If you have paid any attention to any articles relating to desktop virtualization, you will quickly see claims like:

• Will Windows 7 fuel desktop virtualization adoption
• How desktop virtualization eases Windows 7 Migration
• Windows 7 Drives Desktop Virtualization
• Windows 7 and Desktop Virtualization: The New Tools
• Windows 7 - The Desktop Virtualization Catalyst 

 
I could go on, but you get the point. The major thought is that Windows 7 and desktop virtualization go hand-in-hand, but how do you get there?  You are not only migrating the OS but you are also migrating to a virtualized desktop operating environment.  Is this too much change for an organization?  
 
NO.  This is the perfect time to make the move.  Think about it this way, we have the opportunity to start with a clean slate.  We can define the new operating system that completely aligns with the organization's policies.  We can provide an environment that self heals and is optimized each and every time a user connects.  But in order to achieve these benefits, we have to design the environment correctly.  We need to focus on
•    What do we include in our base desktop image?
•    How do we deliver the operating system to our end point (which might be a physical or virtual desktop)?
•    How do we integrate applications into the mix?  
•    What are the recommendations for allowing users to personalize their environment without impacting the business?
•    What are the best practices for providing a great user experience for any user over any connection?
 
These are some of the topics being presenting in this week's Microsoft TechNet broadcast focusing on "Accelerating Windows 7 Migration with Citrix and Desktop Virtualization"
 
The show starts on Thursday, November 12th at 1PM Eastern time and you can register here

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• Desktop virtualization information: Ask the Architect - Next-Generation Desktop site
• Questions - Then Ask The Architect

I got an interesting item in my inbox from a friend who was speaking with VMware about their VDI solution.  He asked me if the information VMware was telling him was true. He was especially curious because he knew I wrote the Citrix XenDesktop Enterprise Designreference architecture that VMware was referencing to talk about how much better View was. VMWare's approach is laughable.  They are taking a detailed consulting design document  and trying to compare it to the VMware View reference architecture, which if you read it like I have (wasted 2 hours of my life), you will quickly see it is high-level and full of marketing spin and provides no insight.  I, on the other hand, was trying to provide all of you in the community with insight into how to design a large, and complex customer environment with XenDesktop.  Anyways, I told him the angle they were using and he thought it was ridiculous.  I was going to leave it at that, but I've been seeing and hearing more about it from others so I thought I would provide all of you with the same information.  Let's break it down: 

Scalability:

• Misconception: VMWare says that XenDesktop has poor hypervisor scalability. They say that on a 16 core server XenDesktop can only support 40 users (3 users per core). 
• Truth: The XenDesktop reference architecture for the hosted virtual desktops is 8 cores, not 16.  In the design phase, we estimated 40-50 VMs per server, which averages to 5-7 virtual desktops per core.  We were a little conservative as we were not sure how the unique applications would impact the system.  But you can look at Project Virtual Reality Check scalability white paper to get a good comparison of XenServer and ESX.  Although the design VMWare references was for XenServer, the same estimates would have been used if the hypervisor was running ESX.

Storage:

• Misconception: VMware likes to say that XenDesktop is a storage pig in that we need a lot of storage associated with each virtual desktop. 
• Truth: This particular design had a requirement to keep a few system items persistent across workstation reboots so we recommended the creation of a local, persistent disk of between 3-5GB to store items like event logs, performance metrics, antivirus definitions, etc.  This is not NAS/SAN storage; it is the storage on the physical XenServer.  Think about it. You buy an 8 core server, install XenServer, which is small, and the rest of the local storage is wasted.  We utilize that for the persistent store of the virtual desktops.  This means we cannot do XenMotion on the virtual desktops, but most customers I've spoken to do not have this requirement.  After looking at VMware's reference architecture I don't see any level of detail as to the amount of storage they require.  I wonder why not. 

