10 Tips Every Xen Desktop Admin Should Know

1,880 views

Published on

10 Tips Every Xen Desktop Admin Should Know

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,880
On SlideShare
0
From Embeds
0
Number of Embeds
33
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

10 Tips Every Xen Desktop Admin Should Know

  1. 1. Mick Glover – Sr. Readiness Specialist, Worldwide Support Readiness 10 Tips Every XenDesktop Admin Should Know January 30, 2014 Citrix Support Secrets Webinar Series Important links: PoSH Scripts Webinar Recording
  2. 2. © 2012 Citrix | Confidential – Do Not Distribute Presenter Bio: Mick Glover 2 • Over 18 Years of Experience in IT • Joined Citrix in January 2005 • Started as Senior member of Frontline team • Spent 3 years working as an Escalation Engineer • Been with the WW Readiness team since 2009 • Certifications: CCA, CCEE, CCIA, CCI & MCSE • SME areas: XenDesktop, App Orchestration, UPM • Promotes the XD Tipster Blog Series and @XDtipster twitter feed
  3. 3. © 2012 Citrix | Confidential – Do Not Distribute Objectives At the end of this webinar, you will be able to: • Customize your PoSH working environment • Validate the true state of FMA services and identity possible issues • Generate and apply Schema update scripts against Site DB • Logically group machines using Broker tags • Manage computer a/c’s and naming schemes for MCS Catalogs • Explicitly Control access to desktops through PoSH • Configure aspects of XD using built-in Citrix PSProviders • Configure advanced PMGMT features • Create service DB scripts of various types to facilitate XD Deployments
  4. 4. Tip Number 10 Creating a customized XD PoSH $profile
  5. 5. © 2012 Citrix | Confidential – Do Not Distribute What is a PoSH Profile? The nuts and Bolts • PoSH script file (.ps1) that runs when PoSH starts up ᵒ Can contain Cmdlets, Scripts, functions i.e. any valid PoSH commands • Can be used to set-up and customize your PoSH env • Advantage for XenDesktop administrators? • Lets take a look….
  6. 6. © 2012 Citrix | Confidential – Do Not Distribute Step 1: Confirm if profile already exists Test-path $profile • Return value False = No existing profile • Return value True = Existing profile
  7. 7. © 2012 Citrix | Confidential – Do Not Distribute Step 2: Create PoSH $Profile New-item –type file $profile • -Force parameter can be used to overwrite an existing profile
  8. 8. © 2012 Citrix | Confidential – Do Not Distribute Step 3: Configure PoSH $Profile Notepad $profile • Type notepad $profile ᵒ Enter commands to customize PoSH env ᵒ File  Save  Exit
  9. 9. © 2012 Citrix | Confidential – Do Not Distribute Step 4: Confirm existence of $Profile Test-Path %profile • Expected return value = True • Edit at any stage by typing Notepad $profile  Return
  10. 10. © 2012 Citrix | Confidential – Do Not Distribute New-Item PoSH cmdlet -Force switch Usage • Allows the cmdlet to create an item that writes over an existing read-only item
  11. 11. © 2012 Citrix | Confidential – Do Not Distribute Step 5: Confirm $Profile functionality E.G. Get-BrokerSite
  12. 12. Tip Number 9 Service MGMT (Checking The state of FMA services through PoSH)
  13. 13. © 2012 Citrix | Confidential – Do Not Distribute Checking the Status of the controller Services Windows services applet won’t paint the full picture… • Run Get-<Alias>ServiceStatus for each service ᵒ Expected return value = OK • Other Possible Return values include: • DBMissingOptionalFeature • DBRejectedConnection • DBUnconfigured • … • Lets take a look…
