DIAL 'R' FOR REVOLUTION WITH XENDESKTOP 4

When I joined Citrix as general manager of the XenDesktop team in January 2008, I had a core conviction that when we would look back in 3-4 years time, we would have fundamentally transformed how enterprise users work with their desktops - for the better!

In June 2008, we launched XenDesktop 2 and transformed the desktop from a device to an on-demand service. Today, on October 6, 2009 we have taken a bold leap towards fulfilling our vision. A virtual desktop revolution is here - with the introduction of XenDesktop 4.

A virtual desktop - for everyone.

WHAT BEGAN IN 2008, ACCELERATED IN 2009
During the course of the last 18 months, my team and I have literally logged hundreds of thousands of air miles meeting hundreds of customers and partners worldwide. While many industry observers were skeptical about the hype, I always calibrate my impressions by studying and understanding what customers are doing. And I was certainly impressed with what I found:

• Customer interest was high worldwide - in North America, Europe and Pacific
• Key drivers were business agility, better security, anywhere access and yes - cost savings and green computing
• Adoption was across multiple verticals - education, healthcare, technology, manufacturing, government agencies, retail and financial services
• Primary use cases were for knowledge workers - whether remote, offshore or in the office
• Confirmation that user experience was very critical to the adoption of virtual desktops. In fact, the #1 reason why XenDesktop won over other alternatives was user experience - there were several reasons, but user experience was always #1
  In 2009, despite the tough economic headwinds, I saw our momentum accelerate:
• Early pilots were turning into production
• Many customers were coming back in 6-9 months to expand their deployments
• Larger initial purchases indicating deeper deployments
• Several customers kicking off strategic adoption of virtual desktops - broadly across thousands of users

WHAT'S AHEAD WITH VIRTUAL DESKTOPS
25 years ago, PCs fundamentally changed computing. They radically improved personal productivity and communication. PCs changed the way we work. However, that's not enough anymore.
Traditional PCs were designed for a different world. Today, people need to work in entirely new ways, powered by the connectivity of the internet, an explosion of new devices and the limitless promise of the web. A traditional PC - locked to an office, laptop or network is too confining.
In the world ahead, the virtual desktop will revolutionize computing all over again.
It will revolutionize how we work and play. It will enable a new virtual workstyle to unlock our efficiency and increase our speed to stay ahead - in a world that's flat, small and always changing.

Here is the promise the virtual desktop brings:

• Un-tethered from any office or location
• Un-tethered from any device: netbook, smartphone, thin client, BYOPC or Mac
• Access on any network
• Simple and complete access to enterprise computing on demand
• Self-service and provisioning of enterprise apps, just like picking songs from an iTunes store
• A high definition user experience.

With this virtual desktop, on-boarding new employees goes from days to minutes. New branches can be opened in a fraction of the time. Employee adds, moves and changes due to expanding businesses or M&A become quick, easy and save money. A graphics engineer in San Francisco can securely collaborate on a 3D graphics model with his colleague in Taipei.

This virtual desktop is here with XenDesktop 4 - for every user.

XENDESKTOP 4 FLEXCAST TECHNOLOGY: A GIANT DIAL FOR IT
As mentioned earlier, I have seen our momentum accelerate in 2009. However, I have also had customer meetings where people have been prone to take a wait and see approach.

Having worked in emerging technology markets before, I have found that when faced with a new type of solution many times people will fall into an "All or nothing" trap.
The solution must meet all use cases and all requirements or we will not deploy it.
This is what I would call an "on/off switch" approach. All or nothing.

I would suggest that you think of desktop virtualization as a "dial" rather than an "on/off switch".
Pick the use cases that are the most compelling for business agility, security and/or cost savings and start with them first. Then expand to additional use cases. Nothing succeeds more like success.

With XenDesktop 4 and FlexCast technology, we are providing a dial for IT. Pick the type of user: task worker, knowledge worker, advanced user or mobile worker. And then optimize the desktop with the appropriate desktop delivery that suites the user. You can control whether you want to deliver a hosted shared desktop, a hosted VM-based desktop, a blade PC based desktop, a local streamed desktop, virtual apps on physical laptop or desktop or a local virtual desktop. The right virtual desktop for every user.

So, perhaps VDI alone may have made you think of desktop virtualization as an "on/off switch". All or nothing.

We just gave you a giant dial with FlexCast delivery technology - the ultimate in flexibility for a complete desktop virtualization solution. You can start now with virtual desktops that best meet your needs and deliver an ROI.

Dial "R" for revolution. Let the revolution begin!

Raj Dhingra
General Manager, XenDesktop

Summary of announcement

Today Citrix announced XenDesktop 4 - a complete desktop virtualization solution to address the needs of all users across an enterprise. XenDesktop 4 includes on-demand apps by XenApp as well as FlexCast delivery technology offering different methods to deliver desktops tailored to meet the performance, security and flexibility requirements of each user. In the future we will also see XenClient to further extend our desktop virtualization strategy to include local VM-based desktops. XenDesktop 4 will be available under a new simpler per user license model more in line to support desktop deployments. XenApp will continue to be available standalone with today's CCU model. We are also providing incentives to move to a XenDesktop license. Since XenApp application virtualization is a critical component of our desktop virtualization strategy we will continue to invest in it with additional capabilities on the horizon as early as the first half of 2010. 

Wham! There you have it, finally a single product option.  Something that I have wanted for a long time to address a far broader range of use cases and truly enable desktop virtualization that goes beyond a simplistic one dimensional VDI view of the world.

So what are those use cases and drivers?

I've written in a past blog the time is now! about why I feel WIndows 7 is a long awaited stimulus to drive the next desktop refresh. In addition, the analyst data I have seen strongly indicates that 2010 will be the year of the PC refresh after years of skipped upgrades. This I believe will lead to many more people seeking to understand how desktop virtualization fits into to their strategic plans to ensure that they make the right investments in 2010 for their IT infrastructure as the economy begins to recover.

When I talk about drivers for desktop and application virtualization to customers from CIO to hardcore techie, I generally find that everything fits into three buckets. Here are some common perspectives that I have shared that resonate with our real world customers who are implementing at scale today.

Business Perspective

• Simplify business continuity and build it into the core architecture.
• Enable quicker and easier office moves and enable mobility from any connection from a broad device set.
• Invest in M & A and global expansion.
• Enforce stronger data standards and security through centralization.
• Drive increased consistency, more efficient staff based on location.
• Enable outsourcing.

User Experience Perspective

• Ensure consistency of user experience across any network. WAN and bandwidth matter.
• Improves performance when latencies are managed down by moving apps closer to the desktop.
• Enable telecommuting and access from any device/connection.
• Recover faster from faults to increase productivity.
• Introduce new productivity models like BYOPC.

Technology Perspective

• Leverage power and cooling efficiencies in the data center to reduce costs.
• Consolidate data centers and extend reach of existing data centers.
• Build greener user buildings in metropolitan areas and reduce carbon foot print.
• Reduce complexity in workplace and datacenter management OpEx by reducing the # of instances to manage.
• Ensure reliability of simple clients to reduce helpdesk calls and end user break fix visits.
• Reduce management costs and risk for infrequently connected devices such as laptops.

Once people start to understand the potential from their respective points of view, it usually boils down to desktop virtualization is a way to drive costs down over time and increase productivity very quickly.

To solve for the above use cases with the current distributed computing model is very difficult. Primarily this is because at scale distributed computing is complex to manage with a lot of overhead and many moving parts. This then leads to many points of control to make a change - flexibility is next to impossible. All this adds up to slow time to value for anything that needs to get done quickly, and hence the model is not very agile.

