Weblog.BassQ.nl

The Technology Preview of Citrix XenApp for Microsoft Windows Server 2008 R2 is now available for

Download here; http://www.citrix.com/English/ps2/products/feature.asp?contentID=1854441
(You will need a Citrix login)

New features :

More users, faster logons – Get up to 20% more users per server with XenApp on the R2 platform and faster logons with new Profile management streaming technology that improves user profile load times by up to 80%.

Seamless management integration – Role-based installation wizards, a new unified application management console, management through Active Directory group policies and support for PowerShell 2.0 help you deploy, configure and automate XenApp faster and easier than ever before.

More apps in HDX – HDX RealTime now delivers high quality audio using up to 90% less bandwidth and enables video conferencing using Microsoft Office Communicator or teleconferencing using VoIP softphones. New HDX Plug-n-Play support for Windows portable USB devices lets users connect more of the devices they need to the applications they use including point-of-sale, webcams, scanners, digital cameras and more.

Self-service application delivery – Citrix Dazzle, the first self-service “storefront” for the enterprise, gives corporate employees 24×7 access to the applications they need to work. Citrix Streaming technology with Windows service isolation and Microsoft App-V integration provide new options for delivering more applications to your users.

Complete mobility – New plug-ins as well as updated Receivers for Windows, iPhone, Android, and Windows Mobile keep business moving by enabling complete mobility and freedom to access enterprise applications from anywhere.

I’m pleased to announce that Workflow Studio 2.0 is now available:

Download Workflow Studio 2.0 (MyCitrix login required)

This release has a number of great new features and is a seamless upgrade from version 1.x. Here are some of the key new features:

• Native XenApp activity libraries (and many other additional activities)
• Remote runtimes
• Simplified management interface
• Enhanced security features
• Simplified installation and configuration
• Improved SDK
• Simplified workflow Designer
• Globalization support

I will post some more blogs over the next few days with more details on the above features and will also be updating the CDN site with many new articles, so subscribe to the Workflow Studio blog and head over to the Workflow Studio CDN site and subscribe for updates on CDN as well.

Feel free to leave feedback in comments or email me directly.

Workflow Studio will be included with XenApp Feature Pack 2

Learn more about Citrix XenApp 5 Feature Pack 2

• Official Press Release – http://citrix.com/English/NE/news/news.asp?newsID=1857726
• XenApp 5 Feature Pack 2 release Web Site – http://citrix.com/xenapp/featurepack2
• XenApp 5 Feature Pack 2 Executive Video – http://citrix.com/xenapp/fp2/video
• XenApp 5 Feature Pack 2 Release Webinar – http://citrix.com/xenapp/fp2/techtalk
• XenApp Expert Series videos for this release – http://citrix.com/xenapp/fp2/expertseries
• XenApp 5 Feature Pack 2 Blogs- http://community.citrix.com/blogs/tag/xa5fp2
• Download XenApp technology previews – http://citrix.com/xenapp/techpreviews
• XenApp Product Page – http://citrix.com/xenapp/

by Brian Madden

Last week, Citrix’s Chris Fleck started a conversation over at the Citrix blog site where he asked whether there’s value in Citrix enabling ICA connections (with full HDX capabilities) to desktop OSes directly instead of forcing users to connect through the XenDesktop connection broker. Specifically, Chris wrote:

We have been discussing ways to make HDX more pervasive and useful to IT pros and users. HDX has significant benefits and we want the broader industry to try it out and get a taste of XenDesktop.

This is potentially a huge deal, so I’d like to bring this conversation to the BrianMadden.com audience since not everyone is probably aware of Chris’s post.

So let’s dig into it. First of all:

What is a standalone connection?

Simply put, a standalone connection means that Citrix would provide a standalone MSI package that could be installed onto Windows XP / Vista / Win7 desktops that would let ICA clients establish connections directly to the host desktop directly via the computer name or IP address. From a technical standpoint this would have nothing to do with XenDesktop. It’s just an ICA/HDX connection to a desktop instead of a terminal server.

If you haven’t used Citrix’s XenDesktop product, you might be surprised to learn that this capability actually isn’t possible today! Current versions of XenDesktop require that users first connect to a Citrix Web Interface / desktop broker to be routed to the desktop (physical/virtual/blade) where their ICA/HDX connection is established. So even if you downloaded the Citrix Virtual Desktop Agent (VDA) software and installed it onto a regular desktop, the agent only starts listening for incoming ICA connections after it’s been contacted by the central connection broker, so attempting a connection to 1494 or 2598 to a desktop with the VDA installed but without XenDesktop will just run you into a closed port.

