Framehawk and Thinwire – It’s all about the numbers

Recently Marius Sandbu (@msandbu) and I attended a conference by Citrix User Group Norway were I held a session regarding when and when not to use Framehawk
Back home I decided to write two blogposts on the subject;
Thinwire vs Framehawk – from a 1800ms latency perspective
and
Framehawk – Why, When and How
The main point in the presentation was that although using Framehawk in situations when packet loss is tremendously better, Thinwire Advance will often be “enough” or even more useful when there is only latency involved

This is because of the use of CPU, RAM and most of all bandwidth.
Another thing I pointed out was that Framehawk needs “a lot” of bandwidth to be at its best.
The recommendations for Thinwire is a minimum of 1,5MBps + 150kbps per user while recommendations for Framehawk is a minimum of 4-5Mbps + 150kbps per user.

There is a lot of naming conventions when it comes to Thinwire. Although we can see Thinwire as one protocol, there are different versions of it.
Thinwire is all about compressing data before sending it. The methods for this are:

  • Legacy Thinwire (Pre win8 / Server 2012R2)
  • Thinwire Advance (uses H.264 to compress the data)

For a more detailed overview when to use each technology, you can refer to the following table:

table

When we came back home we decided to take a closer look at what impact Thinwire or Framehawk had on CPU, RAM and bandwidt and we have found some very interesting data.

Our tests includes the following user workload;

  • Logging in and waiting 1 minute for the uberagent to gather data and getting the session up and ready.
  • Open a PDF file, scrolling up and down for 1 minute. (The PDF is located locally on the VM to exclude network I/O)
  • Connect to a webpage www.vg.no, which is a Norwegian newspaper which contains a lot of different objects and high graphics, and scrolling up and down for a 1 minute.
  • We then open Microsoft Word and type randomly for 1 minute.
  • Last but not least our favorite opening of the Avengers trailer in fullscreen using Chrome for the full duration of 2 minutes.

This allows us to see which workloads generate how much bandwidth, CPU- and RAM usage with each of the different protocols.

To collect and analyze the data we were using the following tools

  • Splunk – Uberagent (Get info we didn’t even think was possible!)
  • Netbalancer (Show bandwidth, set packet loss, define bandwidth limits and define latency)
  • Citrix Director
  • Displaystatus (to verify the protocol status)

The sample video below shows how the tests is being run. This allows us to closer analyze the sample data from Netbalancer as well.

NOTE: During the testing there might be some slight alterations from test to test since this not an automated test but running as an typical enduser experience, but these were so minor that we can conclude that the numbers are within +/-5%

We had two Windows 10 VDI running the latest release of XenDesktop 7.6 FP3 during the testing phase.

  • MCS1002 is for the test02 user, which is not using Framehawk
  • MCS1003 is for the test01 user, which has Framehawk, enabled using policies
  • Use of Codec were deactivated through policy to ensure that Thinwire+ was used

The internett connection is a solid 100 MBps, the average connection to the Citrix enviroment is about 10 – 20 MS latency.

This sample video shows how the tests is being run. This allows us to closer analyze the sample data from Netbalancer as well.

Some notes so far: Some Framehawk sessions get stuck on the Netscaler, we can see existing connections not being dropped correctly, we can see this in the Netscaler GUI under Gateway –> DTLS sessions

After we changed the TCP profiles on the Netscaler we were unable to use Framehawk.
We then needed to reconfigure the DTLS and Certificate settings on the vServer and setup a new connection and Framehawk worked again as expected.

So after the initial run, we can note the following from the Netbalancer data;

We begin with looking at how Framehawk handles bandwidth.

We can see that the total session, which was about 7 minutes, Framehawk uses about 240 MBs of bandwidth to be able to deliver the graphics.
However, it was during the PDF and Webpage part of the test which really pushed it in terms of bandwidth, not the Youtube trailer.

1

Thinwire on the other hand, used only 47 MBs of bandwidth, and like we would expect more data was being used when showing the trailer than the PDF- and webpage section.

2

Using Splunk we care able to get a closer look at the Framehawk numbers.
Average CPU usage for the VDA agent was close up to 16% on average.

3

While using ThinWire the CPU usage was only 6% on average.

4

But the maximum amount of CPU usage came from Framehawk, which was close to 50% CPU usage at one point.

5

While ThinWire on the other hand, was only up to 18%

6

We can conclude that Framehawk uses much more CPU cycles in order to process the bandwidth, but from our testing we could see that the PDF part which generated a lot more traffic, allowed for a much more smooth experience. Not just from scrolling the document but also zooming in.

