Xc e 4.5 condensed tech deck 17 dec2012 final


Published on

Para maiores detalhes:
Twitter --> @ Nuno_Alves
Email --> nuno.alves@lcs.com.br
Site da LCS - www.lcs.com.br

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • When we go a layer down, XenClient works by combining a comprehensive centralized management system with a Type-1 client hypervisor.A bit of coverage on the a few use cases – so that you can think of the potential opportunities:Well-managed laptops/desktops for offline/online useMulti-VM environment for power users (dev./tester/Itpros)Multi-level security environments
  • Management Server host must be standalone physical or virtual server. XenClient Synchronizer requires a database.MS SQL Express is included in the installation media.Other enterprise databases such as MS SQL 2005/2008, Oracle, and PostgreSQL are also supported
  • BIOS Measures MBR and Invokes boot loader Trusted GrubGrub Measures Boot Partition, decrypts Key1, then Boots Operating SystemOS Decrypts Control Domain Partition and Loads Client SoftwareClient Authorizes User then Allows Access to Encrypted Virtual MachinesNo key for bitlocker - don’t use TPM to virtualize or for encryption
  • Xc e 4.5 condensed tech deck 17 dec2012 final

    1. 1. XenClient Enterprise 4.5Condensed Technical PresentationDecember 17, 2012
    2. 2. Agenda • XenClient Overview • XenClient Solutions • Architectural Overview • System Requirements • Image Management: Layering and Publish Process • Policy-Based Management • Data Protection: Disk Encryption and User Data Backup • Data Backup • References and Resources2 © 2012 Citrix | Confidential – Do Not Distribute
    3. 3. XenClient Simplifies and Secures Corporate PCs Secure and Optimized Local Execution Centralized Control True Type-1 Client Hypervisor Policy-driven Management Server Make PCs manageable, reliable, & secure 3 © 2012 Citrix | Confidential – Do Not Distribute © 2012 Virtual Computer Inc
    4. 4. XenClient Components – Client Endpoint• Engine ᵒType-1 hypervisor running directly on the hardware and hidden from the user• Launcher ᵒThe UI which provides an interface to the user• Dock ᵒA Dock that provides Citrix Receiver, RDP Client, and Google Chrome4 © 2012 Citrix | Confidential – Do Not Distribute
    5. 5. XenClient Components – Synchronizer • The management server performs all the administrative tasks for the solution. It keeps a database of all objects in the XenClient Enterprise solution. Objects Description Synchronizer Tasks: •Create VMs (Authoring) Users Computer, policy and VM assignments plus backups for each VM •Publish VMs •Create Users and Groups Groups Which users belong to which groups, and •Assign a VM group assignments •Restore a VM VMs Which OS, and version, which groups and users, policies Policies Backup frequency, USB and other device, VM and computer access control, and more Software What is available in the Software library Computers Which users are supposed to use them Events Detailed audit trail of actions for each object5 © 2012 Citrix | Confidential – Do Not Distribute
    6. 6. Whats New in XenClient Enterprise? Next Generation  Supports the latest Ultrabooks and Intel 3rd generation processors Global Desktop  Windows 8 support  Now available in English and 6 other languages for major markets! Expanded Use Cases  Enables more enterprise network policies with VLAN tagging  NetScaler support for Synchronizer external network access Increased  Dual monitors in dock support Performance  Improved hypervisor boot time  import and export VMs directly from the client hypervisor6 © 2012 Citrix | Confidential – Do Not Distribute
