Citrix Provisioning Services 5.6 SP1 Administrator's Guide

Administrator's Guide
Citrix Provisioning Services 5.6 SP1 October 2010 Revision 1
Provisioning Services: Copyright and Trademark Notices Use of the product documented herein is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included with your installation media. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.
2010 Citrix Systems, Inc. All rights reserved.
The following are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries:
Branch Repeater, Citrix, Citrix Access Essentials, Citrix Access Gateway, Citrix Desktop Receiver, Citrix Desktop Server, Citrix EasyCall, Citrix Essentials, Citrix Merchandising Server, Citrix Provisioning Server, Citrix Receiver, Citrix Repeater, Citrix Streaming Server, Citrix Subscription Advantage, Citrix Workflow Studio, Citrix XenApp, Dazzle, EdgeSight,HDX, ICA, NetScaler,Request Switching, StorageLink, VPX, WANScaler, XenDesktop, XenServer, Xen Data Center, Xen Source
All other trademarks and registered trademarks are the property of their respective owners. Document code: October 19 2010 13:03:25
Contents
Provisioning Services Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Provisioning Services Streaming Technology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Provisioning Services Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Provisioning Services Editions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Product Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Benefits and Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Benefits for XenApp and other Server Farm Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . .18 Benefits for Desktop Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Software-Streaming Process Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Provisioning Services Product Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 Provisioning Services Farm Hierarchy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Farms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21 Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Device Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Additional Provisioning Services' Product Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Provisioning Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Provisioning Services Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Device Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Network Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27 Product Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Provisioning Services Administrator Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Provisioning Services and Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Provisioning Services Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Getting Service and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 Getting the Subscription Advantage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Locating the Citrix Developer Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 iii
Contents
Participating in Citrix Education and Training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Product Technology Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Getting the Boot Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Network Booting a Target Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34 Booting From an Optional Boot Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Provisioning Services vDisk Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Standard Image Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Private Image Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37 Difference Disk Image Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38 Write Cache Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Cache on a Server Disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Cache in Device RAM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Cache on Device Hard Drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Using the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Starting the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Understanding the Console Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Using the Console Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Basic Tree Hierarchy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42 Using the Details View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Common Action Menu Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43 Performing Tasks in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Action menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Right-click (context) Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Using Drag-and-Drop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Using Copy and Paste. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45 Using Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Managing Farms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Configuring the Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Configuration Wizard Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Starting the Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Network Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Identify the Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50 Identify the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51 Create a New Store for a New Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52 Identify the Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52 Select the License Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
iv
Configure User Account Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53 Select network cards for the Stream Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 Configure Bootstrap Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 Running the Configuration Wizard Silently. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Prerequisite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 To Create the ConfigWizard.ans File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 To Copy and Modify the ConfigWizard.ans File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 To Run the ConfigWizard.exe Silently. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57 Farm Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Groups Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 Licensing Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Farm Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Farm Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Connecting to a Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Managing Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Creating Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Site Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 MAK Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Managing Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Creating Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66 Site Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 MAK Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Managing Administrative Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Managing Farm Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Managing Site Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71 Managing Device Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Managing Device Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 v
Contents
Managing Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Store Administrative Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Store Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 Paths Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76 Servers Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Store Configuration and Management Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77 Working with Managed Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78 Prerequisites and Supported Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 Using the Store Management Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Managing Provisioning Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Provisioning Servers in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84 Provisioning Server Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84 General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85 Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92 Provisioning Server Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93 Adding Additional Provisioning Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93 Copying and Pasting Provisioning Server Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94 Marking a Provisioning Server as Down. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94 Deleting a Provisioning Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94 Starting, Stopping, or Restarting Provisioning Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95 Showing Provisioning Server Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96 Balancing the Target Device Load on Provisioning Servers. . . . . . . . . . . . . . . . . . . . . . . . . . .97 Checking for Provisioning Server vDisk Access Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . .98 Configuring Provisioning Servers Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98 Re-Running the Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98 Starting and Configuring the Stream Service Manually. . . . . . . . . . . . . . . . . . . . . . . . . . .99
Managing vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

vDisks in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101 vDisk Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103 General Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105 Mode Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
vi
Identification Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106 Microsoft Volume Licensing Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Options Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Managing vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Using the Imaging Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 Creating and Formatting a New vDisk File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 To create a new vDisk file in the database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 To format a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 To unmount a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113 Create and Assign a Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 To create a target device entry in the database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 To assign a vDisk to a target device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Building the vDisk Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Imaging Windows Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Imaging Linux Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Building a Common Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115 Building the Common Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Configuring the Master Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Exporting Specific Data Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Booting the Master Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Adding Additional Target Devices to the Common Image. . . . . . . . . . . . . . . . . . . . . . .117 Configuring vDisk Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Adding Existing vDisks to a vDisk Pool or Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119 Viewing vDisk Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 View target device connections to a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 Releasing vDisk Locks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 Unassigning vDisks from Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Deleting a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121 Deleting Cache on a Difference Disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Copying vDisks to Different Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Copying and Pasting vDisk Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Backing Up a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Choosing a vDisk Update Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Automatically Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Incrementally Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Rolling Back vDisk Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129 Using Maintenance Utilities with a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 vii
Contents
Working with Physical Disks and vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Configuring a vDisk for Microsoft Volume Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
10 Managing Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131

Target Device Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132 vDisk Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133 Personality Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134 Authentication Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136 Logging tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Target Device Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137 Preparing a Master Target Device for Imaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Preparing the Master Target Device's hard disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Configuring a Master Target Device's BIOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Installing Master Target Device software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140 To install Provisioning Services target device software on a Windows device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140 To install Provisioning Services target device software on a Linux device. . . . . 141 Adding Target Devices to the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142 Using the Console to Manually Create Target Device Entries. . . . . . . . . . . . . . . . . .142 Importing Target Devices Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Using the Auto-Add Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143 Assigning vDisks to Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145 Set the Target Device as the Template for this Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Copy and Paste Target Device Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Booting Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Checking a Target Device's Status from the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 Sending Messages to Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 Disabling a Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Deleting Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148 Shutting Down Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148 Restarting Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148 Moving Target Devices Between Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149 Using the Status Tray on a Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Starting the Virtual Disk Status Tray. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149 Setting Virtual Disk Status Tray Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150 Managing Target Device Personality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150 Define personality data from a single target device using the Console. . . . . . . . .151 viii
Define personality data for multiple target device using the Console. . . . . . . . . . .151 Using Target Device Personality Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
11 Managing Device Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

Device Collection Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156 Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156 Auto-Add Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157 Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 Device Collection Management Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 Creating a Device Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Importing Target Devices into a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Deleting a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Refreshing a Collection in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Booting Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Restarting Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Shutdown Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Sending Messages to Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . .163 Moving Collections within a Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163 Managing Microsoft KMS Volume Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163 Preparing the New Base vDisk Image for KMS Volume Licensing. . . . . . . . . . . . .164 Maintaining or Upgrading a vDisk Image that Uses KMS Volume Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164 Managing Microsoft MAK Volume Licensing on Target Devices. . . . . . . . . . . . . . . . . . . . .165
12 Managing User Assigned vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169

User Group Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 vDisks Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 Managing User Group vDisk Assignments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 Enabling or Disabling User Group Management for a Collection. . . . . . . . . . . . . . . . . . . .172 Creating a User Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172 Enabling or Disabling User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173 Deleting User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173 Assigning a vDisk to a User Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173 Unassigning User Groups From vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
13 Managing Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175

View Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 ix
Contents
General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 Members Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 Managing Views in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176 Creating a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 Pasting Device Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177 Deleting a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Refreshing a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Booting Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Restarting Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 . Shutdown Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178 Sending Messages to Target Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
14 Managing Network Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181

Preparing Network Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 . Switch Manufacturers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 . Using UNC Names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182 Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183 Accessing a Remote Network Share. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183 Reducing Network Utilization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184 Configuring Windows features on a Standard vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 Configuring the Recycle Bin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 Configuring Offline Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185 Configuring Event Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186 Configuring System Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187 Configuring Logical Prefetch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187 Configuring Automatic Disk Defragmentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 . Disabling Windows Automatic Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187 Managing Roaming User Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188 Configuring Roaming User Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Configuring Folder Redirection with Roaming User Profiles. . . . . . . . . . . . . . . . . . . . . . . . .189 Disabling Offline Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 . Booting Through a Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191 Configuring for DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192 Configuring the Provisioning Services for PXE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192 Running PXE and DHCP on the Same Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192 Updating NIC Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 Upgrading NIC Drivers on Target Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 Upgrading NIC Drivers on a Provisioning Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 Managing and Accessing a LUN Without Using a Network Share. . . . . . . . . . . . . . . . . . . . . . . .194 x
Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195 Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195 Modifying vDisk Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
15 Managing for Highly Available Implementations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

Offline Database Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200 Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200 Enabling Offline Database Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201 Database Mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201 Enabling mirroring when configuring a new farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202 Enabling Mirroring Within an Existing Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202 High Availability Option Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203 HA Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204 HA Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204 Configuring the Boot File for HA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205 Adding Provisioning Servers to the boot file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205 Adding Login Servers using the Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . .205 Adding Login Servers Using the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206 Enabling HA on vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 Providing Provisioning Servers Access to Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208 Configuring HA with Shared Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208 Windows Shared-Storage Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208 Creating Stream-Service Account Credentials on the Domain Controller . . . . .209 Assigning Stream-Service Account Credentials Manually. . . . . . . . . . . . . . . . . . . . . .209 Configuring HA Storage Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210 SAN Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211 Disabling Write Cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211 Testing HA Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
16 Managing Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213

Active Directory Integration Prerequistes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Managing Domain Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Password Management Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215 Enabling Domain Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215 Enabling Machine Account Password Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 Enabling Automatic Password Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 Managing Domain Computer Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 Supporting Cross-Forest Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217
xi
Contents
Giving Access to Users from Another Domain Provisioning Services Administrator Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217 Adding Target Devices to a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218 Removing Target Devices From a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Reset Computer Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
17 Managing Bootstrap Files and Boot Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221

Configuring the Bootstrap File From the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222 Configuring the Bootstrap File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224 Using the Manage Boot Devices Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226 Configuring Boot Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
18 Managing Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Installing Printers on a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232 Enabling or Disabling Printers on a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Methods for Enabling Printers on a vDisk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Enabling printers for target devices using the Printer Settings option . . . . . . . . . . . . . . .234 Enabling printers for target devices using the Printers group folder. . . . . . . . . . . . . . . . . 234 Enabling printers using Copy and Paste. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Enabling printers using an existing target device as a template. . . . . . . . . . . . . . . . . . . . . 235 Enabling the Printer Management Feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
19 Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Configuring Provisioning Server Log Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Configuring Target Device Log Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 Log Files and Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Log File Location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Log File Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
20 Auditing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
Enabling Auditing Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 Accessing Auditing Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245 Archiving Audit Trail Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248
21 Managing Multiple Network Interface Cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249

