The top vBlog 2015 voting phase has begun and is open to anyone to place their votes on their favourite blogs and bloggers over the past year.

The top vBlog process is sponsored by infinio and vSphere-Land run by the excellent Eric Siebert, for those of you lucky enough to make it into the top 50 commerative coins will be available as a cool keep sake of your achievement.

As anyone who dabbles knows blogging takes time and commitment however provides a valuable resource for everyone to find about new technologies or obscure error messages that no one else has come across.

Blogging has also opened many doors for me as well and I’ve made many good friends within the virtualisation community because of it so if you’ve been toying with the idea of blogging I would highly recommend that you do so.

I was honoured to come in at number 63 last year which was a climb of 40 places from the previous and I’m grateful for each and every vote. If you’ve found anything of mine interesting or helpful this year then please feel free to think me when casting your votes.

To begin casting your top vBlog votes head over here or drop directly into the survey here and why not join in and be social, follow me on twitter, Facebook or linkedin!

Author: Dale Scriven

Citrix in the last couple of days have annouced a new feature pack for XenApp and XenDesktop 7.6. Feature Pack 1 is the first update for 7.6 to be released and rather than being the usual mish mash of patches and feature enhancements this feature pack includes two new technologies recently annouced at the Citrix event in February. 

Session Recording (think Smartauditor of old), allows you to (with the permission of the recordie essentially perform a video capture of a staff members desktop. This is great for instances where staff maybe expierencing an intermittant issue and the “it always works when your here” is prevelent. This new feature is open to Platinum licence holders only.

HDX RealTime Optimization Pack for Lync 1.7, This add’s new functionality and supports Lync 2013 within a Citrix deployment. I think both VMware and Citrix realise the applications such as Lync are extremely important to continue driving business and Citrix have released a number of updates recently in regards to Lync. This update superceeds the Lync VDI plugin that Microsoft offers  in thin client scenarios as well as officially supportings Lync on non-windows devices (*nix/Mac) and major thin client OS. It is also supports delivering Lync as a published application rather than part of a full desktop and many other VOIP features that are becoming key to any business. 

The RealTime pack is also backward compatible to XenApp 6.x and XenDesktop 5.x and is available to Enterprise and platinum customers. 

More information can be found HERE and you’ll need to login to your MyCitrix account to download the feature pack.

Author: Dale Scriven

With the launch of VMware Horizon View 6.1 Cloud Pod arcitecture came to the forefront by way of additions to the GUI. Cloud Pod first really came about in version 6 however it was a command line only implimentation much of the initial setup and configuration now has a GUI element within the 6.1 View Manager which will please many however home sites have yet to make that transition.

Home sites allow you to specify where a User or Group will be directed in a healthy environment irrespective of their actual connection server entry point. For example if you have 2 sites one based in London and the other in Glasgow even if someone from London village authenticates into a connection server located within Glasgow then their desktop session will still come from London because that has been specified as their home site. 

As mentioned before however this has not quite made it to the GUI yet, or at least I’ve not found it yet and trust me I’ve looked! 
So in order to set up a homesite for a User or Group you will need to drop into a dos box on a connection server and enter in the below:

lmvutil —createUserHomeSite  —userName domain.local\user —siteName London

The above command links a User to a particular site within the Cloud Pod architecture however of course using individual Users is never a good idea which is why preferrably you would set up a specific group within Active Directory and link the group to a home site. The command is as below: 

 lmvutil —createGroupHomeSite  —userName domain.local\user —siteName London 

By creating home sites for Users or Groups you then are able to easily ensure that users are able to logon to desktops within pools that are closest to their data in a normal day to day operation. 

I’m very excited about Cloud Pod as at the moment it really is a great technology and one area where VMware Horizon View really shines over and above XenDesktop at the moment as its really flexible and allows for a very simple configuration of Active/Active and Active/Passive desktop configurations.
Author: Dale Scriven

Today VMware have announced the release of their User Environment Management product into the wild which is interesting if not unexpected. VMware purchased Immidio in February 2015 VMware have built on solid foundations to provide an extra layer within the EUC space without having to reach out to other vendors.

This is certainly a great move by VMware and the licensing choice and positioning currently again strengthens their desire to take a big piece of business away from traditional Citrix stomping ground. VMware UEM piece can be purchased as a standalone product or is now included within the Horizon Enterprise suite. VMware are also making a point that Citrix customers can purchase the VMware application management bundle to take advantage of UEM and the other offerings within the stack.