    7. 7. Effortless Device Management for PCs Project-based solutionCustomer Challenges and Opportunities Solution includes:• Companies buy thousands units of PCs each year and need a better way to manage their current & new PCs • XenClient Engine to secure PC• PCs deliver excellent local performance, but are riddled with patch failures, reliability, & security issues endpoints and turn them into easy-to-manage Virtual Appliances• Traditional Device Management is expensive , distracts focus and budget from higher value service delivery • XenClient Synchronizer for simple• XenClient FlexCast model turns PCs into Virtual Appliances, cutting management & operations costs by 70+% centralized management of fully virtualized desktops running on PCsFeatures Benefits • Citrix Receiver for access to hosted XenDesktop or XenApp in addition toFailsafe Provisioning, Provision 1000s of PCs as easily as one, eliminate patch failures, and the local virtual desktopPatching, & Updates achieve 100% success rates on updates • NetScaler integration for providingPC Execution for Delivers local execution for use cases that need them – including secure access to the management distributed offices, limited network bandwidth, etc. interface from any locationLocal Uses CasesExcellent Scalability with Offers near-zero backend infrastructure cost by harnessing inexpensive Value Story:Near-Zero Infrastructure compute and storage available on endpoint PCs Citrix delivers the lowest-cost, simplestSecure, locked-down, but Secure the PC with full-disk encryption, protected VM image for instant device management solution for PCs,personalized desktops recovery from malware or corruption, and network isolation turning them into centrally managed Virtual Appliances, for use cases whereHigh Reliability and Delivers high reliability with zero patch failures, transparent backup, rapid organizations are already using PCs or areRapid Recovery recovery, and instant full migration to new PCs in case of hardware failure planning to purchase them. 7 © 2012 Citrix | Confidential – Do Not Distribute
    8. 8. Secure & Manage Mobile Laptops Project-based solutionCustomer Challenges and Opportunities Solution includes:• The number of enterprise laptops is increasing rapidly with users spending more time outside the office • XenClient Engine to completely secure• Lost data on insecure laptops leads to financial losses, negative customer/market impact, and legal liability laptops online and off, turning them into easy-to-manage Virtual Appliances• Laptops are difficult to manage and update because of how often they are off the LAN or disconnected • XenClient Synchronizer for simple• Reliability and rapid recovery is critical for laptop users who are traveling and cannot be visited by IT centralized management of virtual desktops that work both online and offFeatures Benefits • Citrix Receiver for access to hosted XenDesktop or XenApp in addition toHigh Security for AES-256 bit full-disk encryption, time-based lockout, and remote kill the local virtual desktopMobile Laptop Users capabilities protect sensitive corporate data even if a laptop is lost • NetScaler integration for providingFailsafe Management Off Achieve 100% success rates patching and updating laptops regardless of secure access to the management whether they are on or off the corporate network interface from any locationthe Corporate NetworkExtending Desktop Extend desktop virtualization to offline laptops to gain all the benefits of Value Story:Virtualization to Laptops centralized management, enhanced reliability, and high security Citrix XenClient extends the benefits ofTransparent Backup to Automatically synchronize user data and profile information in the desktop virtualization to corporateProtect Corporate Data background to protect corporate data against loss or corruption laptops, turning them into Virtual Appliances that are completelyHigh Reliability & Rapid Delivers high reliability with zero patch failures, complete data protection, manageable, reliable, and secure.Recovery on the Road and instant malware/corruption recovery to laptops users on the road 8 © 2012 Citrix | Confidential – Do Not Distribute
    9. 9. Architectural Overview – Engine • True Type-1 Hypervisor (No OS below the hypervisor layer) ᵒFully virtualized platform Shared Image Patch ᵒSupports wide range of business-class PCs Backup ᵒFull shared image support for Windows 7, XP & Vista Store ᵒLinux supported as custom image or local install (Note: Support is Management unofficial since there are no PV drivers for Linux) Server Virtual Machine #1 Virtual Machine #2 User Data User Data Applications … Applications Services Management and Control Windows XP Windows 7 Domain Domain (DomS) Virtual HW Virtual HW (Dom0) Xen™ Hypervisor (Open Source) Hardware9 © 2012 Citrix | Confidential – Do Not Distribute