On the other side we can also see that Framehawk uses a bit more RAM then ThinWire does, about 400 MB was the maximum number

7

While Thinwire was about 310 MB

8

So this was the initial test, which shows that Thinwire uses less bandwidth, less memory and less CPU, but we can see that Framehawk on applications like PDF deliver a better user experience. So now, let us see how they fare when taking into account of latency and packet loss.

 

2% Packet loss
Framehawk

We started by testing Framehawk at 2% packet loss.
Looking at the bandwidth test we could see that is uses about 16 MB of bandwidth less with the packet loss. It’s still the PDF and Webpage that consumes the most resources, and now it is down to 224 MBs of bandwidth usage

The Maximum CPU usage peaked at 45%

And the average CPU usage was 19%

The amount of RAM used was a slight increase with 4MB

10 11 12 13


ThinWire

Now here comes the interesting part, using Thinwire at 2% packet loss, (up and down) will trigger a lot of TCP retransmissions because of the packet drops

14

(Remember that this is using an optimized Netscaler) we can see that ThinWire uses only 12 MBs of bandwidth! This is because of the TCP retransmissions, it will never be able to send large enough packets before the packet loss occurs.

So with Thinwire and 2% packet loss we could see that the bandwidth usage dropped with about 59 MB when we had the packet loss. The maximum bandwidth used in this session was 12Mbps

The maximum was also 50% lower than the reference test and showed only 3%

The average CPU usage was now only 3% (that is 50% of the reference test)

The RAM usage was about 30MB more than earlier

15 16 17 18

5% Packet loss
Framehawk

At 5% packet loss we can see that is uses about 50 MB of bandwidth extra. It’s still the PDF and Webpage that consumes the most resources, but now it is up to 300 MBs of bandwidth

We can also see that from a resource perspective, it still uses almost the same amount of max CPU %, but this might vary from test to test, but it is close to the 50%)

On average CPU usage we can see that it went up 4% from the initial testing, which makes sense since it needs to send more network packets which uses CPU cycles.

The RAM usage is the same as with 2% packet loss

19 20 21 22

 

5% Packet loss
ThinWire

Looking at the bandwidth usage with 5% packet loss and use of Thinwire the number is slightly lower and now uses 11MB

This can also be seen in the CPU usage of the protocol, since the packet loss occurs, the VDA does not need to send so much packets and hence the CPU usage is lower and stops at 7%

Average CPU usage is now just under 3%

RAM however is a bit larger with 330MB

23 24 25 26

End-user perspective
From an end-user perspective we can safely say that Framehawk delivered a much better experience, if we tried to follow the test from minute to minute, the ThinWire test took about 40 seconds longer just because of the delay from a mouse click to occur and doing things like zooming into a PDF file took so much time that it caused the test to take a longer time to complete.

Winner: Framehawk!

10% Packet loss
Framehawk

With 10% packet loss, we could see that the bandwidth usage went down a bit. That might again be that the packet loss was so high that it was unable to process all the data and hence the total bandwidth usage was lower than it was with 5%, and with the decrease in bandwidth, we can also see the CPU usage go down as well.

The max CPU usage was about the same with 47%

The average CPU usage was 19%

The RAM usage is the same at 404 MB

30 31 32 33

 

 

10% Packet loss
ThinWire

With 10% packet loss Thinwire was down to 6MB and the CPU usage also reflected this by only use 4% at peak and 1.6 % at average
RAM usage was still about the same as earlier and peaked at 326MB

35 36 37 38

 

End-user perspective
What we noticed here is that most of the different graphic intensive testing became unresponsive and that the ICA connection froze. The only thing that was really workable was using Word. Opening the PDF, Webpage and youtube became so unresponsive that is was not really workable.

Winner: Framehawk!

 

CPU Stats on Framehawk and Thinwire
NOTE: We have taken multiple samples of the CPU statistics on the Netscaler so this screenshots represent the average number we saw.
What we can see is that a framehawk which uses more bandwidth also will increase the CPU usage on the packet engines. The Netscaler from an idle state uses about 0 – 1,5 % CPU, which can be seen here

39

NOTE: This is a VPX 1000 with 2 vCPU (Where we have only 1 packet engine) starting an ICA proxy session with the defaults over thin wire and starting the process that generates the most bandwidth (PDF scrolling and zooming) the packet CPU rises to about <1%

40

So it’s a minor increase which is expected since ThinWire uses a small amount of bandwidth. Now Framehawk on the other hand will use about 4% of the packet engine CPU. Note again that this was when we kept working with the PDF documentet.
We can conclude that using Framehawk will put a lot more strain on the Netscaler packet engine and therefore we cannot have as many users on the Netscaler.

