Professional Documents
Culture Documents
Provisioning Services: Copyright and Trademark Notices Use of the product documented herein is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included with your installation media. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.
The following are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries:
Branch Repeater, Citrix, Citrix Access Essentials, Citrix Access Gateway, Citrix Desktop Receiver, Citrix Desktop Server, Citrix EasyCall, Citrix Essentials, Citrix Merchandising Server, Citrix Provisioning Server, Citrix Receiver, Citrix Repeater, Citrix Streaming Server, Citrix Subscription Advantage, Citrix Workflow Studio, Citrix XenApp, Dazzle, EdgeSight,HDX, ICA, NetScaler,Request Switching, StorageLink, VPX, WANScaler, XenDesktop, XenServer, Xen Data Center, Xen Source
All other trademarks and registered trademarks are the property of their respective owners. Document code: October 19 2010 13:03:25
Contents
Contents
iv
Administrator's Guide
Configure User Account Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Select network cards for the Stream Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 Configure Bootstrap Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 Running the Configuration Wizard Silently. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Prerequisite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 To Create the ConfigWizard.ans File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 To Copy and Modify the ConfigWizard.ans File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 To Run the ConfigWizard.exe Silently. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Farm Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Groups Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 Licensing Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Farm Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Farm Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Connecting to a Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Managing Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Creating Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Site Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 MAK Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Contents
Managing Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Store Administrative Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Store Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Paths Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76 Servers Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Store Configuration and Management Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Working with Managed Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 Prerequisites and Supported Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Using the Store Management Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
vi
Administrator's Guide
Identification Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106 Microsoft Volume Licensing Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Options Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Managing vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Using the Imaging Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 Creating and Formatting a New vDisk File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 To create a new vDisk file in the database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 To format a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 To unmount a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113 Create and Assign a Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 To create a target device entry in the database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 To assign a vDisk to a target device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Building the vDisk Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Imaging Windows Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Imaging Linux Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Building a Common Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115 Building the Common Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Configuring the Master Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Exporting Specific Data Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Booting the Master Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Adding Additional Target Devices to the Common Image. . . . . . . . . . . . . . . . . . . . . . .117 Configuring vDisk Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Adding Existing vDisks to a vDisk Pool or Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119 Viewing vDisk Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 View target device connections to a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 Releasing vDisk Locks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 Unassigning vDisks from Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Deleting a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121 Deleting Cache on a Difference Disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Copying vDisks to Different Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Copying and Pasting vDisk Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Backing Up a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Choosing a vDisk Update Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Automatically Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Incrementally Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Rolling Back vDisk Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129 Using Maintenance Utilities with a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 vii
Contents
Working with Physical Disks and vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Configuring a vDisk for Microsoft Volume Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Administrator's Guide
Define personality data for multiple target device using the Console. . . . . . . . . . .151 Using Target Device Personality Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Contents
General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 Members Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 Managing Views in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 Creating a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 Pasting Device Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 Deleting a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Refreshing a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Booting Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Restarting Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 . Shutdown Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Sending Messages to Target Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Administrator's Guide
xi
Contents
Giving Access to Users from Another Domain Provisioning Services Administrator Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Adding Target Devices to a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218 Removing Target Devices From a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Reset Computer Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
19 Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Configuring Provisioning Server Log Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Configuring Target Device Log Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 Log Files and Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Log File Location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Log File Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
20 Auditing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Enabling Auditing Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 Accessing Auditing Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 Archiving Audit Trail Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
xii
Administrator's Guide
Glossary...............................................................................................261
xiii
Contents
xiv
Chapter 1
Chapter 1
Provisioning Services Product Overview runtime data caching or, in some scenarios, removed from the system entirely, which reduces power usage, system failure rates, and security risks.
Product Licenses
Product licenses are issued based on the product edition that you choose. For Citrix product licensing documentation, open 16
Administrator's Guide the Citrix Knowledge Center, then select Licensing under the Knowledge Resources section.
17
Chapter 1
Administrator's Guide infrastructure. Without Provisioning Services, storage costs can put desktop virtualization out of the budget. With Provisioning Services, IT can reduce the amount of storage required for VDI by as much as 90%. At the same time the ability to manage a single image rather than hundreds or thousands of desktops significantly reduces the cost, effort, and complexity for desktop administration. Not all desktops applications or user groups can be supported by virtual desktops. For these scenarios, Provisioning Services IT can still reap the benefits of consolidation and single image management. Desktop images are stored and managed centrally in the datacenter and streamed out to physical desktops on demand. This model works particularly well for standardized desktops such as those in lab and training environments, call centers, and "thin client" devices used to access virtual desktops.
19
Chapter 1
The target device downloads the boot file from a Provisioning Server (refer to Step 2), and then the target device boots. Based on the device boot configuration settings, the appropriate vDisk is located, then mounted on the Streaming Server (refer to step 3). The software on that vDisk is streamed to the target device as needed. To the target device, it appears like a regular hard drive to the system. Instead of immediately pulling all the vDisk contents down to the target device (as done with traditional or imaging deployment solutions), the data is brought across the network in real-time, as needed. This approach allows a target device to get a completely new operating system and set of software in the time it takes to reboot, without requiring a visit to a workstation. This approach dramatically decreases the amount of network bandwidth required by traditional disk imaging tools; making it possible to support a larger number of target devices on your network without impacting overall network performance. vDisks can be assigned to a single target device as Private Image Mode, or to multiple target devices as Standard Image Mode.
20
Administrator's Guide The graphic that follows provides a high-level view of the Provisioning Services infrastructure and illustrates how Provisioning Services components might appear within that implementation.
Farms
A farm represents the top level of a Provisioning Services infrastructure. Farms provide a Farm administrator with a method of representing, defining, and managing logical groups of Provisioning Services components into sites. All sites within a farm share that farms Microsoft SQL database. A farm also includes a Citrix License Server, local or network shared storage, and collections of target devices. In the Console window, administrators select the farm that they want to manage or view. Sample tasks that are specific to a farm can include managing: w Farm configurations w Product licensing w High Availability configurations 21
Chapter 1
Provisioning Services Product Overview w Active Directory configurations w User Groups w Administrative roles Note: The Console does not need to be directly associated with the farm because remote administration is now supported on any Console that can communicate with that farms network.
Sites
A site provides both a site administrator and farm administrator, with a method of representing and managing logical groupings of Provisioning Servers, Device Collections, and local shared storage. A site administrator can perform any task that a device administrator or device operator can perform. A site administrator can also perform additional tasks such as managing: w Print servers w Device administrator and device operator role configurations w Provisioning Servers w Shared storage w User Groups Provisioning Servers within a site, communicate with farm components to obtain the information necessary to boot target devices and to provide target devices with the appropriate vDisk. Provisioning Server(s) must be able to communicate with the store where those vDisks exist.
Device Collections
Device collections provide the ability to create and manage logical groups of target devices, which are typically created and managed by a device administrator (a farm and site administrator can also perform a device administrators tasks). A device collection could represent a physical location, a subnet range, or a logical grouping of target devices. Creating device collections simplifies device management by performing actions at the collection level rather than at the target-device level. A target device can only be a member of one device collection. For device collection details, refer to the Managing Device Collections section in the Administrator's Guide.
22
Administrator's Guide
Provisioning Servers
A Provisioning Server is any server that has Stream Services installed. It is used to stream software from vDisks, as needed, to target devices. In some implementations, vDisks reside directly on the Provisioning Server. In larger implementations, Provisioning Servers get the vDisk from a shared-storage location on the network. Provisioning Servers also retrieve and provide configuration information to and from the Provisioning Server Database. Provisioning Server configuration options are available to ensure high availability and load-balancing of target device connections. For Provisioning Server details, refer to Managing Provisioning Servers.
Console
The Console is a utility that is used to manage your Provisioning Services implementation. After logging on to the Console, you select the farm that you want to
23
Chapter 1
Provisioning Services Product Overview connect to. Your administrative role determines what you can view in the Console and manage in the farm. The following illustration displays the farm hierarchy in the tree pane and the keys components in the Console window.
Action Menu The Action menu displays Provisioning Services tasks that can be performed on an object that is highlighted in the Console. The same tasks are available when you rightclick on the object in the Console. Tasks are object specific and can only be performed if the user has the appropriate role assigned (role-based administration). Your role determines what displays in the Console. For example, if you are a farm administrator, you can perform all tasks and see all objects in the farm. Device administrators can only perform device-collection management tasks on collections to which they have privileges. Administrator roles are described later in this chapter. Note: MMC (Microsoft Management Console) specific console features are not described in this document. Refer to Microsofts MMC documentation for detailed information. Console Tree and Details Pane To view information about an object in the Details pane, click on the object or folder in the Tree pane. The Details pane provides information such as the objects name and a description of that object. Properties Menus 24
Administrator's Guide To view or change an objects properties, right-click on the object, then select the Properties menu option. You can also highlight the object in the Console window, then select Properties from the Action menu options. The Properties dialog displays property settings in tabular format.
vDisks
vDisks exist as disk image files on a Provisioning Server or on a shared storage device. vDisk images are configured to be in Private, Standard, or Difference Disk, or RAM disk mode. (For more information, refer to the Configuring vDisk Modes section in the Administrator's Guide). vDisks are associated with a sites vDisk pool. To view vDisks within a pool, expand the vDisk Pool folder in the Console tree. vDisk Pools vDisk pools are the collection of all vDisks available to a site. There is only one vDisk pool per site. The method used to locate a vDisk on a server share is illustrated in the graphic that follows.
1. The target device begins the boot process by communicating with a Provisioning Server and acquiring a license. 2. The Provisioning Server checks the vDisk pool for vDisk information, which includes identifying the Provisioning Server(s) that can provide the vDisk to the target device and the path information that server should use to get to the vDisk. In this example, the vDisk shows that only one Provisioning Server in this site can provide the target device with the vDisk and that the vDisk physically resides on the Finance Server (shared storage at the farm level). 3. The Provisioning Server locates the vDisk on Finance Server, then streams that vDisk, on demand, to the target device. On the Consoles Create a New vDisk dialog, you can add a new vDisk file to a store and select the Provisioning Server that will create the vDisk file on a Provisioning Server or on shared storage. 25
Chapter 1
Target Devices
A device, such as a desktop computer or server, that boots and gets software from a vDisk on the network, is considered a target device. Note: In the product documentation, the term target device is used generically when referring to any device within the a Provisioning Services Farm, which boots and gets software from a vDisk on the network. Target devices deliver a higher level of security than traditional technologies, by fully utilizing your existing management infrastructure. Each target device continues to have its own unique identity on the network and within your existing network operating system (i.e. Active Directory, Novell E-Directory and other LDAP directories). Target devices can continue to be managed by group policies and existing security policies pushed out by these directory management tools. In addition to using existing policy management tools, greater security is inherit by the fact that there is no longer a hard drive in the target device. If the target device is stolen, data is not lost. Instead, it is easily ported to another target device. A target device can only be a member of one device collection. Expanding a Device Collection folder in the Consoles tree allows you to view members of a device collection and information such as the target device name, IP address, vDisk, and the Provisioning Server currently providing the vDisk. Target device settings are made in the Consoles Device Properties dialog, which includes settings such as printer assignments.
Store
A store is a logical name that is given to a physical vDisk storage location. The store name is the common name used by all Provisioning Servers within the farm. Example One The physical vDisk for Windows XP (WINXP1) resides on a Provisioning Server (PVS1) local to a site. The vDisk path is: C:\vDisks\WINXP1.vhd The logical name that is given to this physical location is the store. Store name (logical name): bostonwinxp Example Two The physical vDisk for Windows XP (WINXP1) resides on a network share (FinanceShare) at the farm level. The vDisk path for Provisioning Server (PVS1) to WINXP1 is: \\FinanceShare\vDisks\WINXP1.vhd Access or visibility to a store depends on the users administrative privileges: 26
Administrator's Guide w Farm administrators have full access to all stores within the farm. w Site administrators have access to only those stores owned by the site. They can delete stores owned by the site but they can not modify store properties or add vDisks to the store. w Device administrators and device operators have read-only access and can not view store information. Site Administrators may also have read-only access if that store exists at the farm level, or if that store belongs to another site. Stores that exist in a farm can be viewed by expanding the Store parent directory in the Consoles tree. The Stores property settings can be modified from the Properties Dialog.
Device Collections
Device collections provide the ability to create and manage logical groups of target devices. A device collection could represent a physical location, a subnet range, or a logical grouping of target devices. Creating device collections simplifies device management by performing actions at the collection level rather than at the targetdevice level. Note: A target device can only be a member of one device collection. Device collections are created and managed by farm administrators, site administrators that have security privileges to that site, or device administrators that have security privileges to that collection. Device administrators can not modify the collection itself; only the devices within it. Device operators can only perform tasks on device collections that they are assigned to.
User Groups
User groups provide farm and site administrators with the ability to create and manage groups of users based on existing Active Directory or Windows groups. Creating user groups within a site simplifies management tasks by performing actions at the usergroup level, rather than at the individual user level. User groups have the same vDisks and settings available if moving from one target device to another.
Network Services
Network services include a BOOTP service, Preboot Execution Environment (PXE) service, and a TFTP service. These service options can be used during the boot process to retrieve IP addresses, and locate then download the boot program from the Provisioning Server to the target device. Alternative boot options are also available, refer to Booting From an Optional Boot Device. Note: For network service details, refer to Managing Bootstrap Files and Boot Devices on page 221 in this document.
27
Chapter 1
Product Utilities
In addition, Provisioning Services includes several tools for use when configuring and managing a Provisioning Services deployment. After installing Provisioning Services software, the following tools become available: w Installation Wizard Use this wizard to install Provisioning Services components to create a Provisioning Servers and Master target devices. w Configuration Wizard Use this wizard to configure Provisioning-Server components, including network services, and database permissions. This wizard is installed during the Provisioning Services installation process. w Imaging Wizard On the master target device, run the Provisioning Services Imaging Wizard to create a vDisk file in the Provisioning Services database and then image to that file without having to physically go to a Provisioning Server. This utility is installed during the target device installation process. w Virtual Disk Status Tray Use this target device utility to get target-device connection status and streaming statistical information. This utility is installed during the Provisioning Services target device installation process. w Boot Device Manager Use this utility to configure a boot device, such as a USB or CDROM, which then receives the boot program from the Provisioning Services. w Upgrade Utilities There are several upgrade methods available. The method you select depends on your network requirements. w Programming Utilities Provisioning Services provides programmers with a management application programming utility and a command line utility. These utilities can be accessed by all users. However, users can only use those commands associated with their administrator privileges. For example, a Device Operator is able to use this utility to get a list of all target devices that they have access to.
28
Administrator's Guide w Site Administrator Site administrators have full management access to the all objects within a site. For example, a site administrator can manage Provisioning Servers, site properties, target devices, device collections, vDisks, vDisk pools, and local vDisk stores. A site administrator can also manage device administrator and device operator memberships. w Device Administrator Device administrators can perform all device-collection management tasks on collections to which they have privileges. w Device Operator Device operators can view vDisks and target devices, boot or shut down target devices, and send messages to target devices within a device collection to which they have privileges. For details on administrator roles, refer to Managing Administrative Roles on page 69.
Chapter 1
Provisioning Services Product Overview product issues as well as late additions that were not included in the other product documentation. The release notes are accessible from: w Citrix Knowledge Center: http://support.citrix.com/ w Product installation CD-ROM, when the installation executable is run. w Programs directory, after completing the product installation: Start>All Programs>Citrix Provisioning Services>Provisioning Services Release Notes Programmers Guides Administrators with the appropriate privileges can use any of the following guides to manage your implementation from command lines. w MCLI Programmers Guide w SOAP Server Programmers Guide w PowerShell Programmers Guide These guides are available as a PDF and can be accessed from the Citrix Knowledge Center: http://support.citrix.com/ Virtual Disk Status Tray Help The Virtual Disk (vDisk) Status Tray help is available to aid in the management and troubleshooting of vDisks on target devices. This help system is assessable from the Help menu on the Virtual Disk Status Tray.
Finding Additional Documentation From the Help menu or product installation directory, the following additional documentation is available for optional Provisioning Services utilities: w Boot Device Manager (BDM.chm) w BOOTPTab Editor (bootptab-editor-help.chm) w PXE (pxemap.chm)
30
Administrator's Guide w A knowledge base containing thousands of technical solutions to support your Citrix environment. w An online product documentation library. w Interactive support forums for every Citrix product. w Blogs and communities. w Access to the latest hotfixes and service packs. w Security bulletins. w Additional resources are available to customers with valid support contracts, including online problem reporting and tracking. w Citrix Live Remote Assistance. Using Citrixs remote assistance product, GoToAssist, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution. Another source of support, Citrix Preferred Support Services, provides a range of options that allows you to customize the level and type of support for your organizations Citrix products.
Chapter 1
Provisioning Services Product Overview administrators are knowledgeable about networking components and administration, and that device operators are familiar with networking concepts. The majority of product documentation is provided as Adobe Portable Document Format (PDF) files. To view, search, and print PDF documentation, you need to have Adobe Reader 5.0.5 with Search, or a more recent version. You can download these products for free from Adobe Systems Web site at: http://www.adobe.com/
32
Chapter 2
33
Chapter 2
34
Administrator's Guide
Using DHCP with PXE to Retrieve IP Address and Scope Options: 1. When a target device boots from the network, DHCP sends a request to the Provisioning Server for an IP address and Scope Option settings (option 60; PXEClient identifier). The Provisioning Server returns the information as requested. 2. The target device sends a request to the Provisioning Server for the boot file name and location to the PXE service (options 66 and 67). The PXE service returns the information to the target device. 3. Using TFTP, a request for the boot file is sent from the target device to the Provisioning Server. The Provisioning Server downloads the boot file on the target device and the target device boots.
35
Chapter 2
Administrator's Guide To use Standard Image mode, the vDisk must first be set to read-only mode. Each target device then builds a write cache that stores any writes the operating system needs to make. There are several write-cache options available. Having a read-only vDisk offers administrators several advantages. First, each time the target device boots, it always boots from a clean vDisk. If a machine becomes infected with a virus or spyware, simply reboot to the clean image. This solution greatly reduces the number of vDisks to maintain in an network. It also reduces the amount of change points required. Other installation methods require a successful install of a software update on each target device. With a Standard Image, you only have to install software one time. Updated vDisks can then be accessed, by all assigned target devices, through the Provisioning Server. As a result, a single successful installation can upgrade thousands of machines. To get new software, a target device just needs to reboot. While each target device is using the same vDisk, there are plenty of instances when a device needs to have some unique characteristics while running. A number of tools are provided to allow for uniqueness within the environment including: w Computer Name Each target device is given its own unique network name and each target device is able to have its own computer account within your existing directory management structure. w Common Image Allows a vDisk to be used across different hardware platforms. w Device Personality While 95% of all software works in a standard image, a number of applications require each target device to have a unique ID, such as a phone extension. This feature allows you to store application specific values in the database and retrieve the target devices unique value as the device loads.
Chapter 2
38
Administrator's Guide
39
Chapter 2
40
Chapter 3
41
Chapter 3
42
Administrator's Guide Sites Views Stores Site administrators generally manage those objects within sites to which they have privileges. Sites contain Provisioning Servers, a vDisk Pool, device collections, user groups and views. The site-level tree is organized as follows: w Site Servers vDisk Pool Device Collections User Groups Views
43
Chapter 3
Using the Console 1. To export table information from the details pane to a text or comma delimited file, select Export from the Action menu. 2. Select the location where this file should be saved inSave in: 3. Type or select the file name in the File name textbox. 4. Select the file type from and Save as text boxes. 5. Click Save to save the file. Help Select an object in the Console, then select Help from the Action menu to display information about that object. View Options To customize a Console view: 1. Select View, then select either Add/Remove Columns... or Customize.... 2. If you selected: Add/Remove Columns..., use the Add and Remove buttons to select which columns to display. Customize..., select the check box next to each MMC and Snap-in view option that should display in the Console window. 3. Click OK. The Console view refreshes to display the view options selected.
Action menu
Select object-related tasks from the Action menu such as; boot, restart, send message, view properties, copy or paste properties. For a complete list of tasks, refer to that objects management chapter within this guide.