When it comes down to picking the right technology option to enable a new desktop model, the predictability and performance over a diverse network infrastructure become key considerations. Many customers realize that to reduce support complexity and achieve service delivery consistency it is better to use a technology that addresses the majority of your use cases.  If you truly understand the above use cases, it becomes obvious that to truly leverage your investment, WAN and smart utilization of bandwidth is a must. I'd argue it is the lowest common denominator, and  it takes more than a protocol to deliver the best possible user experience. For example, working in the office you may be on a LAN or MAN depending on the location of your data center, but when you travel or go home network latency and bandwidth matter. If you have to switch display protocols with varying bandwidth requirements from site to site then the complexity of supporting this when a user calls just erodes the cost benefits. In addition, some customers simply reject the idea of implementing solutions that lock them into proprietary client hardware solutions, or hypervisors as they lose price leverage. Many customers have told me that they want technologies that let them choose what type of client device to run on and hypervisor choice. That could be a Thinclient or simply a repurposed commodity PC, but with a mature protocol that is proven to run over diverse networks and uses bandwidth intelligently. Similarly these customers understand that hypervisor diversity is inevitable and so want to invest in management layers that support this coming trend.

Today Citrix has a range of HDX technologies to address a plethora of user experience use cases. We also run our solutions on multiple hypervisors and on physical hardware. This is why we are winning large XenDesktop customers including a 100,000 seat deal that we recently closed.

Is XenDesktop needed since XenApp also enables desktop and application delivery?

Not having XenDesktop 4 resulted in an artificial TS vs. VDI debate thanks to Citrix that has just continued to brew. Yes it's true, XenApp can host desktops and apps on a server operating system, so this leads to the logical question why do I need XenDesktop? In a blog last week on Brian Madden's site this sentiment was highlighted once again. I believe this is now a moot debate. With XenDesktop 4, it really does not matter which model you choose.  What's more important to understand is that you choose the right model to address your business need that fits the right economics and time to market for you.

Despite my pre-XenDesktop implementation experience and choices due to technology availability, I've always wanted and believed in a move towards a desktop OS. Why? It was largely driven by:

• It's a desktop.  It makes the most sense to deliver it with a desktop OS and avoid any issues or optimizations that may come up in the future that I may not have been aware of.
• App compatibility is not a problem on a single session desktop OS. Yes you can use 1-1 XenApp, but for reason 1 I still prefer a desktop OS.
• 3rd party vendor support is not an issue on a desktop operating system.
• Consistent service delivery of running a desktop OS across all use cases. This includes users being familiar with their Laptop OS - corporate or personal.
• Reason 3 above makes it easier for in house developers to adopt.

Now that said, I've lived through large scale XenApp desktop and application deployments and seen that the app compatibility issue is marginal after 20 years of Citrix pioneering the Server Based Computing model. Most vendors support their software on multi user operating systems like Window 2003 and 2008 and XenApp 5 Feature Pack 2 now addresses those edge cases by enabling VM hosted applications delivered from a desktop OS.

However there is a twist. In my opinion this is the advent of Windows 2008 R2 - only available as a x64 operating system. This presents several additional considerations.

First, how fast is the world going to move all their desktop applications to a x64 operating system and have the hardware on the backend to host x64 desktops and apps? Note I did not say application compatibility, because based on my experience most x32 applications run just fine on a x64 Windows operating system. There is some repackaging and testing to be done, and there are of course exceptions like apps with 16 bit installers etc. but in general I have not seen compelling evidence to suggest that this will not work for the vast majority of apps.

Second, Windows 2008 R2 and Windows 7 share the same code base. At the technical level their kernels are the same version. Thank you Microsoft for finally pulling this off! This will vastly improve application compatibility. At a very high level of assurance I can be confident that applications re-packaged for Windows 7 will run just fine on Windows 2008 R2. Now customers can choose what is most comfortable based on their requirements (well they will once we release XenApp for x64 which is slated for beta towards the end of 2009) because it really does not matter - their investment moving to either operating system is well protected from an application compatibility perspective.

Finally, for users on XP or Vista, I don't know of anybody new who at this point will adopt desktop virtualization by migrating to Windows 2003 given the effort to get all your applications re-certified and then do it again when Windows 2003 will reach end of life in a few years. It's just not worth it. Windows 2008 x32 is certainly an option, but again to ease the application migration effort it seems more prudent to me to get your applications ready for Windows 7 and Windows 2008 R2 to future proof yourself and have application portability between the operating systems.

Now I fully expect many people reading this to say, but I want to do X with operating system Y for reason Z. That's ok, and clearly as I elude to above, given the world is so diverse it's foolish to assume a single prescription and proclaim this is how you do it. As I illustrate below, XenDesktop 4 let's you choose the best model for solving real world business problems. I like to think of it as a sliding scale that is a pragmatic realization by Citrix that customers want many ways to skin a cat. I believe this flexibility will enable our products to be more easily consumed now that every use case can be addressed irrespective of your OS choice, application compatibility concerns or x32 vs x64 belief system - all with the most predictable user experience powered by HDX.

Key considerations and takeaways

Virtualization is already forcing a datacenter re-architecture. I would argue that those who do not believe virtualization is a force driving consolidation in the data center that has past the hype and inertia stage are in the minority. As this shift happens it is very important to design your virtual infrastructure and organization to handle desktop scale and service levels. I've blogged about this in the past desktop virtualization is not server virtualization. And I can't begin to emphasize enough how important this point is. It's a mistake to think desktop virtualization is a simple extension of your existing server virtual infrastructure.

The forces of globalization, offshoring, teleworking, mobility, and green are causing more users to be mobile. Forces such as consolidation, data security, business continuity, and green are driving us towards centralization. Business are becoming more complex and diverse, and the distributed computing model will only get more expensive to manage and is not designed to handle the needs of an agile organization that requires a lot of flexibility.

As a result, XenDesktop 4 is a landmark release in our history. It brings together the best technologies and reaffirms our commitment to enable customers to deliver IT as a service with desktop and application virtualization. XenDesktop 4 demonstrates how at Citrix we understand that desktop virtualization is so much more than just VDI. This is at the very heart of where we have come from as an organization over the last 20 years. It's in our DNA how to deliver user experience over diverse infrastructure, and this is just the beginning. We continue to innovate and expand our reach through diverse devices, HDX, new delivery models such as Dazzle, continued investment in application delivery and so much more to come. It's an incredibly exciting time for us at Citrix, now that we've stepped up to heal the broken hearts of TS vs. VDI and enable a new tomorrow that represents pragmatic choice.

Hey did you hear, XenApp 5 Feature Pack 2 released and boy does it pack some punch! Two features especially stick out for me...

• VM hosted apps - enables customers to host and deliver applications from centralized virtual machines running desktop operating systems for the fastest rollout of apps and 100% app compatibility.
• Power and capacity management - introduces policy-based server workload management and maintenance enabling IT to instantly optimize server farm performance and reduce power consumption.

Now, take these features and couple them with the power of Provisioning Services! If you have not tried to leverage Provisioning Services with your XenApp infrastructure, you are truly missing out! Imagine being able to stream one application workload (OS and applications) to one, ten, one hundred or more XenApp servers whether physical or virtual. Yes, ONE APPLICATION WORKLOAD! The best part, you can manage these application workloads centrally from one console. Take this logic and couple it with Power and capacity management and now you have a truly dynamic XenApp farm! No more over provisioning farms and no more overkill with hardware! You can now provisioning XenApp farms with ease based on capacity enabling huge cost savings in the datacenter. Application workloads when you need them!

Recently, Provisioning Services 5.1 Service Pack 1 was released and we made some improvements to enhance XenApp 5 Feature Pack 2. Provisioning Services 5.1 Service Pack 1 will support VM hosted apps and enable you to stream one application workload to one, ten, one hundred or more virtual machines. Image that! This feature will now be part of XenApp 5 Feature Pack 2 Enterprise and Platinum. This will make your VM hosted apps a breeze to implement and drastically reduce the management overhead!

