Featured post

Automation | Powershell scripts

Automation | Powershell scripts Xenapp 6.5 Health check script XenAppServerHealthCheck Report through Script  ## XenAppServerHealthCheck ## ...

Thursday, 13 April 2017

XENAPP 7.XX

How to Assign Applications to Specific Servers in XenApp 7


Tag Restrictions

In XenApp 7.12, we’ve added the ability to apply tag restrictions to machines. There are two different approaches how you can use this functionality in the current release — you can use it to assign application groups to specific machine(s) or you can use it to assign desktops to specific machine(s). In this blog post, I’m going to focus on application publishing. 
Application publishing is based on a feature called Application Groups (AG), which was released in XenApp 7.9. If you’re not familiar with the content of App Groups, I recommend reading this blog post from  Paul Morey. To quickly summarize, AG gives you more flexibility when you decide how you want to organize and publish your applications and allows you to publish application(s) to multiple Delivery Groups (DG). But while you could publish an application to all servers in one or more groups, it was not possible to publish application only to a subset of servers.
In XenApp 7.12, we’re extending this functionality by adding the ability to apply a tag filter to both AG and desktops. By combining these two features, you can now selectively assign applications and desktops to specific machines.
You can see the overview of this new functionality in the diagram below:
Example of selective publishing
Fig 1: Example of selective publishing
To quickly summarize what you’re seeing in the diagram:
  • Application(s) are assigned to App Group(s)
  • App Group(s) are assigned to Delivery Group(s)
  • Tag filter is applied to App Group
  • Tag filter is applied to specific servers
Each AG supports only a single filtering tag to avoid a situation where complex publishing could slow down the enumeration process. However, servers can have multiple tags assigned. In the diagram, you’ll notice a server with multiple tags applied, while server 2 is used for all the applications. An important note and common misconception is that the AG is still linked to DG. You’re simply applying a tag filtering to this link.
There are different approaches now that you can take for your application publishing. I’ve summarized the most common one below.

Approach A – Easy Going

This is probably still going to be the most common scenario. And it is very simple – no changes, this scenario is identical to how publishing has been always done in previous versions of XenApp 7. Both servers and applications are added to delivery groups and permissions are configured either on application or delivery group level. Very simple implementation that is ideal for majority of our deployments.
Simple application publishing
Fig 2: Simple application publishing

Approach B – Control Freak

This is the scenario that we’re probably going to see in the lairs of old school Citrix administrators – yes, this is exactly how I’ve set up my lab at home. Each app group has exactly one application and one tag. Application tags are then manually assigned to all servers. This follows the old style of publishing applications in the previous versions of XenApp.
Unless you are like me and rely heavily on the automation, this scenario can be labor-intensive and it requires a lot of effort. It, however, gives you a lot of flexibility – you can assign applications to any combination of servers and easily remove them if needed. This is easily scriptable using the new Add-BrokerTag and New-BrokerTag cmdlets – leave a comment if you are interested in an example code.
Replicating XenApp 6.5 style of publishing
Fig 3: Replicating XenApp 6.5 style of publishing

Approach C – Life in a Balance

This is the best of both worlds. Instead of strictly following one or the other publishing approach, you can combine both together. In this case, you’re still relying on a simple delivery groups to combine applications and servers together; however, for some special case you’re going to use tagging.
You can create an AG and a tag for each of the administrators (I’m using simple “MZ” in my environment). This tag can be then used for development, testing, troubleshooting and whatever the administrator needs to do. You will have both AG and tag pre-created and linked together, and simply reuse them in your environment for whatever is needed.
Let’s consider the following scenario – you want to make sure that when user X clicks on application A, his session will be launched on server 3, because this is where you’ve enabled detailed logging to troubleshoot his problem. What you will do in this case is the following:
  • Add application A to app group “AG-MZ”
  • Filter “AG-MZ” to be applied to “user X”
  • Add tag “MZ” to server 3
In this case, you have application assigned to both AG and DG. In this configuration, AG will have a higher priority than DG. As you’re applying a user filter to AG, it will apply only to user X and the rest of the users are still going to connect directly to DG instead of using a filtered connection through AG.
Mixed publishing
Fig 4: Mixing simple and advanced publishing
After you are done with troubleshooting, you can use the same AG and tag for something else. For example, testing new applications or troubleshooting some other user.

