Tag: Citrix

Text-based session watermarks

Citrix recently introduced a new feature to track data theft by giving administrators the ability to enable watermarks in their user sessions. This feature is supported for both Server and Desktop OS and requires a minimum of Virtual Delivery Agent version 7.17.

Citrix also offers the possibility to customize your sessions watermarks. The following parameters can be included or configured in the watermark:

  • Client IP Address
  • Connection Time
  • Logon user name
  • VDA host name
  • VDA IP Address
  • Style (Single or multiple)
  • Custom text
  • Transparency

    Sessions watermark with a custom text, connection time and a transparency of 10

And I bet you’re now wondering, just as I did, whether there are any exceptions. There is and they cover a few, great scenarios!

  • When using Session Recording, the recorded session does not present the watermark.
  • When using Windows remote assistance, the watermark does not present the watermark to the remote user.
  • When pressing Print Screen key to capture the screen, the screen captured at the VDA side does not include the watermark. This also works with third party applications that triggers by pressing the Print Screen button, for an example, Greenshot.

More information regarding session watermarking and its limitations can be found on the link below:
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/graphics/session-watermark.html

If you have any questions regarding session watermarks, feel free to email me at robert.skyllberg@xenit.se or comment down below.



Citrix replaces Smart Scale with Autoscale

A while ago Citrix announced the deprecation of Smart Scale but its replacement has been in the dark, and has finally been uncovered.

Smart Scale will reach end of life on May 31, 2019 and Autoscale will be the replacement for Cloud platforms. Autoscale is considered a new feature but it delivers all the functionality that are currently available in Smart Scale, such as:

  • Load based scaling
  • Schedule based scaling
  • Cost saving statistics

Note: Autoscale will only be available for customers with Citrix Virtual Apps and Desktop service. This means that customers with on-premise platforms are advised to use the Studio power management feature (Which earlier had the possibility to use Smart Scale).

Autoscale can be enabled and configured per Delivery Group in Studio and will replace the current Power management tab.

One of the new functionalities delivered with Autoscale is its integration with Director where savings and machine usage will be presented.

For a quick walk through of Autoscale, see this link.

If you have any questions regarding Autoscale, feel free to email me at robert.skyllberg@xenit.se or comment down below.



Citrix brings back Local Text Echo

Have you ever experienced the frustration of working on a bad connection resulting in tremendous amount of latency when typing?

Past releases of Citrix Virtual Apps and Desktops (Formerly XenApp & XenDesktop) have included many interesting news and functions, especially regarding HDX innovations and ICA improvements. One of the “new” features that caught my eye in the Citrix Virtual Apps and Desktops 1811 release notes is Local text echo, which I will shortly cover in this post.



Why does Teams not install for my users?

Microsoft released in October last year a MSI-installation package of Teams, making it easy to deploy Teams to computers in your organization. As you know Teams (for some unknown reason) installs directly into your profile. I suspect they have designed it this way to make sure everyone can install the application, even if you’re not an local administrator on your computer, you do have sufficient rights to your profile to perform a installation of Microsoft Teams.

Since I work primarily with Citrix, and could see the that Microsoft Teams is growing in popularity, I started to investigate if I could make it to work in a Citrix environment. But that is another story, you can read my blog post on how I installed Teams in our Citrix environment here!

Teams is supposed to install when a user logs on to the server, it will automatically install the latest Teams available to your profile and then start it. But in some cases I have seen an issue after installing the Teams wide Installer, the users simply does not get anything installed. A function this installer has is that it checks your profile for traces of Teams, if it detects part of Teams it will not try to install it again (if it’s not an update that is), and if the user uninstalled Teams it will still detect some left-overs and will therefore not install Teams again. With that said, you need to make sure your profile is clean from Teams. Unfortunately this was not the case here. It simply did not install!

To understand why this might happened you need to know how some multi-user environments are designed, from a security perspective!

If you are like us, security oriented, you might have disabled Run and Run Once witch is used by some applications to auto-start, or to continue a installation after a restart, and is unfortunately very popular place to auto-start viruses and other malware. It is then common to disable this.

This is exactly the place Microsoft Teams specify the value that starts the Teams installation for a user, if its disabled, nothing will ever happened!

There is however a really easy way around this:

You probably already thought about this by now but there is a tiny detail that will make it work exactly as it was supposed to:

  1. Create a Shortcut – Name it Install Teams (or something else if you like)
  2. Target the Teams.exe file with this specific argument: “C:\Program Files (x86)\Teams Installer\Teams.exe” –checkInstall –source=default
  3. Save it, and place it in the Startup folder in the Start Menu.

The last argument in the Target path (–CheckInstall –source=default) is the reason Teams knows if you have it installed and keeps it updated.

I hope this easy little trick has been helpful, please make a comment if you feel like it or have some questions!



How to manually crash your VM on a XenServer

Sometimes you need to simulate or provoke a crash on a Virtual Machine to either verify a problem or get a Memory Dump to have a closer look at whats is happening with the Virtual Machine. The thing is, its quite tricky to do that manually. Lucky for you there is a quite simple way to achieve this on a XenServer and I will show every step of the way.