Provisioning Services 5.1 Service Pack 1 also introduced some minor licenses changes to accommodate the VM hosted apps feature but also simplified the way you leverage Provisioning Services with XenApp. No more need to download a license key and license file for Provisioning Services. Now, just download your XenApp 5 Feature Pack 2 Enterprise or Platinum license and Provisioning Services will just work! Here is what enabled when leveraging Provisioning Services with XenApp:

• XenApp 5 Feature Pack 2 Enterprise: unlimited streaming of VM hosted apps virtual machine application workloads.
• XenApp 5 Feature Pack 2 Platinum: unlimited streaming of VM hosted apps virtual machine application workloads and unlimited streaming of physical or virtual XenApp servers.

Provisioning Services comes packed with great features as well! Check it out:

• Offline database support: Provisioning Services hosts continue operation even in the event of a Provisioning Services database failure or outage.
• Server maintenance mode: Place a Provisioning Services host into "maintenance mode" to automatically move streaming sessions to other Provisioning Services hosts in the farm.
• Offline vDisk maintenance: Boot Provisioning services VHD images directly in XenServer or Hyper-V for "offline" maintenance without the need for a streamed device.
• Multiple partition vDisks: Image systems that have multiple physical/logical drives into a single vDisk.
• Standard image NIC teaming: Enables teaming of NICs on provisioned systems using Intel or Broadcom based NIC teaming drivers.
• Auditing and enhanced logging: Provides enhanced ability to monitor system and administrator activity.

If you have been using Provisioning Services, thanks! If you have not... what are you waiting for, this is a must have feature for every XenApp farm! Time to optimize and streamline your farm leveraging the most powerful XenApp to date, XenApp 5 Feature Pack 2!

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

It's been a long time coming, but the Citrix Northeast team is pleased to announce the newest Citrix User Group. The New Jersey Citrix User Group (NJCUG) will be meeting on a quarterly basis, with the first meeting scheduled for this month. Everyone is invited, from Citrix users to administrators. Our goal is to foster a local community for peers to connect, share ideas and learn more about ALL Citrix products and our 3rd party partners. You can expect a wide range of content, from presentations to technical demonstrations and everything in between.

If you've never attended a CUG before, here are some of the things you can expect:

• Food!
• Citrix give-aways
• How to get involved
• Product Updates
• Product Presentations
• Tech Preview Briefings
• Technical Demonstrations
• Customer Deployment Overviews

And remember, just as Citrix has evolved beyond a single product, our CUGs have needed to do the same thing and you can expect to learn about all Citrix products (hardware platforms included!) at the NJCUG meetings.

The agenda for the first meeting is a good one, so come and join us to get the latest updates from Citrix and learn about the first enterprise application store (think iTunes for your Business Apps).

.........................................................................................................
REGISTER NOW!

CLICK HERE http://www.registerandcompute.com/CitrixUserGroup1009NJ
.........................................................................................................

What:
New Jersey Citrix User Group (NJCUG)

When:
October 21, 2009
9am-11am ET

Where:
194 Wood Avenue South (Prudential Building)
Sixth Floor
Iselin, NJ 08830

Follow the NJ Citrix User Group on Twitter to keep abreast of the latest news and updates: @njcug.

Citrix is sponsoring SAP TechEd 09 in Phoenix! Starting on October 13th at the Phoenix Convention Center, Citrix will showcase our desktop virtualization solutions and promote our recent Citrix Delivery Center POC produced jointly with SAP and onsite at SAP Labs in Palo Alto.

Don't miss your chance to learn about our desktop virtualization vision and how our solutions work alongside SAP solutions.

If you're planning to be at SAP TechEd, stop by the Citrix booth (#211) to meet with the team and learn how we're working with SAP to improve application delivery and user experience. Learn more about SAP TechEd or register to attend here.

Visit the Citrix Community for SAP to stay up-to-date on the latest partnership information...and don't forget to follow us on Twitter!

Announcing a brand new offering courtesy of Citrix Technical Readiness in conjunction with Citrix Education. Its a brand new method for self-service training that we call a Learning Lab Series. Learning Lab topics are focused on hot new Citrix features. A Learning Lab provides you 3 basic deliverables:

1. A brief CitrixTV recording to get you familiar with a concept or feature
2. A hands-on lab document with detailed steps on how to configure the feature
3. Access to a hands-on lab environment to execute the steps in the lab document

That's right...you have a chance to get hands-on experience for FREE! What could be better than that!

In this first release, we have posted Learning Labs for the following topics to citrix.com:

• XenApp 5 Feature Pack 2 Learning Lab series

• XenDesktop with Provisioning services difference disk mode

The hands-on lab access is only available to Citrix Partners but the CitrixTV recordings are posted for everyone to view. See the latest recordings on the following topics:

• XenApp 5 Feature Pack 2 - VM Hosted Apps

• XenApp 5 Feature Pack 2 - Power and Capacity Management

• XenDesktop Provisiong virtual desktop with difference disk mode

We look forward to your comments, so let us know what you think.

We've scheduled a Technical Overview Webinar for Essentials for XenServer and Hyper-V at three different times to accomodate for all partners, we will record and post the Webinar online if you can't make any of these times on October 5. Click on the link below to register.

Citrix Service Provider Technical Overview - Essentials for XenServer/Hyper V
Monday, October 5, 2009
9:00 AM - 10:30 AM EDT: https://www1.gotomeeting.com/register/228005408

2:00 PM - 3:30 PM EDT: https://www1.gotomeeting.com/register/975636224

9:00 PM - 10:30 PM EDT: https://www1.gotomeeting.com/register/126336201

Greg Shields recently posted an article on TechTarget's SearchServerVirtualization.com site listing the "five best free tools for Microsoft Hyper-V management".

Greg included Citrix Essentials for Hyper-V - Express Edition on his excellent list of Hyper-V tools -

Read Greg's entire list here.

Express Edition Download
http://www.citrix.com/ehvexpress

Citrix Essentials for Hyper-V Step by Step Part 1

StorageLink Deep Dive Webinar - http://community.citrix.com/blogs/citrite/barryf/2009/04/13/StorageLink+-+Essentials+for+Hyper-V+Deep+Dive+Webinar

StorageLink Demo Videos
http://www.citrix.com/ehv

StorageLink Overview - http://community.citrix.com/blogs/citrite/barryf/2009/02/23/StorageLink+in+Essentials+for+Hyper-V

Provisoning Services Overview - http://community.citrix.com/blogs/citrite/barryf/2009/03/20/Provisioning+for+Hyper-V+with+Citrix+Essentials

Lab Manager Overview - http://community.citrix.com/blogs/citrite/barryf/2009/03/19/Essentials+for+Hyper-V+with+Lab+Management

StorageLink Install Install Guide - http://support.citrix.com/article/CTX120789
StorageLink User Guide - http://support.citrix.com/article/CTX120791

Follow me on Twitter.

I started a video series on CitrixTV for tips & tricks for working with Workflow Studio. The first video is an explanation of how to use the If/Else activity and conditional logic in your workflows. I'll be posting more videos to the series over time, so if there is something you would like to know how to do then leave feedback in comments or email me directly and I will try to address it.

Veteran virtualization blogger Alessandro Perilli of virtualization.info, whom I credit with unearthing most of the interesting goings on in the virtualization world, made an interesting observation that I validated the VMware platform strategy in a recent blog, observing that I had done a good job of developing a rationale for the VMware SpringSource acquisition.

It's an interesting observation to be sure, but I'm going to vehemently stick with a response of "No I really didn't". For starters I didn't even mention SpringSource in my blog. The goal of the blog was to show how the emergence of two kinds of clouds - IaaS and PaaS - give us indications as to the future evolution of the technology landscape. And also to point out that very substantial changes lie ahead for today's OSes.

