This session will cover common deployment methods for StoreFront using NetScaler Gateway as well as review troubleshooting techniques to isolate deployment issues.
What you will learn
- Configuration steps for deploying StoreFront server with NetScaler Gateway
- Design considerations when preparing for deployment
- Tools for troubleshooting it isolate issues
Kubernetes currently has two load balancing mode: userspace and IPTables. They both have limitation on scalability and performance. We introduced IPVS as third kube-proxy mode which scales kubernetes load balancer to support 50,000 services. Beyond that, control plane needs to be optimized in order to deploy 50,000 services. We will introduce alternative solutions and our prototypes with detailed performance data.
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...ShapeBlue
Having High Availability enabled for KVM Hosts can improve greatly the QoS by handling (fence/recover) a problematic Host as well as re-starting its stopped VMs on healthy hosts. However, there is a limitation on CloudStack HA for KVM; it relies mainly on NFS heartbeat script checks. This Talk illustrates how CloudStack HA works for KVM hosts and it presents a way of improving its implementation in a way that KVM HA works with any storage system pluggable on KVM, not just NFS.
About Gabriel Brasher - https://blogs.apache.org/cloudstack/
------------------------------------------
CloudStack European User Group Virtual happened on May 27th. The first CSEUG Virtual proved to be a huge success. It collected people from 23 countries – Germany, the United Kingdom, Switzerland, India, Bulgaria, Greece, Poland, Serbia, Brazil, Chile, Russia, USA, Canada, Japan, France, Uruguay, Korea …
We also had a record number of registrations and attendees for a CloudStack User Group Event. The physical distance was not a stopper for our speakers, who joined the event from 6 different countries.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
Starting with Docker 1.12, Docker has added features to the core Docker Engine to make multi-host and multi-container orchestration extremely simple to use and accessible to everyone. Docker 1.12 Networking plays a key role in enabling these orchestration features.
In this online meetup, we learned all the new and exciting networking features introduced in Docker 1.12:
Swarm-mode networking
Routing Mesh
Ingress and Internal Load-Balancing
Service Discovery
Encrypted Network Control-Plane and Data-Plane
Multi-host networking without external KV-Store
MACVLAN Driver
You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.
View full webinar on demand at http://nginx.com/resources/webinars/installing-tuning-nginx/
High Availability Content Caching with NGINXNGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/high-availability-content-caching-nginx/
You trust NGINX to be your web server, but did you know it’s also a high-performance content cache? In fact, the world’s most popular CDNs – CloudFlare, MaxCDN, and Level 3 among them – are built on top of the open source NGINX software.
NGINX content caching can drastically improve the performance of your applications. We’ll start with basic configuration, then move on to advanced concepts and best practices for architecting high availability and capacity in your application infrastructure.
Join this webinar to:
* Enable content caching with the key configuration directives
* Use micro caching with NGINX Plus to cache dynamic content while maintaining low CPU utilization
* Partition your cache across multiple servers for high availability and increased capacity
* Log transactions and troubleshoot your NGINX content cache
Building a scalable microservice architecture with envoy, kubernetes and istioSAMIR BEHARA
Talk from O'Reilly Software Architecture Conference San Jose 2019
Microservices and containers have taken the software industry by storm. Transitioning from a monolith to microservices enables you to deploy your application more frequently, independently, and reliably. However, microservice architecture has its own challenges, and it has to deal with the same problems encountered while designing distributed systems.
Enter service mesh technology to the rescue. A service mesh reduces the complexity associated with microservices and provides functionality like load balancing, service discovery, traffic management, circuit breaking, telemetry, fault injection, and more. Istio is one of the best implementations of a service mesh at this point, while Kubernetes provides a platform for running microservices and automating deployment of containerized applications.
Join Samir Behara to go beyond the buzz and understand microservices and service mesh technologies.
Kubernetes currently has two load balancing mode: userspace and IPTables. They both have limitation on scalability and performance. We introduced IPVS as third kube-proxy mode which scales kubernetes load balancer to support 50,000 services. Beyond that, control plane needs to be optimized in order to deploy 50,000 services. We will introduce alternative solutions and our prototypes with detailed performance data.
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...ShapeBlue
Having High Availability enabled for KVM Hosts can improve greatly the QoS by handling (fence/recover) a problematic Host as well as re-starting its stopped VMs on healthy hosts. However, there is a limitation on CloudStack HA for KVM; it relies mainly on NFS heartbeat script checks. This Talk illustrates how CloudStack HA works for KVM hosts and it presents a way of improving its implementation in a way that KVM HA works with any storage system pluggable on KVM, not just NFS.
About Gabriel Brasher - https://blogs.apache.org/cloudstack/
------------------------------------------
CloudStack European User Group Virtual happened on May 27th. The first CSEUG Virtual proved to be a huge success. It collected people from 23 countries – Germany, the United Kingdom, Switzerland, India, Bulgaria, Greece, Poland, Serbia, Brazil, Chile, Russia, USA, Canada, Japan, France, Uruguay, Korea …
We also had a record number of registrations and attendees for a CloudStack User Group Event. The physical distance was not a stopper for our speakers, who joined the event from 6 different countries.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
Starting with Docker 1.12, Docker has added features to the core Docker Engine to make multi-host and multi-container orchestration extremely simple to use and accessible to everyone. Docker 1.12 Networking plays a key role in enabling these orchestration features.
In this online meetup, we learned all the new and exciting networking features introduced in Docker 1.12:
Swarm-mode networking
Routing Mesh
Ingress and Internal Load-Balancing
Service Discovery
Encrypted Network Control-Plane and Data-Plane
Multi-host networking without external KV-Store
MACVLAN Driver
You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.
View full webinar on demand at http://nginx.com/resources/webinars/installing-tuning-nginx/
High Availability Content Caching with NGINXNGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/high-availability-content-caching-nginx/
You trust NGINX to be your web server, but did you know it’s also a high-performance content cache? In fact, the world’s most popular CDNs – CloudFlare, MaxCDN, and Level 3 among them – are built on top of the open source NGINX software.
NGINX content caching can drastically improve the performance of your applications. We’ll start with basic configuration, then move on to advanced concepts and best practices for architecting high availability and capacity in your application infrastructure.
