A new whitepaper describing the XML firewall features available in NetScaler version 9.x is available here.
It includes a concise summary of the feature capabilities and the types of applications that the Application firewall can secure. Security is a core component of the Application Delivery Controller (ADC) platform. For a broad overview of the security related features available in the NetScaler, get Citrix NetScaler - A Comprehensive Application Security Solution.

To use agent-less streaming or installed agent streaming; that is the question.

I have received inquiries recently - lots of inquiries on the same question actually - that all imply that "user mode" streaming and isolation is "better" than evil kernel driver streaming and isolation, because it doesn't have any kernel components.  This sounds exciting on first glance, but when you dig down the problem is more complex.  There are advantages to installed isolation systems and there are advantages to all user mode.  This blog shows some examples for both categories. 

To get it started, consider an isolation system's ability to load and isolate a Windows NT Service.  How can you isolate the execution of an NT Service if the isolation system itself is "user privilege".   At user rights, the isolation system lacks the privilege to start a service that isn't already installed, so it can't run and isolate services unless the service is already installed outside of isolation.  

Scalability is also a big concern.  It doesn't matter for a small system, but if you load the machine up with lots of users and lots of applications, having a separate copy of the installation system for each application becomes problematic.  

On the plus side for agent-less, it is really nice to NEVER need admin rights on the execution machine and this can help engage work from home or kiosk environments.    Another plus for agentless, the "attack surface" is smaller if there are fewer privileged components; this is the point that usually starts the conversation that "agentless is better".   Keep reading...

First, some definitions:

Agent-less streaming

Nothing is "installed" into the machine.  The isolation engine can run the profiled software without ANY components themselves being installed.  "Admin" rights are never required and the system usually embeds the isolation system and profiled application into a single .EXE image that is "executed" to run the isolation system and the isolated application.

Examples of agent-less isolation systems include ThinApp, InstallFree, XenoCode.

Installed agent streaming

With an "installed agent", parts of the isolation system are "privileged", they require an install time execution which usually includes the installation of at least one kernel mode device driver and generally also includes the installation of a NT Service that supervises the sandboxes that are active on the machine. 

Examples of installed agent isolation systems include Citrix Application Streaming and Microsoft App-V.  Even this is a simplification as the Citrix system uses kernel mode for process monitoring and file system filtering and USER MODE for registry filtering, which makes it kind of a hybrid.  App-V uses kernel mode for both.   The real key is that an installation step was required.  If you require an "install", you are a member of the installed agent camp!

Which is better?

The answer is simple: Mine! 

The real answer is that you have to ask what "better" means.  I mean, better at what?  Each of the systems have their advantages.

Consider installation

Not needing to install an agent is handy for some environments especially where the execution machine is not company managed.  USB Thumb Drives were the original player here; you can take you application anywhere!  By contrast, if you're really running in a company environment, either stream to client, running on a XenApp Server or even on a XenDesktop hosted world, the installation of an agent is not a gate - the admin controls the base image and can install any agents that they want.   For more on this, see "security" below.

Consider scalability

If you are running a heavily loaded XenApp Server.  Let's say 64-bit machines, with 64-bit Operating System, a handful of high end CPUs and enough RAM memory to run 100 concurrent users, with each user running 5 distinct isolated applications.   How many isolation spaces is that?  100 * 5 = 500 isolation spaces.  If the isolation system is 100MB, that's 500 * 100MB = 50GB of allocated virtual memory just to load the isolation engines.   I made these numbers up, but stick with me on the concept.

How many separate copies of the isolation system do you want to load?  Answer: One would be nice.  

With kernel mode or NT Service isolation systems, you'll have ONE single code space for all of the isolation sandboxes, a bit of instance memory for each sandbox and other than that, you're off and going.

This too is a over simplification.  For starters, the Citrix App Streaaming case is a hybrid.  I haven't checked the memory footprint lately, but the kernel pices are ONE and the registry and named object pieces are MANY as these are implemented inside the isolation space.  To get back on subject for this post, think of it as ONE installation system because all "installed agent" systems are in the same camp.

Does agentless mean that there is really a separate isolation engine for each application?  yes and no.   We tend to generalize this to say that the isolation engine is carried along with the to be run application.

If the agentless isolation system uses DLL references to get to the isolation engine, then the agentless system's memory load will be page table shared across the images.  This a function of the Windows NT PE Loader and memory manager.  With DLL load of the runtime, many pages of the 500 instances of the isolation system will be shared.   I don't know if the clientless systems use DLLs for the agent runtime, but if they don't, they could and this will share the load.  

Citrix App Streaming uses DLLs for the registry filtering, so the shared model here still applies (ONE).  

How to update the agent

If the isolation agent needs to be updated, how many application images do you have to update?  This is a plus and a minus for both again.  With installed agents, you update one and all the profiles/sequences benefit.

With agentless, you have to touch each of the isolation images.  Or, back to the DLL approach, you could achieve the same ONE update in agentless if you're using DLL based runtime.   

If go with the "one app, one executable to distribute" model, then the isolation system is not shared and the memory usage on a XenApp hosted model will totally suck.  Prototypes will be great, but actual performance under load will be a heavy hit to single server scalibiltiy.  When it comes time to update the isolation agent, you'll have to touch all of the profiles to get things updated; or you can skip this as a plus toward not having to maintain anything once you profile it.

Consider security

There is a perception that if kernel mode components are involved, then it's less secure.  This is mostly a statement of "attack surface".  There are many privileged components in the machine and they are all candidates for attack.  The real headache with privileged components is that they have to be "installed", but the security aspects still apply and are real.  

If you're installed and you have power, then you can do powerful things.  The corollary is that if you are not installed and you don't have power, then you CANNOT do powerful things and this is as much a plus as a minus.

Consider that many agent-less streaming systems receive "yes" check-boxes in comparison matrices when discussing isolation of NT Services.  

Either you're USER MODE or you're not user mode, you can't claim to be both.  

A step back: NT Services are installed applications, with no GUI and no direct user interaction.  Services run on either a powerful system defined account or a named user account of install time specified rights. "LOCAL_SYSTEM" and "LOCAL_SERVICE" are the common installation configurations and these equal "powerful".

In many cases, the reason that the programmer went through the pain to write a service is that they needed to do something with privilege and that was impossible from the user privilege application space.  This is why they are done in the service rather than in the application itself.