How to implement this feature

Instead of writing a few pages of instructions, I’ve decided to create a short video where I’ll show you the implementation details of publishing.

Summary

  • With tag filtering, you can assign applications and desktops to specific servers
  • Application needs to be a member of App Group
  • App Group needs to be assigned to Delivery Group
  • Tag is applied to App Group. AG can have only a single tag filter.
  • Tag is applied to server within a Delivery Group. Server can have multiple tags.
Read more »
Posted by at No comments:

Friday, 17 March 2017

Citrix Provisioning Services (PVS)



Difference between MCS and PVS 


Compare


Configuring PVS for High Availability with UEFI Booting and PXE service



Instructions

Configuring PVS for High availability with UEFI booting and PXE service

Requirements and configuration:
  1. PVS 7.8 installed on all servers
  2. PXE service configured to run on multiple PVS servers
  3. User-added image
  4. Option 11 configured on the DHCP server for multiple PVS servers.
  5. User-added image
  6. Vdisk stores configured with multiple PVS servers:
  7. User-added image


Additional information:
We can split a PVS target booting into 4 tasks.

Task 1
PXE client on target device getting an IP address and scope options.
IP address will come from DHCP server.
Scope options there are two options:
  • Scope options for PXE are defined on dhcp server
options 66 and 67 specify the server name and file name for tftp retrieval of the pxe bootstrap file
  • PXE server (option 60, doesn’t need to be configured)
PXE server responds to DHCP request with PXE information, giving its own server name, and the appropriate file name for tftp retrieval of the pxe bootstrap file

Task 2
PXE client retrieves boot file via TFTP
Option 66&67:
  • PXE client retrieves boot file as specified in scope options, this can be load balanced and configured for HA with Netscaler
Round robin can be used for also load balancing, but not for HA, as there is no recovery if one tftp server is offline
PXE server:
  • The PXE server which responded first is used by PXE client.
PXE server specifies itself as the source tftp server, and provides the appropriate file name
  • In PVS 7.8, PXE service can provide gen1/bios boot file- ardbp32.bin, or gen2/uefi file – pvsnbpx64.efi, depending on the pxe client request


Task 3
PXE client executes boot file which handles further booting, and the boot file contacts PVS login server.
Gen1/bios:
  • Ardbp32.bin has been preconfigured with the addresses of PVS login servers
Gen2/uefi:
  • pvsnbpx64.efi is a signed file and cannot be preconfigured with PVS login servers.
  • Instead it will retrieve the location of PVS login servers from DHCP scope options, using either option 11, or option 17.
  • Option 17 can be used to specify a single PVS login server in the format: pvs:[192.168.0.1]:17:6910
There is no HA for login servers in this scenario
  • Option 11 can be used to specify multiple PVS login servers.
As multiple login servers are specified, and non-responsive servers are skipped, this is HA appropriate.

Task 4
PVS login server finds vdisk assigned to target device and tells the target device to switch to PVS streaming server
  • Provide multiple PVS servers are configured to stream a vdisk, this will be highly available
  • If a PVS server is offline, a target device will not be instructed to stream from it



HOW TO UPDATE V DISK 


Updater Device

  1. Create a new Updater Target Device that is only used when you need to update a vDisk. You can create the Updater device manually or you can use the XenDesktop Setup Wizard.
  2. Put the Updater device in a new Device Collection. This is to avoid assigning the device to a Catalog in Studio. Users must not connect to an Updater device while it is powered on.
  3. Set the Updater device to boot from the Maintenance Type. This is used by the Versioning method of updating a vDisk.
  4. When adding the Updater device to Active Directory, be mindful of group policies. Sometimes it is helpful to apply the group policies to the Updater device so they are stored in the vDisk you are updating.
  5. An Updater device can only boot from one vDisk at a time but it can boot from any vDisk. If you need to do updates to multiple vDisks simultaneously, create more Updater devices.
  6. If you are using Enterprise Software Deployment tools (e.g. System Center Configuration Manager) to maintain a vDisk, keep the Updater device constantly booted to a Maintenance version so the ESD tool can push updates to it. This basically requires a separate Updater device for each vDisk.