Workloads:

• Misconception: VMware states that they can get more users on a hypervisor than we can.
• Truth: This is all around scalability tests, which I'm not a fan of.  I can easily find you 5 tests that show XenServer is better and another 5 that shows ESX is.  The VMware reference architecture had users connected for 14 straight hours, seems like a long workday to me. I have a question for VMWare: What company did you create this architecture for where users would work for 14 hours? Please tell me as I do not want to work there.  As we all know, the most typical system hit is during startup and logon. So by expanding the session time from a few hours to 14, the overall average utilization rates can be significantly lowered, thus providing an inaccurate estimate to the hardware
• Truth: The Citrix Reference Architecture made estimates based on the applications and expected real user workload, not simple apps and 14 hour workdays.  VMware's reference architecture was based on standard scalability samples shown below. If this was an actual user workload, I totally want to work for that company because that job looks so easy:
  • Microsoft Word - Open/minimize/close, write random words/numbers, save modifications.
  • Microsoft Excel - Open/minimize/close, write random numbers, insert/delete columns/rows, copy/paste formulas
  • Etc

RAM:

• Misconception: The amount of RAM that VMware recommends in their reference architecture is nuts.  They say they can get 96 users on a server with 96GB RAM.
• Truth: If you subtract the hypervisor overhead you are looking at "USABLE" RAM of about 800MB per virtual desktop.  I say usable because ESX has probably enabled memory ballooning.  It is true that XenServer does not have memory ballooning, but I would recommend customers disable this feature for virtual desktops.  On XenDesktop projects that use the ESX hypervisor, I also recommend disabling this feature.  Users and desktops are more dynamic than server workloads, meaning the RAM consumption is going to fluctuate greatly.  If RAM starts to decrease to the critical threshold, what happens to the hypervisor?  It must free up memory by paging this to disk.  Isn't this an intensive system process that consumes more resources at a time when resources are scarce?

End Points:

• Misconception: Vmware talks about the end points and only focus on thin clients and end points that we can repurpose with a Linux OS or locked down Windows OS. What about the newer end points that organizations have already spent money on? 

• Truth: With VMware View you still will connect to the VDI desktop and idle your local hardware. Seems like a lot of wasted desktop resources to me.  XenDesktop, on the other hand, allows you to re-use those desktops as a local streamed virtual desktop. Don't be fooled, there is more to desktop virtualization than VDI.

Provision:

• Truth: Closer to the end, the reference architecture talks about the time to provision X number of linked clone desktops.  I'm not sure if this is automated or if an admin has to do each desktop one-by-one. I'll give VMware the benefit of doubt here and say it is automated, but taking 161 minutes (2 1/2 hours) to provision 500 virtual desktops seems long to me.  I personally don't think this metric is important, even though XenDesktop is measured in seconds.  If it is automated, you do all of this in the build out phase and not in production. So the time it takes is irrelevant to me. Why did they choose to include it? No idea

So my advice to anyone who is still reading this blog... Take everything you get with a level of skepticism.  Do your own due diligence and look at the details to see if things were glossed over or if an in-depth analysis and design was completed.  That recommendation even includes the materials I post.  I try to be open and honest in my blogs, white papers, TechTalks and videos, but I am a little biased to Citrix because they pay my bills. 
If you want to discuss more, or have further questions, then Ask the Architect

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• For the latest desktop virtualization information visit the Ask the Architect - Next-Generation Desktop site
• Questions - Then Ask The Architect

My role allows me to speak with many different people (customers, technologists, coworkers, administrators, etc). I've been able to see presentations comparing the different desktop virtualization solutions out there.  One of the problems I see is that many of the solutions only focus on one aspect of desktop virtualization, and that is the VDI model. 

VDI is only one aspect of the entire desktop virtualization solution.  This is a concept that many fail to comprehend. For example, I attended Gartner ITExpo last week and was amazed at how many people I talked to only thought about the VDI scenario (you know VDI, allowing you to have a remote virtual desktop running on a hypervisor in the data center).  When I talked to people about the other options, I could see their eyes light up.  