Join this webinar to:
* Enable content caching with the key configuration directives
* Use micro caching with NGINX Plus to cache dynamic content while maintaining low CPU utilization
* Partition your cache across multiple servers for high availability and increased capacity
* Log transactions and troubleshoot your NGINX content cache
Building a scalable microservice architecture with envoy, kubernetes and istioSAMIR BEHARA
Talk from O'Reilly Software Architecture Conference San Jose 2019
Microservices and containers have taken the software industry by storm. Transitioning from a monolith to microservices enables you to deploy your application more frequently, independently, and reliably. However, microservice architecture has its own challenges, and it has to deal with the same problems encountered while designing distributed systems.
Enter service mesh technology to the rescue. A service mesh reduces the complexity associated with microservices and provides functionality like load balancing, service discovery, traffic management, circuit breaking, telemetry, fault injection, and more. Istio is one of the best implementations of a service mesh at this point, while Kubernetes provides a platform for running microservices and automating deployment of containerized applications.
Join Samir Behara to go beyond the buzz and understand microservices and service mesh technologies.
Content caching is one of the most effective ways to dramatically improve the performance of a web site. In this webinar, we’ll deep-dive into NGINX’s caching abilities and investigate the architecture used, debugging techniques and advanced configuration. By the end of the webinar, you’ll be well equipped to configure NGINX to cache content exactly as you need.
View full webinar on demand at http://nginx.com/resources/webinars/content-caching-nginx/
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1) - AWS re:...Amazon Web Services
Many customers are using Amazon EC2 instances to run applications with high performance networking requirements. In this session, we provide an overview of Amazon EC2 network performance features— including enhanced networking, ENA, and placement groups—and discuss how we are innovating on behalf of our customers to improve networking performance in a scalable and cost-efficient manner. We share best practices and performance tips for getting the best networking performance out of your Amazon EC2 instances.
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning Ji-Woong Choi
TTA에 KVM 기반 프로비저닝 기술에 대한 데모 세션을 포함하는 세미나 관련 자료입니다. 클라우드환경으로 가고자 해서 Paas를 어떤 플랫폼위에 올린다면 그리고 가상화 환경이나 클라우드 환경으로 올린다면 어떤 환경으로 올릴것인가를 고민하여야 합니다.
그리고 이 hypervisor중에 cloud 환경에서 가장 주목받는 kvm을 기반으로 하는 두가지 가상화 클라우드 솔루션인 rhev와 openstack을 잠시 살펴볼 것입니다.
그리고 이러한 가상화 클라우드 환경에서 자동화 하는 솔류션을 어떻게 고려해야 하는가를 살펴보고, 그런 솔류션중에 하나인 아테나 피콕에 대해 살펴보겠습니다.
그리고 오픈스택환경하에서 구축해서 사용했던 사용기와 이를 자동화하기위해 개발자들이 사용했던 간단한 ansible provisioning 모습을 시연합니다.
When one server just isn’t enough, how can you scale out? In this webinar, you'll learn how to build out the capacity of your website. You'll see a variety of scalability approaches and some of the advanced capabilities of NGINX Plus.
View full webinar on demand at http://nginx.com/resources/webinars/nginx-load-balancing-software/
Introduce the basic concept of Open vSwitch. In this slide, we talked about how Linux kernel and networking stack worked together to forward and process the network packet and also compare those Linux networking stack functionality with Open vSwitch and Openflow.
At the end of this slide, we talk about the challenge to integrate the Open vSwitch with Kubernetes, what kind of the networking function we need to resolve and what is the benefit we can get from the Open Vswitch.
Kubernetes is more or less one of the biggest players when it comes to Container orchestration. Since Kubernetes 1.7 RBAC (Role Based Access Control) is the default for the authorisation of actions in you cluster. There are many other components, like Pod Security Policies, Network Policies, Admisstion Controllers, that allows you to secure your Kubernetes cluster.
In this talk I will show you how these things can work together and which problem these components try to solve. Also I will show you an overview how other tools like Vault can fit into the Kubernetes ecosystem to make you platform more secure.
Event: DevFest Karlsruhe, 09.12.2017
Speaker: Johannes M. Scheuermann
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Weitere Tech-Artikel: https://www.inovex.de/blog/
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
The AT&T team recently embarked on a journey with CloudStack and has since deployed a solution which encompasses multiple data-centers. This talk focuses on how they are using open source tools like CloudStack, FreeIPA, and Metal as a Service (MaaS) to support KVM-based VM provisioning at an enterprise scale within a GitOps model.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
This webinar will cover the current state of MCS and PVS. We'll look at how MCS and PVS work differently on hypervisors like ESXi and Hyper-V. We will look at new target platforms such as Windows Server 2012 R2 to see if PVS or MCS behave differently.
And lastly we will dive into the new VHDX-based PVS wC option and why you should be using it for all your workloads.
The webinar will be presented by Nick Rintalan
Citrix Group Policy Troubleshooting for XenApp and XenDesktopDavid McGeough
Understanding the Citrix Group Policy architecture and how to troubleshoot is key to ensuring a stable environment. This session will provide an overview of the Citrix Group Policy architecture and troubleshooting tool and steps that can be leveraged in both XenApp and XenDesktop environments.
What you will learn
- General components and architecture of Citrix Group Policy
- Best practices and disaster recovery for Citrix Group Policy
- Troubleshooting Citrix Group Policy issues
Recording associated with this webinar can be found here - http://www.citrix.com/tv/#videos/12508
Content caching is one of the most effective ways to dramatically improve the performance of a web site. In this webinar, we’ll deep-dive into NGINX’s caching abilities and investigate the architecture used, debugging techniques and advanced configuration. By the end of the webinar, you’ll be well equipped to configure NGINX to cache content exactly as you need.
View full webinar on demand at http://nginx.com/resources/webinars/content-caching-nginx/
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1) - AWS re:...Amazon Web Services
Many customers are using Amazon EC2 instances to run applications with high performance networking requirements. In this session, we provide an overview of Amazon EC2 network performance features— including enhanced networking, ENA, and placement groups—and discuss how we are innovating on behalf of our customers to improve networking performance in a scalable and cost-efficient manner. We share best practices and performance tips for getting the best networking performance out of your Amazon EC2 instances.
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning Ji-Woong Choi
TTA에 KVM 기반 프로비저닝 기술에 대한 데모 세션을 포함하는 세미나 관련 자료입니다. 클라우드환경으로 가고자 해서 Paas를 어떤 플랫폼위에 올린다면 그리고 가상화 환경이나 클라우드 환경으로 올린다면 어떤 환경으로 올릴것인가를 고민하여야 합니다.