Requirements and Considerations for Manufacturer's NIC Teaming. . . . . . . . . . . . . . . . . . . . . .250 Requirements and Considerations for Provisioning Services NIC Failover. . . . . . . . . . . . . . . 250
xii
22 Installing and Configuring Embedded Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Installing Embedded Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Un-installing an Embedded Target Device Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255 Windows XP Embedded Build Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255 Setting Up Embedded Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Glossary...............................................................................................261
xiii
Contents
xiv
Chapter 1
Provisioning Services Product Overview

Topics:
Benefits and Features Software-Streaming Process Overview Provisioning Services Product Infrastructure Additional Provisioning Services' Product Components Product Utilities Provisioning Services Administrator Roles Provisioning Services and Resources Most enterprises struggle to keep up with the proliferation and management of computers in their environment. Each computer, whether it is a desktop PC, a server in a data center, or a kiosk-type device, must be managed as an individual entity. The benefits of distributed processing come at the cost of distributed management. It costs time and money to set up, update, support and ultimately decommission each computer. The initial cost of the machine is often dwarfed by operational costs. Over the years, various software solutions have been offered that are designed to address the operational challenges faced by IT organizations. For example: w Imaging solutions allow backup and duplication of existing machines. w Distribution tools can automate many of the tasks required to install and upgrade software across many computers. w Simplifies the management of the end points by removing most software and processing locally. Each of these approaches has benefits and limitations. Provisioning Services takes a very different approach by fundamentally changing the relationship between hardware and the software that runs on it. By streaming a single shared disk image rather than copying images to individual machines, Provisioning Services enables organizations to reduce the number of systems that they manage, even as the number of computers continues to grow. This solution simultaneously provides the efficiencies of a centrally managed solution with the benefits of distributed processing.
Provisioning Services Streaming Technology

Provisioning Services streaming technology allows computers to be provisioned and re-provisioned in real-time from a single shared-disk image. In doing so, administrators can completely eliminate the need to manage and patch individual systems. Instead, all image management is done on the master image. The local hard-disk drive of each system may be used for 15
Chapter 1
Provisioning Services Product Overview runtime data caching or, in some scenarios, removed from the system entirely, which reduces power usage, system failure rates, and security risks.
Provisioning Services Solution

The Provisioning-Services solutions infrastructure is based on software-streaming technology. Using Provisioning Services, administrators prepare a device (master target device) for imaging by installing any required software on that device. A vDisk image is then created from the master target devices hard drive and saved to the network (on a Provisioning Server or storage device). Once the vDisk is available from the network, the target device no longer needs its local hard drive to operate; it boots directly across the network. The Provisioning Server streams the contents of the vDisk to the target device on demand, in real time. The target device behaves as if it is running from its local drive. Unlike thin-client technology, processing takes place on the target device.
Provisioning Services Editions

The Provisioning Server editions you can choose from include: w Provisioning Services for Datacenters w Provisioning Services for Desktops Note: The ability to create an embedded target devices is supported in either edition. A single Provisioning Server can stream to both data center and desktop target devices.
Product Licenses
Product licenses are issued based on the product edition that you choose. For Citrix product licensing documentation, open 16
Administrator's Guide the Citrix Knowledge Center, then select Licensing under the Knowledge Resources section.
17
Chapter 1
Benefits and Features

There are many benefits associated with using vDisks as opposed to hard drives. One of those benefits includes not having to install software on each target device within a farm. Instead, when booting, software is dynamically assigned to the target device by the Provisioning Server. This allows a target device to completely change their operating systems and application stack, in the time it takes to reboot. Using Provisioning Services, any vDisk can be configured in Standard Image mode. A vDisk in Standard Image mode allows many computers to boot from it simultaneously; greatly reducing the number of images that must be maintained and the amount of storage that would be required. The vDisk is in read-only format and the image can not be changed by target devices.
Benefits for XenApp and other Server Farm Administrators

If you manage pool of servers that work as a farm, such as XenApp servers or web servers, maintaining a uniform patch level on your servers can be difficult and time consuming. With traditional imaging solutions you start out with a pristine golden master image, but as soon as a server is build up with it, you now must patch the individual server along with all of the others. Rolling patches out to individual servers in your farm is not only inefficient, but it can also be unreliable. Patches often fail on an individual server and you may not realize you have a problem until users start complaining or the server has an outage. Once that happens, getting the server back into sync with the rest of the farm can be challenging and sometimes it can require a full re-imaging of the machine. With Provisioning Services, patch management for server farms is simple and reliable. You start out managing your golden image and you continue to manage that single golden image. All patching is done in one place and then streamed to your servers when they boot-up. Server build consistency is assured because all your servers are using a single shared copy of the disk image. If a server becomes corrupted, simply reboot it and it's instantly back to the known good state of your master image. Upgrades are extremely fast. Once you have your updated image ready for production you simply assign the new image version to the servers and reboot them. In the time it takes them to reboot you can deploy the new image to any number of servers. Just as importantly, roll-backs can be done in the same manner so problems with new images will not take your servers or your users out of commission for an extended period of time.
Benefits for Desktop Administrators

As part of XenDesktop, desktop administrators have the ability to use Provisioning Services' streaming technology to simplify, consolidate, and reduce the costs of both physical and virtual desktop delivery. Many organizations are beginning to explore desktop virtualization. While virtualization addresses many of the consolidation and simplified management needs of IT, deploying it also requires deployment of supporting 18
Administrator's Guide infrastructure. Without Provisioning Services, storage costs can put desktop virtualization out of the budget. With Provisioning Services, IT can reduce the amount of storage required for VDI by as much as 90%. At the same time the ability to manage a single image rather than hundreds or thousands of desktops significantly reduces the cost, effort, and complexity for desktop administration. Not all desktops applications or user groups can be supported by virtual desktops. For these scenarios, Provisioning Services IT can still reap the benefits of consolidation and single image management. Desktop images are stored and managed centrally in the datacenter and streamed out to physical desktops on demand. This model works particularly well for standardized desktops such as those in lab and training environments, call centers, and "thin client" devices used to access virtual desktops.
Software-Streaming Process Overview

Provisioning Services provides all of the tools you need to bring software-streaming technology to your computing environment. After installing and configuring Provisioning Services components, a vDisk is created from a devices hard drive by taking a snapshot of the OS and application image, and then storing that image as a vDisk file on the network. A device that is used during this process is referred to as a Master target device. The devices that use those vDisks are called target devices. vDisks can exist on a Provisioning Server, file share, or in larger deployments, on a storage system that the Provisioning Server can communicate with (iSCSI, SAN, NAS, and CIFS). When a target device is turned on, it is set to boot from the network and to communicate with a Provisioning Server (refer to Step 1 in the illustration that follows).
19
Chapter 1
The target device downloads the boot file from a Provisioning Server (refer to Step 2), and then the target device boots. Based on the device boot configuration settings, the appropriate vDisk is located, then mounted on the Streaming Server (refer to step 3). The software on that vDisk is streamed to the target device as needed. To the target device, it appears like a regular hard drive to the system. Instead of immediately pulling all the vDisk contents down to the target device (as done with traditional or imaging deployment solutions), the data is brought across the network in real-time, as needed. This approach allows a target device to get a completely new operating system and set of software in the time it takes to reboot, without requiring a visit to a workstation. This approach dramatically decreases the amount of network bandwidth required by traditional disk imaging tools; making it possible to support a larger number of target devices on your network without impacting overall network performance. vDisks can be assigned to a single target device as Private Image Mode, or to multiple target devices as Standard Image Mode.
Provisioning Services Product Infrastructure

The infrastructure design includes a hierarchy that directly relates to administrative roles within a Provisioning Services farm.
20
Administrator's Guide The graphic that follows provides a high-level view of the Provisioning Services infrastructure and illustrates how Provisioning Services components might appear within that implementation.
Provisioning Services Farm Hierarchy

The farm hierarchy consists of the following major levels: w Farms on page 21 w Sites on page 22 w Device Collections on page 22 For each major component level, administrative roles exists.
Farms
A farm represents the top level of a Provisioning Services infrastructure. Farms provide a Farm administrator with a method of representing, defining, and managing logical groups of Provisioning Services components into sites. All sites within a farm share that farms Microsoft SQL database. A farm also includes a Citrix License Server, local or network shared storage, and collections of target devices. In the Console window, administrators select the farm that they want to manage or view. Sample tasks that are specific to a farm can include managing: w Farm configurations w Product licensing w High Availability configurations 21
Chapter 1
Provisioning Services Product Overview w Active Directory configurations w User Groups w Administrative roles Note: The Console does not need to be directly associated with the farm because remote administration is now supported on any Console that can communicate with that farms network.
Sites
A site provides both a site administrator and farm administrator, with a method of representing and managing logical groupings of Provisioning Servers, Device Collections, and local shared storage. A site administrator can perform any task that a device administrator or device operator can perform. A site administrator can also perform additional tasks such as managing: w Print servers w Device administrator and device operator role configurations w Provisioning Servers w Shared storage w User Groups Provisioning Servers within a site, communicate with farm components to obtain the information necessary to boot target devices and to provide target devices with the appropriate vDisk. Provisioning Server(s) must be able to communicate with the store where those vDisks exist.
Device Collections
Device collections provide the ability to create and manage logical groups of target devices, which are typically created and managed by a device administrator (a farm and site administrator can also perform a device administrators tasks). A device collection could represent a physical location, a subnet range, or a logical grouping of target devices. Creating device collections simplifies device management by performing actions at the collection level rather than at the target-device level. A target device can only be a member of one device collection. For device collection details, refer to the Managing Device Collections section in the Administrator's Guide.
22
Additional Provisioning Services' Product Components

The Provisioning Services infrastructure also consists of the following additional components: Provisioning Servers on page 23 Provisioning Services Database on page 23 Console on page 23 vDisks on page 25 Target Devices on page 26 Store on page 26 Device Collections on page 27 User Groups on page 27 Network Services on page 27
Provisioning Servers
A Provisioning Server is any server that has Stream Services installed. It is used to stream software from vDisks, as needed, to target devices. In some implementations, vDisks reside directly on the Provisioning Server. In larger implementations, Provisioning Servers get the vDisk from a shared-storage location on the network. Provisioning Servers also retrieve and provide configuration information to and from the Provisioning Server Database. Provisioning Server configuration options are available to ensure high availability and load-balancing of target device connections. For Provisioning Server details, refer to Managing Provisioning Servers.
Provisioning Services Database