If you are reading this and only know about the VDI version, the I suggest you take a look at FlexCast to get a better understanding at all of the different options out there (FYI, even the CIO magazine identifies there is more to desktop virtualization than VDI). But in a nutshell, here's the deal... desktop virtualization includes:

1. Hosted shared desktop
2. Hosted VM-based VDI desktop
3. Hosted blade PCs
4. Streamed local desktop
5. Virtual Apps to installed desktops
6. Local VM-based desktop

I want to focus on the Streamed local desktops scenario. This is the one that really got people's attention at Gartner.  Why?  Because most organizations do not do a big bang effect of replacing their end point devices. Instead, most have a rolling lifecycle where each year a portion of the endpoints are upgraded and over the course of 3-4 years the entire desktop environment has been upgraded. Once the process completes, it starts over, never ending.  
 
Let's now say you are embarking on a desktop virtualization project.  It seems like  a waste of resources and money to idle those desktops that are only 1 year old. They are powerful enough to run Windows 7 and the latest applications, so why would we not use the hardware we already have?  This is where the streamed local desktop comes in. It uses the same XenDesktop infrastructure, the same OS images, the same application layer and the same personalization layer.  The only thing that changed is the hardware layer.  
 
As money always seems to speak louder than words, think about it this way: If you have 3,000 desktops and they are replaced every 3 years on a rolling cycle, that means 1,000 of those desktop are less than 1 year old.  If you estimate 50-100 virtual desktops on a hypervisor (XenServer, ESX or Hyper-V) then you need 10-20 fewer physical servers, which is a substantial cost savings (and even greater if you are using a hypervisor that costs money).

So I encourage all of you to not think about the VDI-only solution but instead to look at your environment as a whole. Chances are you will see that VDI-only might work for you, but probably isn't the best way to run your business. Think about it this way... You can create documents in Notepad, but would you really base your business on a solution that only does one thing, or would you use a more complete solution like Microsoft Word that gives you options?  

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• For the latest desktop virtualization information visit the Ask the Architect - Next-Generation site
• Questions - Then Ask The Architect

I have recently returned from Gartner ITExpo in Orlando.  It was quite interesting, especially some of the thoughts they had around the economy and impending recovery.  One thing stated during the conference should not be a surprise to anyone, during a recession you save your money by not taking on any new projects. By not implementing beneficial upgrades to your systems. By not delivering newer versions of your applications to users.  

This does have the benefit of saving money, but this can only go on for so long.  Eventually, your competitors will stop saving and start expanding. Where will you be?  

We are at a very unique inflection point that can have lasting ramifications to your IT infrastructure.  We are:

1. Coming out of a recession. We are very likely to see a slew of projects going across the tables to install this or upgrade that. So it is looking like the next 1-2 years will have IT taking on a lot of tactical projects.
2. Getting ready for a major operating system upgrade with Windows 7. Whether you are ready or not, Windows XP doesn't have much time left, and most people are skipping Windows Vista. How are you going to migrate?
3. Able to do things that were unheard of in previous years. We can virtualize a massive server into small chunks, we can do the same to an operating system, applications, and the user's personalization layer and deliver it to any type of device imaginable (phones, PCs, MACs).  

So what does this mean? It means you can continue running your environment like you have for the last 10-20-30 years, or you can ask yourself one simple questions: "Is there a better way?"

We have a very profound opportunity to correct the issues of the past.  And if we do it correctly, the resources required to update, maintain and support our environment will greatly reduce.  So when the next recession comes around, your organization will be ready with a fast and streamlined approach towards maintaining your IT environment as well as continuously providing new services.  But where to begin?  

