During past years, I had to design and deploy several kind of Citrix Edgesight architectures, from the "POC" design to "Large deployment". I had to consider what was the best way to use this product and handle the number of devices to monitor. One type of architecture I didn't needed to use yet is with Citrix XenDesktop Virtual Desktop Monitoring and Edgesight Agent Database Server. Since Ressource Manager (RIP) disappear with Citrix XenApp 6, Edgesight became a mandatory tool to have the big picture of your XenApp farms health. It's of course a lot more than that with Platinum licenses, this will be the subject for another blog. This blog focuses on Citrix Edgesight 5.3. Important notes regarding supported database : SQL Server 2008 (Standard or better) or SQL Server 2005 SP2 or later (Standard or better). Note that SQL Server 2008 R2 is not supported, Important: Note the following configuration requirements: In SQL Server 2008, the Reporting Services Role called Manage Shared Schedules no longer exists as a stand-alone role; it is now part of the System Administrator Role. For more information, see Configuring Reporting Services for Citrix EdgeSight. SQL Server must be configured for case-insensitive collation. Case-sensitive collation is not currently supported for this release. SQL Server should be configured to use Windows Authentication or Mixed-Mode Authentication. Reporting Services is included with SQL Server 2008 and SQL Server 2005. Reporting Services can be installed on a separate machine from the data source. SQL Agent Service running and set to start automatically (if Reporting Services is installed on the machine) First when you need to practice and want to check out what is Citrix Edgesight, you can easily setup a VM with Microsoft Windows 2008 R2 x64, install SQL 2008 and its SP1 with Reporting Services. Then you can configure Internet Information Services (IIS) to host Edgesight's website and install the Citrix License Server as well on the same machine. Keep in mind this is for Proof Of Concept only and shouldn't be used in Production environment. Before going further you need to estimate the Edgesight SQL Database size regarding the number of agent deployed. Couple of year ago I had to request the mathematics law to Citrix support to know about that; now there is a tool EdgeSight Database Size Estimation Tool this is a Excel sheet witch estimate automatically the requested database size needed regarding the number…

This is the second part, here is the link to the first part : Citrix XenApp – Hiding system drives part 1/2 If you read the first part, now you know how to apply the Microsoft Windows 2003/2008/R2 GPO to hide A,B,C or/and D drives. But what's happening if you have a E: drive or O: ? You cannot use this GPO anymore, you need to create your own. This is simple to understand how it works, just read what's follow. By default the Hide Drives part in the system.adm file look like this : Then if I explain you this policy displays only specified drives on the client computer. The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter: I choose an example where I want to hide A,B,C,D and E drives : Then convert to decimal. This binary string converts to 31 in decimal. Add this line to the [strings] section in the new HideDrives.adm file: After add this entry in the ITEMLIST section above and save the HideDrives.adm file. So the whole ADM file must look like this : I think you're good with this one, just import this ADM file and activate it following the part 1. Links : Microsoft KB (thx to CTXBlog.fr) CLASS USER CATEGORY  !!HideDrives KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer POLICY !!HideDrives PART !!HideDrivesDropdown    DROPDOWNLIST NOSORT REQUIRED VALUENAME "NoDrives" ITEMLIST NAME !!ABOnly           VALUE NUMERIC    3 NAME !!COnly            VALUE NUMERIC    4 NAME !!DOnly            VALUE NUMERIC    8 NAME !!ABConly          VALUE NUMERIC    7 NAME !!ABCDOnly         VALUE NUMERIC    15 NAME !!HideABCDE        VALUE NUMERIC    31 NAME !!ALLDrives        VALUE NUMERIC    67108863 DEFAULT NAME !!RestNoDrives     VALUE NUMERIC    0 END ITEMLIST END PART END POLICY END CATEGORY;HideDrives [strings] Blank=" " ABCDOnly="Restrict A, B, C and D drives only" ABConly="Restrict A, B and C drives only" ABOnly="Restrict A and B drives only" ALLDrives="Restrict all drives" COnly="Restrict C drive only" DOnly="Restrict D drive only" HideABCDE="Restrict A,C,E,D and E drives only" HideDrives="Hide Drives" HideDrivesDropdown="Hide Drives Selection" MoveProfile="Move Profiles" MoveProfileDropdown="Move User Profile Location" MOVEPROFILETOD="Move Profile to D Drive" RestNoDrives="Restore Drives"