The database stores all system configuration settings that exist within a farm. Only one database can exist within a farm and all Provisioning Servers in that farm must be able to communicate with that database. You may choose to leverage an existing SQL Server database or install SQL Server Express, which is free and available from Microsoft.
Console
The Console is a utility that is used to manage your Provisioning Services implementation. After logging on to the Console, you select the farm that you want to
23
Chapter 1
Provisioning Services Product Overview connect to. Your administrative role determines what you can view in the Console and manage in the farm. The following illustration displays the farm hierarchy in the tree pane and the keys components in the Console window.
Action Menu The Action menu displays Provisioning Services tasks that can be performed on an object that is highlighted in the Console. The same tasks are available when you rightclick on the object in the Console. Tasks are object specific and can only be performed if the user has the appropriate role assigned (role-based administration). Your role determines what displays in the Console. For example, if you are a farm administrator, you can perform all tasks and see all objects in the farm. Device administrators can only perform device-collection management tasks on collections to which they have privileges. Administrator roles are described later in this chapter. Note: MMC (Microsoft Management Console) specific console features are not described in this document. Refer to Microsofts MMC documentation for detailed information. Console Tree and Details Pane To view information about an object in the Details pane, click on the object or folder in the Tree pane. The Details pane provides information such as the objects name and a description of that object. Properties Menus 24
Administrator's Guide To view or change an objects properties, right-click on the object, then select the Properties menu option. You can also highlight the object in the Console window, then select Properties from the Action menu options. The Properties dialog displays property settings in tabular format.
vDisks
vDisks exist as disk image files on a Provisioning Server or on a shared storage device. vDisk images are configured to be in Private, Standard, or Difference Disk, or RAM disk mode. (For more information, refer to the Configuring vDisk Modes section in the Administrator's Guide). vDisks are associated with a sites vDisk pool. To view vDisks within a pool, expand the vDisk Pool folder in the Console tree. vDisk Pools vDisk pools are the collection of all vDisks available to a site. There is only one vDisk pool per site. The method used to locate a vDisk on a server share is illustrated in the graphic that follows.
1. The target device begins the boot process by communicating with a Provisioning Server and acquiring a license. 2. The Provisioning Server checks the vDisk pool for vDisk information, which includes identifying the Provisioning Server(s) that can provide the vDisk to the target device and the path information that server should use to get to the vDisk. In this example, the vDisk shows that only one Provisioning Server in this site can provide the target device with the vDisk and that the vDisk physically resides on the Finance Server (shared storage at the farm level). 3. The Provisioning Server locates the vDisk on Finance Server, then streams that vDisk, on demand, to the target device. On the Consoles Create a New vDisk dialog, you can add a new vDisk file to a store and select the Provisioning Server that will create the vDisk file on a Provisioning Server or on shared storage. 25
Chapter 1
Target Devices
A device, such as a desktop computer or server, that boots and gets software from a vDisk on the network, is considered a target device. Note: In the product documentation, the term target device is used generically when referring to any device within the a Provisioning Services Farm, which boots and gets software from a vDisk on the network. Target devices deliver a higher level of security than traditional technologies, by fully utilizing your existing management infrastructure. Each target device continues to have its own unique identity on the network and within your existing network operating system (i.e. Active Directory, Novell E-Directory and other LDAP directories). Target devices can continue to be managed by group policies and existing security policies pushed out by these directory management tools. In addition to using existing policy management tools, greater security is inherit by the fact that there is no longer a hard drive in the target device. If the target device is stolen, data is not lost. Instead, it is easily ported to another target device. A target device can only be a member of one device collection. Expanding a Device Collection folder in the Consoles tree allows you to view members of a device collection and information such as the target device name, IP address, vDisk, and the Provisioning Server currently providing the vDisk. Target device settings are made in the Consoles Device Properties dialog, which includes settings such as printer assignments.
Store
A store is a logical name that is given to a physical vDisk storage location. The store name is the common name used by all Provisioning Servers within the farm. Example One The physical vDisk for Windows XP (WINXP1) resides on a Provisioning Server (PVS1) local to a site. The vDisk path is: C:\vDisks\WINXP1.vhd The logical name that is given to this physical location is the store. Store name (logical name): bostonwinxp Example Two The physical vDisk for Windows XP (WINXP1) resides on a network share (FinanceShare) at the farm level. The vDisk path for Provisioning Server (PVS1) to WINXP1 is: \\FinanceShare\vDisks\WINXP1.vhd Access or visibility to a store depends on the users administrative privileges: 26
Administrator's Guide w Farm administrators have full access to all stores within the farm. w Site administrators have access to only those stores owned by the site. They can delete stores owned by the site but they can not modify store properties or add vDisks to the store. w Device administrators and device operators have read-only access and can not view store information. Site Administrators may also have read-only access if that store exists at the farm level, or if that store belongs to another site. Stores that exist in a farm can be viewed by expanding the Store parent directory in the Consoles tree. The Stores property settings can be modified from the Properties Dialog.
Device Collections
Device collections provide the ability to create and manage logical groups of target devices. A device collection could represent a physical location, a subnet range, or a logical grouping of target devices. Creating device collections simplifies device management by performing actions at the collection level rather than at the targetdevice level. Note: A target device can only be a member of one device collection. Device collections are created and managed by farm administrators, site administrators that have security privileges to that site, or device administrators that have security privileges to that collection. Device administrators can not modify the collection itself; only the devices within it. Device operators can only perform tasks on device collections that they are assigned to.
User Groups
User groups provide farm and site administrators with the ability to create and manage groups of users based on existing Active Directory or Windows groups. Creating user groups within a site simplifies management tasks by performing actions at the usergroup level, rather than at the individual user level. User groups have the same vDisks and settings available if moving from one target device to another.
Network Services
Network services include a BOOTP service, Preboot Execution Environment (PXE) service, and a TFTP service. These service options can be used during the boot process to retrieve IP addresses, and locate then download the boot program from the Provisioning Server to the target device. Alternative boot options are also available, refer to Booting From an Optional Boot Device. Note: For network service details, refer to Managing Bootstrap Files and Boot Devices on page 221 in this document.
27
Chapter 1
Product Utilities
In addition, Provisioning Services includes several tools for use when configuring and managing a Provisioning Services deployment. After installing Provisioning Services software, the following tools become available: w Installation Wizard Use this wizard to install Provisioning Services components to create a Provisioning Servers and Master target devices. w Configuration Wizard Use this wizard to configure Provisioning-Server components, including network services, and database permissions. This wizard is installed during the Provisioning Services installation process. w Imaging Wizard On the master target device, run the Provisioning Services Imaging Wizard to create a vDisk file in the Provisioning Services database and then image to that file without having to physically go to a Provisioning Server. This utility is installed during the target device installation process. w Virtual Disk Status Tray Use this target device utility to get target-device connection status and streaming statistical information. This utility is installed during the Provisioning Services target device installation process. w Boot Device Manager Use this utility to configure a boot device, such as a USB or CDROM, which then receives the boot program from the Provisioning Services. w Upgrade Utilities There are several upgrade methods available. The method you select depends on your network requirements. w Programming Utilities Provisioning Services provides programmers with a management application programming utility and a command line utility. These utilities can be accessed by all users. However, users can only use those commands associated with their administrator privileges. For example, a Device Operator is able to use this utility to get a list of all target devices that they have access to.
Provisioning Services Administrator Roles

The ability to view and manage objects within a Provisioning Services implementation is determined by the administrative role assigned to a group of users. Provisioning Services makes use of groups that already exist within the network (Windows or Active Directory Groups). All members within a group share the same administrative privileges within a farm. An administrator may have multiple roles if they belong to more than one group. Groups are managed at the farm level through the Consoles Farm Properties dialog. The following roles exist within a Provisioning Services farm: w Farm Administrator Farm administrators can view and manage all objects within a farm. Farm administrators can also create new sites and manage role memberships throughout the entire farm.
28
Administrator's Guide w Site Administrator Site administrators have full management access to the all objects within a site. For example, a site administrator can manage Provisioning Servers, site properties, target devices, device collections, vDisks, vDisk pools, and local vDisk stores. A site administrator can also manage device administrator and device operator memberships. w Device Administrator Device administrators can perform all device-collection management tasks on collections to which they have privileges. w Device Operator Device operators can view vDisks and target devices, boot or shut down target devices, and send messages to target devices within a device collection to which they have privileges. For details on administrator roles, refer to Managing Administrative Roles on page 69.
Provisioning Services and Resources

The following services and resources are available to support Provisioning Services. w Provisioning Services Documentation w Getting Service and Support w Getting the Subscription Advantage w Locating the Citrix Developer Network w Participating in Citrix Education and Training
Provisioning Services Documentation

The following identifies the documentation that is available to support Provisioning Services. All supporting documentation assumes that Provisioning Services administrators are knowledgeable about networking components and administration, and that device operators are familiar with networking concepts. The majority of product documentation is provided as Adobe Portable Document Format (PDF) files. To view, search, and print PDF documentation, you need to have Adobe Reader 5.0.5 with Search, or a more recent version. You can download these products for free from Adobe Systems Web site at http://www.adobe.com/ Most PDF product documentation, including knowledge-based topics and white papers, are accessible from the Citrix Knowledge Center, http://support.citrix.com/. Citrix Product Licensing Documentation For Citrix product licensing documentation, refer to Licensing Your Product under the Technologies section. Release Notes This document contains important product information and is intended to be read first. Contents include information on new product features, enhancements, and known 29
Chapter 1
Provisioning Services Product Overview product issues as well as late additions that were not included in the other product documentation. The release notes are accessible from: w Citrix Knowledge Center: http://support.citrix.com/ w Product installation CD-ROM, when the installation executable is run. w Programs directory, after completing the product installation: Start>All Programs>Citrix Provisioning Services>Provisioning Services Release Notes Programmers Guides Administrators with the appropriate privileges can use any of the following guides to manage your implementation from command lines. w MCLI Programmers Guide w SOAP Server Programmers Guide w PowerShell Programmers Guide These guides are available as a PDF and can be accessed from the Citrix Knowledge Center: http://support.citrix.com/ Virtual Disk Status Tray Help The Virtual Disk (vDisk) Status Tray help is available to aid in the management and troubleshooting of vDisks on target devices. This help system is assessable from the Help menu on the Virtual Disk Status Tray.
Finding Additional Documentation From the Help menu or product installation directory, the following additional documentation is available for optional Provisioning Services utilities: w Boot Device Manager (BDM.chm) w BOOTPTab Editor (bootptab-editor-help.chm) w PXE (pxemap.chm)
Getting Service and Support