• I argued that the case for IaaS clouds is basically the case for virtualization as a property of the infrastructure, and I stated that it is my belief that customers are now purchasing virtualized infrastructure independently of the OS(es) which they choose to develop/run their apps. I pointed to the emergence of virtual infrastructure platforms as entities independent of the OS, from all vendors, as evidence of the trend.
• I also argued that the future of the traditional single-server centric notion of the OS as host of the application will be challenged. Again the evidence of this is the emergence of PaaS offerings from the major cloud vendors, most notably Microsoft, whose Azure platform indicates where Microsoft thinks the OS is going. There is other evidence too, which I hope to explain below.

Of course the PaaS concept, while extraordinarily powerful, is mostly about future apps. To develop future apps one needs lots of developers, and SpringSource and the Spring framework certainly have done a fabulous job of building a good developer base. But there's an awful lot of work ahead for VMware to turn Spring into a PaaS platform, and to monetize it either with enterprises or as a cloud play. And as of now at least, it is restricted to Java apps. So if one wanted to point to a powerful PaaS platform that is relevant to a massive developer base, and that had the opportunity to address both today's apps and those of tomorrow, Microsoft Azure would stand head and shoulders above the rest. My case for the future of the OS was really a case for the emergence of something like Azure - something that can run today's apps (as VMs) and tomorrow's (on the "next OS" platform).

Now, with my "everything that is relevant today is already legacy" hat on, I want to make the case for the emergence of a PaaS (or application-centric) approach as a logical evolution of the IaaS model, for which again I see strong evidence on the part of major players, including VMware. This also challenges the traditional role of the OS. Here is what is happening:

1. The major IaaS vendors are already adding PaaS-like features: One has simply to observe the rapid and continual evolution of the IaaS model and the offerings from vendors to see that the bare-bones Virtual Private Server model is rapidly being enriched with features that are very developer and app sticky. While VMware boasts about its 2M Spring developers, Amazon Web Services can boast at least half a million. And there's a very significant difference between the two: The AWS apps are built around a monetization model, from the get-go. So with Spring VMware will likely compete head to head with both IaaS and PaaS cloud providers, including Azure. If Spring and its hosted apps are run and monetized on top of IaaS clouds and offered in their own right as SaaS apps to customers, then VMware will find that it competes with another category of vendors: the software resellers - the same folk who happily sell vSphere today.
2. Emerging standards, such as DMTF OVF, will allow IaaS clouds to become more app-centric: The vendors who work on standards at the DMTF, including all of the virtualization players, have collaborated to develop a portable application packaging standard, called the Open Virtualization Format (OVF). Citrix Project Kensho offers a complete open source toolset for the OVF, including the ability to combine in a single portable package multiple VMs from VMware, Xen/XenServer, & Hyper-V, together with all of the meta data required to completely instantiate multiple VMs and all of their environmental configuration, on any virtualization platform. OVF provides a powerful framework for packaging complete multi-tier applications, combining VMs in any OSes, their storage, compute, networking and other parameters. OVFs can be secured, and readily imported into IaaS clouds where they can be instantiated and run. Here the traditional OS plays an important role - namely running specific components of a multi-tier, multi-VM application. But that's it. Adoption of OVF by IaaS clouds as their standardized import/export format will give them an ability to directly deploy and ultimately manage the life-cycle of applications for their customers - hence becoming more app-centric. In this model the VM is simply an execution container for a part of an app.

Finally for those of the "traditional OS wins" variety who took offense to my last blog: There is no doubt that virtual infrastructure is compelling from an infrastructural agility, availability and resource management perspective. But the "VM as proxy for the app" model (which is how most virtualization administrators manage their environments today) is simply a recognition that most apps run in one VM, and hence the relevance of the OS is uncontested - from the app perspective. Moreover the skill sets and processes of today's IT Pros mean that the "single app per OS / VM" will remain a key building block of enterprise IT for a very long time. Indeed one can argue that the change to an app model that inherently spans multiple virtualized execution containers is so profound that it is generational - and will occur only as fast as skill sets evolve in IT. But I've been surprised by how rapidly the cloud has seized attention in corporate IT, perhaps because it is so much easier to consume IT as a service than to stand it up oneself, and so much more productive to develop new apps using powerful new frameworks. Indeed one can postulate an outcome whereby traditional IT enterprise architectures and growth will stall, in favor of new deployments using private and public service offerings. IaaS cloud providers are moving up-stack to support abstractions for apps and the momentum around PaaS (or even enriched IaaS) is a telling indication of the trends.

The launch of Windows 7 fills me with dread and excitement. The dread comes from coordinating Citrix Global Platinum sponsorship of this launch with North America Roadshows, Virtual Live Events, TechEd EMEA and local launch events. The excitement comes from the promise of Windows 7 after the relative disappointment of Vista (I must stress the word "relative"), as the performance of Windows 7 is definitely promising to live up to the hype.  

So, why would Microsoft invite Citrix to be a Global Launch Partner for an operating system launch?

Normally when you want a new OS, you just go on the web, buy a new PC, and use the CD to install the OS or, if you are like me and technologically incompetent, you get your IT Department to install it. However, the technology landscape has shifted. Now there is an alternative way to get your instant Windows 7 desktop with Citrix and Microsoft Desktop Virtualization, which delivers Windows desktops as an on-demand service to any user, on any device, anywhere.

The combination of Citrix and Microsoft gives customers the fastest way to deliver Windows 7 realizing benefits of increased efficiency and simplified IT Management. In addition Citrix HDX Technology offers up to 10X better Flash multimedia performance compared to alternative solutions, delivering a user experience that is indistinguishable from a local PC.

7 Ways to get up to speed on Citrix and Microsoft Desktop Virtualization for Windows 7

1. Check out the Citrix Desktop Virtualization Live, "Secrets, Lies and VDI" event on the 20^th October - register here

2. Attend the "Harness The Power of Virtualization" events with guest speakers from Citrix, Microsoft, Intel and HP - register here

3. Microsoft New Efficiency Virtual Live Event

4. North America Windows 7 Roadshows in 65 Cities for Technical Decision Makers and IT Professionals

5. Microsoft Tech EMEA

6. Check out your local events

7. Check out Win7 Community Central to see how the Citrix Partner Ecosystem helps deliver Windows 7 - Click here

Citrix training courses provide the foundation to effectively implement and support Citrix solutions. Check out these upcoming training classes in Australia:

Course Name: CXA-202-1I Implementing Citrix XenApp 5.0 for Windows Server 2008 Skills Update
Date/Location: November 2-4, 2009 at Dimension Data Learning Solution, Sydney Australia
                       November 4-6, 2009 Dimension Data Learning Solution, Melbourne Australia
Description: This course is for experienced Presentation Server 4.5 users looking update their skills to XenApp 5.0. Students will gain the foundation necessary to effectively implement, deploy and administer Citrix XenApp 5.0 and its components, including Web Interface, application streaming and Secure Gateway. Learners will receive hands-on training for installing Citrix XenApp for Windows Server 2008 and Plug-ins and for using the various administrative consoles to configure policies, individual server and server farm settings, isolation environments, streaming applications and much more. This course is the recommended training for Citrix exam A05, the requirement for the Citrix Certified Administrator (CCA) for Citrix XenApp 5.