RDP usage:
We also wanted to give RDP a test under different scenarios. We have some issues fetching out CPU and memory usage since RDP uses DWM and MSTSC which can appear as a sub-process of svchost
We therefore skipped that part and only focused on the bandwidth usage and end-user experience.

First we started out with a test where we have no limitations in form of latency and packet loss (This was using regular RDP against a Windows 10 with TCP/UDP

The initial test shows as we expected, RDP uses 53 MB of bandwidth

41

We also noticed that under the YouTube part that the Progressive rendering engine kicked in order to ensure optimal delivery but the graphics was ok.

RDP, 2% Packet loss

With 2% Packet loss the bandwidth usage was basically half 26MB of bandwidth

42

Keystrokes and some operations was a bit delayed, but still workable, on the other hand the progressive rendering engine on the youtube part made the graphics nearly impossible to see what actually happened, even thou audio worked fine.

RDP 5% Packet loss

RDP used about 17MB of bandwidth PDF scrolling and zooming made a huge delay in how the end-user could work. Surfing on the webpage which has a huge amount of graphics, freezed up for a couple of seconds. Youtube itself, well it didn’t work very well.

43

We can conlude that RDP uses more bandwidth that Thinwire under normal circumstances, but when coming to packet loss it does not deal with that pretty well.

So what does all this data tells us?
We can clearly see that Framehawk and Thinwire has its own use cases.
While Thinwire is the preferred method of delivering graphics, even with high latency, as soon as we experience packet loss off 3% or higher, Framehawk will definitively give a better use experience. Just remember to keep an eye on the resource usage on the VDI and have plenty of bandwidth
Especially when using it with XenApp since a spike in the CPU usage will have a great impact on the users who are logged on and will decrease the numenbr of users you can have on each server.

 

Framehawk – Why, When and How

Recently I held session at  Citrix User Group conference in Norway regarding Framehawk. That resulted in a blogpost where I described my thoughts and experiences of testing the technology.

The feedback from that post inspired Marius Sandbu (@msandbu) and me to do a co-written blog where we take a look at the resource usage between the Framehawk and Thinwire Compatibility Mode
That post will be up in a few days time.

After my session at the cruise-ship, I was asked by some of the attendees if I could write a post with some of the info I had presented, mainly regarding installation and limitations as of today.

So, without further ado;

Framehawk is as described earlier a new protocol in the HDX stack that does marvels when we are having a connection with packet loss, something Thinwire cannot handle so well.
An important part to note is that we are depending on good bandwith when using this technology, at least a 4-5Mbps connection + 150Kbps per user. (Compared to Thinwire which has a recommendation of 1,5Mbps and 150Kbps per user

To read more about the Framehawk technology I recommend the following blog posts by Derek Thorslund and Mayunk Jain:
https://www.citrix.com/blogs/2015/06/30/our-first-release-of-framehawk-technologies/
https://www.citrix.com/blogs/2015/08/17/got-framehawk-weve-got-remote-access-tips-and-tricks/

Framehawk came out to the public with XenDesktop Feature Pack 2 as a standalone implementation , and with the release of Feature pack 3 it was supported in the VDA.

With XenDesktop 5.6 and XenApp 6.5 we used optimization technologies as Progressive display, Adaptive Display and Aero Redirection.

With XenDesktop we can now also use Legacy thinwire. Thinwire Advance (H.264), Thinwire Compatibility Mode, DCR and Framehawk.

All these possibilities gives us an the tools we need to meet the most scenarios and challenges, and still deliver a good user experience for a remote user.

The problem for the admin is to know when to use what. Citrix has this great table where we can compare them.

tabell

Basically is Framehawk at its peak when we have packet loss with or without latency, but it needs bandwidth!
So in most cases will Thinwire Plus (Thinwire Compatibilty Mode, A loved child has many names) be better to use since it needs less bandwidth, uses less CPU and has the best compatibility, meaning it works on all endpoints, requires nothing except receiver.