Citrix provides technical support primarily through the Citrix Solutions Advisors Program. Contact your supplier for the first-line support or check for your nearest Solutions Advisor. In addition to the Citrix Solutions Advisors Program, Citrix offers a variety of self-service, Web-based technical support tools from its Knowledge Center at: http://support.citrix.com/ The Knowledge Center feature includes:
30
Administrator's Guide w A knowledge base containing thousands of technical solutions to support your Citrix environment. w An online product documentation library. w Interactive support forums for every Citrix product. w Blogs and communities. w Access to the latest hotfixes and service packs. w Security bulletins. w Additional resources are available to customers with valid support contracts, including online problem reporting and tracking. w Citrix Live Remote Assistance. Using Citrixs remote assistance product, GoToAssist, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution. Another source of support, Citrix Preferred Support Services, provides a range of options that allows you to customize the level and type of support for your organizations Citrix products.
Getting the Subscription Advantage

Subscription Advantage gives you an easy way to stay current with the latest serverbased software functionality and information. Not only do you get automatic delivery of feature releases, software upgrades, enhancements, and maintenance releases that become available during the term of your subscription, you also get priority access to important Citrix technology information. You can find more information on the Citrix Web site (http://www.citrix.com/) by selecting Subscription Advantage from the Support menu. You can also contact your Citrix sales representative or a member of the Citrix Solutions Advisors Program for more information.
Locating the Citrix Developer Network

The Citrix Developer Network (CDN) is at: http://www.citrix.com/cdn/ This enrollment membership program provides access to developer toolkits, technical information, and test programs for software and hardware vendors, system integrators, and corporate IT developers who incorporate Citrix computing solutions into their products. Note: There is no cost associated with enrolling with the Citrix Developer Network.
Participating in Citrix Education and Training

The following identifies the documentation that is available to support Provisioning Services. All supporting documentation assumes that Provisioning Services 31
Chapter 1
Provisioning Services Product Overview administrators are knowledgeable about networking components and administration, and that device operators are familiar with networking concepts. The majority of product documentation is provided as Adobe Portable Document Format (PDF) files. To view, search, and print PDF documentation, you need to have Adobe Reader 5.0.5 with Search, or a more recent version. You can download these products for free from Adobe Systems Web site at: http://www.adobe.com/
32
Chapter 2
Product Technology Overview

Topics:
Getting the Boot Program Provisioning Services vDisk Modes Write Cache Modes vDisk technology is the key to software streaming. This technology allows a target device to connect to a Provisioning Server to emulate a local hard drive. The difference between a physical hard drive and a vDisk is unknown to the target device. Understanding how Provisioning Services works requires knowledge of the following underlaying technology: w Getting the Boot Program on page 34 w Provisioning Services vDisk Modes on page 36 w Write Cache Modes on page 39
33
Chapter 2
Getting the Boot Program

After the BIOS is configured to allow the target device to boot from the network, the device can boot from, and get a vDisk assignment from the Provisioning Server. The target device firmware gets the boot program using standard network protocols.
Network Booting a Target Device

Note: The device firmware (NIC) must support PXE 0.99j or greater. The DHCP service delivers IP configurations to a device. It can also deliver the boot program location using options 67, and 60 or 66. Consider delivering the boot program location with a DHCP service to reduce the number of services and increase reliability. The PXE service can deliver the boot program location to a target device according to the PXE Specification Version 2.1. Use this service if a DHCP service exists and cannot be changed, and another PXE service is not used. The BOOTP service can deliver IP configuration to a target device according to BOOTP tab. It can also deliver the boot program location using optional fields. Use of this service is no longer typical. Use this service only if DHCP does not meet your requirements. The TFTP service delivers the boot program to a target device on request. Use it if another TFTP service is not available. The illustrations and steps that follow, describe the boot process both with and without the use of PXE. Using DHCP to Retrieve IP Address and Scope Options (Without PXE) 1. When a target device boots from the network, DHCP sends a request to the Provisioning Server for an IP address and Scope Option settings (66 and 67). The Provisioning Server returns the information as requested. 2. Using TFTP, a request for the boot file is sent from the target device to the Provisioning Server. The Provisioning Server downloads the boot file on the target device and the target device boots.
34
Using DHCP with PXE to Retrieve IP Address and Scope Options: 1. When a target device boots from the network, DHCP sends a request to the Provisioning Server for an IP address and Scope Option settings (option 60; PXEClient identifier). The Provisioning Server returns the information as requested. 2. The target device sends a request to the Provisioning Server for the boot file name and location to the PXE service (options 66 and 67). The PXE service returns the information to the target device. 3. Using TFTP, a request for the boot file is sent from the target device to the Provisioning Server. The Provisioning Server downloads the boot file on the target device and the target device boots.
35
Chapter 2
Booting From an Optional Boot Device

As an alternative to using PXE, the Boot Device Manager (BDM) can create a bootstrap on a local hard drive, USB flash drive or ISO image. The bootstrap will then be used to boot the target device. The BIOS Embedded Bootstrap boot method also exists to allow OEMs to embedded the bootstrap file on the target device.
Provisioning Services vDisk Modes

The vDisk mode options include: w Standard Image Mode on page 36 w Private Image Mode on page 37 w Difference Disk Image Mode on page 38
Standard Image Mode

Standard Image mode allows multiple target devices to use a single vDisk at the same time; greatly reducing the amount of vDisk management and storage requirements. 36
Administrator's Guide To use Standard Image mode, the vDisk must first be set to read-only mode. Each target device then builds a write cache that stores any writes the operating system needs to make. There are several write-cache options available. Having a read-only vDisk offers administrators several advantages. First, each time the target device boots, it always boots from a clean vDisk. If a machine becomes infected with a virus or spyware, simply reboot to the clean image. This solution greatly reduces the number of vDisks to maintain in an network. It also reduces the amount of change points required. Other installation methods require a successful install of a software update on each target device. With a Standard Image, you only have to install software one time. Updated vDisks can then be accessed, by all assigned target devices, through the Provisioning Server. As a result, a single successful installation can upgrade thousands of machines. To get new software, a target device just needs to reboot. While each target device is using the same vDisk, there are plenty of instances when a device needs to have some unique characteristics while running. A number of tools are provided to allow for uniqueness within the environment including: w Computer Name Each target device is given its own unique network name and each target device is able to have its own computer account within your existing directory management structure. w Common Image Allows a vDisk to be used across different hardware platforms. w Device Personality While 95% of all software works in a standard image, a number of applications require each target device to have a unique ID, such as a phone extension. This feature allows you to store application specific values in the database and retrieve the target devices unique value as the device loads.
Private Image Mode

Private images closely model how a computer uses a regular hard drive. That is, only one target device can use a Private Image vDisk at a time. The Provisioning Server performs read or write requests. The benefits for using Private Images instead of a regular hard drive are: w Application flexibility; users can install their own applications. w User software and data can seamlessly move from one computer to another in a minutes without elaborate migration procedures. w All user data (including E-mail) is automatically backed up to a server. w Eliminates hard drive failures which is the number one cause of hardware problems. w Security; prevents data from being downloaded or stolen. The drawbacks include: w Increased Provisioning-Server load. w Private Image vDisks require a lot more storage space. 37
Chapter 2
Product Technology Overview w Each vDisks application stack must be maintained.
Difference Disk Image Mode

Note: Difference Disk Image mode can not be used with the User Group vDisk feature. Difference Disk Image Mode allows for the saving of changes between reboots. Using this mode, after rebooting, a target device is able to retrieve changes made from previous sessions that differ from the read only vDisk image. If a vDisk is set to Difference Disk Image mode, each target device that accesses the vDisk automatically has a device-specific, writable disk file created. Any changes made to the vDisk image are written to that file (Difference Disk Image), which is not automatically deleted upon shutdown. The Difference Disk name uniquely identifies the target device by including the target devices MAC address and disk identifier. A target device can be assigned to multiple vDisks and therefore have multiple cache files associated to it. In order to restore a vDisk that uses Difference Disk cache, be sure to backup all vDisk files and Difference Disk cache files prior to making any vDisk modifications. The benefits of using Difference Disk Mode include: w Saves target device specific changes that are made to the vDisk image. w Same benefits as Standard Image Mode. The drawbacks of using Difference Disk Mode include: w The cache file is saved so long as the file remains valid. Any changes made to the vDisk force the cache file to be automatically deleted. For example, if the vDisk is set to Private Image Mode, all associated cache files are deleted. Invalidating changes include: w Automatic updates w Incremental updates w Mapping the drive from the Console w Changing the location of the Difference Disk file w Booting in Private Image mode w Changing the write-cache path entries for a server (for example, adding, subtracting, or changing the order of those path entries to improve I/O by spreading the load with other servers). w Changing a target devices MAC address.
38
Write Cache Modes

Provisioning Services supports several write cache mode options. The write cache mode for a vDisk is selected on the vDisk File Properties dialogs Mode tab. The following lists valid write cache options: w Cache on a Server Disk on page 39 w Cache in Device RAM on page 39 w Cache on Device Hard Drive on page 39
Cache on a Server Disk

Write cache can exist as a temporary file on a Provisioning Server. In this configuration, all writes are handled by the Provisioning Server, which can increase disk IO and network traffic. For additional security, the Provisioning Server can be configured to encrypt write cache files. Since the write-cache file does exist on the hard drive between reboots, the data will be encrypted in the event a hard drive is stolen.
Cache in Device RAM

Write cache can exist as a temporary file in the target devices RAM. This provides the fastest method of disk access since memory access is always faster than disk access.
Cache on Device Hard Drive

Write cache can exist as a file on the target-devices hard drive. This write cache option frees up the Provisioning Server since it does not have to process write requests and does not have the finite limitation of RAM. The hard drive does not require any additional software to enable this feature. Note: The write cache file is temporary unless the vDisk mode is set to Difference Disk Image mode.
39
Chapter 2
40
Chapter 3
Using the Console

Topics:
Starting the Console Understanding the Console Window Performing Tasks in the Console Use the Provisioning Services Console to manage components within a Provisioning Services farm. The Console can be installed on any machine that can access the farm. For more information on the Console refer to: w Starting the Console on page 42 w Understanding the Console Window on page 42 w Performing Tasks in the Console on page 44
41
Chapter 3
Using the Console
Starting the Console

Before starting the Console, make sure that the Stream Service is started and running on the Provisioning Server. (After the Configuration Wizard runs, the Stream Service starts automatically). To start the Console From the Start menu, select: All Programs>Citrix>Provisioning Services>Citrix Provisioning Console The Consoles main window appears. Note: To connect to a farm refer to Farm Tasks on page 61.
Understanding the Console Window