Take a look at your infrastructure. What area requires a lot of time and resources to maintain?  Probably your desktop environment.  Let's investigate and fix it, but let's do it right.  Make sure you look at all aspects

1. The users: what do they need and how do they work
2. The devices: what type of devices, what capabilities
3. The locations: where are they located, what bandwidth pipes are available
4. The applications: how many are there, what level of dependencies do they have, who uses what

This information is critical.  This is what you need if you want to do the desktop virtualization solution correctly, from day 1.  Is it going to be something you can do in 10 minutes? No. Is it something you can implement in 1 hour? No. Why?  Because we are taking something that is seriously complex and trying to create a solution that can scale and simplify our lives. So during the next recession, we won't have to stop delivering new services, but can forge ahead and beat your competition with an entirely new delivery solution.  
Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• Ask the Architect - Next-Generation site
• Questions - Then Ask The Architect

We have had a great discussion going about user-installed applications and the need/risks associated with this type of solution. One of the comments I received in favor of allowing users to install applications was around Firefox. For those of you who don't use Firefox, there are thousands of add-ons a user can install to customize their browser experience. I personally have about five different add-ons configured with my Firefox implementation.

Now I've been advocating the need for IT to have a process in place that can handle the expansion of the application pool for the users as needed by:

1. Taking user requests for new applications/tools
2. Validating the need
3. Delivering in a timely manner

This is all well and good until we get to the topic of these add-ons. I don't expect any IT organization to have a requirement to support the add-ons. There are thousands of them. Think about it, do you really expect your IT to be spending time messing with these add-ons? And what would it look like for the user? A Firefox application with thousands of add-ons? CRAZY (I do wonder at what point that app would crash. Maybe need a MythBuster episode on it)

All of the sudden, I had a very enlightening experience. I just got my new XenDesktop 4 environment built. I went in an started to personalize my environment, including my 5 Firefox add-ons (remember I'm using pooled desktops from a single base image with roaming profiles). The next day, when I logged onto my virtual desktop, my Firefox starts up and BAM all of my add-ons are still there?!?!

I did some investigation into this. Well, this is an example of an intelligent application design. The add-ons are located within the user's profile (the roaming portion). User's are able to customize the Firefox application without any special tools/utilities. The discussion about Firefox and the add-ons is now a non-issue as the application manages this for us.

So, 1 application down, only 999,999 to go   The point is you need to test before deciding if something will or will not work.

Daniel - Lead Architect - Worldwide Consulting Solutions

• Twitter: @djfeller
• Ask the Architect - Next-Generation site
• Questions - Then Ask The Architect

When was the last time that a representative from your company's IT department spent an hour sitting down next to you and observed you while you were doing your work... for no other purpose than to learn about your needs and work habits so that IT can  provide you with better service, a better environment, and better application support?

Before you answer, I'd like to point you to a discussion on these pages that triggered me to think about this question: 

Daniel Feller authored a piece  which talked about the desire of users to install and manage their own applications in a virtual desktop environment. Dan gives several reasons that detail why letting users install their own apps in a virtual desktop is a bad idea in his opinion.

Brian Madden responded to some of Dan's points and stated that the flexibility and feel of control associated with user installed apps is critical to user adaptation of virtualized desktop environments. Therefore, Brian suggests providing each user with two desktops - one tightly managed by IT with approved applications; the other one more free-reeling to allow for any tool, utility, or app installed by a user. There are arguments for both sides and the common trade-off between user flexibility, IT's management capabilities, and cost must be considered during virtual desktop implementation projects.

So far, the virtual desktop discussion focused on increasing security through centralization and reducing desktop support and operating costs. Those are benefits primarily to IT. What about the users though? What's in it for them?

I spent several years in healthcare information systems, where the most valuable users (doctors and nurses, but especially doctors) are often the most reluctant to change their workflows towards the use of a computer and away from the voice recorder and paper notes that someone else has to decipher. How do you get these users to accept and embrace an electronic medical record (EMR) system? You have to state the benefit to them and let them experience them first hand! In this example  it means fewer patient deaths and complications due to missing or incorrect patient data and overall better patient outcomes. This appeals directly to some of the main reasons why these users are in their chosen field in the first place. Post implementation surveys among doctors and clinicians was overwhelmingly positive  once a doctor realized that she had the patients medical history at her fingertips and was more efficient in documenting her care.

