Process “Hibernation” Utility

September 25, 2009

Guy Leech, a contributor on this AppSense Blog has developed a utility to pause processes, minimize the process/application window, free up the Memory while paused, and provide the option to resume process at later date.

Here is the article intro along with link to the original post (containing the download):

“Ever have the need to pause a process so that you can come back to it later – maybe something that is resource hungry, difficult to get back to the same point in if you quit it or possibly doesn’t work when away from the corporate network? Then this is the utility for you – via a simple user interface it allows you to pause and resume any of your running applications/processes.”

Read more about this cool utility with option to download it here


Some Citrix XenDesktop Troubleshooting Tips

September 23, 2009

I have recently had to build a new Citrix XenDesktop environment for some testing which included Citrix Provisioning Server and Citrix XenServer. Along the way, I had various issues and struggled to find a single, comprehensive, troubleshooting article so I am going to have a stab at it here since I had to go through various tests in order to sort my issues. Having said this, there are some very good technotes on the Citrix web site here – http://support.citrix.com/product/xd/v3.0/technote/

  1. Enable logging for the Workstation Agent and ensure that access to the C$ share of the master XenDesktop image is enabled, including a firewall exception for file sharing. This is so that you can get at the log file without having to log on interactively to the image. See this article for how to enable the logging by a simple edit to the WorkstationAgent.exe.config file:  http://support.citrix.com/article/CTX117452 

    Obviously ensure that the Workstation Agent (Citrix Desktop Service) is successfully starting, as are other Citrix services, and the log shows it registering with the DDC.

  2. The event logs are also obviously another place to look when things fail although this can be tricky if your VM has been connected enough to want to reboot when the connection attempt has failed.
  3. You can also enable logging for the Desktop Delivery Controller service which is detailed in the link above. Ensure that the DDC service and other Citrix ones start successfully.
  4. PortICA logging can be enabled – http://support.citrix.com/article/CTX118837 – which could show potential ICA problems. It didn’t for me but will stay enabled in my base image whilst I am still testing.
  5. Citrix tracing tool (CDF – Citrix Diagnostic Facility) – this didn’t help me as it only currently supports a small number of client side features such as USB. It can also be run on the machine running the Workstation Agent but I didn’t do this.  http://support.citrix.com/article/CTX120269
  6. I did have some errors when using the XenDesktop Setup Wizard so I followed the steps to get a log file for this. I couldn’t get the log produced via the command line so ended up modifying the .config file as described here: http://support.citrix.com/article/CTX118278 

    My issues actually turned out, I think, to do with the fact that the template I was specifying in the wizard had an 8GB disk attached (it was my Gold Build VM that was booting off the PvS disk but still had the original hard drive in case I needed to rebuild the PvS disk) so each new VM created by the wizard was creating a new 8GB disk and I simply didn’t have the storage for it (not that I got an error suggesting this). I therefore created a new VM in XenServer that had the memory, NIC and CPUs I wanted but had no hard disk so actually didn’t have an OS installed (it never even got booted). This doesn’t matter since the OS comes from the vdisk/vhd you specify, separately, in the wizard.