On the main Console window, you can perform tasks necessary when setting up, modifying, tracking, deleting, and defining the relationships among vDisks, target devices, and Provisioning Servers within your network. For details on using various Console components, refer to: w Using the Console Tree on page 42 w Basic Tree Hierarchy on page 42 w Using the Details View on page 43 w Common Action Menu Options on page 43
Using the Console Tree

The tree is located in the left pane of the Console window. The tree shows a hierarchical view of your network environment and managed objects within your network. What displays in the Details view depends on the object you have selected in the tree and your user role. In the tree, click + to expand an managed object node, or click - to collapse the node.
Basic Tree Hierarchy

Farm administrators can create new sites, views, and stores within the farm. The farmlevel tree is organized as follows: w Farm
42
Administrator's Guide Sites Views Stores Site administrators generally manage those objects within sites to which they have privileges. Sites contain Provisioning Servers, a vDisk Pool, device collections, user groups and views. The site-level tree is organized as follows: w Site Servers vDisk Pool Device Collections User Groups Views
Using the Details View

The right-hand pane of the Console window contains the details view. This view provides information about the object selected in the tree, in table format. The types of objects that display in the view include Provisioning Servers, target devices, and vDisks. For more detailed information, right-click on the object, then select the Properties menu. The tables that display in the details view can be sorted in ascending and descending order. In the Console, the objects that display and the tasks that you can perform are dependant on the role that you are assigned.
Common Action Menu Options

The following menu options are common to most objects in the Console: New Window From Here To open a new Console window, right-click on an object in the tree or in the details pane, then select the New Window from Here menu option. A new Console window opens. It may be necessary to minimize the window to view and toggle between one or more windows. Refresh To refresh information in the Console, right-click a folder, icon, or object, then select Refresh. Export List
43
Chapter 3
Using the Console 1. To export table information from the details pane to a text or comma delimited file, select Export from the Action menu. 2. Select the location where this file should be saved inSave in: 3. Type or select the file name in the File name textbox. 4. Select the file type from and Save as text boxes. 5. Click Save to save the file. Help Select an object in the Console, then select Help from the Action menu to display information about that object. View Options To customize a Console view: 1. Select View, then select either Add/Remove Columns... or Customize.... 2. If you selected: Add/Remove Columns..., use the Add and Remove buttons to select which columns to display. Customize..., select the check box next to each MMC and Snap-in view option that should display in the Console window. 3. Click OK. The Console view refreshes to display the view options selected.
Performing Tasks in the Console

Use the following Console menus and features to perform tasks: Note: Use the Ctrl key to make non-continuous selections or the Shift key to make continuous selections. w Action menu on page 44 w Right-click (context) Menu on page 45 w Using Drag-and-Drop on page 45 w Using Copy and Paste on page 45 w Using Views on page 45
Action menu
Select object-related tasks from the Action menu such as; boot, restart, send message, view properties, copy or paste properties. For a complete list of tasks, refer to that objects management chapter within this guide.
44
Right-click (context) Menu

Right-click a managed object(s) to select object-related tasks. For a complete list of tasks, refer to that objects management chapter within this guide.
Using Drag-and-Drop
w Move target devices by dragging them from one device collection, and dropping them on another device collection within the same site. w Assign a vDisk to all target devices within a collection by dragging the vDisk and dropping it on the collection. The vDisk and the collection must be in the same site. (The new vDisk assignment replaces any previous vDisk assignments for that collection). w Add a target device to a view by dragging the device, then dropping it on the view in Consoles tree. w Drag a Provisioning Server from one Site, then drop it into another site. (Any vDisks assignments that were specific to this server and any store information will be lost.).
Using Copy and Paste

Select an object in the Console window, then use the Copy and Paste right-click menu options to quickly copy one or more properties of a vDisk, Provisioning Server, or target device, to one or more existing vDisks, Provisioning Servers, or target devices. To copy the properties of a one object type and paste those properties to multiple objects of the same type: 1. In the tree or details pane, right-click the object which has the properties you want to copy, then select Copy. The object-specific Copy dialog appears. 2. Place a check in the checkbox next to each of the object properties you want to copy, then click OK. 3. In the Console tree, expand the directory where the object exists so that those objects display in either the tree or details pane. 4. Right-click on the object(s) in the tree or details pane that you want to paste properties to, then select Paste.
Using Views
Create views containing target devices to display only those target devices that you are currently interested in viewing or performing tasks on. Adding target devices to a view provides a quick and easy way to perform a task on members of that view, such as: w Boot w Restart 45
Chapter 3
Using the Console w Shutdown w Send message Views can be created at the site level or at the farm level. To perform a task on members of a view: 1. Right-click on views icon, then select the Create View... menu option. The View Properties dialog appears. 2. Type the name and a description of the new view in the appropriate text boxes, then select the Members tab. 3. To add target devices to this view, click the Add button. The Select Target Devices dialog appears. 4. If you are creating the view at the farm level, select the site where the target devices reside. If you are creating the view at the site level, the site information is already populated. 5. From the drop-down menu, select the device collection where the target devices to add are members. 6. Select from the list of target devices that display, then click OK. 7. If necessary, continue adding target devices from different device collections within a site. 8. Click the OK button to close the dialog. For more information on views, refer to Managing Views on page 175.
46
Chapter 4
Managing Farms
Topics:
Configuring the Farm Farm Properties Farm Tasks A farm represents the top level of a Provisioning Services infrastructure. Farms provide a Farm Administrator with a method of representing, defining, and managing logical groups of Provisioning Services components into sites. All sites within a farm share that farms Microsoft SQL database. A farm also includes a Citrix License Server, local or network shared storage, and collections of target devices. To learn more about managing farms, refer to the follow sections: w Configuring the Farm on page 48 w Farm Tasks on page 61 w Farm Properties on page 58
47
Chapter 4
Managing Farms
Configuring the Farm

Run the Configuration Wizard on a Provisioning Server when creating a new farm, adding new Provisioning Servers to an existing farm, or reconfiguring an existing Provisioning Server. When configuring a Provisioning Server, consider the following: w All Provisioning Servers within a farm must share the same database to locate vDisks for target devices on shared storage devices within the farm. If that shared storage device is a Windows network share, refer to configuration information described in the Administrators Guide, Managing Network Components section. If that shared storage device is a SAN, no additional configuration is necessary. w To properly configure the network services, be sure that you understand network service options and settings. Note: If all Provisioning Servers in the farm share the same configuration settings such as site and store information, consider Running the Configuration Wizard Silently on page 57.
Configuration Wizard Settings

Before running the Configuration Wizard, be prepared to make the following selections: Note: The Configuration Wizard can also be run silently on servers that share similar configuration settings. For details, refer to Running the Configuration Wizard Silently on page 57. w Network Topology on page 49 w Identify the Farm on page 50 w Identify the Database on page 51 w Identify the Site on page 52 w Select the License Server on page 53 w Select network cards for the Stream Service on page 54 w Configure Bootstrap Server on page 54 Note: If errors occur during processing, the log is written to a ConfigWizard.log file, which is located at C:\Documents and Settings\All Users\ProgramData \Citrix\Provisioning Services.
48
Starting the Configuration Wizard

The Configuration Wizard starts automatically after Provisioning Services software is installed. The wizard can also be started by selecting: 1. Start>All Programs>Citrix>Provisioning Services>Provisioning Services Configuration Wizard 2. After starting the Configuration Wizard, click Next to begin the configuration tasks that follow. Note: When running the Configuration Wizard, the tasks that appear depend on the network service options that are selected and the purpose for running the wizard.
Network Topology
Complete the network configuration steps that follow. 1. Select the network service to provide IP addresses Note: Use existing network services if possible. If for any reason existing network services can not be used, choose to install the network services that are made available during the installation process. To provide IP addresses to target devices, select from the following network service options: If the DHCP service is on this server, select the radio button next to one of the following network services to use, then click Next: w Microsoft DHCP w Provisioning Services BOOTP service w Other BOOTP or DHCP service If the DHCP service is not on this server, select the radio button next to The service is running on another computer, then click Next. 2. Select the network service to provide PXE boot information Each target device needs to download a boot file from a TFTP server. Select the network service to provide target devices with PXE boot information: If you choose to use this Provisioning Server to deliver PXE boot information, selectThe service that runs on this computer, then select from either of the following options, then click Next: w Microsoft DHCP (options 66 and 67) w Provisioning Services PXE Service
49
Chapter 4
Managing Farms If Provisioning Services will not deliver PXE boot information, select The information is provided by a service on another device option, then click Next.
Identify the Farm

Select from the following farm options: Farm is already configured Select this option to reconfigure an existing farm, then continue on to theConfigure user account settings procedure. This option only appears if a farm already exists. Create farm i. On the Farm Configuration dialog, select the Create Farm radio button to create a new farm, then clickNext. ii. Use the Browse button to browse for existing SQL databases and instances in the network, or type the database server name and instance. Optionally, enter a TCP port number to use to communicate with this database server. iii. To enable database mirroring, enable the Specify database mirror failover partner option, then type or use the Browse button to identify the failover database server and instance names. Optionally, enter a TCP port number to use to communicate with this server. Note: Refer to Database Mirroring in the Provisioning Services Administrator's Guide for more information. iv. Click Next to continue on to theIdentify the Database on page 51 procedure. Join existing farm i. On the Farm Configuration dialog, select the Join Existing Farm radio button to add this Provisioning Server to an existing farm, then clickNext. ii. Use the Browse button to browse for the appropriate SQL database and instance within the network. iii. Select the farm name that displays by default, or scroll to select the farm to join. Note: More than one farm can exist on a single server. This configuration is common in test implementations. iv. To enable database mirroring, enable the Specify database mirror failover partner option, then type or use the Browse button to identify the failover database server and instance names. Optionally, enter a TCP port number to use to communicate with this server. Note: Refer to Database Mirroring in the Provisioning Services Administrator's Guide for more information. 50
Administrator's Guide v. Click Next. vi. Select from the following site options, then click Next: Existing Site: Select the site from the drop-down menu to join an existing site. New Site: Create a site by typing the name of the new site and a collection. Continue on toConfigure User Account Settings on page 53 procedure.
Identify the Database