    10. 10. Architectural Overview – Synchronizer Central Server SQL Management Server Console LDAP Control API FileSystem Repository Hyper-V Storage10 © 2012 Citrix | Confidential – Do Not Distribute
    11. 11. Architectural Overview – Synchronizer Infrastructure Server Components Management Server  XenServer, VMware, Hyper-V or Physical  Stores one copy of each image and patch  Distributes to all attached devices  Stores backups Authoring Server  Physical Server  Runs Server 2008 w/ Hyper-v  Authors VM‟s centrally  Publish/patch VMs Both components can be installed on a single system Distribute across multiple systems for larger deployments 11 © 2012 Citrix | Confidential – Do Not Distribute
    12. 12. Architectural Overview – Hierarchical Mgmt Central • Optimized for low-bandwidth/WAN environments • Intelligent caching of downloaded images Management Server • Efficient use of bandwidth between remote offices (Web/App) • At Remote Office • Local LAN operations for publishing/backups SQL • One copy of OS image and patches • Backups stored locally in Remote Office • At Central Office • Single view of Environment through management UI Remote Caching Server SQL Server (1433) WAN HTTPS (443)12 © 2012 Citrix | Confidential – Do Not Distribute
    13. 13. Architectural Overview – OS Management Management Update One to many Server from server Shared Image Shared System Disk System Patch One to many, patch once, publish many VHD Backup Snapshot For backup Backup Persistent User Data Store User Backed-up on server for instant recovery VHD Persistent Local Data (no backup) Local Fast VHD Recovery Page.sys, temp files, indexes, .ost files13 © 2012 Citrix | Confidential – Do Not Distribute
    14. 14. System Requirements Client Hypervisor (Engine) Management Server (Synchronizer) • Processor: • Operating System: - Dual-core processor with hardware Windows Server 2008 R2 with Hyper-V virtualization technology support (Standard, Enterprise or DataCenter) • Processor: • System Memory: We strongly recommend at ᵒAuthoring Server least 4 GB of RAM • 2 Xeon class cores enough to create and update • Available Disk Space: 80 GB free disk virtual machine images space, more for multiple OSs ᵒManagement Server • 1-2 cores for running backend server • 3 Xeon class cores for each 1GB LAN connection Browser to connect to Management Server: • System Memory: 8 GB minimum • IE 9 recommended ᵒAuthoring Server • Recommend 6GB free for creating and updating virtual • Microsoft .NET Framework 2.0 installed machine images • RDP ActiveX control enabled ᵒManagement Server • Minimum is 8GB • Increasing to 16GB will give the best performance14 © 2012 Citrix | Confidential – Do Not Distribute
    15. 15. Image Management – Layering XenClient Enterprise rolls back an image:How layering works in XenClient Enterprise: Pointer to run to the top of the chain (current) Version 4 Version 3 Adding patches will grow the chain Version 2 The first patch becomes the top of the chain • All patches are processed Version 1 Base System VHD in the background • All backups are uploaded in the background • The VHD chains are Gold Snap 1 Snap N Leaf handled by the engine15 © 2012 Citrix | Confidential – Do Not Distribute
    16. 16. Image Management – Layering VM Hypervisor Drive L: local.vhd Contains any changes made since VM has started Drive U: user.vhd Contains NxPrep Results • Computer name snapback.vhd • Domain Account • Device Initialization nxprep.vhd • NxPrep Extend Drive C: version3.vhd Downloaded from the version2.vhd backend version1.vhd16 © 2012 Citrix | Confidential – Do Not Distribute
    17. 17. Image Management – Backups System User Local Drive C: Drive U: Drive L: Files: Files: Files: C: C:Program Data C:WindowsPrefetch C:Program Files C:Usersjohns C:UsersjohnsAppDataLocalTemp C:Users C:UsersPublic C:Program DataMicrosoftSearch C:UsersAdministrator C:UsersDefault C:Program DataMicrosoftWindowsDefender C:UsersDefault C:Windows C:Nxtop Registry: Registry: User disk registry entries Local disk registry entries17 © 2012 Citrix | Confidential – Do Not Distribute
