Ulrik Christensen

Citrix Apps and Desktops

How to choose between PVS and MCS for image management

by 2 Comments

When running Citrix Apps and Desktops, image management is a must. It will make it so much easier to upgrade and patch both the operating system and the applications that are installed on the workloads. Citrix offers two different image management technologies: Provisioning Services (PVS) and Machine Creation Service (MCS). Before we go into which technology to choose, let’s take a closer look at both of them.

Provisioning Services (PVS)

Provisioning Services is streaming a master image to the Workload VMs In PVS terms, and workloads are called target devices. The master image is located in a file share located on the PVS server. The Workloads PXE boots on the network and downloads a boot file from the PVS server. The workload starts to stream the master image from the PVS server across the network. A cache disk is attached to the workload VM to store parts of the master image and for writes. When the VM is rebooted, the cache disk will get wiped.

When a change is made to the master image, you just need to boot the workload VMs, and the updated image will get deployed.

Citrix PVS

With PVS, you need to have full control over your network. Each workload will PXE boot and pull the image across the network. If your network doesn’t perform, neither will your workloads. Everything has to go across the network. From my point of view, this is a solution for on-prem environments. PVS is not meant for environments running workloads in a public cloud. However, PVS can deploy to physical machines.

Licensing

PVS is available in the following editions of Citrix Virtual Apps and Desktops.

  • Virtual Apps Advanced *
  • Virtual Apps Premium
  • Virtual Desktop Standard **
  • Virtual Apps and Desktop Advanced
  • Virtual Apps and Desktop Premium

* Citrix Virtual Apps Advanced is available for VMHosted applications running on a desktop operating system only.

** Physical desktop support not available with the Citrix Virtual Desktops Standard Edition

Machine Creation Service (MCS) – Thin Provisioning

Machine Creation Service is a component that is part of the delivery controller in your Citrix Apps and Desktop environment. It communicates with the hypervisor or cloud vendor, where your workload VMs are located through APIs. MCS creates VMs and adds them to your Active Directory. Your live image is created from a snapshot of the master image that you have created with your master VM.

When you create new workloads, MCS builds a linked clone from the master image you have created. It will create a differencing disk for the changes that will take place when to machine is in use. At the same time, it will also create an identity disk for the VM.

MCS Thin provisioning

It is very easy to get started with MCS because it is part of the Studio console. PVS has a separate console. MCS is meant for virtual hosts and cannot be used for physical machines.

MCS has support for the following virtualization platforms:

  • Citrix Hypervisor
  • Nutanix Acropolis
  • VMware
  • Microsoft Hyper-V

If you wish to deploy your workloads to a public cloud, MCS has support for:

  • Microsoft Azure
  • Amazon AWS
  • Google Cloud Platform

You can read more about running your workloads on Google Cloud Platform in these two articles:

How Citrix Machine Creation Service on GCP made managing workloads easier

Machine Creation Service for Google Cloud

Machine Creation Services (MCS) – Full Clone

MCS also gives the option to create full clones. This means that each VM gets its own disk. With this option, you can spread out your load to different storage pools, which is a good idea if you have workloads that demand a lot of IOPS.

MCS - Full Clone

Licensing

MCS comes with every edition of Citrix Virtual Apps and Desktops.

Conclusion

The first thing you need to figure out is where you want to deploy your workloads. In the table below, you can see which technology you can use where.

Deploy toPVSMCS – ThinMCS – Clone
Physical MachinesX
On-Prem VirtualizationXXX
Public CloudXX

Each technology uses different resources. PVS stream your image across the network, so you need to make sure that there is enough capacity on your network, and you do have any latency.

MCS uses storage, so here you need to pull enough IOPS from your storage solution. As mentioned earlier, if you have high demanding workloads, you can always create full clones that you can spread across different storage pools.

Autoscale your Citrix Apps and Desktops Workloads in the Cloud

by Leave a Comment

Citrix AutoScaleEarlier, I wrote an article on the Citrix blog about Machine Creation Service on Google Cloud Platform. One of the things you also get with MCS is Autoscale.

What is Autoscale?

Autoscale allows you to scale your Citrix Apps and Desktops workloads up or down, depending on the demand from your users. Autoscale will boot up new workloads, depending on demand or on a certain schedule. This means that, when no one is working and not using any resources, it will shut down workloads. When users are coming back to work, workloads will boot up to meet the demand.

What does it mean for me?

With Autoscale, you can make sure, that you do not have unused resources in your data center or in your cloud environment. If you run your workloads in Azure, AWS or GCP, you can save a lot of money if you enable autoscale. All the workloads that are not being used, will be shut down and you will not pay those resources anymore. Next morning the workloads will boot up again and will be available for the users. You can scale-down in one region and scale-up in another region so the resources are always closest to the users.