44
Administrator's Guide
Using Drag-and-Drop
w Move target devices by dragging them from one device collection, and dropping them on another device collection within the same site. w Assign a vDisk to all target devices within a collection by dragging the vDisk and dropping it on the collection. The vDisk and the collection must be in the same site. (The new vDisk assignment replaces any previous vDisk assignments for that collection). w Add a target device to a view by dragging the device, then dropping it on the view in Consoles tree. w Drag a Provisioning Server from one Site, then drop it into another site. (Any vDisks assignments that were specific to this server and any store information will be lost.).
Using Views
Create views containing target devices to display only those target devices that you are currently interested in viewing or performing tasks on. Adding target devices to a view provides a quick and easy way to perform a task on members of that view, such as: w Boot w Restart 45
Chapter 3
Using the Console w Shutdown w Send message Views can be created at the site level or at the farm level. To perform a task on members of a view: 1. Right-click on views icon, then select the Create View... menu option. The View Properties dialog appears. 2. Type the name and a description of the new view in the appropriate text boxes, then select the Members tab. 3. To add target devices to this view, click the Add button. The Select Target Devices dialog appears. 4. If you are creating the view at the farm level, select the site where the target devices reside. If you are creating the view at the site level, the site information is already populated. 5. From the drop-down menu, select the device collection where the target devices to add are members. 6. Select from the list of target devices that display, then click OK. 7. If necessary, continue adding target devices from different device collections within a site. 8. Click the OK button to close the dialog. For more information on views, refer to Managing Views on page 175.
46
Chapter 4
Managing Farms
Topics:
Configuring the Farm Farm Properties Farm Tasks A farm represents the top level of a Provisioning Services infrastructure. Farms provide a Farm Administrator with a method of representing, defining, and managing logical groups of Provisioning Services components into sites. All sites within a farm share that farms Microsoft SQL database. A farm also includes a Citrix License Server, local or network shared storage, and collections of target devices. To learn more about managing farms, refer to the follow sections: w Configuring the Farm on page 48 w Farm Tasks on page 61 w Farm Properties on page 58
47
Chapter 4
Managing Farms
48
Administrator's Guide
Network Topology
Complete the network configuration steps that follow. 1. Select the network service to provide IP addresses Note: Use existing network services if possible. If for any reason existing network services can not be used, choose to install the network services that are made available during the installation process. To provide IP addresses to target devices, select from the following network service options: If the DHCP service is on this server, select the radio button next to one of the following network services to use, then click Next: w Microsoft DHCP w Provisioning Services BOOTP service w Other BOOTP or DHCP service If the DHCP service is not on this server, select the radio button next to The service is running on another computer, then click Next. 2. Select the network service to provide PXE boot information Each target device needs to download a boot file from a TFTP server. Select the network service to provide target devices with PXE boot information: If you choose to use this Provisioning Server to deliver PXE boot information, selectThe service that runs on this computer, then select from either of the following options, then click Next: w Microsoft DHCP (options 66 and 67) w Provisioning Services PXE Service
49
Chapter 4
Managing Farms If Provisioning Services will not deliver PXE boot information, select The information is provided by a service on another device option, then click Next.
Administrator's Guide v. Click Next. vi. Select from the following site options, then click Next: Existing Site: Select the site from the drop-down menu to join an existing site. New Site: Create a site by typing the name of the new site and a collection. Continue on toConfigure User Account Settings on page 53 procedure.
Chapter 4
Managing Farms
Note: When selecting the Active Directory group to act as the Farm Administrator from the drop-down list, choices include any group the current user belongs to. This list includes Builtin groups, which are local to the current machine. Avoid using these groups as administrators, except for test environments. Also, be aware that some group names may be misleading and appear to be Domain groups, which are actually Local Domain groups. For example: ForestA.local/Builtin/Administrators. Use Windows groups for security 4. ClickNext. Continue on to theSelecting the license server procedure.
Administrator's Guide i. On the Site page, enable the Existing Site radio button. (The default site name is Site.) ii. Select the appropriate site from the drop-down list, then click Next. iii. Create a new store or select an existing store on the Store page, then click Next.
Chapter 4
Managing Farms
Administrator's Guide b. Click Next. 2. Select Provisioning Servers to use for the boot process: a. Use the Add button to add additional Provisioning Servers to the list, theEdit button to edit existing information, orRemove to remove the Provisioning Server from the list. Use theMove up orMove down buttons to change the Provisioning Server boot preference order. The maximum length for the server name is 15 characters. Do not enter FQDN for the server name. In an HA implementation, at least two Provisioning Servers must be selected as boot servers. b. Optionally, highlight the IP address of the Provisioning Server that target devices will boot from, then click Advanced. The Advanced Stream Servers Boot List appears. The following table describes advanced settings that you can choose from. After making your selections, click OK to exit the dialog, then click Next to continue. Table 4-1. Advanced Stream Servers Boot List Verbose Mode Select the Verbose Mode option if you want to monitor the boot process on the target device (optional) or view system messages. Select Interrupt Safe Mode if you are having trouble with your target device failing early in the boot process. This enables debugging of target device drivers that exhibit timing or boot behavior problems This setting enables the bootstrap to work with newer Windows OS versions and is enabled by default. Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your target device is hanging or behaving erratically in early boot phase. Restore Network Connections Selecting this option results in the target device attempting indefinitely to restore it's connection to the Provisioning Server. Note: Because the Seconds field does not apply, it becomes inactive when
55
Chapter 4
Managing Farms
the Restore Network Connections option is selected. Reboot to Hard Drive (a hard drive must exist on the target device) Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will reboot to the local hard drive. The default number of seconds is 50, to be compatible with HA configurations. Logon Polling Timeout Enter the time, in milliseconds, between retries when polling for Provisioning Servers. Each Provisioning Server is sent a login request packet in sequence. The first Provisioning Server that responds is used. In non-HA configurations, this time-out simply defines how often to retry the single available Provisioning Server with the initial login request. This time-out defines how quickly the round-robin routine will switch from one Provisioning Server to the next in trying to find an active Provisioning Server. The valid range is from 1,000 to 60,000 milliseconds. Login General Timeout Enter the time-out, in milliseconds, for all login associated packets, except the initial login polling timeout. This time-out is generally longer than the polling time-out, because the Provisioning Server needs time to contact all associated servers, some of which may be down and will require retries and time-outs from the Provisioning Server to the other Provisioning Servers to determine if they are indeed online or not. The
56
Administrator's Guide
valid range is from 1,000 to 60,000 milliseconds. c. Verify that all configuration settings are correct, then click Finish.
Prerequisite
The Configuration Wizard must first be run on any Provisioning Server in the farm that has the configuration settings that will be used in order to create the Provisioning Services database and to configure the farm. The basic steps involved in the silent configuration of servers within the farm include: w Create a ConfigWizard.ans file from a configured Provisioning Server in the farm. w Copy the ConfigWizard.ans file onto the other servers within the farm, and modify the IP address in the ConfigWizard.ans file to match each server in the farm. w Run the ConfigWizard.exe with the /a parameter.
Chapter 4
Managing Farms
Note: To get the list of valid ConfigWizard parameters: 1. Run the ConfigWizard.exe with the /? parameter. 2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file from the Provisioning Services Application Data directory. 3. Scroll down to the bottom of the file to view all valid parameters.
Note: To get the list of valid ConfigWizard.ans commands with descriptions: 1. Run the ConfigWizard.exe with the /c parameter. 2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file from the Provisioning Services Application Data directory. 3. Scroll down to the bottom of the file to view all valid parameters.
Farm Properties
The Farm Properties dialog contains the following tabs: w General Tab on page 58 w Security Tab on page 58 w Groups Tab on page 59 w Licensing Tab on page 59 w Options Tab on page 60 w Status Tab on page 61 The tables that follow identify and describe farm properties on each tab:
General Tab
Name Description Enter or edit the name of this farm. Enter or edit a description for this farm.
Security Tab
Add button Click the Add button to apply farm administrator privileges to a group. Check each box next the groups to which
58
Administrator's Guide
farm administrator privileges should apply. Remove button Click the Remove button to remove groups from those groups with farm administrator privileges. Check each box next the groups to which farm administrator privileges should not apply.
Groups Tab
Add button Click the Add button to open the Add System Groups dialog. To display all security groups, leave the text box set to the default *. To display select groups, type part of the name using wildcards *. For example, if you want to see MY_DOMAIN\Builtin \Users, type: User*, Users, or *ser* However, in this release, if you type MY_DOMAIN\Builtin\*, you will get all groups, not just those in the MY_DOMAIN\Builtin path. Select the checkboxes next to each group that should be included in this farm. Note: Filtering on groups was introduced in 5.0 SP2 for efficiency purposes. Remove button Click the Remove button to remove existing groups from this farm. Highlight the groups to which privileges should not apply.
Licensing Tab
Note: Changing licensing properties requires that the Provisioning Services Stream Service be restarted on each Provisioning Server for licensing changes to take effect.
59
Chapter 4
Managing Farms
Type the name of the Citrix License Server in this textbox. Type the port number that the license server should use or accept the default, which is 27000. If using the license trade-up feature, which allows you to use Datacenter product licenses that you have available if no Desktop product licenses are currently available, check this checkbox.
Use Datacenter licenses for desktops if no Desktop licenses are available checkbox
Options Tab
Auto-Add Check this checkbox if using the Autoadd feature, then select the site that new target devices will be added to from the Add new devices to this site dropdown menu. If the No default site is chosen for the default site setting, then the site of that Provisioning Server that logs in the target device is used during auto-added. Use the No default site setting if your farm has site scoped PXE/TFTP servers. Important! This feature should only be enabled when expecting to add new target devices. Leaving this feature enabled could result in computers being added without the approval of a farm administrator. Auditing Enable or disable the auditing feature for this farm. Enable or disable the offline database support option. This option allows Provisioning Servers within this farm, to use a snapshot of the database in the event that the connection to the database is lost.
60
Administrator's Guide
Status Tab
Current status of the farm Provides database status information and information on group access rights being used.
Farm Tasks
The farm is initially configured when you run the Configuration Wizard. The wizard prompts you for the farms name, a store, and a device collection. When you first open the Console, those objects display in the tree. The wizard also prompts you for additional farm information such as the name of the license server, your user account information, and those servers that can serve the bootstrap file to target devices. You can always rerun the wizard to change settings. You can also choose to make farm configuration changes using the Farm Properties on page 58. A farm administrator can view and manage all objects in any farm to which they have privileges. Only farm administrators can perform all tasks at the farm level, including: w Farm Connections on page 61 w Farm Properties on page 58 w Creating Sites on page 62 w Site Properties on page 62 w Managing Stores on page 73 w Managing Views on page 175
Farm Connections
Connecting to a Farm
1. Right-click on Provisioning Services Console in the Console tree, then select Connect to farm... 2. Under Server Information, type the name or IP address of a Streaming Server on the farm and the port configured for server access. 3. Select to log in using one of the following methods: Use the Windows credentials that you are currently logged with, then optionally enable the Auto-login on application start or reconnect feature.
61
Chapter 4
Managing Farms Use different Windows credentials by entering the username, password, and domain associated with those credentials, then optionally enable the Save password and Auto-login on application start or reconnect feature. 4. Click Connect. The Farm icon appears in the Console tree.
Managing Connections
You can manage connections to farms from the Manage Connections dialog. To open the dialog, right-click on the Provisioning Services Console icon in the tree, then select the Manage Connections... menu option.
Creating Sites
To create a new site 1. Right-click on the sites folder in the farm where you want to add the new site. The Site Properties dialog appears. 2. On the General tab, type the name and a description for the site in the appropriate text boxes. 3. On the Security tab, click Add to add security groups that will have the site administrator rights in this site. The Add Security Group dialog appears. 4. Check the box next to each group, then click OK. Optionally, check the Domains/ group Name checkbox to select all groups in the list. 5. On the Options tab, if new target devices are to be added using the Auto-Add feature, select the collection where these target devices should reside (this feature must first be enabled in the farms properties). To modify an existing sites properties, right-click on the site in the Console, then select Properties. Make any necessary modifications in the Site Properties dialog.
Site Properties
A new site is added to a farm, or an existing site is modified, using the Site Properties dialog. The tabs in this dialog allow you to configure a site. Site administrators can also edit the properties of a site that they administer. The Site Properties dialog contains the following tabs: w General Tab on page 63 w Security Tab on page 63 w MAK Tab on page 63 w Options Tab on page 64
62
Administrator's Guide
General Tab
Field/Button Name Description Description Type the name of this site in the textbox. Optional. Type the description of this site in the textbox.
Security Tab
Field/Button Add button Description Click the Add button to open the Add Security Groups dialog. Check the box next to each group to which site administrator privileges should apply. To add all groups that are listed, check the Domain\Group Name checkbox. Remove button Click the Remove button select those groups to which site administrator privileges should be removed. To remove all groups that are listed, check the Domain\Group Name checkbox.
MAK Tab
Field/Button Enter the administrator credentials used for Multiple Activation Key enabled Devices Description MAK administrator credentials must be entered before target devices using MAK can be activated. The user must have administrator rights on all target devices that use MAK enabled vDisks and on all Provisioning Servers that will stream those target devices. After entering the following information, click OK: User Password
63
Chapter 4
Managing Farms
Field/Button
Description Note: If credentials have not been entered and an activation attempt is made from the Manage MAK Activations dialog, an error message displays and the MAK tab appears to allow credential information to be entered. After the credentials are entered, click OK and the Manage MAK Activations dialog re-appears.
Options Tab
Field/Button Auto-Add Description Select the collection that the new target device will be added to from the dropdown menu. (This feature must first be enabled in the farm properties.)
64
Chapter 5
Managing Sites
Topics:
Creating Sites Site Properties A site provides both a site administrator and farm administrator, with a method of representing and managing logical groupings of Provisioning Servers, Device Collections, and local shared storage. Note: If configuring for a high availability (HA), all Provisioning Servers selected as failover servers must reside within the same site. HA is not intended to cross between sites. A site administrator can perform any task that a device administrator or device operator within the same farm can perform. A site administrator can also perform the following tasks: Farm-level tasks w Site Properties on page 62 w Store Configuration and Management Tasks on page 77 Site-level tasks w Managing Printers on page 231 w Managing Site Administrators on page 71 w Managing Provisioning Servers on page 83 w Showing Provisioning Server Connections on page 96 w Managing User Assigned vDisks on page 169 w Creating Sites on page 62 w Balancing the Target Device Load on Provisioning Servers on page 97 w Managing Target Devices on page 131 w Accessing Auditing Information on page 245
65
Chapter 5
Managing Sites
Creating Sites
To create a new site 1. Right-click on the sites folder in the farm where you want to add the new site. The Site Properties dialog appears. 2. On the General tab, type the name and a description for the site in the appropriate text boxes. 3. On the Security tab, click Add to add security groups that will have the site administrator rights in this site. The Add Security Group dialog appears. 4. Check the box next to each group, then click OK. Optionally, check the Domains/ group Name checkbox to select all groups in the list. 5. On the Options tab, if new target devices are to be added using the Auto-Add feature, select the collection where these target devices should reside (this feature must first be enabled in the farms properties). To modify an existing sites properties, right-click on the site in the Console, then select Properties. Make any necessary modifications in the Site Properties dialog.
Site Properties
A new site is added to a farm, or an existing site is modified, using the Site Properties dialog. The tabs in this dialog allow you to configure a site. Site administrators can also edit the properties of a site that they administer. The Site Properties dialog contains the following tabs: w General Tab on page 63 w Security Tab on page 63 w MAK Tab on page 63 w Options Tab on page 64
General Tab
Field/Button Name Description Description Type the name of this site in the textbox. Optional. Type the description of this site in the textbox.
66
Administrator's Guide
Security Tab
Field/Button Add button Description Click the Add button to open the Add Security Groups dialog. Check the box next to each group to which site administrator privileges should apply. To add all groups that are listed, check the Domain\Group Name checkbox. Remove button Click the Remove button select those groups to which site administrator privileges should be removed. To remove all groups that are listed, check the Domain\Group Name checkbox.
MAK Tab
Field/Button Enter the administrator credentials used for Multiple Activation Key enabled Devices Description MAK administrator credentials must be entered before target devices using MAK can be activated. The user must have administrator rights on all target devices that use MAK enabled vDisks and on all Provisioning Servers that will stream those target devices. After entering the following information, click OK: User Password Note: If credentials have not been entered and an activation attempt is made from the Manage MAK Activations dialog, an error message displays and the MAK tab appears to allow credential information to be entered. After the credentials are
67
Chapter 5
Managing Sites
Field/Button
Description entered, click OK and the Manage MAK Activations dialog re-appears.
Options Tab
Field/Button Auto-Add Description Select the collection that the new target device will be added to from the dropdown menu. (This feature must first be enabled in the farm properties.)
68
Chapter 6
69
Chapter 6
When the farm is first configured using the Configuration Wizard, the administrator that creates the farm is automatically assigned the Farm Administrator role. While configuring the farm, that administrator selects the option to use either Windows or Active Directory credentials for user authorization within the farm. After the Configuration Wizard is run, additional groups can be assigned the Farm Administrator role in the Console. To assign additional Farm Administrators Note: The authorization method displays to indicate if Windows or Active Directory credentials are used for user authorization in this farm. 1. In the Console, right-click on the farm to which the administrator role will be assigned, then select Properties.The Farm Properties dialog appears. 2. On the Groups tab, highlight all the groups that will be assigned administrative roles in this farm, then click Add. 3. On the Security tab, highlight all groups to which the Farm Administrator role will be assigned, the click Add. 4. Click OK to close the dialog box.
70
Administrator's Guide
If a farm administrator assigns a site as the owner of a particular store, the site administrator can also manage that store. Managing a store can include tasks such as adding and removing vDisks from shared storage or assigning Provisioning Servers to the store. The site administrator can also manage device administrator and device operator memberships To assign the Site Administrator role to one or more groups and its members: 1. In the Console, right-click on the site for which the administrator role will be assigned, then select Properties. The Site Properties dialog appears. 2. Click the Security tab, then click the Add button. The Add Security Group dialog appears. 3. From the drop-down menu, select each group to associate with the site administrator role, then click OK. 4. Optionally, repeat steps 2 and 3 to continue assigning additional site administrators. 5. Click OK to close the dialog.
71
Chapter 6
Managing Administrative Roles 1. In the Console tree, expand the site where the device collection exists, then expand the Device Collections folder. 2. Right-click on the device collection that you want to add device administrators to, then select Properties. The Device Collection Properties dialog appears. 3. On the Security tab, under the Groups with Device Administrator access list, click Add. The Add Security Group dialog appears. 4. To assign a group with the device administrator role, select each system group that should have device administrator privileges, then click OK. 5. Click OK to close the dialog box.
72
Chapter 7
Managing Stores
Topics:
Store Administrative Privileges Store Properties Store Configuration and Management Tasks A store is the logical name for the physical location of the vDisk folder. This folder can exist on a local server or on shared storage. When vDisks files are created in the Console, they are assigned to a store. Within a site, one or more Provisioning Servers are given permission to access that store in order to serve vDisks to target devices.
A Provisioning Server checks the database for the Store name and the physical location where the vDisk resides, in order to provide it to the target device Separating the physical paths to a vDisks storage locations allows for greater flexibility within a farm configuration, particularly when using High Availability (HA). When HA is implemented, if the active Provisioning Server in a site fails, the target device can get its vDisk from another Provisioning 73
Chapter 7
Managing Stores Server that has access to the store and permissions to serve the vDisk. If necessary, copies of vDisks can be maintained on a secondary shared-storage location in the event that connection to the primary shared-storage location is lost. In this case, the default path can be set in the store properties if all Provisioning Servers can use the same path to access the store. If a particular server cannot use the path (the default path is not valid for that server, not because of a connection loss, but because it is simply not valid) then an override path can be set in the store properties for that particular server. Provisioning Servers will always use either the default path (if the override path does not exist in the database) or the override path if it does exists in the database. For more information on stores, refer to any of the following topics: w Store Administrative Privileges on page 75 w Store Properties on page 75 w Store Configuration and Management Tasks on page 77 w Working with Managed Stores on page 78
74
Administrator's Guide
Store Properties
A store can be created when the Configuration Wizard is run or in the Store Properties dialog. The store properties dialogs allows you to: w Name and provide a description of the store w Select the owner of the store (the site which will manage the store) w Provide a default path to the store (physical path to the vDisk) w Define default write cache paths for this store w Select the servers that can provide this store After a store is created, Store information is saved in the Provisioning Services database. Each site has one vDisk Pool, which is a collection of vDisk information required by Provisioning Servers that provide vDisks in that site. The vDisk information can be added to the vDisk pool using the vDisk Properties dialog or by scanning a store for new vDisks that have not yet been added to the database. The Store Properties dialog includes the following tabs: w General Tab on page 75 w Paths Tab on page 76 w Servers Tab on page 77
General Tab
Name View, type the logical name for this store. For example, PVS-1 View or type a description of this store.