Update a vDisk – Versioning Method

  1. In the Provisioning Services Console, right-click a Standard Mode vDisk, and click Versions.
  2. In the vDisk Versions window, click New.
    Notice that the Access is set to Maintenance. Click Done.
    If you look at the physical location where the vDisks are stored, you’ll see a new .avhdx file.
  3. Go to the properties of an Updater Target Device, and change the Type to Maintenance. You’ll use this Target Device to update the vDisk. Make sure this Target Device you are using for vDisk Updating is not in any Delivery Group so that users don’t accidentally connect to it when it is powered on.
    Of course this Target Device will need to be configured to use the vDisk you are updating.
  4. Power on the Updater Target Device.
  5. If you did not configure the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipBootMenu to on the Provisioning Servers, then you’ll see a boot menu.
  6. Login to your Updater Target Device. The Virtual Disk Status icon by the clock should indicate that the vDisk Mode is now Read/Write.
  7. Make any desired changes.
  8. The PvS Image Optimization tool disables Windows Update. To install Windows Updates, use the following script to enable Windows Update, install updates, then disable Windows Update – http://www.xenappblog.com/2013/prepare-a-provisioning-services-vdisk-for-standard-mode/
  9. Before powering off the target device, run your sealing tasks. Run antivirus sealing tasks.
  10. Citrix Blog Post Sealing Steps After Updating a vDisk contains a list of commands to seal an image for Provisioning Services.
  11. Login Base Image Script Framework (BIS-F) automates many sealing tasks. The script is configurable using Group Policy.  💡
  12. Power off the target device so the vDisk is no longer being used.
  13. Go back to the Versions window for the vDisk.
  14. Highlight the version you just updated, and click Promote.
  15. Best practice is to promote it to Test first. Or you can go directly to Production if you’re confident that your updates won’t cause any problems. Note: if you select Immediate, it won’t take effect until the Target Devices are rebooted. For scheduled promotion, the Target Devices must be rebooted after the scheduled date and time.
  16. The Replication icon should have a warning icon on it indicating that you need to copy the files to the other Provisioning Services server.
  17. Only copy the .avhdx and .pvp files. Do not copy the .lok file.

  18. Another method of copying the vDisk files is by using Robocopy:
    Robocopy D:\vDisks \\pvs02\d$\vDisks *.vhd *.avhd *.pvp /b /mir /xf *.lok /xd WriteCache /xo
  19. Citrix Blog Post vDisk Replicator Utility has a GUI utility script that can replicate vDisks between PvS Sites and between PvS Farms.  💡

  20. Then click the Refresh button, and the warning icon should go away.
  1. Boot a Target Device that is set to boot the Test vDisk Type.
  2. Once testing is complete, promote the vDisk version again.
  3. Immediate means it will take effect only after Target Devices are rebooted, whether immediately or later. Scheduled means the Target Device has to be rebooted after the scheduled date and time before it takes effect; if the Target Device has been rebooted before the scheduled date, then the older version is still in effect. Click OK.
  4. If you need to Revert, you can use the Revert button, or the drop-down on top of the window.

Merge Versions

  1. Citrix recommends no more than five .avhd files in the snapshot chain. To collapse the chain of .avhd files, you can Merge the versions. Don’t Merge until the files on both Provisioning Servers are replicated.
  2. You can merge (Merged Updates) multiple .avhdx files into a single new .avhdx file that is linked to the original base file. Or you can merge (Merged Base) the original base, plus all of the .avhdx files into a new base .vhdx file, without any linked .avhdx files.
  3. The Merged Base process creates a whole new .vhdx file that is the same size or larger than the original base. After merging, replicate the merged file to both Provisioning Servers.

  4. Make sure there is no warning icon on the Replication button.
  5. If your merged version is currently in Test mode, then you can promote it to Production.
  6. After merging, you can delete older versions if you don’t need to revert to them.

Citrix CTX207112 Managing Provisioning Services VDisk Versions with VhdUtil Tool: CLI tool that can do the following outside of PvS Console:
  • dump header/footer
  • merge chain
  • rename chain

Expand vDisk VHD

To expand a vDisk file, create a Merged Base. Then use normal VHD expansion tools/methods.
One method is described by Trevor Svienson at How do I expand pvs vdisk with versions? at Citrix Discussions. Steps are: (Commands in fixed width font)
  1. Open cmd or powershell as administrator
  2. diskpart
  3. select vdisk file=“<path to your visk>” (e.g. V:\store\my.vhd)
  4. list vdisk (you should now see your vdisk and the path)
  5. expand vdisk maximum=60000 (This is the size in megabytes of the size you want to extend, so 60000 is 60Gb)
  6. attach vdisk
  7. list disk
  8. list volume (take note of the Volume number of the your vdisk, you should see the old size)
  9. select volume 5 (or whatever volume number from list volume command)
  10. extend
  11. list volume (you should now see the size you want for your disk. This should also be seen in the pvs console)
  12. detach vdisk
  13. exit