Register here or call DDLS on 13 12 01 

Course Name: CTX-1264AI Citrix XenApp (Presentation Server 4.5): Support
Date: November 23-25, 2009
Location: Dimension Data Learning Solution, Melbourne Australia
Description: This course provides learners with the skills needed to monitor, maintain and troubleshoot network environments running Citrix Presentation Server 4.5 and XenApp 5.0 for Windows Server 2003 software. Learners are introduced to the tools used to monitor the Presentation Server farm, record farm activity and generate reports. In addition, learners take away the skills needed to maintain data and server integrity and to scale, optimize and troubleshoot the XenApp (Presentation Server) farm. This training is recommended for Citrix exam 264, a requirement for the Citrix Certified Enterprise Administrator (CCEA) for XenApp 4.*

Register here or call DDLS on 13 12 01

Course Name: CTX-1456AI Citrix Access Suite4.0: Build/Test Workshop
Date: November 26-27, 2009
Location: Dimension Data Learning Solution, Sydney Australia
Description: This workshop-style course provides learners with valuable experience building and testing designs for Citrix Access Suite™ 4.0. Over 80% of the class is conducted through hands-on exercises. Students will gain the knowledge and skills required to build an enterprise environment in which all components of the Citrix Access Suite 4 are implemented. This course will prepare you for exam 456, a requirement for the CCEA certification.*

Register here or call DDLS on 13 12 01

*Individuals holding a CCEA can easily update to the upcoming Citrix Certified Enterprise Engineer (CCEE) by passing just one exam. Those without a CCEA must pass five exams to earn a CCEE.

I've been doing a lot of research of late around the future of the Cloud, what of the hype is real and where the market dominance will be for Internet based applications delivery. I read a piece by one of the analysts I follow and he gave some sage advice about not getting drawn into the herd of marketers who are using Cloud as a platform to sell anything in their portfolio by renaming it "Cloud -X". Another analyst I follow put together a great map of the differing technologies that make up Cloud Computing and one of the huge foundational pieces is that of Software-as-a-Service. In fact both of these analysts would say that SaaS is absolutely not hype and is one of the pieces of Cloud that will not only emerge, but flourish in the process.

In my research, I've been trying to assess the total number of Windows based applications that are in market today. The purpose is simple. To determine the total market opportunity in the SaaS space you first have to determine who is playing in it, what the applications are and who will subscribe to those applications. SaaS is defined as "a model of software deployment whereby a provider licenses an application to customers for use as a service on demand" and there is no distinction between Windows based applications and Web based applications.

Since Windows still enjoys over 90% market share in the operating systems realm, it also makes sense to extrapolate service offerings based on what businesses are currently using... which happens to be Windows based solutions. The difficulty in making an assessment for the total number of Windows based application in market today is nobody wants to talk about it. Microsoft got in hot water in 2000 with the DOJ because of the volume of Windows applications in market creating what was being called a "barrier to entry" for developers of other platforms. As a result, Microsoft doesn't publish this information. And the forums that support Windows developers are only microcosms of the larger eco system.

Third parties make attempts to extrapolate the total population of Windows based apps, but we don't often see real data to support it. To add to the problem, some support programs for Windows based apps are considered applications themselves. Some estimates have the total number of Windows based applications in the 100,000 range and above. In 2008, Windows Mobile apps alone totaled 18,000. Even if we take a fraction of these estimates there are still a huge number of applications to consider. For purposes of this blog, let's take a total number of 120,000 and divide that by 1/2. That would leave us with approximately 60,000. If we cull that number by another 50% to delineate only business applications we get a total of 30,000 applications. If we use an equal distribution of applications per business segment (Finance, Gov't, Healthcare, Communications and Services) we have 6,000 applications per segment.

That means that there is an opportunity for 6,000 Independent Software Vendors (ISVs) in each major business segment to expand their base by offering a different route to market. Many of these ISVs have been stifled in their growth because of their current sales motion and distribution channels. Also, servicing their existing customer base is expensive because upgrades must be done through expensive marketing, downloads and retail shrink-wrap sales. Up to now, there has only been one alternative... re-engineer and re-code to a web enabled browser based application. This is a very, very expensive approach. But what is an ISV to do? If he wants more revenue through expansion of his base of customers, is there any alternative?

Well the answer is yes but I continue to be dumb founded that more ISVs don't look to Citrix when they begin this analysis.  When Terminal Services was in its infancy, Citrix was solving the problem of remote access even before the Internet reached the masses.  The identical technology can be used today to solve the dilemma of ISVs in the SaaS space.  Why re-code when you can host the application just as it is and give users the same experience as being loaded locally?  The question is will the ISV of today be savvy enough to choose the Citrix path before spending millions on re-engineering the code?  Time will tell.

I'm willing to bet that any Windows based ISV who does adopt Citrix technology to expand his base of customers through SaaS will be miles ahead of his competition who are spending money on re-engineering instead of capitalizing on additional subscriber growth with the same code.

By the way... if you've got a better assessment of the total number of Windows Application in market today I'd love to see the comment!

I was on-site last week with one of our large Systems Integrator partners and they asked what recommendations we had for organizing the devices within the Provisioning Services console. Of course, working for Worldwide Consulting Solutions, I answered, "It depends".  Seriously, though, I reviewed their proposed XenDesktop design from a Provisioning Services view and developed a model which would work well as a XenDesktop farm scales. Keep in mind that this suggested organization is based on their design. Your design may work better with a different organization methodology.

Product Architectures

Since the organization is design-dependent, before explaining the Provisioning Services organization model, let me share with you the XenDesktop design that will be used for this model.

The design discussed here is referred to as the Modular Management (MM) design and the architecture is based on building a single XenDesktop farm out of smaller self-supporting Desktop Delivery Modules (DDM). Each DDM contains a group of virtual desktop hosts, a block of shared storage, and a set of provisioning servers to support the number of desktops hosted. This design also provides smaller units that can be managed through delegation. For the purpose of this blog, the example DDM contains four provisioning servers organized as a single site for fault tolerance, 20 XenServer hosts, and shared storage on a SAN. The diagram below provides a visual representation of a single DDM.

 

Taking that DDM structure and replicating it multiple times within a single XenDesktop farm provides a scalable platform for large XenDesktop installations. The multiple DDMs can then added to an existing XenDesktop farm infrastructure which would include Desktop Delivery Controllers, a Citrix license server, a clustered SQL database, and pair of Web Interface servers. The diagram below provides an example of what this Modular Management design might look like at the farm level.

Changing gears, a Provisioning Services farm is separated into several logical partitions that can be used to adapt to almost any environment. The highest logical partition is the farm. Within a farm are common components such as a SQL database server, a Citrix license server, a PXE server, and usually shared storage for vDisks, such as a SAN. Farms are partitioned into one or more sites. Each site contains provisioning servers, device collections (groups of target devices with common characteristics), and vDisk pools. The diagram provides a visual mapping of the different partitions and their relationships.


One of the reasons Provisioning Services was redesigned was to allow delegated administration at each of the partition levels. Most customers have a separation of duties between farm administrators, server administrators, desktop administrators, and help desk personnel. With this new partition design, the permissions can be granted at the farm, site, and device collection level. The delegation of duties in a customer environment will influence the design. The design in this blog supports delegated administration at all four levels: farm, server, desktop, and helpdesk.

Console Organization

Now all the core architecture is understood for both XenDesktop and Provisioning Services, we can begin to look at the organization of the items within the console. To simplify this, we will focus on a single XenDesktop farm that has three DDMs: DDM 1, DDM 2, and DDM 3 (Notice the space in the name of each DDM to distinguish the XD DDMs from the provisioning services objects which are named without the space). Each of these DDMs supplies a different operating system image. DDM 1 supplies Windows XP desktops, while DDMs 2 and 3 supply Windows Vista and Windows 7 desktops respectively. In the XenDesktop Access Management Console (AMC) the administrator has configured three Desktop Groups: Windows 7 Desktops, Windows Vista Desktops, and Windows XP Desktops as seen in the screen shot below.