75
Chapter 7
Managing Stores
View or type a description of this store. Optional. View or scroll to select the site that will act as owner of this store. This feature allows a farm administrator to give one sites administrators, special permission to manage the store. These rights are normally reserved for farm administrators. Enable this option to set this store to be a Managed Store on a SAN. Refer to Working with Managed Stores for more details.
Paths Tab
Default store path View, type, or browse for the physical path to the vDisk folder that this store represents. The default path is used by all Provisioning Servers that do not have an override store path set. View, add, edit, remove, or move the default write cache paths for this store. Entering more than one write cache path allows for vDisk load to be distributed to physically different drives. When a target device first connects, the Stream Service picks from the list. If using HA, the order of the write cache paths, for any override paths in the server store properties, must match the order of the write cache paths specified here. Click to validate store path selections from the Validate Store Paths dialog. The validation results display under the Status column.
Validate
76
Administrator's Guide
Servers Tab
Site View or scroll to select the site where Provisioning Servers that can access this store exist (multiple sites can access the same store). All Provisioning Servers within the selected site display in this list. Check the box next to all servers that are permitted to access this store. If the store is only for a specific site, only those servers within that site are valid selections. If the default path is not valid for a selected Provisioning Server, you must define an override path in that servers properties dialog, on the Store tab. Validate Click to validate store path selections from the Validate Store Paths dialog. The validation results display under the Status column.
77
Chapter 7
Managing Stores 4. Optional. Set this store to be read-only by enabling the This store is a Managed Read-Only store checkbox. 5. On the Servers tab, select a site from the list. All Provisioning Servers in that site appear. 6. Check the box each to each server that is permitted to access this store. If the store is only for a specific site, only those servers within that site are valid selections. Also, if the default path is not valid for a selected server, an override path must be defined in for that server on the Server Properties dialogs Store tab. Repeat this step for each site if necessary. (If this procedure is performed by a site administrator, only those sites that they administer appear.) 7. On the Paths dialog, type or browse for the default path for this store (physical location of the vDisk folder). Optionally, a new folder can be created by clicking on the browse button, and then cIicking on Create New Folder. If the user is a site administrator, only those sites that they administer will be available in the list. 8. The write cache path(s) for the selected store display under the paths list. Optionally, a new store cache folder can be created by clicking on the browse button, and then cIicking on Create New Folder. Additional write cache paths can be added for use by the store by clicking Add. Entering more than one write cache paths allows for vDisk load to be distributed to physically different drives. When a target device first connects, the Stream Service picks from the list. If using HA, the order of the write-cache paths for any override paths in store properties for that server, must match the order of the write-cache paths specified here If a write cache path is not selected and the OK button is clicked, the user is prompted to create the default write cache path. Click OK on this message to create the default write cache path (C:\pvsstore\WriteCache). 9. After configuring the store and paths this store will use, click Validate to open the Validate Store Paths dialog and validate the path settings. 10. Under the Status column, view the path validation results. Click Close to close this dialog and return to the Store Properties dialog to make any necessary changes or to continue. 11. Click OK to save Property settings.
Yes
79
Chapter 7
Managing Stores
Supported Yes
Restrictions vDisk properties cannot be modified while a LUN is read-only; vDisk cannot be mapped on the server. Fallback to Cache on Server disk is that is will not function if the device hard disk is not found or fails. vDisk properties cannot be modified while LUN is read-only. vDisk cannot be mapped on the server.
Yes
The following diagram illustrates a typical deployment architecture that follows Managed Store requirements and supported deployment scenarios.
It is recommended, though not required, that separate read-only LUNs be created for each shared VHD file. This allows VHD files to be updated and taken on and off line independently of each other. 80
Administrator's Guide
Chapter 7
Managing Stores 7. Click Next. The Initiate New Mode page appears. 8. Click Execute to begin transitioning to the selected mode. The table displays the status of the transition for each server and the if the transition was successful. Note: If any server fails to transition successfully, the mode will not be changed. If an error or discrepancy causes the system to be in an intermediate state, the wizard can be run again to attempt to gain a previous state.
82
Chapter 8
83
Chapter 8
84
Administrator's Guide w Highlight a Provisioning Server, then select Properties from the Action menu. w Right-click a Provisioning Server, then select Properties w If the details pane is open, highlight a Provisioning Server, then select the Properties menu item from the list of actions. The Server Properties dialog includes the following tabs: w General on page 85 w Network on page 89 w Stores on page 90 w Options on page 90 w Logging on page 92 Note: Provisioning Services displays a message if a change made on a Provisioning Server Properties dialog requires that the server be rebooted.
General
Field/Button Name and Description Description Displays the name of the Provisioning Server and a brief description. The maximum length for the server name is 15 characters. Do not enter FQDN for the server name. Select this option if you want this Provisioning Server's events to be logged in the Windows Event log. A power rating is assigned to each server, which is then used when determining which server is least busy. The scale to use is defined by the administrator. For example, an administrator may decide to rate all servers on a scale of 1 to 10, or on a scale of 100 to 1000. Using the scale of 1 to 10, a server with a rating of 2 is considered twice as powerful as a server with a rating of 1; therefore it would be assigned twice as many target devices. Likewise, when using a scale of 100 to 1000, a server with a power rating of 200 is considered twice as powerful as a server with the rating of 100; therefore it would also be assigned twice as many target devices. Using the default setting of 1.0 for all servers results in even device loading across servers. In this case, the
85
Chapter 8
Field/Button
Description load balancing algorithm does not account for individual server power. Ratings can range between 0.1-1000.0; 1.0 is the default. Note: The load balancing method is defined in vDisk Properties on page 103.
Server tab Threads per port Number of threads in the thread pool that service UDP packets received on a given UDP port. Between four and eight are reasonable settings. Larger numbers of threads allow more target device requests to be processed simultaneously, but is consumes more system resources. Buffers per thread Number of packet buffers allocated for every thread in a thread pool. The number of buffers per thread should be large enough to enable a single thread to read one IO transaction from a target device. So buffers per threads should ideally be set to (IOBurstSize / MaximumTransmissionUnit) + 1). Setting the value too large consumes extra memory, but does not hurt efficiency. Setting the value too small consumes less RAM, but detrimentally affects efficiency. Server cache timeout Every server writes status information periodically to the Provisioning Services database. This status information is time-stamped on every write. A server is considered Up by other servers in the farm, if the status information in the database is newer than the Server cache timeout seconds. Every server in the farm will attempt to write its status information every (Server cache timeout/2) seconds, i.e. at twice the timeout rate. A shorter server cache timeout value allows servers to detect offline servers more quickly, at the cost of extra database processing. A longer Server cache timeout period reduces database load at the cost of a longer period to detect lost servers. Local and Remote Concurrent I/O limits Controls the number of concurrent outstanding I/O transactions that can be sent to a given storage device. A storage device is defined as either a local drive letter (C: or D: for example) or as the base of a UNC path, for example \ \ServerName.
86
Administrator's Guide
Field/Button
Description Since the PVS service is a highly multi-threaded service, it is possible for it to send hundreds of simultaneous I/O requests to a given storage device. These are usually queued up by the device and processed when time permits. Some storage devices, Windows Network Shares most notably, do not deal with this large number of concurrent requests well. They can drop connections, or take unrealistically long to process transactions in certain circumstances. By throttling the concurrent I/O transactions in the PVS Service, better performance can be achieved with these types of devices. Local device is defined as any device starting with a drive letter. Remote is defined as any device starting with a UNC server name. This a simple way to achieve separate limits for network shares and for local drives. If you have a slow machine providing a network share, or slow drives on the machine, then a count of 1 to 3 for the remote limit may be necessary to achieve the best performance with the share. If you are going to fast local drives, you might be able to set the local count fairly high. Only empirical testing would provide you with the optimum setting for a given hardware environment. Setting either count to 0 disables the feature and allows the PVS Service to run without limits. This might be desirable on very fast local drives. If a network share is overloaded, youll see a lot more device retries and reconnections during boot storms. This is caused by read/write and open file times > 60 seconds. Throttling the concurrent I/O transactions on the share reduces these types of problems considerably. Network tab Maximum transmission unit Number of bytes that fit in a single UDP packet. For standard Ethernet, the default value is correct. If you are attempting to operate over a WAN, then a smaller value may be needed to prevent IP fragmentation. Provisioning Services currently does not support IP fragmentation and reassembly. Also, if you are using a device or software layer that adds bytes to every packet (for security reasons for example), a smaller value may be needed. If your entire infrastructure supports jumbo packets (Provisioning Services NIC, target device NIC and any intervening switches and/or routers) then you
87
Chapter 8
Field/Button
Description can set the MTU to 50 bytes less than your jumbo packet max size to achieve much higher network throughput. I/O burst size The number of bytes that will be transmitted in a single read/write transaction before an ACK is sent from the server or device. The larger the IO burst, the faster the throughput to an individual device, but the more stress placed on the server and network infrastructure. Also, larger IO Bursts increase the likelihood of lost packets and costly retries. Smaller IO bursts reduce single client network throughput, but also reduce server load. Smaller IO bursts also reduce the likelihood of retries. IO Burst Size / MTU size must be <= 32, i.e. only 32 packets can be in a single IO burst before a ACK is needed. Socket communications Enable non-blocking I/O for network communications. Pacing tab Boot pause seconds The amount of time that the device will be told to pause if the Maximum devices booting limit has been reached. The device will display a message to the user and then wait Boot pause seconds before attempting to continue to boot. The device will continue to check with the server every Boot pause seconds until the server allows the device to boot. Maximum boot time The amount of time a device will be considered in the booting state. Once a device starts to boot, the device will be considered booting until the Maximum boot time has elapsed for that device. After this period, it will no longer be considered booting (as far as boot pacing is concerned) even if the device has not actually finished booting. Maximum boot time can be thought of as a time limit per device for the booting state for boot pacing. Maximum devices booting The maximum number of devices a server allows to boot at one time before pausing new booting devices. The number of booting devices must drop below this limit before the server will allow more devices to boot. vDisk creation pacing Amount of pacing delay to introduce when creating a vDisk on this Provisioning Server. Larger values increase the vDisk creation time,
88
Administrator's Guide
Field/Button
Description but reduce Provisioning Server overhead to allow target devices that are running, to continue to run efficiently. Device tab License timeout Amount of time since last hearing from a target device to hold a license before releasing it for use by another target device. If a target device shuts down abnormally (loses power for example) its license is held for this long.
Network
Field/Button IP Address Description The IP addresses that the Stream Service should use for an target device to communicate with this Provisioning Server. When adding a new Provisioning Server, enter the valid IP address for the new server. Add Add an IP address for the selected Provisioning Server. Edit Opens the IP address dialog so that IP address for the selected Provisioning Server can be changed. Remove Removes the selected IP address from the list of available IP addresses for the selected Provisioning Server. Ports Enter the First and Last UDP port numbers to indicate a range of ports to be used by the Stream Service for target device communications. Note: The minimum is five ports in a range. The default first port number is 6910 and the last port number is 6930 .
89
Chapter 8
Stores
Field/Button Stores Description Lists all stores (logical names representing physical paths to vDisks that are available to this Provisioning Server. Add Opens the Store Properties dialog so that a new store and that stores properties can be included in the list of stores, which overrides the default path. Edit Opens the Store Properties dialog so that the stores properties can be changed. Select an existing store, then click Edit to change that stores properties. Remove Removes the selected store from the list of available stores for this Provisioning Server. Store Properties (opens when Add or Edit is selected under Stores). Store The name of the store. This displays populated when editing an existing store. If this is a new store, select the store from the drop-down list. Path used to access the store The store path is only required if you need to override the default path configured in the store properties. If the default path in the store properties is valid for this server, leave the path for the store blank in the server store properties. Write Cache Path Click the Add or Edit buttons to open the Write cache path dialog, then enter the appropriate write cache path for this store. Select an existing path from the list, then click Remove to remove the paths association with the store. Use the Move Up and Move Down buttons to change the order of cache path priority. If using HA, the order that the cache paths are listed must be the same order for each HA server.
Options
Field/Button Enable automatic vDisk updates Description Check for new versions of a vDisk Check this box to allow groups of target devices to be automatically updated to use one or more new vDisks, on a scheduled
90
Administrator's Guide
Field/Button
Description basis. The new vDisks are usually newer versions of disk images for one or more sites. Note: For the new vDisk to replace the old vDisk: The Enable automatic updates for this disk field in the Disk Properties Disk Mode tab must be selected. w The Class and Type fields must be the same as the disk to be updated w The version numbers of the new vDisk must be greater than the version numbers in the old vDisk. The update process uses the Class, Type and Provisioning Server to identify the vDisk to be replaced by a new vDisk image Check for incremental updates to a vDisk Check this box to allow a delta file to apply changes to an existing vDisk file in order to add or remove software components without having to distribute an entire new version of the vDisk file. Note: Incremental disk updates are faster to distribute and are for use with images in shared image mode. To enable automatic incremental disk updates, consider the following: w The Class, Type and Version Numbers recorded in the delta file must match those in the vDisk file. w The serial number recorded in the delta file must match that contained in the vDisk file. w If the activation date was set on the delta file, the current system date must be greater than or equal to the activation date. w No target device is currently booted from the vDisk. Check for updates daily at The time of day that the automated disk update process should run. This is usually the time of day when all target device systems are shut down.
Active Directory
Enable automatic password support If your target devices are domain members, and you want to renegotiate machine passwords between Windows
91
Chapter 8
Field/Button
Description Active Directory and the target devices, select the Enable automatic password support, and use the slider to set the number of days between renegotiation. Change computer account password every Select the number of days that should pass before the password should be changed.
Logging
Field/Button Logging Level Description Select from the following logging level options: TRACE TRACE logs all valid operations. DEBUG The DEBUG level logs details related to a specific operation and is the highest level of logging. If logging is set to DEBUG, all other levels of logging information are displayed in the log file. INFO Default logging level. The INFO level logs information about workflow, which generally explains how operations occur. WARN The WARNING level logs information about an operation that completes successfully, but there are issues with the operation. ERROR The ERROR level logs information about an operation that produces an error condition. FATAL
92
Administrator's Guide
Field/Button
Description The FATAL level logs information about an operation that the system could not recover from.
Enter the maximum size that a log file can reach before a new file is created. Enter the maximum number of backup log files to retain. When this number is reached, the oldest log file is automatically deleted.
Chapter 8
Note: The maximum length for the server name is 15 characters. Do not enter FQDN for the server name When the Configuration Wizard prompts for the site to add the server to, choose an existing site or create a new site. After adding Provisioning Servers to the site, start the Console and connect to the farm. Verify that all sites and servers display appropriately in the Console window.
Administrator's Guide
Note: Before you can delete a Provisioning Server, you must first mark the server as down or take the server off line, otherwise the Delete menu option will not appear. The Stream Service can not be deleted. When you delete a Provisioning Server, you do not affect vDisk image files or the contents of the server drives. However, you do lose all paths to the vDisk image files on that server. After deleting a Provisioning Server, target devices are no longer assigned to any vDisk image files on that server. The target device records remain stored in the Virtual LAN Drive database, but the device cannot access any vDisk that was associated with the deleted Provisioning Server. Note: If there are vDisks associated with the Provisioning Server being deleted, it is recommended that backup copies are created and stored in the vDisk directory prior to deleting. To delete a Provisioning Server: 1. In the Console, highlight the Provisioning Server that you want to delete, then select Show connected devices from the Action menu, right-click menu, or Action pane. The Connected Target Devices dialog appears. 2. In the Target Device table, highlight all devices in the list, then click Shutdown. The Target Device Control dialog appears. 3. Type a message to notify target devices that the Provisioning Server is being shut down. 4. Scroll to select the number of seconds to delay after the message is received. 5. If the Stream Service is running on the Provisioning Server, stop the Stream Service (Starting, Stopping, or Restarting Provisioning Services on page 95). 6. Unassign all target devices from the Provisioning Server. 7. Highlight the Provisioning Server you want to delete, then choose Delete from the Action menu, right-click menu, or Action pane. A delete confirmation message appears. 8. Click Yes to confirm the deletion. The Provisioning Server is deleted and no longer displays in the Console.
95
Chapter 8
Managing Provisioning Servers To start, stop, or restart Provisioning Services on a Provisioning Server: 1. Highlight the Provisioning Server in the Console, than select the Stream Services menu option from the Actions menu, right-click menu, or Actions pane. The Provisioning Server Control dialog appears. 2. Select from the following menu options: Option Description Start Stop Starts the Stream Service Places the Provisioning Server in off-line mode
Restart After modifying Provisioning Server settings, such as adding or removing IPs, restart the Stream Service 3. Highlight the Provisioning Servers that you want to take action on, then click that action's button. 4. Click Close to exit the dialog.
Shutdown Shuts down target devices that are highlighted in the dialog. Reboot Message Reboots target devices that are highlighted in the dialog. Opens the Edit Message dialog to allow you to type, and then send a message to target device(s) highlighted in the dialog.
When selecting Shutdown or Reboot, a dialog opens providing the option to type a message that displays on the effected devices. The Shutdown or Reboot options can be delayed by entering a delay time setting. If a message appears confirming that the target device was successfully shut down or rebooted, but the icon in the Console window does not change accordingly, select the Refresh button.
96
Administrator's Guide
Chapter 8
Managing Provisioning Servers provide the vDisk. Whenever additional qualified servers are brought online, rebalancing will occur automatically. To implement load balancing in a HA network configuration w Assign a power rating to each Provisioning Server on the Provisioning Server Properties on page 84. w For each vDisk, select the load balancing method and define any additional load balancing algorithm settings on the vDisk Properties on page 103. Note: Target devices that are not using a vDisk that is in HA mode will not be diverted to a different server. If a vDisk is misconfigured to have HA enabled, but they are not using a valid HA configuration (Provisioning Servers and Store , target devices that use that vDisk can lock up. To rebalance Provisioning Server connections manually 1. In the Console, highlight the Provisioning Servers to rebalance, right-click then select the Rebalance devices menu option. The Rebalance Devices dialog appears. 2. Click Rebalance. A rebalance results message displays under the Status column. 3. Click Close to exit the dialog.
Administrator's Guide address for any reason, simply re-run the Configuration Wizard and choose the new IP address when prompted to do so. Completing the Configuration Wizard resets the appropriate IP addresses in the configuration and restarts the Stream Service.
99
Chapter 8
100
Chapter 9
Managing vDisk
Topics:
vDisk Properties Managing vDisks A vDisk is an image file stored on a Provisioning Server or remote storage location, which acts as a hard disk for a target device. When creating a vDisk image file, keep the following facts in mind: w For organizational purposes, it is best to store vDisk image files in one directory. For large implementations with many target devices, spreading the I/O across multiple disks can increase efficiency. w You can create as many vDisk image files as you want, as long as you have enough space available on the Provisioning Server, or on the storage device containing the vDisk image files. w vDisk files use FAT or NTFS file systems. EXT2 and EXT3 can be used for Linux. w Depending upon the file system used to store the vDisk, the maximum size of a vDisk is 2 terabytes (NTFS) or 4096MB (FAT). w A vDisk may be shared (Standard Image) by one or more target devices, or it can exist for only one target device to access (Private Image). w vDisks can be booted directly from a Windows Virtual Server or Hyper-V without having to stream. w The vDisk image is created using the Imaging Wizard utility and vDisk file is created and configured using the Console.
