the role by running below in Powershell.

 

 

I restarted the computer and after that everything started to work as expected.

 



What is ReasonML and why should you care?

ReasonML is a alternate syntax for OCaml invented at Facebook to be more familiar to programmers coming from JavaScript . OCaml is a over 20 year old general purpose language that is both expressive and safe. It belongs to the ML family of languages and it means that it has a strong type system that will guide you to write less bugs. Other languages in the ML family that you might have heard about are F# and Haskell.

Because ReasonML is just a alternate syntax for OCaml everything that is possible with one can be done with the other. ReasonML can be compiled to native binaries and bytecode with the standard compiler and there are two ways to compile to JavaScript, “JavaScript of OCaml (JSOO)” and BuckleScript. The natively compiled binaries are often really fast especially when compared to node based JavaScript that powers both web servers and desktop apps. esy is a package manager that introduces a npm-like workflow for native development, right now it’s main goal is to be the best package manager for OCaml and Reason but can in theory be used with any language.

At Xenit we’re using ReasonML together with React, via ReasonReact, to build the frontend of our Identity Provider. It brings us ease of refactoring and a higher degree of security when writing our code. We’re building some other internal tools with ReasonReact and we’re also exploring developing native applications with ReasonML. This includes both UI applications with a framework, revery, that aims to replace electron as a simple way to create desktop applications and micro service backends.

This is just a introduction and there will be more interesting posts about the Reason universe in the future.



How to handle pinned start menu apps in Windows 10

As I have been working with customizing Windows 10 for a while now, it has never worked against me this much. However, sometimes Windows do have its ways of working against you. With challenges like these you get the opportunity to spend a lot of time coming up with a solution. So this blog post is about my battle with the start menu of Windows 10 Professional. If you are here for the quick solution, skip to the bottom and the TL;DR section.

The Problem:

I have been able to customize the start menu of Windows 10 with ease since version 1511 with the Export / Import-StartLayout cmdlet. But this time I got a request to remove all the pinned apps on the right side of the start menu. A colleague discussed this and he told me he had done a similar solution inside a Citrix Virtual Desktop, and he spent quite the amount of time with this, I thought this would be much easier than it turned out to be. So the requested start menu should at the end look something like this upcoming picture, with the following demands:

  • No pinned apps on the right box or the start menu
  • In the task bar, have Chrome & Explorer pinned. 

This was the requested layout

To begin with, I created an XML file with just Chrome & Explorer pinned in the task bar, and having set the <DefaultLayoutOverride LayoutCustomizationRestrictionType=”OnlySpecifiedGroups”> . My thought was that this would give me a clean start menu, but this was my first failed attempt. The colleague of mine who preciously had a similar issue in a Citrix environment had during his research time come across this post containing a script called “Pin-Apps“. This script contained a Unpin function which turned out to be very helpful. So I started adapting my work after this script. But this is where I came across my second setback. First, I was not able to have this script and the Import-StartLayout-script in the same logon script, nor having one script on startup, and one on login, so I had to think of a way configure this in my isolated lab environment.

Luckily, I’ve been working a lot with OS-deployment, so I created a Task Sequence containing the Import-StartLayout-script, which managed to run successfully together with my login-script containing the Pin-Apps script. But here I came across my third setback, which by far had the most impact and was the one I spent the most time struggling with. For some reason I was not able to remove bloatware, such as Candy Crush, Minecraft etc. The script ran successfully, but every time, the outcome looked like this

Some applications would not be removed

I could not understand why these applications would not be removed. I have had to deal with bloat ware before, but then it was just to remove them with Appx-cmdlets. I checked Get-AppxPackage & Get-AppxProvisionedPackage, and ran Remove-AppxPackage and Remove-AppxProvisionedPackage several times, but these apps were not removable and did not show up until I manually selected them, and they started downloading (as shown on the application in the top right corner on the picture). So apparently they were either links or shortcuts to the Windows Store. This is works if you are using Windows 10 Enterprise. 

This is where I started going deep. The apps were all published in the Windows AppStore, so I started looking for any kind of possibilities, with help from Powershell, to by force download all apps in the Windows Store. I spent a lot of time with this, but without any success. So I had to rethink my plan. There was no way to have the bloat ware-applications to be downloaded by force, there was no way to remove them by removing them with Appx-cmdlets, and there was no way to have a clean start menu with a XML-file. This gave me the idea. If you can’t beat them, join them. There was no way to actively remove all the applications from the start menu of a Windows 10 Professional, but replacing them worked.

The solution:

As I have yet to find any other way of removing the superfluous applications, creating a new XML replacing the start menu with some random default applications was the only successful way for me. To list these applications, go to Shell:AppsFolder or shell:::{4234d49b-0245-)4df3-b780-3893943456e1} in file explorer.

