Module6 Installingand ConfiguringProvisioning Services

Overview

XenServeristhesimplestandmosteffectivewaytovirtualizeandprovisionservers.Withthe additionofProvisioningServices,on-demandprovisioningofbothphysicalandvirtualserversisTimings: enabled,providingtheabilityto: Module:60minutes •Streamavirtualserverworkloadimagetoavirtualmachine. Exercises:90minutes •Createacommonworkloadimagethatcanprovisionbothphysicalandvirtualservers. TotalTime:150minutes ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices129

Objectives

Aftercompletingthismodule,youwillbeableto: •ConfigureProvisioningServices. •DeterminewhichoptionstoselectduringaProvisioningServicesinstallation. •IdentifythekeycomponentsandservicesofProvisioningServicesarchitecture. •IntegrateProvisioningServiceswithActiveDirectorytoenableActiveDirectorypassword management. •PrepareatargetdeviceforvDiskassignmentbyaddingthedevicetotheProvisioningServices database.

Provisioning Services Technology

ProvisioningServicesprovidestheabilitytoprovisiontheoperatingsystemofacomputerandre- provisionitinreal-timefromasingleshared-diskimage.Indoingso,youcancompletelyeliminateFormoreinformationaboutProvisioningServices6.0, theneedtomanageandupdateindividualsystems.readtheCitrixblog: http://blogs.citrix.com/2011/09/28/provisioning-services-6-0-ProvisioningServicesisbasedonsoftware-streamingtechnology.Afterinstallingandconfiguring from-single-image-delivery-to-single-image-management/ProvisioningServicescomponents,avDiskiscreatedfromtheharddriveofadevicebytakinga 130Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

snapshotoftheoperatingsystemandapplicationimage,andthenstoringthatimageasavDiskfile onthenetwork.AdevicethatisusedduringthisprocessisreferredtoasaMastertargetdevice. ThedevicesthatusethosevDisksarecalledtargetdevices. vDiskscanexistonaProvisioningServiceshost,fileshare,orinlargerdeployments,onastorage systemwithwhichtheProvisioningServiceshostcancommunicate,suchasiSCSI,SAN,NAS,and CIFS.vDiskscanbeassignedtoasingletargetdeviceinprivateimagemode,ortomultipletarget devicesinstandardimagemode. Whenatargetdeviceisturnedon,itissettostartfromthenetworkandtocommunicatewitha ProvisioningServiceshost.ThetargetdevicedownloadsthestartupfilefromaTFTPserver,and thenthetargetdevicestartsup.Basedonthedevicestartupconfigurationsettings,theappropriate vDiskislocated,thenmountedbyaProvisioningServiceshost.ThesoftwareonthatvDiskis streamedtothetargetdevice,asneeded. InsteadofimmediatelypullingallthevDiskcontentdowntothetargetdevice,thedataisbrought acrossthenetworkinreal-time,asneeded.TheProvisioningServiceshostprovidesfilesfromthe vDiskastheyarerequestedbytheoperatingsystem,inthesamewaythattheoperatingsystem wouldnormallyrequestthemfromitsharddrive.Thisapproachallowsatargetdevicetoloada completelynewoperatingsystem,andsoftwarefromthevDiskinthetimeittakestorestart.This approachdramaticallydecreasestheamountofnetworkbandwidthrequiredbytraditionaldisk imagingtools;makingitpossibletosupportalargernumberoftargetdevicesonyournetwork withoutimpactingoverallnetworkperformance.

Provisioning Services for XenServer

EachlicensedXenServerhostcanprovision: •UnlimitedvirtualmachinesontheXenServerAdvanced,Enterprise,orPlatinumhost. •AnadditionalthreephysicalserversfromaXenServerPlatinumhost.

Citrix Provisioning Services Components

DuringaProvisioningServicesinstallation,youinstallthecomponentsandservicesnecessaryto providesoftwarestreaming.Itisessentialtoknowthefunctionsofeachcomponentandhoweach servicefacilitatescommunicationbetweenthesecomponents.TheCitrixProvisioningServices componentsinclude:

ProvisioningServicesHostAProvisioningServiceshoststreamsavDisktoatargetdevice.The ProvisioningServiceshostactsasaproxybetweenthetargetdevice andthevDiskstorebyusingtheStreamServicetostreamcontent fromthevDisktothetargetdevice. ProvisioningServicesAProvisioningServicesdatabasestoresallProvisioningServices Databasehosts,vDisk,targetdevices,andsystemconfigurationsettingsthat existwithinafarm.Onlyonedatabasecanexistwithinafarmand allProvisioningServiceshostsinthatfarmmustbeableto communicatewiththedatabase.ProvisioningServicessupports MicrosoftSQL2005,2008,and2008R2. StoresAstoreisthelogicalnamegiventoaphysicalorvirtualstorage locationforvDisks.Astorecanbeplacedonalocaldriveona ProvisioningServiceshost,aSAN,aCIFSshare,aNAS,oraUNC path.Inthisway,astorecanbeusedforanentirefarmorfora particularsiteorserver. vDiskAvDiskisafilethatcontainsanimageoftheharddriveofa device,includingoperatingsystemandanyinstalledapplications.A ProvisioningServiceshoststreamstheimagetotargetdevices. vDisksarehousedinastore,whichcanbelocatedeitherlocallyon aProvisioningServiceshostoronasharedstoragedevice. vDiskPoolsAvDiskpoolisacollectionofallvDisksavailabletoasite.Asite cancontainonlyonevDiskpool. TargetDeviceAtargetdeviceisanydesktoporserversystemthatreceivesa streamedoperatingsystemandapplicationsfromavDisk.Each targetdevicecontinuestohaveitsownidentityonthenetworkand withintheexistingnetworkdirectoryservices. MasterTargetDeviceAmastertargetdeviceisusedtocreateandtestagoldenimageand representsthepristinestateofasystem,includingalloperating systemandapplicationupdatesandconfigurations.Themaster targetdeviceisusedtocreateavDiskthatwillbesharedby multipleendusers. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices131

CitrixLicenseServerThelicenseserverstoresProvisioningServiceslicenses.You downloadlicensesfromtheCitrix.comwebsitetothelicenseserver, whichthenchecksthelicenseouttotargetdevicesasrequested.For moreinformationaboutCitrixlicensing,seeCitrixeDocsat edocs.citrix.com.

Citrix Provisioning Services Infrastructure

TheCitrixProvisioningServicesinfrastructureisorganizedintothefollowinghierarchy: FarmAfarmrepresentsthetoplevelofaProvisioningServices infrastructureandprovidesyouwithamethodofdefiningand managinglogicalgroupsofProvisioningServicescomponentsinto sites.AfarmcontainsaCitrixLicenseServerandMicrosoftSQL database. SiteAsitecontainsoneormoreProvisioningServiceshosts,device collections,views,vDiskpools,andcancontainlocalsharedstorage. Asiteisanadministrativeunitthatcancorrespondwithaphysical location,suchasabranchofficeorfloorofabuilding,anIPrange, orotherlogicalgrouping.ProvisioningServiceshostswithinasite communicatewiththefarmcomponentstoobtaininformation necessarytostarttargetdevicesandstreamvDisks.IfvDisksare locatedonsharedstorageatthefarmlevel,ProvisioningServices hostswithinthesitemusthaveaccesstothestore. 132Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

DeviceCollectionAdevicecollectionisalogicalgroupingoftargetdevices.Adevice collectioncouldrepresentaphysicallocation,asubnetrange,ora logicalgroupingoftargetdevices.Organizingtargetdevicesinto collectionssimplifiesmanagementbecausetaskscanbeperformed atthecollectionlevel,ratherthanonadevice-by-devicebasis.A targetdevicecanonlybeamemberofonedevicecollection. ViewViewsallowyoutoquicklymanageagroupoftargetdevices.Views aretypicallycreatedaccordingtobusinessneeds,suchasaphysical location,orusertype.Unlikedevicecollections,atargetdevicecan beamemberofmultipleviews. vDiskPoolAvDiskpoolisacollectionofallvDisksavailabletoasite.Thereis onevDiskpoolforeachsite.

Provisioning Services Administration

ProvisioningServicescanbeadministeredfromtheProvisioningServicesConsoleorfromthe Managementcommand-lineinterface. ProvisioningServicesTheProvisioningServicesConsoleisautilitythatisusedtomanage ConsoleProvisioningServicesandtocreateandconfigurevDisksandtarget devices.TheConsoleisanMMC-basedadministrationconsolethat includesthefollowingfunctionalities: •IntegratedWindowsauthenticationusinglocalgroupsorActive Directorygroups •RemoteadministrationofserversanddevicesinafarmYou canalsotakeadvantageoftheMMCtaskpadviewtoconfigure listsofcommonadministrationtasks. Example:TaskpadViewYoumightaddtheActiveDirectoryUsersandComputerssnap-in totheProvisioningServicesConsole.Youcouldthenusethe taskpadviewtocreatealistoftasksinProvisioningServicesand ActiveDirectorythatmustbecompletedwhenavDiskandtarget deviceareprovisionedforanewemployee. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices133

ManagementCommand-TheManagementcommand-lineinterfaceallowsyoutomanage lineInterfaceProvisioningServicesthroughacommand-lineinterfaceandto automatecommontasks,suchasaddingordeletingavDiskwith scripts.FormoreinformationaboutManagementcommand-line interface,seeCitrixeDocsatedocs.citrix.com. Duringinstallation,thevboxloadsthemanagementAPI. Youcandeselectthisoptiontoremovethemanagement command-lineinterface.

Administrative Roles

TheabilitytoviewandmanageobjectswithinaProvisioningServicesimplementationis determinedbytheadministrativeroleassignedtoanyobjectinActiveDirectory.Provisioning ServicesmakesuseofWindowsandActiveDirectorygroupsthatalreadyexistwithinthenetwork. Thefollowingadministrativerolescanbeassignedtoagroup: FarmAdministratorAfarmadministratorcanviewandmanageallobjectswithina farm.Farmadministratorscanalsocreatenewsitesandmanage rolemembershipsthroughouttheentirefarm.Whenafarmisfirst configured,theadministratorthatcreatesthefarmisautomatically assignedthefarmadministratorrole. SiteAdministratorAsiteadministratorhasfullmanagementaccesstoallobjectswithin asite.Forexample,asiteadministratorcanmanageProvisioning Services,siteproperties,targetdevices,devicecollections,vDisk assignments,andvDiskpools.Ifafarmadministratorassignsasite astheownerofaparticularstore,thesiteadministratorcanalso managethestore.Thesiteadministratorcanalsomanagedevice administratoranddeviceoperatormemberships. DeviceAdministratorAdeviceadministratormanagesdevicecollections.Device collectionsconsistofalogicalgroupingoftargetdevices. 134Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

DeviceOperatorAdeviceoperatorhasadministratorprivilegestoperformthe followingtaskswithinadevicecollection: •Startandrestartatargetdevice. •Shutdownatargetdevice. •Viewtargetdeviceproperties. •ViewvDiskpropertiesforthosevDisksassignedtoatarget device.

Key Services

ProvisioningServicesusesthefollowingservices. ExplainthePXEandDHCPoptionrequirements. FormoreinformationaboutloadbalancingTFTPservers,CitrixLicenseServiceTheCitrixlicenseserviceretrievestheproductlicensefromthe seeCitrixarticleCTX116337onhttp://support.citrix.com.licenseserver. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices135 StreamServiceTheStreamServicemakesvDiskstreamingpossiblebyprovidinga vDiskanditscontentstotargetdevices.TheStreamServicestreams thecontentsofthatvDiskondemand,eliminatingtheneedto streamtheentirecontentsofavDiskduringstartup.TheStream ServicealsotransfersdatafromatargetdevicetoavDiskwhenthe targetdeviceusesthevDiskinprivateimagemodeandfromthe devicetoawritecachewhenthevDiskisinstandardimagemode. SOAPServiceTheSOAPserviceprovidesaframeworktoenableexternalor existingsolutionstointerfacewithandmanageProvisioning Services.TheProvisioningServicesConsoleandtheManagement CLIbothusethisservice. TheStreamServiceandSOAPServicearefundamental ProvisioningServicestechnologiesandrequired installationcomponents.Theseservicescannotrunas standaloneservices. Inaddition,ProvisioningServicesalsousesbootservicesduringthestartupprocessto communicateandexchangeinformationbetweentheProvisioningServicescomponents.Theboot servicesincludePXE,BOOTP,DHCP,andTFTP.

PXE

ThePre-ExecutionEnvironment(PXE)protocolisaBIOSextensionthatenablestargetdevicesto startupfromanetworkinterfacecard(NIC),regardlessoftheavailabilityoflocaldatastorage devicesoroperatingsystems.ThePXEprotocolismadeupofagenericcomponentcommontoall devicesandavendor-specificcomponent.PXEcombineseitherBOOTPorDHCPandTFTPto locateIPaddressofthetargetdevice,thelocationoftheProvisioningServiceshost,anddownload thebootstrapfile.TargetdevicesmustsupportPXEinordertostartupfromthenetwork. Whenatargetdeviceisturnedon,itsendsaDHCPbroadcastthatidentifiesthetargetdeviceas PXEcompatible. PXEreceivesdataonUDPport67andsendsdatatoUDPport68. ProvisioningServicessupportsPXE.99jorlater.RunningmultiplePXEserversinthe sameenvironmentmightresultinperformanceproblems.