  7. Check that you can logon with the required accounts to the VMs in your XenCenter/XenServer console. This should show any domain joining or account issues, e.g. expiry or permissions. Also check network connectivity to/from them.
  8. Fire up your gold image VM, since it should be on a standard image disk so the changes will be lost when it shuts down, add it to a new desktop group without a hosting infrastructure so that you just use the name of the VM in the group. This should tell you if the problem was something funny about the desktop group or the VMs that comprised it.
  9. My issue was that I was launching the connection from Web Interface but I wasn’t getting a session, just a failure popup – “Unable to connect to the desktop. This may be a temporary problem. Click OK and then try starting the desktop again. If the problem persists, contact your system administrator”. Before acknowledging the failure popup, look in your %temp% folder for the ICA file that it dynamically created. It won’t be a .ica file but instead will most likely be a .tmp file although will probably start “ica*”– easily spotted by modification time, particularly if you sort on modification time. It is actually the argument to cdsbar.exe if you look in Task Manger on Vista or with SysInternals/Microsoft Process Explorer. Open the ica file in notepad and check that it makes sense – e.g. is connecting to the right thing (“Address=”) and that the entity can be resolved/contacted. Note that the ica file, in best Mission Impossible style, will self destruct, i.e. be deleted, when you ok the failure popup thanks to the “RemoveICAFile=On” line. Note also that there is little point in saving the ica file for later use since it has a logon ticket in there which most likely will have expired.
  10. This leads on to checking that port 1494 is accessible in the virtual desktop by telnetting to it. However, port 1494 is only alive for a brief while after the connection is initiated so wait a few seconds after you have clicked on the icon to launch the session in Web Interface, or Program Neighborhood, before trying the telnet. When accessing a pool, look at the temporary ICA file to figure out which machine to check or reduce the pool to a single machine. We are not really looking for anything here other than the connection succeeds although you will probably see the characters “ICA” displayed.
  11. As by this stage all logs were looking fine and port 1494 was working, I put on a network monitor, in this case SysInternals/Microsoft Process Monitor, on my client machine (the one accessing Web Interface) and filtered on wfica32.exe. This is when I found that some traffic was going through my proxy that I hadn’t allowed for – bingo, problem solved when the proxy was disabled. In my defence, I had tried accessing from a different client (this should probably be a separate line item in this troubleshooting “guide”) but that had also failed, albeit probably for different reasons as it wasn’t using a proxy.
  12. Watch for proxies! Obviously configure them as necessary or disable them.
  13. I did have some “funnies” with my XP VMs created by the XenDesktop Setup Wizard and running off PvS. I think they were because after creation I had switched the master disk away from Standard Image mode. My excuse is that you have to manually hit F5 to do a refresh after changing vDisk properties and I didn’t! I was actually getting the error described here: http://forums.citrix.com/message.jspa?messageID=1393521 

    Sometimes the streaming console (StreamConsole.exe) on the PvS box can help diagnose these kinds of issue. Unfortunately it didn’t in this case.

  14. I also got caught by my base image having miniscule event log sizes (64KB) so even though they weren’t up for long, it was enough for them to fill up and not to overwrite so it was back to the base image to set larger sizes and set them to overwrite as needed.


How To Guide: Streaming Microsoft Office with Citrix XenApp 5 – Best Practice Guide & Licensing Overview

August 27, 2009

Citrix Technology Professional (CTP) Alexander Ervik Johnsen has written a very useful piece on how to Profile and Stream Microsoft Office 2007 using Citrix XenApp 5.0

This is a great guide and covers how to stream Office to a desktop, or, into a Citrix XenDesktop session.  His article and guide can be found on his website here.

Further to the actual process of profiling and streaming the Office application, I also want to ensure everyone is aware of the Microsoft Per Device Licensing Model for Server Hosted Applications.

Many Microsoft applications, including Microsoft Office™, Project™ and Visio™, are licensed on a per-device basis. This means a desktop application license is required for each and every device that is able to potentially access the application or server where the application is installed, regardless of whether a user executes and runs the application of not.  This makes licensing Microsoft applications in virtual environments a tricky, potentially very costly, and misunderstood subject. 

One misconception is that by ‘publishing’ or ’streaming’ applications to a limited “user” group, that group is compliant with the Microsoft license agreement – in other words, Microsoft licenses their applications per user.  This is in fact in breach of the Microsoft licensing model, and can lead to legal action.

I have written a blog, which also includes official Microsoft approved whitepapers on how to control and enforce application access and license compliance on a per device basis  in such virtual environments,  that blog can be found here

In addition to helping ensure compliance, effective license control and management can also reduce Microsoft License requirements and associated costs – more information on this can be found here.

If anyone has any questions or comments, as always, please do let me know.

Thanks
Gareth


VDI Personalization and Configuration: Profile Management & Logon Scripts – not enough for multiple delivery mechanisms & OS platforms?