Ideally, a single Provisioning Services farm is used to support a single XenDesktop farm, such that you have a 1:1 mapping between the two farm types. In the screen shot below of the Provisioning Services console, depicts the Provisioning Services farm name (XenDesktop3) that matches the name of the XenDesktop farm name as shown above.  

The screenshot above shows clearly the different objects available. Below I will discuss each one and explain how it maps to a DDM for management. 

Sites: Sites are created in the Provisioning Services console for each of farm DDMs.  The sites names will correspond to a single farm DDM. In the example, the site names are DDM1, DDM2, and DDM3 per our farm architecture above.  In other words, in this configuration the terms site and DDM can be used interchangeably when referring to objects within the Provisioning Services console.

Servers: The provisioning servers that are assigned to service a single farm DDM are then added to the appropriate site DDM in the Provisioning Services console.

Device Collections: Device collections contain all the target machines that are delivering a specific desktop image. Group similar images into a one device collection such that the entire group can be managed as single entity. This grouping will simplify management later when images need to be versioned or updated. In the example, since DDM 1 is responsible for delivering only Windows XP images, a single device collection, named Windows XP Desktops in the screen shot, can be used for all the hosts in DDM 1.  If DDM 1 had multiple images being delivered, then multiple device collections would be created.

Stores: vDisk stores are created for each of the DDMs: DDM1, DDM2, DDM3. The vDisks are then added to or created in the store for the DDM. The key here is that the corresponding servers in the DDM are assigned to the vDisk store so the vDisks are visible within the site. In the example, the DDM1 store would have the four provisioning servers assigned to DDM 1 would have check marks next to their names for that store. This will allow any of the provisioning servers for the DDM to serve up the vDisks contained in the store.

vDisk Store: The vDisk pool will include all the vDisk images that will be used by a site and shared among the provisioning servers supporting the DDM. The vDisk pool displays any images that are managed by a server in the site. In the example, vDisk pool DDM1 would contain the Windows XP images used for DDM 1 and Windows XP Desktops group. Likewise, vDisk pools DDM2 and DDM3 would contain their respective images for Windows Vista and Windows 7.

Delegated Administration

Keeping DDMs at the site level will allow administrators to leverage the partition-level delegated administration of the Provisioning Services console. Server administrators can be granted permissions over the DDMs they manage at the site level. Desktop administrators can be granted administrator permissions for the devices they manage by assigning them to device collections. Help desk personnel can be granted operator permissions on the devices at the farm, site, or device level. From a higher perspective, desktop farm administrators can be granted permissions for all the farms managed. The best part is that if an administrator has multiple farms to manage, they can use a single Provisioning Services console to manage all of them.

I hope you found this information useful. Follow me on twitter @pwilson98 to keep abreast of design and architecture tips for Citrix XenDesktop, Provisioning Services, and Password Manager (SSO) products.

As announced on August 31st, HDX 3D for Professional Graphics is now available for download. There's also lots of great documentation on HDX 3D Pro Graphics now on our Support site (scroll down to the bottom of the Product Documentation for XenDesktop 3 page). Or if you are just looking for a high-level overview, be sure to visit hdx.citrix.com.

Here are some highlights of this new XenDesktop feature:

• Supports the delivery of 3D professional graphics applications, both OpenGL and DirectX based, which need graphics hardware (GPU) acceleration for optimal performance.
• Works as an add-on to XenDesktop 3 and XenDesktop 3 Feature Pack 1.
• Automatically adjusts compression based on bandwidth and available resources. Delivers full HDX user experience on a LAN (100 Mbps) and very usable, interactive experience over a WAN (2 Mbps or above, with up to about 200 ms roundtrip latency). Makes desktop virtualization viable and practical for design engineers, architects, and other professional graphics users.
• Supports high resolution monitors (e.g. 1920 x 1200). For best results over limited bandwidth WAN connections, resolutions of 1280 x 1024 or below are recommended.
• Provides a real-time image quality configuration tool with an easy way to switch between a sharper image or smoother motion (great when working on  a limited bandwidth connection).
• HDX 3D host workstation (e.g. blade or rack workstation in the data center) is supported on Windows XP SP3 32-bit Professional.
• HDX 3D online plug-in for Windows (client) is supported on Windows XP, Windows Server 2003 and Windows Vista. The plug-in is supported on both 32-bit and 64-bit OS versions.

Download a free Eval and try it out!

Derek Thorslund
HDX Product Strategist

Please join us for two webinars covering XenApp Fundamentals sales and technical topics. The new sales topic is "Extending Terminal Services with XenApp Fundamentals".  We will expand on several newly published case studies that illustrate why customers still have a need for a remote access solution that meets both their performance and security requirements.  These case studies highlight instances where customers had initially implemented Terminal Services as a stand alone solution, and why they saw a need to add XenApp Fundamentals to their application environment. 

Our technical topic will be "XenApp Fundamentals for HP Proliant Servers with Microsoft Small Business Server 2008 - Technical Overview".  This session is a technical review of the implementation options for deploying XenApp Fundamentals with Windows Small Business Server on HP Servers. We have many partners who have already implemented this solution and are pleased to have Terry Sheehy,who is an independent IT consultant, join us to share some best practices. This topic was originally presented several months ago and is being repeated due to popular demand. 

Title:	Extending Terminal Services with XenApp Fundamentals.......The Secure Remote Access Solution For Small to Medium Businesses
Date:	Thursday, October 8, 2009
Time:	2:00 PM - 3:00 PM EDT
Register:	https://www1.gotomeeting.com/register/519248097

Title:	XenApp Fundamentals for HP Proliant Servers with Microsoft Small Business Server 2008 - Technical Overview
Date:	Thursday, October 15, 2009
Time:	2:00 PM - 3:00 PM EDT
Register:	https://www1.gotomeeting.com/register/582954936

I just wanted to announce an upcoming TechTalk I'm delivering on the new HDX Technologies included within the upcoming XenApp 5 Feature Pack 2 release.  As you know, HDX refers to a series of technologies that deliver a high-definition experience for both XenApp and XenDesktop users.

In this particular session, I'm going to do a technical deep dive on the latest HDX features include in XenApp 5 Feature Pack 2.  Each feature will include an overview, configuration details, and deployment considerations to help you maximize your XenApp deployments and help you provide the best possible experience to your end users.  The features included in this presentation are:
-HDX MediaStream for Flash
-HDX Plug-and-Play for Thumb Drives
-Secure Paste

The TechTalk is this Thursday, October 1 (1pm to 2pm EST).  To sign up for the session, visit this link: https://www1.gotomeeting.com/register/907190776

I hope to see you there!

Yesterday I've posted Part 1 of this series, talking about Capacity Estimation. Today I will describe the Power Management schedule policies. PCM use these policies to determine how many servers should be powered down, how sessions will consolidate or spread among the online servers, and when to power on additional servers to handle unexpected load.

The load policies for a workload vary during the day - you need more capacity during working hours than over the weekend. PCM configurations are entered over a weekly table period. Each entry has a start time four settings described below.

You will find this configuration on the PCM console. Select any workload, and then the "Schedule" tab. Each entry configures the following policies:

Minimum session capacity (Min Capacity): specify how many sessions, connected or not, should be on-line. The minimum session capacity is probably the easiest policy to understand and define. It describes the typical session utilization of that workload over time. For example, if you expect 1000 users connected to a workload during the day, and 250 over night, you will configure Min Capacity to 1000 from 8 to 5, and 250 from 5 to 8. It's that simple.

PCM will start as many servers as needed to support the Min Capacity policy. Servers are selected randomly, although you may control the selection order using the server tiers - I will cover tiers in more details at another post.

The session capacity is the sum of the estimated capacity of each online server in that workload. See Part 1 for in-depth description of load estimation.