Chapter 9
Managing vDisk site as the owner of a store, the site administrator can not perform store management tasks. To view the properties of a vDisk, right-click on the vDisk, then select Properties. To view the tasks that can be performed on a vDIsk, refer to Managing vDisks on page 108 to view properties for that vDisk.
102
Administrator's Guide
vDisk Properties
In the Console, the vDisk Properties dialogs allows you to modify vDisk configuration settings. To view an existing vDisks properties, choose one of the following methods: w Highlight a vDisk, then select Properties from the Action menu to display general vDisk properties, or select File Properties for file details and setttings. w Right-click on the vDisk, then select Properties. w Double-click on the vDisk in the details pane. The following vDisk Properties exist: w Properties General Tab on page 103 w vDisk file Properties General Tab for vDisk file on page 105 Mode Tab for vDisk file on page 105 Identification Tab for vDisk file on page 106 Microsoft Volume Licensing Tab for vDisk file on page 107 Options Tab for vDisk file on page 108
General Tab
Field/Button Store Site Filename Description BIOS menu text (optional) Description The name of the store where the vDisk resides. This property can not be modified in this dialog. The name of the site where this vDisk is a member of its vDisk Pool. This property can not be modified in this dialog. The filename that was given to this vDisk when it was created. This property can not be modified in this dialog. A brief description that identifies this vDisk. This field is optional and allows you to enter a menu text that will display on the target device when that device starts. The user can then select which vDisk to boot from. Note: Important. If vDisks with the same name from different Stores are assigned to the same User Group or
103
Chapter 9
Managing vDisk
Field/Button
Description target device, they display as duplicate names in the menu unless different menu text or descriptions are provided.
Load Balancing
Provides the option to use (or not use) a load balancing algorithm to select the server that is least busy to provide this vDisk to target devices. If using HA, a load balancing method must be selected. To assign a specific server to provide this vDisk, enable the Use this server to provide the vDisk radio button. To use a load balancing algorithm to determine which server should provide this vDisk, enable the Use the load balancing algorithm radio button, then select from the following load balancing options: Subnet Affinity. When assigning the server and NIC combination to use to provide this vDisk to target devices, select from the following subnet settings: w None ignore subnets; uses least busy server. w Best Effort use the least busy server/NIC combination from within the same subnet. If no server/NIC combination is available within the subnet, select the least busy server from outside the subnet. If more than one server is available within the selected subnet, perform load balancing between those servers. Best Effort is the default setting. w Fixed use the least busy server/NIC combination from within the same subnet. Perform load balancing between servers within that subnet. If no server/NIC combination exists in the same subnet, do not boot target devices assigned to this vDisk. Rebalance Enabled. Enable to rebalance the number of target devices on each server in the event that the trigger percent is exceeded. When enabled, Provisioning Services checks the trigger percent on each server every ten minutes. Enabled by default. Note: Rebalancing will not occur if there are less than five target devices on each server, or if more than 20% of the target devices are currently booting. A target device that is currently booting will not be moved to a different server. Trigger Percent The percent of overload that is required to trigger the rebalancing of target devices. For example: If the trigger percent is equal to 25%, rebalancing occurs if
104
Administrator's Guide
Field/Button
Description this server has 25% more load in comparison to other servers that can provide this vDisk. Values between 5 - 5000; default is 25. The server power rating that is assigned to each server is also factored in when determining load distribution. Refer to Provisioning Server Properties on page 84 for details. For more details about load balancing, refer to Balancing the Target Device Load on Provisioning Servers on page 97.
If this checkbox is checked, the vDisk becomes locked and can not be used by any target device within the farm. This option is helpful when performing vDisk maintenance. To modify the file properties associated with this vDisk, click the Edit file properties button. vDisk file properties tabs are defined in the tables that follow.
Type
Chapter 9
Managing vDisk
Field/Button
Description Standard Image for use with multiple target devices, which have write-cache enabled. Difference Disk Image for use with multiple target devices, which have read and write access to a difference disk. For Standard Image only, select the write cache type w Cache on server disk w Cache on encrypted on server disk w Cache in device RAM w Cache on devices hard-drive w Cache encrypted on device hard-drive Cache Size (MBs) If you select Standard Image and Cache in target device RAM, select the cache size in megabytes. The max size of the RAM write cache is determined by the registry setting WcMaxRamCacheMB in the BNIStack Parameters. This is a DWORD parameter. If the registry entry does not exist, then the default value used is 3584 MB.
Enables the Automatic Disk Update process on this vDisk file. Select either of the following update processes: Apply vDisk updates as soon as they are detected by the server; select to apply updates as they are detected. Schedule the next vDisk update to occur on; select to schedule the disk update, then select the date to run the update process. The update process attempts to find a match for the selected vDisk file on already existing target devices and user groups, and then tests for an automatic update.
106
Administrator's Guide
Field/Button
Description Precedence is: Major, then Minor, then Build. With the Incremental Disk Update feature, the delta file version must match the version number of the vDisk or the delta file is not applied.
Serial
Initially set to a random Globally Unique Identifier (GUID). The user can set the serial number as needed. The serial number is used in the Incremental Disk Update feature to ensure that a delta file is applied to the correct vDisk image file. For users informational use only. Initially set to a string representing the creation date of the image file. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation.
Date Author Title Company Internal Name Original File Hardware Target
Chapter 9
Managing vDisk
Field/Button
Description Note: In order for MAK licensing to work, the Volume Activation Management Tool (VAMT) must be installed on all login servers within the farm. This tool is available from http://www.microsoft.com/downloads/en/ details.aspx?FamilyID=ec7156d2-2864-49eebfcb-777b898ad582&displaylang=en.
Printer management
Managing vDisks
To manage vDisks, choose from the tasks that follow. vDisk Files w Creating and Formatting a New vDisk File on page 110 w Assigning vDisks to Target Devices on page 145 vDisk Images w Using the Imaging Wizard on page 109 w Building a Common Image on page 115 vDisk Maintenance 108
Administrator's Guide w Configuring vDisk Modes on page 118 w Adding Existing vDisks to a vDisk Pool or Store on page 119 w Assigning vDisks to Target Devices on page 145 w Assigning a vDisk to a User Group on page 173 w Viewing vDisk Usage on page 120 w Releasing vDisk Locks on page 120 w Deleting a vDisk on page 121 w Deleting Cache on a Difference Disk on page 122 w Copying vDisks to Different Locations on page 122 w Copying and Pasting vDisk Properties on page 123 w Backing Up a vDisk on page 123 w Updating vDisks on page 123 w Using Maintenance Utilities with a vDisk on page 130 w Working with Physical Disks and vDisks on page 130 w Accessing Auditing Information on page 245 w Configuring a vDisk for Microsoft Volume Licensing on page 130
Chapter 9
Managing vDisk 3. Enter the name or IP address of a Provisioning Server within the farm to connect to and the port to use to make that connection. 4. Use the Windows credentials (default), or enter different credentials, then click Next. If using Active Directory, enter the appropriate password information. 5. On the Microsoft Volume Licensing page, select the volume license option to use for target devices or select None if volume licensing is not being used: None Key Management Service (KMS) Note: Additional steps are required to implement KMS licensing after the vDisk image is created. Refer to Managing Microsoft KMS Volume Licensing in the Administrator's Guide for details. Multiple Activation Key (MAK) Note: For information on managing MAK Licensing refer to Activating Microsoft MAK Volume Licensing in the Administrator's Guide. 6. Select to create a new vDisk (default), or use an existing vDisk by entering that vDisks name, then click Next. The Add Target Device page appears. 7. Enter the target device name, MAC, and which collection to add this device to, then click Next. If the target device is already a member of the farm, the Existing Target Devices page appears. 8. Click Next. The Summary of Farm Changes appears. 9. Verify all changes, then click Next. A confirmation message displays. 10. Click Yes on the confirmation message to start the imaging process.
110
Administrator's Guide
To format a vDisk
In order for a target device to access the new vDisk, after you have created and allocated space for the vDisk file on the Provisioning Server, you must format the vDisk. Note: vDisks for use by Linux target devices are formatted automatically using the Linux image.sh. Select from one of the following vDisk formatting methods: w To format a mounted vDisk from the Console on page 111 w To format a mounted vDisk from the target device on page 112
Chapter 9
Managing vDisk
software is installed on the server, this drive is created. The drive letter will be the next available drive letter on your system. (For example, if your Provisioning Server has an A: drive, C: drive and D:). When mounting a vDisk in Windows 2003 Enterprise or Windows 2008 Enterprise, the vDisk is not assigned a drive letter. This is due to enhanced security in Windows, which does not acknowledge the new plugged-in disk until the user manually brings it online once 1. Open a Windows Explorer window (click My Computer on the Desktop or on the Start Menu). 2. Right-click on the vDisk, then select Format. Note: Formatting erases all data stored on the vDisk. You should only format new vDisks that have not yet been imaged from the target device hard disk. 3. Create a descriptive name for the volume label for the vDisk. 4. Click Start, then click OK on the warning message that appears. 5. After formatting, close Windows Explorer. Continue on to Unmounting a vDisk.
112
Administrator's Guide 9. Type a Volume Label if desired, such as vDisk1. 10. Select the desired file system, such as NTFS. Leave the Allocation unit size to the default setting. 11. Select Perform a quick format. Leave the box labeled Enable file and folder compression unchecked, then click OK. 12. Once the format is complete the disk should have a status of Healthy on the right window pane. The disk is now formatted and ready to be imaged from the Master Target Device.
To unmount a vDisk
Mounted vDisks cannot be used by target devices. To unmount a vDisk and make it available to target devices, in the Console, right-click on the vDisk, then select the Unmount vDisk vDisk name option.
113
Chapter 9
Managing vDisk
Administrator's Guide 5. At the Console prompt, issue the following command: #sh image.sh 6. After the Linux Imager application starts, click Image. 7. Click Begin to begin the imaging process. Allow the imaging process to complete. 8. Click Done to close the Linux Imager application. 9. Shut down the target device. The target device can now be set to boot from the vDisk. Use the General tab on the Consoles Target Device Properties dialog to set the target device to boot from the vDisk. Optionally, disconnect the hard disk on the target device.
Prerequisites
w Make sure all target devices that will use the common image have the a consistent HAL -- that is, they must have the same number of logical processors. Note: A single processor hyper-threading capable system is considered to have two logical processors when the hyper-threading is enabled in the BIOS. w The BIOS structure, which is presented to the OS during the boot process, must be of the same format for all target devices that share a Standard Image. The BIOS Structure contains a list of all the components connected to the motherboard so that the appropriate drivers are loaded to allow the components to function properly. w Have either a 3Com Managed PC Boot Agent (MBA) or a PXE-compliant NIC available. This card is the common NIC that is inserted into each target device during the Common Image build process. w Install all the latest device drivers on each target device. w Device drivers are missing if devices do not respond after you configure the common image. For example, if a target devices USB mouse and keyboard do not respond after you assign the common image to the target device, it is likely that you have not installed drivers for that target devices chipset. Go to device manager and check to insure no yellow exclamation mark display on any devices, especially USB Root HUBs and controllers. w Determine which target device contains the latest motherboard chipset. This target device is used as the first target device in the common image build process. The latest Intel chipset driver always contains all the drivers for the previous chipset, therefore it is not necessary to install as many drivers when you build the common image.
115
Chapter 9
Managing vDisk w Except on the first target device, disable built-in NICs on all target devices that will use the common image (leave the built-in NIC on the first target device enabled). This prevents confusion about which NIC to use during the common image building process w Install Provisioning Services components
116
Administrator's Guide 3. At a command prompt, navigate to the directory in where CIM.exe is located, then run the following command to extract the information form the target device into the .dat file: CIM.exe e targetdeviceName.dat where targetdeviceName identifies the first target device that will use the common image. For example, TargetDevice1.dat. Copy the .dat file created in Step 3 to the removable storage device. 4. Shut down the target device and remove the common NIC. To include additional target devices with disparate hardware in the common image, repeat Step1 through Step 6 for each device, giving each .dat file a unique name.
Chapter 9
Managing vDisk click Update Driver to start the Hardware Update Wizard. Choose Install from a list or specific location and specify the location of the NIC's driver files. 4. Open Network Connections, right-click the connection for the built-in NIC and click Properties in the menu that appears. (The icon for the built-in NIC is marked with a red X.) 5. Under This connection uses the following items, select Network Stack and click OK. 6. From a command prompt, run the following command: C:\Program Files\Citrix\Provisioning Server\regmodify.exe Note: After completing Steps 4-6, reboot the target device and allow Windows to discover and configure any remaining devices. If prompted by the Found New Hardware Wizard to install new hardware, proceed through the Wizard to complete the hardware installation. 7. Using the original vDisk, repeat Step1 through Step 6 for each of the additional target devices to be included in the Common Image. 8. Once target devices have been included in the Common Image, on the Console, set the disk access mode for the Common Image vDisk to Standard Image mode, then boot the devices.
118
Administrator's Guide 3. From the Cache-Type drop-down list, select from the following write cache methods: Cache on server disk Cache encrypted on server disk Cache in device RAM Cache on devices HD Cache encrypted on devices HD Note: Refer to the Product and Technology chapter detailed cache option information and considerations. If the cache on local hard-drive type is selected, ensure that the hard-disk drive is formatted with either EXT2 or EXT3 file system type for Linux devices, or NTFS for Windows devices with a minimum of 500 MB. If the cache on the target device RAM and Standard Image mode are selected, the max size of the RAM write cache is determined by the registry setting WcMaxRamCacheMB in the BNIStack Parameters. This is a DWORD parameter. If the registry entry does not exist, then the default value used is 3584 MB. 4. Click OK to exit the Disk Properties dialog.
Chapter 9
Managing vDisk 5. Check the box next to each vDisk that you want to add, or click Select All to add all vDisks in the list, then click Add.
Administrator's Guide booted from a vDisk, and then fails (or power is lost). If the same target device boots again, the same lock is used and no problem occurs. However, if an administrator tries to mount the drive on the Provisioning Server after the target device has failed, the Provisioning Server will not be able to mount that vDisk because a lock is still held by the failed target device. The Administrator has the capability to release these locks. Note: Ensure that the vDisk is not in use before removing a lock. Removing a lock for a vDisk, which is in use, may corrupt the image. To release select vDisk locks: 1. In the Console, right-click on the vDisk for which you want to release locks, and then select the Manage Locks... option. The Manage VDisk Locks dialog appears. 2. If a vDisk has a target device lock on it, that target device name appears in the dialog's list. Select one or more target device from the list, then click Remove lock. You can also choose Select All to remove all target device locks on the this vDisk. 3. Click Close to close the dialog.
Deleting a vDisk
Note: You cannot delete a vDisk if one or more target devices or user groups are currently assigned to it. Unassign all target devices from the vDisk, before attempting to delete it. To delete a vDisk: 1. In the Console, expand vDisk Pool in the tree, then highlight the vDisk that you want to delete in the details pane. 2. Right-click on the vDisk, then select Delete. The Delete vDisks dialog appears. 3. To permanently delete the vDisk from the hard drive, select the checkbox for deleting the vDisk from the hard drive option. Or, do not select the checkbox to delete the vDisk from the store and database. 121
Chapter 9
Managing vDisk Unless a backup copy is made before deleting a vDisk image file from the store, the vDisk image file is permanently deleted. 4. Click Yes. The vDisk is deleted.
Administrator's Guide 6. Click Close to close the Add existing vDisks dialog.
Backing Up a vDisk
The Provisioning Server treats a vDisk image file like a regular file, but the target device treats it as a hard drive. The procedure for backing up a vDisk image file is the same as backing up any other file on your server. If a vDisk image file becomes corrupt, to restore it requires simply replacing the corrupted file with a previous, functional version. Do not back up a vDisk while it is in use or while it is locked. It is recommended to integrate the backing up of vDisks into your normal Provisioning Server backup routine.
Updating vDisks
When you create a vDisk, you can configure the vDisk so that if changes to the vDisk are detected, those changes are scheduled to be applied or automatically applied. The Check for updates menu option provides you with the option to check for automatic or incremental updates at anytime.
123
Chapter 9
Managing vDisk
Note: To use the Automatic vDisk Update feature, you must select the appropriate Provisioning Server and vDisk settings in the Console. If using the Difference Disk mode, updating a vDisk invalidates all associated Difference Disk files, causing the write cache on that file to be deleted automatically. Be sure to create backup copies of all Difference Disks before updating the vDisk. To check for vDisk updates 1. Right-click a vDisk pool in the Console tree, then select the Check for updates menu option. 2. Choose from the following vDisk update menu options: Automatic Incremental If updates are found, you can choose to automatically update those vDisks or schedule those updates.
124
Administrator's Guide 4. Change the disk access mode 5. Assign the new vDisk 6. Boot the target device from the new vDisk 7. Add software or data files to the vDisk 8. Change the vDisk access mode of the new vDisk 9. Increment the version number 10. Update the vDisk These procedures are described in detail below.
125
Chapter 9
Managing vDisk
Update vDisks
1. Right-click on the vDisk Pool, then select the Check for Updates menu option. 2. Select either the automatic or incremental vDisk update option, then click OK button on the confirmation dialog. If selecting the Incremental vDisk update option, in order for incremental updates to be applied, the Check for Incremental Updates to vDisk option must be enabled on the Provisioning Server Properties Options tab. 126
Administrator's Guide 3. Boot target devices from the newly updated vDisk.
127
Chapter 9
Managing vDisk
Administrator's Guide Never apply the delta file to a copy of Image A that has been changed, booted from in private image mode, or even mounted on a Provisioning Server. Doing so will corrupt the image.
Chapter 9
Managing vDisk incremental updates menu option applies the rollback file to the correct vDisk file and rolls it back to the previous version. Optionally you can apply the rollback file by manually running the AutoUpdate.exe command line utility as follows: AutoUpdate merge updatedimagefile rollbackfile.pvr The merge option of AutoUpdate applies a delta file to the indicated image the same as the automatic update process does using the Console.
Chapter 10
131
Chapter 10
General Tab
Field/Button Device Name Description The name of the target device or the name of the person who uses the target device. The name can be up to 15 bytes in length. However, the target device name cannot be the same as the machine name being imaged. Note: If the target device is a domain member, use the same name as in the Windows domain, unless that name is the same as the machine name being imaged. When the target device boots from the vDisk, the name entered here becomes the target device machine name. Description Class Description of this target device. Class used for matching new vDisks to target devices when using Automatic Disk Image Update
132
Administrator's Guide
Field/Button
Description in order to match new vDisks images to the appropriate target devices and user groups.
Boot from
The boot method this target device should use. Options include booting from a vDisk, hard disk, or floppy disk. Enter the media access control (MAC) address of the network interface card that is installed in the target device. Displays the UDP port value. In most instances, you do not have to change this value. However, if target device software conflicts with any other IP/UDP software (that is, they are sharing the same port), you must change this value.
MAC
Port
Enable this option to prevent target devices from booting. Regardless if enabled or disabled, new target devices that are added using Auto-add, have records created in the database. Click this button to inherit the template properties for this collection (excluding Name and MAC).
vDisk Tab
Field/Button vDisks for this Device Description Displays the list of vDisk assigned to this target device. Click Add to open the Assign vDisks dialog. To filter the vDisks that display, select a specific store name and Provisioning Server or select All Stores and All Servers to list all vDisks available to this target device. Highlight the vDisks to assign, then click OK. Click Remove to remove vDisks from this device. Click Printers to open the Target Devices vDisk Printers dialog. This dialog allows you to choose the default printer and any network and local printers to enable or disable for this target device.
133
Chapter 10
Field/Button Options
Description Provides secondary boot options: w Include the local hard drive as a boot device. w Include one or more custom bootstraps as boot options. If enabling a custom bootstrap, click Add, to enter the bootstrap file name and the menu text to appear (optional), then click OK. If more than one vdisk is listed in the table or if either (or both) secondary boot options are enabled, the user is prompted with a disk menu at the target devices when it is booted. Enter a menu option name to display to the target device. The target device can select which boot options to use. Click Edit to edit an existing custom bootstrap's file name or menu text. Click Remove to remove a custom bootstrap file from those available to this target device.