Interestingly, Citrix XenApp has always allowed standalone connections (although in recent versions they’re disabled by default). So this capability would not be new to Citrix, just new to desktops.

Why would anyone want a standalone connection?

There are a lot of reasons that people might want to connect via ICA/HDX to a desktop outside of a proper XenDesktop environment. (And by the way, Citrix is interested in knowing your reasons, so feel free to leave a comment here or vote in the poll embedded in Chris’s original post on Citrix.com. Possible use cases include:

• Creating simple proofs-of-concept. (Show users the concept and experience of connecting to their own images via ICA/HDX without having to go through all the trouble of setting up XenDesktop.)
• Smaller or simpler VDI deployments where all users would be using private (a.k.a. “one-to-one” or “persistent”) images.
• Using VDI where you don’t trust the HA capabilities of the connection broker, or where you don’t want to add the complexity of a broker.
• Using VDI where you want to use another VDI framework (VMware View, Microsoft VDI Suite, etc.) but you still want ICA/HDX
• As a method for users to connect to their own corporate desktops. (Kind of like a private in-house GoToMyPC.)
• Cloud-based desktops where you want ICA/HDX.
• Dev / testing of remote desktop VMs where you just want full ICA/HDX instead of just RDP.
• Troubleshooting XenDesktop. e.g. if a user can’t connect to his or her desktop, you could try connecting directly via ICA/HDX to verify that the core components are online, working, and not being blocked by a firewall or policy or something. (Thanks to Shawn Bass for that suggestion.)
• An easy way to configure multiple “tiers” of users. e.g. Let high value users get their own dedicated machines while the riff-raff share overloaded VMs. (Thanks to App Detective for that suggestion.)

How would Citrix release this standalone ICA connections?

Assuming that Citrix believes this is a good capability to have, how do you think they’ll release it?

• Will it be built into the XenDesktop product? So when you buy XenDesktop, you also get the capability to connect via ICA/HDX directly to desktops?
• Will it be released as a standalone product, like for $50 per user you can buy an ICA/HDX standalone license.

My gut reaction would be that Citrix would make this a option for XenDesktop customers. Then again, Chris’s blog post talks about wanting to expose people to the benefits of ICA/HDX, so maybe that’s a hint that they’re thinking about this as a standalone release? On the one hand, that might hurt their XenDesktop sales. But on the other, they’ve always been saying that XenDesktop is more than ICA, so why not make this a standalone capability?

That said, the cheapest XenDesktop is only $75 per concurrent user. (Not counting the free 10-user Express Edition.) Heck, if Citrix added standalone ICA to the $75 edition of XenDesktop, I’ll bet people who are using other VDI products would buy that edition just for ICA and not even use the rest! (Which I think would be fine, right? I mean there’s no reason for Citrix to limit this standalone ICA thing to Platinum or Enterprise editions, is there?

How likely is this to happen?

So now that we’ve looked into all the details of this ICA/HDX standalone capability, how likely is this to happen? (Because Chris’s blog post makes it clear that they’re just thinking about this—they’re not committed to anything.)

My personal feeling is that this is fairly likely. In addition to all the reasons listed above, Citrix already has a marketing-friendly name picked out: HDX Connect. If this was just some project they were toying around with, it’d have a codename like “Project Flecktacular.”

And from a complexity standpoint, I can’t imagine that there’s too many code changes that need to happen to convert the existing VDA software agent into a standalone non-XenDesktop-requiring mode. Really it just depends on how they decide to license it. (And on that note, how cool would it be if Citrix just made this available for free, or super cheap, like $10 a user. Then everyone would use it. Microsoft would love it. And VMware would be caught in their own “we’re protocol agnostic” shtick and be forced to support it, which would make their blood boil since every View project on the planet would be enabled by Citrix. And Citrix would just sit back and look cool, knowing they were the reason that VDI was so popular.

Citrix has released Hotfix Rollup pack 4 for XenApp 4.5 and XenApp 5.0.

You can download your version here:

32 Bit version: CTX119069
64 Bit version: CTX119075

License Server 11.6.1:  https://www.citrix.com/English/ss/downloads/details.asp?downloadId=1681211&productId=186

The version information of the License Server can be found in the version information of  "C:\Program Files\Citrix\Licensing\LS\CITRIX.exe"

Read the CTX documents mentioned above,  so you’re ready to install this hotfix rollup pack. If you’re doing an unattended installation of the rollup pack, please be sure you use the /qb- switch. When you use the /qb switch, setup fails to complete.