When your Virtual Machine (VM) is at the desired state you should do the following steps:

  1. Find out the VM ID the XenServer has provided the VM, this changes when rebooted so you need to make sure every time you do this, you cannot use the same ID again. First make note of the Virtual Machine UUID, you can find it under “General” for the specific VM.

2. Now we need to find out the ID the XenServer provided for this specific VM. Go the the XenServer Console (the host of the VM) and type the following: list_domains 

As you can see it lists all the VM on this XenServer, and you will also see the ID provided correlated to the UUID. Make sure you have the correct ID and type the following: xen-hvmcrash <ID> (without the brackets). 

Congratulations, You have now successfully crashed the Virtual Machine!



Manage your corporate devices using Citrix Endpoint Management

Let’s say you’ve bought in 50 new iPad devices that you want to deploy to your users, and you have acquired a new mobile application that you want your users to start using on these devices. This is a fairly common scenario for businesses and companies. But how do you do this in a fast and secure way?

By using Mobile Device Management (MDM), Mobile Application Management (MAM) and Citrix Endpoint Management (formerly XenMobile Services) in this case, we can configure these devices to fit our needs, without any end user interaction whatsoever.

For this scenario, we want the iPads configured in the following way:

  1. Automatically download and install the business application
  2. Restrictions, WiFi and application layout of the start screen configured
  3. Deployed into the system automatically

These requirements are easily configured using Endpoint Management. By using using polices and synchronization to Apples services we create a seamless experience for the end user.

1. Automatically download and install the business applications

First off, we need to do some configuration to get the application out to our devices. Using the Apple Volume Purchase Program (VPP), we can automatically install applications without any user interaction or Apple ID login. You enroll to the program on Apples web page, where you after enrollment download a token and upload it to your Endpoint Management console. It then automatically syncs down any applications you buy from the App Store into your Endpoint environment, ready to be pushed out to any devices automatically. So when the application is in your system and set as required, it automatically gets intalled on the devices. More information on Apples VPP program can be found here.

2. Configure the devices using device policies

With the use of Endpoint Management policies, we can configure the devices the way we want them. By creating a restriction policy and applying it to the devices, we can control what is and what isn’t allowed to do on the device. We can for example not allow applications to be downloaded, camera used or Siri activated, as shown in the screenshot below. There are many, many more restrictions that can be made. This is a good feature to use, when you don’t want the end users changing configuration and settings on the devices.

Restriction Policy

To get the devices automatically connected to the network, we make use of a WiFi policy. We pre-configure the device to automatically connect to a specific SSID using the configured WPA2 key:

WiFi Policy

By configuring a Home Screen Layout layout policy, we can control where the applications get placed on the device, as well as create folders for specifics applications to be placed in. This can be handy if we want the same look and layout on all the devices:

Layout Policy

3. Deployment

To enroll a large number of iOS devices, you can use Apples Device Enrollment Program (DEP). You submit the serial number of the devices purchased from Apple or an authorized seller to DEP to configure and enroll the devices. They are then automatically enrolled into your Endpoint Management and users can start using them right out of the box. More information on Apples DEP program can be found here

When the users now start the device for the first time, all the configurations and policies applied to the device will be configured automatically without any configuration requirements. By using MDM, MAM and Endpoint Management, we can really simplify the challenges that comes with administering mobile devices.



Teams in your Multi-user environment done right!

Microsoft Teams is on the rise, more and more businesses is seeing the potential of Teams and want a piece of the action.

Unfortunately Microsoft Teams is not ideally designed to work on a Multi-user environment like Citrix Xenapp or Microsoft Remote Desktop services. It is entirely installed in the users profile, and its quite big. A clean installation of teams is roughly 600 MB and will quickly grow, and you know what that means… You guessed it: Super long logon time, since logging on to the Multi-user environment often means the profile would be downloaded to Session Host before you are properly logged on, the users will not be happy! And on top of that, the latest recommendation in size per Teams installation is 3 GB…

There is however some rumors indicating there will be releasing a business version soon addressing this very issue! But if you are anything like me, and cant simply wait, there is a solution if you are willing to pay a small price, and you will at the same time have access to tons of other great stuff.

FSLogix Profile Container

FSLogix Profile Container is a great product that basically removes the profile size entirely, is an little agent you install on your Session Hosts and configure with an ADMX, you also need a file share with enough space for some big profiles. FSLogix is in the business of so called filter-drivers, what it does is simply put, lying to Windows. For example, when you install a 32-bit application to your 64-bit Windows System, Windows will use its own filter-driver to get it to work, its the same technology, its efficient and simple. In FSLogix case it is lying to the windows about the profiles, Windows thinks its a local profile, it does not know that in fact, the entire profile is contained in a vhd-file, mounted to the server. Because its a virtual disk that attaches to the server, there is only one SMB handle. It will therefor not be a huge load on the network, which you often sees when you for example roam your profiles.