Find out more HERE

Author: Dale Scriven

When a user tries to logon to NetScaler Access Gateway they may receive a message such as “login exceeds maximum allowed users” if the Access Gateway VIP is configured for smart access mode.

Theres several reasons why you may get this error and I’ll list a couple of them here.

Do I need smart access mode
Smart access mode enables Access Gateway features such as EPA scans which check endpoints for the presence of Anti-Virus, files and many other items. Also smart access mode allows you configure the Access Gateway as an SSL VPN which requires the client device to use the Access Gateway plugin or clientless access to back end web resources.

What do I need for smart access mode
Smart Access mode you will not be surprised to hear is a licensed feature which you will need to purchase Universal licences. Each NetScaler comes with 5 universal licenses for you to use initially. Additional licenses can be obtained either through your XenApp/XenDesktop licensing agreement or as seperate bundles. Its also important to note that when a hostname is required for licensing purposes within your MyCitrix account then the hostname Is CaSe SeNsItIvE for the NetScaler.

Anyway back to topic, all NetScalers come with 5 universal licenses as shown in the picture of my VPX below, I’ve not purchased anything extra to get those.

Its important to understand that in the licensing console of a NetScaler the universal licenses required by Smart Access mode are represented with the “Maximum NetScaler Gateway Users Allow” section and that the “Maximum ICA Users Allowed” reflects the basic mode feature set of an Access Gateway namely ICA proxy for web and native receiver clients.

Issue one
You have not purchased any Smart Access licenses and no more than 5 people can log into Access Gateway at a time.

Solution one
This is quite straight forward in the when an Access Gateway VIP is created by default it will always run in Smart Access mode which you can check by opening the Access Gateway VIP and in older versions checking the radio button setting depicted below.

In 10.5 this has changed a bit and is not imediately obvious but the setting is now called ICA Only. If this is set to false then the VIP is running in Smart Access mode, hit edit and change it to true and then save the config.

Issue two
You are utilising Smart Access mode but users are still receiving the “Login exceeds maximum allowed users” message when you should have plenty of licenses and checking the licensing page proves you have installed the correct number.

Solution two
There are two possible solutions to this one. Firstly you may have an incorrect number of “Maximum Users” specified. Open up your Access Gateway VIP and check the setting depicted below.

If that is set to anything other than 0 or over the number of universal licenses you have purchased then again edit the NetScaler Access Gateway VIP and set it to the maximum amount of licenses you have purchased.

Solution two point one
I have also seen in a couple of firmware revisions of NetScaler that a global default setting the maximum amount of users override the locally specified Maximum Users count which again results in the Login exceeds maximum allowed users message.

You can check this by logging into the NetScaler through a tool such as putty and running the command “show AAA parameter” this will print out something similar to the below.

We are interested in the MaxAAAUsers entry here and if you suspect that users receive the Login exceeds maximum allowed users message after that the MaxAAAUsers number has been reached then you can alter this by running the following commands replacing X with your number of purchased universal licenses:

set AAA parameter MaxAAAUsers X
save nsconf

Again make sure you save the config and then test that the correct number of users can now login to the Access Gateway VIPs.

Author: Dale Scriven

There are a couple of ways that you can present SSD storage in nested VMware vSphere ESXi installations.

You may need to do this because you want to lab out VSAN of which SSD is a requirement within a VMware Workstation environment. As a rule if you create a VMDK for the ESXi instance that is actually SSD backed the nested ESXi instance will recognise this and you will not actually need to do anything. But what if it does not or your do not have SSD available to you.

Depending on the version of vSphere that you use this can be a simple single click operation or an addition to the VMX file for the ESXi vm.

vSphere 6

Those of you who are running vSphere 6 in your lab there is a handy Tag feature which will allow you to mark a hard disk as SSD/Flash even though ESXi has not detected it as such to begin with.

1/ From within the Web GUI click on the host in question and then navigate to the Manage tab and then select Storage and then the Storage Devices menu.

2/ Select the disk you want to specify as a VSAN compatible disk and you will notice a new blue icon with an F in it!

3/ Clicking on that allows you to mark the select disk as a Flash disk (or back to HDD if you feel so inclined).