Only one database exists within a farm. To identify the database, complete the steps that follow. 1. Select the database location If the database server location and instance have not yet been selected, complete the following procedure. a. On the Database Server dialog, click Browse to open the SQL Servers dialog. b. From the list of SQL Servers, select the name of the server where this database exists and the instance to use (to use the default instance, SQLEXPRESS, leave the instance name blank). In a test environment, this may be a staged database. Note: When re-running the Configuration Wizard to add additional Provisioning Servers database entries, the Server Name and Instance Name text boxes are already populated. By default, SQL Server Express installs as an instance named SQLEXPRESS. c. Click Next. If this is a new farm, continue on to theDefining a Farm procedure. 2. To change the database to a new database a. On the old database server, perform a backup of the database to a file. b. On the new database server, restore the database from the backup file. c. Run the Configuration Wizard on each Provisioning Server. d. Select Join existing farm on the Farm Configuration dialog. e. Enter the new database server and instance on the Database Server dialog. f. Select the restored database on the Existing Farm dialog. g. Select the site that the Server was previously a member of on the Site dialog. h. Click Next until the Configuration Wizard finishes. 3. Define a farm. Select the security group to use: Use Active Directory groups for security 51
Chapter 4
Managing Farms
Note: When selecting the Active Directory group to act as the Farm Administrator from the drop-down list, choices include any group the current user belongs to. This list includes Builtin groups, which are local to the current machine. Avoid using these groups as administrators, except for test environments. Also, be aware that some group names may be misleading and appear to be Domain groups, which are actually Local Domain groups. For example: ForestA.local/Builtin/Administrators. Use Windows groups for security 4. ClickNext. Continue on to theSelecting the license server procedure.
Create a New Store for a New Farm

A new store can be created and assigned to the Provisioning Server being configured: Note: The Configuration Wizard only allows a server to create or join an existing store if it is new to the database. If a server already exists in the database and it rejoins a farm, the Configuration Wizard may prompt the user to join a store or create a new store, but the selection is ignored. 1. On the New Store page, name the new Store. 2. Browse or enter the default path (for example: C:\PVSStore) to use to access this store, then click Next. If an invalid path is selected, an error message appears. Re-enter a valid path, then continue. The default write cache location for the store is located under the store path for example: C:\PVSStore\WriteCache.
Identify the Site

When joining an existing farm, identify the site where this Provisioning Server is to be a member, by either creating a new site or selecting an existing site within the farm. When a site is created, a default target device collection is automatically created for that site. Create a new site i. On the Site page, enable the New Site radio button. ii. In the Site Name text box, type the new site name where this Provisioning Server is to be a member. iii. In the Collection Name, accept the default collection, Collection, or create a new default collection name to associate with this Provisioning Server, then clickNext. Select an existing site 52
Administrator's Guide i. On the Site page, enable the Existing Site radio button. (The default site name is Site.) ii. Select the appropriate site from the drop-down list, then click Next. iii. Create a new store or select an existing store on the Store page, then click Next.
Select the License Server

Note: When selecting the license server, ensure that all Provisioning Servers in the farm are able to communicate with that server in order to get the appropriate product licenses. 1. Enter the name (or IP address) and port number of the license server (default is 27000). The Provisioning Server must be able to communicate with the license server to get the appropriate product licenses. 2. Optionally, select the checkbox Validate license server version and communicationto verify that the license server is able to communicate with this server and that the appropriate version of the license server is being used. If the server is not able to communicate with the license server, or the wrong version of the license server is being used, an error message displays and does not allow you to proceed. 3. The checkbox Use Datacenter licenses for desktops if no Desktop licenses are availableenables the license tradeup option and is enabled by default. Optionally, disable this trade up option by clicking on the enabled checkbox(uncheck). 4. Click Next to continue on to theConfigure user account settings procedure.
Configure User Account Settings

The Stream and Soap services run under a user account. 1. On the User Account dialog, select the user account that the Stream and Soap services will run under: Specified user account (required when using a Windows Share; workgroup or domain user account) Type the user name, domain, and password information in the appropriate text boxes. Local system account (for use with SAN) 2. Select the checkbox next to the Configure the database for the account option, if you selectedSpecified user account, which adds the appropriate database roles (Datareader and Datawriter) for this user. 3. Click Next, then continue on to theSelecting network cards for the Stream Service procedure. 53
Chapter 4
Managing Farms
Select network cards for the Stream Service

Note: If multiple network adapters are selected, they must be configured with the same IP subnet address. For example: IP subnet: 100.100.10.x; IP subnet mask 255.255.255.0 1. Select the checkbox next to each of the network cards that the Stream Service can use. 2. Enter the base port number that management services the default port for that the Provisioning Services network services communications in the appropriate text box. Note: A minimum of 20 ports are required within the range. All Provisioning Servers within a farm must use the same port assignments. 3. Select the Soap Server port (default is 54321) to use for Console access, then click Next. Continue on to theSelecting the bootstrap server procedure.
Configure Bootstrap Server

Complete the steps that follow to identify the bootstrap server and configure the bootstrap file location. Note: Bootstrap configurations can be reconfigured by selecting the Configure Bootstrap option from the Provisioning Services Action menu in the Console. 1. Select the bootstrap server. To use the TFTP service on this Provisioning Server: a. Select the Use the TFTP Serviceoption, then enter or browse for the boot file. The default location is: C:\Documents and Settings\All Users\ProgramData\Citrix\Provisioning Services \Tftpboot If a previous version of Provisioning Services was installed on this server, and the default location is: C:\Program Files\Citrix\Provisioning Services\TftpBoot You must run the Configuration Wizard to change the default location to: C:\Documents and Settings\All Users\ProgramData or ApplicationData\Citrix \Provisioning Services\Tftpboot If the default is not changed, the bootstrap file can not be configured from the Console and target devices will fail to boot; receiving a Missing TFTP error message. 54
Administrator's Guide b. Click Next. 2. Select Provisioning Servers to use for the boot process: a. Use the Add button to add additional Provisioning Servers to the list, theEdit button to edit existing information, orRemove to remove the Provisioning Server from the list. Use theMove up orMove down buttons to change the Provisioning Server boot preference order. The maximum length for the server name is 15 characters. Do not enter FQDN for the server name. In an HA implementation, at least two Provisioning Servers must be selected as boot servers. b. Optionally, highlight the IP address of the Provisioning Server that target devices will boot from, then click Advanced. The Advanced Stream Servers Boot List appears. The following table describes advanced settings that you can choose from. After making your selections, click OK to exit the dialog, then click Next to continue. Table 4-1. Advanced Stream Servers Boot List Verbose Mode Select the Verbose Mode option if you want to monitor the boot process on the target device (optional) or view system messages. Select Interrupt Safe Mode if you are having trouble with your target device failing early in the boot process. This enables debugging of target device drivers that exhibit timing or boot behavior problems This setting enables the bootstrap to work with newer Windows OS versions and is enabled by default. Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your target device is hanging or behaving erratically in early boot phase. Restore Network Connections Selecting this option results in the target device attempting indefinitely to restore it's connection to the Provisioning Server. Note: Because the Seconds field does not apply, it becomes inactive when
Interrupt Safe Mode
Advanced Memory Support
Network Recovery Method
55
Chapter 4
Managing Farms
the Restore Network Connections option is selected. Reboot to Hard Drive (a hard drive must exist on the target device) Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will reboot to the local hard drive. The default number of seconds is 50, to be compatible with HA configurations. Logon Polling Timeout Enter the time, in milliseconds, between retries when polling for Provisioning Servers. Each Provisioning Server is sent a login request packet in sequence. The first Provisioning Server that responds is used. In non-HA configurations, this time-out simply defines how often to retry the single available Provisioning Server with the initial login request. This time-out defines how quickly the round-robin routine will switch from one Provisioning Server to the next in trying to find an active Provisioning Server. The valid range is from 1,000 to 60,000 milliseconds. Login General Timeout Enter the time-out, in milliseconds, for all login associated packets, except the initial login polling timeout. This time-out is generally longer than the polling time-out, because the Provisioning Server needs time to contact all associated servers, some of which may be down and will require retries and time-outs from the Provisioning Server to the other Provisioning Servers to determine if they are indeed online or not. The
56
valid range is from 1,000 to 60,000 milliseconds. c. Verify that all configuration settings are correct, then click Finish.
Running the Configuration Wizard Silently

Run the Configuration Wizard silently to configure multiple Provisioning Servers that share several of the same configuration settings such as the farm, site, and store locations.
Prerequisite
The Configuration Wizard must first be run on any Provisioning Server in the farm that has the configuration settings that will be used in order to create the Provisioning Services database and to configure the farm. The basic steps involved in the silent configuration of servers within the farm include: w Create a ConfigWizard.ans file from a configured Provisioning Server in the farm. w Copy the ConfigWizard.ans file onto the other servers within the farm, and modify the IP address in the ConfigWizard.ans file to match each server in the farm. w Run the ConfigWizard.exe with the /a parameter.
To Create the ConfigWizard.ans File

1. Run the ConfigWizard.exe with the /s parameter on a configured server. 2. When selecting farm settings on the Farm Configuration page, choose the Join existing farm option. 3. Continue selecting configuration settings on the remaining wizard pages, then click Finish. 4. Copy the resulting ConfigWizard.ans file from the Provisioning Services Application Data directory. The location for this directory varies depending on the Windows version. For Windows 2003, use \Documents and Settings\All Users \Application Data\Citrix\Provisioning Services. For Windows 2008 and Windows 2008 R2, use \ProgramData\Citrix\Provisioning Services.
To Copy and Modify the ConfigWizard.ans File

1. For each server that needs to be configured, copy the ConfigWizard.ans file to the Provisioning Services Application Data directory. 2. Edit the StreamNetworkAdapterIP= so that is matches the IP of the server being configured. If there is more than one IP being used for Provisioning Services on the server, add a comma between each IP address.
To Run the ConfigWizard.exe Silently