(continue reading…)

In previous Pushing the Limits posts, I described the two most basic system resources, physical memory and virtual memory . This time I’m going to describe two fundamental kernel resources, paged pool and nonpaged pool, that are based on those, and that are directly responsible for many other system resource limits including the maximum number of processes, synchronization objects, and handles.

Paged and nonpaged pools serve as the memory resources that the operating system and device drivers use to store their data structures. The pool manager operates in kernel mode, using regions of the system’s virtual address space (described in the Pushing the Limits post on virtual memory) for the memory it sub-allocates. The kernel’s pool manager operates similarly to the C-runtime and Windows heap managers that execute within user-mode processes.  Because the minimum virtual memory allocation size is a multiple of the system page size (4KB on x86 and x64), these subsidiary memory managers carve up larger allocations into smaller ones so that memory isn’t wasted.

For example, if an application wants a 512-byte buffer to store some data, a heap manager takes one of the regions it has allocated and notes that the first 512-bytes are in use, returning a pointer to that memory and putting the remaining memory on a list it uses to track free heap regions. The heap manager satisfies subsequent allocations using memory from the free region, which begins just past the 512-byte region that is allocated.

Nonpaged Pool

The kernel and device drivers use nonpaged pool to store data that might be accessed when the system can’t handle page faults. The kernel enters such a state when it executes interrupt service routines (ISRs) and deferred procedure calls (DPCs), which are functions related to hardware interrupts. Page faults are also illegal when the kernel or a device driver acquires a spin lock, which, because they are the only type of lock that can be used within ISRs and DPCs, must be used to protect data structures that are accessed from within ISRs or DPCs and either other ISRs or DPCs or code executing on kernel threads. Failure by a driver to honor these rules results in the most common crash code, IRQL_NOT_LESS_OR_EQUAL .

Nonpaged pool is therefore always kept present in physical memory and nonpaged pool virtual memory is assigned physical memory. Common system data structures stored in nonpaged pool include the kernel and objects that represent processes and threads, synchronization objects like mutexes, semaphores and events, references to files, which are represented as file objects, and I/O request packets (IRPs), which represent I/O operations.

Paged Pool

Paged pool, on the other hand, gets its name from the fact that Windows can write the data it stores to the paging file, allowing the physical memory it occupies to be repurposed. Just as for user-mode virtual memory, when a driver or the system references paged pool memory that’s in the paging file, an operation called a page fault occurs, and the memory manager reads the data back into physical memory. The largest consumer of paged pool, at least on Windows Vista and later, is typically the Registry, since references to registry keys and other registry data structures are stored in paged pool. The data structures that represent memory mapped files, called sections internally, are also stored in paged pool.

Device drivers use the ExAllocatePoolWithTag API to allocate nonpaged and paged pool, specifying the type of pool desired as one of the parameters. Another parameter is a 4-byte Tag , which drivers are supposed to use to uniquely identify the memory they allocate, and that can be a useful key for tracking down drivers that leak pool, as I’ll show later.

(continue reading…)

First and foremost: this tuning list is my own experience and the experience of several users on the VMware forum . Your mileage may vary.

The goods:

• Virtual Infrastructure 3
• Windows 2003 Std (or Enterprise) Edition R2 (x86, not x64)
• Citrix Presentation Server 4.0 (yes, I know, the old one )

The tips:

• First this: it all depends on the applications used! Context switches is the key here…
• Use Windows 2003 , not Windows 2000
• Don’t P2V your servers, but use clean templates
• Make sure the correct HAL (single or multi) is installed in the virtual machine. Otherwise, your vCPU will spike.
• Always assign 1vCPU . If necessary, add a 2^nd vCPU. Do not use 4 vCPUs!
• Use 2 GB to start. Scale up to +-4 GB of vRAM if necessary
• Use 1 .vmdk for your system partition (C:\ or other remapped drive letter) and 1 separate .vmdk for your program files.
• Put the page file on the 2^nd .vmdk
• Important: disconnect any .iso file in your virtual CD-Rom
• Use roaming profiles and cleanup your profiles at logoff
• Disable sound for your published apps
• Install the UPH service (download it here )
• User sessions: for me, 30 users on a VM is the sweet spot. Do not expect to get as many users on it as on a physical box!
• Scale out, not up. A major advantage of VM is to clone/NewSID/sysprep existing servers and put them into your existing Citrix farm. Just stop & disable your IMA service , clean up your RMLocalDB (if you use enterprise) and NewSid the thing. Refer to this support article for more info.
• Use dual core or quad core systems. This because ESX will have more CPU to schedule its vCPUs on.
• Don’t ever use a 2 vCPU Citrix virtual machine in a 2 pCPU physical machine!
• Do not install the memory ballooning driver while installing the VMware Tools
• Do not use a complete installation Vmware tools : there is an issue with roaming profiles and the shared folders component. See my previous article for more info.
• Disable COM ports, hyperthreading, visual effects & use speedscreen technology where possible.
• Use snapshots when installing applications or patching your servers (yes! With VMware you can do this!). In case of disaster, you can still revert to the original working server without using backups. Make sure all snapshots are removed ASAP when finished!
• Always check that there are no snapshot leftovers (f.e. the infamous _VCB-BACKUP_ when using VCB)
• Don’t forget you can use DRS rules to run your citrix servers on separate physical hosts.
• Check out this vmworld 2006 presentation
• And last but not least: do not forget to read ESX’s (excellent) performance tuning white paper .

