8. March 2009 by Myke.

There’s actually a simpler way to read and write to an NTFS partition from XenServer, but you’ll need to plug your USB drive into a Windows machine and share it. Once shared, and knowing the share name, and the IP address of your Windows machine, you can use the following example mount commands:

mount //192.168.1.13/ShareName /mnt

or
mount //192.168.1.13/Sharename /mnt -o username=olivierw

You may have to supply a password for your share, and you may have to supply an alternate user name to the CIFS service (other than the default ‘root’ user). By-the-way, this is the method that XenServer itself uses when you create an ISO CIFS Storage Repository in XenCenter.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

If you wanted to dedicate a USB drive to your XenServers, you could format it with a Linux filesystem. That way you could use it as storage to backup your VMs, and restore them on other machines if needed. Assuming you know the device name of the partition you want to use, use the following as an example command:

mkfs -v -t ext3 /dev/sdc1

Warning: Doing this will destroy any existing data on the partition, and you will not be able to use this disk on a Windows machine without reformatting it using Windows Disk Manager: You have been warned!

As always, with any Linux command you can use the online manual (if it’s installed), for example:

man mkfs

Once formatted, you can mount this device into the filesystem, as shown previously in USB drive access. Now you can read and write to the drive, as in this following example which will backup a VM to the external USB drive:

xe vm-export vm=’W2K8 DC’ filename=’/mnt/backups/W2K8 DC.xva’

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

Since your XenServer machine is Linux-based, there are some challenges in getting/putting data from/to a removable USB device.

First off: Once you’ve plugged a USB drive into you XenServer machine, how do you access the data therein? The first thing to do is logon to the Control Domain, usually through XenCenter, and type the command:

fdisk -l

Notice that the fdisk command shows the disks that XenServer knows about. I’ve highlighted here (in red) an NTFS USB drive that I’ve plugged into the XenServer. Notice also that the device name is /dev/sdc, and that the first partition on that device has itself a device name of /dev/sdc1. In this example, the local disk on which I’ve installed XenServer is /dev/sda, which has three partitions (shown first in the listing).

Accessing an NTFS USB drive in XenServer

Here I’ve plugged in an NTFS USB drive, and I’ve established that XenServer (Linux) knows the first partition by the name /dev/sdc1.  Since this is a disk device, we need to “mount” it into the Linux filesystem. In this way, it will become a part of the filesystem hierarchy. The only thing I need is an empty directory to mount “over”. Most Linux distributions come with an empty /mnt directory for just this purpose:

mount /dev/sdc1 /mnt

Note that the target directory of your mount has to exist, and any files that existed in that directory will be “hidden” until you un-mount the device (see later for un-mounting). There’s nothing special about the directory you mount over - it’s a regular directory. What I usually end up doing is creating another directory inside of /mnt to mount my disk over. That way I can have many “mount points” if I want to transfer data between them.

The big drawback with mounting an NTFS drive is that it’s supported in read-only mode only. This isn’t usually a problem with software like NTFS-3G being available, but Citrix doesn’t support the installation of any software inside of the XenServer Control Domain.

But at least now I can use regular Linux commands to copy data from the drive, for example you could import an already backed-up VM straight from the drive, using something like:

xe vm-import filename=’/mnt/backups/Windows XP.xva’

This assumes that there was an existing folder in the root of the mounted partition called backups.

Before unplugging the USB drive, you’ll need to “un-mount” the drive, making sure that your current working directory is not somewhere down the /mnt path (or wherever you’ve mounted the device):

cd /
umount /mnt

Now you can safely unplug the USB drive from the XenServer machine.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

Doing a bit of system maintenance, I noticed some interesting stuff today about my %TEMP% folder. 

