Now you know a bit more about Worker Groups (cf Fast Provisioning Citrix XenApp 6 with Worker Groups and Policies 1/3) I can continue with the fast provisioning and policies part.
What’s new regarding Policies ?
XenApp 6 policies changed a lot, first change, you don’t need to launch a Citrix Management Console (Java old console), you can access it from the Citrix Delivery Services Console, a node named Policies is here, waiting for a click.
Here is CDSC (Citrix Delivery Services Console) screenshot :
For the non familiar with this management console, I will just point the different sections focusing on the policies part.
- This is the Policies node, when selected, the right pane popup with Policies informations
- In XenApp 6, policies have been split in two parts, User Policies and Computer Policies (GPO like)
- Here is the list of IMA Policies created with for example, the Allow Local Drive Mapping one I created for the example.
- This is a summary of the parameters set in the selected policy
- This is the filter apply to the selected policy above (here this policy allow the Worker Group XE_CEC).
New feature extended to Active Directory Group Policies
But, the new Policies feature extend the new view in the CDSC, you can now set your XenApp Policies in the Active Directory and administer the same way you administer your GPOs.
What does it means ?
Wherever you set your farm settings, in the CDSC and/or in the Active Directory, possibilities and result are the same.
The following diagram has been draw by Juliano Malander and this is the best way to “show” the two new ways to use Policies in XenApp 6.
In blue color is the “classic” way using IMA Policies (in the lower part of the diagram) and on the upper part the “new” way to use Policies, in Group Policies stored in the Active Directory (SYSVOL) Only one console was too perfect, as soon as you chose to set your XenApp Policies in the Active Directory, you will need to use another console like Group Policy Management Console (From Microsoft, gpmc.exe)
How does it work ?
I made the following schema to show where are stored XenApp policies and how it apply to users and computers :
- When you using Group Policies, information is stored in the SYSVOL share
- When you are using IMA Policies, information is stored in the DataStore
- Both parts of the information are merged and written in a registry key by “Client-Side Extension” then apply to users and systems
Conflicts ? What will happen ?
Conflicts can happen but there will always be only one “winner” Policy.
Quick reminder, on a XenApp server you can configure policies with IMA Policies, GroupPolicies (GP) and Local Group Policies (LGP)
I chose a simple example in the following schema, setting the sound quality using GP, LGP and IMA Policies
Three policies methods were configured and only one will be apply, the GP. The GP will always take over the IMA Policy and the IMA Policy will always take over the LGP, which mean the GP will always take over the LGP as well.
This is the second part of three blogs, the next par will be about : how to troubleshot XenApp 6 Policies and then the (very) fast provisioning.