If the isolation system is agentless (user mode), and if that isolation system can load and isolate NT Services - and have that service work - then a boundary has been passed and the isolation system is no longer user mode.  Given that the agent itself would not be privileged, how can the applications that it runs be privileged?

Answer: The agentless streaming system requires the applicaiton services to be installed outside of isolation, and by installed, I mean REALLY INSTALLED.   This pretty much deletes the check-box for isolation of services.

Some NT Services likely CAN tollerate user mode execution under isolation, but for the general discussion, the answer will be that this breaks down and the service requires installation to the local machine - breaking the isolation boundary between the application and the local machine.
An "installed agent" isolation system CAN have the power to start services itself, and in this environment CAN run the service isolated.  This is only possible because the agent itself is INSTALLED and has power.  If the isolation agent is not installed, then the user cannot start isolated services and there's a pretty big gap in the claimed support of isolated services.  The services have to be outside of isolation and installed - they aren't isolated and the access to that service is not governed by the published application set.

Consider application launch performance 

Now that Application Streaming 5.2 client is out (real-soon), I can describe the greatness of 2nd time application launch.  If a sandbox is running that will support this app, there is no longer ANY need to create an isolation space for a second, third or fourth application launch.   Creating an isolation space/sandbox/bubble is an expensive operation.  The 5.2 client's ability to skip this expensive operation will provide great benefits in launch speed.  I describe this briefly here, but need to write more.   

Can agentless do things to equal this application launch performance?  Can it toss execution over the wall to already running isolation spaces?  Probably, but as an big executable based execution, by the time they run to make this decision, they will already have the isolation system mapped into memory and it's big and I'm betting, slow.  Bottom line, I'm looking foward to a new round of statistics with the 5.2 client - we should kick some major butt!  "Agent based" here has advantages, but this alone will not sway a discussion.

Consider central management
Both Citrix Application Streaming and Microsoft App-V are heavily predicated on the concept of communication with a back-end infrastructure and administrator driven management of the applications available to users and even preventing the execution of non-approved applications. 

The applications are published to users and in App-V case, users or machines and both systems communicate information back to the central authority to decribe the use of applications.   App-V can even block the launch of applications based on license metering.  All of this is enabled because of communication with back end, from an installed agent.  

Can that communication be done from an agentless system?  Probably.  Is this done?  I'm not sure.  If it is done, is that something you really want happening from a user privilege component?

What applications are available to the user and how can I trigger the update of application content?  What applications have been actively used across my whole organization and which ones are published that the users really don't care about?  What applications should I focus my support on and which ones should I deprovision without telling anyone?  Do I have enough application licenses?  

All of these questions can be answered with back end information.  Agent-based makes this easier.   Having a NT Service hanging out to collect this information and centrally report back statistics is an opportunity for central management, control and monitoring of applications.

Then again - agent-less can get most of this too. 

For example, Citrix EdgeSight monitors application usage on a machine and reports this back to make truly beautiful reports that tell the admin what has been happening on their machines.  It doesn't matter if the applications are isolated or not isolated, the EdgeSight monitoring system still sees them and can report on usage.   This happens for Citrix Application Streaming and can just as easily occur for clientless based isolation system.   

Conclusion 

Is agent-less better or is agent based better?  The answer really depends on how the whole system will be architected and what control the administrator has on where the agent will be installed.   Both have advantages.

Joe Nord

Product Architect of Citrix Application Streaming (An agent based isolation system)

Citrix Systems - Fort Lauderdale, FL

I am sure by now you have heard about this great new way of virtualizing applications with XenApp called VM Hosted Apps - now in Feature Pack 2.  We have been talking it up  everywhere  from Citrix sponsored events, such as Synergy, to blog postings, to webinars, etc.  The feature allows you to deliver applications to end-users from a virtual workstation.  The traditional method of delivering  applications with XenApp  is to install or stream the application to the server or to the client device.  This new feature is by no means designed to replace this traditional method. As a matter of fact, we expect VM Hosted Apps to be far from mainstream. 

VM hosted apps isn't one of those features that you simply spin up and see what happens.  First, it has totally different components than the typical XenApp customer is used to.  In this version, you'll have a Desktop Delivery Controller(DDC) that uses a separate farm database and new MMC snap-in that is separate from the traditional XenApp infrastructure.  Your application is installed and delivered by a workstation that communicates with the DDC which is responsible for brokering connections to the virtual workstation.  It's not hard but it certainly isn't as simple as the rest of the XenApp infrastructure. That doesn't change the fact that  VM Hosted Apps is a brilliant idea....  I want to encourage you to check it out and so to help make it easier, I've included a few helpful hints below.

To have an  efficient setup, you will need

• Some type of server virtualization  infrastructure. You can pay for one from those _other_ guys or you can use XenServer which is free! Your choice but it's a pretty obvious one.  That is,  unless you plan on purchasing extra cooling devices after placing numerous amounts of physical desktops in your data center (RE: Blade PC's). 
• You will need one workstation for each concurrent user. Once you decide where to  host the workstations, you will need to determine how you are going to get the workstation operating system  onto the physical or virtual machines.  It supports Windows XP, Windows Vista, and Windows 7. 

The best way to illustrate how important a decision this is, is with an example.   Lets say you are the administrator for a large company with thousands of end users.  The company wants to deliver a  highly  specialized application that is not Terminal Services compatible.  The application vendor only supports this app on Windows XP.  VM Hosted Apps is the feature for you only if  you are sure that the app won't work on Terminal Services, or that Streaming the application is not appropriate either. 

Now that Citrix provides three methods of delivering applications, your  thought pattern should follow something like this.  

• Can I install or stream the app to my XenApp Terminal Server?
• Can I have it streamed to the client device? 

If the answer is "No" to both questions, then VM Hosted Apps is the logical choice.  Aside from the new skill sets that your Citrix Administrators  will need to attain to administer this appropriately i.e. XenDesktop, Provisioning services, XenServer, you need to consider the Microsoft aspect.  You will need to purchase Microsoft's VECD licenses to license those virtual desktops.  One good thing about VECD licenses is that one  license is good for 1 physical device and connections to 4  windows virtual machines.  The bad news is, you must renew the licenses yearly.  So you will be paying  repeatedly unlike Terminal Services licenses where you pay just once.  