How to use Autoscale

You can configure Autoscale by editing your Delivery Groups in Studio. Here you can set up how you want to scale your workloads. You can configure anything from scheduling to power-off delay. If you put in a “Machine cost”, you will be able to see your savings in Citrix Director. It is also possible to force a certain number of machines to run at a certain time of day to make sure that you have enough workloads running.

Citrix Delivery Group

Conclusion

If you are running your workloads in a cloud, where you are paying for time-based resource use, Autoscale is a must. It saves you a lot of money and at the same time, it also makes sure that you have enough resources for your company’s needs.

Is VPN more secure than a Remote Desktop solution?

by 1 Comment

VPN more secure than a Remote DesktopMany times I have heard the discussion which remote solution is most secure. Is VPN more secure than a remote desktop solution? Depending on who you ask, you will get a different answer. A network administrator will most likely give you the answer that a VPN is the best solution. A desktop administrator will say to you that a remote desktop solution is better.

Security

When you create a VPN tunnel your company, the traffic flow will be encrypted. This means that it will be very difficult to read your data when it is being sent across the Internet.

The same goes for a remote desktop solution. All the data that are being sent across the Internet is encrypted. If the data flow comes in the hands of hackers, they will not get anything out of it.

The data flow from a VPN solution and a remote desktop are equally secure. so it does not mean that VPN is more secure than a Remote Desktop.

Firewall rules and Policies

The next step we need to look at is the endpoints. When you open up a VPN tunnel from an endpoint, it will become a device on your internal network. This means that your endpoint can communicate with other hosts and machines on your network. Of course, you can limit this with firewall rules and you can also limit what kind of traffic you want to send through the VPN tunnel. For most VPN solutions, this is a big administrative task.

When it comes to remote desktop, you can set up policies on which features that are available for the user. You can control anything from access to local disks to local USB devices. It gives the administrator an easier way to control access to the local network.

Citrix VDI and ICA/HDX Policies

The most advanced remote desktop protocol is ICA/HDX from Citrix. The ICA/HDX protocol is up by virtual channels. Some of these channels are on the picture below.

Citrix HDX Virtual Channels

The virtual channels can be enabled and disabled. They can also be enabled with certain settings. An example could be that you want to disable USB keys, but you want to allow a certain USB scanner. That can be done through the HDX protocol.

Conclusion

The question of whether VPN more secure than a remote desktop depends on the use case. If you want to create a solution for your end-users, I would recommend a remote desktop solution. You can give access to the company network and company data without any of the data leaves the datacenter. At the same time, you will get a system that is easy to control in terms of giving access from the endpoint to the company network. VPN is a great solution to create a site-to-site connection between two company networks, but I do not think it is ideal for users to connect to the company network through a VPN.

Mouse for iPad | Unleash the potential of your iPad with Citrix X1 Mouse

by Leave a Comment

mouse for iPadYou can find a lot of different keyboards for iPads. But you can not find a mouse for iPads. The reason is, that iOS does not support a mouse. And that makes sense since we are talking about a tablet. You are supposed to use your finger to access apps and information on an iPad.

Why do you need a mouse for iPads?

We are in a constant chase for the one device to fix all tasks. An iPad has the right size and the weight is perfect. An iPad is also great to read and access information. Once you want to create a document or a drawing, it really makes difficult without a pointing device. This is because enterprise applications are not developed for touch screens. Citrix created the X1 mouse for iPads to give users the Windows desktop experience on an iPad with the use of Citrix Apps and Desktops. With this solution, you have your powerful laptop and your mobile device in one device.

What about the stylus for the iPad?

Apps for the iPad will be developed so it will be easier to create content. Companies are still using that are installed on a laptop, so we will see a transition from laptop to tablets and the push will come from the users. But for now, this is a great way to give users access to their company tools. Later on, enterprise apps will be developed so we can use these on tablets and touch screens.

How to get the Citrix X1 Mouse for iPads?

You can buy the Citrix X1 Mouse on the Citrix online store. Click here to get to the store.

How to renew RDS grace period on RDS hosts

by 7 Comments

This guide will show you how to renew RDS grace period on your hosts. Microsoft gives you 120 days grace period on RDS. I would say that it would be enough to run a pilot or a PoC. I would only encourage everyone to purchase licenses for your environment and only use this article as a last option.

To renew RDS grace period, you need to find the following registry key and delete it.

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Terminal Server\RCM\GracePeriod”

Before you can delete the registry key, you need to change ownership. You can do that by following these steps:

  1. Right-Click on the key.
  2. Click on “Permissions”.
  3. Click on “Advanced”.
  4. Click on “Owner”.
  5. Select “Administrators”.
  6. Click on “Apply”

You can now delete the key. Reboot the server and you now have a new grace period.