(continue reading…)

Days ago, this announcement was made by Citrix:

XenServer, our enterprise virtual infrastructure platform is now free (including resource pooling and live relo), and we have announced Citrix Essentials for XenServer, and Citrix Essentials for Hyper-V as our virtualization management portfolio that offers a rich set of automated functions that drive the compatible virtualization layers beneath – the free Hyper-V hypervisor from Microsoft, and the free XenServer Enterprise virtual infrastructure platform from Citrix.  Finally, and most importanly, we announced a powerful go-to-market roadmap with Microsoft.

Response to our announcements has been extremely positive, from our partner Microsoft to our channel partners and resellers, and many many customers and users.  There are the expected nay-sayers too, but someone had to drink the only thing that you get free from our competitor – VMware koolaid.

That’s a pretty serious offering for free. Here’s a comparison chart they offer at their site:

Companies who are just now seriously looking into virtualization are going to be hard-pressed to pony up the cash VMWare is asking for their VI product when you can pretty much get the same functionality for free from Citrix. VMWare is going to have to do something in response to stay competitive, especially with the economy in the shape it’s in right now. I can’t wait to see what that will be.

· 4GE Resource Kit – 4GEReskit – Thomas Kötzing’s favorite tools to use while working with Terminal Server & Citrix MetaFrame

· Acro Software Cute PDF Printer – CutePDF Printer is the free version of commercial PDF creation software. CutePDF Printer installs itself as a "printer subsystem". This enables virtually any Windows applications (must be able to print) to create perfect PDF documents – with just a push of a button! Easy-to-Install, Easy-to-Use, Professional Quality, Supports Win 98/Me/2000/XP. Absolutely Free!  No watermarks!  No Annoying Popup Advertisement.

· ADM Template Editor – makes editing of ADM templates a breeze

· AdModify.Net – is a tool primarily utilized by Exchange and Active Directory administrators to facilitate bulk user attribute modifications.

· AnalogX TSDropCopy  is a simple to use application that when run on both client and server allows files to be transferred between both machines quickly and easily

· BrainSys BrsSuite –  an amazing freeware tool to completely lockdown and customize the end-user environment – Designed by Security Expert "Fabrice Cornet".

· Citrix Connection Test Tool provides various connection methods for scalability test and other tests which require a number of sessions to be established

· Citrix ICA Client Downloads from Citrix.com

· CitrixTools.com -  Tools to change home directories, profiles and delete ini files. (continue reading…)

How can I protect my terminal servers from Spyware, Malware, Trojans, Worms, Viruses and un-authorized software?

1. Start with a secure installation of the Operating System.  Windows Server 2003 installs by default with the users being able to create files and folders in the root of the system drive and Windows 2000 Server installs by default with the Everyone group having Full Control NTFS Permissions to the entire System Drive.  To lock down the System Drive on Windows 2000 Server, start with the following settings:

   1. Root of System Drive – Authenticated Users = "Read and Execute"

   2. Root of System Drive – Administrators = "Full Control"

   3. Root of System Drive – System = "Full Control"

   4. Program Files Directory – Authenticated Users = "Read and Execute"

   5. Program Files Directory – Administrators = "Full Control"

   6. Program Files Directory – System = "Full Control"

2. NEVER allow anyone to logon as an administrator or power user, unless they are a member of the IT Staff / IT Consulting Firm that is responsible for the server, and they are logging on to perform administrative functions, i.e. installing software, performing a backup…

3. Force "Empty Temporary Internet Files when browser closed" via Group Policy.  This will delete most bad files from the Temp IE location of the user’s profile, and leave only the cookie files.