July 24, 2009

As a leading user environment management vendor, AppSense are in a unique position in that we have been involved many VDI projects and rollouts, of which the majority vary in architecture, technology and requirements.  One thing that does however remain the same between such projects is that of the requirement for user personalization management.

For many years the roaming profile provided user personalization in SBC environments, however as VDI deployments become more and more complex, with varying methods of desktop and applications delivery, along with multiple desktop operating systems and subsequently, profile versions, the roaming profile is no longer able to provide the user with their required settings in such (complex?) scenarios.

Furthermore, these desktops must now be constructed and configured based on the context of the user and/or connecting device.  i.e. mapping specific printers local to the user and device dependent on the location of the user logging on, or applying security policies to hide or remove access to network drives, folders, data and functionality such as copy and paste or print, again, based on the location of the user.  Whereby the desktop delivered to a user when connected locally inside the corporate LAN is different to that of the desktop delivered to the same user when connecting remotely from outside of the LAN.

One more point to consider is that of enabling the user to freely roam between the server hosted or provisioned virtual desktop, and the users local desktop device such as their PC or roaming laptop.  How do you as IT enable user settings to automically follow the user between different platforms?

AppSense Environment Manager was designed from the ground-up with functionality to accommodate the above requirements, making it, or, other user environment management solutions essential to the mass adoption of VDI on an enterprise scale.  In essence, AppSense provides the ability to encompass multiple delivery technologies and OS platforms by allowing the user to roam between the paradigms without any noticeable change to their desktop or user experience, enabling IT and the organization to benefit from flexibility, agility and lower TCO.  I do at this point want to highlight that this is different to the personalization management provided by the leading VDI vendors (Citrix, Microsoft, VMware etc), as their in-built functionality is typically designed for their delivery platform, not each other’s.   In essence, further to the advanced personalization and simplification of desktop management, AppSense also enables an organization to use combinations of both existing technologies, and (potentially) more importantly, any future VDI delivery technologies and vendors.
 
I have just found a very nice blog covering the functionality of not only AppSense Environment Manager, but also the base technology inherent within the leading VDI service providers – Citrix, VMware and Microsoft.  Hopefully from this blog post, and the information over at GenerationV, you will see how AppSense bridges the gap between the roaming user and a dynamic, flexible VDI model..

For more information on this, the GenerationV Profile Management blog can be found here


Fair-Sharing CPU usage on Citrix XenApp to ensure Quality of Service and Faster Response Times (With AppSense Performance Manager)

July 23, 2009

The Server Based Computing (SBC) such as Microsoft Terminal Server and Citrix XenApp model offers many unique challenges for both architects and administrators. There are concerns of security, availability of resources, performance and the costs of hardware, licensing and ongoing management. Due primarily to opportunities for cost reduction in hardware purchases however, server consolidation through ‘optimizing performance’ has been the main area addressed. Fewer servers also result in lower licensing costs, lower maintenance overhead, and reduced electricity and cooling costs. However, it has now become apparent the real issue with performance is not just financial, but one of user experience. There is an ongoing tradeoff betweenensuring users receive a consistent ‘end-user experience’ while maintaining the minimum amount of hardware. 

 

Before considering CPU usage, management and optimization, it is first necessary to clarify CPU usage. When a figure such as 60% CPU usage is quoted, what is actually meant is the CPU is being utilized at 100% for 60% of the time. This shows a high CPU value is actually an efficient use of resource, rather than a problem.

 

A CPU utilization of 100%, while considered a problem by many, actually means maximum use is being made of this resource, and therefore achieving maximum return on investment. Problems occur when requests exceed 100% CPU utilization, whereby resource contention and bottlenecks are formed – although, this can be solved by efficiently allocating the resource between the users and running applications.

AppSense Performance Manager is able to control CPU usage in many ways, and may be used to not only resolve CPU usage issues, but also to ensure CPU resource to mission critical applications and users.  In this post I want to cover one specific feature function within AppSense Performance Manager – Smart Scheduling, or sometimes known as CPU Fair Sharing.