BOOTP

TheBootstrapProtocol(BOOTP)isaprecursortoDHCP,andlikeDHCP,itisaUDPprotocol thattargetdevicesusetorequestandobtainIPaddressesfromaBOOTPserver.BOOTPcanalso deliverthebootstrapfilelocationandfilenametoatargetdevice.TheBOOTPserverreceives requestsonUDPport67andsendsdatatoUDPport68onatargetdevice.WhileBOOTPisno longercommon,itcanbeusedwhenDHCPdoesnotmeettherequirementsofanenvironment.

DHCP

TheDynamicHostConfigurationProtocol(DHCP)isusedbythetargetdevicetorequestand obtainanIPaddressfromtheDHCPservice.DHCPusesOptions66and67tospecifythe bootstrapfilelocationandfilenametoatargetdevice.TheDHCPservicereceivesrequestson UDPport67andsendsdatatoUDPport68onatargetdevice. DHCPreservationscanbeusedwhenoneormoretargetdevicesmustreliablyreceivethesameIP addressfromtheDHCPservice.

TFTP

TargetdevicesusetheTrivialFileTransferProtocol(TFTP),whichisasimplefiletransfer protocol,torequestandreceiveabootstrapfilefromtheTFTPservice.TheTFTPservicereceives requestsonUDPport69andsendsdatatoUDPport69onatargetdevice. 136Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

DHCP Deployment Options

•StandaloneDHCP •Co-hostedDHCPandProxyDHCP •SeparatedDHCPandProxyDHCP StandaloneDHCPisbyfarthemostcommonconfiguration.

Standalone DHCP

InastandaloneDHCPconfiguration,theDHCPserviceperformsallnon-TFTPcommunications betweentheProvisioningServiceshostandtargetdevices. YoumustconfigureDHCPoptions66and67whenastandaloneDHCPconfigurationisusedin ordertocommunicatetheIPaddressoftheTFTPserverandthebootstrapfilenametoatarget device. StandaloneDHCPconfigurationsaremostcommonlyusedinproductionenvironments andrequireassistancefromDHCPornetworkadministrators.

Co-hosted DHCP and Proxy DHCP

AproxyDHCPserviceisaPXEservicerunningeitheronaserverotherthantheserverthathosts theDHCPservice,oronthesameserverusingport4011insteadofport67.WhereasPXEscope optionsmightnotbeenabledontypicalDHCPservices,theappropriateDHCPoptionsareenabled ontheproxyDHCPservicethatisinstalledaspartoftheProvisioningServiceshostPXEservice. ThisallowstheproxyDHCPtorespondappropriatelytotargetdevicerequests. IfyoudonothaveaccesstotheDHCPconfiguration,youcanchoosetosetupaproxyDHCP serverthathoststhePXEservice.Thefollowingtableliststheinformationthetargetdevicereceives fromeachserviceinanenvironmentinwhichtheDHCPandproxyDHCPservicesarehostedon thesameserver.

Service Port Information Sent to Target Device

DHCP67IPaddressofthetargetdevice

Service Port Information Sent to Target Device

ProxyDHCP4011•IPaddressofTFTPservice •Nameofbootstrapfile

Separated DHCP and Proxy DHCP

IfyoudonothaveaccesstotheDHCPconfiguration,youcanchoosetosetupaproxyDHCP serverthathoststhestartupservices.Thefollowingtableliststheinformationthatthetargetdevice receivesfromeachserviceinanenvironmentinwhichtheDHCPandproxyDHCPservicesare locatedonseparateservers.

Service Port Information Sent to Target Device

DHCP67IPaddressofthetargetdevice ProxyDHCP67•IPaddressofTFTPservice •Nameofbootstrapfile

DHCP Configuration

YoumustmanuallyconfigureDHCPPXEscopeoptionstoprovidethebootstrapfileinformation toatargetdeviceatthesametimetheDHCPservicesendsthetargetdeviceIPaddress.IfDHCP PXEoptionsarenotconfigured,theDHCPserviceprovidesonlytheIPaddresstothetarget device. ThefollowinginformationdescribestheDHCPPXEoptionsthatarenecessaryinaProvisioning Servicesenvironment. 60IdentifiesthetargetdeviceasaPXEclient.Thedefaultsettingis PXEClient. 66IdentifiestheFQDNorIPaddressoftheTFTPservice.Whenthe FQDNoftheTFTPserviceisusedinDHCPoption66,DNS resolvestherequestandreturnstheIPaddressoftheTFTPservice tothetargetdevice. 138Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

67Identifiesthenameofthebootstrapfile.Thedefaultsettingis ardbp32.bin. Dependingonthedesignofthefarmandsites,youmightwanttosetDHCPoptionsattheglobal orscopelevel.GlobaloptionsapplytoallDHCPresponsesmadebytheserver.Scopeoptionsapply onlytothoseIPaddressesthatarepartofthescope. SpanningTreeProtocolisalinkmanagementprotocolthatpreventsnetworkloopsina bridgedLANandprovidespathredundancy.SpanningtreecancausePXErequeststo timeout.YoucanpreventPXErequesttimeoutsusingoneofthefollowingmethods: •DisablingspanningtreeonProvisioningServiceshostswitchports •EnablingspanningtreeportfastmodeonallProvisioningServiceshostswitchports

Test Your Knowledge: Key Services

Matchthefollowingtermswiththecorrectdescriptions. •CitrixLicenseServer •StreamService •SOAPService •DHCP •PXE •TFTP

Term Description

StreamServiceProvidesavDiskanditscontentstotarget devices. DHCPAssignsanIPaddresstotargetdevices. CitrixLicenseServerRetrievestheproductlicense. PXEEnablestargetdevicestostartupfroma networkinterface. TFTPDeliversstartupinformationtotargetdevices. SOAPServiceProvidesaframeworktoenableexternalor existingsolutionstointerfacewithandmanage ProvisioningServices. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices139

Installation Planning

AnumberofdecisionsmustbemadebeforeinstallingandconfiguringProvisioningServices, including: •IsproxyDHCPrequired? •WhichSQLservereditiontousefortheProvisioningServicesdatabase? •Whichadministrativepermissionsarenecessary? •Whatistheoptimalfarmlayoutofdatabases,sites,andhighavailability? •WhichserverwillbeusedastheCitrixLicenseServer? •DoestheenvironmentmeetthehardwareandsoftwarerequirementsforaProvisioning Servicesinstallation?

Provisioning Services Farm Design

YoushouldplanaProvisioningServicesfarmdesignpriortoinstallingProvisioningServicesto makedecisionsduringtheinstallationandconfigurationprocess.Considerthefollowingitems whenplanningafarmdesign: •Farmname •SQLdatabaseserver •SQLdatabaseauthentication •Sites •Stores •Devicecollections •Role-basedadministration •Highavailability Farmname,site,store,anddevicecollectionobjectsareusedforadministrativepurposes onlyanddonotcorrelatetofarmstructuresusedbyXenDesktop,XenApp,XenServer,or anyotherproduct.

Farms

Whenplanningthenumberoffarmsrequiredtosupportagivenenvironment,youshouldconsider thecommunicationthattakesplacebetweenProvisioningServiceshostsandthedatabase. ProvisioningServiceshostscommunicatewiththedatabaseconstantlytoaccessinformationthatis usedtostreamvDiskstotargetdevices.Thedatabaseshouldbelocatedinphysicalproximitytothe ProvisioningServiceshostsinthefarmtominimizelatencyandensureoptimaltargetdevice performance. 140Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

Forexample,alargeenterprisewithofficesaroundtheworldshouldconsidercreatingafarmfor eachmajorbusinessregiontoavoidlatency.IftargetdevicesarelocatedinNorthAmerica,Europe, andSouthAmerica,considercreatingthreefarms.

SQL Database Server

OnlyoneProvisioningServicesdatabaseisassociatedwithafarm. TheProvisioningServicesdatabasecanbecreatedonanexistingSQLdatabaseserver,providedthe servercancommunicatewithallProvisioningServiceshostswithinthefarm. Insomeproductionenvironments,yourdatabaseadministratormightprefertocreatea ProvisioningServicesdatabaseforyou.Inthiscase,providetheMicrosoftSQLdatabase administratorwiththefilecreatedusingtheDBScript.exeutility,whichisinstalled withtheProvisioningServicessoftware. Thedatabasedoesnotgrowsignificantlyasmoreobjectsareaddedtoit.Thedatabasetypically growsby10MBwiththeadditionof10,000targetdevices.Forexample,thedatabaseina ProvisioningServicesfarmwith50,000targetdeviceswouldoccupyapproximately50MBofdisk space.Formoreinformationaboutscalabilitystatistics,seeCitrixeDocsatedocs.citrix.com.

SQL Database Authentication and Configuration

ProvisioningServicesusesWindowsauthentication.AllProvisioningServicescomponents, includingtheConfigurationWizardandservicesthataccessthedatabase,mustruninthecontext ofthelogged-onuser. Services,suchastheStreamServiceandSOAPservice,requireminimalprivilegesintheend-user configuration. ProvisioningServicessupportsWindowsauthentication,asrecommendedbyMicrosoft. MicrosoftSQLServerauthenticationisnotsupported,exceptwhenrunningthe ConfigurationWizard.

Configuration Wizard User Permissions

ThefollowingMicrosoftSQLpermissionsarerequiredfortheuserthatisrunningthe ConfigurationWizard: •dbcreator,whichisrequiredforcreatingthedatabase •securityadmin,whichisrequiredforcreatingtheSQLlogonsforthestreamandSOAPservices IftheenduserdoesnothavesufficientSQLpermissions,adialogboxpromptsforaSQLServer enduserwhohastheappropriatepermissions(dbcreatorandsecurityadmin). ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices141

IfusingSQLExpressinatestenvironment,youcanchoosetoprovidetheenduserwhoisrunning theConfigurationWizardsysadminpermissions(thehighestdatabaseprivilegelevel). Alternatively,ifthedatabaseadministratorhasprovidedanemptydatabase,theenduser runningtheConfigurationWizardmustbetheownerofthedatabaseandhavethe"View anydefinition"permission.Thesesettingsaresetbythedatabaseadministratorwhenthe emptydatabaseiscreated.

Service Account Permissions

TheusercontextfortheStreamandSOAPservicesrequiresthefollowingdatabasepermissions: •db_datareader •db_datawriter •executepermissionsonstoredprocedures TheConfigurationWizardassignsthesepermissions,providedtheuserhassecurityadmin permissions. Inaddition,theserviceusermusthavethefollowingsystemprivileges: •Runasservice •Registryreadaccess •ProgramFiles\Citrix\ProvisioningServices •Read/writeaccesstoanyvDisklocation TheStreamandSOAPservicescanrununderoneofthefollowingsupporteduseraccounts: •Networkserviceaccount,whichisaminimumprivilegelocalaccountthatauthenticatesonthe networkascomputersdomainmachineaccount •Specifieduseraccount(requiredwhenusingaWindowsShare),whichisaworkgroupor domainuseraccount •Localsystemaccount(forusewithSAN) Becauseauthenticationisnotcommoninworkgroupenvironments,minimalprivilegeuser accountsmustbecreatedoneachserver,andeachinstancemusthaveidenticalcredentials. InstallingSQLServerandProvisioningServicesonthesameservercancausepoor distributionduringloadbalancing. ThesecurityoptionyouselectforaProvisioningServicesfarmimpactsRole-BasedAdministration andusergroups.Youcanchooseonlyoneofthefollowingoptions: 142Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

•UseActiveDirectorygroupsforsecurity(default),whichisselectedifaWindowsDomain runningActiveDirectory-thisoptionenablesyoutotakeadvantageofActiveDirectoryfor ProvisioningServices'roles •UseWindowsgroupsforsecurity,whichisselectedifasingleserverorinaWorkgroup-this optionenablesyoutousetheLocalUser/GroupsonthatparticularserverforProvisioning Services'roles

Sites

AProvisioningServicessiteprovidesbothasiteadministratorandfarmadministratorwitha methodofrepresentingandmanaginglogicalgroupingsofProvisioningServiceshosts,device collections,andlocalsharedstorage. Youcancreateadditionalsitesatanytime,butitishelpfultoplanhowsiteswillbeusedto logicallygroupProvisioningServicescomponentsanddetermineappropriatenamingconventions beforeinitialconfiguration. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices143

Stores

WhenvDiskfilesarecreatedintheConsole,theyareassignedtoastore.OneormoreProvisioning ServiceshostswithinasitearegivenpermissiontoaccessastoreinordertoservevDiskstotarget devices. Severaldifferenttypesofstorescanbecreatedbaseduponhowconfigurationsaremade,buttypical storeconfigurationsinclude: FarmStoreAfarmstoreisavailabletoallProvisioningServiceshostswithina farm. SiteStoreAsitestoreisrestrictedtoProvisioningServiceshostswithina specifiedsite. 144Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

DistributedServerStoreAdistributedserverstoreiscomprisedofvDiskstoragelocations hostedonseveralProvisioningServiceshosts.AnyvDisksthatwill havefailoverprotectioninthisstoremustbemanuallycopiedto eachProvisioningServiceshost.Inthisconfiguration,each ProvisioningServiceshostisconfiguredwithapathtothestorage locationthatoverridesthepathconfiguredinthestore.Inthisway, failoverprotectionissharedamongseveralProvisioningServices hosts. AstorageclusterfilesystemisrequiredwhenusingSANshared amongmultipleProvisioningServiceshosts.Additionally,allservers needsimultaneousread/writeaccesstotheSANstorageand database. SingleServerStoreAsingleserverstorecanonlybeaccessedbyasingleProvisioning Serviceshost.Singleserverstorescanbelocaldrivesonthe ProvisioningServiceshostoraSANthathasbeenconfiguredasa localdrive. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices145