4. Implement Roaming Terminal Server Profiles, Mandatory Terminal Server Profiles or Flex Terminal Server Profiles.

5. Enable DeleteRoamingCache in the registry, or via "Delete Cached Copies of Roaming Profiles " in Group Policy.  Since the Roaming Profile does not propagate the user’s Temp Directory, enabling this policy will usually delete that anything the user downloaded unintentionally.  This policy deletes the user’s local profile at logoff once it’s been successfully unloaded and copied to the roaming location.

6. Install the User Profile Hive Cleanup Service , which helps to ensure user sessions are completely terminated when a user logs off.  Without this service, user profiles are often not unloaded successfully which causes the copy to the roaming profile location and DeleteRoamingCache setting to fail.

7. Install a Terminal Server compatible anti-virus scanner on each terminal server, a VSAPI anti-virus scanner on each SMTP Server, and an anti-virus scanner at the Internet Gateway.

8. Set the Terminal Services Configuration Permission Compatibility to "Full Security" (Windows Server 2003) , or to "Windows 2000 Users" (Windows 2000 Server) . If you use the "Permissions compatible with Terminal Server 4.0 Users" (Windows 2000 Server) or "Relaxed Security" (Windows Server 2003), each user logging on is added to the TSUser Security Group, which has permissions and rights of the Power Users Group.

9. Enable Software Restriction Policies in Group Policy, to define which files can be executed by users.

10. If users need only one application, specify this program to start when they logon.  This can be done for everyone via Group Policy or Terminal Services Configuration , or for specific users via Active Directory or Local User Account.

11. Consider locking down the user environment with a FREE program like BrsSuite , designed by Terminal Server Security Expert "Fabrice Cornet", of FC Consult, Belgium .

12. Restrict access to applications normal users shouldn’t ever use, or that do not follow the policy restrictions in place, i.e. winfile and command.com

How can provide the most secure access to terminal servers from the Public Internet?  The RDP Protocol is secure and uses RSA Security’s RC4 cipher, at either 56 or 128 bits, however the following should be considered when providing access to terminal servers over the Public Internet:

1. Set the RDP-Tcp Encryption Level to "High" (Windows 2000 Server or Windows Server 2003)

2. Define and enforce a strong password policy .

3. If you require password authentication to access a Remote Desktop Web Connection (RDWC, aka TSAC or TSWeb), do so over an SSL Connection.  Since you have to logon to the Terminal Server, there really is no advantage to requiring authentication to access a RDWC.

4. Do NOT use traditional client-to-server VPN to provide secure access to Terminal Servers.  This may sound strange, but traditional client-to-server VPNs require connectivity over non-standard ports client software on the remote computer. These often prevent remote users from being able to connect.  In addition to the connectivity problems traditional VPN can cause, traditional client-to-server VPNs can open the corporate network to viruses, trojans or worms, because they extend the corporate network to the remote client.

5. Do consider providing secure access to terminal servers via SSL VPN or a Terminal Server Secure Gateway , as these can provide access over standard ports like 443 or 80, which makes connectivity easy for remote users.  These devices or software applications also provide access to a specific computer, or set of computers, instead of opening a secure tunnel to the entire corporate network.

ICA File Syntax

ICA files are usually generated by an application such as the ICA File Editor or Application Configuration. An ICA file can also be used to create custom WinFrame client.

The Contents of an ICA File

Use a simple text editor (such as Notepad) to create and modify ICA files. A sample ICA file is shown below:

; CUSTOMER.ICA – ICA file to access a Customer Database using Microsoft Access

;

; The [ApplicationServers ] section contains the name of the

; connection or published application defined by the ICA file.

; The name below (Access) appears in the title bar of the client window.

;

[ApplicationServers ]Access=

; The [] section describes the attributes of the connection or

; published application defined in the [ApplicationServers ] section above.

; The name in the square brackets must exactly match the name defined in the

; [Application Servers] section above; in this example, Access.

;

[Access]

TransportDriver =TCP/IP

Address=206.103.132.12

WinStationDriver =ICA 3.0

Username=JBLOGGS

Domain=ABC

Password=000100

InitialProgram =d:\access\msaccess.exe d:\shareacc\access\nwind.mdb /X customer

WorkDirectory =d:\access

UseAlternateAddress =0

;

KeyboardTimer =100

MouseTimer =50

;

; Use either ScreenPercent or DesiredHRES and DesiredVRES to specify

; the size of the client window.

