Tag: Provisioning

PVS-Accelerator

Introduction

PVS-Accelerator is a feature for Citrix Hypervisor (previously named XenServer). The feature utilizes the local storage and RAM on Dom0 on each Citrix Hypervisor and caches read requests from a provisioned target device. It saves network, CPU and Provisioning host disk I/O resources, effectively improving performance. Overall your storage and network should see an improvement if they are under heavy load today. [1]

Network Bandwidth Utilization
Network Bandwidth Utilization [2]

PVS-Accelerator helps with improved end-user experience, accelerated VM boots and boot storm, simplified scale-out by adding more hypervisor hosts and fewer provisioning servers are needed.

Prerequisites

  • XenServer PVS-Accelerator feature is only available in Citrix Hypervisor 7.1 and Provisioning 7.13 or later
  • PVS-Accelerator is available for customer with XenServer Enterprise Edition or if you have XenDesktop/XenApp licenses
  • If you have a Citrix Hypervisor 7.1 <, Provisioning 7.13 < and XenApp/XenDesktop you should be able to utilize the feature without any extra license or upgrades in considerations [3]

Considerations

There is no need to reboot XS host to enable PVS-accelerator. Unless you have less than 4 GB on Dom0, which is required to enable the feature. Also notice that the recommended Cache Size on storage repository is 5 GB for every vDisk version actively provisioned.

PVS-Acceleration configuration
PVS-Acceleration configuration
  • PVS-Accelerator only caches reads from vDisk, but not writes or reads from a write cache. Support is for vDisks with any non-persistent write cache type, but not “Cache on Server, Persistent” or “Cache on device hard disk persisted” write cache type
  • If you have more than one virtual network interface (VIF), make sure that the first VIF of a VM is used for connecting to the Provisioning Server
  • If you have multiple Provisioning servers that are deployed with HA and the same VHD, but have different file system timestamps, data may be cached multiple times. Due to this limitation, Citrix recommends using VHDX format, rather than VHD for vDisks
  • If you are running a 10 GBe network or just a few streamed VMs you will probably not notice a big difference

Advantages

  • Lower network utilization
  • Faster VM Boot time (Around 60%)
  • Higher Provisioning server density
  • Improved logon time
  • Helps with a saturated network or branch office
Average VM Boot Time
Average VM Boot Time
Source: Virtualfeller.com [4]

How to install

Installation is pretty straight-forward. You can download the PVS-Accelerator Supplemental Pack at https://download.citrix.com (requires Citrix account).

  • Path: Downloads / Citrix Hypervisor (XenServer) / XenServer 7.1 LTSR or above (Any Edition) / Optional Components / PVS Accelerator Supplemental Pack
  • Download and install the .iso file from XenCenter
XenCenter - Install Update
XenCenter – Install Update
XenServer - Select updatre
XenServer – Select Update

A new tab will appear in XenCenter console. Select your Hypervisor pool and click the PVS tab. Configure the PVS-Accelerator by naming your site and cache configuration. [5]

Configure PVS Accelerator
Configure PVS-Accelerator

Next step is to go back to the Provisioning Console and create your VMs with PVS-Accelerator. You do this by right-clicking on your site and running the Setup Wizard. You cannot do this on your existing provisioned targets. The short explanation is that PVS-Accelerated VMs is tied to Provisioning servers with a UUID on the XenServer.

Note: If you were to re-install the XenServer where PVS-Accelerated VMs was enabled, Provisioning Services will become out of sync and you will need to delete previously configured VMs associated with the cache configuration, including host. And reconfigure PVS-Accelerator and setup the cache again. [6]

Provisioning Console - Streamed VM Setup Wizard
Provisioning Console – Streamed VM Setup Wizard

Be sure to select “Enable PVS-Accelerator for all Virtual Machines” when configuring the number of VMs and their resources.

Provisioning Console - Enable PVS-Accelerator
Provisioning Console – Enable PVS-Accelerator
Provisioning Console - Streamed VM Wizard
Provisioning Console – Streamed VM Wizard

Verify that the PVS-Accelerator status is Caching your VMs from the XenCenter > Pool > PVS tab.

XenCenter - PVS Tab
XenCenter – PVS Tab

References

[1] https://docs.citrix.com/en-us/xenserver/current-release/storage/pvs.html

[2] https://www.youtube.com/watch?v=l_vhMf3SFks

[3] https://support.citrix.com/article/CTX220746″>

[4] https://virtualfeller.com/2017/03/07/provisioning-services-accelerator

[5] https://support.citrix.com/article/CTX220735

[6] https://docs.citrix.com/en-us/provisioning/7-15/install/configure-accelerator.html



Provisioning services – Activate SMB2 for better security and performance

When installing Provision Services 7.x and below on a Windows 2008 R2 or Windows 2012 R2 – The Provisioning installer will disable SMB2 and only allow SMB1 on the server.
NOTE: SMB2 will still be enabled with a new install of PVS 7.13 (Thanks Andrew Wood).

Verify which SMB protocols are enabled on Windows 2012 R2 by running the following powershell command:

View SMB Protocols

View SMB Protocols


SMB 1.0 (or SMB1) – Used in Windows 2000, Windows XP and Windows Server 2003 R2 is no longer supported and you should use SMB2 or SMB3 which has many improvements from its predecessor. Another big reason is to prevent the security-hole that the WannaCry/Wcry/WannaCrypt0r-ransomware utilizes to infect and spread if you have not installed the security patch MS from Microsoft released 14th of March 2017.