    18. 18. Publishing Process – Publishing a VM Publish Process Publish Boot Details • One-time setup, done against initial VHD • Process Takes ~5 mins version • Configure Windows Services • NxTop Service injected offline • Install PV Drivers & NxTop Mgr Service • Standard software packages installed. • Uninstall Hyper-V integration services (3 mins) • Per-published version processing • Disable services • Create differencing disk to hold publish • Speeds up Publish/NxPrep process changes • Services are enabled again at end of NxPrep • referred to as „n-diff‟ • Hyper-V Publish Boot • PV drivers installed • No hardware yet – just added to Windows database • Final VHD chain is (1..n, n-diff) • Communicated to client in XML description of VM18 © 2012 Citrix | Confidential – Do Not Distribute
    19. 19. Publishing Process – Publish Chain 4-diff Versions can be marked as a Staged version Version 4 for testing. Only users marked to receive a staged version will get them. When Version 2 is published, the results are Non-published versions can be created as stored in 2-diff Version 3 checkpoints. 2-diff When Version 1 has been published, future Version 2 patches are applied to a new Version 2 diff disk 1-diff When Version 1 is published, the results are Base System VHD, the start of the chain when stored in 1-diff. Version 1 the VM is first installed.19 © 2012 Citrix | Confidential – Do Not Distribute
    20. 20. Publishing Process – Publish Chain Rollback 4-diff The most recent version (or versions) can be Version 4 deleted using the Rollback feature if they are broken. The topmost versions are simply removed and Version 3 discarded (so long as no clients are currently using the version) 2-diff Version 2 1-diff Version 120 © 2012 Citrix | Confidential – Do Not Distribute
    21. 21. Publishing Process – Engine-Side Processes Preparation Process System Disk Collapse Process•Client downloads required VHD files •Intent is to collapse entire (1..n) chain •All elements in system disk chain (1..n,n-diff) •Improve performance •Only loads those not already present locally •Reduce disk usage •User disk chain if it exists •Resulting chain is (1‟,n-diff-1,n-diff-2) •User disk created on client when VM first deployed to user •Chain is collapsed in one step•Push n-diff-1 disk onto system disk stack •Blocks in versions (2..n) are written to version 1•Push new diff disk onto user disk to hold updates •For each 2MB block, find all the modified sectors in (2..n)•Create local disk VHD if not present •Write these sectors to version 1•Boot into NxPrep •This produces updated 1‟ •VM booted with minimal memory size and no network •Once complete, VHD chain updated •Runs at the same time as the existing version •(n-diff-1) updated to point to (1‟) •Uses PnP to install virtual devices: •Meta data updated to indicate (1‟) contains all previous •QEMU emulated devices not present on server versions •PV devices (disk, network, mouse, etc) •Lastly, old versions (2..n) are discarded. •Performs user personalization •Rename NxTop user for workgroup users •Create domain account profile21 © 2012 Citrix | Confidential – Do Not Distribute
    22. 22. Policy-Based Management – Overview Policies control aspects of a VM, Engine, or Synchronizer • Policies are defined in the Synchronizer, and then assigned to VMs. There are 3 basic types of policies in XenClient Enterprise • Virtual Machine policies ᵒThese policies control various aspects of how a virtual machine (VM) performs • Engine policies ᵒDeals with Launcher, Activities Center, Network and Power Management • Synchronizer policies ᵒUsed to define Admin roles and bandwidth control for e.g. updates22 © 2012 Citrix | Confidential – Do Not Distribute
    23. 23. Policy-Based Management – Setting Policies There are nine different types of XenClient policies: • Administrator Role: Allows an administrator to assign privileges based on an assigned role • Backup: How often automatic backup is performed and how long backups will be retained • Bandwidth: Set the bandwidth policy for an IP or subnet (max bandwidth, time period, etc.) • Engine: Engine Policies affect behavior of XenClient Engines, not VMs • Default policy sets behavior for all XenClient Engines associated with a Synchronizer • Expiration: Limits VM use to a number of days from first use • Lockout: How long the computer can be out of contact with the Synchronizer before locking users out of the VM (lease period) • OS Profile: A set of rules for the OS for special handling for applications, services, or other setting. • Snapback is the ability of the OS to return to the condition of the last XenClient publish and discarding any made changes. • USB Filter: The types of USB devices can be used on the VM • Windows Setting: Establishes logon types and automatic logon settings for users. Configures VLAN tag settings23 © 2012 Citrix | Confidential – Do Not Distribute