그리고 이 hypervisor중에 cloud 환경에서 가장 주목받는 kvm을 기반으로 하는 두가지 가상화 클라우드 솔루션인 rhev와 openstack을 잠시 살펴볼 것입니다.
그리고 이러한 가상화 클라우드 환경에서 자동화 하는 솔류션을 어떻게 고려해야 하는가를 살펴보고, 그런 솔류션중에 하나인 아테나 피콕에 대해 살펴보겠습니다.
그리고 오픈스택환경하에서 구축해서 사용했던 사용기와 이를 자동화하기위해 개발자들이 사용했던 간단한 ansible provisioning 모습을 시연합니다.
When one server just isn’t enough, how can you scale out? In this webinar, you'll learn how to build out the capacity of your website. You'll see a variety of scalability approaches and some of the advanced capabilities of NGINX Plus.
View full webinar on demand at http://nginx.com/resources/webinars/nginx-load-balancing-software/
Introduce the basic concept of Open vSwitch. In this slide, we talked about how Linux kernel and networking stack worked together to forward and process the network packet and also compare those Linux networking stack functionality with Open vSwitch and Openflow.
At the end of this slide, we talk about the challenge to integrate the Open vSwitch with Kubernetes, what kind of the networking function we need to resolve and what is the benefit we can get from the Open Vswitch.
Kubernetes is more or less one of the biggest players when it comes to Container orchestration. Since Kubernetes 1.7 RBAC (Role Based Access Control) is the default for the authorisation of actions in you cluster. There are many other components, like Pod Security Policies, Network Policies, Admisstion Controllers, that allows you to secure your Kubernetes cluster.
In this talk I will show you how these things can work together and which problem these components try to solve. Also I will show you an overview how other tools like Vault can fit into the Kubernetes ecosystem to make you platform more secure.
Event: DevFest Karlsruhe, 09.12.2017
Speaker: Johannes M. Scheuermann
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Weitere Tech-Artikel: https://www.inovex.de/blog/
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
The AT&T team recently embarked on a journey with CloudStack and has since deployed a solution which encompasses multiple data-centers. This talk focuses on how they are using open source tools like CloudStack, FreeIPA, and Metal as a Service (MaaS) to support KVM-based VM provisioning at an enterprise scale within a GitOps model.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
This webinar will cover the current state of MCS and PVS. We'll look at how MCS and PVS work differently on hypervisors like ESXi and Hyper-V. We will look at new target platforms such as Windows Server 2012 R2 to see if PVS or MCS behave differently.
And lastly we will dive into the new VHDX-based PVS wC option and why you should be using it for all your workloads.
The webinar will be presented by Nick Rintalan
Citrix Group Policy Troubleshooting for XenApp and XenDesktopDavid McGeough
Understanding the Citrix Group Policy architecture and how to troubleshoot is key to ensuring a stable environment. This session will provide an overview of the Citrix Group Policy architecture and troubleshooting tool and steps that can be leveraged in both XenApp and XenDesktop environments.
What you will learn
- General components and architecture of Citrix Group Policy
- Best practices and disaster recovery for Citrix Group Policy
- Troubleshooting Citrix Group Policy issues
Recording associated with this webinar can be found here - http://www.citrix.com/tv/#videos/12508
The Top Eight Best Practices for Deploying XenApp and XenDesktop 7.6eG Innovations
Citrix XenApp and XenDesktop 7.6 are fast becoming the standard platforms for deploying application and desktop virtualization. Based on the new Flexcast Management Architecture (FMA), XenApp and XenDesktop 7.6 provides a unified platform that makes application and desktop delivery fast and easy.
See our recent webinar slides for the Top Eight Best Practices for Deploying Citrix XenApp and XenDesktop 7.6 to learn how to take advantage of all the new Citrix features and enhancements to improve the security, manageability and remote access of your virtual applications and desktops.
10 Tips Every XenDesktop Admin Should KnowDavid McGeough
The recording of this webinar can be found here:
https://www1.gotomeeting.com/register/549106393
PoSH scripts used in webinar
https://citrix.sharefile.com/d/s6f2aa129f424c43b
As a XenDesktop administrator, it’s your responsibility to make sure your XenDesktop infrastructure is running smoothly and your users are working efficiently. In this webinar our very own XenDesktop master, Michael Glover will guide you in utilizing our award winning solution for virtual desktop delivery, XenDesktop, with some really key tips and time savers to help you make the very most of your investment. Michael has been involved in XenDesktop from day one and has gathered a huge amount of knowledge which he would love to share with you.
During this webinar you will:
• Learn to carry out advanced administration tasks using the public PoSH SDK
• Troubleshoot and resolve serious Site issues
• Learn how to carry out real-time infrastructure testing to validate site functionality
• Learn how to use key Tools to Troubleshoot XD issues
• Gain greater in-dept knowledge of the internal workings of XenDesktop
In-depth Troubleshooting on NetScaler using Command Line ToolsDavid McGeough
Webinar recording - https://www1.gotomeeting.com/register/753997104
Citrix NetScaler has a rich Web-based management suite of tools available. To dig deep troubleshooting NetScaler, sometimes it’s best to roll up your sleeves and dig out the command line!
The goal of this session is to demystify some useful command line tools and provide a tactical approach to troubleshooting of NetScaler.
In this session we will demonstrate troubleshooting approaches using the command line and many tips for common issues seen in customer deployments.
In this session you will learn about:
· Differences between NetScaler kernel and BSD
· Processes and disk layout
· Look up stats and statuses
· Troubleshoot using various different logs
· Use counters to help identify issues
Top Troubleshooting Tips and Techniques for Citrix XenServer DeploymentsDavid McGeough
This session will provide an expert insight into the most common issues encountered by Customers, Partners and Support engineers.
It’s a feature packed agenda which gets to the point quickly and concentrates on the issues we encounter continuously with XenServer deployments.
Advanced Tools and Techniques for Troubleshooting NetScaler AppliancesDavid McGeough
This session will cover advanced techniques in troubleshooting the Citrix NetScaler Appliance using tools such as Citrix TaaS, IPMI, nsconmsg, wireshark and log analysis. We will review usages of these tools along with case studies showing how to best troubleshoot common issues seen in operating Citrix NetScaler Appliances.