(continue reading…)

Configuring Office settings for all users of a Terminal Server is best done with Group Policies. Download the Office 2003 Resource Kit and the latest Office 2003 SP2 Administrative templates. Be sure to read the installation instructions.

Deploying Office 2003 in a Windows Terminal Services Environment

828955 – How to install Office 2003 or Office XP on a computer that is running Windows Terminal Server

308263 – How to create a Custom Maintenance Wizard file for updating installation options after you deploy a custom installation of Office

827708 – During a Windows 2000 Terminal Services session, the Office 2003 Setup program stops responding

911682 – Windows Installer-related event IDs are logged in the Application log when you start an Office program

823586 – How to turn off the speech recognition and the handwriting recognition features in Office 2003

899117 – User settings issues are not resolved when you reinstall or repair Office programs on a computer that is running Terminal Services – Office 2003, XP and 2000

885380 – Every other time that you open a document in Word, the document opens in recovery mode or you receive an error message

891298 – When you try to open or to save a file in an Office XP program that is running in a Terminal Server session, the Office XP program may unexpectedly quit

821257 – “Not Enough Memory” Error Message When You Search for Clips in an Office Document During a Terminal Services Session – Office 2003 and XP, pre-SP5 hotfix

282599 – Frequently asked questions about Ctfmon.exe

287039 – Cannot Start a Trial Version of Office XP or Office 2003 on Terminal Server

828956 – Running Multiple Versions of Microsoft Office with Office 2003

931946 – The “From Camera or Scanner” menu option is unavailable in Office XP and Office 2003 programs during a terminal server session

Registration information Office incorrect

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\UserInfo Change the 11.0 to whatever version your office is 9.0 or 10.0 I forget. Delete that from the current user profile.  Then go to HKLM\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\office\11.0\common\userinfo and see if the setting is there as well and delete that.  that portion is the shadow key and is why it’s being distributed to everyone.

Word specific issues

917056 – Text is slow to appear or to disappear when you type or delete text in a table when you are using Word 2003 on a Terminal Server client – fixed in Word 2003 post-Service Pack 2 Hotfix

Excel specific issues

916592 – Error message when you try to reactivate (switch to) a terminal services session in which Excel is running: “Not enough system resources to display completely”

313683 – XL2002: Can See Other Users’ Printers in Terminal Server Session

898470 – OneNote 2003 appears pixilated when you run OneNote 2003 in a Terminal Server client

944630 – You cannot move, close, or hide the Live Meeting 2005 sharing toolbar when you connect to a Live Meeting 2005 session in a Citrix MetaFrame-based environment

[ad#post]

Source : http://www.dabcc.com/article.aspx?id=2756

If you are looking for Citrix tips, tweaks, performance tuning, security, and usability ‘tweaks & tips’ for your Microsoft Windows Server 2003 with Citrix MetaFrame Presentation Server 4.0 servers, then look no further. Methodology in a Box 4.0 ‘Tweaks Section’ details tips and tricks associated with Citrix and Terminal Services computing.

In this Citrix MetaFrame Group Policy template (GPO) you will find tips, tricks and tweaks related to:

• Applications tweaks
• Adobe
• Internet Explorer
• Java
• Office 2003
• Outlook Express
• Disk subsystem
• Citrix MetaFrame Presentation Server specific tweaks
• Memory tweaks
• Network tweaks
• Printing tweaks
• Security tweaks
• Windows tweaks

Thanks for Victor Olsen for contributing a few fixes to this Citrix / Terminal Services GPO and to Paul Drangeid from TeleData Consulting, Inc. for creating and testing this template based off the MIAB 4.0 How to Tweaks and Tune Citrix MetaFrame Presentation Server 4.0 Section section.

To download the Citrix / Terminal Services Tips, Tips and Tweaks ADM Template please refer to the following page:

MIAB 4.0 for Citrix Presentation Server 4.0 Tips and Tweaks ADM Template

This release also marks the first release of the new Methodology in a Box Service. What is this Service’? Good question, when I first created MIAB, I released it as a draft for two reasons, 1) get the info out and 2) to get feedback. Since then Methodology in a Box has become much bigger than the sum of its parts, it’s received over a half million downloads and has become an integral part of any Citrix deployment. I have received feedback from all over the world and together we made it a must read for anyone deploying Citrix MetaFrame. Because of this success, I had an idea over three years ago that we just now have the resources and time to make happen. Let me try to explain.