Thats it your done. Simples!

vSphere 5.5 and older

For older versions of vSphere without the Mark as SSD/Flash capability a little bit more tinkering is involved.

Heres a screenshot of a ESXi disk I’ve added from an old SATA spinning disk I have and have created a small 2GB virtual disk and attached it to the nested ESXi instance.

Firstly we’ll need to know the SCSI ID of the VMDK disk at the VMware Workstation level.

1/ Goto Edit Settings in your ESXi virtual machine and select the virtual hard disk in question.
2/ Click the Advanced button at the bottom right hand side of the settings window.

3/ Take note of the SCSI ID of the virtual hard disk and then click ok and then exit the settings dialog box.
4/If not already shutdown the ESXi virtual machine.

5/ Now edit the nested ESXi’s vmx configuration file and Add “SCSI0:5.virtualSSD = 1” into the file. Where SCSI0:5 is enter the SCSI ID you have taken note of in step three.
6/ Save and close the vmx file

7/ Start the ESXi virtual machine and once it has booted and reconnected to vCenter you should see that the disk is now marked as Flash storage.

Thats it all done. As mentioned this is very useful for labbing out things like VSAN where it needs to be able to see SSD/Flash type storage and when a nested ESXi environment is having trouble passing through an SSD or you do not have one. Of course by marking a spinning disk as SSD/Flash you cannot expect any sort of performance out of it but the options are there if you need them.

Author: Dale Scriven

Liquidware Labs have annouced at this weeks Citrix Synergy the release of ProfileUnity 6.5. Within the suite includes an enhanced FlexApp application layering technology.

Similarly to VMwares AppVolumes applications can be layered into a OS which differs from technologies such as ThinApp and App-V where applications are streamed from a network location or other technologies such as SCCM where applications are pushed and installed into the OS. Application layering technology allows applications to be captured to a seperate VMDK/VHD file which is then quickly replicated and connected to targets making the operating systems think and act as if the applications are locally installed.

ProfileUnity has gained the Citrix Ready monikor meaning that the technology stack has been verified to enhance Citrix deployments which enables seamless and instant application delivery.

The ProfileUnity deployment methodology is based upon clustering the backend services so there is little to no reliance upon external load balancing technologies such as Citrix NetScalers to bloat.

Applications can include file system drivers and services and can be deployed to users/groups or computers and contextually applied based upon policy filtering.

ProfileUnity supports Citrix XenApp/XenDesktop VMware and RDSH offerings but Liquidware Labs seem to be buddying up with Citrix to possibly combat VMwares recent inclusion of the AppVolumes and UEM technology into its stack areas which Citrix themselves are lacking .

ProfileUnity 6.5 is still currently in beta and not at this time due for release until June, to find out more and read the press release click HERE.

Author: Dale Scriven

In this post I’ll show you how to replace a VMware Horizon View composer security certificate.

When you install the View composer service either by co-hosting it with vCenter or on its own instance you are given the option to create a default self signed certificate or choose one that is pre-installed. Once the composer service is installed you have to drop down to the command line to administer the certificates after that.

Firstly though before running any commands you will need to have your replacement certificate installed and ready for use. This could be an internally verifiable certificate or one signed by an external authority such as verisign. The easiest way I find is using an IIS server to create and complete the request and then export the certificate with the “Mark private keys as exportable” setting ticked. You can find the low down on the proceedure here but dont worry about the VDM friendly name bit.

You will also need to stop the “VMware Horizon Composer” or in later versions its called “VMware View Composer” service on your composer server so make sure you are in a period of low activity where no composer actions are likely to be performed, open up your services.msc and stop the composer service.

Once you have the certificates installed on the composer server then drop into the command line and navigate to C:\Program Files (x86)\VMware\VMware View Composer

Now execute the following command (minus the quotes):

“Sviconfig -operation=replacecertificate -delete=false”

You will then be presented with a list of certificates that you can choose from and you just need to hit the number next to the certificate you wish to choose.

Once completed you can start the “VMware Horizon Composer” service and monitor the “system” event logs to make sure you do not get any SSL based errors.

The -delete=false string in the command specifies if the original is deleted when you replace it with the new one, every the pessimist I would always set this to false so you can quickly switch back to the working certificate if you find its not happy.

Author: Dale Scriven

I want to focus on a single particular new feature of Citrix Storefront 3 and the X1 interface in this post.