Applications can be found here

I just chose to pin some of the applications which were default on my start menu, that I knew was very much removable, exported these to a new XML which turned out to it look like this:

From here I had to modify the Pin-Apps script to make it more suitable for a Swedish operating system, and added a register key so it would not run more than once on each user. If you want to lock down the right side of the start menu, you just set or create the LockedStartLayout registry key, located under both HKEY_Local_Machine & HKEY_Current_User\Software\Policies\Microsoft\Windows\Explorer, to 1

If you are running another OS language than Swedish or English, to find the verb for unpin, simply save an application name to the variable $appname (as an example I will use Windows Powershell) and run the following part: 

This will give you all the verbs which are applied to this application. In this case “Unpin from Start” is present.

After modifying the necessary bits I added it to a PowerShell logon script GPO with the parameter -UnpinAll, with the .ps1 file located inside the GPO repository, making sure it’s accessible for everyone.

 

TL;DR: 

If you are running Windows 10 Professional, you need to replace applications in the start menu before removing them, as a suggestion running in a Task Sequence of some kind setting the default start menu layout and then have a GPO to run the PowerShell script stated above.

If you are running Windows 10 Enterprise, just use the Logon script GPO and you will be fine. If you still have some unwanted applications, run a script removing built-in apps (for example this Invoke-RemoveBuiltinApps )

If you have any questions or thoughts about this post, feel free to email me at johan.nilsson@xenit.se



Create Threat Exceptions for specific traffic

At some point you might encounter a false-positive threat that you want to make an exception for. If you know a file is safe if its downloaded from a specific place but you don’t want other files classified with the same threat ID/name to be whitelisted, you can create a separate security profile.

Start by identifying the traffic and where it’s blocked. In this example the file got blocked by the vulnerability protection-profile.

Click on the magnifying class to see more detailed information and find the threat ID.

If we look in the detailed section we can see that the threat ID is 39040 for this threat-name.

Go to Objects > Security Profile > Vulnerability Protection. Since we want to specify what traffic this is whitelisted on we need to create a separate profile so the current security policys is unaffected.

Clone the profile that are currently used for this kind of traffic and rename it properly. Go to the exceptions-tab and select “Show all signatures”. Type the threat ID, press enter and enable the signature.
Press on the current action (default (alert)) and change it to allow or leave it at default. In this example I will select default (alert) since I still want it to be logged.

When this is done we can either add it to a new Security Profile Group or add it directly to a new Security Policy. Here we will add it directly to a security policy.

Create a new Security Policy above the one that blocked the file.

Specify you source adress and destination.
In the actions-tab, select Profile Type: Profiles and under Vulnerability Protection: <The profile you created>

Commit and verify that the traffic hits the correct Security Policy and is logged with alert.

Be very cautious when you create exceptions and always make sure you only allow the traffic you intended. Always make sure you look at alternative ways before creating an exception.

The same method can be applied on different security profiles.

 



Smart Check – Monitor Your Citrix Sites

Citrix Smart Check is a software and a service that installs on a Citrix Delivery Controller and collects diagnostic data, sends it to the Citrix Cloud account, where it gets analyzed and presented on the Citrix Cloud website. The information helps Citrix administrators to prevent and resolve issues before they happen or impact the users, give recommendations on fixes and to keep the Citrix environment stable.

The Smart service helps Citrix administrators that do not have their own monitoring setup or are unable to monitor their sites for other reasons and presents it on a webpage overview. The administrators can also get scheduled summarized mail reports regarding errors, warnings and information regarding the state of the different sites.

Citrix Cloud Smart Tools

Smart Check – Sites Overview

What Smart Check provides

  • Overview of the Citrix sites and products used, site-by-site
  • An extensive diagnostic and health checks for the different sites and services
  • Scheduled health controls of Delivery Groups, StoreFronts, Delivery Controllers, Machine Catalogs, Provisioning and License Servers
  • Give recommendations what administrators should do with the site to keep it up-to-date and stable
  • Help with simplified troubleshooting and pin down where the issue may be impacting users
  • Upload diagnostic data to Citrix Insight Services (CIS)
Smart Check - Overview

Smart Check – Overview

How to get started

First, you need a Citrix Cloud account. Register an account at https://smart.cloud.com. After you have created an account you can login, click Add Site and download the Smart Check software. The software should be installed on a Delivery Controller on the site and comes with a one-time signed JSON Web Token (JWT) that is used to connect your site to the Citrix Cloud – Smart Tools service.