What you will learn
- Various tools available to troubleshoot issues and how to use them to isolate NetScaler Issues
- Common deployment problems and how to isolate the causes
Citrix Provisioning Services (PVS) functionality targets network client machines that boot and connect to provisioning services servers under the guidelines specified in the PXE 2.1 specification. This in-depth technical session will provide a step-by-step detailed overview of the target boot process used by provisioning services versions 5.6.x and 6.x.
In this session you will learn about:
• Components and architecture of the PVS boot process
• Troubleshooting PVS boot issues
• Load balancing and failover technology
Real world experience with provisioning servicesCitrix
If you use Citrix NetScaler for secure remote access to your Citrix XenApp/Citrix XenDesktop deployment, you may be wondering if there’s more that it can do. You are correct! NetScaler also offers load balancing, global server load balancing, web interface integration, HDX traffic inspection and much more. It can enhance Citrix ShareFile StorageZones and Citrix mobile deployments. Join this session for a quick NetScaler refresher.
Troubleshooting XenApp with the Citrix Diagnostic ToolkitDavid McGeough
When problems occur, support engineers need data points, debug tracing and context information to help determine root causes. Preparation and organization of commonly used tools has always been a time-consuming challenge, especially during outages. The Citrix diagnostics toolkit (CDT) addresses these challenges by rapidly deploying a suite of tools and options in an easy-to-use structured format.
What you will learn:
• What is the Citrix Diagnostics Toolkit?
• How and when to use the CDT?
• How the CDT helps Citrix deliver better technical support?
Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...eG Innovations
A great user experience is key for the success of any Citrix application virtualization or desktop virtualization initiative. To ensure user satisfaction and productivity, Citrix administrators should monitor the user experience proactively, detect times when users are likely to be seeing slowness, pinpoint the cause of such issues and initiate corrective actions to quickly resolve issues, thereby ensuring user satisfaction and productivity.
A key question is where should the monitoring of the Citrix infrastructure be performed from - the network, the server infrastructure, or from the client?
View this presentation to:
• Learn about the different approaches to Citrix user experience monitoring, their benefits and shortcomings
• Hear about a hybrid approach that provides the most cost-effective yet comprehensive monitoring for a Citrix server farm
• See a live demonstration of the hybrid Citrix monitoring approach and its ability to cover all aspects of Citrix user experience
Citrix unterscheidet wieder zwischen XenApp 7.5 und XenDesktop 7.5. Aber keine Angst, beide Produkte verwenden die gleiche Technologie wie in XenDesktop 7.1, die Flexcast-Management-Architektur. Also keine IMA-Dienste und Zonen-Data-Kollektoren mehr.
Neu wird es auch möglich sein, die Citrix-Lösungen in hybride oder öffentliche Clouds zu integrieren, wie zum Beispiel Amazon Web Services oder Windows Azure. Daneben werden auch andere Produkte wie AppDNA, Mobile Device Management oder die neuste Protokoll-Errungenschaft Framehawk in der kommenden Version je nach Lizenzversion integriert sein.
Slides zum Referat von Stephan Pfister.
XenDesktop Master Class - Live Installation of XenDesktop/XenApp 7.6Lee Bushen
Our “Quick-Start” session on XenApp and XenDesktop 7.6 to see a live demo of a step-by-step, new-build, installation. A Recording of the Master Class is here: http://www.citrix.com/tv/#videos/12582
The
This webinar will touch on the architectural changes in XenApp 7.5. The session will also cover the Citrix Consulting Methodology, which focuses on ensuring that projects are properly planned and designed before implementation begins.
Here is the presentation I gave during Synergy 2012 in SFO on our performance tuning efforts in the AOL production network. The presentation gives details on the various tcpprofile options, examples of our custom profiles and the impact these had on the service.
At the end is a section on troubleshooting and what snmp oids we watch for early problem detection.
Feel free to ask questions or make comments.
Citrix TechEdge 2014 - Advanced Tools and Techniques for Troubleshooting NetS...David McGeough
This session will cover advanced techniques in troubleshooting the Citrix NetScaler Appliance using tools such as Citrix TaaS, IPMI, nsconmsg, wireshark and log analysis. We will review usages of these tools along with case studies showing how to best troubleshoot common issues seen in operating Citrix NetScaler Appliances.
What you will learn
- Various tools available to troubleshoot issues and how to use them to isolate NetScaler Issues
- Common deployment problems and how to isolate the causes
Slides zur Präsentation von Claudio Mascaro, BCD-SINTRAG AG, am Citrix Day 2014 von Digicomp.
Citrix bietet mit XenMobile eine umfassende Suite für das Enterprise Mobility Management, die viele Einzelaspekte in einer Lösung vereint: XenMobile bietet einen integrierten Ansatz, der es erlaubt, mobile Endgeräte, Apps und Daten von einer zentralisierten Stelle zu sichern und zu verwalten sowie Richtlinien auf Basis von Gerätebesitz, Status und/oder Standort festzulegen. Wir stellen die Lösung, Vorteile und Funktionen für MDM, MAM, EMM, Daten-Management und mobile Apps vor.
Citrix TechEdge 2014 - Troubelshooting Top Issues with XenMobile Enterprise E...David McGeough
XenMobile Enterprise Edition includes multiple Citrix components which can result in many different integration issues. In this session we will review the top integration issues and discuss the recommended troubleshooting and prevention steps for each issue.
What you will learn:
- Device Manager and App Controller integration best practices
- NetScaler configuration troubleshooting - SSL Bridge vs. SSL Offloading
- Device Manager enrollment - using a 3rd party certificate
Manage and Diagnose your Environment using Citrix Insight ServicesDavid McGeough
Citrix Insight Services (CIS) is a simple, online troubleshooting platform and health-checker for your Citrix environment. It provides known issue diagnostics, as well as best proactive advice and a simple interface to review your environment.
Join this webinar to learn about this exciting tool, and how it can help you in managing and optimizing your Citrix environment
What you will learn:
- What Citrix products are supported and how to generate log files
- How to navigate the console (demo)
- Types of issues CIS can resolve
- How to sign up and starting using it (its free!)
Common Pitfalls when Setting up a NetScaler for the First TimeDavid McGeough
Sometimes setting up a NetScaler may seem an impossible. What do you do when you hit a roadblock at an early stage?
In this session, Ronan will step through the most common issues you can experience at an early stage of your NetScaler deployment, and how to diagnose them using on-box tools.