Featured App Groups is the ability to group applications by three ways so that staff can quickly see and subscribe to multiple applications that perform a specific function.

This list is created by a simple mixture of Citrix Studio (for XenApp,XenDesktop 7.x) configuration and Citrix StoreFront set up.

You have three choices of methods for grouping applications,

By application name
By Keywords
By application catagory

Application Name

When configuring the StoreFront featured apps this is simply a case of entering the name of the published applications that you wish to group together.

Keywords

This is a feature from Citrix XenApp 6.x onwards which allows you to specify basic functions of applications like auto-subscribe etc see here for a previous post on the other abilities that keywords provide. However the keywords for the featured apps options are fluid and do no require specific keywords as we will go into later on.

Application Catagory

With XenDesktop/XenApp 7.x there is an additional field when publishing applications and desktops named catagory, this field can be used to specify featured apps.

Configuration

Configuring Citrix Storefront 3 with featured apps as you can probably guess by the above is pretty straightforward.

Firstly open up your Citrix Storefront gui and click on your Receiver for Web store where you want to configure Featured Apps.

Then click the Manage Featured App Groups button on the right hand side.

You will now see a blank box where your Featured App Group configurations can go. Click Create to begin configuring Featured App Groups.

Most of the next page is self explanatory. Input the name of the featured app, this will appear in the staff Storefront view and then optionally a description of the application.
You also have a choice of images and colour hues to pick from to match whatever scheme you have chosen for Citrix StoreFront itself.

Then finally you come to the method of application bundling. When no preference exists I would always go with the Keywords method as its nice and visable within all the consoles and is not affected by a simple application name change within Citrix XenApp or XenDesktop studio.

Using Keywords
When Specifying a keyword simiply choose a single easy to remember and relevant word to describe the application bundle and enter it.

Using Catagories
When specifing Application Catagories again just come up with a single word that can describe the group and enter it.
You can also create a folder structure using catagories by specifing something like Applications\Bundle.

Using Application Names
Utilising application names for bundles is slightly different as you need to specify each application by published application name in the list. So open up your Citrix XenApp/XenDesktop Studio and note the PUBLISHED APPLICATION name and enter those names into the list.

When using Application Names this is all the configuration that is required but you do run the risk of applications dropping out and increased troubleshooting time because of an application name change and its not quite so simple to see which bundle they belong to.

Citrix XenDesktop/XenApp Configuration

Now you have Storefront configured with the keywords and catagories its time to configured the applications and desktops.

Open up Citrix Studio and then goto the Delivery Groups tab right click on a published application and choose the Properties option.

Using keywords
When utilising the keywords method type the keyword in the following format ignoring the comma’s:

“Keywords:<InsertKeywordHere>”

Using catagories
When using catagories click on the Delivery Tab on the left had side and enter the category in the following format, ignoring the comma’s:

“<ParentFolder>\<InsertCatagoryHere>”

Once complete click the OK button and test that the applications appear in the correct bundle through Citrix Storefront.

Author: Dale Scriven

I’ve written a couple of articles before on load balancing VMware Horizon View with Citrix NetScaler, but needed to revisit this for a couple of reasons.

A vendor approached me some time ago and requested that I create a white paper for them on the subject which I was more than happy to do. As time has gone on the scope has changed and some of my creation will be inserted into a larger paper that will be published in the future. They have kindly allowed me to publish the original document I created for them as I didn’t want the the full document to go to waste.

I’ve been waiting to update my original blog post (Here) on load balancing VMware Horizon View security servers but have decided to leave that as is with just a pointer to the document I’ve created.

Load balancing security servers is really a requirement when planning for high availability as VMware Horizon View currently has little in the way to provide fault tolerence at the connection and security server tier. A Citrix NetScaler is a great fit when considering high availability because of its advanced monitoring capabilties and many deployment options.

You can download the Load balancing VMware Horizon View Security Servers with Citrix NetScaler technical guide from HERE.

When you’re planning a new SBC or VDI deployment obviously the most exciting things that are planned down to the minutest details is the back end infrastructure. The servers and the technology Citrix/VMware/Others all grab the limelight but there is another piece of the puzzle that is more often than not almost treated as an afterthought, the desktop clients or more precisely thin or zero clients.