Min Capacity is ignored if "Power Management" is disabled for that workload.

Minimum available servers (Min Servers): specify how many servers will handle logon requests. At first glance this seems similar to Minimum session capacity, but there's more to it.
PCM works its magic by setting the IMA load index to 20,000 value, indicating to IMA load balancer that the server is not available to take additional sessions. In the PCM console, you can see each servers selection state - select a workload and the "Servers" tab. At the left side of the "Sessions" column, you will find a small icon that can be:

• Circle: Load consolidation has disabled logons on this server. The IMA load index is set to 20,000.
• Green Triangle: Load consolidation has enabled logons on this server. The IMA load index is calculated based on the Load Evaluator.
• Yellow Triangle: Load consolidation has enabled logons on this server, but the load is higher than the optimal load. The IMA load index is still calculated based on the Load Evaluator.

The Min Servers policy defines how many servers with "green triangles" you will see in that workload - servers with enabled logons and under the optimal load. In the picture, I have Min Servers set to 1. Server 1 is draining, Server 2 is accepting logons, and Server 3 is above the optimal load (of 70%).

The value of this parameter should be related to expected user logon concurrency. If you set this value too low, then a small number of servers have to process too many logon requests, increasing the average logon time. If you set Min Servers too high, then sessions will spread to too many servers.

As a rule of thumb, you should set Min Servers to a higher number just before a shift starts - say, at 7:00AM - and reduce it after the logon peak has passed.

But how should I estimate this value? Well, you may start with a conservative high number and work your way back until user logons are impacted. Edgesight is a terrific way to get this data. Another way is to calculate the expected concurrent logons per server, based on peak logon rate and the logon time. For example, if average logon time is 30 seconds, and peak logon rate is 2 users/second, you should expect 15 concurrent logons if Min Servers is set to 1 (30 seconds/logon divided by 2 users/second). If you want to limit servers to process at most 5 concurrent logons, you will need Min Servers set to 3.

Min Servers policy is ignored if you disable load consolidation in the workload.

Online session reserve (Session Reserve): specify how many sessions should be available at on-line servers. Available sessions are calculated as "Session Capacity" minus connected sessions. For example, if a server has session capacity of 100 and 30 sessions, available sessions would be estimated as 70.

PCM counts all server sessions, including console and disconnected sessions.

Session reserve is used to create a buffer of available sessions for unexpected session influx. Servers take a while to boot, therefore you need to start powering on servers before the workload is fully loaded.

When the session reserve policy is violated, PCM will start sufficient number of servers to bring the policy back to compliancy.

Session Reserve can be estimated based on server power on time, and the maximum unexpected connections influx you have to support via SLA. For example, let's say your servers take 5 minutes to power on, and your DR strategy requires the workload to take up to 60 users/minute if a site fails. Your session reserve has to be set to 300 - the expected number of sessions before the 1st offline server can become available.

In the example above, PCM may issue additional power-on commands before the 1st server comes online. Let's say each offline server can take 100 sessions. When the number of available session falls under 300, the 1st server is started. If connections continue to come in, and available sessions fall under 200, the 2nd server is started, since the 1st server alone wouldn't be sufficient to get the session reserve policy back into compliancy.

Online session reserve is ignored if you disable power management in the workload.

Maximum session capacity (Max Capacity): specify a high water mark for capacity in the workload. This is an advanced setting, most workloads won't have to bother (default is "infinite"). This is used if you want to specify a session reserve, but stop adding servers after a certain point.

For example, assume your servers have session capacity of 100. A workload has 400 sessions at peak utilization. You have an SLA to support up to 600 sessions during DR events. You also have 7 servers assigned to this workload, but you can only power on 6 at a time due to power constraints - the 7th is there in case any other breaks. In this case, you may define Maximum session capacity as 600. Even if the session load gets above 500 (breaching the Session Reserve policy) PCM will not start the 7th server as it would violate the maximum capacity policy.

OK, that completes the PCM weekly schedule policy configuration. Next, in Part 3, I will talk about sites, tiers, and computer managers.

One of the first screens you will see in the Streaming Profiler wizard is a screen about "Enable User Updates" or in the earlier profilers, this was called "Enhanced security" or "Relaxed security".   Wow!  Mysterious terms!  The first thing we do in the profiler is hit the admin with a question that they don't know the answer to.  Hum.

Steps:

1. Describe the panels
2. Describe what the settings do
3. Examples of how this effects application execution
4. Guidance on how to configure the setting

Here's the panel in the streaming profiler version 5.2 (XenApp 5 Feature Pack 2):  Hot off the presses, released GA to the web download last night.

Here's the same panel in the previous streaming profiler (1.3)

What does this setting do?

Under the profiler, it doesn't do a whole lot.  It just sets a BOOLEAN that accompanies the streaming profile.  You can see via nice visual form in this streaming profiler, but if you dig down, you'll find that all this does is set a boolean in the profile XML data; at the PROFILE layer.   Changing this setting actually does more work, but I'll get to that in a minute.

Going back to the Layers of Glass, there are conceptually 3 layers of isolation.  Here's an abbreviated version.

At runtime, the applications in the isolation sandbox see a multi-layer merge of the true machine at the bottom, masked by the installation image and at the top, a per-user layer.  The per-user layer is seen "first", followed by the lower layers of isolation and finally the true disk or true registry of the machine.

The normal action is that the machine starts out pretty much clean, the streaming profiler captures the installation activity of an "installer" that writes stuff to the file system and registry.  These are packaged up to become the "blue" layer above, the installation image.  

At end user execution, the installation image is laid down on top of the execution machine and as far as the isolated applications are concerned, they are installed.  It's all a lie - they aren't really installed.

The top layer is initially "clear" or "blank".  As the programs run, they may store documents and similar, but these would generally not be in isolated space, so they don't really show up in this picture.  The application though may WRITE things to "off-limits" locations which would be caught by the isolation system and end up with storage of stuff to the per-user layer of isolation.  These land in the top layer of the isolation stack which is set up as one per-user.  This is what allows ill-behaved application to run happily under isolation on a multi-user machine when they won't happily run without isolation.  As an example, consider an application that stores settings to the program installation directory in a .INI file.  Under isolation, this will be captured and land in per user space and the application becomes runnable in a XenApp Terminal Services world where otherwise it would not work successfully.

Back to this post

If the application updates itself at runtime, the update will land in the per-user layer of isolation and this is bad.  Standard procedure when profiling application installations is to TURN OFF all automatic updates.  The application should not update itself - this should only be done in the profiling scenario where the administrator commands the update.  Recall that the isolation space is ONE and the per-user space are MANY, so we only want application content to be updated in a single place.

What does "Enable User Updates" do?

If the user downloads application updates such as .DLL updates or .EXE updates, should this be permitted?

The general answer is "NO!".  Some administrators may have a scenario where this is desired.  The common ones are users wishing to install their own plugins for isolated web browsers or install their own addons for things like Microsoft Office.

How does it work?

Put your file system filter driver writer hat on.  For isolated applications, EVERY TIME the application opens a file or tries to open a file, you get first look.  If the file open is for executable content, should this be permitted?  If "enable user updates" is "off", then file opens for RUNNING executable content from the user layer will be denied.  

The neat part here is that the isolation system distinguishes this behavior based on WHO the caller is.

If the caller is vanilla application wanting to read or write content, no problem - do what you want.  If the caller is the Windows LOADER, then this setting comes into play.  If the LOADER is trying to load executable content from the per-user layer of isolation, then the isolation system can be told to FAIL that operation, and this is what this setting controls.  Pretty neato.