During this session you will learn:
- Troubleshooting basic setup issues
- Health Checks
- Introducing redundancy and removing single point of failure
- Logging – what happened historically
Best practices for implementing, administering, and troubleshooting XenDeskto...David McGeough
Recording from this webinar can be found here:
http://www.citrix.com/tv/#videos/11549
Citrix XenDesktop introduced a number of new concepts and processes for Desktop Administrators. Understanding these advancements and their effect on is key to a stable XenDesktop environment. This session will discuss core deployment and configuration concepts and considerations and provide proven practices for troubleshooting the top three XenDesktop issues.
What you will learn
- Concepts for successful deployment of a XenDesktop site
- Configuring a typical site and understanding the common challenges
- Troubleshooting registration, connection, and machine creation issues
- Citrix Quick Launch
Maintaining and Troubleshooting your XenDesktop 7.5 EnvironmentDavid McGeough
This session will step through the most common issues you can experience with XenDesktop 7.5. In addition, we’ll also cover the best troubleshooting tools to maintain your environment.
The scripts referenced in this webinar can be found here:
https://citrix.sharefile.com/d/s1e724ab3ab14a96a
The recording of this webinar can be found here:
http://www.citrix.com/tv/#videos/11494
Citrix TechEdge 2014 - Best Practices for Implementing, Administering, and Tr...David McGeough
Citrix XenDesktop introduced a number of new concepts and processes for Desktop Administrators. Understanding these advancements and their effect on is key to a stable XenDesktop environment. This session will discuss core deployment and configuration concepts and considerations and provide proven practices for troubleshooting the top three XenDesktop issues.
What you will learn
- Concepts for successful deployment of a XenDesktop site
- Configuring a typical site and understanding the common challenges
- Troubleshooting registration, connection, and machine creation issues
- Citrix Quick Launch
Vskills certification for Cloudstack Professional assesses the candidate as per the company’s need for deploying and managing cloud infrastructure. The certification tests the candidates on various areas in installation, configuration, deployment and management of cloudstack, applying authentication, provisioning cloud resources, offering various services, managing networking, hosts and storage, managing network traffic, system reliability and high availability.
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainLouis Göhl
Numerous Microsoft technologies are now taking advantage of digital certificate-based authentication to enable the support for and management of systems outside trusted networks and domains. Join us to learn how you can use digital certificates with System Center to extend your management capabilities beyond your immediate environment, and enable a single management infrastructure to manage systems and IT services across multiple trusted and untrusted domains.
Troubleshooting Tools – How to isolate and resolve issues in your XenApp & Xe...David McGeough
Part of the Citrix Support Secrets Webinar Series
This troubleshooting tools webinar will cover how to quickly define and troubleshoot problems in your Citrix XenApp and Citrix XenDesktop environment. We will look at various tools offered by Citrix to help identify, analyze and resolve the most common problems observed by Citrix Technical Support engineers.
What you will learn:
- How to troubleshoot and isolate connectivity/policies/session sharing issues
- How to use Citrix XDPing tool to troubleshoot
- How to use Citrix Quick Launch tool to troubleshoot
- How to use Scout for Citrix XenApp and Citrix XenDesktop
This webinar took place on Nov 29th, see recording here.
https://www1.gotomeeting.com/register/284459393
How to Protect Against top Web Security Issues With Citrix NetScalerDavid McGeough
This session will cover some of the industry-standard OWASP Top 10, a list describing the most prevalent security attacks on production environments. We will cover the Citrix NetScaler appliance and its role in shutting down these common vulnerabilities, and how to effectively do so through the use of the Application Firewall and protection features.
What you will learn
- How to protect against security attacks with Application Firewall
- How to reinforce your environment through NetScaler protection features
- How to simulate a vulnerable web server environment for testing
This session will cover how Worx home user authentication and communication flow works and what tools can be used for troubleshooting common authentication issues.
What you will learn
- XenMobile Enterprise authentication flow
- How Single Sign-on works between NetScaler Gateway and App Controller
- How "Step up" authentication works for WorxMail and WorxWeb
Citrix TechEdge 2014 - How to Protect Against the Top 10 Web Security Issues ...David McGeough
This session will cover some of the industry-standard OWASP Top 10, a list describing the most prevalent security attacks on production environments. We will cover the Citrix NetScaler appliance and its role in shutting down these common vulnerabilities, and how to effectively do so through the use of the Application Firewall and protection features.
What you will learn
- How to protect against security attacks with Application Firewall
- How to reinforce your environment through NetScaler protection features
- How to simulate a vulnerable web server environment for testing
Citrix TechEdge 2014 - Citrix Group Policy Troubleshooting for XenApp and Xen...David McGeough
Understanding the Citrix Group Policy architecture and how to troubleshoot is key to ensuring a stable environment. This session will provide an overview of the Citrix Group Policy architecture and troubleshooting tool and steps that can be leveraged in both XenApp and XenDesktop environments.
What you will learn
- General components and architecture of Citrix Group Policy
- Best practices and disaster recovery for Citrix Group Policy
- Troubleshooting Citrix Group Policy issues
Citrix TechEdge 2014 - A Deep Dive Look Into Supporting XenDesktopDavid McGeough
Supporting a XenDesktop environment is not just about being able to collect and consume detailed log files and traces. The fact is, it is much more than this. A good understanding of the FMA architecture and expected behavior can go a long way to resolving various technical issues. Join Kimberly Ferrie and Mick Glover as they discuss and demonstrate how to apply this knowledge when supporting a XenDesktop environment.
What you will learn
- How the various FMA services interact with each other and the Site Database
- How to check the true state of FMA services and validate site functionality through PowerShell
- How to create various types of Service and Database Schema scripts
- How to configure Site policies to control access to resources
Maintaining and Troubleshooting your XenApp 7.5 EnvironmentDavid McGeough
Recording of this webinar is here
http://www.citrix.com/tv/#videos/11450
This session will step through the most common issues you can experience with XenApp 7.5. In addition, we’ll also cover the best troubleshooting tools to maintain your environment.
This session will take a technical look into XenDesktop 7.5 and how to approach an deployment. We’ll cover general architecture, new features and how to best move to the platform.
Webinar recording: http://www.citrix.com/tv/#videos/11383
Troubleshooting Common Network Related Issues with NetScalerDavid McGeough
Webinar recording: https://www1.gotomeeting.com/register/737119097
As a NetScaler Administrator, you will need to understand how the NetScaler interacts with the network to ensure an optimally running environment for your applications. In this Webinar delivered by NetScaler Escalation Engineers you will learn some of the common network configuration issues, how to avoid them and when necessary how to troubleshoot them.