Storage Requirements

HarddisksizeandfreespacearecrucialtoProvisioningServicesperformanceiftheProvisioning Serviceshostisgoingtostorewrite-cachefilesorvDisks,whichcanbeverylargeinsize.ARAID array,SAN,orNASmightimprovestreamingperformance. Theharddiskspacerequirementvariesdependinguponthefollowingoptions. StaticorDynamicvDisksStaticvDisksrequiretheallocationofaspecificamountofharddisk spacewhenthevDiskiscreated.Thespaceallocatedtoastatic vDiskcannotbechangedoncethevDiskhasbeencreated.A dynamicvDiskdoesnotneedallocatedspacebecauseitexpandsas additionaldataisaddedtothevDiskfile. StandardorPrivatevDisksStoragerequirementswillvarysignificantlydependinguponthe needforsharedorprivatevDisks.Anenvironmentthatrequiresa largenumberofprivateimagevDiskswillrequiresignificantlymore storagespacethananenvironmentthatcanruntargetdeviceson relativelyfewstandardimagemodevDisks. Write-CacheStorageIfthewrite-cacheforatargetdeviceisstoredonaProvisioning LocationServiceshost,sufficientspacemustbeavailable.Write-cachesizes varydependinguponhowlongthecachefilehasbeenleftopen betweenstartsorrestarts,soyoushouldexaminetheneedsofthe environmentwhenplanningspaceforwrite-caches.Additionally, youshouldconsiderthenumberoftargetdevicesthatwillrun simultaneouslywhenconfiguringthewrite-cache. vDiskStorageLocationThesizeofavDiskvariesdependingupontheoperatingsystemand applicationstackinuse,buttheyaretypicallylargefilesthattakeup severalGBataminimum.Youshouldensurethattheamountof harddrivespaceavailableonthedesiredstoragelocationis sufficienttosupportexistingvDisksandanyplannedfuturegrowth. vDiskBackupCopiesYoushouldmaintainabackupcopyofallproductionvDisks. Therefore,youshouldplanforenoughfreeharddrivespaceto accommodatetwocopiesofavDisk. 146Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

FutureGrowthWhenplanningspacerequirementsforastaticvDisk,youshould plantoallowspaceforfuturegrowth,whichcouldinclude additionalapplicationsandupdates.

Sample vDisk Storage Requirements

ThefollowingtableliststypicalharddiskstoragesizesforstaticvDisksrunningvariousoperating systemsandapplications. •Allharddisksizeslistedareestimates. •AdditionalspaceisrequiredforvDisksbasedontheapplicationstack.

Operating System Hard Disk Size

WindowsServer200310-15GB,basedonsystemfunctionality WindowsServer2008R216-20GB WindowsXP2GBforoperatingsystem WindowsVista15GBforoperatingsystem Windows715GBforoperatingsystem Linux5GBforoperatingsystem XenApp5(WindowsServer2008)16-20GB,basedonsystemfunctionality XenApp6(WindowsServer2008R2)16-20GB,basedonsystemfunctionality ProvisioningServicessupportstheuseofseveralstoragetechnologies. Formoreinformationaboutthebenefitsandconfigurationsofdifferentstoragetechnologies,see CitrixarticleCTX125126onsupport.citrix.com. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices147

Provisioning Services Installation

PriortobeginningtheinstallationprocessforProvisioningServices,itisimportantthatyoufirst installanyWindowsservicepacks,drivers,andupdates.Ifyouhavetime,showthestudentsthisvideoabout InstallingCitrixProvisioningServices,seeCitrixTVatAbasicProvisioningServicesimplementationincludesasingleProvisioningServiceshostonwhich www.citrix.com/tv/#videos/1605.allservercomponentsareinstalled.Thisinstallationalsoincludesvariousproductutilities,suchas 148Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

theConfigurationWizard,thefollowingcomponentsincludeandtheProvisioningServicesConsole andtheStreamService. However,complexenvironmentsrequireyoutoplanoutthefarmconfigurationandProvisioning Servicesinstallationcarefully. TheProvisioningServicesinstallationpackageincludesthefollowingcomponents: •ProvisioningServicesConsole •StreamService •Networkbootservices •Productdocumentation •ManagementApplicationProgrammingInterface(API) Installationofnetworkservicesisoptional.TheseservicesincludeDHCP,BOOTP,PXE, andTFTP. FormoreinformationaboutinstallingProvisioningServices,seeCitrixeDocsatedocs.citrix.com.

Provisioning Services Configuration

ProvisioningServicescanbeconfiguredusingtheProvisioningServicesConfigurationWizard.The ConfigurationWizardspecifiessettingssuchasthelocationoftheDHCPandlicenseserver.TheIfyouhavetime,showthestudentsthisvideoabout ConfigurationWizardstartsautomaticallyaftertheProvisioningServicesinstallationiscompletedConfiguringCitrixProvisioningServices,seeCitrixTVat andisavailableatanytimefromtheProvisioningServicesmenufromtheStartbutton.http://www.citrix.com/tv/#videos/1604. RunningtheConfigurationWizardrestartsallservicesforProvisioningServices,which canbehelpfulwhentroubleshooting.

Farm Configuration

TheConfigurationWizardallowsyoutoconfiguretheProvisioningServicesfarmbyselectingto: •Createanewfarmorjoinanexistingfarm. •Createanewdatabaseoruseanexistingdatabase. •Createanewsiteorjoinanexistingsite.

•Createanewdevicecollectionoruseanexistingdevicecollection.

Bootstrap Server Configuration

Whenconfiguringthebootstrapserver,selecttheappropriateoptionstoenablefortheProvisioning Serviceshost: VerboseModeSelecttheVerboseModeoptionifyouwanttomonitorthestartup processonthetargetdevice(optional)orviewsystemmessages. InterruptSafeModeSelectInterruptSafeModeifyouarehavingtroublewithyour targetdevicefailingearlyinthestartupprocess.Thisenables debuggingoftargetdevicedriversthatexhibittimingorstartup behaviorproblems. AdvancedMemoryThissettingenablesthebootstraptoworkwithnewerWindows Supportoperatingsystemversionsandenabledbydefault.Onlydisablethis settingonolderXPorWindowsServerOS32-bitversionsthatdo notsupportPAE,orifyourtargetdevicestopsrespondingor behaveserraticallyintheearlybootphase. NetworkRecoveryMethodTherearetwooptionsforthismethod: •RestoreNetworkConnections:Selectingthisoptionresultsin thetargetdeviceattemptingindefinitelytorestoreitis connectiontotheProvisioningServiceshost. •ReboottoHardDrive:Selectingthisoptioninstructsthetarget devicetoperformahardwareresettoforcearestartafterfailing tore-establishcommunicationsforadefinednumberof seconds.Theuserdeterminesthenumberofsecondstowait beforerestarting.Assumingthenetworkconnectioncannotbe established,PXEwillfailandthesystemwillrestarttothelocal harddrive.Thedefaultnumberofsecondsis50,tobe compatiblewithhighavailabilityconfigurations. Aharddrivemustexistonthetargetdevice ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices149

LogonPollingTimeoutEnterthetime,inmilliseconds,betweenretrieswhenpollingfor ProvisioningServiceshosts.EachProvisioningServiceshostissent alogonrequestpacketinsequence.ThefirstProvisioningServices hostthatrespondsisused.Innon-highavailabilityconfigurations, thistime-outsimplydefineshowoftentoretrythesingleavailable ProvisioningServiceshostwiththeinitiallogonrequest.Thistime- outdefineshowquicklytheround-robinroutinewillswitchfrom oneProvisioningServiceshosttothenextintryingtofindanactive ProvisioningServiceshost.Thevalidrangeisfrom1,000to60,000 milliseconds. LogonGeneralTimeoutEnterthetime-out,inmilliseconds,foralllogonassociatedpackets, excepttheinitiallogonpollingtimeout.Thistime-outisgenerally longerthanthepollingtime-out,becausetheProvisioningServices hostneedstimetocontactallassociatedservers,someofwhich mightbedownandwillrequireretriesandtime-outsfromthe ProvisioningServiceshosttotheotherProvisioningServiceshosts todetermineiftheyareindeedonlineornot.Thevalidrangeis from1,000to60,000milliseconds.

Store Configuration Store Accessibility

IfServerAhasbeenconfiguredtoaccessStoreAand Storeaccessibilityreferstotheserverswithinafarmwhicharegrantedaccesstoastore.Only residesinSite1,allthevDisksthatarelocatedinStoreA specifiedserversareabletoaccessvDiskswithinthestore,regardlessofwhetheraUNCpathhas willappearinthevDiskpoolforSite1. beenspecifiedforthestore.Astorecanbemadeaccessibletomultiplesites. 150Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

ThetypeofstoreinuseisselectedlargelyonhowthepathtothevDiskstoragelocationis specified.Forexample,farmorsitestoresmustuseapaththatallserverscanusetoaccessthe storagelocation,whileprivateordistributedstorescanuseapathtoalocalharddrive.IfvDisks arestoredinaWindowsfileshare,youshouldpointthestoretotheUNCpathofthesharein orderforseveralProvisioningServiceshoststohaveaccesstothestore. vDisksareeithercreatedoraddedtoastoreafterthestorehasbeenconfigured.Whenaserverhas beengivenaccesstoastore,thevDisksinthatstoreappearinthevDiskpoolforthesiteinwhich theserverresides.vDisksthatappearinthevDiskpoolareavailableforassignmenttoanytarget devicesinthesitebutcanonlybestreamedbyserversthathavebeengivenaccessintheStore properties.

Store Path

ThefilepathprovidedforthestoragelocationdetermineswhichProvisioningServiceshostswithin thefarmareabletoreachthestore.Forexample,alocalfilepathcoulddirectaProvisioning ServiceshosttolookforvDiskswithinafolderstoredlocallyorcouldindicateaSANmappedtoa localdrive.UNCpathscanbeusedbyallProvisioningServiceshostswithinafarmprovidedthat theycanrecognizethesharedstore,andthestoragelocationhasbeenconfiguredtoallowsharing.

Store Administration

Farmadministratorscandelegatestoreconfigurationtositeadministratorsbyconfiguringan optionalsiteownerforthestore.Astorethatdoesnothaveaspecifiedsiteownercanbe configuredonlybyfarmadministrators. Storeswithspecifiedsiteownerscanbeconfiguredbybothfarmadministratorsaswellasthesite administratorswithinthedesignatedsite.Siteownersareusedprimarilywithsite-basedstoresto allowdelegatedadministrationtositeadministrators. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices151

Provisioning Services Hosts in the Console

InadditiontostreamingvDiskstotargetdevices,ProvisioningServiceshostsalsoretrieveand provideconfigurationinformationtoandfromtheProvisioningServicesdatabase.ProvisioningIftimepermits,showthevideo,Howto:UpdateaPooled Serviceshostconfigurationoptionsareavailabletoensurehighavailabilityandload-balancingofDesktopGroupvDiskwithoutDowntime.Itdemonstrates targetdeviceconnections.howtoupdateaProvisioningServicesvDiskassociated withapooleddesktopgroupwithoutrequiringendusers tologofforpreventendusersfromaccessingtheir desktop.http://www.citrix.com/tv/#videos/1951

Target Device Connections

Iftimepermits,sharetheblog,ProvisioningServicesorTargetdeviceconnectionstotheProvisioningServiceshostareviewedandmanagedinthe MachineCreationServices...BigPictureMatters.This Console.Thefollowingtaskscanbeperformedononeormoretargetdevices. discussesusingMachineCreationServicesorProvisioning •Shutdowntargetdevicesthatarehighlightedinthedialogbox.WhenselectingShutdownorServicesforsingleimagedesktopmanagement. Reboot,adialogboxopensprovidingtheoptiontotypeamessagethatdisplaysontheaffectedhttp://virtualfeller.com/2011/02/15/provisioning-services-or- devices.machine-creation-services%E2%80%A6-big-picture-matters/ 152Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

•Restarttargetdevicesthatarehighlightedinthedialogbox. •OpentheEditMessagedialogboxtotypeandsendamessagetotargetdeviceordevices highlightedinthedialogbox. •Viewalistoftargetdevicesthatarecurrentlyconnectedtothehost.

Server Properties

TheShutdownorRebootoptionscanbedelayedby YoucanmodifyProvisioningServiceshostconfigurationsettingsintheProvisioningServer enteringadelaytimesetting.Ifamessageappears Propertiesdialogbox.ToviewtheexistingpropertiesofaProvisioningServiceshost,chooseoneof confirmingthatthetargetdevicewassuccessfullyturned thefollowingmethods: offorrestarted,buttheiconintheConsolewindowdoes notchangeaccordingly,selecttheRefreshbutton.•HighlightaProvisioningServiceshost,thenselectPropertiesfromtheActionmenu. •Right-clickaProvisioningServiceshost,thenselectProperties. •Ifthedetailspaneisopen,highlightaProvisioningServiceshost,thenselecttheProperties menuitemfromthelistofactions. ProvisioningServicesdisplaysamessageifachangemadeonaProvisioningServer Propertiesdialogboxrequiresthattheserverberestarted.