Reverse Image – BCDEDIT Method

If you want to upgrade the Provisioning Services Target Device Software on a vDisk, and if your current Target Devices Software installation is 7.6 Update 1 or newer then you can simply install the new Target Device Software. No special steps required. However, if your Target Device software is 7.6 or older then you’ll need to Reverse Image as detailed in this section.
If you want to update the NIC driver (e.g. VMware Tools) then you can’t use the normal vDisk versioning process since NIC interruptions will break the connection between Target Device and vDisk. Instead you must reverse image, which essentially disconnects the vDisk from Provisioning Services.
The traditional method of reverse imaging is to use XenConvert (P2PVS.exe), or similar, to copy a vDisk to a local disk, boot from the local disk, make changes, and then run the Imaging Wizard again to copy the local disk back to a new vDisk.
A faster process is to skip XenConvert, and instead boot directly from the vDisk VHD. Windows 7/2008 R2 and newer can boot directly from VHD files. Windows 8/2012 and newer can boot from VHDX files. All you need to do is copy the vDisk VHD/VHDX to a Windows machine’s local C: drive, run bcdedit to configure booting to the VHD/VHDX, reboot into the VHD/VHDX, make your changes, reboot back into the original Windows OS, copy the VHD/VHDX back to PvS and import it. Details below:
Note: For Windows 7 vDisks, Enterprise Edition is required in the bootable VHD.
Alternative methods of performing Reverse Image:
To boot from vDisk VHD (Microsoft TechNet To add a native-boot VHD to an existing Windows 7 boot menu):
  1. In Provisioning Services Console, if using versioning, create a merged base.
  2. Copy the merged based vDisk (VHD file) to any Windows 7, Windows 2008 R2, or newer virtual machine. If VHDX, you’ll need Windows 8, Windows 2012, or newer. Note: the C: drive of the virtual machine must be large enough to contain a fully expanded VHDX file.
  3. Run the following command to export the current BCD configuration:
    bcdedit /export c:\bcdbackup
  4. Run the following command to copy the default BCD entry to a new entry. This outputs a GUID that you will need later.
    bcdedit /copy {default} /d "vhd boot (locate)"
  5. Run the following commands to set the new BCD entry to boot from the VHD file. Replace {guid} with the GUID outputted from the previous command. Include the braces.
    bcdedit /set {guid} device vhd=[locate]\MyvDisk.vhd
bcdedit /set {guid} osdevice vhd=[locate]\MyvDisk.vhd
  6. Make sure you are connected to the console of the virtual machine.
  7. Restart the virtual machine.
  8. When the boot menu appears, select the VHD option. Note: if you see a blue screen, then you might have to enlarge your C: drive so the VHD file can be unpacked.
  9. Login to the virtual machine.
  10. Perform updates:
    1. Uninstall the Provisioning Services Target Device software.
    2. Upgrade VMware Tools.
    3. Reinstall Provisioning Services Target Device software. The Target Device software must be installed after VMware Tools is updated.
  11. When you are done making changes, reboot back into the regular operating system.

  12. Rename the updated VHD file to make it unique.
  13. Copy the updated VHD file to your Provisioning Services Store.
  14. Copy an existing .pvp file and paste it with the same name as your newly updated VHD.

  15. In the Provisioning Services Console, right-click the store, and click Add or Import Existing vDisk.
  16. Click Search.
  17. It should find the new vDisk. Click Add. Click OK.

  18. You can now assign the newly updated vDisk to your Target Devices.

Automatic Scheduled vDisk Update – SCCM

You can use the vDisk Update Management node (and Hosts node) in Provisioning Services Console to schedule an updater machine to power on, receive updates from System Center Configuration Manager, and power off. The new vDisk version can then be automatically promoted to Production, or you can leave it in Maintenance or Test mode and promote it manually.
See the following Citrix links for instructions:
Posted by at No comments:
Subscribe to: Posts (Atom)