To configure servers, run the ConfigWizard.exe with /a parameter on each server that needs to be configured. 57
Chapter 4
Managing Farms
Note: To get the list of valid ConfigWizard parameters: 1. Run the ConfigWizard.exe with the /? parameter. 2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file from the Provisioning Services Application Data directory. 3. Scroll down to the bottom of the file to view all valid parameters.
Note: To get the list of valid ConfigWizard.ans commands with descriptions: 1. Run the ConfigWizard.exe with the /c parameter. 2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file from the Provisioning Services Application Data directory. 3. Scroll down to the bottom of the file to view all valid parameters.
Farm Properties
The Farm Properties dialog contains the following tabs: w General Tab on page 58 w Security Tab on page 58 w Groups Tab on page 59 w Licensing Tab on page 59 w Options Tab on page 60 w Status Tab on page 61 The tables that follow identify and describe farm properties on each tab:
General Tab
Name Description Enter or edit the name of this farm. Enter or edit a description for this farm.
Security Tab
Add button Click the Add button to apply farm administrator privileges to a group. Check each box next the groups to which
58
farm administrator privileges should apply. Remove button Click the Remove button to remove groups from those groups with farm administrator privileges. Check each box next the groups to which farm administrator privileges should not apply.
Groups Tab
Add button Click the Add button to open the Add System Groups dialog. To display all security groups, leave the text box set to the default *. To display select groups, type part of the name using wildcards *. For example, if you want to see MY_DOMAIN\Builtin \Users, type: User*, Users, or *ser* However, in this release, if you type MY_DOMAIN\Builtin\*, you will get all groups, not just those in the MY_DOMAIN\Builtin path. Select the checkboxes next to each group that should be included in this farm. Note: Filtering on groups was introduced in 5.0 SP2 for efficiency purposes. Remove button Click the Remove button to remove existing groups from this farm. Highlight the groups to which privileges should not apply.
Licensing Tab
Note: Changing licensing properties requires that the Provisioning Services Stream Service be restarted on each Provisioning Server for licensing changes to take effect.
59
Chapter 4
Managing Farms
License server name
Type the name of the Citrix License Server in this textbox. Type the port number that the license server should use or accept the default, which is 27000. If using the license trade-up feature, which allows you to use Datacenter product licenses that you have available if no Desktop product licenses are currently available, check this checkbox.
License server port
Use Datacenter licenses for desktops if no Desktop licenses are available checkbox
Options Tab
Auto-Add Check this checkbox if using the Autoadd feature, then select the site that new target devices will be added to from the Add new devices to this site dropdown menu. If the No default site is chosen for the default site setting, then the site of that Provisioning Server that logs in the target device is used during auto-added. Use the No default site setting if your farm has site scoped PXE/TFTP servers. Important! This feature should only be enabled when expecting to add new target devices. Leaving this feature enabled could result in computers being added without the approval of a farm administrator. Auditing Enable or disable the auditing feature for this farm. Enable or disable the offline database support option. This option allows Provisioning Servers within this farm, to use a snapshot of the database in the event that the connection to the database is lost.
Offline database support
60
Status Tab
Current status of the farm Provides database status information and information on group access rights being used.
Farm Tasks
The farm is initially configured when you run the Configuration Wizard. The wizard prompts you for the farms name, a store, and a device collection. When you first open the Console, those objects display in the tree. The wizard also prompts you for additional farm information such as the name of the license server, your user account information, and those servers that can serve the bootstrap file to target devices. You can always rerun the wizard to change settings. You can also choose to make farm configuration changes using the Farm Properties on page 58. A farm administrator can view and manage all objects in any farm to which they have privileges. Only farm administrators can perform all tasks at the farm level, including: w Farm Connections on page 61 w Farm Properties on page 58 w Creating Sites on page 62 w Site Properties on page 62 w Managing Stores on page 73 w Managing Views on page 175
Farm Connections
Connecting to a Farm
1. Right-click on Provisioning Services Console in the Console tree, then select Connect to farm... 2. Under Server Information, type the name or IP address of a Streaming Server on the farm and the port configured for server access. 3. Select to log in using one of the following methods: Use the Windows credentials that you are currently logged with, then optionally enable the Auto-login on application start or reconnect feature.
61
Chapter 4
Managing Farms Use different Windows credentials by entering the username, password, and domain associated with those credentials, then optionally enable the Save password and Auto-login on application start or reconnect feature. 4. Click Connect. The Farm icon appears in the Console tree.
Managing Connections
You can manage connections to farms from the Manage Connections dialog. To open the dialog, right-click on the Provisioning Services Console icon in the tree, then select the Manage Connections... menu option.
Creating Sites
To create a new site 1. Right-click on the sites folder in the farm where you want to add the new site. The Site Properties dialog appears. 2. On the General tab, type the name and a description for the site in the appropriate text boxes. 3. On the Security tab, click Add to add security groups that will have the site administrator rights in this site. The Add Security Group dialog appears. 4. Check the box next to each group, then click OK. Optionally, check the Domains/ group Name checkbox to select all groups in the list. 5. On the Options tab, if new target devices are to be added using the Auto-Add feature, select the collection where these target devices should reside (this feature must first be enabled in the farms properties). To modify an existing sites properties, right-click on the site in the Console, then select Properties. Make any necessary modifications in the Site Properties dialog.
Site Properties
A new site is added to a farm, or an existing site is modified, using the Site Properties dialog. The tabs in this dialog allow you to configure a site. Site administrators can also edit the properties of a site that they administer. The Site Properties dialog contains the following tabs: w General Tab on page 63 w Security Tab on page 63 w MAK Tab on page 63 w Options Tab on page 64
62
General Tab
Field/Button Name Description Description Type the name of this site in the textbox. Optional. Type the description of this site in the textbox.
Security Tab
Field/Button Add button Description Click the Add button to open the Add Security Groups dialog. Check the box next to each group to which site administrator privileges should apply. To add all groups that are listed, check the Domain\Group Name checkbox. Remove button Click the Remove button select those groups to which site administrator privileges should be removed. To remove all groups that are listed, check the Domain\Group Name checkbox.
MAK Tab
Field/Button Enter the administrator credentials used for Multiple Activation Key enabled Devices Description MAK administrator credentials must be entered before target devices using MAK can be activated. The user must have administrator rights on all target devices that use MAK enabled vDisks and on all Provisioning Servers that will stream those target devices. After entering the following information, click OK: User Password
63
Chapter 4
Managing Farms
Field/Button
Description Note: If credentials have not been entered and an activation attempt is made from the Manage MAK Activations dialog, an error message displays and the MAK tab appears to allow credential information to be entered. After the credentials are entered, click OK and the Manage MAK Activations dialog re-appears.
Options Tab
Field/Button Auto-Add Description Select the collection that the new target device will be added to from the dropdown menu. (This feature must first be enabled in the farm properties.)
64
Chapter 5
Managing Sites
Topics:
Creating Sites Site Properties A site provides both a site administrator and farm administrator, with a method of representing and managing logical groupings of Provisioning Servers, Device Collections, and local shared storage. Note: If configuring for a high availability (HA), all Provisioning Servers selected as failover servers must reside within the same site. HA is not intended to cross between sites. A site administrator can perform any task that a device administrator or device operator within the same farm can perform. A site administrator can also perform the following tasks: Farm-level tasks w Site Properties on page 62 w Store Configuration and Management Tasks on page 77 Site-level tasks w Managing Printers on page 231 w Managing Site Administrators on page 71 w Managing Provisioning Servers on page 83 w Showing Provisioning Server Connections on page 96 w Managing User Assigned vDisks on page 169 w Creating Sites on page 62 w Balancing the Target Device Load on Provisioning Servers on page 97 w Managing Target Devices on page 131 w Accessing Auditing Information on page 245
65
Chapter 5
Managing Sites
Creating Sites
To create a new site 1. Right-click on the sites folder in the farm where you want to add the new site. The Site Properties dialog appears. 2. On the General tab, type the name and a description for the site in the appropriate text boxes. 3. On the Security tab, click Add to add security groups that will have the site administrator rights in this site. The Add Security Group dialog appears. 4. Check the box next to each group, then click OK. Optionally, check the Domains/ group Name checkbox to select all groups in the list. 5. On the Options tab, if new target devices are to be added using the Auto-Add feature, select the collection where these target devices should reside (this feature must first be enabled in the farms properties). To modify an existing sites properties, right-click on the site in the Console, then select Properties. Make any necessary modifications in the Site Properties dialog.
Site Properties
A new site is added to a farm, or an existing site is modified, using the Site Properties dialog. The tabs in this dialog allow you to configure a site. Site administrators can also edit the properties of a site that they administer. The Site Properties dialog contains the following tabs: w General Tab on page 63 w Security Tab on page 63 w MAK Tab on page 63 w Options Tab on page 64
General Tab
Field/Button Name Description Description Type the name of this site in the textbox. Optional. Type the description of this site in the textbox.
66
Security Tab
Field/Button Add button Description Click the Add button to open the Add Security Groups dialog. Check the box next to each group to which site administrator privileges should apply. To add all groups that are listed, check the Domain\Group Name checkbox. Remove button Click the Remove button select those groups to which site administrator privileges should be removed. To remove all groups that are listed, check the Domain\Group Name checkbox.
MAK Tab
Field/Button Enter the administrator credentials used for Multiple Activation Key enabled Devices Description MAK administrator credentials must be entered before target devices using MAK can be activated. The user must have administrator rights on all target devices that use MAK enabled vDisks and on all Provisioning Servers that will stream those target devices. After entering the following information, click OK: User Password Note: If credentials have not been entered and an activation attempt is made from the Manage MAK Activations dialog, an error message displays and the MAK tab appears to allow credential information to be entered. After the credentials are
67
Chapter 5
Managing Sites
Field/Button
Description entered, click OK and the Manage MAK Activations dialog re-appears.
Options Tab
Field/Button Auto-Add Description Select the collection that the new target device will be added to from the dropdown menu. (This feature must first be enabled in the farm properties.)
68
Chapter 6
Managing Administrative Roles

Topics:
Managing Farm Administrators Managing Site Administrators Managing Device Administrators Managing Device Operators The ability to view and manage objects within a Provisioning Server implementation is determined by the administrative role assigned to a group of users. Provisioning Services makes use of groups that already exist within the network (Windows or Active Directory Groups). All members within a group will share the same administrative privileges within a farm. An administrator may have multiple roles if they belong to more than one group. The following administrative roles can be assigned to a group: w Farm Administrator w Site Administrator w Device Administrator w Device Operator After a group is assigned an administrator role through the Console, if a member of that group attempts to connect to a different farm, a dialog displays requesting that a Provisioning Server within that farm be identified (the name and port number). You are also required to either use the Windows credentials you are currently logged in with (default setting), or enter your Active Directory credentials. Provisioning Services does not support using both domain and workgroups simultaneously. When the information is sent to and received by the appropriate server farm, the role that was associated with the group that you are a member of, determines your administrative privileges within this farm. Group role assignments can vary from farm to farm.
69
Chapter 6
Managing Administrative Roles
Managing Farm Administrators