    24. 24. Encryption Architecture unencrypted encrypted Unencrypted K1 Encrypted K2 Encrypted MBR Boot Partition 1 Partition 2 Trust /boot Control Domain VHD Repository GRUB K1 K2 1 2 3 4 BIOS24 © 2012 Citrix | Confidential – Do Not Distribute
    25. 25. Data Protection – Remote Kill • Shreds all encryption keys ᵒSo an encrypted boot can‟t be read • Deletes all VM VHDs ᵒAny running VMs will have blue screen at some point when the data can‟t be read. • Writes random data all over the physical disk ᵒWill completely wipe our software and entire disk (and anything on the system including dual boot roots) • Finally, system is halted after 30 minutes if not already stopped25 © 2012 Citrix | Confidential – Do Not Distribute
    26. 26. Data Protection – User Data Backup Overview Backed up on a schedule • As defined by policy Items Included Out-of-the-Box • Users directories • Personalization (Wallpaper, Application data) OS Profile Customization • XML language defines files/registry values to save Client-Side Process • Snapshot created on scheduled basis • Pause guest • Add new diff disk “user-diff-m” onto head of user chain • Update guest to use new head • Resume guest • Backup sends previous diff disk to server • Sends “user-diff-(m-1)” • Once backup sent, merge to single VHD • When system is idle26 © 2012 Citrix | Confidential – Do Not Distribute
    27. 27. Data Protection – User Data Backup Process Snapshot3: If scheduled time for backup reached Backup of Snapshot2: Once initial backup has Snapshot3 again, a further snapshot is created. been sent, second one will be transferred Snapshot2: New COW disk created when scheduled Snapshot2 time for backup reached. Changes made by VM are written to new snapshot. Backup of User VHD: Previous disk in chain uploaded to server when connection available Initial State: Original User VHD, start of the chain User VHD27 © 2012 Citrix | Confidential – Do Not Distribute
    28. 28. Data Protection – User Data Backup Process Snapshot3 User Once backups have been sent to the server, they are VHD‟ merged into the base disk (2..1)28 © 2012 Citrix | Confidential – Do Not Distribute
    29. 29. Customer Quotes Thanks to XenClient Enterprise, computers are being deployed to our newest hospital at a fraction of the time it would ordinarily take. Ames Prentis, CEO, IVG Hospitals XenClient Enterprise is the first product I have ever tested where my users want to adopt merely by word of mouth. We had employees at all levels literally begging to get these systems. Alan Rabideau, CIO, Residential Finance Corporation By using XenClient, we can centralize the management of PCs remotely instead of traveling to each site to deploy, update or patch. This has greatly reduced our costs and increased the productivity of our IT staff. Kraig Stewardson, IT Desktop Manager, Life Time Fitness© 2012 Citrix | Confidential – Do Not Distribute
    30. 30. More Technical Resources• Watch XenClient “How-to” videos in the XenClient Enterprise 4.5 How-to Series• Get more information from the Extended XenClient Technical Presentation• Get specific technical information about XenClient from the Knowledge Center• Get technical support from the XenClient Support Forums• Get the latest XenClient Customer Presentation for use with prospects• Get the latest sales resources from the XenClient Sales Kit• Keep up with latest XenClient news by subscribing to the XenClient Blog RSS feed• Contact the XenClient sales overlay team at xenclientsales@citrix.com• Download the latest version of XenClient at www.citrix.com/xenclient/tryit30 © 2012 Citrix | Confidential – Do Not Distribute
    31. 31. Work better. Live better.