One headache

The setting while stored as a profile level single property (a boolean) is implemented in the isolation system as an attribute of EACH of the isolation rules for EACH execution target of the profile.  If you set the profile level property, the streaming profiler must modify the isolation rules (many) for each Target of the profile.  This means that if you have a profile with 4 execution targets and you're editing one of them - and you set the profile level property, behind the scenes, the profiler brings the other 3 execution targets into "edit state" to make the change and will eventually write all 4 targets back to the application hub.  Going to edit state to change the rules requires unzip of the can file from the network server onto the profiler machine.  If the profile/targets are large, this can be a very painful operation to accomplish a single boolean set, but this is how it is.  If you make this change, be aware of the large behind the scenes work that the profiler is doing.  Grummble yell a bit and then it will be done.

Fun with streaming - Great entertainment in isolation circles

Turn on the -x RadeRunSwitch so you can an isolated command prompt when you launch your next favorite streamed application.  This assumes you have user updates disabled, which is the default.

cd c:\windows\system32
c:\Windows\System32>notepad.exe
< it runs >

c:\Windows\System32>type notepad.exe
< see textual giberish - the file open succeeded for read access from CMD.exe >

c:\Windows\System32>copy notepad.exe n.exe
        1 file(s) copied.
< file copy was successful - n.exe is at the per-user layer of isolation >

c:\Windows\System32>type n.exe
< see textual giberish - the file open succeeded for read access from CMD.exe >

c:\Windows\System32>n.exe
The system cannot find the file c:\Windows\System32\n.exe.

FIREWORKS HERE!

The isolation system LIED to the Windows Loader - returning ERROR_FILE_NOT_FOUND (2) rather than completing the loaders request to run this file from user layer of isolation.  This is what this setting does!

But wait, there's more!

c:\Windows\System32>copy n.exe notepad.exe
        1 file(s) copied.

c:\Windows\System32>notepad.exe
< it runs!! >

Why does notepad.exe succeed in the final case?  Easy, there are two notepad.exes.  At the per-user layer, there's a notepad.exe which was written on the file copy from n.exe.  We don't care what this file is, but it is executable content and it exists at the per-user layer of isolation and therefore it doesn't exist for purposes of running programs.

Since the "Enable user updates" setting is set to disable user updates, executable content at the per-user layer of isolation does not exist from the perspective of the Windows loader.  BUT - at the physical layer, there does exist a file with that name and this can satisfy the file open, without violating the isolation rules.  There could also be a file with that name at the application installation image layer.  In this example there wasn't, but there could be.  The isolation system starts at the top and goes down until it finds a hit.  If "Enhanced security" is enabled, then the per-user layer is "off-limits" for execution of executable content.

The grand result

The application "update" applied by the user may have been applied as far as the user or application is concerned, but in reality, it was not applied.  The version of the application that is running is the version that the administrator profiled.  Pretty cool stuff.

Why did we rename the setting?

Putting "security" in the title implies that this will somehow prevent users from doing things to run content that they download and this is not what it does.  If the program updates itself, then this setting will block that content from being executed.  The setting can also block user installed additions to the program (plugins), depending on the location to which they were installed - was it included as an isolation rule during profiling?

Take a web browser for example, if the user downloads executable updates to the browser, this will be captured and the user installed stuff won't run, but if the user downloads evil.exe and places it on their desktop, and then double clicks it - this will be outside of isolation so the layers here do not apply.   This is also true if the user downloads evil stuff to locations outside of isolation and launches it from the isolated application.  It will still run isolated, but it will run!  Describing this activity as "disable user updates" is more accurate than the previous words, so we've made the change.  I also hope that it removes confusion in the streaming profiler wizard.  "Enable user updates" is pretty easy to understand.

How should you create your profiles

1) Enable user updates should generally be "off".  Plugins are a rare need and where there is a real need for users to add plugins, start asking yourself if you can add those plugins at profiling to the common layer.  OR, if the use of user installed executable content is large, should this application be locally installed rather than isolated?

2) Always tell the application to NEVER update itself at runtime.

 A look to the future

Streaming dev team are discussing removing this option from a future release.  That is, "Enable user updates" will always be OFF.  I'm not sure of all the ramifications of this yet.  The question really is "how many admins are profiling their applications with user installed updates permitted"?  I hope the number is "few".

Joe Nord

Product Architect - Application Streaming

Citrix Systems

When was the last time that a representative from your company's IT department spent an hour sitting down next to you and observed you while you were doing your work... for no other purpose than to learn about your needs and work habits so that IT can  provide you with better service, a better environment, and better application support?

Before you answer, I'd like to point you to a discussion on these pages that triggered me to think about this question: 

Daniel Feller authored a piece  which talked about the desire of users to install and manage their own applications in a virtual desktop environment. Dan gives several reasons that detail why letting users install their own apps in a virtual desktop is a bad idea in his opinion.

Brian Madden responded to some of Dan's points and stated that the flexibility and feel of control associated with user installed apps is critical to user adaptation of virtualized desktop environments. Therefore, Brian suggests providing each user with two desktops - one tightly managed by IT with approved applications; the other one more free-reeling to allow for any tool, utility, or app installed by a user. There are arguments for both sides and the common trade-off between user flexibility, IT's management capabilities, and cost must be considered during virtual desktop implementation projects.

So far, the virtual desktop discussion focused on increasing security through centralization and reducing desktop support and operating costs. Those are benefits primarily to IT. What about the users though? What's in it for them?

I spent several years in healthcare information systems, where the most valuable users (doctors and nurses, but especially doctors) are often the most reluctant to change their workflows towards the use of a computer and away from the voice recorder and paper notes that someone else has to decipher. How do you get these users to accept and embrace an electronic medical record (EMR) system? You have to state the benefit to them and let them experience them first hand! In this example  it means fewer patient deaths and complications due to missing or incorrect patient data and overall better patient outcomes. This appeals directly to some of the main reasons why these users are in their chosen field in the first place. Post implementation surveys among doctors and clinicians was overwhelmingly positive  once a doctor realized that she had the patients medical history at her fingertips and was more efficient in documenting her care.

Successful EMR implementation were all characterized by a fundamental shift in thinking in IT. Away with the old "this is not supported" argument of IT and away with the strict segregation of IT responsibilities between network, OS, servers, virtualized servers, databases, applications,  cross-system interfaces, storage, and "Citrix".  Our customer IT teams and we (the EMR software vendor) spent countless hours on the hospital floors, in emergency admission departments and in the operating room - simply to observe our users and provide the best possible products and the highest quality implementations to them. Our customer IT teams almost became experts in clinical documentation. On a side note, I am glad I wasn't on the OR team - I might have tossed my cookies...

Just like EMR implementations, virtual desktops have the potential of being disruptive and enabling at the same time. There is a fine line between providing a desktop from anywhere and excessively restricting capabilities. Successful implementations rely on strong leadership from the CIO down. Many EMR implementations include the Chief Medical Officer, CIO, Nursing representatives and traditional IT roles. By the same token, the virtual desktop initiatives must be guided by principles of including key user representatives and an IT organization that truly understands user needs. This should be understood at this point among many readers of industry commentary on desktop virtualization. However,  I still see many large organizations who make implementation decisions driven by their own organizational structure and  technical drivers (sometimes even politics). Of course, IT must enforce license compliance and protect environments from the hazards of poorly written software, but that imperative doesn't have to make it more complicated for users.

Back to the discussion between Dan and Brian:  I tend to agree with Dan - one virtual desktop image - centrally managed by a capable, agile, and results driven IT organization.  I simply don't want to switch between desktops for different tasks and I don't think I should have to. Instead, users who want their own apps demonstrate the business case (a personal preference of one browser over the other probably won't cut it) and an IT organization who understands their users' core requirements verifies the business need and provides the required app. Done. Simple.  

Going back to the opening question: When was the last time IT came to you? If you're in IT management or if you're a CIO - when was the last time you spent some proactive time with your users and learned about their work?