Test Your Knowledge: Provisioning Services Installation and Configuration

Indicatewhethereachstatementistrueorfalse.

Statement True or False

YoushouldinstalltheMicrosoftSQLdatabaseTrue andProvisioningServicesonseparateservers. Asageneralrule,youcanplantocreateastaticFalse vDiskthatis10%largerthantherequirements fortheoperatingsystemandapplicationstack toallowforfuturegrowth. OnlyoneProvisioningServicesdatabaseisTrue associatedwithafarm. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices153

Target Device Collection

Adevicecollectioncanbeusedtosimplifymanagementbyperformingactionsoncollections, ratherthanonindividualtargetdevices. Atargetdevicebecomesamemberofadevicecollectionwhenitisaddedtothefarm.Atarget devicecanonlybeamemberinonedevicecollection.However,atargetdevicecanexistinany numberofviews.Ifatargetdeviceisremovedfromthedevicecollection,itisautomatically removedfromanyassociatedviews. Whenatargetdeviceisaddedtoadevicecollection,thedevicepropertiesarestoredinthe ProvisioningServicesdatabase.Targetdevicepropertiesincludeinformationsuchasthedevice nameanddescription,startmethod,andvDiskassignments.YoucanusetheConsoletocreatea newdevicecollectionortomoveatargetdevicefromonecollectiontoanother.TheConsole supportsdrag-and-dropfunctionalityforthisaction. IntheConsole,actionscanbeperformedon: •Anindividualtargetdevice •Alltargetdeviceswithinacollection •Alltargetdeviceswithinaview

Target Device Template

Atargetdevicecanbesetasthetemplatefornewtargetdevicesthatareaddedtoadevice collection.Thisallowsyoutoquicklyaddnewdevicestothedevicecollectionbyusingthetemplate toimprintpropertiesonthenewdevice. Tosetatargetdeviceasthetemplatedeviceforacollection,right-clickthetargetdeviceandselect Setdeviceastemplate. Theapplicationoftemplatepropertiesisaone-timeaction.Anewtargetdevicewillnotinherit changesmadetothetemplatetargetdeviceafterapplication.

Target Device Properties

TargetdevicepropertiesaffecttheperformanceofaProvisioningServiceshostenvironment.Target devicesettingscanbeupdatedintheConsolebyright-clickingatargetdeviceandselecting Properties. TargetdevicepropertiescanbecopiedtooneormoretargetdevicesintheConsolebycopyingand pastingthepropertiestotheappropriatetargetdevices. Formoreinformationabouttargetdevices,seeCitrixeDocsatedocs.citrix.com. 154Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

Target Device Additions to the Database

YoucancreatenewtargetdeviceentriesintheProvisioningServicesdatabasebyusingoneofthe followingmethods: •UsingtheConsoletomanuallycreatetargetdeviceentries •UsingtheAuto-AddWizardtocreatetargetdeviceentries •Importingtargetdeviceentries Afterthetargetdeviceexistsinthedatabase,youcanassignavDisktothetargetdevice.

Auto-Add Wizard

TheAuto-AddWizardautomatestheconfigurationofrulesforautomaticallyaddingnewtarget devicestotheProvisioningServicesdatabaseusingtheAuto-Addfeature. TheAuto-AddWizardcanbestartedatthefarm,site,collection,ordevicelevel.Whenstartedata levellowerthanfarm,thewizardusesthatchoiceasthedefaultchoice.Forexample,ifitisstarted onaparticulartargetdevice,itwill: •SelectthesiteforthatdeviceastheDefaultSitechoiceinthecombobox. •SelectthecollectionforthatdeviceastheDefaultCollectionchoiceinthecombobox. •SelectthatdeviceastheTemplateDevicechoiceinthecombobox. Eachpageisdisplayedwithchoicespre-selectedbasedonthelocationthattheAuto-AddWizard wasstartedfrom. AfarmadministratorhastheabilitytoturnAuto-AddonoroffandtoselectthedefaultSite. Asiteadministratorcanonlyselectthedefaultsiteifappropriatepermissionshavebeenassigned.If thesiteadministratorisnottheadministratorofthecurrentlyselecteddefaultsite,thenthat administratorcanonlyconfigurethesitestheyhaveaccessto.

Test Your Knowledge: Target Devices

1.Whatisthemaximumnumberoftargetdevicecollectionsthatatargetdevicecanbelongto? a.1 b.2 c.3 d.4 Answer:A 2.Youneedtoaddseveraltargetdevicestoacollection,butalltargetdeviceswillhavethesame properties.Howcanyousimplifythetargetdevicecreationprocess? a.Designateasetuptargetdeviceasthetemplateforthecollection. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices155

b.Setupascripttoautomaticallycreatetargetdevices. c.Importtargetdevicesfromothertargetdevicecollections. d.UsetheAuto-AddWizardtoaddnewtargetdevicestoaspecificcollection. Answer:A 156Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

Active Directory Integration

EachtargetdevicethatlogsontoadomainrequiresacomputeraccountinActiveDirectory. TargetdevicesthataccessavDiskinprivateimagemodedonotrequireanyadditionalDemonstratehowtoallowProvisioningServicesto configurationstoenableDomainPasswordmanagement.However,DomainPasswordmanagementmanagecomputeraccountpasswordinActiveDirectory. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices157 mustbeconfiguredonstandardimagemodevDiskstojointargetdevicestoadomain.Configuring DomainPasswordmanagementensuresthattargetdevicessharingthesamevDiskimagehave uniquedomainaccounts.

Active Directory Integration Prerequisites

ThefollowingprerequisitesmustbemetpriortointegrationwithActiveDirectory: •ProvisioningServicesmustbeinstalled,configured,andrunning. •ThemastertargetdevicethatwillbeusedtobuildthesharedvDiskimagefordomaintargets mustbeaddedtotheProvisioningServicesdatabase.

Benefits of Active Directory Integration

IntegratingProvisioningServiceshostsandActiveDirectoryallowsyouto: •SelecttheActiveDirectoryorganizationalunitinwhichtheProvisioningServiceshostshould createatargetdevicecomputeraccount. •TakeadvantageofActiveDirectorymanagementfeatures,suchasdelegationofcontroland grouppolicies. •ConfiguretheProvisioningServiceshosttoautomaticallymanagethecomputeraccount passwordsoftargetdevices.

Domain Password Validation Process

1.AnActiveDirectoryaccountforatargetdeviceiscreatedinthedatabase. 2.TheStreamserviceprovidestheaccountnametothetargetdevice. 3.ThedomaincontrollervalidatesthepasswordprovidedbythetargetdevicewiththeActive Directorypassword.

Automatic Password Renegotiation

AutomaticpasswordrenegotiationcanbeconfiguredatthedomainlevelusingtheDomain member:Disablemachineaccountpasswordchangespolicy. WhiletargetdevicesstartingfromvDisksnolongerrequireActiveDirectorypassword renegotiation,configuringapolicytodisablepasswordchangesatthedomainlevelappliestoany domainmembersstartingfromlocalharddrives.Thismightnotbedesirable.Abetteroptionisto disablemachineaccountpasswordchangesatthelocallevel.Thiscanbedonebyselectingthe OptimizeoptionwhenbuildingavDiskimage.Thesettingwillthenbeappliedtoanytarget devicesthatstartfromthesharedvDiskimage. 158Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

To Integrate Active Directory

1.VerifythatthevDiskfileisinprivateimagemodeandassignthevDisktothetargetdevice. PerformademoshowingstudentshowtointegrateActive2.SetthetargetdevicetostartfromthevDisk. Directory. 3.EnableActiveDirectorymachineaccountpasswordmanagementinvDiskproperties. ©Copyright2012CitrixSystems,Inc.Module6:InstallingandConfiguringProvisioningServices159 a.OpentheProvisioningServicesConsole. b.Right-clickavDiskandselectFileProperties. c.ClicktheOptionstab. d.SelectActiveDirectorymachineaccountpasswordmanagement. e.ClickOKtoclosethevDiskfileproperties. f.RestarttheStreamingService. ThisstephastobecompletedforeachnewvDiskthatwillstreamtodomainmembers. Thisoptionisdisabledbydefault. 4.EnableAutomaticpasswordsupportinserverproperties. 5.Createtheclean,goldenimageonthemastertargetdeviceharddrive. 6.Updatethegoldenimagewithanynecessaryupdatesordriversandpreparethesystemusing sysprep. 7.Addthemastertargetdevicetothedomain. 8.Installthetargetdevicesoftware. 9.RestartthetargetdeviceandconfiguretheBIOStoPXEboot. 10.RuntheImageOptimizationWizardandverifythatDisableMachineAccountPassword Changesisselected. 11.BuildtheimagetothevDiskfile,thenshutdownthetargetdevice. 12.ChangethevDiskfiletostandardimagemode. 13.ConfigureanewtargetdeviceandassignthevDisk. 14.CreateamachineaccountforthenewtargetdeviceusingtheConsoleortheRun AddDeviceToDomaincommand. 15.TurnonthenewtargetdevicefromthevDiskandlogontothedomain.

To Reset Computer Accounts for Target Devices

1.Right-clickoneormoretargetdevicesintheConsolewindow,thenselectActiveDirectory Management.Usethisprocedureifyoudidnotdisablepassword management.2.SelectResetmachineaccount. TheActiveDirectoryManagementdialogboxappears.

3.Inthetargetdevicetable,highlightthosetargetdevicesthatshouldbereset,thenclickReset devices. 4.ClickClosetoexitthedialogbox. 5.DisableWindowsActiveDirectoryautomaticpasswordre-negotiation.Todothis,onyour domaincontroller,enablethefollowinggrouppolicy:DomainMember:Disablemachine accountpasswordchanges. Tomakethissecuritypolicychange,youmustbeloggedonwithsufficientpermissionsto addandchangecomputeraccountsinActiveDirectory.Youhavetheoptionofdisabling machineaccountpasswordchangesatthedomainlevelorlocallevel.Ifyoudisable machineaccountpasswordchangesatthedomainlevel,thechangeappliestoallmembers ofthedomain.Ifyouchangeitatthelocallevel(bychangingthelocalsecuritypolicyon atargetdeviceconnectedtothevDiskinPrivateimagemode),thechangeappliesonlyto thetargetdevicesusingthatvDisk. 6.Starteachtargetdevice.

Test Your Knowledge: Active Directory

1.WhichtwoprerequisitesmustyoumeetpriortointegratingProvisioningServiceswithActive Directory?(Choosetwo.) a.ProvisioningServicesmustbeconfigured. b.ThemastertargetdevicemustbeaddedtotheProvisioningServicesdatabase. c.ActiveDirectorymachineaccountpasswordmanagementmustbeenabled. d.Thedomainpasswordmustbesetonthedomaincontroller. Answers:AandB 2.WhymustaProvisioningServiceshostmanagethedomainpasswordsfortargetdevicesthat shareavDisk? a.Toensurethatmachineaccountpasswordchangesaredisabled. b.InordertorenegotiatetheActiveDirectorypasswordwhenthetargetdevicelogson. c.Inordertobeabletoresetthetargetdevicepasswordincaseatargetdeviceisunable tologon. d.Toensurethatthenameandpasswordassignedtothetargetdevicematchesthe computeraccountwithinthedomain. Answer:D 160Module6:InstallingandConfiguringProvisioningServices©Copyright2012CitrixSystems,Inc.

Module 7 Managing vDisks and Target Devices

Overview

PropervDisksetupisessentialwhenasinglevDiskissharedacrossmultipleserversinorderto avoidperformanceissues.ItisimportanttoknownotonlyhowtoconfigureavDisk,butalsohowTimings: differentconfigurationsettingsaffecttheuseandperformanceofavDisk. Module:180minutes Exercises:95minutes

Objectives

TotalTime:275minutes ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices163 Aftercompletingthismodule,youwillbeableto: •DeterminethebestvDiskimagemodeforagivenscenario. •Determinethebestwritecachelocationforagivenscenario. •PrepareforthecreationofvDiskimagesbyconfiguringamastertargetdevice. •DeployavDiskimagebyassigningthevDiskimagetoatargetdevice. •UpdateandcreateanewversionofavDiskbyusingtheAuto-updatefeature. •ConfigureandtesthighavailabilityforProvisioningServicestoensureserveravailability. •TroubleshoottheavailabilityofthevDisksbyidentifyingcommonissuesthatcanoccurwith theserver-sidestreamingserviceandbuildprocess. •TroubleshoottheavailabilityofaProvisioningServicestargetdevicebyidentifyingcommon pre-logonandlogonissues.

vDisk Image Modes

AvDiskisafilethatcontainsasnapshotoftheharddriveofadevice,includingtheoperating system.Priortoclass,ifyouareunfamiliarwithRAMandstorage requirementsforProvisionsServiceshostsandtargetAProvisioningServicesvDiskcanbeconfiguredasoneofthefollowingmodes: devices,pleasereviewthewhitepaper,AdvancedMemory •StandardimagemodeandStorageConsiderationsforProvisioningServices. http://support.citrix.com/article/CTX125126•Privateimagemode 164Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

Standard Image Mode

StandardimagemodevDisksarereadonly,whichallowsmultipletargetdevicestouseasingle vDiskatthesametime.Anychangesmadebythetargetdevicearestoredinawrite-cachefilefor thedurationofthesession.Standardimagemodeisthemostcost-effectivemode,anditusesthe leastamountofdiskspace.