You will learn how to troubleshoot:
- HA issues
- GARP issues
- LA channel issues
- Layer 2 issues
Recorded webinar is here: https://www1.gotomeeting.com/register/927927145
This session will take a technical look into XenApp 7.5 and how to approach an deployment. We’ll cover general architecture, new features and how to best move to the platform.
Using NetScaler Insight to Troubleshoot Network and Server Performance IssuesDavid McGeough
"During this session we will cover NetScaler Insight, which gives you visibility across your network AND allows you to see the end user experience. In this session, Ronan will install and configure Insight, and demonstrate how to use it to drill down and pinpoint network or performance issues.
During this session, you will learn:
- Basics of the HTTP protocol
- How to Install & configure Insight
- Use Insight to pinpoint performance issues
- NetScaler performance metrics when load balancing traffic"
Troubleshooting a XenDesktop Environment using the PowerShell SDKDavid McGeough
The Citrix XenDesktop PowerShell SDK is the foundation for all interactions with a XenDesktop database and is the same SDK used by Desktop Studio.
This deep dive session will include a behind-the-scenes look at several tools used by Citrix Technical Support that utilize the PowerShell SDK, including common configuration cmdlets and scripts. Learn how to use the SDK to more effectively configure, monitor and troubleshoot issues in a XenDesktop environment.
What you will learn:
• About the PowerShell SDK and the role it plays in a XenDesktop environment
• Common configuration cmdlets and scripts used by Citrix Technical Support
• Advanced scripting techniques used to troubleshoot complex issues
Configuring and Troubleshooting XenDesktop SitesDavid McGeough
Citrix XenDesktop introduced a number of new concepts and processes for desktop administrators. The goal of this session is to demystify these concepts and provide a tactical approach to deployment and troubleshooting of a XenDesktop environment. In this session we will demonstrate the core configuration that is required, and also cover proven troubleshooting approaches to the top three problems we see in customer deployments.
Implementing and Troubleshooting EdgeSightDavid McGeough
This presentation covers an overview of the product, detailed architecture and component review as well as an in-depth look at troubleshooting and tools available.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Citrix TechEdge 2014 - How to Troubleshoot Deployments of StoreFront and NetScaler Gateway
1. How To Troubleshoot Deployments of
StoreFront and NetScaler Gateway
Citrix Synergy, May 2014
Juan Zevallos, Escalation Engineer
Tweet about this session with hashtag #SYN401 and #citrixsynergy
Thank you for joining this session on How To Troubleshoot Deployments of StoreFront and NetScaler Gateway.
In this session, we are going to cover how to try and avoid issues altogether
How to find the real issue by understanding the communication flow
Then once you find the issue, what tools can you use to troubleshoot
Now that we went over the flow from authentication to establishing the ICA session, let’s go over what is needed to accomplish this
Let’s quickly go over the StoreFront integration steps and what you will need
Step 1: Enable Single Sign-On Authentication on StoreFront
This setting will allow StoreFront to evaluate the incoming HTTP request and perform the Authentication Callback if it determines that the user is coming from a Gateway
Step 2: In the StoreFront management console you will need to add a Gateway instance to associate with the StoreFront Store. Let’s go over each field
Display name: This can be whatever you’d like, just keep in mind that end users WILL see this display name if they open their Receiver options to select a Gateway. If you have multiple Gateway in different geographical locations, you can name each Gateway accordingly and have the user select which Gateway to access based on their current location, or you may have a disaster recovery environment that you want to include. This piece of information is included in the Discovery file that the Receiver client downloads to add the account.
NetScaler Gateway URL: This is the FQDN that end users will be accessing from the external network, end users should be typing this exact FQDN into their browser address bar. Receivers on mobile devices or windows and mac devices will automatically use this FQDN after it downloads this information from the StoreFront Store via the Store’s Discovery file.
We’ll cover the Subnet IP later in the presentation
The logon type should match the authentication method configured on the Gateway. So if you have LDAP and RSA authentication, change this field accordingly. This information gets entered into the Discovery file also
Callback URL: Whatever FQDN is entered in here, you should be able to open Internet Explorer on the StoreFront server and browse to this FQDN without certificate warnings and successfully load the logon page. If not, then Single Sign-On from the Gateway will most likely not work.
The last thing to configure is the Secure Ticket Authority (STA). This is the ticketing service used to securely launch an ICA session through the Gateway
Step 2: In the StoreFront management console you will need to add a Gateway instance to associate with the StoreFront Store. Let’s go over each field
Display name: This can be whatever you’d like, just keep in mind that end users WILL see this display name if they open their Receiver options to select a Gateway. If you have multiple Gateway in different geographical locations, you can name each Gateway accordingly and have the user select which Gateway to access based on their current location, or you may have a disaster recovery environment that you want to include. This piece of information is included in the Discovery file that the Receiver client downloads to add the account.
NetScaler Gateway URL: This is the FQDN that end users will be accessing from the external network, end users should be typing this exact FQDN into their browser address bar. Receivers on mobile devices or windows and mac devices will automatically use this FQDN after it downloads this information from the StoreFront Store via the Store’s Discovery file.
We’ll cover the Subnet IP later in the presentation
The logon type should match the authentication method configured on the Gateway. So if you have LDAP and RSA authentication, change this field accordingly. This information gets entered into the Discovery file also
Callback URL: Whatever FQDN is entered in here, you should be able to open Internet Explorer on the StoreFront server and browse to this FQDN without certificate warnings and successfully load the logon page. If not, then Single Sign-On from the Gateway will most likely not work.