 Installation

To be able to use this feature we need to download FP3 from Citrix downloads and install the following components

Server hosting Citrix Director

  • New version of Director to show information regarding Framehawk
  • WMIProxy (so the director can retrieve information from the VDAs)
Delivery Controller
  • Citrix Group Policy Management 7.6.300 (to be able to enable Framehawk through policies)
  • Powershell modules
XenApp / Desktops
  • New VDA for Servers and Desktops

implemt1

implemt2

 

We get the following new policies when we have installed Citrix Group Policy management on the Delivery Controller

implement3

We can now enable Framehawk and, if needed, change the ports it gonna use (Default UDP 3224 – 3324)

Netscaler support

As of  NetScaler Gateway 11.0-62.10 we finally have support for external users (which imho is where we find the use cases)

To enable this we need to do the following;

The first thing we need to do is activating DTLS on the virtual server. (DTLS is for UDP what SSL is for TCP)

ns2

This should be reflected in the overview under Basic Settings

ns3

We now need to rebind the Server Certificate so it will be valid for DTLS
Click Server certificates and choose unbind.

ns4

ns5

Click close and verify that there is no server certificate bound and the state of the virtual server is down.

ns6

Click Server Certificates once again and choose the same certificate you had bound earlier and bind it again.

ns7

ns8

You will get the following error message which you safely can ignore (according to citrix article CTX135519)

ns9

Verify that the State is up and that you have a Server Certificate bound to the Virtual Server

ns10

If you are planning to use Framehawk with iOS you have to add the following parameter in default.ica

ns11

Monitoring

We can monitor the sessions in Director and verifying if Framehawk is in use or not by go to the details apge in the session and scroll down to the HDX overview and click on Framehawk.

Here we are looking for two values

  • Provider should show V3D3 (for desktops) or 4 (for XenApp sessions)
  • Connected should show True

If it isn’t so you need to conform that the right ports are open in the firewalls.
You can use a fee tool called iPerf to do so since telnet is not able to check UDP ports.

The following picture shows which ports are used when using Framehawk or Thinwire:

network

 

There are still “a few” improvements needed when it comes to Netscaler support

Supported:

  • Netscaler Gateway
  • Netscaler Gateway with GSLB

Not Supported:

  • Netscaler Gatewya with Unified Gateway
  • HDX Insight
  • Netscaler Gateway in IPv6 mode
  • Multiple STA on Netscaler Gateway
  • Netscaler Gateway in HA
  • Netscaler Gateway Clustering
  • Netscaler in Double Hop
Other things to take into considerations;
  • Multi monitor is not supported (will fall back to Thinwire)
  • 4K displays is not supported (will fall back to Thinwire)
  • Maximum resolution is 2048 x 2048
  • Netscaler session may crash after prolonged use
  • If both Legacy Mode and Framehawk is enabled, the following will happen
    • Desktop OS : Framehawk will be used
    • Server OS:     Legacy Mode will be used
That is all I have for now and thank you for reading! :)
The sources used to create this presentation is listed below.

 

 

 

 

 

 

 

 

 

 

Thinwire vs Framehawk – from a 1800ms latency perspective

I have just returned back home from another great CUGTech event arranged by Citrix User Group Norway.
The conference took place on a cruise ship going from Oslo, Norway to Kiel, Germany and I thought what is a better place than a boat in the North Sea with a unstable satellite connection to test and have a session with Framehawk.
After all, Framehawk is created to handle latency and packet loss to give the user a smooth user experience even under these conditions.

Citrix acquired Framehawk in January 2014 and it was released in June 2015 as a standalone installation as part of Citrix XenDesktop 7.6 Feature Pack 2.
With the release of Feature Pack 3 it became a part of the VDA.

To read more about the Framehawk technology I recommend the following blog posts by Derek Thorslund and Mayunk Jain:
https://www.citrix.com/blogs/2015/06/30/our-first-release-of-framehawk-technologies/
https://www.citrix.com/blogs/2015/08/17/got-framehawk-weve-got-remote-access-tips-and-tricks/

I have also published a blog post describing the installation, configuration, tips and also some useful information regarding what is not supported as of today.
You can read it here.

So, back to the cruise ship…..

Since we were going to be on a ship with a very unstable internet connection I decided to set up an environment on my “portable datasenter” running a XD 7.6 FP3 environment on VMware WS in a closed network with the host.
And I have done enough demos to know that it is a big chance that something will fail when during the presentation so I also recorded a bunch of videos where I had 2 sessions running side by side. One with and one without framehawk (and use of video codec was turned off in policies to force Thinwire Compatibility Mode)

I decided to run a video called Infinityworm in a browser inside the XenApp sessions that is pushing the protocols to the extent since it is a large amount of pixels that needs to be replaced in a short amount of time.
The reason I choose this method was to see when either of the protocols would be the preferred choice under these extreme conditions.