  14. 14. © 2012 Citrix | Confidential – Do Not Distribute PoSH - Validating Service Status XD 5.x • Use Get-BrokerServiceStatus (Broker Service) • Use Get-ConfigServiceStatus (Configuration Service) • Use Get-HypServiceStatus (Host Service) • Use Get-AcctServiceStatus (AD Identity Service) • Use Get-ProvServiceStatus (Machine Creation Service) • Use Get-PvsvmServiceStatus (Machine Identity Service) • Use Get-LicServiceStatus (License Service)
  15. 15. © 2012 Citrix | Confidential – Do Not Distribute PoSH - Validating Service Status XD 7.x 1 of 2 • Use Get-BrokerServiceStatus (Broker Service) • Use Get-ConfigServiceStatus (Configuration Service) • Use Get-HypServiceStatus (Host Service) • Use Get-AcctServiceStatus (AD Identity Service) • Use Get-ProvServiceStatus (Machine Creation Service) • Use Get-LicServiceStatus (License Service)
  16. 16. © 2012 Citrix | Confidential – Do Not Distribute PoSH - Validating Service Status XD 7.x 2 of 2 • Use Get-EnvTestServiceStatus (Environment Test Service) • Use Get-SfServiceStatus (Storefront Service) • Use Get-MonitorServiceStatus (Monitor Service) • Use Get-LogServiceStatus (Configuration Logging Service) • Use Get-AdminServiceStatus (Delegated Administration Service)
  17. 17. © 2012 Citrix | Confidential – Do Not Distribute Get-BrokerServiceStatus - Return Values (1 of 2) Status Meaning OK The broker is connected to a database that is valid, and the service is running. DBUnconfigured The broker does not have a database connection configured DBRejectedConnection The database rejected the logon from the Broker Service. This may be caused by bad credentials, or the database not being installed. InvalidDBConfigured The database schema is missing (possibly just the stored procedures in it). DBNotFound The specified database could not be located with the configured connection string. DBMissingOptionalFeature The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable. DBMissingMandatoryFeature The broker is connected to a database that is valid, but it does not have the full functionality required so the broker cannot function. Upgrading the database is required.
  18. 18. © 2012 Citrix | Confidential – Do Not Distribute Get-BrokerServiceStatus - Return Values (2 of 2) Status Meaning DBNewerVersionThanService The broker is too old to use the database. A newer version is required. DBOlderVersionThanService The database is too old for the Broker Service. Upgrade the database. DBVersionChangeInProgress A database schema upgrade is in progress. OK PendingFailure Connectivity between the Broker Service and the database has been lost. This may be a transitory network error, but may indicate a loss of connectivity that requires administrator intervention. Failed Connectivity between the broker and the database has been lost for an extended period of time, or has failed due to a configuration problem. The broker service cannot operate while its connection to the database is unavailable. Unknown The Service's status cannot be determined
  19. 19. © 2012 Citrix | Confidential – Do Not Distribute Validating the Status of the controller Services Write simple .ps1 script for single Controller to make your life easier
  20. 20. © 2012 Citrix | Confidential – Do Not Distribute Validating the Status of the controller Services Return value is important
  21. 21. © 2012 Citrix | Confidential – Do Not Distribute What does DBMissingOptionalFeature mean? Run Help Get-BrokerServiceStatus –Full to find out… • The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable. • Next Step? See Tip 8
  22. 22. Tip Number 8 Checking & Updating DB Schema versions manually through PoSH