The last thing to configure is the Secure Ticket Authority (STA). This is the ticketing service used to securely launch an ICA session through the Gateway
Once the Gateway is created, you’ll be able to bind it to the Store
The first thing you’ll have to do is select ‘No VPN tunnel’. The Full VPN tunnel is not necessary, unless you have XenMobile App Controller publishing Internal Web Links that require a full VPN tunnel from the client to the Gateway, this requires different configuration (See CTX139319)
Then you’ll select the Gateways to bind with the Store – you do have the option to bind multiple Gateways to a single Store
And then select the Default appliance, in cases where you have multiple Gateways
A file that can be used to automatically configure the Store Account into Receiver for any platform – Win/Mac, mobile, linux
End users can access the Discovery file by logging into the Receiver for Web site and clicking on Activate on the top right corner of the web site
Administrators can access the file by Exporting the Provisioning File from the StoreFront Management console, and then distribute the file to the end users
The Discovery file is meant to be opened by Receiver to add the account, but it can also be opened using a text editor since it just contains XML content
The top of the content contains the Store information, including the SRID, Name of the Store, and the BaseURL
Next, we have the information about the Gateway that is bound to the Store, including the Display Name, Authentication type, and the External FQDN that Receiver would use when connecting remotely
So how does Receiver determine whether it should use StoreFront’s BaseURL or the Gateway URL? It relies on the beacons
It’s going to first try to access this Internal beacon by sending an HTTP request to it, if the request comes back successful, then Receiver will connect to the StoreFront FQDN
If the HTTP request is NOT successful, then Receiver is going to check the External beacons and then eventually fallback to the Gateway FQDN
These beacon values can actually be changed from the StoreFront console, in case you want granular control of how and when users access StoreFront or the Gateway
The StoreFront’s BaseURL is the FQDN, configured during the initial setup of StoreFront, used by end users for internal access. This FQDN should be added to your DNS server and needs to resolve to the StoreFront’s server IP address or, if you have multiple StoreFront servers, the load balancer’s virtual IP address. The BaseURL can be found in the StoreFront’s management console and can be changed at any time.
Let’s go through the Gateway configuration steps
To start the wizard, change the Deployment Type to NetScaler Gateway on the NetScaler console logon page
Then click on Create New NetScaler Gateway on the top right of the page
The first step in the wizard is to create the Gateway virtual server by giving it a name, IP address, and port number.
There’s also an option create a virtual server that will redirect users who didn’t type HTTPS in there web browser’s address bar
The next step in the Wizard is to bind the certificate
You can select one already installed on the NetScaler
Or, you can upload one right then and there
The next step in the Wizard is to configure the authentication settings, the primary authentication is typically LDAP and once again you can choose an existing LDAP profile or configure a new one
You also have the option to setup a Secondary authentication
Keep in mind that the StoreFront FQDN and the Use HTTPS options should be based on the StoreFront BaseURL
A common mistake made is forgetting to specify the STA port
No matter how much we prepare, we can still run into problems. Now we are going over some typical issues that we run into in Support and how we troubleshoot these issues using various tools.
To troubleshoot an issue, or to narrow it down to something more specific, we first have to understand how all the pieces work together
“It’s easier to play the game, if you know the rules”
The user will establish an SSL connection to the Gateway virtual server and get prompted to enter their credentials
NetScaler will verify the credentials with Active Directory
Once authenticated, the user will be redirected to StoreFront
StoreFront will realize that the user authenticated at the Gateway and will retrieve those credentials
Once those credentials are received, the user’s resources will be enumerated
When the user clicks on a desktop to launch, StoreFront sends the ICA file to the user
The ICA file contains the necessary information to launch the Desktop through the Gateway (STA ID and Gateway FQDN)
The end user’s Receiver will establish a connection back to the Gateway on the NetScaler
The STA ticket StoreFront originally created for the ICA file will be retrieved by the NetScaler
NetScaler will then establish a connection to the server hosting the Desktop or App
One of the first things the user has to do is successfully authenticate at the Gateway before they have access to anything in the internal network
When authentication fails, there’s not much information presented to the client, other than their credentials were rejected.
One of the best tools to use for authentication issues is Aaad.debug – this is the output of the authentication pipe on the NetScaler that will display authentication and authorization processes that are happening
To start this output – start an SSH session into the NetScaler and go into the shell
Once in the shell, go the /tmp directory and then run cat aaad.debug to begin displaying the information
Here is an example of a failed attempt captured with aaad.debug
There’s usually a lot more lines of information but I just cut out the key ones
The first line listed here is that the authentication process for user juanz is starting
The first thing it does is an LDAP check, which means its trying to access the domain controller with the Service Account configured in the LDAP profile
In this case, it failed with Invalid credentials – this would be considered an LDAP error that would end the entire authentication process
Finally, the kernel is instructed to REJECT the user trying to log in
More examples/information about this tool can be found in CTX114999, including invalid usernames or password and group extraction failures
Internal Server Error 29 is a common error that we see in support.
It’s usually either 1 of 3 things that cause this error
DNS – NS can’t resolve the BaseURL
Network communication from the NS SNIP to the IP of the StoreFront server or load balancer VIP
StoreFront services or IIS is not accepting connections
Once Authentication is successful – the user will be issued their respective policy, depending if they’re coming from a web browser or citrix receiver
The wizard creates and bind 2 session policies to the Gateway virtual server.
One policy is for Receiver – with the Expression that looks for CitrixReceiver in the HTTP Header User-Agent OR the Referer HTTP header does not exist in the HTTP request
The other policy is for the Web Browser which has a general ns_true expression. The thought here is that if the HTTP request does not meet the requirements for the Receiver policy, then the request MUST be coming from a Web Browser.
On the right hand side, a Session profile is associated, that’s where the FQDN, sson domain, and ICA Proxy settings are configured
To make sure you’re hitting the right policy, you can use the nsconmsg tool from the NetScaler’s CLI
Verify that you’re hitting the right policy with the nsconmsg command in a SSH session.
This tool shows which authentication policy you’re hitting also – so the first policy the user gets is the LDAP policy. So you can use this tool to verify which authentication policy the end user is hitting when the user firsts accesses the logon page
If authentication is successful, then the session policy will need to be applied right after.
If the policy that is bound to the Gateway virtual server, created with the wizard, is not being hit, then you’ll need to verify the policy priorities on the NetScaler.
Policies will be applied in 4 levels – to the User, which is the highest priority, then Group, Virtual Server, and Global level which is the lowest priority.
However, no matter at what level the policy is bound, the policy with the highest priority will always take precedence. Keep in mind, the lower the number, the higher the priority.