One thing to have in mind is that Framehawk is more demanding regarding bandwith, CPU and compatibility than Thinwire, but how would Thinwire Compatibility Mode hold up against Framehawk?

Before departure I spoke with a good friend of mine called Marius Sandbu (@msandbu) who said that I could use his lab in Oslo during the session to show of a real life scenario.

At the end of day two on the conference it was time for my session.
I had listened to great sessions presented by really good speakers like Douglas Brown, Jarian Gibson, Marius Sandbu, Daniel Wedel, HÃ¥vard Bruvold, Thomas Poppelgaard and Magnar Johnsen and felt that I had to close the conference with a great session so I crossed my fingers and toes while establishing a connection to the datacentre in Oslo.

I got connected and looked at the latency…. 1800ms!!! Perfect conditions while pushing it to the extreme right? I started up a webpage in the session and was surprised of how quick the response actually was despite this high latency. So I navigated to www.vg.no that is a newspaper in Norway that has a great amount of high graphics on their landing page. It came up pretty quick and I was able to scroll down the page and it was under the conditions a great experience.

But there was something that wasn’t right. Every time I had done this type of scrolling test with Framehawk I would always get some “black strips” on the page when scrolling ,which would disappear as soon as I stopped.
They were not appearing so I decided to verify that Framehawk actually was in use…. And you guessed right. It was NOT activated.

So I was running a “traditional ICA session” without Framehawk over 1800ms latency and was so satisfied with the experience that I thought Framehawk was running!
This shows the how good Thinwire actually are. I also believe that Netscaler did some optimization of the ICA traffic.

I decided that I would keep this session running and start the presentation by showing the audience how I was able to use XenApp on the boat over a satellite connection without telling them that we weren’t running Framehawk.

The presentation went really well, and we played around with different values using the “portable datasenter” simulating latency and packet loss and as you probably can imagine I now had even more data to back up my conclusions that Framehawk is more useful when we have packet loss than only with latency.

So how did I come to that conclusion to begin with?

Well, as I said earlier I built an environment and tested out many combinations of latency and each latency was tested with 0, 5 and 10% packet loss

While comparing only latency it was first at 600ms where I felt that it would be worth changing to Framehawk when running the video.

I have posted a video below that shows a few of my tests. I disconnected the sessions between every change in the wan emulator.
It is important to note that the infintyworm video used in this test is only to show cadence.

My opinion at this time is that if we are only experiencing latency we might be well off with Thinwire (at least on 2012R2 or windows 8/10 where we have Thinwire Compatibility Mode) but as soon as we have more than 3% packet loss we would need Framehawk to get a smoother user experience.

In my test where I compared only latency we could see a marginal improvement with Framehawk first at 600ms. But this was a running a video, which means a traditional user who sits in outlook, word etc would still only need Thinwire during those conditions and save bandwith, and CPU usage. After all, I have just done that with a 1800ms latency.

When it came to packet loss, I saw an improvement while running the video already at 100ms latency with 5% packet loss, then again with 1ms latency and 5% packet loss Thinwire was actually a better experience as you can see in the video below

This is a new technology in the HDX stack, and there will be improvements in the future

Note: Stephen Vilke, Director of Citrix Media Lab in San Francisco, advises that the infiniteworm test app written by his team is actually a test of cadence. The worm should roll all the way through the center, every time.

 

 

 

 

Custom ICA with XenApp and XenDesktop 7.x

With earlier versions of XenApp (Presentation Server 4 until XenApp 6.5) we had the option to create custom ICA files to launch desktops and applications directly and bypass the Web Interface.

One tool that we could use to create these files were Citrix Quick Launch

c11

Although it is possible to use this tool to create an ICA file for a published Desktop in XenApp/XenDesktop 7.x, it is not possible to do so for a published application.

Luckily, there is a way to launch desktops and applications bypassing Storefront as well.

To create this file, we need an environment using Storefront and a client running Citrix Receiver.

When a user is logged on a client using Citrix Receiver and puts an application in the favorite list, a corresponding key is created in registry at;

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall

I have put Notepad in favorites in this example and the key got created in registry as shown in the screenshot.

c22

 

c33

Under this key there is an object called LaunchString.

The value in this string is what we are going to use to make our “Custom ICA”

The following were shown in this example;

launch -s apps-8e6730b9 -CitrixID apps-8e6730b9@@Controller.Notepad -ica https://xxx.xxx.xxx/Citrix/Apps/resources/v2/Q29udHJvbGxlci5Ob3RlcGFk/launch/ica -cmdline

By using this command we can launch the application and bypassing the Storefront server.