Successful EMR implementation were all characterized by a fundamental shift in thinking in IT. Away with the old "this is not supported" argument of IT and away with the strict segregation of IT responsibilities between network, OS, servers, virtualized servers, databases, applications,  cross-system interfaces, storage, and "Citrix".  Our customer IT teams and we (the EMR software vendor) spent countless hours on the hospital floors, in emergency admission departments and in the operating room - simply to observe our users and provide the best possible products and the highest quality implementations to them. Our customer IT teams almost became experts in clinical documentation. On a side note, I am glad I wasn't on the OR team - I might have tossed my cookies...

Just like EMR implementations, virtual desktops have the potential of being disruptive and enabling at the same time. There is a fine line between providing a desktop from anywhere and excessively restricting capabilities. Successful implementations rely on strong leadership from the CIO down. Many EMR implementations include the Chief Medical Officer, CIO, Nursing representatives and traditional IT roles. By the same token, the virtual desktop initiatives must be guided by principles of including key user representatives and an IT organization that truly understands user needs. This should be understood at this point among many readers of industry commentary on desktop virtualization. However,  I still see many large organizations who make implementation decisions driven by their own organizational structure and  technical drivers (sometimes even politics). Of course, IT must enforce license compliance and protect environments from the hazards of poorly written software, but that imperative doesn't have to make it more complicated for users.

Back to the discussion between Dan and Brian:  I tend to agree with Dan - one virtual desktop image - centrally managed by a capable, agile, and results driven IT organization.  I simply don't want to switch between desktops for different tasks and I don't think I should have to. Instead, users who want their own apps demonstrate the business case (a personal preference of one browser over the other probably won't cut it) and an IT organization who understands their users' core requirements verifies the business need and provides the required app. Done. Simple.  

Going back to the opening question: When was the last time IT came to you? If you're in IT management or if you're a CIO - when was the last time you spent some proactive time with your users and learned about their work?

Some of the questions I've received lately is how to design a large-scale, enterprise XenDesktop architecture.  We all can attest that most systems put into place become much more difficult to architect as the number of users increases.  I'm not talking about Citrix products, I'm talking about any product.  Which one do you think would be more difficult to design:

• A 100 user (insert your own product here) environment
• A 10,000 user (insert your own product here) environment
• A 50,000 user (insert your own product here) environment
  

Most of you will probably agree that it gets quite a bit more difficult as the number of users increases.  And if we do a typical type of design, I would tend to agree, but I'm thinking we can simplify this so even the 10,000 and 50,000 user XenDesktop environment can be as easy as a 100 user deployment. 

Many of you are probably thinking, this guy is full of it, he is too pie-in-the-sky for me.  And when I first started thinking about this simplified architecture, I tended to agree. But as I've continued looking into this and discussing with other architects, I've come to the realization that I might be on to something here.  See for yourself in the following video.  I plan on posting additional videos around this concept in the future to show/demonstrate how it would work.  But for now, I bring to you the Pod concept (and don't forget to leave your comments) 

Daniel - Lead Architect

Follow my Blogs: http://community.citrix.com/blogs/citrite/danielf

Follow me on Twitter: @djfeller

Send Desktop Virtualization questions to: AskTheArchitect@Citrix.com

Watch previous Ask The Architect Videos at: http://www.citrix.com/tv/#video/1063 

What's new in desktop virtualization?  Well, lots of announcements from different vendors trying to peddle their wares, but I haven't seen or read anything very thought provoking. 
<rant> (Man, I'm totally geeking out here)

I'm trying to keep abreast of the latest happenings in the desktop virtualization space from a design and architecture perpsective, but honestly, there isn't much.  There are tons of solutions out there, some better than others. There are many point solutions out there that solve 1 issue for desktop virtualization.  Heck, even Brian Madden commented about the one-hit wonders in a recent blog. 