Once you know what you are getting into when using VM Hosted Apps, and you determine that this solution is right for you, here are some best practices that might help you stay out of the long dark rabbit hole that troubleshooting a bad setup can get you.  Make sure your DNS and Active Directory are flawless.  Virtual Desktops find and register with Desktop Delivery Controllers using something called a Service Connection Point (SCP).  SCPs are a feature of Active Directory and allow services to be published so that they are found by different components.  If you keep getting strange errors in your event viewer that relate to Active Directory, I highly suggest you  fix them before embarking  on a VM Hosted App  setup.  Use utilities like Active Directory Explorer to help you determine the state of  Active Directory.  The next culprit that could derail your setup is DNS.  Forward and reverse look up must be configured and working properly. 

Now lets  go back a bit.  One of your first decisions was how you were going to deliver  those 100 desktops/virtual machines to your end-users that needed to use that specialized application.  Will you build 100 desktops manually? Even though you can use private virtual machines for each user you should try to avoid it if you don't need it.  Instead, the most efficient way to do this is with Provisioning services.  You will get Provisioning services for use with VM hosted apps in XenApp Enterprise Edition or higher. Use Provisioning services to create a virtual disk with the OS already installed and configured and then stream that OS from the centralized vdisk to create as many virtual workstations as you need.  It will even spin up these machines on demand. The downside is, if you don't already know how to use PVS, this is yet another skill set that you will need to attain to support VM Hosted Apps.

As a readiness instructor, my job is to deliver the naked truth. While at times it may seem like I am describing  reasons not to  use this feature, this couldn't  be further from the truth.  VM Hosted Apps is a powerful feature and if you already know how to setup XenDesktop and PVS, then this should be a breeze for you.  If not, learning how to set it up will give you the bonus of preparing you for the world of desktop virtualization in general so it is certainly not niche expertise. As homework (I am a teacher after all), go to to Citrix eDocs and do your homework before you do ANYTHING.  Then get on that white board and draw a design depicting where these new components that you just learned about are going to fit in your environment. Then get out your calculator, calculate your budget needs and get organized. Again great feature ...but if you want to succeed you've got to do your homework! I am working on CitrixTV recordings to walk you through the setup so look out for that.

Since this feature has generated so much buzz, I just posted Part 2 to take you through the components and configuration.

Follow me on Twitter http://twitter.com/StacyCitrix

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

Just wanted to remind you that we're running a Geek Speak VDI Expert Challenge Live Webcast with Citrix CTPs Brian Madden & Ruben Spruijt, and Citrix VDI expert Amitabh Sinha today at 1pm ET. You can still register at:

http://www.citrix.com/geekspeakvdi

Here are the details:

Event Date: 09/23/2009 01:00 PM Eastern Daylight Time

Join Brian Madden & Ruben Spruijt as they face off with Citrix VDI expert Amitabh Sinha, VP of Product Management, in this lively, unfiltered discussion on the hot topic of Desktop Virtualization. Be there & participate live online when Brian & Ruben ask Amitabh the right questions that get to the heart of what the industry wants to know. Don't miss this exciting opportunity to hear the experts uncover the truth about VDI.

Topics include:

• What's all the hype about VDI & is it worth it?
• What desktop virtualization vendors don't want you to know
• VMware View(TM) vs. Citrix XenDesktop
• Right & wrong reasons to implement desktop virtualization
• And much more...

Three reasons to attend:

1. Unbiased, unfiltered technical discussion
2. Live chat with fellow attendees and Q&A with the panel
3. A chance to win cool stuff

Planning is done, content is ready, now we are in the middle of rolling out the XenApp 5 Feature Pack 2 training to the support teams worldwide.

By Sept 29th, the date in which XenApp 5 Feature Pack 2 will be available for download as mentioned in the Official Press Release, we plan to have a majority of Support engineers trained.

The 2 1/2 day XenApp 5 Feature Pack 2 comprehensive training course covers all new features as outlined by Vinny Sosa in his What's new in XenApp 5 Feature Pack 2 in plain English blog. A majority of the course is spent "hands on" installing, configuring, break/fixing and troubleshooting the various new features.

Then 3-5 months post release we plan to deliver a follow up "Advanced" session on common issues encountered.
The agenda for the Advanced session will be based on common/troublesome support issue logged in our CRM, Support Forums and Tech Support Twitter accounts, here and here.

Learn more about Citrix XenApp 5 Feature Pack 2

■Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
■XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
■XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
■XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
■XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
■XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
■Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
■XenApp Product Page - http://citrix.com/xenapp/

David
Twitter - http://twitter.com/citrixreadiness
Citrix Support on Facebook - http://www.facebook.com/citrixsupport

Alessandro over at virtualization.info commented that we need to do a better job communicating the value and capabilities of Workflow Studio:
http://www.virtualization.info/2009/09/release-citrix-workflow-studio-20.html

I have to admit, I have been focused on talking about the new version and features (I'm excited about them.) There are lots of places though where we do talk about the capabilities that Workflow Studio enables for our customers:

On the main product page for Workflow Studio we cover the 5 use cases that customers typically use Workflow Studio for:

1. Power management - Reduce power consumption in the datacenter.
2. User provisioning - Automate the process of provisioning users.
3. Dynamic resource allocation - Detect changes in user traffic patterns and automatically re-configure server resources for on-demand access.
4. Disaster recovery - Automate failover and recovery procedures.
5. Product automation - Automate repetitive tasks and ensure best practices are followed.

I am also taking each of the bullets from the original post announcing the availability of Workflow Studio 2.0 and going into more detail. I just posted Automate XenApp with Workflow Studio where I talk about some of the use cases that we based the new XenApp libraries on. I will have some sample workflows posted with video tutorials as well.

I wrote The Three Audiences of Workflow Studio back in February, but it is still just as relevant with the current version of Workflow Studio. 'Scripting guys' and developers will find a lot to like in Workflow Studio, but you don't need to be one to benefit from Workflow Studio. The drag-and-drop interface and standard way of accessing all the Citrix product APIs (as well as PowerShell, Windows, WMI, etc.) opens up access to a much broader range of people.

The Workflow Studio 2.0 Video Tutorial Series provides an introduction, an architectural overview, and an installation/configuration guide for getting started and should help save you time as you consider how to deploy Workflow Studio.

