Virtual Desktop Blog
Friday, 03 September 2010 11:32 | 
Author: Eelco de Vries | 
The last couple of years I’ve been involved in some issues at several customers concerning performance. In almost every case the following took place:
- Customer switches from client-server to SBC (mainly Citrix).
- Existing WAN configuration is used or a new WAN is in place with limited bandwidth.
- PoC and pilots went OK, but in production (with far more users) performance is (very) poor.
- After first investigation Citrix environment performs well (at DataCenter or main location) but on branch locations performance is poor (latency, slow response, freezing sessions etc.).
Most of the time the WAN connections on branch offices is based on assumptions like:
- Users sessions take about 50kbit/sec of bandwidth.
- Mostly ICA traffic (= Citrix, Terminal Server only = RDP) is going over the WAN connections.
Both assumptions are always DEAD WRONG!
It’s possible to consume all available bandwidth on the WAN with just one ICA session. Just start Internet Explorer and go to a web page with a large amount of flash content and wait until all your colleagues complain… Or start Adobe Reader, open a PDF and use the slide bar on the side of the screen to scroll up and down… Just 2 examples which causes your ICA session to consume all the available bandwidth.
You can check the bandwidth consumption in the logs of your router. If you’re using devices like Packeteer, Juniper or WANScaler (Branch Repeater) you can easily check which sessions take a lot of bandwidth. If you do not have any monitoring tools available: just download SMCConsole; a very lightweight monitoring tool to check ICA bandwidth and latency. Just start the tool on a Citrix server, pick your own ICA session and try the two examples I mentioned earlier to increase your bandwidth consumption within ICA rapidly…
SMCConsole
So item 1 is explained… Item 2 (only ICA traffic…): most of the customers use a single or clustered print server, located at the main office or Data Center, used for all branch offices. So when users print from their applications the print job is sent from the Data Center to the printer in the branch office. That means that SMB traffic is roaming on the network, using all available network it can get if the WAN is not managed. If someone prints a large PDF document the whole office will experience poor performance until the print job has finished. Or Administrators copying large amounts of data over the WAN… Or a user with a laptop who syncs Outlook with an Exchange server located in the Data Center…
What has to be done to get an acceptable performance over WAN connections?
We can divide the performance issues roughly into two pieces:
-
Optimize ICA performance
-
Optimize WAN performance
Why splitting it up? Simple: even with only ICA traffic on your WAN it’s possible to frustrate a complete WAN location by generating hugh ICA packets (using IE with flash or applications with rich media content).
1. Optimize ICA performance
- Use a Citrix policy to limit the overall session bandwidth usage per user. It’s easy to implement and it prevents massive ICA traffic from a single session. Dependable of the amount of bandwidth performance will decrease a bit for applications with rich media content, but all other users on the same WAN connection won’t be bothered because their sessions aren’t suppressed.
- Implement Citrix HDX when you’re using XenApp or XenDesktop. Features like HDX Mediastream can be used to get a better performance using multimedia.
2. Optimize WAN performance
With more than just ICA traffic on the network the WAN has to be managed to avoid suppression of ICA traffic. There are many possibilities to increase the performance of the WAN, dependable of the kind of network traffic that roams the network:
Prioritization.
With Prioritization (also called Cos, Class of Service) it’s possible to give important network traffic precedence over unimportant network traffic. Products like Citrix’s WANScaler (Branch Repeater) can prioritize ICA traffic over other traffic, together with caching techniques, to improve ICA performance over the WAN.
Quality of Service.
QoS (Quality of Service) is used to provide a guaranteed amount of bandwidth. The used protocols are classified in different classes (high/medium/low or gold/silver/bronze). The highest class gets the best service. When putting ICA traffic in the highest class and SMB traffic in the lowest class the performance can improve dramatically.
Note: When the WAN connection is flooded with data even CoS or QoS can fail because the amount of data cannot be handled by the used equipment (network congestion).
Packet shaping.