Private Image Mode

Privateimagemodecloselymodelshowacomputerusesaregularharddrivebyallowingonlyone targetdevicetoaccessaprivateimagevDiskatatime.ProvisioningServicesperformsreadorwrite requestsdirectlytothevDisk. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices165

Write Caches

Awrite-cachefilestoresanywritesthatanoperatingsystemmakeswhileatargetdevicestreamsa vDisk.Thesizeofawritecachevariesdependinguponthetypeoftasksandoperationsthatare performed.Forexample,enduserswhoperformrepetitivetasksmightonlyrequireasmallcache size,whileknowledgeworkersmightrequiremuchlargercachesizes.Youshouldconsiderboththe sizerequirementofthewritecacheandthelocationwhereitwillresidewhendesigningyour ProvisioningServicesimplementation. AwritecachecanbeplacedonsharedstorageandconfiguredtouseaUNCpathbychoosingthe serverdiskoption.

Write-Cache Types

ProvisioningServicessupportsthefollowingwrite-cachetypes: Formoreinformationaboutwrite-cachetypes,readthe•CacheonaProvisioningServiceshost Citrixblog:http://blogs.citrix.com/2011/10/06/pvs-write- •CachepersistentonProvisioningServiceshost cache-sizing-considerations/ 166Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

•Cacheontargetdeviceharddrive •CacheintargetdeviceRAM

Write Cache Benefits and Considerations

Thebenefitsandconsiderationsforeachcachelocationarelistedinthefollowingtable.

Write Cache Location Benefits Considerations

ServerdiskLowestperformance:network •CacheonProvisioning utilizationishighduetotheServiceshostdiskallows amountofdatarequeststothe fordisklesstargetdevices. ProvisioningServiceshost. •Cachesizecanbelarge. DeviceharddriveGoodperformance:networkCachesizelimit:ifthecache utilizationisreducedthelongerexceedsthelimit,thedevice thetargetdeviceisrunningwillfail. becausemoredataisstoredin thecacheandfewerrequests aresenttotheProvisioning Serviceshost.

Write Cache Location Benefits Considerations

DeviceRAMBestperformance:accessingSmallcachesize:RAMcannot datafromthetargetdeviceholdsignificantamountsof RAMisfasterthanaccessingdata.Ifcacheexceedsthelimit, datafromthetargetdeviceerrorscanoccur. disk.

Cache on Server Disk

Ifthewritecacheislocatedontheserver,allchangesmadetothevDiskimageduringasessionare storedasatemporaryfileontheProvisioningServiceshost.TheProvisioningServiceshosthandles allwritesinthisconfiguration,whichcanincreasediskI/Oandnetworktraffic. TheProvisioningServiceshostcanbeconfiguredtoencryptwrite-cachefilesforadditionalsecurity. Thedatawillbeencryptedintheeventaharddriveisstolenbecauseofthepresenceofthewrite- cachefileontheharddrive. Whenthecacheonserverdiskoptionisselected,youcanchoosetostorethewritecacheinoneof thefollowinglocations: •LocalstorageontheProvisioningServiceshost •SharedstorageattachedtotheProvisioningServiceshost ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices167

Cache on Server Disk: Local Storage

Toconfigurecacheonserverdiskforlocalstorage,youshouldplacethewritecacheonthe physicaldisksoftheProvisioningServiceshost.

Benefits Considerations

•Performancecouldbeimpacteddueto•Simplestoptiontosetup requeststo/fromthewritecachetraversing •Noadditionalresourcesorconfiguration thenetworkbetweenthetargetdeviceandwithintheenvironmentrequired ProvisioningServiceshost. •Inexpensivediskspace •ProvisioningServiceshostscalabilityis reducedbecausetheStreamServicemust alsoservicethewrite-cacherequests. •ProvisioningServiceshighavailabilityis unavailablebecausethewrite-cachestorage isnotaccessiblebyotherProvisioning Serviceshosts.Thiscanbemitigatedby implementingathird-partyclusterfile system. •ProvisioningServiceshostwillfailifthe localstoragespaceisexceeded.

Cache on Server Disk: Shared Storage

Toconfigurethecacheonserverdiskforsharedstorage,youshouldplacethewritecacheon sharedstoragethatisconnectedtotheProvisioningServiceshost.

Benefits Considerations

•Networkcongestioncouldimpact•ProvisioningServiceshighavailabilityis performancebecauserequeststraversethepossiblebecauseallProvisioningServices networktwice.hostsattachedtosharedstoragecanaccess thewritecache.•ProvisioningServiceshostscalabilityis reducedbecausetheStreamServicemust•Sharedstoragedevicestypicallyholdalarge alsoservicethewrite-cacherequests.amountofdata,whichmitigatesstorage sizeconcerns.•Setupandconfigurationofarobustshared storagesolutionisrequired,ifoneisnot alreadyinplace. 168Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

Cache on Target Device Hard Drive

Ifthewritecacheislocatedontheharddiskofatargetdevice,allchangesmadetothevDisk imageduringasessionarestoredasatemporaryfileontheharddriveofthetargetdevice.The targetdeviceharddiskdoesnotrequireadditionalsoftwaretosupportthiswrite-cache configuration.StoringthediskcacheonthetargetdeviceallowsProvisioningServiceshoststouse processingresourcesforothercriticaltasks. Whenthecacheondeviceharddriveoptionisselected,youcanchoosetostorethewritecachein oneofthefollowinglocations: •Localstorageonthetargetdevice •Sharedstorageattachedtothetargetdevice

Cache on Target Device Hard Drive: Local Storage

Toconfigureacacheondeviceharddriveforlocalstorage,placeawritecacheonthephysical disksofthetargetdevice.Thelocalstoragecanbeeitheraphysicalorvirtualdiskdrive.Thistype ofwritecacheisusedmainlywithphysicaltargetdevices. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices169

Benefits Considerations

•Livemigrationisnotpossibleifthewrite•Additionalresourcesarenotrequiredif cacheisstoredonavirtualinfrastructurelocaldisksareinstalledandunusedon serverlocalharddriveonvirtualtargetphysicaltargetdevices. devices.Inthisconfigurationthestorageis •Responsetimesarefastbecausethe notsharedamongvirtualinfrastructureread/writetoandfromthewritecacheis servers. performedlocally. •Localstorageconfigurationisslowerthan •Localstoragetypicallyprovidesmorethan targetdeviceRAMcache.enoughspaceforthewritecache, minimizingriskofunderestimatingdisk•Determiningthesizeofthewritecacheis requirements.criticaltopreventserverfailure. •NetworkI/Oisreduced,whichincreases scalabilityontheProvisioningServiceshost.

Cache on Target Device Hard Drive: Shared Storage

Toconfigurecacheondeviceharddriveforsharedstorage,placethewritecacheonsharedstorage thatisconnectedtothetargetdevice.Thistypeofwritecacheisusuallyonlyvalidinenvironments thatusevirtualtargetdevices,suchasthosewithCitrixXenServer.Thestorageisassignedtoeach virtualmachinefromasharedstoragerepository.

Benefits Considerations

•Thismethodisslowerthantargetdevice•Responsetimesarefaster. RAMorlocaldiskcache. •Storagecostsaresignificantlycheaperthan •SetupandconfigurationofasharedstoragepurchasingRAM. solutionisrequiredifoneisnotalreadyin•Livemigrationispossiblebecausethetarget place. devicecachestorageisaccessiblefrom multiplevirtualmachines. 170Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

Target Device-based RAM Cache

IfthewritecacheislocatedinthetargetdeviceRAM,allchangesmadetothevDiskimageduring asessionarestoredasatemporaryfileinthetargetdeviceRAM.AportionofRAMisreservedfor ProvisioningServicesuseandanyremainingRAMisavailablefortheoperatingsystem.

Target Device RAM

NofurtherconfigurationisnecessaryoncethecacheondeviceRAMwrite-cacheoptionisselected.

Benefits Considerations

Thistypeofwritecacheisfastest.•RAMisdivertedfromworkloaduse. •Thecostisgreaterthanthecostofusing storage. •DeterminingtheamountofRAMrequired forthewritecacheisdifficultyetcriticalto thestabilityoftheenvironment. •Targetdevicefailswhentheallocatedwrite- cachespacereachescapacity. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices171

Cache Persistent on Server

Thecachepersistentonserveroptionprovidestheabilitytosavechangesbetweenrestarts.After restarting,atargetdeviceisabletoretrievechangesmadefromprevioussessionsthatdifferfromExplainthatthiswasformerlyknownasDifferencing theread-onlyvDiskimage.IfavDiskissettocachepersistentonserver,eachtargetdevicethatDisk. 172Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

accessesthevDiskautomaticallyhasadevice-specific,writablediskfilecreated.Anychangesmade tothevDiskimagearewrittentothatfile,whichisnotautomaticallydeleteduponshutdown. ThefilenameuniquelyidentifiesthetargetdevicebyincludingtheMACaddressanddisk identifierofthetargetdevice.AtargetdevicecanbeassignedtomultiplevDisksandtherefore multiplecachefilescanbeassociatedtoit. TorestoreavDiskthatusescachepersistentonserver,besuretobackupallvDiskfilesand associatedendusercachefilespriortomakinganyvDiskmodifications.

Benefits Considerations

Thecachefileissavedprovidedthatthefile•Savestargetdevice-specificchangesthatare remainsvalid.AnychangesmadetothevDisk madetothevDiskimage forcethecachefiletobeautomaticallydeleted. •ProvidesthesamebenefitsasstandardForexample,ifthevDiskissettoprivateimage imagemode mode,allassociatedcachefilesaredeleted. Invalidatingchangesinclude: •vDiskisplacedinmaintenance. •vDiskmodeischangedtoprivateimage mode. •ThedriveismappedfromtheConsole. •Thelocationofthewrite-cachefileis changed. •Automaticupdatesareused.

Test Your Knowledge: vDisk Image Modes and Write Cache

Matchthefollowingtermswiththecorrectdescriptions. •Privateimagemode •Standardimagemode •Cacheonserverdisk •Cacheondeviceharddrive •Targetdevice-basedRAMcache

Description Term

AllowsformultipletargetdevicestouseasingleStandardimagemode vDisk. TheProvisioningServiceshosthandlesallwritesCacheonserverdisk inthisconfiguration. EndusersareabletopersonalizetheirdesktopsPrivateimagemode andallapplications. ThisconfigurationprovidesthefastestaccesstoTargetdevice-basedRAMcache thewritecache. AllchangesmadetoavDiskimageduringaCacheondeviceharddrive sessionarestoredasatemporaryfileonthe targetdeviceharddrive. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices173

Microsoft Licensing for Provisioning Services

ProvisioningServicessupportsMicrosoftKeyManagementService(KMS)orMultipleActivation Key(MAK)volumelicensing.

Configuring Microsoft KMS Volume Licensing

Microsoftprovidestwomechanismsforadministeringvolumelicenses. KMSvolumelicensingusesacentralizedactivationserverthatrunsinthedatacenterandservesas alocalactivationpoint.ThetasksinvolvedinconfiguringavDiskimagetouseKMSvolume licensingandmanagingthatvDiskinaProvisioningServicesfarminclude: •EnablingKMSlicensingonthevDiskbeingcreated.ThisisdonebyselectingtheKMSmenu optionontheMicrosoftVolumeLicensingtabwhenrunningtheImagingWizard. •PreparingthenewbasevDiskimageforKMSvolumelicensing.Thisisdonebyusingthe rearmcommandtoresetthevDisktoanon-activatedstate.Thisoperationmustbeperformed onavDiskinprivateimagemode. •MaintainingorupgradingavDiskimagethatusesKMSvolumelicensing.Thisshouldbedone fromtheMasterTargetDeviceandtheoriginalProvisioningServiceshost. FormoreinformationaboutconfiguringMicrosoftKMSvolumelicensing,seeCitrixeDocsat edocs.citrix.com. ItmighttakeafewminutesfortheKMSlicensingtobeactivated.Untilthen,theenduser mightseeanerrorthatthelicenseisnotauthentic.

Microsoft MAK Volume Licensing Support

AnothermechanismforadministeringMicrosoftvolumelicensesiscalledMultipleActivationKeys (MAKs).AMAKcorrespondstoacertainnumberofpurchasedoperatingsystem(OS)licenses. TheMAKisenteredduringtheinstallationoftheOSoneachsystem,whichactivatestheOSand decrementsthecountofpurchasedlicensescentrallywithMicrosoft.Alternatively,aprocessof 'proxyactivation'isdoneusingtheVolumeActivationManagementToolkit(VAMT).Thisallows activationofsystemsthatdonothavenetworkaccesstotheinternet.ProvisioningServicesusesthis proxyactivationmechanismforstandardimagemodevDisksthathaveMAKlicensingmode selectedwhenthevDiskiscreated. InorderforMAKlicensingtowork,theVAMTmustbeinstalledonallProvisioning Serviceshostswithinafarm. FormoreinformationaboutconfiguringMicrosoftMAKvolumelicensing,seeCitrixeDocsat edocs.citrix.com. 174Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

Master Target Device

AtargetdevicewithanoperatingsystemwhichisimagedtocreateavDiskiscalledamastertarget device.AsabenefitofusingProvisioningServices,youcanmanageasinglevDiskratherthanan individualworkstation;however,forthisreason,theinitialimagemustbepreparedproperly.A pristinevDiskimagecreatedfromamastertargetdevicecanalsobecalledagoldenimage. Amastertargetdevicecanbeeitheravirtualorphysicalmachine.