Also, I want to clarify the availability of Workflow Studio as an anonymous comment left there indicates there may be some confusion. Workflow Studio is included as part of ALL editions of the Citrix Delivery Center products - not just Platinum. Workflow Studio comes with all of the below:

• XenApp Advanced, Enterprise, or Platinum edition
• XenDesktop Standard, Advanced, Enterprise, or Platinum edition
• NetScaler Standard, Enterprise, or Platinum edition
• Essentials for XenServer Enterprise and Platinum editions
• Essentials for Hyper-V Enterprise and Platinum editions

As always leave me your feedback in the comments or email me directly...

In a previous post announcing the availability of Workflow Studio 2.0 I listed the new features that are available. Here is a closer look at the first feature mentioned:

Native XenApp activity libraries

With the 2.0 release of Workflow Studio, we now include 18 activities for managing application virtualization scenarios with XenApp. These activities provide access to your XenApp farm, servers, applications, and even sessions.

These 18 activities were designed around two key use cases:

1. Backup/Restore of applications - By providing access to retrieve current published applications as well as publishing new applications, these activities provide the ability to do automated configuration backups, QA to Production migrations, and help automate version upgrades. View sample workflows that address this use case for backup and restore.
2. Manage logons - Many customers expressed the need to be able to automatically manage access to their XenApp servers. We also received feedback that the way customers most often manage logons is through the use of customized load evaluator rules. We included activities that help manage logons for automated maintenance of XenApp servers.

These activities are installed by the activity library installer and leverage the new Commands for PowerShell to interface with XenApp. Everything you need to build a XenApp workflow is included in the installer, but to run the workflow you will need to meet two requirements:

1. You must install either Workflow Studio or a Runtime on a XenApp server in your farm as these commands do not support remote connections. The XenApp server you install it on just needs to be a member of the farm and does not need to be serving applications.
2. These activities only support XenApp 4.5 HRP3 and later. If you need access to prior versions of XenApp, you will need to use MFCOM. More information on how to use Workflow Studio with MFCOM is available in this Workflow Studio SDK MFCOM example.

Keep in mind that we also support native activities that run VBScript and PowerShell scripts. If there is something missing from our activity libraries that you want to automate you may be able to do so through a script and not actually need a native activity for a given task.

The Workflow Studio 2.0 Video Tutorial Series provides an introduction, an architectural overview, and an installation/configuration guide for getting started and should help save you time as you consider how to deploy Workflow Studio.

I'm sure our customers and partners will find other unique use cases. Feel free to leave feedback in comments or email me directly to let me know what you are doing with the product (or what you would like to be able to do.)

Workflow Studio is included with XenApp Feature Pack 2

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

I read this interesting report a few weeks ago regarding Virgina States Telework Day and lessons learned.

I've visited a number of customers since reading this report and it struck me how Telecommuting is so often overlooked or understated as a huge benefit of Desktop Virtualization and Application Virtualization. When I think about the majority of our customer base, who use XenApp. XenApp is often used as a point solution internally, or a remote access solution with our SSL products with access to a subset of applications. Many customers have used our technology as a disaster recovery option also. However when I ask are all your applications available to you? The majority of customers say no for a myriad of reasons some valid some not.

This get's me very excited about Desktop Virtualization. Since for most people that is the user interface you interact with to get to all of your applications, even if it's just access to web apps. Telecommuting all of a sudden becomes much more powerful. Whether you use XenApp or standard enterprise software distribution tools you get to those via your Desktop.

When this light bulb goes off in a customers head an ah-ha moment occurs and a far more interesting dialogue beings. We talk about how to increase work life balance, how to enable a qualified women's workforce who are juggling parental responsibilities and how to access talent wherever they may be. All of a sudden we are talking about what's stopping us getting there. When I look at the study data, it's interesting to note that 78% of people encountered no difficulties. Even more insightful is that 91% of participants say that they are more likely to telework in the future. Such is the power of flexible work lives.

When I was working in New York my commute was almost 4 hours a day. I hated it, it was draining. On the extreme end I know, but long commutes are common in New York. Now that I work remotely the majority of the time, it's great to have the hours back to myself. I get to choose to use these reclaimed hours for greater productivity or spend time with family and friends. It's also really cool to collaborate with colleagues all over the world not in our hub offices. We can be anywhere and simply fire up GoToMeeting sessions share ideas, have access to our data securely from our data centers with Desktop and Application virtualization. Sure there is no substitute for face time, but that's just not possible with such a diverse workforce. This flexibility makes connections to a global set of colleagues possible, and simplifies my life. I really am living our vision to work and play from anywhere. Now can I translate that to a raise as the report found? They say the money you keep is what counts. I know my gas prices are lower, car mileage is lower and expensive New York tolls and parking are gone. I'm also greener I guess and even save on dry cleaning How about you?

You can quote me! "Personally I have forgotten how to dial my office phone. And I never slave over SAP entering home phone expenses for expensive business calls. Every EasyCall saves me time and, more often than not, saves Citrix a ton on telephone expenses."

EasyCall is a simple solution from Citrix and, quite frankly, a hidden gem of a feature. Using a client plugin and a Xen-based virtual appliance that brokers calls with your VoIP system, EasyCall makes calls for users with a simple click anywhere on their screen. It even enables conference calls for up to 50 users! Now in EasyCall 3.0, users can even configure the Follow Me feature which tries to find them using a list of numbers they configure. Did I mention that it works with a lot of different telephone systems? And did I mention that users just need a phone that rings? No need to mess with softphones for remote access....though it works with those too. And now, NetScaler users can add click to call numbers to web applications..it's simple with EasyCall. What it all comes down to is that EasyCall is like a softphone, but without any additional cost.

To get EasyCall, just download and install XenServer and add the EasyCall Virtual Appliance to your XenApp, XenDesktop or NetScaler setup. Download it and go.

What's new in EasyCall 3.0? Call forwarding so you can both make and receive calls remotely; authentication supports for BYOC (Bring your own computer) users; a user portal accessible from browsers and even iPhones for managing conferencing, call forwarding, and locations; Win 7 and Snow Leopard support; dial-in access to EasyCall conferences; net call links for EasyCalling specific company telephone numbers; and delivery via Citrix Receiver 1.1! All in five languages!

Congratulations and thank you to all those folks that created this new version! Please check it out and let us know what you think. We welcome any and all feedback!