Install Teams

When you have FSLogix Profile Container in place you can now install teams on your environment.  In early October Microsoft released a new version of Teams with some new features when deploying Teams to all the users in an organization, we are going to use parts of that to install Teams on to our environment!

 

  1. Download the latest version of Teams MSI-file (x64) file here!
  2. If you like to disable Auto-start of Teams use the following install string (otherwise just install without the option):

    This will put an Install file under “C:\Program Files”, and when a user logon it will automatically install Teams to this user.
  3. You do not need to update the MSI to the latest version, Teams will automatically download and install pending updates on the next logon of the user.

There you go, now your users can benefit from the full experience of Teams in your Multi-user environment, with one exception: if you are using Citrix, you have “Skype for Business Optimization Pack” to utilize local client resources for best quality of Skype meetings and calls. There is no support for Teams as of for now. It will soon be available though. With that said, I wouldn’t uninstall Skype for business just yet.

Other Great stuff

As mentioned above, there is a lot of benefits using FSLogix Profile Container. For a great period of time, Citrix User Profile Manager has been the best way to reduce the size of the profiles while still have the most important settings saved in your profile. But this is still just a trade-off, you trade off your caches and settings that impact your profile logon, but at the same time still trying to get the best experience for the user, this will sometimes collide and you have to choose between longer logon time or full functionality of a certain application.

With FSLogix Profile Container you no longer need to worry about large profiles, you don´t need to trade off! There are a lot of applications that saves a ton of settings and files in your profile that you now can install without impacting the user experience, this opens up a great deal of opportunities. You can for example install OneNote with it´s (potentially)  gigantic cache, CAD applications with thousands of files in the user profile and so much more.

 

If you find this interesting and would like a trial of FSLogix Profile Container to see if this fits your organizations needs, please contact us. It is easily installed and does not require additional servers or infrastructure!

 



Update Workspace Environment Management from 4.5 to 1808

The other day I tried to update Workspace Environment Management from 4.5 to 1808. I followed the guidelines provided from Citrix here. Everything went fine with the update of “Infrastructure Services”, “Database” and “Administration Console”, but when I tried to connect to the “Infrastructure Services” with the “Administration Console” I faced the error “Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again.”.

User-added image

I saw that the connection started to initialize to the database and everything went fine until WEM tried to read “StorefrontSettings”, then the error came up. I started digging by enabling “debug mode” in “WEM Infrastructure Service Configuration”. This saves a log to “C:\Program Files (x86)\Norskale\Norskale Infrastructure Services\Citrix WEM Infrastructure Service Debug.log” with information and errors connecting to the “Infrastructure Services”. Unfortunately I did not save the exact error message but it was something like “Error reading dbo.VUEMStorefrontSettings”.

WEM Debug

I remembered that Citrix added the functionality to point to a StoreFront store in version 4.6.

WEM Storefront

To resolve the issue I restored the database and server to 4.5 and upgraded all the components and database to 4.6, then 4.7 and then finally 1808. After this everything worked as expected.

Seems to me that Citrix forgot to add to create “dbo.VUEMStorefrontSettings” if not previously existing in 1808…




Outlook Search index med FSLogix

Något som upptäckts snabbt efter uppsättningen av sin “FSlogix Office 365 Containers”-lösning i en fleranvändarmiljö är att sök-indexeringen för Outlook i vissa miljöer görs om vid varje ny inloggning, det gäller miljöer där man har flera Session Hostar användarna kan logga in på.

Sök-funktionen i Outlook använder sig av “Windows Search” vilket är en databas över indexeringarna på hela Operativsystemet, det är alltså inget som lagras för varje enskild användare. Det innebär t.ex.  att en Citrix miljö med flera servrar kommer en användares Outlook indexera om hela Outlook vid varje ny server man loggar in på. Detta medför en långsam sökning (tills indexeringen är klar) och en onödigt belastning på CPU som i sin tur kan påverka hela miljön negativt. Det kan bli ännu värre i de fall man använder Citrix Provisioning Services (PVS) då den uppdaterade indexeringen försvinner vid varje omstart av servern.

FSLogix to the rescue

För att komma runt detta problem finns en funktion i FSLogix som tar med din Outlook indexering i VHD-filen, på så vis har du alltid din uppdaterade indexeringsdata med dig på vilken server du än hamnar på. Du behöver ändra på två stycken registervärden för att aktivera detta, jag själv föredrar att skapa/editera en GPO för detta.

Följande två registervärden ska justeras:

HKLM\Software\FSLogix\Apps

Type:                      DWORD

Value Name:          RoamSearch

Value Data:            2

 

HKLM\Software\Policies\FSLogix\ODFC

Type:                      DWORD

Value Name:          RoamSearch

Value Data:            2

 

Hör gärna av er om ni skulle vara intresserade av eller vill veta mer om produkter från FSLogix, se gärna våra tidigare blogginlägg om FSLogix nedan:

FSLogix Profile Containers – Enkel och snabb Profilhantering

Office365 med FSLogix i en fleranvändarmiljö

OneDrive with simulated Single Sign-On