So often when organisations decide to go down the thin or zero client route, not enough thought is put into what devices to actually purchase or what vendor brand to purchase. It becomes more of a budget minimising exercise, because they’re all the same right!? Some organisations are looking for a solution that fits both their immediate requirements and their budget, whilst others are looking toward future endpoint use cases such as application support, peripheral support, multi-screen support or greater graphic/multimedia capability.
Far more frequently than you think, organisations get trapped in the mindset of only looking to fullfil their immediate requirements and buying the cheapest devices available. Seeing a Thin or Zero Client as a commodity can be a bit of a short-sighted perspective of the technology, which can very easily lead to buyer’s remorse in a year or two. It is far better to buy a Thin or Zero Client that caters for today, but also has the versatility to cope with tomorrow.
I’ve kindly been sent a couple of thin clients by 10ZiG Technology to review, now I must at first say that I have no official association to them other than I keep bumping into the 10ZiG chaps at conferences over the years and I happen to really like the clients and their management functionality.
They have sent me two of their new quad core clients to put through the paces namely a 5848qc Citrix Zero Client and a 5818q Windows Embedded 8 based thin client.

Specs
So let’s talk about specs first. The Zero Client 5848qc has a 2GHz quad core processor that can boost to speeds of 2.42GHz and by default ships with 2GBs of RAM (can be upgraded to 8GB) and 1GB internal storage (upgradable at purchase to 128GB). It also comes with 7 x USB ports, one of which is USB 3.0 and one secure lockable port too. It has 2 x DVI ports and the standard audio in and out jacks and rj45 sockets. There are also optional extras in the guise of Wireless networking, VESA mounting and support for USB based smart cards.
The 5818q is a WES8 device and comes with the same Intel Quad Core 2Ghz processor with 2.42GHz boost mode. 2GB’s of RAM is default in this model (upgradable to 8GB) and 16GB’s of internal storage upgradable to 128GB. Same I/O options to the above are in this model. The difference between the two models I’ve been sent lies with the target SBC/VDI technologies that they are directed towards. The zero client is solely optimised for the Citrix technology (HDX) stack while the 5818q Windows Embedded 8 device caters for all of the major VDI clients, including VMware Horizon View (PCoIP) stack, Citrix HDX stack and Microsoft RDS. The increase in base specs of the WES8 device clearly is to accommodate the Microsoft Windows operating system with plenty of spare storage for the needs of today and tomorrow . This device is also available with Windows Embedded 7, the 5817q.

Management

Management is another strong point for me of the devices as 10ZiG provide their Management suite, ‘10ZiG Manager’, for all their thin clients free of charge with any number of purchased clients, so if you have 1 thin client or 100,000 you’re still entitled to use the management software no strings attached. There are also no hidden upgrade charges, so you get full enterprise functionality, for unlimited devices, 100% cost free.
The 10ZiG Manager will auto discover and apply custom template configurations to thin clients as they are added to the network and the configurations are also applied dynamically so any updates are applied applied when the thin & zero clients are rebooted, so no SneakerNet required here thank you! Additionally, templates, images or configuration changes can be scheduled remotely to occur when it suits you your staff’s working hours, meaning no downtime.

So whats Quadcore all about then

Quadcore thin clients may seem a little over the top and in fact when I’ve told people about them thats often the politest reply I’ve received however thinking about the technologies involved this makes a great deal of sense. As I’ve mentioned above organisations are happy to tweak tune and plan their infrastructure in miniscule detail in order to maxis IOP’s reduce OS bloat and increase performance on the datacentre and then by the same token often you see then purchasing the cheapest items available that sit on the users actual desktops be that actual workstations or thin clients. Now you can have one of those fandabbydozy 1million IOP arrays with NVIDIA GRID cards serving just two VDI instances but if the endpoint that actually has to make sense of the PCOIP/HDX/RDP traffic and deal with keyboard/mouse move along with Lync voice etc transactions is not up to the job the end user will still get a shabby experience.

VDI and SBC traffic whilst always being optimised and improved by the vendors is also being asked to do more and more each month and its not just a nice to have niche cases within the organisation anymore. Everyone wants lync to run virtually across HDX or PCOIP for instance and the trend is growing to make use of graphics acceleration technologies such as NVIDIA GRID to serve up things as seemingly mundane as web pages as Internet Explorer has used for quite some time capabilities of a GPU.
All this and whatever else is round the corner requires grunt at the client end to be processed and dealt with accordingly. Those often purchased bargin bin thin clients by any vendor that would have served their purpose very well in the PS 4.5 2003 days of a bit of Word, Outlook and basic admin task published applications suddenly end up costing a lot of money when they are discovered to be underpar and end up in the skip or Ebay.