Preparing a Master Target Device

ProvisioningServicesstreamsthecontentsofavDiskcreatedfromthemastertargetdevicetoother targetdevices. Fourstepsareneededtoprepareamastertargetdevice: •Preparingtheharddiskofthemastertargetdevice •ConfiguringtheBIOSofthemastertargetdevice •ConfiguringtheNetworkAdapterBIOS •Installingthemastertargetdevicesoftware

Preparing the Hard Disk of the Master Target Device

Themastertargetdeviceistypicallydifferentfromsubsequenttargetdevicesbecauseitinitially containsaharddisk.ThisistheharddiskthatwillbeimagedtothevDisk.Ifnecessary,after imaging,theharddiskcanberemovedfromthemastertargetdevice. TosupportasinglevDiskthatissharedbymultipletargetdevices,thosedevicesmusthavecertain similaritiestoensurethattheoperatingsystemhasallrequireddrivers.Thethreekeycomponents thatmustbeconsistentincludethe: •Motherboard •Networkcard,whichmustsupportPXE •Videocard However,theProvisioningServicesCommonImageUtilityallowsasinglevDisktosimultaneously supportdifferentmotherboards,networkcards,videocards,andotherhardwaredevices. IftargetdeviceswillbesharingavDisk,themastertargetdeviceservesasatemplateforall subsequentdisklesstargetdevicesastheyareaddedtothenetwork.Itiscrucialthattheharddisk ofthemastertargetdevicebepreparedproperlyandallsoftwareisinstalledonitinthefollowing order: 1.Windowsoperatingsystem 2.Devicedrivers 3.Servicepackupdates ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices175

4.Targetdevicesoftware Iftargetdeviceswillbemembersofadomain,andwillshareavDisk,additionalconfigurationsteps mustbecompleted. Formoreinformationaboutmanagingdomainaccounts,seeCitrixeDocsatedocs.citrix.com.

Configuring the BIOS of a Master Target Device

ThefollowingstepsdescribehowtoconfiguretheBIOSandBIOSextensionprovidedbythe networkadapterofatargetdevicessystemtostartfromthenetwork.Differentsystemshave differentBIOSsetupinterfaces.Ifnecessary,consultthedocumentationthatcamewithyoursystem forfurtherinformationonconfiguringtheseoptions.

To Configure the BIOS of a Master Target Device

1.IfthetargetdeviceBIOShasnotyetbeenconfigured,restartthetargetdeviceandenterthe system'sBIOSsetup. 2.SetthenetworkadaptertoOnwithPXE. Dependingonthesystemvendor,thissettingmightappeardifferently. 3.ConfigurethetargetdevicetostartfromLANorNetworkfirst.Optionally,selectthe UniversalNetworkDriverInterface;selectUNDIfirstifusingaNICwithManagedBoot Agent(MBA)support. 4.Savechanges,thenexittheBIOSsetupprogram. 5.StartthetargetdevicefromitsharddriveoverthenetworktoattachthevDisk.

Installing Master Target Device Software

ProvisioningServicestargetdevicesoftwaremustbeinstalledonamastertargetdevicepriorto buildingavDiskimageusingtheinstallationwizard. ProvisioningServicestargetdevicesoftwarecomponentsinclude: ProvisioningServicesTheProvisioningServicesVirtualDiskisthevirtualmediausedto VirtualDiskthediskcomponentsoftheoperatingsystemandapplications. 176Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

ProvisioningServicesTheProvisioningServicesNetworkStackisaproprietaryfilter NetworkStackdriverthatisloadedovertheNICdriver,allowingcommunications betweenthetargetdevicesandtheProvisioningServiceshost. ProvisioningServicesSCSITheProvisioningServicesSCSIMiniportVirtualAdapterallowsthe MiniportVirtualAdaptervDisktobemountedtotheoperatingsystemonthetargetdevice. ProvisioningServicesTheProvisioningServicesImagingWizardisusedtocreatethe ImagingWizardvDiskfileandimagethemastertargetdevice. VirtualDiskStatusTrayTheVirtualDiskStatusTrayUtilityprovidesgeneralvDiskstatus Utilityandstatisticalinformation.Thisutilityincludesahelpsystem. TargetDeviceOptimizerTheTargetDeviceOptimizerUtilityisusedtochangetargetdevice Utilitysettingstoimproveperformance. Beforeinstallingtheproductsoftwareonamastertargetdevice,turnoffanyBIOS-based virusprotectionfeatures.ToincludeantivirussoftwareonthevDiskimage,besureto turntheantivirussoftwarebackonpriortorunningtheImagingWizard.

Imaging a Windows Target Device with XenConvert

Asaphysical-to-virtualconversiontool,XenConvertcanconvertaserverordesktopworkload fromanonlinephysicalmachinerunningWindowstoaXenServervirtualmachineorProvisioning ServicesvDisk. 1.StartXenConvert. 2.SelectthelocationthatwillbeusedtocreatethevDiskimage. 3.SelectthedestinationwherethevDiskimagewillbestored. 4.SelectthevolumesthatshouldbeincludedinthevDiskimage. 5.ConfiguretheamountoffreespacetoincludeonthevDiskimage. 6.Configurealogofthefilescopiedduringtheimagebuild. 7.OptimizethevDiskforProvisioningServicesifthevDiskwillbeusedinstandardimagemode. 8.BuildthevDiskimage. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices177

Test Your Knowledge: Master Target Device

1.Whichfourstepsmustyoucompletetocreateamastertargetdevice?(Choosefour.) a.ConfiguringtheNetworkAdapterBIOS. b.Installthemastertargetdevicesoftware. c.ConfiguretheBIOSofthemastertargetdevice. d.Preparetheharddiskofthemastertargetdevice. e.Attachthegoldenimagetothemastertargetdevice. f.Installallapplicationsbeforeinstallingthemastertargetdevicesoftware. Answer:A,B,C,D 2.Inwhichordermustyouinstallsoftwareonthemastertargetdeviceharddisktoensureit functionscorrectly? a.Windowsoperatingsystem,servicepackupdates,devicedrivers,andtargetdevice software. b.Windowsoperatingsystem,targetdevicesoftware,servicepackupdates,anddevice drivers. c.Windowsoperatingsystem,servicepackupdates,targetdevicesoftware,anddevice drivers. d.Windowsoperatingsystem,devicedrivers,servicepackupdates,andtargetdevice software. Answer:D 3.WhichProvisioningServicestargetdevicesoftwarecomponentprovidesgeneralvDiskstatus andstatisticalinformation? a.ProvisioningServicesVirtualDisk b.ProvisioningServicesWizard c.VirtualDiskStatusTrayUtility d.TargetDeviceOptimizerUtility Answer:C 178Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

vDisk File Creation

AvDiskfileisthefileinwhichanoperatingsystemimagetakenfromamastertargetdeviceis stored.AllvDiskfilescreatedwithProvisioningServicesuseMicrosoft'sVirtualHardDisk(VHD) format.WhenavDiskiscreated,twofilesarecreatedwithinthedesignatedstoragelocation:a .vhdfilethatcontainsthevDiskimageanda.pvpfilethatcontainspropertyconfigurationsfor thevDisk.ThesefilesareautomaticallynamedwiththesamefilenameasthevDisk.

Properties File

The.pvpand.vhdfilesmustalwaysbestoredinthesamedirectory.IfavDiskismovedtoa differentlocation,thecorresponding.pvpfilemustalsobemovedtothesamefolderasthatof thevDisk.IfyouwanttoduplicateanexistingvDisk,youmustalsocreateacopyoftheexisting .pvpfile. Ifthe.pvpfileisdeleted,missing,orbecomescorrupt,ProvisioningServiceswillautomatically generateanewfile.However,thenewfilewillcontaindefaultvDisksettingsandallpreviously configuredsettingswillbelost.The.pvpfileshouldbebackedupaspartofthenormal ProvisioningServicesbackupprocess.

vDisk Lifecycle Operations

vDisksaremanagedthroughoutthevDisklifecycle.ProvisioningServicesprovidessupportfora fullimagelifecyclethattakesavDiskfrominitialcreation,throughdeploymentandsubsequent updates,andfinallytoretirement.ThelifecycleofavDiskconsistsoffourstages: 1.Creating 2.Deploying 3.Updating 4.Retiring

Creating a vDisk

CreationofavDiskrequirespreparingthemastertargetdeviceforimaging,creating,and configuringavDiskfilewherethevDiskwillreside,andthenimagingthemastertargetdeviceto thatfile,resultinginanewbasevDiskimage.Thisprocesscanbeperformedautomatically,using theImagingWizard,ormanually.ProvisioningServicesalsoprovidestheoptiontocreatea commonimageforusewithasingletargetplatformorforusewithmultipletargetplatforms.

Deploying a vDisk

AfteravDiskbaseimageiscreated,itisdeployedbyassigningittooneormoredevices.Adevice canhavemultiplevDiskassignments.Whenthedevicestarts,itstartsfromanassignedvDisk. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices179

Therearetwomodeoptions;Privateimagemode(singledeviceaccess,read/write)andStandard imagemode(multipledeviceaccess,writecacheoptions).

Updating a vDisk

ItisoftennecessarytoupdateanexistingvDisksothattheimagecontainsthemostcurrent softwareandupdates.Updatescanbemademanually,ortheupdateprocesscanbeautomated usingvDiskUpdateManagementfeatures.EachtimeavDiskisupdatedanewversioniscreated. Differentdevicescanaccessdifferentversionsbasedonthetypeoftargetdeviceandversion classification.

Retiring a vDisk

RetiringavDiskisthesameasdeleting.TheentireVHDchainincludingdifferencingandbase imagefiles,propertiesfiles,andlockfilesaredeleted.

VHD Formats

WhencreatingavDiskyoumustselectaVHDformat—fixedordynamic. FixedUsingafixedVHDformatallocatesaspecifiedamountofspacetoa vDiskfilethatcannotbechangedonceithasbeenconfigured.This allottedspacemustbelargeenoughtoholdtheoperatingsystem, anyrequiredapplications,andanyapplicationsthatmightbe installedatalatertime.IfyouformatthevDisktouseNTFS,the sizelimitisapproximately2TB.Thelimitis4095MBifyouformat thevDisktouseaFAT32filesystem. WhileyoucannotchangethesizeofafixedvDiskfile usingtheConsole,severalthird-partytoolsareavailable forexpandingfixedVHDvDisks.Ifathird-partytoolis notused,avDiskcanbeexpandedusingthereverse imagingprocess.Formoreinformationaboutexpanding fixedVHDvDisks,seeCitrixarticleCTX124792on support.citrix.com. 180Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

DynamicUsingadynamicVHDformatallowsavDiskfiletoexpandas changestothevDiskaremade.Thefilesizeassociatedwitha dynamicvDiskisthemaximumsizethatthefilewillbeallowedto reach.DynamicvDisksmakeplanningforvDisksizeseasier, particularlyforprivateimagemodevDisks,whichcangrowattheir ownpaceasendusersinstallapplicationsandadddata. ThedynamicVHDformataddsoverheadtothedisk-write process.Asaresult,thewriteprocesstakeslonger.

Create vDisks Automatically Using Imaging Wizard

WhenusingtheImagingWizardtoautomaticallycreatethebasevDiskimagefromamastertarget device,youmust: •EnableWindowsAutomountonWindowsServeroperatingsystems. •DisableWindowsAutoplay. •VerifythatadequatefreespaceexistsinthevDiskstore,whichisapproximately101%ofused spaceonthesourcevolumes. •MakenoteofwhichNICthemastertargetdevicewasboundtowhentheProvisioningServices softwarewasinstalledonthetargetdevice.Thisinformationisnecessaryduringtheimaging process.

To Create a New vDisk Automatically Using the Imaging Wizard

1.SelectCitrix>ProvisioningServices>ImagingWizardfromtheWindowsStartmenuofthe mastertargetdevice. Thewizard'sWelcomepageappears. 2.ClickNext. TheConnecttoFarmpageappears. 3.TypethenameorIPaddressofaProvisioningServiceshostwithinthefarmtoconnecttoand theporttousetomakethatconnection. 4.UsetheWindowscredentials,orenterdifferentcredentials,thenclickNext.IfusingActive Directory,entertheappropriatepasswordinformation. 5.SelectthevolumelicenseoptiontousefortargetdevicesorselectNoneifvolumelicensingis notbeingused. 6.SelecttocreateanewvDisk,oruseanexistingvDiskbyenteringthatvDisksname,thenclick Next. TheAddTargetDevicepageappears. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices181

7.Selectthetargetdevicename,thecollectiontoaddthisdeviceto,andtheMACaddress associatedwithoneoftheNICsthatwasselectedwhenthetargetdevicesoftwarewasinstalled onthemastertargetdevice.ClickNext. Ifthetargetdeviceisalreadyamemberofthefarm,theExistingTargetDevicespageappears. 8.ClickNext. TheSummaryofFarmChangesappears. 9.Verifyallchanges,thenclickNext. Aconfirmationmessagedisplays. 10.ClickYesontheconfirmationmessagetostarttheimagingprocess.