Smart Scheduling
With Microsoft operating systems, during process initialization, a priority is assigned for the process to run under. Microsoft Windows 2003 has the following priorities:-
Realtime, High, Above Normal, Normal, Below Normal, Low.

A process which has a higher priority will be allocated CPU prior to a process with a lower priority. Most applications when launched are given a ‘normal’ priority. This means that these processes form a ‘queue’ for the CPU and will receive CPU time only when it is their turn. There are a few standard system processes which are assigned a higher priority, such as the ‘Windows Task Manager’ which is automatically assigned a ‘high’ priority. This ensures should the Task Manager process require CPU time it will be given it immediately.

A process may consume a maximum amount of CPU time, known as the quantum time. If the process does not require the full quantum time, for example if it requires further data, it is able to release the process prior to completion of the quantum time, thereby allowing another process access to CPU resource.

When an application Launches, there are many calls to the disk to access new data, and therefore the process consumes small parts of the quantum time. Processes which involve a large number of calculations, such as highly mathematical applications, tend to use all of the CPU quantum time and are therefore CPU intensive.  If the timeline of processes within the CPU are mapped out the problems become immediately apparent.

For example – Below, Process A is Microsoft Word launching; Process B is a resource intensive Microsoft Excel macro.

 

Blog1

Scenario 1:- Only Process A is running in this scenario, the application performs at full speed as it gets CPU resource when required and disk resource when required.

Blog2

Scenario 2:- Process A and Process B running. In this scenario it is evident that process A has been dramatically slowed down as there is a length of time where it is waiting for process B to relinquish the CPU. This can have dramatic effects on the responsiveness of the process, and obviously increases the time to wait. As process A and B both have equal priorities one process has to wait for the other to finish.

AppSense Performance Manager includes ‘smart scheduling’ technology that is able to share the CPU resource more efficiently between running applications. The priorities of the process are altered dynamically. The result being that processes requiring a small amount of CPU time tend to be given a higher priority than those which tend to monopolize the CPU.

Blog3

In this way the CPU time is divided equally amongst both processes ensuring that each has a share and no one process is hogging the CPU, causing others to wait. Process B receives much smaller chunks of CPU time but similarly its waiting time is also short, ensuring that the application appears responsive to the user, and therefore still falls within its time to wait. The effect of this process is greatly reduces the CPU queue length.

By interpolating between standard priorities, and dynamically adjusting the priority of each process, AppSense Performance Manager is able to ensure more efficient processor usage. More importantly, from a user perspective, no application is seen to “freeze”, ensuring application responsiveness falls within the acceptable ‘time to wait’ period.

Share Factors
In the above examples we assumed both process A and B are equally important and therefore require an equal use of resources. In most cases this is not a true representation of applications and users. Servers contain both mission critical applications and also users with varying degrees of ‘importance’. By implementing share factors within AppSense Performance Manager, these applications and/or users may be given a higher or lower share of CPU time.

If the process A is a mission critical process then it may be assigned a higher share factor. The effect of this is to raise the priority of the process so that it may have a longer CPU time before process A is given a higher priority.

Blog4

Here process B has been given a higher share factor resulting in process A waiting on process B. The difference now is the time process A has to wait is a value which is configurable by the Administrator. A further function of AppSense Performance Manager is the ability to apply application or system state control. An application may be defined as having a high share factor when in the foreground, a medium share factor when in the background, and a low share factor when minimized.

If we now look at things from a user point of view, the application they are currently working on will always be guaranteed to receive CPU time, and can therefore always be made to function within its required time to wait, hence “performing well”. Other processes continue to receive a share of CPU time ensuring that they also function. One key system state for SBC systems is the ‘disconnected’ state.

By assigning a relatively low priority to all other states we can ensure that users who disconnect from the server without logging out properly, do not continue to consume valuable CPU resource which is then made available to all other users.