This can be used in a powershell scripts, batch files etc. using SelfService.exe that is located in the following folder “C:\Programfiles(x86)\Citrix\ICA Client\SelfServicePlugin”

launch

A nice thing here is that this command is not user specific, but can be used by any user who has access to the application.

When the command is run, a login prompt is shown and after authentication the app is launched.

If a user who does not have access to the application tries to run the command, he or she gets a message that the application could not be launched and that he or she should contact an administrator. The same message is shown if the application is disabled.

The only thing that has to be in place in production environment is a receiver that is configured to use the store where the application is available from.

To streamline this for a user is to use the right parameters when installing Citrix Receiver.
If the users is installing the Receiver without parameters manually, you can also send them the .cr file from Storefront server which will configure the receiver to the correct store.

 

 

 

 

 

CSP Base Licenses not recognised by Studio with XD/XA 7.5 and 7.6

The last couple of months I have been contacted by a few partners and customers were they are experiencing issues with their CSP Base Licenses where the Citrix Studio does not recognise licenses installed on a license server.

On February 10 2015 a hotfix for XenDesktop 7.6.1 was released (CTX141745) that among other things is supposed to fix that Citrix Studio might not recognise Citrix Service Provider licenses and the following error message appears: “Can’t find a valid license”

If you are running an earlier version of XenDesktop you have to use PowerShell (PoSH)  to set the licensing mode.

This is by design and stems from a decision made by Product Management when the XD Advanced mode was added to the product in order to support the CSP Base Licenses. The decision was made not to reflect the availability of that mode within the Citrix Studio GUI and to allow for that mode selection to be via the SDK only.

When you set the licensing mode via PoSH, as described in CTX139752, Studio displays the error that it “Can´t find a valid license” and fails to display any licenses within the Licensing Node.

However, as long as the correct Edition and Model are displayed, users can connect and will actually consume a license from the license server.

Please note: CTX139752 relates directly to XD7.1 – for XA/XD 7.5  the import of the XML (step one on the KB) will not need to be performed. Only the second step, the site- config step, will need to be completed. For example:

Set-ConfigSite ­ProductCode XDT ­ProductEdition ADV ­LicensingModel UserDevice

When initially performing the build of the delivery controllers, using CSP Base Licensed, it is recommended that a temporary 30 day evaluation license be used and upon completion of the build to utilize PoSH and CTX139752 to change mode to Advanced and Per User/Device.

Illustration of Process

Below are some screenshots to illustrate the process:

1. FromPoSHconfirmedthesiteconfigandedition:

 Screen Shot 2015-03-20 at 19.30.21

2. Within the Studio Licensing node it reports that it can’t find a valid license and does not display any licenses:

Screen Shot 2015-03-20 at 19.31.31

3. Within the Studio Licensing Node, Product Edition screen, no edition is selected, only the Licensing Model:

Screen Shot 2015-03-20 at 19.32.34

4. However, a user session can be established and an associated license consumed.

Screen Shot 2015-03-20 at 19.33.07

Crysis 3 on Citrix XenDesktop with HDX 3D Pro

This week I have been assisting a partner with a XenDesktop 7.6 with HDX 3D Pro POC and when the base installation was done, we decided to put the environment to the test by installing and playing some Crysis 3.

The ICA protocol is only using between 4 and 10 Mbs

The profile we are using are a K260Q ( K2 grid card ) and NO tuning except raising the target FPS from 30 to 60 in a Citrix policy.This just shows how well Citrix has tuned the default HDX settings for XenDesktop/XenApp

Without further ado… A short video showing different kinds of graphics ( explosions and so on ) just to get you a reason to put that K2 card into your server :)

 

 

Using the default VMWare vCenter certificate in XenDesktop

I ran into an error the other day while trying to set up XenDesktop with VMWare vSphere 5.5 following the guide on blogs.citrix.com using the default VMWare vCenter certificate.

I tried the first suggestion where I was supposed to download the cacert.pem from “C:\ProgramData\VMware\VMware VirtualCenter\SSL” on the vCenter machine.
There were no such file there so I went for a suggestion in the comment field in the article and tried to use the rui.crt. This did not help either.