Creating a vDisk Manually

1.CreateavDiskfileandprovidethefollowinginformation: a.SitethatwillcontainthevDisk b.StorewherethevDiskwillreside c.Filename d.Description e.Size f.VHDformat 2.MountthevDisk(ifformattingfromtheProvisioningServiceshost). 3.AssignthevDisktothemastertargetdevice. 4.FormatthevDiskandprovidethefollowinginformation: a.Filesystemtype b.Volumelabel c.Formatoptions 5.BuildthevDiskimage. 6.UnmountthevDisk(ifformattingfromtheProvisioningServiceshost). 182Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

vDisk Management

AvDiskactsasaharddiskforatargetdevice.Youshouldconsiderthefollowinginformation whencreatingavDiskimagefile: •Forlargeimplementationswithmanytargetdevices,spreadingtheI/Oacrossmultipledisks canincreaseefficiency. •ThenumberofvDiskimagefilesthatcanbecreatedisunlimited.Theonlyconstraintisthe spaceavailableontheProvisioningServiceshost,oronthestoragedevicecontainingthevDisk imagefiles. •vDiskfilesuseFATorNTFSfilesystems.EXT2andEXT3canbeusedforLinux. •DependinguponthefilesystemusedtostorethevDisk,themaximumsizeofavDiskis2TB (NTFS)or4096MB(FAT). •AvDiskcanbeshared(StandardImage)byoneormoretargetdevices,oritcanexistforonly onetargetdevicetoaccess(PrivateImage). •vDiskscanbestarteddirectlyfromaWindowsVirtualServerorHyper-Vwithoutneedingto streamtoatargetdevice. •ThevDiskimageiscreatedusingtheImagingWizardUtility,andthevDiskfileiscreatedand configuredusingtheConsole.

vDisks in the Console

IntheConsole,anewvDiskcanbecreatedbyright-clickingthevDiskPoolortheStoreandthen selectingtheCreatenewvDiskmenuoption.vDisksaredisplayedinthedetailspanewhenasite vDiskpoolisselectedorwhenastoreinthefarmisselected. TheadministratorroledetermineswhichdisplaysandwhichtasksyoucanperformintheConsole. Forexample,youcanviewandmanagevDisksinsitesinwhichyouareasiteadministrator. However,unlessthefarmadministratorsetsasiteastheownerofastore,thesiteadministrator cannotperformstoremanagementtasks.

Assigning vDisks to Target Devices

AvDiskcanbeassignedtoasingletargetdeviceortoalldeviceswithinatargetdevicecollection. IfmorethanonevDiskisassignedtoatargetdevice,alistofvDisksdisplayswhenthetarget devicestarts,allowingtheendusertoselecttheappropriatevDisktostart. IfoneormoreversionsexistforavDisk,theversiontargetdevicesuseinproductionis eitherthehighestnumberedproductionversionoranoverrideversion. vDiskscanbeassignedtoasingletargetdeviceusing: •Drag-and-drop ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices183

•TargetDevicePropertiesdialogbox

To Assign a vDisk to a Single Target Device

1.ExpandtheDeviceCollectionsfolderintheConsoletree,thenclickthecollectionfolderwhere thetargetdeviceisamember. Thetargetdevicedisplaysinthedetailspane. 2.Right-clickthetargetdevice,thenselectProperties. TheTargetDevicePropertiesdialogboxappears. 3.SelectthestartupmethodthatthistargetdeviceshouldusefromtheBootfromdrop-down menuoptionsontheGeneraltab. 4.SelecttheAddbuttonwithinthevDiskforthisDevicesectionofthevDiskstab. TheAssignvDisksdialogboxappears. 5.SelectaspecificstoreorserverundertheFilteroptionstolocatevDiskstoassigntothetarget device,oracceptthedefaultsettings,whichincludeAllStoresandAllServers. 6.HighlightthevDisktoassignintheSelectthedesiredvDiskslist,thenclickOK,thenOK againtoclosetheTargetDevicePropertiesdialogbox.

vDisk Versions

VersioningsimplifiesvDiskupdateandmanagementtasks,providingamoreflexibleandrobust approachtomanagingvDisks. AvDiskconsistsofaVirtualHardDisk(VHD)baseimagefile,anyassociatedside-carfiles,andif applicable,achainofreferencedVHDdifferencingdisks.Differencingdisksarecreatedtocapture thechangesmadetothebasediskimage,leavingtheoriginalbasediskunchanged. vDiskVersioning AnewversionofavDiskiscreatedeachtimeavDiskisplacedinMaintenanceandchangesare madetothebasedisk.Thebasediskisrepresentedbyversion0.Eachsubsequentdiskwillhave anincrementingversionnumber.Forexample,abasediskmightbenamedXYZ.VHD.A subsequentupdatewouldleadtoanewversionofthevDisknamedXYZ.1.AVHD.

vDisk Backup

TheProvisioningServiceshosttreatsavDiskimagefilelikearegularfile,butthetargetdevice treatsitasaharddrive.TheprocedureforbackingupavDiskimagefileisthesameasbackingup anyotherfileonyourserver.IfavDiskimagefilebecomescorrupt,restoringitrequiressimply replacingthecorruptedfilewithaprevious,functionalversion. DonotbackupavDiskwhileitisinuseorwhileitislocked.IntegratethebackupofvDisksinto yournormalProvisioningServiceshostbackuproutine. 184Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

vDisk Updates

ItisoftennecessarytoupdateanexistingvDisksothattheimagecontainsthemostcurrent softwareandupdates.EachtimethevDiskistobeupdated,anewversionofthatvDiskiscreated (VHDfile)tocapturethechangeswithoutchangingthebasevDiskimage. UpdatingavDiskinvolves: •CreatinganewversionofthevDisk,manuallyorautomatically. •Startingthenewlycreatedversionfromadevice,makeandsavechangestothevDisk,then shutdownthedevice. •PromotingthenewversiontoProduction. BelowarethevDiskupdatescenariosthataresupported.

Manual Update

YoucanchoosetoupdateavDiskmanuallybycreatinganewversionofthatvDiskandthenusing aMaintenancedevicetocaptureupdatestothatversion.Manualupdatesareinitiatedbyselecting theNewbutton.TheAccesscolumnonthevDiskVersioningdialogboxdisplaysthatthenewly createdversioniscurrentlyundermaintenance.Whileundermaintenance,thisversioncanonlybe ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices185

accessedandupdatedbyasingleMaintenancedevice.MultipleMaintenancedevicescanbe assignedtoavDisk.However,onlyonedevicecanstartandaccessthatversionofthevDiskatany giventime.DuringthattimethatMaintenancedevicewillhaveexclusiveread/writeaccess.

Automated Update

Creatingautomatedupdatessavesadministrationtimeandphysicalresources.Updatesareinitiated ondemandorfromascheduleandareconfiguredusingvDiskUpdateManagement.Ifupdating automatically,theAccesscolumnonthevDiskVersioningdialogboxdisplaysthatthenewly createdversioniscurrentlyundermaintenance.Whileundermaintenance,thisversioncanonlybe accessedandupdatedbytheoneUpdatedevicetowhichitisassigned(onlyoneUpdateDevice existsforeachvDisk). vDiskUpdateManagementisintendedforusewithstandardimagemodevDisksonly. PrivateimagemodevDiskscanbeupdatedusingnormalsoftwaredistributiontool procedures.AttemptingtoregisteraprivateimagemodevDiskforvDiskupdate management,orswitchingavDiskthatisalreadyregistered,willcauseerrors.

Merge

MergingVHDdifferencingdiskfilescansavediskspaceandincreaseperformance,dependingon themergeoptionselected.AmergeupdateisinitiatedmanuallybyselectingtheMergebutton,or automaticallywhenthemaximumvDiskversionscountisreached.

Autoupdate Tool

IntheConsole,thevDiskUpdateManagementfeatureisusedtoconfiguretheautomationofvDisk updatesusingvirtualmachines.AutomatedvDiskupdatescanoccuronascheduledbasis,oratanyFormoreinformationaboutenablingautomaticvDisk timethatyouinvoketheupdatedirectlyfromtheConsole.Thisfeaturesupportsupdatesdetectedupdates,configuringvirtualhostconnectionsfor anddeliveredfromWindowsServerUpdateServices(WSUS)andSystemCenterConfigurationautomatedvDiskupdates,creatingandconfiguringESD Manager(SCCM)ElectronicSoftwareDelivery(ESD)servers.updateVMs,andconfiguringmanagedvDiskfor automatedupdates,seeCitrixeDocsatWhentheSitenodeisexpandedintheConsoletree,thevDiskUpdateManagementfeature http://edocs.citrix.com.appears.Whenexpanded,thevDiskUpdateManagementfeatureincludesthefollowingmanaged 186Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

components: •Hosts •vDisks •Tasks

vDisk Update Management Requirements

vDiskUpdateManagementrequirescompletingthefollowinghigh-leveltasks:

1.DesignateaProvisioningServiceshostwithinthesitetoprocessupdates. 2.ConfigureaVirtualHostPoolforAutomatedvDiskupdates. 3.CreateandconfigureESDvirtualmachinethatwillbeusedtoupdatethevDisk. 4.ConfigurethevDisksforautomatedupdates. 5.Createandmanageupdatetasks. 6.Runtheupdatetaskbyright-clickingonthetaskobjectintheConsole,andthenselectthe Runupdatenowmenuoption. AftervDiskUpdateManagementisconfigured,managedvDiskscanbeupdatedusingthefollowing methods: •Scheduled:theImageUpdateServiceautomaticallyupdatesavDisk,onascheduledbasisas definedintheUpdateTask. •User-Invoked:youcanselectamanagedvDisktobeupdatedfromtheConsole. TheUpdatevirtualmachinewillstart,installupdates,andrestartasnecessary.Aftertheupdatetask successfullycompletes,thevirtualmachineisautomaticallyshutdown.Theupdatestatuscanbe checkedfromtheConsoletreeundervDiskUpdateManagement>vDisks>vDisks>vDisk name>CompletedUpdateStatus.Thestatuscanalsobecheckedusingtheeventviewerorin WSUS.

To Install Updates Automatically

1.UnderthevDiskUpdateManagementnodeintheConsoletree,right-clickvDisks,thenselect theAddvDisksoption. TheManagedvDiskSetupWizardWelcomepageappears. 2.ClickNexttobegin. ThevDiskpageappears. 3.SelectthedefaultsearchoptionsorusethefilteringoptionstodisplaythevDiskstobe managed.vDisksthatarenotalreadymanagedwilldisplayinthevDiskselectionbox. 4.SelectoneormorevDiskstobemanaged,thenclickNext. 5.Selectthetypeofconnectiontousewhenhostingthevirtualmachine. 6.SelectthevirtualmachinedevicetousetoprocessthevDiskupdatefromthedrop-downlist. 7.ClickNext. TheActiveDirectorypageappears. 8.IfusingActiveDirectory,enteraDomainandOrganizationalUnittocreateanActive DirectorymachineaccountthatwillbeusedbytheUpdateDevicethatiscreatedexclusively forupdatingthevDisk,thenclickNext. TheConfirmationpageappears. 9.Reviewallsettings,thenclickFinish. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices187

Incremental Update Rollback

ProvisioningServicesautomaticallycreatesaspecialrollbackfilewhenanincrementalvDiskupdate occurs.Therollbackfileisadeltafile-afilethatcontainsthechangesfromonepointtothenext- thatisusedtoreversetheupdateprocessandrevertthenewvDiskimagetotheoriginalimage. ThevDiskupdateprocesscreatesasubfolderinthevDisksfolder,namedRollback,wherethe originalvDiskresides.Therollbackfileisgiventhesamenamespecifiedforthedeltafilewithan .rbkextensionappendedtothefilename. FormoreinformationaboutrollingbackavDiskupdate,seeCitrixarticleCTX124791on support.citrix.com. Eachincrementalupdatemustberolledbackindividuallyifseveralincrementalupdates havebeenappliedtoavDisk.Forexample,ifyouapplythreeincrementalupdatestoa vDiskandyouwantthevDiskstatetoreturntotheoriginal,eachofthethreeupdates mustberolledbackbeginningwiththemostrecentandworkingbackwardsequentially.

vDisk Replication

ProvisioningServicesallowsyoutosafelyusereplicationsolutionslikeMicrosoftDistributedFile System(DFS)ReplicationtodistributevDisksacrossmultipleserversorgeographiclocations.FormoreinformationaboutusingMicrosoftDFS ProvisioningServiceshostswillmaintainaninventoryofavailablevDisksandversionsandadjustReplicationwithProvisioningServices,readtheCitrix loadbalancingasneededtoensuresessionsareonlyassignedtoserversthathaveaccesstotheblog:http://blogs.citrix.com/2010/06/25/using-microsofts-dfs- requiredvDiskversion.replication-with-provisioning-services-ha/ 188Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

vDisk Inventory Service

ThevDiskinventoryservicekeepstrackofeveryvDiskversionthatisfoundinthefilesystem.In addition,theserviceallowsyoutochoosebetweenfourdifferentreplicationmethods: •MicrosoftDFS •PeerSync •Robocopy •Scripts

High Availability Overview

HighavailabilityreferstoanimplementationinwhichatleasttwoProvisioningServiceshostsare configuredtoprovideavDisktooneormoretargetdevices.ShouldtheprimaryProvisioningFormoreinformationaboutimplementingProvisioning Serviceshostfailforanyreason,andhighavailabilityisenabled,theconnectionwillfailovertotheServiceshighavailability,seeCitrixarticleCTX121090on secondaryProvisioningServiceshost.http://support.citrix.com. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices189 Inordertoprovidemaximizedoperationaltime,high-availability-enabledimplementationsusea sharedstoragearchitecture.MultipleProvisioningServiceshostsaccessthesamephysicalfiles locatedonsharedstorage,whichallowsatargetdevicetoestablishaconnectiononanalternate ProvisioningServiceshostiftheconnectiontotheactiveProvisioningServiceshostisinterrupted foranyreason.Atargetdevicedoesnotexperienceanydisruptioninserviceorlossofdatawhen failoveroccurs. Whenfailoveroccurs,atargetdeviceattemptstoconnecttothenextavailableProvisioningServices host.Ifunabletomakeaconnection,thetargetdevicecontinuestotrydifferentProvisioning Serviceshostsuntilitcansuccessfullyconnect. TheProvisioningServiceshosttowhichatargetdeviceaccessesforlogondoesnotnecessarily becometheProvisioningServiceshostthataccessesthevDiskonbehalfofthetargetdevice.In addition,onceconnected,ifoneormoreProvisioningServiceshostscanaccessthevDiskforthis targetdevice,theserverthatisleastbusyisselected. TopurposelyforcealltargetdevicestoconnecttoadifferentProvisioningServiceshostinahigh- availabilityconfiguration,whilepreventingtargetsfromtimingoutandattemptingtoreconnectto thecurrentProvisioningServiceshost,stoptheStreamServiceonthatProvisioningServiceshost.