The folder and its decedents are 13GB in size (that’s with a G and 9 zeros) and has 9,483 files!  This is almost equal to the “free space” on my drive.  Besides needing a bigger drive, this isn’t a good use of space on the machine.  Hum…

How’d it get there?  I’m not totally sure, but a big piece of it is debugging the streaming profiler.  After getting half way through profiling of an application - killing the profiler.  I do this alot.  The profiler tries to be a good citizen and clean up when it is done, but if you kill it, it never gets the chance.  I’ll also add that the profiler doesn’t delete on the way “in” as it ASSUMES that their might be other instances of the profiler running at the same time, so it doesn’t delete their stuff.

Back to me.  13GB wasted in temporary file system space!

XenApp hosted people have it easy.  There’s a configuration option to obliterate the TEMP folders on logoff.  I’m a domain based user using a machine that is part of the domain.  I don’t get the automatic delete on logoff and because I am not admin of the Citrix company domain, I also don’t have ability to set the setting to obliterate everything.  In an ideal world, I would have this Citrix Profile management stuff on my domain and all of this would be magically taken care of for me.  We will get there, but for now I still have 13GB wasted space!

What to do?  Just deleting it won’t be good enough - it will come back!

I went browsing the internet and found this nice article on how to clean house.  I can’t make deleting the TEMP space part of my system’s logoff, but I can command my machine to run batch files of my choosing at logoff.  Great!  If only I had a most-excellent set of batch files to help with the house cleaning.

A bit of coding and now I DO have these and I’m so happy with myself now that I now share the batch files with you.  Installation instructions are inside the batch file comments.

First bat file: logoff-script.bat@echo off
REM This script runs at every logoff for every user.
REM Enable by group policy (local policy)
REM
REM Start/Run GPEDIT.MSC
REM    User Configuration - Windows Settings
REM    Scripts - Logoff
REM    Add - Add this script.
setlocal
set OUTFILE=c:\logoff-script.log

REM Use a worker bat file to faciliate redirection of output.
call logoff-worker.bat | tee -a “%OUTFILE%”
endlocal

Second bat file: logoff-worker.bat@echo off
REM Called by logoff-script to faciliate redirecting output to log file
echo.
echo logoff-script running
date /t
time /t
echo Erasing TEMP directory

echo BEFORE
du -q “%TEMP%”

rd /s /q “%TEMP%” 1>nul: 2>&1
if not exist “%TEMP%\.” mkdir “%TEMP%”

echo AFTER
du -q “%TEMP%”

Things to notice.  First, I logged the output to the root of drive C:.  Mere user’s don’t have privilege to write to this space and on Vista, you’ll probably get a UAC dialog.  Easy to fix by writing to My Documents or similar.

In the main bat, there is a call to “tee -a”.  There are a million tee filters on the Internet.

In the worker, there’s a call to “du.exe” to log the before/after statistics.  This is the du.exe utility from Mark Russinovich (SysInternals).  Download from Microsoft Technet.  If you don’t have the DU utility and still want to log output, dir /s “%TEMP%” 2>&1 | tail -2.   Right, better to use the tool.

What about the registry?  If the file system has garbage left over from interrupted profiling, then the registry should also be poluted.  Went looking, nothing there.  Luck?  Probably not, but I uninstalled/reinstalled the profiler and client yesterday, so it is possible that the installer took care of this for me.  The place to look is HKLM\Software\Citrix\AIE, yes AIE!.  More information on the temporary spaces of the streaming profiler can be found here.

We will begin working on creating these files into Powershell scripts.  Once they are complete we will post them here for download.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

Profile management ensures that the user’s personal settings are applied to the user’s virtual desktop and applications, regardless of the location and end point device.

Profile management is enabled through a profile optimization service that provides an easy, reliable way for managing these settings in Windows environments to ensure a consistent experience by maintaining a single profile that follows the user. It auto-consolidates and optimizes user profiles to minimize management and storage requirements and requires minimal administration, support and infrastructure, while providing users with improved logon and logout.

Profile management is a feature available for XenApp Enterprise and Platinum editions and XenDesktop Advanced, Enterprise and Platinum editions.