  23. 23. © 2012 Citrix | Confidential – Do Not Distribute DB Schema’s background • Each Service has it’s own DB Schema and set of tables that it communicates with • DB Schema version should match the version of the service itself for optimal performance • Let’s take a look and see what the problem is…
  24. 24. © 2012 Citrix | Confidential – Do Not Distribute Step 1: Run Get-BrokerInstalledDbVersion Check current Broker Service DB schema and available upgrade options
  25. 25. © 2012 Citrix | Confidential – Do Not Distribute Step 2: Run Get-BrokerController Check Controller Version
  26. 26. © 2012 Citrix | Confidential – Do Not Distribute Step 3: Run Get-BrokerDBVersionChangeScript Create upgrade script
  27. 27. © 2012 Citrix | Confidential – Do Not Distribute Step 4: Disconnect Controller from DB • Any controller can essentially be turned off (disconnect from the DB)by un- configuring the services • You could also stop the Broker Service…
  28. 28. © 2012 Citrix | Confidential – Do Not Distribute Step 5: Upgrade the Broker Service Schema • Execute upgrade_71.sql file on SQLServer in SQLCMD mode and against the XD DB • Check messages window for confirmation… • Start the Broker service one again on Controller prior to Step 7 (Next Slide)
  29. 29. © 2012 Citrix | Confidential – Do Not Distribute Step 7: Check Status of Broker Service again Get-BrokerServiceStatus • Expected return value = OK • Remember: Creating simple scripts will make your life easier and can be fun to use…
  30. 30. Tip Number 7 Machine Tagging
  31. 31. © 2012 Citrix | Confidential – Do Not Distribute Machine Tagging The Nuts and Bolts • Machine tagging first introduced in XD 5.x • Can be used to create a logical grouping of machines within a site ᵒ Across Delivery Groups & OU’s • This can have advantages when configuring HDX Policies/Access to resources • Let’s take a look…
  32. 32. © 2012 Citrix | Confidential – Do Not Distribute Machine Tagging through Citrix Studio • Any machine which is part of a Delivery or Desktop Group can be tagged within Citrix Studio…
  33. 33. © 2012 Citrix | Confidential – Do Not Distribute Assigning Tags through PoSH Example - Alternative Option 1. New-BrokerTag -Name <Executive> 2. $desktop = Get-BrokerDesktop -uid 1 3. Add-BrokerTag -Name Executive -desktop $desktop
  34. 34. © 2012 Citrix | Confidential – Do Not Distribute Assigning Tags through PoSH Visual Example 2
  35. 35. © 2012 Citrix | Confidential – Do Not Distribute Confirming Machine UID’s
  36. 36. © 2012 Citrix | Confidential – Do Not Distribute Viewing Tags through PoSH Use Select Command • Get-BrokerMachine | select machinename, tags | format-table
  37. 37. © 2012 Citrix | Confidential – Do Not Distribute HDX Tag Filter Use Case • HDX Policies can be applied against specific tags…
  38. 38. Tip Number 6 Managing the Identity Pool StartCount and NamingScheme Parameters for MCS Catalogs
  39. 39. © 2012 Citrix | Confidential – Do Not Distribute Identity Pools Created and managed by the AD Identity Service • Associated with Catalogs
  40. 40. © 2012 Citrix | Confidential – Do Not Distribute Observation IdentityPoolName & ProvisioningSchemeName matching values
  41. 41. © 2012 Citrix | Confidential – Do Not Distribute XenDesktop A/C delete/re-use options MCS Only • Important to understand Delete options in relation to machine a/c mgmt… • NB: If machine AD a/c is deleted then it can be used again automatically as long as the StartCount value is reset to match • If AD a/c is not deleted then resetting the StartCount will have no impact
  42. 42. © 2012 Citrix | Confidential – Do Not Distribute StartCount value determines
  43. 43. © 2012 Citrix | Confidential – Do Not Distribute