The Experience

10ZiG have made sure that the thin client experience is great for both IT admins and end users, with all thin clients I’ve tested booting into their Operating Systems and their PCOIP/HDX sessions with the minimum amount of fuss that normally confuses and upsets. Both thin clients I received coped with office type workloads and playing video content etc flawlessly. I also ran a quick test of the NVIDIA faceworks demo on the zero client as shown in the video below (sorry no pro video equipment here) which even with the underpowered lab equipment I had worked very nicely indeed.

Both devices reviewed also support local HDX flash redirection, which is particularly unique in the 5848qc’s case as you would be hard pushed to find another Zero Client that does this on the market. If you have tens of users running flash content all at once then this allows all of that server workload to be taken on locally by the device itself.

Extra Sweeteners

In addition to all the above 10ZiG are currently (as per the date of this blog post) running a buy-back program where customers who have any vendor’s treradici 1 based hardware can trade them in for new 10ZiG thin clients. This is great news for any long time VMware Horizon View customers who are facing the end of the Tera1 protocol which will see out its days within the VMware Horizon View 6.01 release. All future releases of VMware View will use the Tera2 protocol. This is a great incentive to ease the financial burden of upgrading your VMware Horizon View estate and also to standardise your thin client estate at the same time. You can get more information on the scheme from HERE.

If your still not sure 10ZiG will send you demo units which you can use along with the management server component to see if they make a good fit in your environment.

Personally I love 10ZiG devices and will always recommend them for their ease of use and great management options and now with the quadcore thin clients even those staff who require extra end to end grunt in their infrastructure no longer need be tied to a full on PC.
For more reason to choose 10ZiG, see HERE

Author: Dale Scriven

If you are running Citrix Provisioning Services (PVS) prior to version 7.1 you might be experiencing some issues with your applications.

The issues generally relate to random crashing of Microsoft Office applications or performance issues of those applications. When the applications crash I’ve often seen 0xc0000005 exception codes in the event logs.

When this occurs you will likely find that Provisioning Services (PVS) has the write cache set to target device which is a very common configuration. If you are experiencing similar issues with this configuration you maybe suffering from ASLR and Provisioning Services (PVS) compatibility problems.

ASLR is Address Space Layout Randomisation which is a Microsoft Windows technology that attempts to randomise placement of process data into memory to reduce the processes attack surface. This unfortunately does not place nicely with older versions of Citrix Provisioning Services (PVS) as PVS will modify the memory descriptor location before writing data the the write cache and when the data is reread into memory ASLR triggers the exception.

You can test if this issue is relevent to your environment by either changing the mode of a vDisk to private Image or maintenance mode and trying to reproduce the problem. Another method you could use is to change the cache type something other than target hard disk.

Presuming that you are experiencing issues with Citrix Provisioning Services (PVS) and ASLR the recommended solution is to upgrade the version of Citrix PVS to a minimum of 7.1. This generally ties in nicely with Citrix Provisioning Services (PVS) 6.x going end of maintenance in June 2015 so you should be thinking of upgrading at this point anyway. In addition the more recent versions have beefed up their write cache RAM options which gives massive IOP benefits (Read HERE).

Author: Dale Scriven

So Citrix recently annouced FP2 (feature pack 2) for XenDesktop 7.6 which includes loads of new features the most exciting of which for me is the FrameHawk integration.

When you download the FP zip package there are a number of MSI’s and MSP’s located within. These go either within the VDA or control tier of the XenDesktop infrastructure. For ease of installation the below is a quick list of the current contents of the FP2 download and where each component should be installed.