Another option that were told in this article was to download and install the certificate through IE (step 4 in http://support.citrix.com/proddocs/topic/xendesktop-7/cds-vmware-rho.html)

So I went to my Delivery Controller that ran 2012R2 and IE11 and connected to the vCenter adress and received this message:
vc1

 

As you can see there is no “Continue to this website option”, so I could not continue following the instructions.
After some research I found a KB article (KB 2661254) that explained that to reduce the risk of unauthorized exposure of sensitive information, Microsoft has released a nonsecurity update for all supported versions of Microsoft Windows. This update blocks cryptographic keys that are less than 1024 bits long.
Windows 8.x and Windows Server 2012(R2) already include the functionality to block the use of weak RSA keys that are less than 1024 bits long.

So to be able to continue to the site and download the certificate I created the following registry key;
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config\
DWORD (32 bit) : MinRsaPubKeyBitLength
value : 512 (decimal)

vc2

vc3

 

After closing and opening IE I received the option to continue.

vc4

From here on there were just to follow the instructions in edocs ( almost  :) )

I have included the screenshots of the remaining process for you below.

PreXD1

PreXD2

PreXD3

PreXD4

PreXD5

PreXD6

PreXD7

PreXD8

PreXD9

 

Remember to remove the registry key when you are done.

 

How to combine XenApp and XenDesktop licenses in XenDesktop 7

Back again with a post regarding Citrix Licensing.

The story behind this post is that during the last few years some customers running XenApp chose to buy some XenDesktop licenses instead of more XenApp lisenses since that made them able to use VDI for a small group of their users and still use the included XenApp licenses that came with XenDesktop in their existing terminal server environment. ( it has to be same versjon i.e Enterprise or Platinum.)

With the arrival of XenDesktop 7 and the fusion of XenApp and XenDesktop, this became a challenge. The customer pointed to the license server and when they configure the product edition in Studio, the XenApp licenses that came with XenDesktop did not aggregate with the “pure” XenApp Lisenses.

An example;

A XenApp 6.5 customer has 100 XenApp Enterprise licenses and are in need of 50 more. He is told that XenDesktop Enterprise is the best thing for him so he buys 50 XenDesktop Enterprise licenses so he can try it out and possibly upgrade all his licenses at a later point in time.
Included with these 50 XenDesktop licenses is XenApp Enterprise so he can now support up to 150 XenApp users.

In XenDesktop Studio we are configuring what licenses to use as we can see in the screenshot below
We can see that I have 2 “pure” XenApp platinum licenses and 2 XenDesktop Platinum licenses.

StudioLicens

 

When we take a look at the license server it actually shows that there should be a total of 4 XenApp Platinum licenses available

licenserver

 

I have had a talk with a few customers who were very disappointed by this and they have been told that they had to upgrade all their licenses to the same version, in this example  XenDesktop Enterprise.

So…

What happens when more than 2 users are logging on in my environment?

I created 4 separate accounts who logged in from their respective endpoint. They all could launch a published desktop from a Windows Server 2012R2.

When I started to verify the active sessions in Director I could see all users connected;
director

Back to Studio.
I could still  see that I was supposed to have 2 licenses and that they are all checked out.
StudioLicens2

On the license server it stated that all 4 licenses were checked out ( not 2 )
licenserver2

 

The conclusion is that you still can take advantage of  the XenApp lisenses that is bundled with XenDesktop with your XenApp lisenses in XenDesktop 7 App edition. The main thing to remember here is that it will not show up correctly under the licensing node in Studio.
To be able to get an correct overview of your licenses you will have to use the License Administration Console.

Special thanks to Ole Kristian Lona that made me aware of this.

 

New Citrix Certifications and their corresponding courses

We are closing in at the end of 2013 and and with the Release of XenDesktop 7 earlier this year a new certification path for XenDesktop has emerged.

I have had the great opportunity to teach the beta classes of XenDesktop 7 at Commaxx in Norway and have also passed the new certifications.

There are three new courses and certifications:

Screen Shot 2013-12-19 at 09.05.16 CXD-203 Managing App and Desktop Solutions with Citrix XenDesktop 7
This course is intended for administrators and operators that need to learn the skills to manage and support a XenDesktop 7 environment.

 

  • Understand the XenDesktop 7 architecture, components, and communication
  • Delegate administration and manage licenses
  • Manage and monitor their hypervisor
  • Manage applications and desktops in a XenDesktop environment
  • Manage StoreFront and access for external end users
  • Manage policies and profiles
  • Manage sessions, sites, and users
  • Manage printing
  • Manage Provisioning Services and Personal vDisks

By passing the exam 1Y0-200 Managing App and Desktop Solutions with Citrix Xendesktop 7 exam you will earn the title:
Citrix Certified Associate – Apps and Desktops

Citrix offers a Prep Guide for the 200 exam that can be downloaded here.