Learn more about Citrix XenApp 5 Feature Pack 2

• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

In the spirit of "keepin it simple", so simple that even a caveman can do it, I engaged the help of a few of our best CTPs (Child Technology Protégés),actually technology savvy elementary school kids to help produce a small video showing off some Citrix technology with mobile devices. So those of us that aren't smarter than a 5th grader should still be able to follow along We had a lot of fun making this video, but the interesting part was that the kids actually GOT IT! The video features Citrix Ready products from partners Sprint and Celio. Three use cases are expressed in the video:

• Mobile Health Care Users
• Traveling Road Warriors
• Mobile Field Technicians

Hope the video helps generate some ideas on how you can use Citrix to simplify you mobile deployments.

We will dive deeper into some of these use cases as part of a video series on Citrix TV so you can get a little more familiar with each, and some of the products used. If the kid thing works, we may need to have a sequel

While some enterprises are still debating about the overall benefits of virtualization, Cloud Providers use virtual workloads as the de facto standard for all of their business.  The question for Cloud Providers is not when to Virtualize but rather what is the best way.  Can you say "Best enterprise class virtualization platform in the world for FREE!"  Well that is exactly what XenServer is.  And with our recent upgrades to the product there is no reason why every Cloud based service provider on the planet shouldn't be using it.

I had a conversation with an ISV who is also a Hosting Service Provider a couple of months ago (at the Microsoft Hosting Summit) who was using ESX at the time.  Amazingly, he didn't know anything about Citrix.  I proceeded to let him in on the technology we provide and he kept asking me over and over again, "Is this really free?"  I saw him later in the day at one of the break-out sessions and he told me he had contacted his VMware rep.  He said to the rep, "I've just been informed about an offering from Citrix that blows you guys away.  If you can't come up with something comparable... you're out!"  A great testimony to our technology and go-to-market strategy I would say.

So now that we're beyond the basics of server virtualization, it's time to talk about taking the next step and having access to the best enterprise level management tools for virtual data centers.  That's right, I'm talking about Essentials for XenServer and Hyper-V.  If you're a service provider looking to move up to Xen, then we've got some terrific news about some training you won't want to miss... led by our very own XenServer Architect in Readiness, Oliver Withoff.  If you're interested (and by the way the training is FREE) you'll want to sign up at one of the sessions listed below...

Monday, October 5, 2009
9:00 AM - 10:30 AM EDT: https://www1.gotomeeting.com/register/228005408

2:00 PM - 3:30 PM EDT: https://www1.gotomeeting.com/register/975636224

9:00 PM - 10:30 PM EDT: https://www1.gotomeeting.com/register/126336201

Sometimes we are so focused on what the (technical) media tells us that we can lose perspective on reality and market dynamics that can (and often do) affect our businesses.  Analysts are great and perform a valuable role, but they are not entrepreneurs, inventors or architects.  This being the case, if we put too much stock in what they say or where the market will go, we can mislead ourselves. This could result in a false sense of direction leading us to the wrong conclusions about our roadmaps.  Such is the case with Cloud Computing and mass delivery of Internet Protocol applications and services.

To set the stage let me start with the misconception that Cloud Computing has somehow been isolated to large ISPs such as Google and Amazon.  We could include Microsoft in the mix but they are currently not offering a consumable solution yet.  Why would we believe that these companies are the only focus of the market?  What about the Fortune 100 communications companies that have already been in business for many years providing IP communications and services in mass?  Isn't it possible that these are the "real" contenders in the Cloud Computing space and we keep listening to analysts tell us 'they don't belong' or large service providers are in a different segment and therefore aren't on their radar.

I have to admit I've found this to be the case.  Within the large analyst firms there are specializations of expertise; IT, Virtualization, Infrastructure, Networks, and Communications to name a few.  These analysts often don't communicate or collaborate with each other and as a result we get a very monolithic view of an industry.  Since IT has evolved to be in every sector from Energy to Entertainment, gaining a holistic view of future offerings (Cloud Computing included) is difficult to say the least when confronting "experts" in individual sectors.  All the while huge communications and entertainment companies such as AT&T, Verizon, Deutsche Telekom, and Comcast are building out massive IP networks and services that would dwarf any Enterprise, ISP or Software company.

Note that the convergence of IT services for a "utility" offering is the core definition of Cloud Computing and yet Utility type companies are not usually included as contenders in the space.  I would venture to guess that companies such as AT&T for instance should be considered players in the Cloud Computing business. Wouldn't you? To prove the point, one only has to look at the offerings available in the market today and see that there is a huge potential to fulfill the promise (and demand) of Cloud Computing. 

The diagram below is a depiction of the current AT&T U-verse network.  Note that it is a pure Internet Protocol (IP) network and provides utility based data and communications to a mass population with Service Level Agreements (SLAs) capable of providing High Definition Video Entertainment services, IP Voice services, and Internet Applications services.  AT&T has two major data centers which aggregate traffic from Video Head Ends as well as their own ISP connections and contracts to Internet asset providers such as Yahoo!. The IP traffic flows from the data center via fiber optic cable to Digital Subscriber Line Access Multiplexers (DSLAM) within a neighborhood or office complex.  These DSLAMs then provide network access to the individual home or office via Very High Speed Digital Subscriber Lines (VHDSL) capable of carrying high bandwidth IP applications such as HDTV or heavily intensive graphics applications.  VHDSL is an asynchronous network technology meaning there is a disparity between upstream and downstream bandwidth.  However, the upstream path is still very capable of providing certain types of real-time communication and high bandwidth IP data/applications paths. 

Further, if we take a look at the AT&T U-verse home/office extension we'll note that Cisco has partnered with AT&T to provide a low cost, high speed (100 GB) combination wireline/wireless router. They have also created an extended end point Set Top Box (STB) which is really a Central Processing Unit (CPU) with both volatile and non volatile memory.  Further, Microsoft is included in this partnership and has written a light version of their Operating System (O/S) called Mediaroom in order to provide a platform for services from the data center.  These include custom applications that can be accessed from any PC/Mac in the world and used to control both Entertainment and Communications applications rendered either on the IPTV or on the local PC.  Mediaroom resides on the STB and communicates to the data center through the Cisco router using IP.  Microsoft has installations of Mediaroom in (25) major service providers around the world in every geography (including China).

Applications can be on-boarded through this network into the home/office by merely sending the code over the IP network to each individual STB in the home/office.  One has to wonder will it be long before AT&T, partnering with Microsoft and Cisco begins to offer applications for home/office use over this network as well.  All of the elements are already in place, being used and a billing model producing revenues.  This is not the case with Google, Amazon or any other emerging Cloud provider.