I'm also on twitter (@djfeller) and I try to follow VDI/Desktop Virtualization, I have Google Reader alerts setup (You can follow my shared items but there isn't much I've found useful). What do I typically see? One post about a new feature, then I see it retweeted a zillion times (Ok, I'm exaggerating a little, but still).  I see articles about why companies aren't doing the VDI/Desktop Virtualization thing yet.  Why? It's not because there aren't solutions. There are. They might not solve every use case, but they can solve some for some users. So what's the holdup?   No one is showing them how to get it done. 

It's time for a REAL discussion. Let's start focusing on designing a desktop virtualization solution.

</rant>

I'm not going to lie to you and tell you desktop virtualization is easy. It won't be a walk in the park unless your park is full of mountains, rivers, mosquitoes, coyotes, wolfs and bears.  So, why would we attempt to do something like this? Because the alternative is even worse. With so many different user requirements you can quickly see how the current distributed desktop environment is a disaster waiting to happen (or already happened over and over again).

But let's not dwell on the ugliness of the current model. Let's instead focus on designing a better solution.  Let's start talking about design, and my oh my there is a lot to talk about, which is why I'm about to start a blog series on designing a desktop virtualization solution with XenDesktop.  I plan to focus on the main design decision areas and giving you my thoughts and recommendations based on what I've seen so far. I'm positive many of you have seen different things, which I encourage you to comment so we all can learn. 

This should be a great series and I can't wait to hear some of your comments.  (BTW, I got a lot of great comments for all of you during our Provisioning Services for XenApp blog series and hope to get the same level of feedback.)

Daniel - Lead Architect - Worldwide Consulting Solutions
Follow me on Twitter: http://www.twitter.com/djfeller
Follow me in the Blogs: http://community.citrix.com/blogs/citrite/danielf
  

Do you have a desktop virtualization design or architecture question? Then Ask the Architect

What is it?

Many times when people are looking at a solution or trying to create a design, they have a question as it relates to their environment.  Although there are numerous documents and best practices on the Citrix knowledge base, many of these are based on a "recommended architecture" which typically does not look like many of your environments.  This is where Ask the Architect comes in.  If you have a question regarding your desktop virtualization project, send an email to AskTheArchitect@Citrix.com.  (HINT: Make your questions short and to the point.)  Based on your email question, we will strive to find you an answer and post a video on CitrixTV (because many other people will have similar questions).  The answers will be brief and to the point, less than 5 minutes (we don't want to bore you and we still have lots of other things to do too).

What it is not?

The desktop virtualization Ask the Architect is not a way to get a complete desktop virtualization design. For a full-scale design, I would recommend you get in touch with Citrix Consulting, who have already been instrumental in designing some of the largest desktop virtualization solutions. It is also not a troubleshooting forum, as there are already many forums for those items (plus I've never heard of any Citrix products having issues )

Who is Ask the Architect? 

This is a big question. You don't want to send in an email and have it answered by a marketing or sales person who tells you to buy another product. You want someone who has designed complex solutions.  This is why Ask the Architect is not 1 person, but many.  Based on the question submitted, the most experienced Citrix Architects from our Consulting organization will create an Ask the Architect video post and submit it to CitrixTV for all to see. 

How to Get Stared?

Start watching the Ask the Architect series on CitrixTV.

• Episode I: VDI and PVS for Multiple Remote Sites: http://www.citrix.com/tv/#video/882  

Email: AskTheArchitect@Citrix.com
Note: This blog was brought to you from a hosted XenDesktop virtual desktop with a XenApp-streamed Firefox browser.  

Daniel - Lead Architect - Worldwide Consulting Solutions
Follow me on Twitter: http://www.twitter.com/djfeller
Follow me in the Blogs: http://community.citrix.com/blogs/citrite/danielf

As many of you who follow my blog postings will realize, I love talking about Provisioning Services

• Provisioning Services Best Practices (6, 5, 4, 3, 2, 1, plus more to come) 
• Quickly deliver XenApp Servers with Provisioning Services
• Use Provisioning Services to Create XenApp Swing Servers

I've spent a significant amount of time discussing best practices for integrating XenApp and Provisioning Services and thanks to many of you and your questions, I've been able to create and define new best practices; all of which will make it easier for you two simplify you XenApp environments. 