Personality Tab
Field/Button Name and String Description There is no fixed limit to the number of names you can add. However, the maximum name length is 250 characters and the maximum value length is 1000 characters. Use any name for the field Name, but do not repeat a field name in the same target device. Field names are not case sensitive. In other words, the system interprets FIELDNAME and fieldname as the same name. Blank spaces entered before or after the field name are automatically removed. A personality name cannot start with a $. This symbol is used for reserved values such as $DiskName and $WriteCacheType.
134
Administrator's Guide
Authentication Tab
Field/Button Authentication Description Password information entered in this dialog is for initial target device login only. It does not affect Windows account login. Authentication methods include: w None w Username and password w External verification (user supplied method) Username If authenticating with a user name and password, enter the user name for the account. Follow your organization's user name conventions. Note: Requires user names be at least two characters and no more than 40 characters in length. User names are NOT case sensitive. If the account already exists, you cannot change the user name. Password If authenticating with a user name and password: Click the Change button to open the Change Password dialog. To create a new password for a user account, type the old password, then type the new password in both the New password and Confirm new password text boxes. Click OK to change the password. Note: Follow your organization's password conventions. Requires passwords be at least three characters and no more than 20 characters in length. Passwords ARE case sensitive. Reenter the new password exactly as you entered it in the previous field to confirm it.
135
Chapter 10
Status Tab
Field/Button Target Device Status Description The following target device status information appears: w Status: current status of this device (active or inactive). w IP Address: provides the IP Address or 'unknown'. w Server: the Provisioning Server that is communicating with this device. w Retries: the number of retries to permit when connecting to this device. w vDisk: provides the name of the vDisk or displays as 'unknown'. w License information; depending on the device vendor, displays product licensing information (including; n/a, Desktop License, Datacenter License, XenApp License, or XenDesktop License).
Logging tab
Field/Button Logging level Description Select the logging level or select Off to disable logging: w Off Logging is disabled for this Provisioning Server. w Fatal logs information about an operation that the system could not recover from. w Error logs information about an operation that produces an error condition. w Warning logs information about an operation that completes successfully, but there are issues with the operation. w Info Default logging level. Logs information about workflow, which generally explains how operations occur. w Debug logs details related to a specific operation and is the highest level of logging. If 136
Administrator's Guide
Field/Button
Description logging is set to DEBUG, all other levels of logging information are displayed in the log file. w Trace logs all valid operations.
137
Chapter 10
Managing Target Devices w Configuring a Master Target Device's BIOS on page 138 w Configuring network adapter BIOS on page 139 w Installing Master Target Device software on page 140
Administrator's Guide systems have different BIOS setup interfaces if necessary, consult the documentation that came with your system for further information on configuring these options. 1. If the target device BIOS has not yet been configured, re-boot the target device and enter the systems BIOS setup. (To get to BIOS setup, press the F1, F2, F10 or Delete key during the boot process. The key varies by manufacturer). 2. Set the network adapter to On with PXE. Note: Depending on the system vendor, this setting may appear differently. 3. Configure the target device to boot from LAN or Network first. Optionally, select the Universal Network Driver Interface; UNDI first, if using a NIC with Managed Boot Agent (MBA) support. Note: On some older systems, if the BIOS setup program included an option that permitted you to enable or disable disk-boot sector write protection, ensure that the option is disabled before continuing. 4. Save changes, then exit the BIOS setup program. 5. Boot the target device from its hard drive over the network to attach the vDisk to the target device.
139
Chapter 10
3. Change the boot order to Network first, then local drives. 4. Save any changes, and exit the setup program. In the Intel Boot Agent, typing F4 saves the changes. Alternatively, a device can be configured to provide IP and boot information (boot file) to target devices using the Manage Boot Devices utility.
Administrator's Guide 5. Click Next to continue, the Customer Information dialog appears. 6. Type your user name and organization name in the appropriate text boxes. 7. Select the appropriate install user option. The option you select depends on if this application will be shared by users on this computer, or if only the user associated with this computer should have access to it. 8. Click Next, the Destination Folder dialog appears. 9. Click Next to install the target device to the default folder (C:\Program Files\Citrix \Provisioning Services). Optionally, click Change, then either enter the folder name or navigate to the appropriate folder, and then click Next, then click Install. The installation status information displays in the dialog. Note: The installation process may take several minutes. While the installation process is running, you can click Cancel to cancel the installation and roll-back any system modifications. Close any Windows Logo messages that appear. 10. The "Installation Wizard Completed" message displays in the dialog when the components and options have successfully been installed. Close the wizard window. If both .NET 3.0 SP1 or newer is installed and Windows Automount is enabled, the Imaging Wizard will start automatically by default (for details, refer to Using the Imaging Wizard on page 109). 11. Reboot the device after successfully installing product software and building the vDisk image.
141
Chapter 10
Managing Target Devices 64-bit # cd /tmp # sh PVS_LinuxDevice_x64.run The Terms and Conditions associated with this product license agreement appears. Accept the license agreement, and then the installer prompts for a directory location to install the product software. The /root/citrix directory is recommended. 5. After the Linux utilities are installed to the hard disk, the installer prompts you to reboot your system. You can not begin the imaging phase until the target device has been rebooted. The installer adds an entry into the GRUB boot loader. If GRUB is not used, you must add the Provisioning Services kernel and initrd into your boot loader: Kernel: vmlinuz-ardence (This is a symbolic link which points to your distributions kernel) Initrd: initrd-ardence The boot loader prompts you with the Image target device option. Select this option when you are ready to image a target device after booting.
142
Administrator's Guide 3. Choose to either manually enter the device description, class, and boot information, or click the Get Template Properties... button to inherit the information from this collection's device template, including vDisk assignments. 4. Click OK to close the dialog box.
143
Chapter 10
Note: Site administrators can only select sites to which they have permissions. 4. From the Site drop-down list, select the site where devices should be added, then select Next. The Select Collection page displays with the default collection selected. 5. Accept the default collection or select a different collection from the Collection drop-down list, then click Next. The Select Template Devices page appears. 6. Select the device to use as a template, so that new devices being added will inherit the existing target device's basic property settings, then click Next. 7. To view the selected device's properties, click Properties. A read-only dialog displays the selected device's properties. Close the dialog after reviewing the properties. 8. Click Next. The Device Name page displays. 9. Enter a static prefix that helps identify all devices that are being added to this collection. For example: 'Boston' to indicate devices located in Boston. Note: The prefix can be used in combination with the suffix, but is not required if a suffix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). For example, the following device names are considered valid: Boston000Floor2 (prefix, incrementing number length, and suffix provided; the maximum of 15 characters has been reached) Boston000 (no suffix is provided) 000Floor2 (no prefix is provided) The prefix cannot end with a digit. 10. Enter the length of the incrementing number to associate with the devices being added to this collection. This number is incremented as each device is added. For example, if the number length is set to '3', Provisioning Services starts naming at '001' and stops naming or adding devices after the number reaches '999'. Note: Enable the Zero fill option to automatically add the necessary number of preceeding zeros to a numbers length. For example, if the numbers length is set to '4', than the first target device number would be assigned as '0001'. The number length must have a minimum of three digits and a maximum of 9 digits. 11. Enter a static suffix that helps to identify all devices being added to this collection. For example: Boston001Floor2 might be helpful to indicate the floor where these devices reside. 144
Administrator's Guide The suffix can be used in combination with the prefix, but is not required if a prefix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). The suffix cannot start with a digit. The prefix and suffix combination must be unique in each collection. 12. Click Next. The Finish dialog appears. 13. Review all Auto-Add wizard settings, then click Finish. Auto-Add is now configured.
Chapter 10
Managing Target Devices 5. To locate vDisks to assign to this target device, select a specific store or server under the Filter options, or accept the default settings, which includes All Stores and All Servers. 6. In the Select the desired vDisks list, highlight the vDisks to assign, then click OK, then OK again to close the Target Device Properties dialog.
Administrator's Guide The Target Device Control dialog displays with the Boot devices menu option selected in the Settings drop-down menu. 2. Click the Boot devices button to boot target devices. The Status column displays the Boot Signal status until the target device successfully receives the signal, then status changes to Success.
Chapter 10
Managing Target Devices new record is automatically created in the database and the following message appears on the target device: This target device has been disabled. Please Contact your system administrator. Once contacted, the system administrator can validate the target device. After the administrator disables the option, the target device can boot successfully. To disable or enable a target device, in the Console, right-click on the target device, then select the Disable or Enable menu option. Note: Enable the Disable target device option on the template target device, to disable all target devices as they are added to a collection.
Administrator's Guide 1. Right-click on a collection in the Console tree or highlight only those target devices that should be restarted within the collection, then select the Restart devices menu option. The Target Device Control dialog displays with the Restart devices menu option selected in the Settings drop-down menu. Target devices display in the Device table. 2. Type the number of seconds to wait before restarting target devices in the Delay text box. 3. Type a message to display on target devices in the Message text box. 4. Click the Restart devices button to restart target devices. The Status column displays the Restart Signal status until the target device successfully receives the signal, then status changes to Success.
Chapter 10
Administrator's Guide
Define personality data from a single target device using the Console
To define personality data for a single target device: 1. In the Console, right-click on the target device that you want to define personality data for, then select the Properties menu option. 2. Select the Personality tab. 3. Click the Add button. The Add/Edit Personality String dialog appears. Note: There is no fixed limit to the number of field names and associated strings you can add. However, the limits to the total amount of personality data assigned to a single string (names and data combined) is approximately 2047 bytes. Also, the total amount of data contained in names, strings and delimiters is limited to approximately 64Kb or 65536 bytes per target device. This limit is checked by the administrator when you attempt to add a string. If you exceed the limit, a warning message displays and you are prevented from creating an invalid configuration. Target device personality data is treated like all other properties. This data will be inherited when new target devices are added automatically to the database by either the Add New Target Device Silently option, or with the Add New Target Device with BIOS Prompts option. 4. Enter a name and string value. Note: You can use any name for the field Name, but you cannot repeat a field name in the same target device. Field names are not case sensitive. In other words, the system interprets FIELDNAME and fieldname as the same name. Blank spaces entered before or after the field name are automatically removed. A personality name cannot start with a $. This symbol is used for reserved values such as $DiskName and $WriteCacheType. 5. Click OK. To add additional fields and values, repeat Steps 5 and 6 as needed. When finished adding data, click OK to exit the Target Device Properties dialog.
Define personality data for multiple target device using the Console
Define target device personality for multiple devices: 1. In the Console, right-click on the target device that has the personality settings that you want to share with other device, then select Copy. The Copy device properties dialog appears. 2. Highlight the target devices in the details pane that you want to copy personality settings to, then right-click and select the Paste device properties menu. 3. Click on the Personality strings option (you may also choose to copy other properties at this time), then click Paste. 151
Chapter 10
152
Administrator's Guide The Target Device Personality String Set in Target Device Properties is: DefaultPrinter= \\CHESBAY01\SAVIN 9935DPE/2035DPE PCL 5e,winspool,Ne03: A batch file run on the target device would include the following line: GetPersonality DefaultPrinter /r=HKEY_CURRENT_USER\Software \Microsoft\Windows NT\CurrentVersion\Device Note: The actual key name should be the UNC name of the network printer, such as \ \dc1\Main, and the value that should be entered for the key would be similar to winspool,Ne01: where Ne01 is a unique number for each installed printer. Setting Environment Variables: Setting environment variables with personality data is a two-step process: 1. Use the GetPersonality command with the /f option to insert the variable into a temporary file. 2. Use the set command to set the variable. For example, to set the environment variable Path statement for the target device a personality name, as Pathname could be defined with the string value: %SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files \Microsoft Office\OFFICE11\;C:\Program Files\Microsoft SQL Server\80\Tolls\Binn The /f option creates a temporary file, allowing for a name to be assigned, in this case temp.txt. The following lines would then need to be included in the batch file: GetPersonality Pathname /f=temp.txt set /p Path= <temp.txt Note: If the filename specified with the /f option already exists, GetPersonality will not append the line to the file. Instead, the existing line is overwritten in the file.
153
Chapter 10
154
Chapter 11
155
Chapter 11
General Tab
Field/Button Name Description Template target device Description The name of this device collection. Describes this device collection. To use the settings of an existing target device as the template to apply to all target devices that are added to this collection, select that device from the drop-down menu, then click OK.
Security Tab
Field/Button Groups with Device Administrator access Description Assign or unassign device administrators to this collection using Add or Remove. Device administrators can perform tasks on all device collections to which they have privileges. Assign or unassign device operators to this collection using Add or Remove. Device operators have the following privileges: w Boot and reboot a target device w Shut down a target device w View target device properties
156
Administrator's Guide
Field/Button
Auto-Add Tab
Field/Button Template target device Description Displays the name of the target device, if a device was previously selected, or <No template device>, if a device was not selected. Use the drop-down menu to select a device to use as the template for adding new devices to this collection. To view a selected device's properties, click Properties (read-only dialog appears). Prefix Enter a static prefix that helps identify all devices that are being added to this collection. For example: 'Boston' to indicate devices located in Boston. The prefix can be used in combination with the suffix, but is not required if a suffix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). For example, the following device names are considered valid: w Boston000Floor2 (prefix, incrementing number length, and suffix provided; the maximum of 15 characters has been reached) w Boston000 (no suffix is provided) w 000Floor2 (no prefix is provided) The prefix cannot end with a digit. The prefix and suffix combination must be unique in each collection.
157
Chapter 11
Description Enter the length of the incrementing number to associate with the devices being added to this collection. This number is incremented as each device is added. For example, if the number length is set to '3', Provisioning Services starts naming at '001' and stops naming or adding devices after the number reaches '999'. Enable the Zero fill option to automatically add the necessary number of preceeding zeros to a numbers length. For example, if the numbers length is equal to 3, than the first target device number would be assigned as '001'. Enable the Zero fill option to automatically add the necessary number of preceeding zeros to a numbers length. For example, if the numbers length is set to '4', than the first target device number would be assigned as '0001'. The number length must have a minimum of three digits and a maximum of 9 digits.
Suffix
Enter a static suffix that helps to identify all devices being added to this collection. For example: Boston001Floor2 might be helpful to indicate the floor where these devices reside. The suffix can be used in combination with the prefix, but is not required if a prefix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). The suffix cannot start with a digit. The prefix and suffix combination must be unique in each collection.
158
Administrator's Guide
Description Indicates the last incremental number that was assigned to a device name in this collection. This number can be reset to '0' but cannot be lower than the highest number for the same Prefix/Suffix combination.
Options
Field/Button User Groups Description Enable user login to devices Enable or disable User Groups from logging into target devices in this collection. To permit a user to log in as a member of a user group within this site, check this box (user groups are based on Active Directory or Windows groups). To prohibit all users that are members within a user group from logging in, uncheck this checkbox. When disabled, if a member of a user group attempts to log in, Provisioning Services allows the user to log in using a vDisk that is assigned to the target device.
Chapter 11
Managing Device Collections w Shutdown Target Devices within a Collection on page 162 w Sending Messages to Target Devices within a Collection on page 163 w Moving Collections within a Site on page 163 w Accessing Auditing Information on page 245 for a collection w Managing Microsoft MAK Volume Licensing on Target Devices on page 165 for target devices within a collection
160
Administrator's Guide The wizard can be accessed from the farm, site, and device collection right-click menus. If accessed from the site or collection, only those target devices in the import file that match the site and collection by name, will be included in the import list. The wizard also provides the option to automatically create the site or collection using the information in the file, if either does not already exist. There is also the option to use the default collections device template, if it exists for that collection. A log file is generated with an audit trail of the import actions. The file is located in: C:\Documents and Settings\All Users\Application Data\Citrix \Provisioning Services\log To Import target devices into a Collection: 1. In the Console, right-click on the device collection that the target devices should be imported to, then click Target Device>Import devices. The Import Target Devices Wizard displays. 2. Type or browse for the file to import. The target device information is read from the file and displays in the table below. Information can include the target device name, MAC address, and optionally description. 3. Highlight one or more target devices to import. If applying the collection template to the imported target devices, select the Apply collection template device when creating devices checkbox. 4. Click Import to import the .csv text file containing target device information, into the selected collection. The status column indicates if the import was successful.
Deleting a Collection
Deleting a collection deletes any target device member records within the collection. The records can be recreated by manually adding them or using the Auto-add feature. Note: Deleting a target device also deletes that device from any views that it was associated with. If target devices are members of collections within the same site, the members of one collection can be dragged and dropped to other collections, then the original collection can be deleted. If a device collection needs to be moved to a different site or that site becomes obsolete, you can use the export and import features to add the devices to a collection in another site, then the original collection can be deleted. To delete a collection: 1. In the Console tree, right-click on the collection folder that you want to delete, then select the Delete menu option. A confirmation message appears. 2. Click OK to delete this collection. The collection no longer displays in the Console tree.
161
Chapter 11
162
Administrator's Guide 3. Click the Shutdown devices button to shutdown target devices. The Status column displays the shutdown signal status until the target device shuts down. As each target device successfully shuts down, the status changes to Success.
Chapter 11
Managing Device Collections w Preparing the New Base vDisk Image for KMS Volume Licensing on page 164 w Maintaining or Upgrading a vDisk Image that Uses KMS Volume Licensing on page 164 Note: If KMS licensing was not configured on the vDisk when the Imaging Wizard was run, it can alternatively be configured using the Console user interface (refer to the vDisk Properties on page 103, or the MCLI and PowerShell command-line interfaces (refer to the MCLI or PowerShell Programmers Guide for details).
Preparing the New Base vDisk Image for KMS Volume Licensing
After a vDisk is created using the Imaging Wizard, it must be reset to a non-activated state using the rearm command. It is important to perform this operation on a system booted from the vDisk in Private Image mode so that the master target device hard disk's rearm count is not reduced. Note: Microsoft limits the number of times you can run rearm on an installed OS image. The operating system will need to be reinstalled if the number of allowed rearm attempts is exceeded. 1. Boot the target device from the vDisk in Private Image Mode to rearm. For Windows Vista, 7, 2008, and 2008R2 run: cscript.exe slmgr.vbs -rearm For Office 2010: Program Files(x86)\Common Files\microsoft shared \OfficeSoftwareProtectionPlatform\OSPPREARM.EXE 2. Shutdown the target device. 3. Set the vDisk mode to Standard Image mode. 4. Stream the vDisk to one or more target devices.
164
Administrator's Guide a. In the Console, right-click on the vDisk, then select the File Properties menu option. The vDisk File Properties dialog appears. b. Click on the Microsoft Volume Licensing tab, then change the licensing option from KMS to None. c. On the Mode tab, set the vDisk access mode to Private Image mode. d. PXE boot to the vDisk in Private Image mode to rearm: w For Office 2010: Program Files(x86)\Common Files\microsoft shared \OfficeSoftwareProtectionPlatform\OSPPREARM.EXE w Repeat for Windows Vista, 7, 2008, and 2008R2 run: cscript.exe slmgr.vbs -rearm e. Shutdown the target device. f. In the Console, right-click on the vDisk, then select the File Properties menu option. The vDisk Properties dialog appears. g. Click on the Microsoft Volume Licensing tab, then change the license option from None to KMS. h. On the Mode tab, set the vDisk access mode to Shared Image mode. i. Stream the vDisk to the target devices.