Screen Shot 2013-12-19 at 09.05.29 CXD-300 Deploying App and Desktop Solutions with Citrix XenDesktop 7
Throughout this course, students will learn how to configure an environment that includes XenServer, XenDesktop, Citrix License Server, MCS, PVS, Personal vDisk, StoreFront, NetScaler (ICA Proxy, Load Balancing, Endpoint Analysis), and Citrix Receiver.
Upon course completion, students will be able to build an environment including all XenDesktop 7 components from scratch and test the implementation.
The first few days of this course is focusing on the implementing of Active Directory, SQL Mirroring, configuring of the XenServer hypervisor and other infrastructure components
that is needed to support a XenDektop 7 environment.

Upon successful completion of this course, learners are able to:

  • Set up the hypervisor
  • Set up the infrastructure components
  • Set up XenDesktop 7 components
  • Configure XenDesktop 7 resources (Server OS machines, Server hosted applications, and Desktop OS machines)
  • Configure profiles and policies
  • Set up Provisioning Services

To earn the title Citrix Certified Professional – Apps and Desktops you wil have to pass the following exams:

  • 1Y0-200 Managing App and Desktop Solutions with Citrix Xendesktop 7
  • 1Y0-300 Deploying App and Desktop Solutions with Citrix Xendesktop 7

Citrix offers a Prep Guide for the 300 exam that can be downloaded here.

 

Screen Shot 2013-12-19 at 09.05.39 CXD-400 Designing App and Desktop Solutions with Citrix XenDesktop 7
This five-day course is intended for solution designers such as Architects, Consultants, and Engineers eager in learning how to assess and design a XenDesktop 7 solution.
You will learn the skills needed to successfully assess and design a solution based on the most widely deployed projects that a majority of our Citrix customers implement, across different industries and use cases. You will also have an opportunity to build a design for your organization and have access to all of the tools and reference materials required to
support your work.

To earn the title Citrix Certified Expert – Apps and Desktops you wil have to pass the following exams:

  • 1Y0-200 Managing App and Desktop Solutions with Citrix Xendesktop 7
  • 1Y0-300 Deploying App and Desktop Solutions with Citrix Xendesktop 7
  • 1Y0-400 Designing App and Desktop Soultions with Citrix XenDesktop 7

Citrix offers a Prep Guide for the 200 exam that can be downloaded here.

Citrix has made some major changes in the way of the flow of the courses. There are participation from the students and a lot more labs.
My experience and feedback from the students so far has been positive all over.

My personal favourite if these courses are the Managing course. Although the Deployment course is intended to hit the consultants and engineers, the Mangaing course has more “XenDesktop 7 material”
The Deployment course has a few days of infrastructure  installation (AD, SQL etc) that I am not looking for when attending a Citrix Course. BUT these componoents are of course crucial for a succesful XenDesktop implementation nonetheless….

My advice is to take both  the Managing and Deployment courses, then you will get the best of both worlds.

How to get full Insight (Edgesight) functionality in XenDesktop 7.1 App edition

A few days ago I created a blogpost regarding XenApp 6.5 and XenDesktop 7 License Compatibility. ( http://bit.ly/17iuKTK )

During my research I found that using XenApp Platinum licenses in a XenDesktop App edition environment, Provisioning Services were enabled as part of the Platinum license.

I also mentioned that I believed Insight functionality as well would be “boosted” with use of these licenses, and today I followed up on that thought.

The procedure to find this out were a lot easier than the last time.
I started the environment configured with XenDesktop App edition Concurrent licenses and looked at Trend data in Director. As seen in the screenshot below, I was able to track 7 days of historical data.

xd7appmappccu

 

I then switched to XenApp Platinum licenses and logged back into Director. As seen in the next screenshot, I was able to track a year of data instead of only 7 days.

xd7appmPlatinum

 

This is good news for XenApp Platinum customers who is looking for moving to XenDesktop 7 App Edition, and the only way to get 1 year of historical data in Director without going for XenDesktop Platinum.

I also described a “bug” in my earlier post regarding an error message while I tried to go back to use XenDesktop App edition CCU licenses after I had used XenApp Platinum licenses.
This failed today as well, and I believe this might be “by design” since once you configured the use of Platinum Licenses, extended Insight functionality were enabled and might not be so easy to turn off.