If you are still wanting more information on the Provisioning Services for XenApp, then I highly recommend you attend this recently released TechTalk.  For those of you who have attended my TechTalks before, my goal is to explain the how's, the why's and the  when's for creating a solution of your own.  This TechTalk is no different as I go through the following topics

• How Provisioning Services overcomes many of the ongoing challenges associated with XenApp environments
• How to create and deliver a set of XenApp servers with  Provisioning Services        
• How to design a Provisioning Services solution while following recommended best practices
  

Who do I recommend that should watch and listen to the TechTalk?  Well, the following is a good idea:

1. Anyone who is trying to design a Provisioning Services for XenApp environment
2. Anyone who has heard of Provisioning Services and thought it sounded intriguing
3. Anyone who has a XenApp environment and wants to makes management easier
4. Anyone who knows already knows a lot about Provisioning Services. You might learn something new, or you might be able to provide me with some of your thoughts/insights. 
   

After watching the TechTalk, feel free to post a question or comment on this blog as I'm always interested in hearing your thoughts, suggestions and recommendations. 

BTW, you can reach me on Twitter at http://www.twitter.com/djfeller or on the blog site http://community.citrix.com/blogs/citrite/danielf

So, set aside 60 minutes, grab some food, go to this TechTalk link, sit back, relax and enjoy. 

Daniel - Sr. Architect (Worldwide Consulting Solutions)

This whitepaper recently released by out guys in consulting covers the design considerations on how policies can impact your XenApp (Presentation Server) 4.5 environment...

---

There are numerous ways to apply a configuration or security setting onto a group of servers within a Citrix Presentation Server environment. Because policies are so unique, diverse and customizable, there is no single, correct method toward policy design. However, this document will give the key areas to consider when deciding on the appropriate approach to implementing a setting using a policy.  
This design consideration will look at the following types of policies and the comm on practices associated with them:

• Citrix Presentation Server policies: These policies are defined within the management console on Presentation Server and only apply to connections using the Citrix ICA protocol but not the Microsoft RDP protocol. Presentation Server policies also allow for the configuration of Presentation Server-specific options like Session Printers and Progressive Display. The power of these policies is that they have the ability to be filtered based on users, location and even the method for launching the published applications. Many of these filters are only available within Presentation Server.
  
  
• Active Directory Policies: These policies are configured within Active Directory. They are applied to organizational units (folders), domains, sites, etc. within the Active Directory structure. A single Active Director y policy can consist of a computer policy and a user policy. A computer policy consists of settings that affect the physical computer and impact all users logging onto the computer while a user policy affects the user and is applied on all systems the user logs on to. Local server policies and custom policies are types of Active Director y policies and are described as:
  
  
  • Local Server Policies and Settings: Local Server policies are similar to Active Directory policies, except they are managed on a server-by-server basis and configured locally on that specific server, where Active Directory policies are managed centrally and can impact hundreds or thousands of users or computers with a single application of a policy.
    
    
  • Custom Active Directory Policy Templates: Custom ADM templates, like the Citrix icaclient.adm template, are Active Directory or Local Server policies used to make configuration settings. They can be custom registry settings or simply standard policies re-organized as two examples. The concept of custom templates is supported, but depending on the author of the custom template, supportability by either Citrix or Microsoft might not be available. Organizations will have to verify the supportability of custom ADM templates. Also, any custom template used might already have settings configured, potentially causing issues with the environment. It is highly recommended to test custom policies in a test environment before implementing in production.

The following five areas are the basis f or the design decisions for an enterprise deployment of Presentation Server. These types of policies will be impacted by the following design areas:

• Policy Type
• Policy Integration
• Policy Filters
• Policy Prioritization
• Policy Precedence
  
  

Download it here