Here’s a very brief summary of what changed with each version of SMB:

  • From SMB 1.0 to SMB 2.0 – The first major redesign of SMB – Windows Vista (SP1 or later) and Windows Server 2008
    • Increased file sharing scalability
    • Improved performance
      • Request compounding
      • Asynchronous operations
      • Larger reads/writes
    • More secure and robust
      • Small command set
      • Signing now uses HMAC SHA-256 instead of MD5
      • SMB2 durability
  • From SMB 2.0 to SMB 2.1 – The version used in Windows 7 and Windows Server 2008 R2
    • File leasing improvements
    • Large MTU support
    • BranchCache
  • SMB 3.0 – The version used in Windows 8 and Windows Server 2012

SMB2 has a requirement to utilize Oplocks. Enabling Oplocks will not cause any failures so long as the write cache is not stored on the Provisioning Server.
SMB2.1 introduced leasing and is more flexible and results in significant performance improvement in a high latency network.

If the write cache is on the PVS server then this would happen:

  1. You have two PVS servers, PVS1 and PVS2.
  2. The write cache for targets is hosted on \\FileSRV01\store
  3. A target device is connected to PVS1 and PVS1 becomes unavailable.
  4. The target device fails over and connects to PVS2.
  5. PVS2 cannot connect to the write cache file because PVS1 still has the exclusive OPlock to the file. Eventually, the OPlock will timeout and PVS2 will be able to connect to the write cache file, but there will be a delay.
    Cache-on-Server

ENABLE SMB2 and DISABLE SMB1

To activate SMB2 and disable SMB1 on Windows 2008 run the following PowerShell command:

To activate SMB2 and disable SMB1 on Windows 2012 run the following PowerShell command:

A reboot is required to activate the new settings. As always, perform any changes in a test scenario first, before deploying into production. This is important since Windows XP and Windows 2003 utilizes SMB1 and will not be able to communicate with servers over SMB where SMB1 has been disabled.

If you have any questions or feedback about above, feel free to leave a comment below!



Provisioning av Windows 2012 R2 – ShortFileName

I Windows 2012 R2 har det introducerats flera förbättringar. En förbättring är att Microsoft valt att stänga av vissa funktioner som tidigare varit aktiverade för bakåtkompabilitet. En sådan funktion är ShortFileName (SFN), även kallat 8dot3 Name Creation (8dot3), som Microsoft valt att inaktivera på nya diskvolymer som läggs till på en Windows 2012 R2, utöver operativsystemsdisken.

SFN användes i DOS, Windows NT 3.51 och Windows 95 där det fanns en begränsning i FAT filsystem för hur många tecken ett namn fick innehålla. Anledningen till att det är inaktiverat i senare OS versioner är för att SFN skapar en prestanda försämring vid skapande eller enumrering av filer [1].

För att enkelt verifiera om SFN existerar på en volym, skriv kommandot dir /x när du befinner dig i root-katalogen på en volym.

ShortFileName Exists

Resultat när SFN sökvägar existerar

Vi kan se att ”C:\Program files” har en förkortning till C:\PROGRA~1 och ”C:\Program Files (x86)” har en förkortning till C:\PROGRA~2.

Det är fördelaktigt att SFN är inaktiverat om det är en volymdisk på en filserver att spara prestanda. Som tidigare beskrivit vid skapande och enumrering av filer när SFN är aktiverat [1]Är det avstängt på en systemdisk, där applikationer fortfarande kan använda sig av SFN av någon anledning kan man få udda felmeddelanden.

Ett sådant scenario kan man stötta på när man provisionerar ut en ny diskrevision med Office 2013 installerat. Installation av Office-paketet i Golden-image fungerar och ger inga felmeddelanden. Först när man startar Word på sina provisionerade targets kan man få meddelandet:

Office Word Something Went Wrong

Utför vi kommandot dir /x på en provisionerad target kan vi se att ShortFileName sökvägar inte längre existerar på diskvolymen.

ShortFileName Does Not Exist

Resultat när SFN sökvägar saknas

Som beskrivit tidigare, när nya diskar läggs i Windows 2012 R2 blir SFN inaktiverat på nya diskar. Äldre program och plugins som använder sig av SFN kan delvis eller helt sluta fungera om sökvägarna inte existerar.

I följande scenario har vi en Golden image med en Systemdisk C:\ som vi skall kopiera till den tomma vDisken E:\. Vi kan verifiera att möjligheten att skapa SFN är aktiverat på volymen C: genom att använda oss av

  • fsutil.exe 8dot3name query c:

8dot3 name creation enabled

Skapandet av SFN-genvägar är aktiverat

Värdet “0 – 8dot3 name creation is enabled” för C:\ visar att det är möjligt att skapa SFN genvägar.  Utför vi samma kommando mot vår tomma vDisk E:\ kan vi se att det SFN är inaktiverat, vilket innebär att SFN sökvägar inte kommer skapas.

8dot3 name creation disabled

Skapandet av SFN-genvägar är inaktiverat

LÖSNING OCH ÅTGÄRD

För att undvika att varje ny vDisk har SFN inaktiverat ändrar man följande registervärde [2] i sin Golden Image.

Registry PATH:                             HKLM\System\CurrentControlSet\Control\FileSystem\
REG_DWORD:                             NtfsDisable8dot3NameCreation
Value:                                             2 > 0

0: Enables 8dot3 name creation for all volumes on the system.
1: Disables 8dot3 name creation for all volumes on the system.
2: Sets 8dot3 name creation on a per volume basis.
3: Disables 8dot3 name creation for all volumes except the system volume.

Källa: [1]
https://blogs.technet.microsoft.com/josebda/2012/11/13/windows-server-2012-file-server-tip-disable-8-3-naming-and-strip-those-short-names-too/

Källa: [2]
https://technet.microsoft.com/en-us/library/ff621566.aspx