Chapter 11
Managing Device Collections w Maintaining MAK Activations on page 167 Setting the vDisk's licensing mode A vDisk can be configured to use Microsoft Multiple Activation Key (MAK) licensing when the Imaging Wizard is run (refer to Using the Imaging Wizard on page 109). If MAK licensing was not configured when the Imaging Wizard was run, the vDisk's licensing mode property can be set using the Console, MCLI, or PowerShell user interface. The licensing mode should be set before attempting to activate target devices. Note: For information on using the command-line interfaces, refer to the MCLI or PowerShell Programmers Guide. Entering MAK User Credentials Before target devices that use MAK enabled vDisks can be activated, MAK user credentials must be entered for a site. Note: The user must have administrator rights on all target devices that use MAK enabled vDisks and on all Provisioning Servers that will stream the vDisks to target devices. To enter credentials: 1. Right-click on the site where the target devices exist, then select the Properties menu option. 2. On the MAK tab, enter the user and password information in the appropriate text boxes, then click OK. Activating target devices that use MAK enabled vDisks After a vDisk is configured for MAK volume licensing and user credentials have been entered, each booted target device that uses the vDisk needs to be activated with a MAK. Note: After all licenses for a given MAK have been used, a new key will be required in order to allow additional target devices that share this vDisk image to be activated. To activate target devices that use MAK volume licensing from the Console: 1. Boot all target devices that are to be activated. 2. In the Console, right-click on the collection or view that includes target devices that require MAK license activation, then select the Manage MAK Activations... menu option. The Manage MAK Activations dialog appears. 3. In the Multiple activation key text box, enter the MAK to be used to activate the target devices. 4. The number of booted target devices that require activation, display on the dialog. From the list of booted devices, check the box next to each target device that should be activated.
166
Administrator's Guide 5. Click OK to activate licensing for all selected target devices (do not close the dialog until the activation process is completed. The process can be stopped by clicking the Cancel button. Closing the dialog before the activation process completes stops the process and may result in some target devices not being activated). The Status column indicates if a target device is currently being activated (Activating) or the activation failed (Failed). If all target devices were activated successfully, click OK to close the dialog. After the activation process completes, if one or more target devices were not selected to be activated, or if devices were not activated successfully, the dialog displays listing any unactivated devices. After resolving any issues, repeat this step to activate the remaining target devices. Note: The Manage MAK Activations... option does not display after all currently booted target devices have been successfully activated. Maintaining MAK Activations When a target device has a MAK activated vDisk assigned, unassigning it removes any saved MAK reactivation information. If the vDisk is reassigned in the future, the target device will not reactivate. To prevent the loss of MAK activation, do not unassign the activated disk from the target device. To change a target device's vDisk, without losing the MAK activation, select one of the following methods: a. Assign more than one vDisk to the target device and set the default accordingly. b. Assign additional vDisks to the target device and temporarily disable the MAK activated vDisk. To update a MAK activated vDisk, the AutoUpdate feature must be used so that the MAK activation information, required for shared device reactivation, is maintained. Additional MAK considerations: Use of manual vDisk updates (unassigning one vDisk and reassigning another vDisk) will result in the loss of the required MAK activation information and will require a new activation, which would consume another license. Use of AutoUpdate to deploy a new vDisk, from a different OS install than the previous vDisk, will result in mismatched MAK activation information. In this case, a new activation must be performed from the command line interface, as only unactivated target devices can be activated from the MMC console.
167
Chapter 11
168
Chapter 12
169
Chapter 12
Each target device maintains its own Difference Disk, which does not follow the user from machine to machine, and numerous users using the same device all keep their data on the same Difference Disk file. Therefore, if using both the Difference Disk and User Group features, the user experience may differ from target device to target device. User groups only appear in the Console for Farm and Site Administrators. Expand the User Groups icon in the Console tree to view all user groups within a selected site. To display or edit a user groups properties, right-click on an existing user group in the Console, then select the Properties menu option. The User Group Properties on page 171 dialog displays and allows you to view or make modifications to that user group. To perform actions on user groups, refer to Managing User Group vDisk Assignments on page 171.
170
Administrator's Guide
General Tab
Field/Button Name Description Class Description The name of this user group. Describes this user group. Class name used for matching new vDisk images to the appropriate user groups when using the Image Update and the Managed Disk feature. Up to 40 characters can be entered. Check to disable this user group; uncheck to enable this user group. If disabled, a target device uses the vDisk assigned at the target device level.
vDisks Tab
Field/Button vDisks for this user group Description Click Add to add vDisks to this user group from the vDisk drop-down list. Click Remove to remove vDisks that have been made available to this user group. Remove does not delete the physical vDisk.
Chapter 12
Managing User Assigned vDisks w Assigning a vDisk to a User Group on page 173 w Unassigning User Groups From vDisks on page 173
172
Administrator's Guide
173
Chapter 12
Managing User Assigned vDisks 2. Under User groups from which to unassign, check the box next to each user group that should be unassigned, or click Select all to unassign all user groups from this vDisk. 3. Click Unassign. A confirmation message appears. 4. Click Yes to continue. The unassign status appears in the unassign status log below. To unassign a vDisk from all user groups within a Site: 1. Right-click on the vDisk in the Console, then select Unassign from All Site User Group(s)... 2. A confirmation message appears. Click Yes to continue.
174
Chapter 13
Managing Views
Topics:
View Properties Managing Views in the Console The Consoles Views feature provides a method that allows you to quickly manage a group of devices. Views are typically created according to business needs. For example, a view can represent a physical location, such as a building or user type. Unlike device collections, a target device can be a member of any number of views. Farm administrators can create and manage views in the Console trees Farm>Views folder. Farm views can include any target device that exists in this farm. Site administrators can create and manage views in the Console trees Farm>Sites>YourSite>Views folder. Site views can only include target devices that exist within that site (YourSite). To display or edit a views properties, right-click on an existing view in the Console, then select the Properties menu option. The View Properties on page 176 dialog displays and allows you to view or make modifications to that view. To perform actions on all members of a view, such as rebooting all target devices members in this view, refer to Managing Views in the Console on page 176.
175
Chapter 13
Managing Views
View Properties
To display or edit the properties of an existing view, right-click on the view in the Console, then select the Properties menu option. The View Properties on page 176 dialog displays and allows you to view or make modifications to that view. View properties are described in the tables that follow.
General Tab
Field/Button Name Description Description The name given to this view. Describes the purpose of this view.
Members Tab
Field/Button Members of this view Add button Remove button Remove All button Description Lists target device members that belong to this view. Opens the Select Devices dialog, from which target devices to add to this view are selected. Removes highlighted target devices from this view. Removes all target devices from this view.
Administrator's Guide w Managing Microsoft KMS Volume Licensing on page 163 w Managing Views in the Console on page 176 w Active Directory; to use the Views feature with the Active Directory Management feature, refer to Managing Active Directory on page 213.
Creating a View
1. In the Console, right-click on the Views folder where the new view will exist, then select the Create view menu option. The View Properties dialog appears. 2. On the General tab, type a name for this new view in the Name text box and a description of this view in the Description text box, then click the Members tab. 3. Click the Add button to add new target device members to this view. The Select Devices dialog appears. 4. From the drop-down menus, select the site, then the device collection that you want to add target device(s) from. All members of that device collection appear in the list of available target devices. 5. Highlight one of more target devices in this collection, then click Add to add them to the new view. To add additional target devices from other device collections, repeat steps 4 and 5. 6. Click OK to close the dialog. All selected target devices now display on the Members tab.
177
Chapter 13
Managing Views
Deleting a View
If a view becomes obsolete, you can delete the view. Deleting a view does not delete the target device from the collection. 1. In the Consoles tree, right-click on the view folder that you want to delete, then select the Delete menu option. A confirmation message appears. 2. Click OK to delete this view. The view no longer displays in the Console tree.
Refreshing a View
After making changes to a view, it may be necessary to refresh the view before those changes appear in the Console. To refresh the view, right-click on the view in the tree, then select the Refresh menu option.
Administrator's Guide menu option selected in the Settings drop-down menu. By default, all devices are highlighted in the Device table. 2. Type the number of seconds to wait before shutting down target devices in the Delay text box. 3. Type a message to display on target devices in the Message text box. 4. Click the Shutdown devices button to shutdown target devices. The Status column displays the Shutdown Signal status until the target device shuts down. As each target device successfully shuts down, the status changes to Success.
179
Chapter 13
Managing Views
180
Chapter 14
181
Chapter 14
Switch Manufacturers
This feature is given different names by different switch manufacturers. For example: w Cisco; PortFast or STP Fast Link w Dell; Spanning Tree Fastlink w Foundry; Fast Port w 3COM; Fast Start
Administrator's Guide With Provisioning Services, UNC format names can be used to specify the location of the OS Streaming database for all Provisioning Servers, and to specify the location of a particular vDisk.
Syntax
UNC names must conform to the \\SERVERNAME\SHARENAME syntax, where SERVERNAME is the name of the Provisioning Server and SHARENAME is the name of the shared resource. UNC names of directories or files can also include the directory path under the share name, with the following syntax: \\SERVERNAME\SHARENAME\DIRECTORY\FILENAME For example, to define the folder that contains your configuration database file in the following directory: C:\Program Files\Citrix\Provisioning Services On the shared Provisioning Server (server1), enter: \\server1\Provisioning Services Note: UNC names do not require that a resource be a network share. UNC can also be used to specify a local storage for use by only a local machine.
183
Chapter 14
Managing Network Components Options. On the View tab, under Advanced settings, clear the Use simple file sharing (Recommended) checkbox. 4. For the Stream Service, complete Steps 4-A and 4-B: Go to Control Panel>Computer Management>Component Services, right click on the Stream Service, and select Properties. Click the Log On tab. Change the Log on as: setting to This Account, and set up the service to login to the user and password configured in Step 1. 5. Verify that all Stream Services are restarted. The Configuration Wizard does this automatically. Stream Services can also be started from the Console or from the Control Panel. Note: The Stream Service cannot access folders using a mapped drive letter for the directory, since the mapped drives do not yet exist when the services start at boot time. Do not use a mapped drive letter to represent the vDisk or database-location directories when configuring Stream Services.
Chapter 14
Managing Network Components On the domain controller, use the Microsoft Management Console with the Group Policy snap-in, to configure the domain policies for the following: Object Policy Setting Policy Setting Policy Setting User Configuration\Administrative Templates\Network\Offline Files Disable user configuration of offline files Enabled Synchronize all offline files before logging off Disabled Prevent use of the Offline Files folder Enabled
186
Administrator's Guide
Chapter 14
Managing Network Components Re-booting the target device clears both the target device and Provisioning Services write cache. Doing this after an auto-update means that the Automatic Updates changes are lost, which defeats the purpose of running Automatic Updates. (To make Windows updates permanent, you must apply them to a vDisk while it is in Private Image mode). To prevent filling your write cache, make sure to disable the Windows Automatic Updates service for the target device used to build the vDisk. To disable the Windows Automatic Updates feature: 1. Select Start>Settings>Control Panel>Administrative Tools. 2. Select System. 3. Click the Automatic Updates tab. 4. Select the Turn Off Automatic Updates radio button. 5. Click Apply. 6. Click OK. 7. Select Services. 8. Double-click the Automatic Updates service. 9. Change the Startup Type by selecting Disabled from the drop-down list. 10. If the Automatic Updates service is running, click the Stop button to stop the service. 11. Click OK to save your changes. To make Windows updates permanent: 1. Shutdown all target devices that share the vDisk. 2. Change the vDisk mode to Private image. 3. Boot one target device from that vDisk. 4. Apply Windows updates. 5. Shutdown the target device. 6. Change vDisk mode to Standard image. 7. Boot all target devices that share this vDisk.
Administrator's Guide the persistent user data always resides on shared storage, Windows does not need to download the profile. This saves time, network bandwidth, and file cache. Since some of the files included in the profile can grow very large, the savings can be significant. Using Roaming User Profiles with diskless systems effectively involves configuring relevant policies and using Folder Redirection. Although unrelated to Roaming User Profiles, the Offline Folders feature affects diskless systems similarly. Disabling this feature avoids the same effects. On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following objects.
To exclude directories with potentially large files from download: Object Policy Setting Properties User Configuration\Administrative Templates\System\Logon/ Logoff Exclude directories in roaming profile Enabled Prevent the following directories from roaming with the profile: Application Data; Desktop; My Documents; Start Menu.
Chapter 14
Managing Network Components To configure folder redirection: 1. Create a network share (\\ServerName\ShareName) to contain the redirected user folders. 2. Give Full Control permission to everyone for the network share. 3. Enable Folder Redirection. Object Computer Configuration\Administrative Templates\System \Group Policy Folder Redirection policy processing Enabled
Policy Setting
4. Redirect the Application Data folder. Object User Configuration\Windows Settings\Folder Redirection \Application Data Basic or Advanced Target folder location: \\ServerName\ShareName\%username% \Application Data 5. Redirect the Desktop folder. Object User Configuration\Windows Settings\Folder Redirection \Desktop Basic or Advanced Target folder location: \\ServerName\ShareName\%username%\Desktop 6. Redirect the My Documents folder. Object User Configuration\Windows Settings\Folder Redirection \My Documents Basic or Advanced Target folder location: \\ServerName\ShareName\%username%\My Documents 7. Redirect the Start Menu folder. 190
Properties
Properties
Properties
Administrator's Guide
Object
User Configuration\Windows Settings\Folder Redirection \Start Menu Basic or Advanced Target folder location: \\ServerName\ShareName\%username%\Start Menu
Properties
191
Chapter 14
Administrator's Guide that the DHCP server is also the PXE boot server. Verify that option tag 60 is added to your DHCP scope. Provisioning Services setup automatically adds this tag to your scope provided that the Microsoft DHCP server is installed and configured before installing Provisioning Services. The Configuration Wizard sets-up the Tellurian DHCP Server configuration file if you use the wizard to configure Provisioning Services. The following is an example Tellurian DHCP Server configuration file which contains the option 60 tag. max-lease-time 120; default-lease-time 120; option dhcp-class-identifier "PXEClient"; subnet 192.168.4.0 netmask 255.255.255.0 { option routers 192.168.123.1; range 192.168.4.100 192.168.4.120; }.
193
Chapter 14
No limitation.
vDisk properties cannot be modified while the LUN is read-only. vDisks cannot be mapped on the Provisioning Server.
Fall back to cache on server disk does not function if the target device hard drive is not found or fails.
vDisk properties cannot be modified while the LUN is read-only. vDisks cannot be mapped on the Provisioning Server.
194
Administrator's Guide
Write Cache Limitations Separate shared read-write write cache location is required for the store.
Restrictions vDisk properties cannot be modified while the LUN is read-only. vDisks cannot be mapped on the Provisioning Server.
Basically, the main limitations to placing vDisks on read-only storage include: w Private image boot from read-only storage is not allowed w If cache on the Provisioning Server disk is desired, a separate shared storage location that has read-write access is needed for the write cache files. w Modifying the vDisk properties is not allowed when the vDisk storage location is readonly. w Mounting the vDisk on the server is not allowed when the vDisk storage location is read-only.
Prerequisites
The following are prerequisites to using this new feature: w Provisioning Servers that will have access to the read-only shared LUN(s) are server class machines (Windows 2003 Server or 2008 Server). w The Microsoft iSCSI initiator software is installed on all Provisioning Servers that will have access to the SAN. w The vDisk files that will be placed on the read-only shared LUN(s) have already been created and reside on a normal read-write storage location. Creating vDisk files in place on the LUN is more difficult than pre-making the VHD files in a normal readwrite store and subsequently copying them to the shared LUN. Therefore, this document will describe the procedure assuming the vDisk files have been pre-made and reside in a normal read-write storage location. w The SAN being used has the ability to set a LUN up for shared read-write access or shared read-only access without requiring a shared file system front end. Normally, using a LUN in shared read-write access mode without a shared file system front end will result in a corrupt NTFS volume. Limiting the LUN access to read-only circumvents this problem.
Implementation
On the SAN 1. Create a volume on the EquaLogic SAN using the EqualLogic Group Manager (or other relevant SAN interface front end). Make the volume large enough to hold all VHD and VHD associated PVP files that will be shared between the Provisioning Servers. 195
Chapter 14
Managing Network Components 2. Set the access type for the volume to read/write - shared. Note that the volume will be made read-only through the NTFS attributes not through the SAN access rights. While using the volume in read-only shared mode is possible, it requires extra steps to implement the solution. Therefore this procedure describes the process when the volume is set for read-write shared access. On Provisioning Servers 1. Use the iSCSI Initiator to login to the SAN volume on only one of the Provisioning Servers. Note: Do NOT login to the SAN Volume from more than one server simultaneously until the volume has been marked read-only. If you allow more than one server to simultaneously login to the volume through the iSCSI interface while the volume is read-write, you will corrupt the volume and will need to re-format it. All data on the volume will be lost. 2. Format the volume through the Windows Disk Manager with an NTFS file system and assign a drive letter or mount point path. A mount point path is desirable if you will have many LUN/Volumes exposed on a server as there will be no drive letter limitations. Make sure you use a drive letter/Mount point that will be identical on all servers using the volume. If you cannot make them identical, you will need to use the Provisioning Services/store override paths to point a specific server to a different drive letter/mount point for the volume. 3. After the volume is formatted and assigned a drive letter/Mount point, the volume should be accessible on this single Provisioning Server as a read/write volume. Make sure all properties for the VHD and PVP files that will reside on the volume are set correctly (including enabling HA) and then copy all VHD files and their associated PVP files to the volume. Lock files do not need to be copied. The PVP file MUST be copied along with the VHD file. The system will not be able to create a PVP file on the fly once the volume is read-only. 4. After all files are copied to the volume, you must make the volume read-only. Close all Explorer windows that have access to the volume, then open a command prompt on the server that has access to the volume. 5. Run diskpart.exe. This will start an interactive session with diskpart.exe. 6. Find the volume number by typing the following command: list volume. 7. Note the volume number of your volume and select it by typing the following command: select volume volumeNumber where volumeNumber is the number of the volume identified with the list volume command. 8. After the volume is selected, set the read-only attribute of the volume by typing the following command: attributes volume set readonly. 9. Check that the readonly attribute was set correctly by typing the following command: detail volume. 10. Exit diskpart.exe by typing the command: exit. 11. Using the iSCSI initiator interface, logoff the volume on this server and then relogin to the volume again. Make sure to make the volume a persistent target. You must logoff and then login to the volume to get NTFS on the server to re-read the
196
Administrator's Guide volume attributes so that it will recognize the volume as read-only. Making the volume a persistent target will ensure the volume is accessible when the server reboots. 12. It is now safe to mount the iSCSI volume on all Provisioning Servers. Using the iSCSI Initiator applet and Microsoft Disk Manager, mount the volume on all Provisioning Servers that need access to the volume. Make the target persistent in the iSCSI interface and try to make all servers mount using the same drive letter or mount point, which makes setting up the Provisioning Services Store easier. Note: It may be necessary to make the Provisioning Services Stream Service on all servers dependent on the iSCSI Service. This ensures that the volumes are available at the proper time should the server reboot and target devices are booted during the server reboot. To do this, edit the registry for the Stream Service, then add the DependsOnService value pointing to the iscsiexe.exe service (MSiSCSI). 13. Run the Console on one of the Provisioning Servers to create a store that points to the drive letter/mount point for the volume. 14. Select which Provisioning Servers have access to the volume for this store. Note: If you are using Cache on server or Difference disk mode for any VHDs on the volume, you MUST enter a Default write cache path for the store that does NOT point to the SAN read-only volume. This path must be in a shared location for all Provisioning Servers. You can use a Windows Network Share or any other read-write shared storage device, but the write cache path cannot point to the readonly volume. The read-only volume can only contain the VHD and PVP files. If you are using one of the target device cache modes (local HD or RAM) then you do not need to set up a shared read-write write cache location for the store. 15. On the Console, right-click on the store then select the Add Existing Disk menu option, which scans the store and adds the VHD files to the database. 16. Assign the VHD files that are on this store to target devices, then boot those target devices normally. The VHD files on the read-only volume will always display in the Console as locked with the lock type: Read only media: Shared. You cannot remove this lock type. You cannot create a new vDisk on a store once it has been marked as read-only with diskPart.exe. You cannot edit the properties of the VHD once the store has been marked read-only.