Business challenges

In a virtualized world, where users can get to their desktops and applications from practically any location or device, you need to leverage “user profile” technology to ensure users get a consistent experience every time. When users log on to their virtual desktop or launch a virtual application, they want to see everything just as they left it, with their own personal settings, shortcuts, toolbars, templates, desktop wallpapers and favorites. The more complex and varied the user access scenarios, the more challenging it becomes for IT to manage these user profiles.

The most common challenges that impact the user experience and that administrators have to address when managing user profiles are:

• Last writer wins – When users work on more than one physical or virtual device, their individual personal settings may be overwritten in a seemingly random manner when they log off.
• Profile bloat and logon speed – Profile bloat creates unwieldy growth in user profiles and resulting storage and management issues. Typically during logon Windows copies the user’s roaming profile over the network down to the local machine. Logon time is prolonged by the time it takes to transfer the whole profile over the network. The larger the profiles are and the more files they contain the slower the logons will be.

Key benefits of using Profile management

• Consistent Experience: Increases user satisfaction and improves productivity
  — Reliable roaming experience: Ensures that personal settings, documents, shortcuts, templates, desktop wallpapers, cookies and favorites always follow the user across different Windows environments on any device.
  — Faster logon times: Provides the ability to control and reduce the profile size, which improves the logon times.
• Better Management: Reduces administrative burden
  — Inclusion by default: By default all settings are captured, reducing the amount of time and effort spent in identifying what should be captured in a profile.  Administrators only need to focus on the items to be excluded from a profile, such as conflicting settings, files or folders that bloat the profile.
  — Profile size control: Enables administrators to only include specific files and folders or exclude unnecessary ones that account for tens or hundreds of megabytes, minimizing the amount of data being managed and stored in the profile and decreasing network overhead.
  — Robust profiles: Automatically detects and stores all modified profile settings in the registry and file system and can be configured to capture any kind of registry and file system modification within the profile. Prevents the unintentional overwriting of user profiles by using built-in logic to determine which data should be kept.
  — Extended synchronization: Allows administrators to synchronize files and folders for poor-performing applications that do not store user-related content within the user profile but somewhere on the device hard disk.
  — Detailed reports: Logs detailed information on all actions being performed in an easy to read and understandable format, simplifying the troubleshooting and analysis process.
  — Easy to implement and simple to maintain: Enables administrators to automatically migrate existing user settings and choose at a granular level which profile information to keep or discard. It runs as a system service, and does not require any additional servers, services, or databases or changes to logon scripts.

To use Citrix Profile Management, just log into MyCitrix.com and download it.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

Thanks to the folks over at the Register for this information.

Researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga: a new module that is being pushed out to some infected systems.

In a couple of ways, the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshark and regmon.

And for another, it also greatly expands the number of domain names infected machines contact on a daily basis.

Up to now, a pseudo random domain name generator produced 250 addresses that infected machines reported to each day. The industry consortium, dubbed the Conficker cabal, responded by cracking the algorithm and snapping up those domains ahead of the malware authors to prevent the infected machines from sustaining further damage.

The new component ups the ante by increasing the number of domains to 50,000 per day.

“It’s clearly trying to work around the work of the cabal,” Vincent Weafer, vice president of Symantec Security Response, told The Register.

So far, Symantec has been able to confirm delivery of the new component to only a handful of machines. Symantec researchers are in the process of determining if the updates are just the beginning of what will eventually be pushed out to infected machines everywhere, but either way, this appears to be the first time the malware authors have actually pushed out an update. Up to now the machines have phoned home but never received a reply.

“That’s what makes this interesting, because this is what we believe is the first example of receiving an answer to that call,” Weafer said. “Today is the very first case of that being successful.”

Estimates of the number of machines infected by Conficker vary, from hundreds of thousands to more than 10 million. Weafer and other security researchers have said Conficker’s growth has slowed over the past few weeks. That suggests its authors may be more focused on protecting the machines they’ve already vanquished than claiming new ones.

posted by: Myke Reinhold
source: The Register

Posted in Internet, Security | No Comments »