Within the Gold image
ICATS760WX64022.msp (For 64bit Windows Server operating systems, VDA core update)
ICAWS760WX64022.msp (For 64bit operating systems, VDA Hotfix)
ICAWS760WX86022.msp (For 32bit operating systems, VDA Hotfix)
WMIProxy_x86(x64).msi (Director upgrade)
HDXWMIPROV220WX64001.msi (HDX WMI hotfix)

Within the XenDesktop Controller
GPMx240WX86002.msi (For 32bit operating systems, group policy update)
GPMx240WX64002.msi (For 64bit operating systems, group policy update)
XDPoshModule760WX86002.msi (For 32bit operating systems, Citrix Director update)
XDPoshModule760WX64002.msi (For 64bit operating systems, Citrix Director update)

Within the Director server (if seperate to the XenDesktop Controller)
DesktopDirector.msi (For 32bit operating systems, Desktop Director update)
DesktopDirector_x64.msi (For 64bit operating systems, Desktop Director update)

Finally to make use of the FrameHawk features the Windows clients must be running Citrix Receiver 4.3. See HERE for more information on current FrameHawk support.

Author: Dale Scriven

So this is my first official stab at podcasting and I’ll be talking about the reasons for wanting to start podcasting and also reviewing the London VMUG meeting on the 9th July 2015. As discussed within the podcast here are the details of the various contributors to the days activities.

London VMUG homepage https://www.vmug.com/london

London VMUG Facebook Group https://www.facebook.com/UKLondonVMUG

London VMUG Twitter @LonVMUG or discuss #LonVMUG

9th July Presentation bundles

London VMUG event organisers

Jane Rimmer

Simon Gallagher 

Alaric Davies

Stuart Thompson

Sponsors:

Zerto

Cumulus networks

Sumerian

Shavlik

As mentioned before if you would like to have a chat with me and be on the podcast you can get in touch by emailing  admin@vhorizon.co.uk or grabbing me on twitter @dscriven or on our Facebook page and I’ll look forward to hearing from you (ps don’t worry I’m hoping they will be getting better)!

Author: Dale Scriven

In episode 2 of the vhorizon podcast I talk to Jason Mattox CTO of Liquidware Labs about Stratosphere FIT and the new updates to ProfileUnity and FlexApp.

To find out more about Liquidware Labs head over to liquidwarelabs.com

Right Folks its competition time here at vhorizon. I have a Virgin experience day voucher up for grabs. Its a Double Supercar Thrill a choice of great racetracks around the UK and I’m giving it away to one lucky winner.

What you have to do is nothing like the usual singing your life away blood or drowning in a sea of marketing emails forever more. All you need to do is tell me;

What is your biggest current EUC challenge?

Just use the contact box below to fill in your details and you will be automatically entered.

Small Print: The prize is a Virgin Voucher which cannot be substituted for anything else. It also has a limited shelf life and must be used by the expiry date upon the voucher. It is also only valid within the UK so whilst I welcome all answers to the question anyone outside the UK cannot win the voucher.
On the plus side no details entered will ever be used for nerfarious purposes the only contact you will receive from entering your details will be that you have won the competion. All details after the close of the competition will be deleted.

The competition will end on the 21st August 2015 and the winner will be contacted shortly after.

Good Luck!

Author: Dale Scriven

I run a windows VM with VMware fusion on my mac for the sole purpose of Microsoft Visio and all the pretty pictures that I need to draw.

Theres always been a drawback though for me which I’ve never really looked into fixing until now. Drawing Connector (connection) points in the diagrams has always produce quite alot of blue air around me. Normally in Windows all you have to do is click the X to specify that you want to create a connection point and then press CTRL as you click the location where you would like it to go.

Within VMware Fusion however pressing CTRL to begin creating your connection point just produces the right click menu when you click the location within the Visio diagram.

Anyway today I decided to try and figure out if anything can be done to cure my issues with Visio connectors in VMware Fusion. It turns out its a very simple fix.

Goto your virtual machine settings and click the Mouse and Keyboard.

Now click the dropdown cog on the virtual machine profile and click Edit.

Now simply deselect the Secondary button option.

Job done, you can now create new Visio Connection Points until your hearts content. I’ve lived with this for a while and am now kicking myself for not looking into it before.

Author: Dale Scriven

Silent Install of VMware UEM Agent

The VMware UEM Agent comes in the form of two MSI packages one is for the x86 platform and the other is for x64, you are all using the x64 one by now right?!

For VMware UEM it makes sense to deploy this on mass through one of many methods such as MDT, SCCM or whatever happens to be your favourite push/pull deployment mechanism.

Silently installing a basic configuration of VMware UEM couldn’t be simplier with just a couple of MSI switches plus the MSI file and the VMware UEM license file.