Especially for SMB traffic packet shaping can be very useful. With packet shaping network traffic can be send segmented, delayed, or be sent in smaller packets. This can be very effective for large print jobs; it has less impact on the WAN because print job data is fragmented. Products like Packeteer use packet shaping, but also software solutions like ThinPrint are using compression together with packet shaping.
Policy Based Routing.
With Policy Based Routing (PBR) you need at least two WAN connections per site. With PBR you can split your network traffic into important traffic (ICA) and unimportant traffic (other). On the WAN ICA traffic is never bothered by other network traffic (like SMB, HTTP etc.) because all other protocols roam on the second WAN connection.
Increase bandwidth.
And last but nog least: increase your bandwidth. When your WAN connections are flooded all the time nothing will help you to get an acceptable performance, even with the most expensive appliances. CoS, QoS, PBR and shaping will help you to manage your WAN, but when there’s a huge amount of traffic on your network your router will work as a funnel, causing network congestions, packet drops and other stuff you do not wish to happen…
So… check your WAN before you are going to use your SBC or VDI environment en masse. When you don’t have the expertise to monitor/investigate your network just hire an experienced network consultant to give you a good advise what to do. At the end it’ll save you a lot of money, time and frustration. Keep in mind that within SBC and VDI environments your Wide Area Network is a mayor key component of your infrastructure. When your network is not available your infrastructure is completely useless!
Not only performance is an issue, but also redundancy. Make your WAN redundant if your business is dependent of your remote infrastructure. There are several ways to secure your WAN environment, but you don’t need a Citrix expert on that one, try a network geek :)
Friday, 07 May 2010 14:42 | Author: Nico van Meurs |
This morning I took the Citrix 1y1-A15 Engineering a Citrix Virtualization Solution beta exam. This is the final exam to receive the new Citrix CCEE certification. And I’m happy to say that I passed with a score of 76%!
According to the results I didn’t score very well on the monitoring part. So luckily I mainly implement Citrix environments and don’t manage them J
I have to say I’m really enthusiastic about the quality of the exam. The simulations look very good! Big respect to the Citrix exam development team for this! I recognized a lot of questions from the exam development workshop I attended but I also noticed a few new questions. I like the fact that the exam is very real life oriented. And that you really need to have in depth knowledge about most of the Citrix products and the way they interact with each other, to pass the exam. This is something that we as item development team tried very hard and it’s good to see this worked out pretty well.
Normally with beta exam’s you need to wait a few weeks before hearing your score. So it surprised me that I received the results directly after finishing the exam. I’m curious to know what Citrix will do with the feedback they receive from the beta testers.
All in all I’m very happy with the new Citrix CCEE exam and I’m very proud I got the chance to be a part of this!
Monday, 26 April 2010 11:32 | Author: Nico van Meurs |
About a year ago a bunch of Citrix experts myself included traveled to Citrix Headquarters to help the Citrix education team designing the CCEE 1Y0-A15 exam. Now a year later the exam is finally in beta and the final exam will become publically available as of June 28.
Today I received the Exam Preparation Guide for the exam, which has me and the other guys credited as part of the Item Development Team!
I scheduled the CCEE beta exam for Friday May 7th. I'm not planning to prepare for the exam so I hope the fact that I designed a large part of the questions is enough for me to pass:)
Wish me luck!
Friday, 16 April 2010 08:29 | Author: Nico van Meurs |
Using Streamed applications is a very flexible way of deploying applications to your end users. Sometimes you come across an application that you need to provide to your users more then once, with different configurations. You can do this by profiling the application multiple times, each time with a different configuration. But a big disadvantage of this method is that when your application needs an update, you must install this update to all created profiles.
Luckily there’s a more effective way of solving this “problem” for many applications out there. For this method the application only needs to be profiled once but can still be published multiple times with a different configuration. To do this I use a bacthfile that writes the configuration to the application "on the fly". Most of the time the application configuration is held in the registry or in a configuration file, so this can easily be modified. In this batchfile I'm not using the actual configuration parameters, but instead I use variables. This variables can later on be specified in the properties of the published application.
Let’s take a look how this works by using an example application TOPdesk Settings Management.