Smart Tools - Add Site

Smart Check – Steps to take

Add Site - CitrixSmartToolsagent.exe

Add Site – CitrixSmartToolsagent.exe

Once the Smart Check agent is installed it will show up on the Citrix Cloud – Smart Check webpage as Site Discovered. You will need to click on Complete Setup and provide a domain user account that is a member of the local Administrator group of the Delivery Controller and full administrator role in Citrix Studio. PowerShell 3.0 or greater needs to be installed on the Delivery Controllers and outbound internet access on port 443 enabled to be able to upload to Citrix Cloud.

Smart Check - Site Discovered

Smart Check – Site Discovered

Smart Check - Enter Credentials

Smart Check – Enter Credentials

For VDA the following must be enabled:

  • File and Printer Sharing
  • Windows Remote Management (WinRM)
  • Windows Management Instrumentation (WMI)

For a full list of requirements and supported site components, visit Citrix Product Documentation – Smart Check requirements.

Smart Checks

Below is a list of the checks that are available as of this post. There are probably more to come:

  • Site Health
  • Citrix Optimizer
  • Citrix Provisioning
  • Delivery Controller Configuration
  • License Server
  • LTSR Compliance
  • Product LifeCycle
  • StoreFront
  • VDA Health

Each category contains several checks. You can read an excerpt of the different checks performed below.

Site Health Checks

Site Health Checks provide a comprehensive evaluation of all the FMA services including their database connectivity on your Delivery Controllers. Citrix recommends you run these checks at least once daily. Site Health Checks verify the following conditions:

  • A recent site database backup exists
  • Citrix broker client is running for environment test
  • Citrix Monitor Service can access its historical database
  • Database connection of each FMA service is configured
  • Database can be reached by each FMA service
  • Database is compatible and working properly for each FMA service
  • Endpoints for each FMA service are registered in the Central Configuration service
  • Configuration Service instances match for each FMA service
  • Configuration Service instances are not missing for each FMA service
  • No extra Configuration Services instance exists for each FMA service
  • Service instance published by each FMA Service matches the service instance registered with the Configuration service
  • Database version matches the expected version for each FMA service
  • Each FMA service can connect to Configuration Logging Service
  • Each FMA service can connect to Configuration Service

Citrix Provisioning Checks

Citrix Provisioning Checks verifies Citrix Provisioning status and configuration.The following checks are performed:

  • Installation of Provisioning Server and Console
  • Inventory executable is running
  • Notifier executable is running
  • MgmtDaemon executable is running
  • StreamProcess executable is running
  • Stream service is running
  • Soap Server service is running
  • TFTP Service is running
  • PowerShell minimum version check
  • Database and Provisioning server availability
  • License Server connectivity
  • Provisioning Update Check
  • PXE service is running
  • TSB service is running

StoreFront Checks

StoreFront Check validates the services status, connectivity to Active Directory, Base URL setting, IIS Application Pool version and the SSL certificates for Storefront, and verifies the following conditions:

  • Citrix Default Domain Services is running
  • Citrix Credential Wallet services is running
  • The connectivity from the StoreFront server to port 88 of AD
  • The connectivity from the StoreFront server to port 389 of AD
  • Base URL has a valid FQDN
  • Can retrieve the correct IP address from the Base URL
  • IIS application pool is using .NET 4.0
  • Certificate is bound to the SSL port for the host URL
  • Whether or not the certificate chain is incomplete
  • Whether or not certificates have expired
  • Whether or not certificate(s) will expire within one month

VDA Health Checks

VDA Health Checks help Citrix administrators troubleshoot VDA configuration issues. This check automates a series of health checks to identify possible root causes for common VDA registration and session launch issues.

  • VDA software installation
  • VDA machine domain membership
  • VDA communication ports availability
  • VDA services status
  • VDA Windows firewall configuration
  • VDA communication with each Controller
  • VDA registration status

For Session Launch:

  • Session launch communication ports availability
  • Session launch services status
  • Session launch Windows firewall configuration
  • Validity of Remote Desktop Server Client Access License

Closing words

You can run checks manually, but it is also possible to schedule (recommended) the different health checks and get a summarized report daily or every week at designated time of day. The summary gets mailed to the registered Citrix Cloud account and to view more information you need to logon to the Smart Cloud website.

It is possible to view previous reports of the Smart Check runs and hide alerts that has been previously acknowledged:

Smart Check Health Alerts

Smart Check – Health Check Runs History

Under Site Details you can view components or add new ones. If needed it is also possible to Edit Site Credentials, Sync Site Data or Delete the Site:

Smart Check - Site Details

Smart Check – Site Details

Smart Check is supported both on-prem and in the Citrix Cloud environment.
It is easy to setup and brings a great deal of value. You should try it out! Let me know how it went in the comments down below.

Smart Tools contains Smart Checks and Smart Scale. Smart scale helps reduce your XenApp and XenDesktop on Azure Cloud resource costs. But this will be in covered another post.

Source: https://docs.citrix.com/en-us/smart-tools/whats-new.html