  44. 44. © 2012 Citrix | Confidential – Do Not Distribute Changing the NamingScheme Considerations
  45. 45. © 2012 Citrix | Confidential – Do Not Distribute Changing the NamingScheme WebinarTest# • Set-AcctIdentityPool -IdentityPoolName "Windows 7 SP1 x86 - 1GB" -NamingScheme WebinarTest# -StartCount 1 • Note: Unless the StartCount value is explicitly set then it will remain as it was prior to the change in NamingScheme
  46. 46. © 2012 Citrix | Confidential – Do Not Distribute Reverting NamingScheme Considerations • StartCount will not change
  47. 47. Tip Number 5 Controlling Access To Resources
  48. 48. © 2012 Citrix | Confidential – Do Not Distribute XD Site Policies Overview • Entitlement Policies (Pooled/Shared Desktops) ᵒ Get-BrokerEntitlementPolicyRule ᵒ Get-BrokerAppEntitlementPolicyRule • Assignment Policies (Dedicated/Private Desktops) ᵒ Get-BrokerAssignmentPolicyRule ᵒ Get-BrokerAppAssignmentPolicyRule • Access Policy ᵒ Get-BrokerAccessPolicyRule (Discussed during Tip# 2) • Lets take a look…
  49. 49. © 2012 Citrix | Confidential – Do Not Distribute Viewing BrokerEntitlementPolicy rule(s) Training Win7 Delivery Group • By default, no exclusions are set
  50. 50. © 2012 Citrix | Confidential – Do Not Distribute
  51. 51. © 2012 Citrix | Confidential – Do Not Distribute Setting a BrokerEntitlementPolicy rule Edit existing rule for relevant Delivery Group
  52. 52. © 2012 Citrix | Confidential – Do Not Distribute
  53. 53. © 2012 Citrix | Confidential – Do Not Distribute Revert Changes/Remove Exclusions • Use –RemoveExcludedUsers parameter or empty the array using @() ᵒ Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers traininguser1 -ExcludedUserFilterEnabled $false Or ᵒ Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" - ExcludedUserFilterEnabled $false -ExcludedUsers @()
  54. 54. Tip Number 4 Exploring Citrix PowerShell Providers
  55. 55. © 2012 Citrix | Confidential – Do Not Distribute What are PowerShell Providers The nuts and Bolts • Extension’s which allow data structures to be mounted through PoSH • Available PSProviders can be viewed using Get-PSProvider • XenDesktop 5.x & 7.x ship with two PSproviders ᵒ CitrixGroupPolicy ᵒ Citrix.Hypervisor • Lets take a look….
  56. 56. © 2012 Citrix | Confidential – Do Not Distribute View all available Providers Run Get-PSProvider • Specific PS-Drives are created by default for each PSProvider
  57. 57. © 2012 Citrix | Confidential – Do Not Distribute Use CD command to mount PSDrives • CD XDHYP:  Return • CD LocalGPO:  Return • CD Templates: --> Return • CitrixGroupPolicy PSProvider also supports other PSDrives that are not available by default ᵒ To view these options run Help New-PSDrive –Full from within the mounted LocalGPO or Templates drive…
  58. 58. © 2012 Citrix | Confidential – Do Not Distribute Example Usage: Enabling Intellicache
  59. 59. © 2012 Citrix | Confidential – Do Not Distribute LocalStorageCaching related error
  60. 60. © 2012 Citrix | Confidential – Do Not Distribute Creating HDX Policies through PoSH Use the CitrixGroupPolicy PSProvider • New-PSDrive Webinar -PSProvider CitrixGroupPolicy -Root -Controller DC1dir
  61. 61. © 2012 Citrix | Confidential – Do Not Distribute Enable Setting Example: ReadonlyClipboard • PS Webinar:usertrainingSettingsica> Set-ItemProperty ReadonlyClipboard - Name State -Value enabled • Running dir under the Ica folder will return the following…
  62. 62. © 2012 Citrix | Confidential – Do Not Distribute Configure Tag filter through Citrix Studio Allow: Training Tag
  63. 63. © 2012 Citrix | Confidential – Do Not Distribute Validate Functionality Through Registry • HKLMSoftwarePoliciesCitrix<s ession#UserVCPolicies….