Similar types of services are available from other large communications companies around the world but they do not seem to be captured as companies worthy of being on the Cloud Computing radar.  Cloud Computing will evolve that is for sure and many companies will either opt out or be pushed to the side by the real contenders.  However, the convergence of IP technologies and the emergence of utility based computing is much broader than just a few ISPs and the sooner all the players are brought into the mix, the better for those of us who are attempting to set future roadmaps to enable the Cloud to be real.

I posted the first 3 videos for the Workflow Studio 2.0 video tutorial series on CitrixTV:

1. Getting Started with Workflow Studio 2.0
2. Workflow Studio 2.0 Architecture and Components
3. Installing and Configuring Workflow Studio 2.0

You can access the series and watch them all in a playlist format from here:
http://www.citrix.com/tv/series/109

I plan to add some more video tutorials to this series and also plan to do a series that explores the new features in 2.0 specifically. Let me know what you think and what other topics you want me to cover...

One of the new exclusive Windows 7 feature is the use of search connectors. Users have the ability to search remote file repositories on the local network or web using Windows Explorer. I've created a Windows 7 search connector to search content into the Citrix Knowledgebase.

Download the CitrixKB CitrixKB.zip search Connector and add http://support.citrix.com and http://api.bing.com to your trusted sites in your Internet Explorer. (Tools -> Internet Options -> Security)

Now you can start your Windows Explorer, click Citrix on the left favorite pane and enter your search string.

The Citrix Cloud offers users the ability to experience the power of Citrix solutions without having to setup and configure their own environemnt. The Citrix Cloud demo environment utilize a number of key Citrix solutions including Citrix XenServer, Citrix XenApp, Citrix NetScaler and Citrix Access Gateway.

Users can register for a demonstration account good for a 2 hour session, or expires 24 hours from the time of the registration. Currently the Citrix Cloud offers demos for the PC's & Mac's plus Citrix Receiver on iPhone and Citrix Receiver for Windows Mobile Professional devices. You can use the link below to register for a demo account from you PC or your mobile device.

Registration URL http://www.citrixcloud.net

When you're ready to meet your local Citrix Field team let us know and we will set up a time to show you why Citrix has always been and will always be the leader in simplified virtualization!

We've scheduled a Technical Overview Webinar for Essentials for XenServer and Hyper-V at three different times to accomodate for all partners, we will record and post the Webinar online if you can't make any of these times on October 5. Click on the link below to register.

Citrix Service Provider Technical Overview - Essentials for XenServer/Hyper V
Monday, October 5, 2009
9:00 AM - 10:30 AM EDT: https://www1.gotomeeting.com/register/228005408

2:00 PM - 3:30 PM EDT: https://www1.gotomeeting.com/register/975636224

9:00 PM - 10:30 PM EDT: https://www1.gotomeeting.com/register/126336201

In order to connect Unified Communications (UC) with Cloud we first need to start from a model for business integration that includes the processes and data models defining how a business operates. The best representation I've found of this is a work by Paul R. Smith as shown in the diagram below (redrawn by Marcel Douwe Dekker). Note that there are two distinct areas that define the Business Model, namely Processes and Data.  Business Process Integration is the sum of converging Data and Processes and results in the requirements that define the total operations of each business. This is important because without the analysis of both sides of the business, critical requirements are often missed and a comprehensive Information Technology approach becomes difficult.
 

In the world of UC, elements of each (processes and data), are merged to "provide a consistent unified user interface and user experience across multiple devices and media types", including but not limited to "communication services such as instant messaging (chat), presence information, IP telephony, video conferencing, call control and speech control with non real-time communication services such as unified messaging (integrated voicemail, e-mail, SMS and fax)".  As shown in the diagram (above right) both real-time and non real-time communications flow up into the Business Model Integration schema to round out the entire business operations definition.

Unified Communications has been the 'holy grail' for large service providers looking to bridge the gap between IP and voice services over the past 15 years.  Now, with the emergence of Software as a Service and Platforms as a Service, Cloud Providers have the ability to virtualize a solution to fill the requirements of Business Model Integration, but many are not bridging the gap to communications. As depicted in the diagram below, by delivering VMs, Desktops and Applications as well as real-time and non real-time communications in a PaaS model, a foundation for automation can be built for the next generation of Information Technology and Business Model Integration.  The missing link in a complete service offering has been the integration of UC and SaaS.

                                         
 
Unfortunately, Cloud Providers have not been able to grasp the idea of Holistic Cloud Computing yet and therefore have largely been focused on Infrastructure as a Service (IaaS).  Alternatively, Incumbent Service Providers (AT&T, BT, Telefonica, Unicom, etc) are mainly concentrating on the UC portion of the model, and are not providing SaaS but have relegated this offering to companies such as Saleforce.com, WebEx/Cisco and CitrixOnline.  SaaS providers tend to be monolithic in their offerings providing software applications but do not offer IaaS or PaaS.

The demand is growing for a more holistic approach to providing ubiquitous service.  Incumbent Services Providers have the means (cash, network, and brand) but no sense of urgency and a misunderstanding of their role in PaaS.  Cloud Providers have the technology, but not the UC implementations.  Although beginning to move into the collaboration portion of UC, most SaaS providers tend to focus on a silo of applications and are growing so rapidly they have little desire to broaden their offerings. This creates a tremendous opportunity for Tier 2 and Tier 3 Cloud Providers to quickly gain market share as the demand is left unmet by larger players (i.e. Tier 1 Service Providers and Tier 1 Cloud Providers).  The key to capturing this market is to understand the emerging SaaS model that includes both Web and Windows based applications as well as incorporating UC offerings into subscription services.

Citrix enables IaaS/PaaS with our C3 technology. Microsoft enables a UC suite of applications. Once the redefinition of SaaS is embraced (both Web and Windows apps) Service Providers will enable services through the hosted desktop using the Citrix Service Provider program.

Have you ever looked into the App Streaming execution cache and said, "good grief!  What are all those GUIDs!"?  GUIDs are great, for the programmer.  For the administrator, they can be a bit more mysterious. 

I recently wrote a utility to decode the GUID data of the Application Streaming execution cache, displaying the decoded information to the console, but neater than TTY, it also updates the Windows Explorer display of that space so the "secret" information is exposed in permanent fashion and via the GUI, which is good stuff.   The utility is released to the Citrix Developer Network, in source code form so you can tweak it if you'd like. 