This application uses a configuration file stored in “C:\Program Files\TOPdesk\Settings Management”, the file looks like this:
Specified in the configuration file is the servername of the server to which the application must connect. As you can see in this example the file points to the TOPdesk test server. Next to that there’s also an acceptance server and a production server. So to use the same streaming profile for these different configurations I first create the batchfile.
ECHO OFF
As you can see the batchfile creates the TOPdesk configuration file and uses the %1 and %2 parameters instead of the actual servername and portnumber of the TOPdesk server. After that it starts the application executable.
Next thing I need to do is adding the batchfile to the streamed application. I do this by using the Citrix Streaming Profiler.
In the profiled application you choose Update / Install Application.
Choose Advanced Install.
Choose Select files and folder.
I created the batchfile on C:\. So from there I can upload the file to the applications program files folder in the streamed application.
After that choose Finish installations.
Now all I need to do is adding a shortcut to the batchfile by adding an application in the profile. Important here is that I add two asterisks in the command line parameters field.
After that I finish and save the profile.
Next I need to publish the application.
In the following screen is the location where I can specify the value of the parameters used in the batchfile. Here I add the configuration parameters that I want my published application to use. When specifying more then one parameter don’t use a separator.
When I now start the application I can see that the parameters I specified in the published application are now passed through to my application!
Thursday, 18 March 2010 13:23 | Author: Nico van Meurs |
At the end of this month Citrix will release firmware version 9.2 for Access Gateway Enterprise. Coolest thing in this new release is that secure access to XenApp and XenDesktop will be totally free of charge from now on! This is part of the Access Gateway Platform license that Citrix announced with the release of the Access Gateway VPX (http://support.citrix.com/article/ctx124138).
The Access Gateway Platform License provides access to Citrix XenApp and XenDesktop resources and provides support for Citrix Receiver and Dazzle. The platform license allows users to log on using Citrix online plug-ins and connect to published XenApp resources and published desktops running on XenDesktop.Here’s a list of the new features:
No per-user charge for secure access to XenApp and XenDesktop
All Access Gateway and NetScaler appliances running 9.2 will support secure access to XenApp and XenDesktop without requiring additional user licenses. This change saves customers money, allows Access Gateway to be sold with all XenApp and XenDesktop editions, and gives customers a reason to upgrade from Secure Gateway.
Customer requiring advanced features of Access Gateway such as network VPN, clientless access, and SmartAccess still must purchase Access Gateway “Universal Licenses” or upgrade to Platinum editions of XenApp, XenDesktop, or NetScaler.
Improved smartcard support
Access Gateway 9.2 and XenApp 6.0 deliver true smartcard single sign-on that avoids users having to enter passwords. This solution is ideal for government agencies looking to achieve compliance with HSPD-12. This release also adds support for OCSP and group authorization through LDAP for smartcard users.
More clients
Access Gateway 9.2 adds client support for Mac OS X and Window 7 (32 and 64 bit). Endpoint analysis is also available on Firefox and Internet Explorer 8 browsers.
Multiple language support
This release delivers support for French, German, Spanish, and Japanese in all user-facing elements.
Form single sign-on to web applications
Users no longer need to enter credentials twice when accessing web applications. Access Gateway 9.2 delivers single sign-on capabilities to any web application that supports HTML forms.
File share enhancements
File share bookmarks now support Microsoft DFS and username token substitution (e.g. \\fileserver\homedrives\%username%).
Authentication enhancements
Access Gateway 9.2 adds additional authentication options including LDAP password changing, nested LDAP group extraction, group based logon control, and password extraction when using a onetime password.
Tuesday, 16 March 2010 12:42 | Author: Nico van Meurs |
There's a little bug in Provisioning Server when using the writecache to reside on the client's local disk. When checking out the writecache on the client's local drive the writecache file is displayed as being 0 kb in size.
To see the real size of the writecache file, just right click the file, choose properties and click OK. Then press te F5 button and the actual size is being displayed in explorer.
) and is still busy designing and implementing SBC and VDI environments at customers, based on Citrix products. Besides consultancy Eelco is frequently asked for troubleshooting jobs and infrastructural challenges.