In conclusion, Microsoft Windows operating systems go some way to addressing how applications make use of system resources, but it is clear that in situations of high resource usage, such as in SBC environments, they are challenged. AppSense Performance Manager addresses these shortcomings. It provides many methods of controlling critical system resources such as CPU, Memory (both physical and virtual) and Disk. It’s CPU scheduling algorithm ensures that even in times of maximum CPU usage the server remains responsive for each user and application. If necessary, weighting may be given to ensure minimum response times for mission critical applications and/ or users.


Citrix Session & Application Timeouts, a Great Solution

July 21, 2009

I had a great day on Tuesday. An AppSense client had an issue where their remote workers experienced their Citrix applications timing out on them.

After connecting, and using application 1, by the time they go to use application number 2, it had timed out, and when they try to restart it, Web Interface had timed out as well.

So the clients question was  “How can AppSense help me?!”.

Enter “ENVIRO-MAN” from the left of screen. All dressed in pretty green and looking surprisingly like the Environment Manager Product Manager :-)

“Your session timeouts do not scare me” he roared as he landed awkwardly on the photocopier, injuring his knee.

While “ENVIRO-MAN” proceeded to bore one of the office staff with stories about the mighty Blackpool Football Club, I decided to dig in and fix the problem.

Session Timeouts are controlled by a number of parameters – as examples, there are some per server settings based on type of connection (RDP or ICA) and some user based settings set in Active Directory.

However, if you require more granularity, that’s where AppSense Environment Manager lives…

By using a Group Policy Action (Set ADM Policy / Set ADMX Policy), I was able to load in the ADM settings from the “C:\Windows\inf” directory.  I then typed “session” into the filter, and up came the Terminal Server Session Timeout setting…  Magic :-)

By using EM Rules/Conditions I could now vary the Session timeouts based on IP address, Client Name, or even by integrating it into the results of Citrix AAC filters :-)

I demoed it to the client (they were blown away), thanked ENVIRO-MAN for his help and left to help the next client in need.

All in a good days work :-)


Enabling OFFLINE Personalization Support for SBC and VDI

July 2, 2009

One of the biggest problems faced with a server based computing or virtual desktop environment, is that of ensuring any user personalization settings made to the desktop or application set whilst on the SBC or VDI session, are then persisted and available to the user when the user goes offline and uses an external or roaming device such as a laptop.  This is then repeated in ensuring any personalization changes a user makes on an offline device are also replicated and present back on the SBC or VDI session.

AppSense Environment Manager’s solves this crucial problem by providing users with a ‘follow me’ personality, across all delivery mechanisms and devices.  AppSense Environment Manager’s unique Offline Mode ensures mobile users have access to the latest version of their personalization settings when not inside or connected to the corporate network.

The process behind this is relatively simple and utilizes a ‘local virtualization cache’ which resides on the end point device.  When a user is logged on to a managed computer, their personalization data is stored locally in the virtual cache on the endpoint device. By default, when the user logs off or shuts down the device, the cache is deleted, and recreated when they next log on.

To enable offline availability of the settings stored within the local virtualization cache, the AppSense Environment Manager Console provides an option for the administrator to specify, on a per-machine basis, that the user is working in offline mode and requires their cache to be permanently available on the device, thereby not deleting it at logoff or shut down.

The settings are now available to the user for the duration of their disconnected state, any further changes the user makes to their desktop or application set during this time are automatically captured, redirected from the local registry and file system, to the local virtualization cache.  Upon reconnection to the network, these new settings (the delta’s) are automatically synchronized back to a SQL database and are available to be streamed back into any other concurrent session.

As you may be aware, the personalization (profile) settings are only one half of the user personality, the other half being ‘policy’.  Policy remains on the end point device at all times, regardless of whether the managed computer has offline mode enabled or disabled.  Policy remains as it is part of the AppSense Environment Manager configuration, which resides on the endpoint device at all times to set up, maintain and self heal the environment.

If you would like any further information, please do ask.