Hiding system drives C, D, floppy if there is still one and CDRom seems to be easy but I saw many many time at some customer's place administrator unable to complete this simple operation. The reason is in most of the case, the administrator doesn't really know how to manage GPO and what is difference between user and machine GPOs. First you need to know there is a built-in GPO in Microsoft Windows 2003 / 2008 / R2 with these settings ready to be set. To set it up, you need to create a new GPO or edit an existing one and find these two GPO bellow as follow : Most of the administrators I spoke with told me they've done that already, but it still doesn't work, they rebooted XenApp servers, Domain controller, everything they could reboot... But they forgot the essential... These GPO above are USER GPO and this GPO is place on the XenApp OU in the Active Directory where there is no user at all. The solution is very simple you need to activate the GPO loopback : This setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used. Then with a gpupdate /enforce this hiding drives GPO is working ! Finally ! In the second part of this blog I will explain how you can go further and hide drives with other letters than A,B,C or D.

Citrix XenServe 5.6 Beta1 is available to download and for free here : http://www.citrix.com/lang/English/lp/lp_1340047.asp This new version brings a lot of really important options I really needed to bring XenServer at my customer's presentation and be able to use it with my XenApp and XenDesktop architectures. I mean, most of my customers, until now, prefer to pay choosing VMWare ESX or Sphere than Citrix XenServer and one of the main reason is about the granular role-based access controls option which simply doesn't exist in the actual production version (XenServer 4, 5 and 5.5). This option is coming very late but is still welcome ! Citrix introduces this new version giving the following list of new features : Granular Role-based Access Controls. Administrative users can be assigned one of several roles, which govern the actions they are able to complete from XenCenter and the command-line interface (CLI). Administrative Logging and Audit. Administrative changes made from XenCenter or the CLI are logged and available in the Workload Reports in XenCenter. Dynamic Memory Control. This feature can increase the density of virtual machines running on a host by reducing the memory footprint of existing virtual machines so that new ones can boot. Enhanced VM Snapshots. It is now possible to create full VM snapshots including the disk and memory state.  Virtual machines can be easily rolled back to prior snapshot states with a “revert to snapshot” option. Automated Workload Balancing & Power Management. Workload balancing (WLB) recommendations can be applied automatically without administrative intervention.  Power Management features include support for wake-on-LAN and vendor-specific implementations from HP, Dell, and others. StorageLink Site Recovery. Enhanced integration with storage-level replication enables recovery of an entire virtual infrastructure at a secondary disaster recovery site. Citrix License Server integration. Essentials for XenServer features are now activated using a license applied to a Citrix Licensing Server The snapshot is really enhanced compare to the previous versions, this is what was missing with role-based access controls, this is small things but so important to all my customers, this is one of the first thing they wanted to see, snapshot management... Until now I was with my powershell scripts etc etc but it wasn't very sexy to show... Now it looks like that : This is a lot more friendly as it was before. I didn't had the time yet to test everything like create VM from snapshot, use this snapshot…

This new release introduce new and upgraded features. The new way to administer Citrix Web Interfaces is now completly stand alone (not integrated in AMC anymore) Pass-through with smart card from the Access Gateway. Web Interface for Microsoft Internet Information Services supports pass-through of smart card credentials from the Access Gateway. Now, users logging on to the Access Gateway with a smart card do not need to log on again to access the Web Interface. Support for 32-bit color. The maximum color depth of user sessions increases from 24-bit to 32-bit color in XenApp 6.0. XenApp farm migration. You can configure the Web Interface to hide from users the existence of duplicate applications with identical names and folder locations.  This enables you seamlessly to migrate your existing farms to XenApp 6.0 with no downtime by establishing new farms in parallel to your legacy farms, gradually moving data and applications from the legacy farm to the new one. You can also use the Web Interface to restrict access to the new farm to particular groups of users until the capacity of the new farm has been expanded sufficiently to deal with demand. Multiple launch prevention. In previous releases, users clicking more than once on a resource icon on a XenApp Web site would start multiple instances of the same resource. To address this problem, you can configure resource icons to become inactive for a specific period of time after the user has clicked them. During this time, further clicks are ignored and the cursor changes to indicate that the icon is no longer clickable, preventing the user from starting any further instances of the resource. Support for Windows Server 2008 R2. The Web Interface is supported for installation on Windows Server 2008 R2 as a 32-bit application and is compatible with Microsoft Internet Information Services 7.5. Here is some screenshots :    The past blog about Citrix WebInterface debugging is still usable : http://www.archy.net/2009/09/09/citrix-webinterface-4-x-and-5-x-mode-debug/