All of that can be tested and confirmed by just changing the Web Interface Address in the Session Profile for Web browsers
You can change the FQDN to an IP address, to see if DNS is causing the issue
You can also bypass a load balancer this way by entering the IP address of the StoreFront server itself, to verify if there’s an issue with the load balancer
Try changing protocols from HTTPS to HTTP to narrow it down to a possible port communication issue or an SSL communication issue
When StoreFront determines that the end user is coming from a Gateway, StoreFront will attempt to access the callback URL to grab the user credentials
So assuming the communication is working from the SNIP to the StoreFront server, the end user may be presented with a double authentication issue
So this indicates the single sign-on is NOT being engaged by the StoreFront server
Or Remote Access is NOT enabled for the Store NetScaler is directing you to
What if both those options are checked? Why doesn’t the StoreFront server start the authentication callback process instead of asking for credentials from the end user?
Single Sign-On is invoked by the NetScaler Gateway URL setting in the StoreFront config
This value must match exactly what the end user types into their Web browser
How does StoreFront know what the user is typing into their Web Browser address bar?
NetScaler includes this information in the HTTP Header XCitrixVia
StoreFront analyzes every HTTP request that comes in and if it finds this Header value matches a Gateway FQDN, then single sign-on will be invoked
I was able to see this information using StoreFront’s verbose logging, CTX139592 provides instructions on how to gather them
The NetScaler knows to inject the hostname that the user typed into their web browser address bar into an HTTP header call X-Citrix-Via
This value must match the Gateway URL configured on StoreFront
If you see this error during the SSON process, it’s most likely the StoreFront’s Callback process that’s failing
To make sure, check Event Viewer and also test StoreFront internally, to make sure StoreFront is functioning properly outside of the NetScaler integration
StoreFront may not be able to resolve the FQDN, or there’s a typo in the configuration. Check DNS or modify the HOSTS file on the StoreFront server
There could be a network issue as well, including some kind of Proxy interfering with the communication
The quickest way to eliminate these two issues is to open up Internet Explorer and try to browse to that FQDN – if you can successfully reach the logon page of the Gateway, then all should be well
So even though Internet Explorer successfully connected to the Gateway logon page, StoreFront can definitely run into an SSL Trust issue if the Certificate chain is not properly linked on the Gateway
Using http://www.digicert.com/help/ in this example
It verifies the FQDN being used and most importantly, the Certificate Chain
This example shows a properly configured certficate chain, indicated by the blue links
You can verify the chained certificates by opening up the Certificate itself and looking at the Intermediate certs under the Certification Path tab
Also, taking care of this now will help avoid issues with Mobile devices launching ICA sessions through the Gateway
A common problem we see in support is when there are multiple Gateways being load balanced, fronting a single StoreFront server group.
When an end user authenticates to one of the NetScalers and gets routed to a StoreFront server, the StoreFront server needs to be able to communicate back to the NS where the user authenticated from
In this scenario, you will have to configure a gateway instance for each NetScaler respectively, even though they have the same Gateway FQDN.
Each Gateway will have its own Callback URL that resolves to the Gateway virtual server on different NetScalers
Each NetScaler will have a Gateway virtual server with a different IP address – just enter the virtual server IP address in the Subnet IP address field.
StoreFront will decide which callback URL to use based on that Subnet IP address value, by comparing it to the IP address that comes in the HTTP request header X-Citrix-Via-VIP
This value, along with other HTTP header values, can be seen with DebugView on the StoreFront server
Now, when the user goes through NetScaler 1 – the NetScaler automatically adds the virtual server IP address into this X-Citrix-Via-VIP header for StoreFront to analyze.
StoreFront will know which Callback URL to use based on this
In the DebugView, you can verify the credentials that StoreFront grabs from the Callback service
It will show the username, single sign-on domain, and whether a password was supplied – passwords aren’t supplied with Smart Card authentication
StoreFront will send verify the credentials again and then send the request to the Farm XML brokers to enumerate your applications and desktop(s)
At this point, we have completed the single sign-on process and we are ready to launch
And now – we get an error
When launching an application, StoreFront sends an ICA file to the client that contains the STA ticket information and the Gateway FQDN
Receiver first establishes a connection to the NetScaler, and then the NetScaler first needs to retrieve the STA ticket that StoreFront created for the ICA file
DebugView needs to request a ticket from the STA server
The critical information here is the IP address of the XA server or VDA desktop that will be hosting this session
The STA server then responds with its STA ID and the Ticket number
This information gets added in the ICA file that gets sent back to the client
Here’s a snippet of 2 key values in the ICA file
The Address = the first value is the number 40 – which tells the Gateway that we want to use Session Reliability and instructs the Gateway to communicate to the back end server over port 2598
If Session Reliability was disabled, it would show 10, which would force the Gateway to use port 1494
The second value is the STA server ID, this is how the Gateway knows which STA server to reach out to in cases where there are multiple STA servers
Then there’s the STA ticket ID that’s being held on the STA server which has the session information that StoreFront provided
You can verify that the STA server is reachable and the ID that it is returning back to the NS
While the app is launching, you can watch the NetScaler grab the STA ticket by running a tcp dump command
Here’s an example of the request you would see the NS make to the STA server during app launch
In blue, you’ll see highlighted the Ticket ID that was found in the ICA file generated by StoreFront
Here’s the response from the STA server
It was able to find the STA ticket and retrieve the server details that is going to be hosting this application or desktop
Once the NetScaler has the information from the STA ticket, it’s time for it to establish the connection to that server
At this point of the process, if it fails, it’s usually a communication issue or DNS issue
A DNS issue can occur if you have DNS Translation Policy enabled on the farm, which will return the FQDN of the servers to the NetScaler, instead of the IP address as we have been seeing in these samples.
One of the quickest test you can do is test connectivity from the NetScaler to the back end servers over 1494 and 2598
All you have to do is create a service, specify the IP and port and check the state
For XenDesktop VDA – this is a little trickier – VDAs do not actively listen on the ICA ports until they’re about to begin a session
One trick is to open a VDA session on the internal network, and create the services to the IP address of the internally launched VDA desktop
This whole time, I was showing screenshots from a web browser
That is because it is MUCH easier to troubleshoot with the web browser, Receiver does a very good job of masking the real errors
Once the Web Browser is working, you know that the configuration on StoreFront is accurate, so, in most cases, you can eliminate that out of the troubleshooting equation
So you can focus on the NetScaler and the client
The StoreFront Store is inaccessible (internally)
Misconfigured StoreFront BaseURL in Session Profile for Receiver
Internal Beacon is reachable externally
Customizations on the Gateway logon page
iOS Receiver does not support SHA256 SSL Certificates
Android does not support SAN SSL Certificates
Enable Windows Receiver logging – CTX134101