Download from here, look for the "Rade Cache Decode" link at the bottom of the page.

For background, I have written about the GUIDs before and how they are key to the streaming system maintaining the separation between "profiles" that you can publish and execution "targets" that the streaming system uses to actually use to run stuff.   There is more on this in this post.

Public credit

The idea for this tool actually came from very smart people at Sepago, Sascha Juch and Helge Klein, who I work with on Citrix Profile Management (the artist formerly known as Sepago Profile).   They also clarified for me that despite MSDN documentation claiming "system" attribute is necessary for this explorer magic to work, marking the directories read-only gets the job done.  Tested and true!  Thank you guys.

Update: Dieter Schmitz at Sepago is the gentleman who came up with the idea.  Thank you Dieter.

What does RadeCacheDecode do?

Application Streaming can store one or more execution Targets for each App Streaming profile. This level of indirection allows a single set of "Applications" and icons to be published even if more than one execution image is required.  This is common for a profile that supports both 32-bit and 64-bit operating systems. While the application is profiled twice to create two targets, there is only ONE profile to publish and only one set of "applications" from an Access Management Console perspective.  

A necessary consequence of this is that the execution targets have names that don't necessarily have any resemblance to the name of the profile from which they came.   Targets can be associated with execution systems for a variety of configurable options and these can change from version to version of the profile. 

That is, just because a specific target was right for Windows XP German yesterday doesn't mean that it won't also be right for English AND German tomorrow.   Even ignoring "one to many" advantages of execution targets to profiles, the streaming system STILL would use some abstract term to keep track of the execution targets. 

If you're editing a profile in the Streaming Profiler and you SAVE, all the identifiers of the execution units remain unchanged.  BUT - If you Save-As, you'll get new identifiers.   "By spec", the thing that was "saved as" is a New profile and will mature separately from the original - even if the before and after profiles have the same name.  Putting it a bit differently: Two profiles with the same name are not necessarily the same profile, the unique identifiers in the profile define the uniqueness of the execution units and in theory, or the profile itself.  The studious reader will see below where at least parts of this break down.The short version: Thanks to the use of GUIDs, the streaming cache manager will never confuse two execution targets, even if they come from different profiles that have the same name.

*What about the administrator?*GUIDs are there just to make the RadeCache space hard to digest.  After enough time looking at the Citrix internal showcase farm, you get used to the idea that the execution Target that starts with "1B3" is the MS Office 2007 profile execution target that is used for Windows Vista and Windows 7.  Type 1b3, hit tab and you get the right one.  Not ideal.  Here's what it looks like in the Windows explorer.

Okay, we know that 1B3* is the MS Office 2007 execution target for Windows Vista and Windows 7.  What are the other 5 execution targets? 

What you need is something to look up each GUID and to TELL YOU which profile it came from.  Yes, it would be BETTER if the streaming client itself had left you a clue, but it doesn't.  Notice that when the streaming client created these directories it KNEW what profile it came from and there can be at most ONE profile in the entire globe that has that GUID.  Did it leave you a hint, a small hint?  NOPE!.

Ahh, the fun life of being a XenApp adminstrator. 

HELP IS ON THE WAY!

The location of the application hub is generally "known" to the admin, but to know which GUID is associated with which profile, takes some work.  Once the running application terminates, not even the streaming client knows where the GUID came from.  It's just a directory that exists in the right place, but the link that says that the "1b3" target is somehow related to MS Office is gone, there's nothing there.  

Making it easier

For offline execution, the streaming system stores information that provides the secret decoder information required to convert GUIDs to profiles.  The Deploy space holds a copy of the Application Hub content and stores it in a place that has a fixed location (registry configurable and readable from the utility).  The RadeCacheDecode utility looks at the Deploy space, sees what execution targets exist for which profiles and uses this information to "decode" the GUID entries in the RadeCache.  This should make more sense by example.

Command line execution (readonly)

If RadeCacheDecode is run with the -r (readonly) switch, the utility processes the subdirectories of the RadeCache space, and for each tries to figure out what Deployed profile goes with that execution target.

Example output:RadeCacheDecode -r092b3450-e543-4541-837a-c374cc4e73cc_1 (GoView1067)

1b345768-25fd-45d4-b689-f3984f9221ee_5 (Office20071067)

274bd686-a305-45d9-a479-a127338586b1_1 (project20071067)

4d971270-cbac-4366-8c4a-b11f6f867a58_1 (AdditionalOffice1067)

76dc5736-0c5d-4600-a7e9-a3a41c3b5c51_6 (-not-deployed-)

a9984581-0e41-44b6-861f-b6d748dacb93_1 (Visio20071067)

Okay, we have now decoded the 4 of the 5 remaining execution Targets on my notebook.

Making it really useful!

Consider the technique that the Windows Explorer uses change each user's "Documents" directory into "My Documents".  This same activity can be used to permanently improve the readability of the RadeCache space. 

When thinking this was a good idea, I tried it out by manually creating files and while I was initially intrigued, my first conclusion was that it had negatives that outweighed the positives.  If you read the MSDN docs on the desktop.ini, it leads you to believe that the directories have to be marked "System" for this Desktop.ini stuff to work.  It isn't so.  Marking the directory readonly will do the job and with that, we have a solution!  Why is "system" bad?  Answer: it makes directories disappear from normal directory searches 

"readonly" works, so we have a solution.

This time, run the utility without the -r (readonly) switch and it will WRITE to the RadeCache space to mark all of it's subdirectories with "decoded" versions of the GUIDs.  The directories are marked readonly so the desktop.ini stuff comes into play with Windows Explorer and a file named "desktop.ini" is added to each execution Target's directory to create a "friendly name" to go with the mysterious true GUID_ver name.

The end result is that the next time the Windows Explorer browses to this space, you will see a nice version of the GUIDs - with the name of the profile placed in parens after the GUID. Sometimes it is necessary to force a refresh in Windows explorer to get it to reload the friendly names.

Here's a picture of the output

We're making good progress.  It is much easier to see these profile hinting entries than just plain GUIDs.

How does it work?

The entry above that says "not deployed" is the hint.  Since the Deploy space is at a known location, the decoder utility KNOWS where to look up the execution target GUIDs.  While the streaming client doesn't know what guid goes with what once the applications terminate, the DEPLOY space knows!  The Application Hub also knows, but unfortunately, the decoder utility doesn't know where THE (think plural) Application Hubs are located.  The Deploy space is fixed and given large offline streaming usage, this becomes pretty easy to inspect.