The simple command line to install the agent silently is:

MSIEXEC.EXE /I “VMWARE USER ENVIRONMENT MANAGER XX.MSI” LICENSEFILE=”FILE.LIC”
/PASSIVE

In addition to the LICENSEFILE viarable there are others that you can use to customise the installation.

INSTALLDIR
ADDLOCAL

The INSTALLDIR variable is straighforward enough as it allows yuou to specify where you would like the installation folder to be within the target system.

ADDLOCAL though is far more useful as it also has the following sub-options:
FlexEngine
FlexMigrate
FlexProfilesSelfSupport

These options allow you to specify which components of the agent to install so if you simply want the agent to be installed without the self support or migrate options then just create your command line like this.

msiexec /I “VMWARE USER ENVIRONMENT MANAGER XX.MSI” licensefile=”FILE.LIC” addlocal=FlexEngine /PASSIVE

Its worth noting that capitalisation within the addlocal=FlexEngine seems important here as when I’ve installed it previously without the correct capitalisation I’ve had errors and install failures.

Author: Dale Scriven

Finding MSI install options and switches

There are times when you’d like to install an MSI file in an automated fashion but finding which switches and options the MSI supports can be tricky and time consuming. Googling can give you the answers but not always.

There is any easy method of finding out the switches and options the application MSI uses to install and it involves running the MSI and logging the install routine.

Simply run the following to create a log file of the install routine:

msiexec.exe /log c:\somelocation\log.txt /i myapp.msi

Once you have manually run through the steps required to install the MSI open the log.txt file that was also created alongside the installation and anything in the log file with a Property (C) or (S) flag is a variable that you can use as part of an unattended installation switch or option.

Example of a log file I created recently to discover a couple of flags for VMware UEM.

Property(S): LicenseFile = C:\VMware-UEM-8.6.0-eval-expiring-2015-08-21.lic

Property(S): ALLUSERS = 1

Theres been alot of talk recently and rightly so on the importance of securing your Citrix NetScaler. A popular site for testing how secure your NetScaler is Qualys SSL labs which once you enter in your FQDN will give you a graded report against various know vulnerabilities.

There are plenty of resources on the net explaining what features you need and which you need to disable to secure your NetScaler against the common security exploits but if only there was an easy way to jump from that initial C rating straight to A+…

I have tested this across several versions of Citrix NetScaler 10.5 and 11 firmware releases so you should not have any problems running the script against yours. As ususal make sure you have saved and backed up your config before applying anything new to a NetScaler including this script (and as usual test it before deploying to production equipment).

All you need to do is change a couple of variables and run it through putty or the NetScaler console.

Variables
%vServer% change this to match the VIP name of your access gateway, there are 6 instances of this within the script so do a find and replace and save yourself even more time!

bind ssl vserver %vServer% -cipherName “VPX_Group %OR% MPX_Group” Within this line choose the cipher group you wish to bind depending on if you have a VPX (virtual) or MPX (physical) device.

Once you have run the script goto Qualys SSL labs and run the test again. You should find that you now score A+. That wasn’t so hard was it?

Script

set ssl vserver %vServer% -ssl3 disabled -tls11 enabled -tls12 enabled

create ssl dhparam DH-Key 2048 -gen 2
set ssl vserver %vServer% -dh ENABLED -dhFile “/nsconfig/ssl/DH-Key” -dhCount 1000 -eRSA DISABLED 

add ssl cipher “MPX_Group”
add ssl cipher “VPX_Group”
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-DES-CBC3-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES128-GCM-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES256-GCM-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES-256-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES-128-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES-128-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES-256-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName SSL3-DES-CBC3-SHA
bind ssl cipher “VPX _Group” -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256
bind ssl cipher “VPX_Group” -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher “VPX_Group” -cipherName SSL3-DES-CBC3-SHA

unbind ssl vserver %vServer% -cipherName ALL
bind ssl vserver %vServer% -cipherName “VPX_Group %OR% MPX_Group”
bind ssl vs %vServer% -eccCurveName ALL

add rewrite action act_sts_header insert_http_header Strict-Transport-Security q/”\”max-age=157680000\””/
add rewrite policy pol_sts_force true act_sts_header
bind vpn vserver %vServer% -policy pol_sts_force -priority 100 -gotoPriorityExpression END -type RESPONSE

End Of Script

Author: Dale Scriven