I was sitting watching a TV Show about the Internet and on TCP/IP. It talked about how IP has grown through a serious of RFC’s to become to de facto protocol that we all depend upon to move data around the Internet. What is an RFC? Basically it is process for creating a standard on the Internet. New standards are proposed and published on the Internet, as a Request for Comments. The proposal is reviewed by the Internet Engineering Task Force and once approved it is made the standard. I thought to myself, why can’t we do this for the Server based computing world? Why can’t MIAB and DABCC provide this service? Well, Methodology in a Box is designed to be just that. The new Methodology in a Box is this service and the new Tweaks Section is our first attempt to make this happen, but we are not stopping there.

This being said, what we have done is created a basic document, a proposed series of RFCs, and a forum where we can all debate each tweak (RFC) and where you can submit new ones. If the community agrees then it will be certified as an official tweak. This is the new process we will use for all of the content found in Methodology in a Box, from how to install Citrix, to how to lock down your system through GPOs and other resources, to how to customize Citrix Web Interface. As always, I feel that by doing this, we can continue what we started in May of 2002 and that is to build the Citrix Deployment Bible, and we are already off to a great start!!!

Download ‘How to Tweaks and Tune Citrix MetaFrame Presentation Server 4.0 Section’ Beta 4 White Paper – PDF Format

Download ‘How to Tweaks and Tune Citrix MetaFrame Presentation Server 4.0 Section’ Beta 4 White Paper - ZIP Format

When you set the paging file size in Windows, that the largest paging file that you can select is 4,095 megabytes (MB) per drive or volume. If extra drives or volumes are not available, you can create multiple paging files on a single drive by placing them in separate folders. The problem comes up if you use the small 1U server with only 2 drives that are usualy configured as raid 1.

To create multiple paging files on one volume to overcome the 4,095-MB limit:

1. On the drive or volume you want to hold the paging files, create folders for the number of paging files you want to create on the volume. For example, C:\Pagefile1, C:\Pagefile2, and C:\Pagefile3.
2. Using Registry Editor (Regedt32.exe), locate the following key:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\MemoryManagement
3. Find the Pagingfiles value, and then double-click it to open it.
4. Remove any existing values, and add the following values:
   c:\pagefile1\pagefile.sys 4000 4000
   c:\pagefile2\pagefile.sys 4000 4000
   c:\pagefile3\Pagefile.sys 4000 4000
5. Click OK and quit Registry Editor. Restart the computer to cause the changes to take effect.

In this example the page will now have the size of 12GB on one volume.

Checkout http://support.microsoft.com/kb/237740/en-us for more information.

On mirrored drives people usually make a separate partition for the pagefile. In order to make the pagefile faster this is NOT the best thing to do. The pagefile should be near the system files if it is located on the same physical disk (Raid 1 set) as the System files. If you place it on a different partition the heads from the HDD will have to move over a empty part of the disk to access or write to the pagefile. If you use the discribed methode by first setting no pagefile then defrag the C: drive and then placing the pagefile on the C: drive all files will be close together and the heads of the disks will not have to move a lot.

As most companies buy servers with 2 disks for their Terminal Servers and most of he time make a mirror set out of these for fault tollerance. Administrators are forgetting that Terminal Servers (and even more with Citrix on them) are fault tollerant because you have a lot of them. The best thing to do in this case is not to configure the disks as a Raid set but as separate disks. On the first disk you place the system, program and profile files. On the second disk you place the pagefile, the spooler directory and all temp files/directories. This could speed up things a bit to a lot depending on programs installed, use of page and temp files and the amount that is printed.

The best thing to do is of course buy a server with 2 x drives in a RAID1 configuration for Operating System & Applications and 2 x drives in a RAID1 configuration for Page File. This is applicable if the server has more than 2 drive bays.

Here are some of the most useful optimization tips. Some of these Registry tweaks have been around for a while, but others are new to Windows Server 2003. All are designed to streamline your Terminal Server resources.Here are a few that specifically improve the performance of Terminal Services on Windows 2003. Remember that as with any modifications to your system’s Registry, test everything thoroughly before you implement.

Eliminate IE Flickering: Configure this setting to force off-screen composition of Internet Explorer, which eliminates the flickering effect. In HKEY_ CURRENT_USER\Software\Microsoft\Internet Explorer\Main, set the DWORD value for Force Offscreen Composition to 1.

Disable Office 2003 Customer Experience Improvement Program: Configure this setting to prevent Office from prompting the user to participate in this program. To enable, in HKEY_ CURRENT_USER\Software\Microsoft\Office\Common, set the DWORD value for QMEnable to 1.