The utility loops through the subdirectory space of RadeCache.  For all directories that look like a GUID_v entry, it considers them an execution target and then goes looking for GUID_v content in the Deploy space.  When it finds a hit, the name of the containing directory in the Deploy space tells the decoder utility the name of the profile from which the GUID_v came.

Awesome!  Works good.

What's wrong with this picture

The studious reader will notice that the Deploy space is named based on the NAME of the profile that is deployed.  The Decode utility leverages this fact to figure out what profile a given GUID came from.

This naming in the Deploy space violates the premise that two profiles with the same name, but with different GUIDs are different profiles!  Dig into the internals of a .profile file (it is XML) and you will see that the profile also has a GUID.  GUIDs aren't just for guaranteeing uniqueness of the execution targets, they also guarantee the uniqueness of the profile layer.

Good news: the caching system is correctly using GUIDs and will "never" get confused.

The Deploy space SHOULD be done based on the GUID of the profile and all the sub-directories below the Deploy space SHOULD be GUIDs (with no version).  They SHOULD be, but they AREN'T and this means that the premise of two profiles with the same name, but different GUIDs are different is somewhat not precisely correct when considering offline content. 

In reality, this doesn't come up because admins tend to stick all of their profiles onto a single Application Hub and this means that the name of the profile is a unique key.  Still, know that this isn't right and know that I've been chasing a "fix" for this for over 2 years - so far, with no fruit.  The App Hub side is fine based on name.  The Deploy space should be GUID based.  Okay, I'm off my soapbox.

Enhancements

Good enhancements to RadeCacheDecode would expand the profile search to go beyond the Deploy space and also consult the network Application Hub.   The utility should also use the COM based SDK whose webpage it is posted in.  That is, the utility looks in subdirectories of the Deploy space to figure out which profile holds a file with the right name.  This breaks the separation of the profile as a programatic thing from looking behind the curtain.  I could have coded it that way, but it just seemed like a lot of work to open up a bunch of XML files to peek for GUIDs, when all I wanted to know was presence (is it there, or not?).

The "ultimate" enhancement to RadeCacheDecode is to change the streaming service itself so that when it creates RadeCache directories, it creates the desktop.ini file directly.  As of Streming Client version 5.2 (XenApp 5 Feature Pack 2), this does not happen - but now we know how...

To achieve almost the same thing, you could run RadeCacheDecode on a timer via some automated means.  It needs to be run with power so it can see and write to the RadeCache space, but if you do this, your desktop.ini entries should always be pretty much correct.  I coded the utility to WRITE only if the existing stuff is not "correct", so you can run it repeatably and the desktop.ini files will only be written occasionally.  This was probably overkill.

If you find it useful, let me know...

Joe Nord

Citrix Systems Product Architect - Application Streaming

If you haven't noticed, XenApp 5 Feature Pack 2 has been announced and with it comes the new Power and Capacity Management feature. By now I hope you downloaded the Tech Preview release or at least had a chance to watch these videos which explain the feature in detail (How it works, Tech Talk recording, my interview on it, our architect Juliano's interview on it).

The following are the enhancements we made to Power and Capacity Management since we released the Tech Preview version.

• High availability for concentrator
• We now support both physical and virtual servers in the same workload group
• In determining the maximum session capacity of a server, the system now takes the lowest of what the administrator has set or what the load evaluator computes based on the current load
• In addition to SQL Server 2005, we now "officially" support SQL Server 2008
• Minor visual enhancements

Juliano and I will be blogging further on these to clarify what these enhancements are and to offer up other deployment considerations. Stay tuned to the XenApp 5 Feature Pack 2 blog roll for more information beginning next week Monday.

And thanks to all of those who participated in the technology preview and provided feedback. We can't tell you how critical it is to us. Speaking of which, we invite you to pre-register for the Windows Server 2008 R2 Technology Preview coming sometime next quarter

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |

In case you missed it, on September 16, 2009, Citrix announced our much anticipated release of XenApp 5 Feature Pack 2. My colleague, Vinny Sosa, did an awesome job detailing the three categories of focus for the release in his blog post. Over the next few days, I will be sharing more of my thoughts about the HDX (High Definition Experience) features that will lay to rest any fears you have about performance and user experience with regards to hosted application delivery! I'll talk about the why these features are important to our customers, and more importantly, what you need to enable and configure these features for your XenApp infrastructure.

The first topic I want to cover is HDX MediaStream for Flash. So, what is it and why is it important? Well, instead of using your XenApp server to process and render the Flash application or video (impacts your server scalability - bad), HDX MediaStream for Flash leverages resources available on the user's Windows device. Thus, resulting in two key benefits: 1) users are happy (good) because they have a local like experience with the Flash content (no more A/V sync issues or video jitter), and 2) administrators can free up server resources to do more important things or accommodate more users. Needless to say, I'm very excited about this feature in Feature Pack 2. And hopefully by now, I've piqued your interest as well.

Ok, so... here is the even more exciting part - enabling HDX MediaStream for Flash for XenApp.

First, let's look at the system requirements:

On your XenApp server,

• XenApp 5 Feature Pack 2 for Windows Server 2003
• Internet Explorer (7 & 8) with ActiveX support

On the user's Windows client device, you'll need:

• Adobe Flash Player 10 installed
• Citrix online plug-in 11.2

Second: enabling HDX MediaStream for Flash.

Well, once you've install XenApp 5 Feature Pack 2, HDX MediaStream for Flash is enabled on your XenApp server by default. That's it - very simple! Now, if you need to disable this feature, you can do so through the Group Policy Object Editor.

And what happens if the user doesn't have sufficient resources to render the Flash content locally? In that case, XenApp will intelligently fall-back to the server-side rendering that exists in XenApp prior to Feature Pack 2.

See? Short, sweet and simple. My next blog will cover HDX Plug-n-Play for USB storage, and a bit of an Easter-egg feature called Secure Clipboard control! So, stay tuned!

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release - http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site - http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video - http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar - http://citrix.com/xenapp/fp2/techtalk
• XenApp feature matrix by platform, version and edition - http://citrix.com/xenapp/comparativematrix
• XenApp Expert Series videos for this release - http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews - http://citrix.com/xenapp/techpreviews
• XenApp Product Page - http://citrix.com/xenapp/

Follow XenApp on | | |