Chapter 14
Managing Network Components volume as offline on all Provisioning Servers (this feature is not available on all OS types. If necessary, use the iSCSI initiator to logoff the volumes). 3. In order to use the diskpart.exe utility to mark the volume as read/write, Open a command prompt on the server that has access to the volume, then run diskpart.exe. This starts an interactive session with diskpart.exe. 4. Find the volume number by typing the following command: list volume. 5. Note the volume number of your volume and select it by typing the following command: select volume volumeNumber where volumeNumber is the number of the volume identified with the list volume command. 6. After the volume is selected, to clear the readonly attribute, type the following command: attributes volume clear readonly. 7. Check that the readonly attribute was set correctly by typing the following command: detail volume. 8. Exit diskpart.exe by typing the command: exit. 9. Logoff/login the volume (or mark it offline/online in diskpart) on the single server that still has access to the volume. 10. Edit the VHD file attributes through the Console, then copy the new files to the volume. 11. After all edits are complete, use the diskpart.exe utility to mark the volume readonly by selecting the volume, then setting the read-only attribute: attributes volume set readonly. 12. Check that the readonly attribute was set correctly by typing the following command: detail volume 13. Exit diskpart.exe by typing the command: exit. 14. Use the iSCSI Initiator to logoff, then relogin to the volume to re-read the readonly attributes. 15. Use the iSCSI Initiator on all Provisiong Servers to re-login to the volume. Note: IMPORTANT! Do NOT login to the SAN Volume from more than one server simultaneously until the volume has been marked read-only. If you allow more than one server to simultaneously login to the volume through the iSCSI interface while the volume is read-write, you will corrupt the volume and will need to re-format it. All data on the volume will be lost.
198
Chapter 15
199
Chapter 15
database.
Considerations
The following features, options, and processes remain unavailable when the database connection is lost, regardless if the Offline Database Support option is enabled: w AutoAdd target devices w User Groups w AutoUpdate or Incremental vDisk updates w vDisk creation
200
Database Mirroring
In order to provide a highly available MS SQL configuration, Provisioning Services supports mirroring the Provisioning Services database, resulting in improved overall availability of Provisioning Services. Database mirroring can be implemented in a new or existing farm and requires the following high-level tasks: w Creating the Provisioning Services MS SQL primary database (created when the Installation Wizard is run on the server) Note: For database mirroring to function, the recovery model must be set to Full. w Identifying the primary database server and instance (identified when the Configuration Wizard is run) w Identifying an existing MS SQL failover database server (identified, not created, when the Configuration Wizard is run) w Configuring mirroring between the primary and failover database servers (configured using MS SQL database server tools) Note: Citrix recommends that the failover server be up and running before enabling database mirroring in the farm. For helpful information on configuring the MS SQL failover server, refer to http://technet.microsoft.com/en-us/library/ms188712.aspx. To implement and manage mirroring within a Provisioning Services farm, choose from the following: w Database Mirroring on page 201 w Enabling Mirroring Within an Existing Farm on page 202 Note: The procedures that follow are only intended to call out the steps that are applicable to database mirroring when running the Configuration Wizard.
201
Chapter 15
Note: Run the Configuration Wizard to specify the new failover sever so that the status of the Provisioning Service's farm correctly reports the new settings. After rerunning the wizard, some services, including the stream service, restart so that the farm has the new failover server settings specified with the wizard was run.
202
Administrator's Guide 5. On the Database Server page, select the primary and failover database servers and instance names, then enable the database mirror failover feature . 6. Complete the remaining wizard pages.
203
Chapter 15
The Provisioning Server to which a target device accesses to login does not necessarily become the Provisioning Server that accesses the vDisk on behalf of the target device. In addition, once connected, if one or more Provisioning Servers can access the vDisk for this target device, the server that is least busy is selected. To purposely force all target devices to connect to a different Provisioning Server in an HA configuration, while avoiding having targets timeout and attempt to reconnect to the current server, stop the Stream Service on that server. Upon shutdown, the Stream Service will notify each target device to re-login to another server.
HA Benefits
Benefits of using HA include: w Automatic failoverfailure of an active component results in an automatic failover to an alternative component without interruption. w Redundant Provisioning Server supportvDisk redundancy is available by making the store where a vDisk resides, accessible by multiple Provisioning Servers. w Support for various network shared storage optionssupport for RAID, SAN, NAS and Windows network storage.
HA Components
The key to establishing any highly available network is to identify the critical HA components, create redundancy for these components, and ensure automatic failover to the secondary component in the event that the active component fails. The critical components are: w Provisioning Server 204
Administrator's Guide w vDisk shared-storage system w Database storage device Note: Write caching must be disabled on the hard drive of each Provisioning Server if the storage device is an IDE or SATA drive, in order to avoid the possibility of file corruption or application failure (refer to Disabling Windows Write Caching). Write caching on the disk is a device-specific property. Some devices, such as a SCSI RAID disk or SAN, may not provide the option.
205
Chapter 15
Managing for Highly Available Implementations 2. Enter or browse for the bootstrap file location, then click Next. The default location is: C:\Documents and Settings\All Users\Application Data \Citrix\Provisioning Services\Tftpboot Note: If a previous version of Provisioning Server was installed on this server, you may need to change the default location from C:\Program Files\Citrix \Provisioning Server\TFTPBoot or C:\Documents and Settings \All Users\Application Data\Citrix\Provisioning Server \TFTPbootto: C:\Documents and Settings\All Users\Application Data\Citrix\Provisioning Services\TFTPboot. If the default is not changed, the bootstrap file can not be configured from the Console and target devices will fail to boot; receiving a Missing TFTP error message. 3. In the Provisioning Servers boot list, click the Add button to add additional login Provisioning Servers to the list. Use the Move up or Move down buttons to change the Provisioning Server boot preference order. Note: In an HA implementation, at least two Provisioning Server must be selected as boot servers. 4. To set advanced configuration settings, highlight the IP address of the Provisioning Server, click Advanced, then configure the bootstrap file. Note: For field definitions, refer to Provisioning Server Properties on page 84. 5. Click OK, then click Next. 6. Review configuration settings, then click Finish to confirm configuration settings and restart network services on this server. As configuration settings are saved, they display in the progress dialog. 7. To exit the Configuration Wizard, click Done.
Administrator's Guide 3. Type the IP address and port number of this Provisioning Server in the appropriate text boxes. 4. Select to either use subnet mask and gateway settings using DHCP/BOOTP, or type in the settings to use, then click OK. The Provisioning Server information displays in the list of available login servers. 5. To configure advanced bootstrap settings, on the Options tab, choose from the following settings: Select Verbose Mode if you want to monitor the boot process on the target device (optional). This enables system messaging on the target device. Select Interrupt Safe Mode if the target device hangs early in the boot process. Select Advanced Memory Support checkbox unless using older versions without PAE enabled. 6. Select from the following Network Recovery Methods: Restore Network Connections - Selecting this option results in the target device attempting indefinitely to restore its connection to the Provisioning Server. Note: Because the Seconds field does not apply, it becomes inactive when the Restore Network Connections option is selected. Reboot to Hard Drive - Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will reboot to the local hard drive. The default number of seconds is 50. 7. Under Timeouts, scroll for the Login Polling Timeout, in milliseconds, between retries when polling for Provisioning Servers. 8. Under Timeouts, scroll for the Login General Timeout, in milliseconds, for all login associated packets, except the initial login polling time-out. 9. Click OK to save your changes.
Enabling HA on vDisks
After the bootstrap file has been configured, the HA feature must be enabled on the vDisk. To enable the HA feature on the vDisk: 1. To enable the HA feature, in the Console, right-click on the vDisk and select the File Properties menu option. 2. Select the Options tab. 3. Select the High availability (HA) checkbox.
207
Chapter 15
Managing for Highly Available Implementations 4. Click OK to save this vDisk property change and continue. 5. Configure load balancing in the vDisk's properties (for details, refer to vDisk Properties on page 103). 6. Optionally, select the power rating for each Provisioning Server (for details, refer to Provisioning Server Properties on page 84) .
Administrator's Guide Configuring Service Account Credentials for Provisioning Servers includes the following high-level tasks: w Creating Stream-Service Account Credentials on the Domain Controller on page 209 w Assigning Stream-Service Account Credentials Manually on page 209 w Configuring HA Storage Access on page 210 w Enabling HA on vDisks on page 207
209
Chapter 15
Managing for Highly Available Implementations 7. Click OK to close the Select User dialog. 8. On the Log On tab, enter and confirm the Stream Service account password, confirm the password, then click OK. 9. After assigning the Service account credentials to the Stream Service, restart the Stream Service.
Administrator's Guide 13. Select the Service account credentials as user name. 14. Enable the Full Control checkbox, then click Apply. 15. Click OK.
SAN Configuration
If storing the database and vDisks on a SAN, use local system accounts for the Stream Service. Unlike a Windows network share, creating special Service Account Credentials to guarantee access to your data, may not be necessary to guarantee access to your data. In most cases, a SAN configuration allows setting up as if the database and vDisks were stored locally on the Provisioning Server.
Testing HA Failover
To ensure that HA is successfully configured, complete the following 1. Double-click the vDisk status icon on the target device and then note the IP address of the connected Provisioning Server. 211
Chapter 15
Managing for Highly Available Implementations 2. Right-click the connected Provisioning Server in the Console. Select Stream Services, then select Stop. 3. Confirm that the IP address of the connected Provisioning Server changes to that of an alternate Provisioning Server in the vDisk status dialog on the target device.
212
Chapter 16
213
Chapter 16
Administrator's Guide
With password management enabled, the domain password validation process includes: w Creating a machine account in the database for a target device, then assign a password to the account. w Providing an account name to a target device using the Streaming Service. w Having the domain controller validate the password provided by the target device.
Chapter 16
Managing Active Directory Domain management is activated by completing the following tasks: w Enabling Machine Account Password Management w Enabling Automatic Password Management
216
Administrator's Guide
Giving Access to Users from Another Domain Provisioning Services Administrator Privileges
There are several methods for giving Provisioning Services Administrator privileges to users that belong to a different domain. However, the following method is recommended:
217
Chapter 16
Managing Active Directory 1. Add the user to a Universal Group in their own domain (not the Provisioning Services Domain). 2. Add that Universal Group to a Local Domain Group in the PVS domain. 3. ) Make that Local Domain Group the PVS Admin group.
218
Administrator's Guide domain), then select Active Directory Management, then select Reset machine account. The Active Directory Management dialog appears. 2. In the Target Device table, highlight those target devices that should be reset, then click the Reset devices button. Note: This target device should have been added to your domain while preparing the first target device. 3. Click Close to exit the dialog. 4. Disable Windows Active Directory automatic password re-negotiation. To do this, on your domain controller, enable the following group policy: Domain member: Disable machine account password changes. Note: To make this security policy change, you must be logged on with sufficient permissions to add and change computer accounts in Active Directory. You have the option of disabling machine account password changes at the domain level or local level. If you disable machine account password changes at the domain level, the change applies to all members of the domain. If you change it at the local level (by changing the local security policy on a target device connected to the vDisk in Private Image mode), the change applies only to the target devices using that vDisk. 5. Boot each target device.
219
Chapter 16
220
Chapter 17
221
Chapter 17
IP Settings
Add button
Administrator's Guide
Select this option to retrieve target device IP; default method. Selecting this method requires that a primary and secondary DNS and Domain be identified.
Server Lookup: Configure Bootstrap Use DNS Select this option to use DNS to find the server. The host name displays in the Host name textbox. If this option is selected and the Use DHCP to retrieve Device IP option is selected (under Device IP Configuration settings), your DHCP server needs to provide option 6 (DNS Server). Note: If using HA, specify up to four Provisioning Servers for the same Host name on your DNS server. Use Static IP Use the static IP address of the Provisioning Server from which to boot from. If you select this option, click Add to enter the following Provisioning Server information, then click OK to exit the dialog: IP Address Subnet Mask Gateway Port (default is 6910) Note: If using HA, enter up to four Provisioning Servers. If you are not using HA, only enter one. Use the Move Up and Move Down buttons to sort the Provisioning Servers boot order. The first Provisioning Server listed will be the server that the target device attempts to boot from. Options Tab: Configure Bootstrap Verbose Mode Select the Verbose Mode option if you want to monitor the boot process on the target device (optional) or view system messages. Select Interrupt Safe Mode if you are having trouble with your target device failing early in the boot process. This setting enables the bootstrap to work with newer Windows OS versions and is enabled by default. Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your
223
Chapter 17
target device is hanging or behaving erratically in early boot phase. Network Recovery Method Restore Network Connections Selecting this option results in the target device attempting indefinitely to restore it's connection to the Provisioning Server. Reboot to Hard Drive (a hard drive must exist on the target device) Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will rebooot to the local hard drive. The default number of seconds is 50, to be compatible with HA configurations. Login Polling Timeout Enter the time, in milliseconds, between retries when polling for Provisioning Servers. Each Provisioning Server is sent a login request packet in sequence. The first Provisioning Server that responds is used. In nonHA systems, this time-out simply defines how often to retry the single available Provisioning Server with the initial login request. This time-out defines how quickly the round-robin routine will switch from one Provisioning Server to the next in trying to find an active Provisioning Server. The valid range is from 1,000 to 60,000 milliseconds. Login General Timeout Enter the time-out, in milliseconds, for all login associated packets, except the initial login polling timeout. This time-out is generally longer than the polling time-out, because the Provisioning Server needs time to contact all associated servers, some of which may be down and will require retries and time-outs from the Provisioning Server to the other Provisioning Servers to determine if they are indeed online or not. The valid range is from 1,000 to 60,000 milliseconds.
Administrator's Guide
Important: If a previous version of Provisioning services was installed on this server, you must change the default location from: C:\Program Files\<CitrixorOEMname>\Provisioning Server \Tftpboot to: C:\Documents and Settings\All Users\Application Data\<CitrixorOEMname> \Provisioning services\Tftpboot If the default is not changed, the bootstrap file can not be configured from the Console and target devices will fail to boot; receiving a Missing TFTP error message.
Note: If you installed the Console on a separate machine, select the path of the remote Provisioning Server (which has boot services installed). 2. Click Read DB. When the Stream Service starts, it creates a record in the database with its own IP address. There is only one Stream Service option record per database. If the service is bound to multiple IP addresses, multiple records appear in the database. The Read DB function chooses only one IP address from each Provisioning Server. This function can also be used to populate the boot file with the Stream Service IP settings already configured in the database. 3. Choose from the following options: Select the Verbose Mode option if you want to monitor the boot process on the target device (optional). This enables system messaging on the target device. Select Interrupt Safe Mode if the target device hangs early in the boot process. Select Advanced Memory Support option to enable the bootstrap to work with newer Windows OS versions (enabled by default). Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your target device is hanging or behaving erratically in early boot phase. 4. Select from the following Network Recovery Methods: Restore Network Connections - Selecting this option results in the target device attempting indefinitely to restore it's connection to the Provisioning Server. Reboot to Hard Drive - Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will reboot to the local hard drive. The default number of seconds is 50. Click the Browse button to search for and select the folder created in Step 1, or enter a full path or UNC name. Note: If the partition containing the vDisks is formatted as a FAT file system, a message displays a warning that this could result in sub-optimal performance. It is 225
Chapter 17
Managing Bootstrap Files and Boot Devices recommended that NTFS be used to format the partition containing the vDisks. Do not change the address in the Port field.
Caution: All boot services (PXE, TFTP) must be on the same NIC (IP). But the Stream Service can be on a different NIC. The Stream Service allows you to bind to multiple IPs (NICs). 5. Configure the following: Login Polling Timeout Enter the time, in milliseconds, between retries when polling for servers. Each server is sent a login request packet in sequence. The first server that responds is used. This time-out simply defines how often to retry the single available server with the initial login request. If you are using the High Availability feature, this timeout defines how quickly the round-robin routine will switch from one server to the next, in trying to find an active server. The valid range is from 1,000 to 60,000 milliseconds. Login General Timeout Enter the time-out, in milliseconds, for all login associated packets, except the initial login polling time-out. The valid range is from 1,000 to 60,000 milliseconds. 6. Click OK to save your changes.
Administrator's Guide
When an entire hard drive is selected as boot device, all existing disk partitions are erased and re-created with a single active partition. The targeted partition is reserved as a boot device and cannot be used by the operating system or data. When a hard disk partition is selected as boot device, the selected disk partition data is deleted and set as an active partition. This active partition becomes the boot device. Boot devices are configured using the Boot Device Management utility. The Manage Boot Devices utility is structured as a wizard-like application, which enables the user to quickly program boot devices. After installing the boot device, complete the procedures that follow.
Chapter 17
Managing Bootstrap Files and Boot Devices w Port (default is 6910) If using HA, enter up to four Provisioning Servers. If you are not using HA, only enter one. Use the Move Up and Move Down buttons to sort the Provisioning Servers boot order. The first Provisioning Server listed will be the server that the target device attempts to boot from. 3. Click Next. The Set Options dialog appears. 4. Configure the following local boot options, then click Next: Verbose Mode; enable/disables the displaying of extensive boot and diagnostic information that is helpful when debugging issues. Interrupt Safe Mode; enable/disable for debugging issues, which is sometimes required for drivers that exhibit timing or boot behavior problems. Advanced Memory Support; enables/disables the address extensions, to match your operating system settings. Select this option to enable the bootstrap to work with newer Windows OS versions (enabled by default). Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your target device is hanging or behaving erratically in early boot phase. Network Recovery Method; select to attempt to restore the network connection or to reboot from a hard drive if the target device loses connection to the Provisioning Server, and how long (in seconds) to wait to make this connection. Login Polling Timeout; in general, it is recommended that you start values of one second for each of the polling and general timeouts. You should extend these when using 3DES encryption. You should further extend the timers based upon workload. A reasonable setting for 100 target devices running triple DES in the network would be three seconds. Login General Timeout; a reasonable setting for 100 target devices running triple DES in the network would be ten Seconds for the General Timeout. 5. On the Burn the Boot Device dialog, configure the target device IP. If the Use DNS to find the Server option is selected and your DHCP service does not provide option 6 (DNS Server), then enter the following required information (note that the server name must be less than 16 characters length and the domain name less than 48 characters in length): Primary DNS Server Address Secondary DNS Server Address Domain Name 6. Configure the Boot Deviceproperties. Add an active boot partition . Check this option to add a boot partition. Note: A boot partition is required if booting from the device's hard drive (for example, when selecting a XENPVDISK boot device with small partition or partition offset). Select the boot device from the list of devices.
228
Administrator's Guide If a partition offset size is set, a confirmation message displays to confirm the destination size. Type Yes (case sensitive) to continue. 7. If applicable, configure Media Properties. 8. Click Burn. A message appears to acknowledge that the boot device was successfully created. If selecting ISO format, use your CD burning software to burn the ISO image. 9. Click Exit to close the utility. 10. Boot the target device and enter the BIOS Setup. Under the Boot Sequence, move the boot device to the top of the list of bootable devices. Save the change, then boot the target device. After the boot device is programmed, a target device boot sequence can be configured using the Consoles Target Device Disk Properties dialog. These boot behaviors are used after a target device connects to a Provisioning Server. The Console allows multiple vDisk images to be assigned to a target device. The way in which these vDisks boot depends upon the selected boot behavior. When configuring the BIOS to work with the boot device (either USB or ISO image), it is imperative that the NIC PXE option is enabled. The PXE boot option is required in order for the NIC Option ROM to stay resident in memory during the pre-boot process. This way, UNDI will be available to the boot device to properly initialize the NIC. Otherwise, the "API not found" message would be displayed by the boot device.