Disable File Locking: Configure this setting to modify the file locking behavior on the server. This will enhance performance, but it’s known to have issues with some database applications. To enable, in HKEY_LOCAL_ MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters, set the DWORD value for UseLockReadUnlock to 1.

Disable NTFS Last-Accessed Time Stamping: Configure this setting to prevent the system from updating the last accessed time stamp on files, which can enhance performance. Some applications require this to be accurate, so test prior to implementing. To enable, in HKEY_LOCAL_ MACHINE\System\CurrentCon trolSet\Control\FileSystem, set the DWORD value for NtfsDisable LastAccessUpdate to 1.

Turn off Lazy Writes: This setting prevents the system from caching write operations before writing them to disk. This can speed operation over the network. Configure the following two keys: In HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Services\ LanmanServer\Parameters, set the DWORD value for IRPStackSize to 15. Also, in HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Services\ LanmanWorkstation\Parameters, set the DWORD value for UtilizeNT Caching to 0.

Improve Windows Kernel Performance: Prevents the system from paging kernel mode drivers and system code to disk, which can decrease performance. To configure: In HKEY_LOCAL_ MACHINE\System\CurrentCon trolSet\Control\Session Manager\ Memory Management, set the DWORD value for DisablePagingExecutive to 1.

Increase the Network Request Buffer: This setting boosts performance by increasing the size of the network request buffer, which determines how much data is stored before it is sent to the client. This setting can also improve LAN Manager file writing performance. Increasing the size of this buffer will consume RAM, so adjust and monitor carefully. To enable, in HKEY_ LOCAL_MACHINE\System\Current ControlSet\Services\LanmanServer\Parameters, increase the DWORD value for SizReqBuf to a value between 1024 and 65535.

Eliminate Session Hangs During Logoff: Terminal Server sessions can sometimes hang when the user attempts to log off. One solution: Modify available network buffers and open connections. Configure the following keys: In HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Services\ LanmanServer\Parameters, set the DWORD value for MaxWorkItems to 8196, MaxMpxCt to 2048, MaxRaw WorkItems to 512, MaxFreeConnections to 100, and MinFreeConnections to 32. In KEY_LOCAL_MACHINE\ System\CurrentControlSet\ Services\LanmanServer\Parameters, set the DWORD value for MaxCmds to 2048. Also, in HKEY_LOCAL_ MACHINE\System\Current ControlSet\Control\SessionManager\ ConfigurationManager, set the value for RegistryLazyFlushInterval to 60. Lastly, ensure that the Enable Advanced Performance feature is enabled when viewing device properties of all disk drives on the system.

Speed up Application Load Times: Increase the perceived performance of your Terminal Server by pre-loading commonly used files into memory. This works well on systems with plenty of available RAM. To enable, in HKEY_ LOCAL_MACHINE\System\ CurrentControlSet\Control\Session Manager\Memory Management\ PrefetchParameters, set the DWORD value for EnablePrefetcher to 3.

Disable Caching of Roaming Profiles: Excess roaming profiles on a Terminal Server can consume disk and Registry quota space. Configuring this setting can eliminate waste but increase user’s login time. To enable, in HKEY_ LOCAL_MACHINE\Software\ Microsoft\Windows NT\Current Version\Winlogon, set the DWORD value for DeleteRoamingCache to 1.

Disable Unused Subsystems: Not using the POSIX subsystem on your Terminal Server? Disable it and navigate to the registry location HKEY_LOCAL_ MACHINE\System\CurrentCon trolSet\Control\Session Manager\ Subsystems and delete the Posix key. Disable the File Indexing Service: File Indexing Service is great for quickly searching for files, but your Terminal Server arguably shouldn’t have that many user files on it and the indexing process can consume huge system resources. To disable it, navigate to the properties menu of each drive on your system and deselect the box for Allow Indexing Service to index this disk for fast file searching.

There’s more where these tips came from at www.dabcc.com.

[ad#post]

Gus Pinto has written a blog entry about the approach technical preview of Citrix “VDI” solution currently referred to as XenDesktop. Citrix is really positioning itself as being the real company to deliver the “dynamic desktop” by offering customers a range/array of different technologies that deliver the application or operating system down-the-wire to the end-user. This includes VDI (XenDesktop), Server-based Computing (Presentation/MetaFrame Server) and steaming-delivery operating systems (Ardence)

You can read more about XenDesktop on Gus’s blog

Link:

http://www.frameworkx.com/contentblogdetail.aspx?blog=56&id=709

and sign up for a technical preview at citrix:

http://www.citrix.com/XenDesktop