Uponshutdown,theStreamServicewillnotifyeachtargetdevicetologonagaintoanother ProvisioningServiceshost.

Provisioning Services Failover

Bydefault,allProvisioningServiceshostswithinasitethatcanaccessavDiskcanprovidethat vDisktotargetdevices.MultipleProvisioningServiceshostscanaccessthesamephysicalfilesFormoreinformationaboutplanningandimplementing locatedonsharedstorage,whichallowsatargetdevicetoestablishaconnectiononanalternateProvisioningServicesHighAvailability,seeCitrixarticle ProvisioningServiceshostiftheconnectiontotheactiveProvisioningServiceshostisinterruptedCTX121090onhttp://support.citrix.com. 190Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

foranyreason.Atargetdevicedoesnotexperienceanydisruptioninserviceorlossofdatawhen failoveroccurs. ForinformationonconfiguringProvisioningServicesto automaticallybalancethetargetdeviceloadbetween ForimplementationsthatusevDiskreplication,ifaserverfailoveroccurs,onlythoseservers,refertoBalancingtheTargetDeviceLoadon ProvisioningServiceshostswithaccesstoanidenticalreplicatedvDiskcanprovidethatProvisioningServersintheProvisioningServices vDisktotargetdevices.Forexample,ifavDiskisreplicatedacrossthreeProvisioningAdministrator'sGuide. Serviceshosts'harddrivesandthenoneofthevDisksisupdated,thatvDiskisnolonger identicalandwillnotbeconsideredifaserverfailoveroccurs.Evenifthesameexact updateismadetotwoofthevDisks,thetimestampsoneachwilldiffer,thereforethe vDisksarenolongeridentical. IfloadbalancingisenabledforthevDiskandaProvisioningServiceshostprovidingthatvDisk shouldfail,ProvisioningServicesautomaticallybalancesthetargetdeviceloadbetweenthe remainingProvisioningServiceshosts.Iftheloadbalancingoptionisnotenabled,asingle

ProvisioningServiceshostisassignedtoprovidethevDisktotargetdevices;thereforefailoverwill notoccur.

Configuring the Boot File for High Availability

ThebootfileofatargetdevicecontainstheIPaddressesofuptofourlogonProvisioningServices hosts,aswellasotherconfigurationinformation.ThebootfileliststheProvisioningServiceshosts thatatargetdevicecancontacttogetaccesstotheProvisioningServicesfarm.Theserverthatis contactedcanhandthetargetdeviceofftoadifferentProvisioningServicehostthatisableto providethetargetdevicewithitsvDisk. Atargetdeviceinitiatesthebootprocessbyfirstloadingabootstrapprogram.Abootstrapprogram isasmallprogramthatrunsbeforetheoperatingsystemisloaded.ProvisioningServicesusesa specialbootstrapprogramwhichinitializesthestreamingsessionbetweenthetargetdeviceandthe ProvisioningServiceshost.Afterthissessionstarts,theoperatingsystemisstreamedandloaded fromthevDiskthatwasinitiated. AsharedstoragesystemensurestheavailabilityoftheProvisioningServervDisks. Dependingonthetypeofsharedstorage,thevDisksuseeithertheUniversalNaming Convention(UNC)ortheusualDOSnamingconvention.

Adding Provisioning Services Hosts to the Boot File

YoumustaddProvisioningServiceshoststothebootfiletoprovideatargetdevicewiththe informationnecessarytomakecontactwiththeStreamService. Duringconfiguration,youcanconfigureaProvisioningServiceshosttoprovideTFTPservices.If alltargetdevicesareononenetworksegment,therewilltypicallybeoneTFTPserverforeach farm.Iftargetdevicesareonmultiplenetworksegments,andeachsegmentisconfiguredasan independentsite,thenoneTFTPserverforeachsite(networksegment)canbeused. ProvisioningServiceshostscanalsobeconfiguredaslogonserversintheConsoleusingthe ConfigureBootstrapdialogbox. FormoreinformationaboutaddingProvisioningServiceshoststoabootfile,seeCitrixeDocsat edocs.citrix.com.

Enabling High Availability on vDisks

Afterthebootstrapfilehasbeenconfigured,thehighavailabilityfeaturemustbeenabledonthe vDisk. ToenablehighavailabilityonvDisks: 1.Right-clickthevDiskandselecttheFilePropertiesmenuoption. 2.SelecttheOptionstab. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices191

3.SelecttheHighavailability(HA)checkbox. 4.ClickOKtosavethisvDiskpropertychangeandcontinue. 5.ConfigureloadbalancinginthepropertiesofthevDisk.

To Provide Provisioning Services Hosts with Access to Stores

Foreachstore,selecttheProvisioningServiceshoststhatcanaccessthestore: 1.Right-clicktheStore,thenselectthePropertiesmenuoption. TheStorePropertiesdialogboxappears. 2.SelectthelocationofProvisioningServiceshoststhatshouldbeabletoaccessthisstore. 3.EnablethecheckboxnexttoeachProvisioningServiceshostthatcanprovidevDisksinthis store,thenclickOK.

Considerations for Offline Database Support

TheOfflineDatabaseSupportoptionallowsProvisioningServiceshoststouseasnapshotofthe ProvisioningServicesdatabaseintheeventthattheconnectiontothedatabaseislost. 192Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

Thisoptionisdisabledbydefaultandisonlyrecommendedforusewithastablefarm runninginproduction.Onlyafarmadministratorcansetthisoption. Whenofflinedatabasesupportisenabledonthefarm,asnapshotofthedatabaseiscreatedand initializedwhentheProvisioningServiceshostisstarted.TheProvisioningServiceshostisthen continuallyupdatedbytheStreamService.Ifthedatabasebecomesunavailable,theStreamService usesthesnapshottogetinformationabouttheProvisioningServiceshostandthetargetdevices availabletotheProvisioningServiceshost;thisfunctionalityallowsProvisioningServiceshostsand targetdevicestoremainoperational.However,whenthedatabaseisoffline,ProvisioningServices managementfunctionsandtheConsolebecomeunavailable. Whenthedatabaseconnectionbecomesavailable,theStreamServicesynchronizesanyProvisioning Serviceshostsortargetdevicestatuschangesmadetothesnapshotbacktothedatabase. Itisimportanttonotethatthefollowingfeatures,options,andprocessesremainunavailablewhen thedatabaseconnectionislost,eveniftheOfflineDatabaseSupportoptionisenabled: •AutoAddtargetdevices •vDiskupdates •vDiskcreation •ActiveDirectorypasswordchanges •StreamProcessstartup •ImageUpdateservice •ManagementfunctionssuchasPowerShell,MCLI,SoapServer,andtheConsole

To Enable Offline Database Support

1.Right-clicktheFarm,thenselectProperties. TheFarmPropertiesdialogboxappears. 2.CheckthecheckboxnexttoOfflineDatabaseSupportontheOptionstab. 3.RestarttheStreamservices. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices193

Stream Logging

ThefilesusedinProvisioningServicestomanagelogging,aswellasanygeneratedlogfiles,are locatedin:%APPDATA%\Citrix\ProvisioningServices\logs. Forexample:C:\DocumentsandSettings\AllUsers\ApplicationData\Citrix \ProvisioningServices\logs Streamlogfilesinclude: •Stream_log.config •Stream.log TheStreamProcess.exe,Manager.dll,andStreamdb.dllallwritetotheStream.logfile. TheStream_log.configfileshouldnotbeeditedmanually.Logginglevelsshouldbe setthroughtheConsole.Anyeditsmadetothisfilemanuallyarelostwhenthe ProvisioningServerrestarts,orwhenlogginglevelsarechangedusingtheConsole. Thecontentofalogfileincludes: •Timestamp •LoggingLevel •Componentandmethodusedtoperformlogging •ProvisioningServiceshostandtargetdeviceidentity(name,IP,orMAC) •LoggingmessagewithsupportingdataofWindowserrorcodes,whenappropriate

To Enable Logging

1.Right-clicktheProvisioningServiceshost,thenselectthePropertiesmenuoption. 2.SelectoneofthefollowinglogginglevelsontheLoggingtab: •OFF •FATAL •ERROR •WARN •INFO •DEBUG 194Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

Thelogginglevelsarelistedfromtheminimumlevel(OFF)tothemaximumlevel (DEBUG)oflogginginformationthatyoucancollect.Logginglevelsareinclusiveof previouslevels.Forexample,ifyouselectINFO,loginformationwillincludeWARN, ERROR,andFATAL. FormoreinformationaboutProvisioningServiceslogproperties,seeCitrixeDocsat edocs.citrix.com. 3.IntheMaxFileSizetextbox,scrolltoselectthemaximumsizethatalogfilecanreach. Whenthemaxfilesizeisreached,thefileisclosedandanindexnumberisappendedtothe filename,thenanewfileiscreated. 4.ScrolltoselectthemaximumnumberofbackupfilestoretainintheMaxBackupFilestext box,thenclickOK. Theoldestlogfileisautomaticallydeletedwhenthemaximumnumberofbackupfilesis reached. 5.EnableLogeventstotheWindowsEventLogoftheProvisioningServiceshostthatis communicatingwiththetargetdevice.Thislogincludeserrorsthatmightoccuraftertheearly startphaseaswellasanycriticalerrorreporting.ClickOK.

Troubleshoot vDisk Images

WhentroubleshootingvDiskimages,thereareseveralstepsyoucantaketoresolvetheproblem. Belowareafewcommontroubleshootingissues. TroubleshootingvDiskIfyouhavemultipleProvisioningServiceshostsinyourfarmyet HighAvailabilityIssuesyouencounterclientsthatstoprespondingwhenoneoftheStream servicesshutdown,youmighthaveaconfigurationissuewithinthe ProvisioningServicesConsole.AfterverifyingthatallvDisksare availableandaccessiblefromallProvisioningServiceshosts,verify theseadditionalconfigurationoptions: •VerifythattheStoreissettoserviceallProvisioningServices hosts. •VerifythattheactualvDiskissetforhighavailability. •VerifythatthevDiskissettousealoadbalancingalgorithm andnotassignedtoaparticularProvisioningServiceshost. •ChecktheBootstrapconfigurationforallProvisioningServices hoststomakesuretheyarelistedcorrectly.Incorrectsettingsin theBootstrapconfigurationwillaffectfailoverbehavior. ©Copyright2012CitrixSystems,Inc.Module7:ManagingvDisksandTargetDevices195

TroubleshootingandProvisioningServicesallowsuserstoviewtheavailabilityof ViewingReplicationStatusreplicatedvDiskstoProvisioningServiceshostswithinafarm. foraParticularvDisk1.Right-clickavDiskintheConsole,thenselecttheVersions menuoption. 2.Highlightaversioninthedialogbox,thenclicktheReplication button.ThevDiskVersionReplicationStatusdialogbox displaysshowingthereplicationstatusavailabilityforeach serverthatcanprovidethisversionofthevDisk. •IfaversionisinMaintenance(hammericon),Test (magnifyingglass),orPending(hourglass)states,that statedisplaysinthefirstrow. •Agreencheckmarkindicatesthattheserverhasaccessto thehighlightedversion. •Ayellowwarningindicatesthataservercurrentlydoesnot haveaccesstooneormoreversionsofthehighlighted vDisk.Theversionthatismissing,orhasanissue,hasa yellowwarningundertheversioncolumn. ReleasingavDiskLockMultipletargetdevicesandProvisioningServiceshostscangain accesstoasinglevDiskimagefile.Therefore,itisnecessaryto controlaccesstopreventcorruptionoftheimage.Ifmultipletarget devicesareconfiguredtostartfromaprivateimage,acorrupt imagewouldresult.Therefore,theimagebecomeslocked appropriatelyforagivenconfiguration.Asmalllockappearsover thevDiskicontoindicatethatthevDiskislocked. EnsurethatthevDiskisnotinusebeforeremovingalock. AvDiskimagecanbecomecorruptedifthelockis releasedwhileatargetdeviceisstillconnected. 196Module7:ManagingvDisksandTargetDevices©Copyright2012CitrixSystems,Inc.

Dans le document Citrix XenServer 6.0 Administration Citrix Course CXS-203-1I (Page 127-199)