  64. 64. Tip Number 3 Configuring Extended Disconnect/Logoff settings
  65. 65. © 2012 Citrix | Confidential – Do Not Distribute Extended Disconnect/Logoff Settings Extending Functionality… • Available for Pooled & Dedicated Desktops/Delivery Groups • Can only be configured through PoSH • Available for Peak & OffPeak hours • Let’s take a look…
  66. 66. © 2012 Citrix | Confidential – Do Not Distribute View all disconnect options through PoSH • Get-BrokerDesktopGroup -Name "training win7" | select *peakdis*, *extende* | format-list
  67. 67. © 2012 Citrix | Confidential – Do Not Distribute Configuring Extended Disconnect Setting Example: Peak Hours • Set-BrokerDesktopGroup -Name "Training Win7" - PeakExtendedDisconnectAction suspend -PeakExtendedDisconnectTimeout 5
  68. 68. Tip Number 2 Using the Site Access Policy to Restrict Access to Resources
  69. 69. © 2012 Citrix | Confidential – Do Not Distribute Site Access Policy • Contains two rules per Delivery Group by default ᵒ Direct Connections ᵒ Connections through Netscaler/AG • Similar to the Entitlement and Assignment site policy rules, Site access policy rules control access to resources • What is the key difference? ᵒ Entitlement & Assignment policy rules control user access (included/excluded users) ᵒ Access policy rules control the wider conditions (Clientnames/ClientIPs/SmartAccessFilters) • Lets take a look…
  70. 70. © 2012 Citrix | Confidential – Do Not Distribute Example: Restrict access from ClientIP • Return Access Policy rules for a specific Delivery Group ᵒ Get-BrokerAccessPolicyRule -DesktopGroupName "Training Win7 - Dedicated“ • Edit the direct rule and exclude a specific IP address ᵒ Set-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" - ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29 to restrict access from the Win7Client machine
  71. 71. © 2012 Citrix | Confidential – Do Not Distribute
  72. 72. Tip Number 1 Manually Joining a Controller to an existing Site
  73. 73. © 2012 Citrix | Confidential – Do Not Distribute Manually Joining a Controller to an existing Site Simple three step process 1 • Create Instance Scripts for each service running on DC1 (Controller) 2 3
  74. 74. © 2012 Citrix | Confidential – Do Not Distribute Manually Joining a Controller to an existing Site Simple three step process 1 • Create Instance Scripts for each service running on DC1 (Controller) 2 • Configure the DB connection string for each service 3
  75. 75. © 2012 Citrix | Confidential – Do Not Distribute Manually Joining a Controller to an existing Site Simple three step process 1 • Create Instance Scripts for each service running on DC1 (Controller) 2 • Configure the DB connection string for each service 3 • Register each service with the Configuration service
  76. 76. © 2012 Citrix | Confidential – Do Not Distribute Lets take a look… • Complete instructions can be found here ᵒ http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controller-to-an- existing-db-3-simple-steps/
  77. 77. Before I Finish…
  78. 78. © 2012 Citrix | Confidential – Do Not Distribute
  79. 79. XD Tipster Blog Series
  80. 80. © 2012 Citrix | Confidential – Do Not Distribute XD Tipster Blogs Just a selection… • http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7- xendesktop-posh-module/ • http://blogs.citrix.com/2013/08/29/xd-tipster-machine-tagging-and-hdx-policies/ • http://blogs.citrix.com/2013/08/21/xd-tipster-changing-delivery-group-icons- revisited-xd7/ • http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controller- to-an-existing-db-3-simple-steps/ • http://blogs.citrix.com/2013/10/01/xd-tipster-creating-hdx-policies-through-posh/ • http://blogs.citrix.com/2013/10/22/xd-tipster-removing-controllers-from-an-xd- site-using-posh/
  81. 81. © 2012 Citrix | Confidential – Do Not Distribute About Citrix Services Citrix Services make sure you succeed with your virtualization programs. How we can help Citrix Education – The fastest, most efficient way to get your team the virtualization skills they need. Online, on-site or in class. citrix.com/training Citrix Consulting – Intensive engagements for complex, critical or just plain massive projects. citrix.com/consulting Citrix Support – Always-on support services that leverage everything we know about best-practice deployment and maintenance. citrix.com/support Educate | Guide | Support | Succeed
  82. 82. © 2012 Citrix | Confidential – Do Not Distribute • 40 insider troubleshooting tips • Covering XenDesktop, XenServer, XenApp and NetScaler • Citrix Support top engineers • FREE eBook • Citrix Auto Support • Now available! Secrets of the Citrix Support Ninjas
  83. 83. © 2012 Citrix | Confidential – Do Not Distribute Premier Support Calculator Check it out
  84. 84. Work better. Live better.Work better. Live better.

×