229
Chapter 17
230
Chapter 18
Managing Printers
Topics:
Installing Printers on a vDisk Enabling or Disabling Printers on a vDisk Methods for Enabling Printers on a vDisk Enabling the Printer Management Feature Provisioning Server provides a Printer Management feature that allows you to manage which printers target devices have access to on a vDisk. Printers are managed from the Target Device Properties dialog. This feature should not be enabled if you use Active Directory to manage printers. If you use an existing printer management tool, this feature should be disabled to avoid printer setting conflicts. There are two types of printers that can appear in the Console window: w Network Printers w Local Printers Before a target device can access a printer, the following tasks must be completed in the order that follows: w Installing Printers on a vDisk on page 232 w Methods for Enabling Printers on a vDisk on page 233 w Enabling the Printer Management Feature on page 235
231
Chapter 18
Managing Printers
Administrator's Guide w You may be using a different printer system that installs the valid printers on each target device and software may delete them or cause conflicting settings. w Printers that are included on the vDisk should be accessible to all users. w The system needs to be configured before being deployed. Until the Printer Management feature is enabled, changes can be made for different target devices as needed. All printers installed on a vDisk appear in the Details panel when the Printers group folder is expanded for that vDisk. If a disk is a HA vDisk (has a duplicate with same vDisk name), changes to that printer (if it is enabled or disabled for a target device) are automatically made to the duplicate vDisk. Enablement Methods Using the Console, you can manage which target devices use which printers. There are several methods for managing target device printer assignments. Choose from the following methods: w Enabling printers for target devices using the Printer settings option. Use this method to enable or disable a single printer to multiple target devices accessing a vDisk. w Enabling printers for target devices using the Printers group folder. Use this method to select printer settings (enable/disable; default) for a single target device. w Enabling printers using Copy and Paste. Use this method to copy printer settings of one target device (enabled/disabled; default printer), to one or more target devices selected in the Details panel. w Enabling printers using an existing target device as a template. Use this method to automatically set printer settings when a target device is added to the network. Note: The Administrator may choose to limit the number of printers for particular target devices or select different default printers for particular target devices. The settings that are selected are saved to the target devices personality information (if the limit for this field, 65K, is reached, a message appears indicating that some of the settings will not be saved and offers suggestions for decreasing the size).
233
Chapter 18
Managing Printers
Enabling printers for target devices using the Printer Settings option
Use this method to assign a single printer to multiple target devices. This method is very useful when managing the printer-to-all target devices relationship. 1. In the Console tree, under Provisioning Servers, click the Printers group folder. All printers associated with that group appear in the Details panel. 2. Right-click on a printer in the Details panel, then select the Client Printer Settings... menu option. The printer settings dialog for that printer appears. 3. Enable or disable this printer for one or more target devices using any of the following options: In the Enable column, select the checkbox next to each target device to enable or disable use of this printer. Select the checkbox under the dialogs Enable heading to enable or disable this printer for all target devices assigned to the vDisk. 4. To select this printer as the default printer for target devices accessing this vDisk, select from the following methods: Select the Default checkbox in the dialogs Default heading to set this printer as the default for all target devices assigned to this vDisk. Highlight one or more target devices, then right-click to open the context menu. Select from the following menu options; Default, NotDefault All Default All Not Default In the Default column, select the checkbox next to each target device that should use this printer as the default printer. If there is only one printer, that printer is automatically set as the default printer. 5. Click OK to save settings for this printer and exit the dialog.
Enabling printers for target devices using the Printers group folder
Use this method to select printer settings (enable/disable; default) for a single target device. Note: After selecting printer settings for a single target device, you may choose to duplicate this target devices printer settings using the Copy and Paste features. 1. Under the target devices vDisk, click the Printers group folder in the tree. Printers that are associated with that group appear in the Details panel. By default, printers are not enabled for a target device and the first printer listed is set as the default printer. 234
Administrator's Guide 2. Select or deselect the Enable checkbox next to each printer to enable or disable the printer for this target device. You can also choose from one of the additional selection methods that follow. In the Details panel: Select or unselect the Enable checkbox within the table heading to enable or disable all printers. Highlight a printer, then use the space bar to enable or disable printers.
235
Chapter 18
Managing Printers After assigning printers to target devices, the Printer Management feature must be enabled before any printers on the target device can be removed. Until Printer Management is enabled, all printers installed on the target device are available to the target device. Once the feature is enabled, any changes to target devices printer settings (enable/disable; default) become available the next time the target device boots from the vDisk. If the Printer Management feature is disabled and a target device boots from a vDisk that has printers installed on it, that target device has access to all printers on that vDisk. If the Printer Management feature is enabled and the target device boots from that same vDisk, that target device can only access those printers that are enabled for that target device. To enable or disable printers on a selected vDisk: 1. In the Console, expand the Provisioning Server node in the tree panel, then select the vDisk that you want printers enabled or disabled on. 2. Select File Properties from the right-click menu, then select the Options tab. 3. Under Printer Settings, select the Enable the Printer Settings checkbox option to enable settings, or leave the checkbox blank to disable printer settings. 4. If the Enable the Printer Management checkbox is selected, the Enable Printer Management menu options appear checked when the Printers group is highlighted. 5. If the Enable the Printer Management checkbox appears disabled, all printers exist on the selected vDisk. You can also choose from the following methods to enable or disable the Printer Management feature using right-click menus: Printers Group In the Tree, under Provisioning Servers, expand a Provisioning Server, then expand the vDisk for which you want to disable Printer Management. Right-click on the Printers folder for that vDisk, then select the Disable Printer Management option. Virtual Disk In the Tree, under Provisioning Servers, right click on the vDisk for which you want to disable Printer Management, then select the Disable Printer Management option.
236
Chapter 19
Logging
Topics:
Configuring Provisioning Server Log Properties Configuring Target Device Log Properties Log Files and Content Provisioning Services provides logging to help with troubleshooting and managing a Provisioning Services farm. All log file settings can be managed from the Provisioning Services Console. Settings are saved to the database as properties that are specific to each Provisioning Server or target device. Logging includes: Configuring Provisioning Server Log Properties on page 238 Configuring Target Device Log Properties on page 239 Log Files and Content on page 240
237
Chapter 19
Logging
238
Administrator's Guide TRACE TRACE logs all valid operations. 3. In the Max File Size text box, scroll to select the maximum size that a log file can reach. When the max file size is reached, the file is closed and an index number is appended to the file name, then a new file is created. 4. In the Max Backup Files text box, scroll to select the maximum number of backup files to retain, then click OK. The oldest log file is automatically deleted when the maximum number of backup files is reached. 5. On the General tab, enable Log events to the servers Windows Event Log to allow for logging events using the Windows Event log on the Provisioning Server that is communicating with this target device. This log includes errors that may occur after the early boot phase as well as any critical error reporting. Click OK. Note: Provisioning Server logging levels should not be set by modifying the Stream_log.config file manually (refer to Log Files and Locations) because it may cause the logging level to be out of sync.
Chapter 19
Logging Default logging level. The INFO level logs information about workflow, which generally explains how operations occur. DEBUG DEBUG logs all system level activity. TRACE TRACE logs all valid operations.
Administrator's Guide ConfigWizard.log ConfigWizard.exe writes Provisioning Server configuration logging information to ConfigWizard.log
241
Chapter 19
Logging
242
Chapter 20
Auditing
Topics:
Enabling Auditing Information Accessing Auditing Information Archiving Audit Trail Information Provisioning Services provides an auditing tool that records configuration actions on components within the Provisioning Services farm, to the Provisioning Services database. This provides administrators with a way to troubleshoot and monitor recent changes that might impact system performance and behavior. The Provisioning Services administrator privileges determines the audit information that can be viewed and the menu options that are visible. For example; a Farm Administrator can view all audit information within the farm, unlike a Device Administrator whom can only view audit information for those device collections they have privileges to. Auditing tasks include: w Enabling Auditing Information on page 245 w Accessing Auditing Information on page 245 w Archiving Audit Trail Information on page 248 Note: Auditing is off by default. Also, if the Provisioning Services database becomes unavailable, no actions are recorded. The managed objects within a Provisioning Services implementation that are audited include: w Farm w Site w Provisioning Servers w Collection w Device w Store w vDisks Only those tasks that are performed from one of the following Provisioning Services utilities are recorded: w Console 243
Chapter 20
Auditing w MCLI w SOAP Server w PowerShell Note: Tasks that are not performed using these utilities, such as booting target devices or Provisioning Servers by other methods, are not recorded. If the Provisioning Services database becomes unavailable, no actions are recorded.
244
Administrator's Guide
245
Chapter 20
Auditing The Audit Trail dialog displays or a message appears indicating that no audit information is available for the selected object. 2. Under Filter Results, select from the following filter options: Option User Description To narrow the resulting audit information that displays by user, select a user to filter on from the User drop-down menu. The default is All users. To narrow the resulting audit information that displays by domains, select a domain to filter on from the Domain drop-down menu. The default is All domains.
Domain
Start date To narrow the resulting audit information that displays by date, select a start date for which the audit information should display from the Start date drop-down menu. The default is one week prior to the current date. For example, if today is the 23rd, the start date would default to the 16th. End date To narrow the resulting audit information that displays by date, select an end date for which the audit information should display from the End date drop-down menu. The default is the current date. To narrow the resulting audit information that displays by the action, such as Set Disklocator, select the action from the Action drop-down menu. The default is to display all actions. To narrow the resulting audit information that displays by the type of action, such as Disklocator, select the type from the Type drop-down menu. The default is to display all types.
Action
Type
3. Click Search. The resulting audit information displays in the audit table, which displays the following information: Note: Columns in the audit table can be sorted in ascending and descending order by clicking on the column heading. Action list number Based on the filter criteria selected, the order the actions took place. Date/Time Lists all audit actions that occurred within the Start date and End date filter criteria. Action
246
Administrator's Guide Identifies the name of the Provisioning Services action taken. Type Identifies the type of action taken, which is based on the type of managed object for which the action was taken. Name Identifies the name of the object within that objects type, for which the action was taken. User Identifies the users name that performed the action. Domain Identifies the domain in which this user is a member. Path Identifies the parent(s) or the managed object. For example, a Device will have a Site and Collection as parents. 4. To view additional details for a particular action, highlight that actions row within the results table, then click one of the option buttons that follow: Option Secondary Description Click to view information on any secondary objects that this action affected. This opens the Secondary dialog, which includes the Type, Name, and Path information. This dialog allows you to drill down to view secondary object actions such as Parameters, Sub Actions, and Changes as described below.
Parameters Click to view any other information used to process the action. This opens the Parameters dialog, which includes Name (parameter name) and Value (object name) information. Sub Actions Click it to view additional actions that were performed to complete this action. This opens the Sub Actions dialog, which includes Action, Type, Name, and Path information. Changes Click to view any new or changed values (such as Description) associated with the object (such as a target device). This opens the Changes dialog, which includes Name, Old, and New information.
Note: If an option displays disabled, that option is not valid for the currently selected action.
247
Chapter 20
Auditing
248
Chapter 21
249
Chapter 21
Administrator's Guide bind to. Select all the NICs that participate in NIC failover. Alternatively, in Provisioning Services 5.1 or later, run bindcfg.exe, which is located in the installation directory, to selectively bind NICs post installation. 3. A Target Device will only failover to NICs that are in the same subnet as the PXE boot NIC. 4. In the event that the physical layer fails, such as when a network cable is disconnected, the Target Device fails over to the next available NIC. The failover timing is essentially instantaneous. 5. The NIC failover feature and Provisioning Services HA feature compliment each other, and provide network layer failover support. If the failure occurs in the higher network layer, then the target device fails over to the next Provisioning Server, subject to HA rules. 6. If a NIC fails and the target device is rebooted, the next available NIC from the failover group will be used. Therefore, these NICs must be PXE capable and PXE enabled. 7. If a virtual NIC (teamed NICs) is inserted into the failover group, the vDisk becomes limited to Private Image Mode. This is a limitation imposed by the NIC teaming drivers. 8. Load balancing is not supported in the NIC failover implementation.
251
Chapter 21
252
Chapter 22
253
Chapter 22
System Requirements
w Windows XP Embedded with the latest service pack. w In order to build Windows XP Embedded operating systems, Microsoft Windows Embedded Studio must first be installed. w The target device must meet the Windows XP Embedded system requirements. It is recommended that a Windows XP Embedded operating system be built first on the desired embedded target device to ensure OS compatibility and to resolve any OS specific issues (such as driver requirements). w Each embedded target device must also meet the target device requirements outlined in the Provisioning Services Installation Guide. w A local drive must exist on a target system during the initial XP Embedded operating system build process. This is necessary to allow Microsofts First Boot Agent to run and finish your XP Embedded image setup. Once the image is complete and the XP Embedded disk image has been copied to the vDisk on the Provision Server or on shared network storage, the local disk can be removed (if desired). w The maximum size of the vDisk is 2 terabytes.
254
Administrator's Guide
255
Chapter 22
256
Administrator's Guide Provisioning Services installation occurs in two phases. Phase one occurs when the operating system is built with Target Designer. All necessary files and non-devicespecific components are installed in the target operating system. Phase two occurs the first time the Windows XP Embedded operating system boots. At this time, all device-specific installation steps are performed. This second phase cannot occur until after the First Boot Agent has completed and the full operating system is up and running. Note: If automatic installation was turned off to remove the dependence on the Explorer shell component, it will be necessary to manually run the second phase of the installation process. Once the XP Embedded Image with Provisioning Services support is fully up and running, it can be imaged onto the embedded target devices vDisk, after which the embedded target device can be booted virtually. Note: Provisioning Services require that at least one of the target systems have a physical disk for the creation of the initial XP Embedded operating system. After the operating system is built and transferred to a vDisk, the target systems physical disk can be removed (if desired).
257
Chapter 22
Administrator's Guide
Note: The embedded target device must be configured to be bootable by XP Embedded. To do this, run the BootPrep utility provided by Microsoft. For more information on preparing target media to boot Windows XP Embedded, refer to Building a Run-Time Image in the Microsoft Windows XP Embedded Help. 2. Change your embedded target devices BIOS setting to boot Network first, then boot the embedded target device. 3. The XP Embedded Image will run through the Microsofts First Boot Agent (FBA), and complete the setup of the XP Embedded Operating system. Note: By including the "Network Command Shell" component, the embedded target device can be configured to use a static IP address from the command line (using netsh.exe). For more information on the Network Command Shell, refer to the following web page: http://www.microsoft.com/technet/prodtechnol/winxppro/ proddocs/netsh.asp If the XP Embedded Image was created with Automatic installation turned off, or with a shell other than the Explorer Shell, Provisioning Services installation will have to be completed manually. This can be done by running bnSetup.bat located in the C:\Program Files\Citrix\Provisioning Services directory. If the command prompt component (CMD - Windows Command Processor) was not included in the build, you may have to run the commands in the batch file manually. Note: The batch file BNSetup.bat will reboot your system. 4. Prepare your embedded target device. Once the XP Embedded Operating system is completely up and running an additional local disk appears on the device. This disk is the vDisk associated with the embedded target device and is actually located on a Provisioning Server.
259
Chapter 22
260
Glossary
AutoUpdate A command-line utility that is used to create a delta file when incrementally updating a vDisk. Boot Device Manager (BDM) A utility used to create boot devices that have the bootstrap and IP information preinstalled; enabling a target device to boot over the network without the use of PXE or DHCP. Boot Services A set of network boot services that can be used to get the boot information necessary when booting a target device from a vDisk, including PXE, TFTP, and BOOTP. BOOTP An IP/UDP bootstrap protocol (BOOTP), which allows a target device to discover its IP address and other IP configuration parameters. BOOTPTAB BOOTPTAB is the backend table that maps a target devices MAC addres to the IP address assigned by the administrator. Common Image Feature A feature that allows a single vDisk image to work for target devices using network interface cards that vary. Device Administrator Device Administrators manage device collections within a site. Device Collection A logical grouping of devices. For example, a device collection could represent a physical location, a subnet range and a logical grouping of target devices. A target device can only belong to one device collection. Device Operator Device Operators can view the properties of vDisks and target devices and, boot or shut down target devices within a device collection. Disk Maintenance Mode Marks a vDisk as currently under maintenance and unavailable to target devices. Only a Maintainer Device can have a vDisk streamed to it when that vDisk is in maintenance mode; simular to working in Private Image Mode. However, versions of a vDisk that are not under maintenance can still be streamed. Disk Store (Store) A logical name given to a physical storage location for vDisks. The store is used by one or more Provisioning Servers within a farm to refer to a shared storage location. vDisk Pool The collection of all vDisks available to a site. There is one vDisk pool per site.
261
Glossary Domain An Active Directory domain as defined by Microsoft. Dynamic Host Configuration Protocol (DHCP) A protocol used for assigning IP addresses and other IP parameters to devices on a network. EULA End-User License Agreement. Farm Administrator A farm administrator can view and manage all objects within a farm. Farm administrators can also create new sites and manage role memberships throughout the entire farm. High Availability Feature (HA) A Provisioning Services environment in which at least one Provisioning Server is configured as a backup should the primary Provisioning Server fail for any reason. If the connection between a targetdevice and a Provisioning Server is lost and HA is enabled, the connection will failover to the secondary Provisioning Server. IPSEC Internet Protocol Security. Master Target Device A target device that has Provisioning Services device software installed, and from which a hard disk image is built and stored on a vDisk. Provisioning Services then streams the contents of the vDisk created from the Master Target Device to other target devices on demand. Maintainer Device A target device that is designated as a maintainer device, has the ability to stream a vDisk that is currently in maintenance mode. In contrast, non-maintainer target devices are not able to stream a vDisk in maintenance mode; instead, they stream the highest numbered versioned vDisk that is available. In order to prevent confusion and unexpected results, a maintainer device is only capable of booting images that are in maintenance mode. There is not a hard link between maintainer devices and disks in maintenance mode. As long as the disks are assigned to the devices and the maintenance bits are the same, the target devices can boot the disk in private image mode. MMC The acronym for Microsoft Management Console. Non-versioned vDisk A single vDisk, VHD file, with no differencing disks associated to it. Switching the vdisk to Private Image Mode will enable the VHD file to be updated directly, without creating a new version of the vDisk. However, the first time a vDisk is placed into maintenance mode, it becomes a versioned vDisk.
262
Administrator's Guide Optimization Utility A command-line utility used to apply several settings to your hard drive or vDisk, that configures Windows to perform at optimal performance when running from a vDisk. Preboot Execution Environment (PXE) Service An optional software service that can deliver the boot file name and location to target devices. Provisioning Services Console (Console) A management console utility used to manage configuration settings for target devices, Provisioning Servers, and vDisks. Provisioning Services database (database) Repository of configuration settings for Provisioning Servers, target devices, and vDisks. Provisioning Services Farm A group of Provisioning Servers that share the same database. Role A set of defined permissions that can be assigned to a farm, site, and collection. Role Based Administration The method of administration that limits the administers management permissions to those defined in the assigned role. Site A container that groups a vDisk Pool, Provisioning Servers and Device Collections. A site can represent a physical or logical location. Store A store is the logical name for the physical location of the vDisk folder that can exist on a local server or on shared storage. Stream Service The software service that transfers software between a target device, its vDisk, and write cache. Target Device A device, such as a desktop computer or server, that boots and gets software from a vDisk on the network, by communicating with a Provisioning Server. Target Device Optimization Utility A command-line utility used to apply several settings to your hard drive or vDisk that, when used, configures Windows to perform at optimal performance when running from a vDisk. User Datagram Protocol (UDP) The primary protocol used by Provisioning Servers. User Groups User groups provide Farm and Site Administrators with the ability to create and manage groups of users based on existing Active Directory or Windows groups.
263
Glossary VHD Collapse When a VHD stack becomes too large, it can cause performance issues for those target devices accessing it. To improve performance, collapse the VHD stack into fewer differencing disks. VHD Differencing Disk (Snapshot) A differencing disk contains the changes made to a VHD, without changing the VHD. In the storage industry similar concepts include thin cloning and snapshots. In Provisioning Services, each version of a VHD is considered a version. The base VHD file is represented by version 0 (baseVHD.0) and each subsequent differencing disk will have an incrementing version number (baseVHD.n+1). VHD Stack A series of one or more VHD differencing disks that are associated to a single base VHD disk. View A logical grouping of target devices within a farm or site, for the purpose of simplify device administration. A view can represent target devices spread across multiple sites and device collections. A target device can belong to any Virtual Disk (vDisk) A file that is accessible to a Provisioning Server and is used to emulate a hard drive for a target device. Versioned vDisk A vDisk that has one or more VHD differencing disks referencing a single base VHD file. This is also referred to as a VHD stack. A versioned disk is created from a nonversioned disk by enabling maintenance mode. Every time maintenance mode is enabled, a new version is created. Write Cache Mode The cache option selected to store a target devices disk writes when using a writeprotected vDisk. The write cache can reside on the Provisioning Server, on shared storage, in the target devices RAM, or on the target devices local hard drive. XenConvert Utility A utility that can copy the contents of a hard disk to a vDisk, or from a vDisk to a hard disk.
264