Farm administrators can view and manage all objects within a farm. Farm administrators can also create new sites and manage role memberships throughout the entire farm. In the Console, farm-level tasks can only be performed by farm administrators. For example, only a farm administrator can create a new site within the farm.
When the farm is first configured using the Configuration Wizard, the administrator that creates the farm is automatically assigned the Farm Administrator role. While configuring the farm, that administrator selects the option to use either Windows or Active Directory credentials for user authorization within the farm. After the Configuration Wizard is run, additional groups can be assigned the Farm Administrator role in the Console. To assign additional Farm Administrators Note: The authorization method displays to indicate if Windows or Active Directory credentials are used for user authorization in this farm. 1. In the Console, right-click on the farm to which the administrator role will be assigned, then select Properties.The Farm Properties dialog appears. 2. On the Groups tab, highlight all the groups that will be assigned administrative roles in this farm, then click Add. 3. On the Security tab, highlight all groups to which the Farm Administrator role will be assigned, the click Add. 4. Click OK to close the dialog box.
70
Managing Site Administrators

Site administrators have full management access to the all objects within a site. For example, the site administrator can manage Provisioning Servers, site properties, target devices, device collections, vDisk assignments and vDisk Pools.
If a farm administrator assigns a site as the owner of a particular store, the site administrator can also manage that store. Managing a store can include tasks such as adding and removing vDisks from shared storage or assigning Provisioning Servers to the store. The site administrator can also manage device administrator and device operator memberships To assign the Site Administrator role to one or more groups and its members: 1. In the Console, right-click on the site for which the administrator role will be assigned, then select Properties. The Site Properties dialog appears. 2. Click the Security tab, then click the Add button. The Add Security Group dialog appears. 3. From the drop-down menu, select each group to associate with the site administrator role, then click OK. 4. Optionally, repeat steps 2 and 3 to continue assigning additional site administrators. 5. Click OK to close the dialog.
Managing Device Administrators

Device administrators manage device collections to which they have privileges. Device collections consist of a logical grouping of devices. For example, a device collection could represent a physical location, a subnet range, or a logical grouping of target devices. A target device can only be a member of one device collection. To assign the Device Administrator role to one or more groups and its members:
71
Chapter 6
Managing Administrative Roles 1. In the Console tree, expand the site where the device collection exists, then expand the Device Collections folder. 2. Right-click on the device collection that you want to add device administrators to, then select Properties. The Device Collection Properties dialog appears. 3. On the Security tab, under the Groups with Device Administrator access list, click Add. The Add Security Group dialog appears. 4. To assign a group with the device administrator role, select each system group that should have device administrator privileges, then click OK. 5. Click OK to close the dialog box.
Managing Device Operators

A device operator has administrator privileges to perform the following tasks within a Device Collection for which they have privileges: w Boot and reboot a target device w Shut down a target device w View target device properties w View vDisk properties for those vDisks assigned to a target device To assign the Device Operator role to one or more groups: 1. In the Console tree, expand the site where the device collection exists, then expand the Device Collections folder. 2. Right-click on the device collection that you want to add device operators to, then select Properties. The Device Collection Properties dialog appears. 3. On the Security tab, under the Groups with Device Operator access list, click Add. The Add Security Group dialog appears. 4. To assign a group the Device Operator role, select each system group that should have device operator privileges, then click OK. 5. Click OK to close the dialog box.
72
Chapter 7
Managing Stores
Topics:
Store Administrative Privileges Store Properties Store Configuration and Management Tasks A store is the logical name for the physical location of the vDisk folder. This folder can exist on a local server or on shared storage. When vDisks files are created in the Console, they are assigned to a store. Within a site, one or more Provisioning Servers are given permission to access that store in order to serve vDisks to target devices.
A Provisioning Server checks the database for the Store name and the physical location where the vDisk resides, in order to provide it to the target device Separating the physical paths to a vDisks storage locations allows for greater flexibility within a farm configuration, particularly when using High Availability (HA). When HA is implemented, if the active Provisioning Server in a site fails, the target device can get its vDisk from another Provisioning 73
Chapter 7
Managing Stores Server that has access to the store and permissions to serve the vDisk. If necessary, copies of vDisks can be maintained on a secondary shared-storage location in the event that connection to the primary shared-storage location is lost. In this case, the default path can be set in the store properties if all Provisioning Servers can use the same path to access the store. If a particular server cannot use the path (the default path is not valid for that server, not because of a connection loss, but because it is simply not valid) then an override path can be set in the store properties for that particular server. Provisioning Servers will always use either the default path (if the override path does not exist in the database) or the override path if it does exists in the database. For more information on stores, refer to any of the following topics: w Store Administrative Privileges on page 75 w Store Properties on page 75 w Store Configuration and Management Tasks on page 77 w Working with Managed Stores on page 78
74
Store Administrative Privileges

Stores are defined and managed at the farm level by a farm administrator. Access or visibility to a store depends on the users administrative privileges: w Farm Administrators have full access to all stores within the farm w Site Administrators have access to only those stores owned by the site w Device Administrators and Device Operators have read-only access. Site Administrators may also have read-only access if that store exists at the farm level, or if that store belongs to another site. For details, refer to Managing Administrative Roles on page 69
Store Properties
A store can be created when the Configuration Wizard is run or in the Store Properties dialog. The store properties dialogs allows you to: w Name and provide a description of the store w Select the owner of the store (the site which will manage the store) w Provide a default path to the store (physical path to the vDisk) w Define default write cache paths for this store w Select the servers that can provide this store After a store is created, Store information is saved in the Provisioning Services database. Each site has one vDisk Pool, which is a collection of vDisk information required by Provisioning Servers that provide vDisks in that site. The vDisk information can be added to the vDisk pool using the vDisk Properties dialog or by scanning a store for new vDisks that have not yet been added to the database. The Store Properties dialog includes the following tabs: w General Tab on page 75 w Paths Tab on page 76 w Servers Tab on page 77
General Tab
Name View, type the logical name for this store. For example, PVS-1 View or type a description of this store.
75
Chapter 7
Managing Stores
Description Site that acts as owner of this store
View or type a description of this store. Optional. View or scroll to select the site that will act as owner of this store. This feature allows a farm administrator to give one sites administrators, special permission to manage the store. These rights are normally reserved for farm administrators. Enable this option to set this store to be a Managed Store on a SAN. Refer to Working with Managed Stores for more details.
This is a Managed Read-Only Store
Paths Tab
Default store path View, type, or browse for the physical path to the vDisk folder that this store represents. The default path is used by all Provisioning Servers that do not have an override store path set. View, add, edit, remove, or move the default write cache paths for this store. Entering more than one write cache path allows for vDisk load to be distributed to physically different drives. When a target device first connects, the Stream Service picks from the list. If using HA, the order of the write cache paths, for any override paths in the server store properties, must match the order of the write cache paths specified here. Click to validate store path selections from the Validate Store Paths dialog. The validation results display under the Status column.
Default write cache paths
Validate
76
Servers Tab
Site View or scroll to select the site where Provisioning Servers that can access this store exist (multiple sites can access the same store). All Provisioning Servers within the selected site display in this list. Check the box next to all servers that are permitted to access this store. If the store is only for a specific site, only those servers within that site are valid selections. If the default path is not valid for a selected Provisioning Server, you must define an override path in that servers properties dialog, on the Store tab. Validate Click to validate store path selections from the Validate Store Paths dialog. The validation results display under the Status column.
Servers that provide this store
Store Configuration and Management Tasks

The following lists tasks that are specific to configuring and managing a store: w Creating a Store on page 77 w Adding Existing vDisks to a vDisk Pool or Store on page 119 w Working with Managed Stores on page 78 w Accessing Auditing Information on page 245 Creating a Store 1. In the Console tree, right-click on Stores, then select the Create store menu option. The Store Properties dialog appears. 2. On the General tab, type the store name (logical name for this storage location) and a description of this store. 3. Optional. Select the site that will act as owner of this store. Otherwise, accept the default <None> so that only farm administrators can manage this store.
77
Chapter 7
Managing Stores 4. Optional. Set this store to be read-only by enabling the This store is a Managed Read-Only store checkbox. 5. On the Servers tab, select a site from the list. All Provisioning Servers in that site appear. 6. Check the box each to each server that is permitted to access this store. If the store is only for a specific site, only those servers within that site are valid selections. Also, if the default path is not valid for a selected server, an override path must be defined in for that server on the Server Properties dialogs Store tab. Repeat this step for each site if necessary. (If this procedure is performed by a site administrator, only those sites that they administer appear.) 7. On the Paths dialog, type or browse for the default path for this store (physical location of the vDisk folder). Optionally, a new folder can be created by clicking on the browse button, and then cIicking on Create New Folder. If the user is a site administrator, only those sites that they administer will be available in the list. 8. The write cache path(s) for the selected store display under the paths list. Optionally, a new store cache folder can be created by clicking on the browse button, and then cIicking on Create New Folder. Additional write cache paths can be added for use by the store by clicking Add. Entering more than one write cache paths allows for vDisk load to be distributed to physically different drives. When a target device first connects, the Stream Service picks from the list. If using HA, the order of the write-cache paths for any override paths in store properties for that server, must match the order of the write-cache paths specified here If a write cache path is not selected and the OK button is clicked, the user is prompted to create the default write cache path. Click OK on this message to create the default write cache path (C:\pvsstore\WriteCache). 9. After configuring the store and paths this store will use, click Validate to open the Validate Store Paths dialog and validate the path settings. 10. Under the Status column, view the path validation results. Click Close to close this dialog and return to the Store Properties dialog to make any necessary changes or to continue. 11. Click OK to save Property settings.
Working with Managed Stores

By enabling the Managed Store feature in the Console, a SANs read-only LUNs, which are used for vDisk storage, can be concurrently accessed by multiple Provisioning Servers without having to deploy solutions such as NAS Gateway, Cluster File System, and Windows Cluster Services. After enabling the Managed Store feature, administrators can quickly change a store's availability on a SAN volume to be either active (Active Mode/read-only) or offline (Maintenance Mode/read/write). This section included the following information: w Prerequisites and Supported Deployments on page 79 78
Administrator's Guide w Using the Store Management Wizard on page 81
Prerequisites and Supported Deployments

Prerequisites w The Read-Only Store feature requires that the Provisioning Server OS be either Windows 2008 or Windows 2008 R2. w The Provisioning Servers meet the minimum Provisioning Services system requirements. w The Microsoft iSCSI initiator software is installed on all Provisioning Servers having access to the SAN. w The vDisk files being placed on the read-only shared LUN(s) have already been created and reside on a normal read-write storage location. Creating vDisk files in place on the LUN is more difficult than pre-building the VHD files in a normal readwrite store and subsequently copying them to the shared LUN. w The SAN being used has the ability to set a LUN up for shared read-write access or shared read-only access without requiring a shared file system front end. Normally, using a LUN in shared read-write access mode without a shared file system front end results in a corrupt NTFS volume. Limiting the LUN access to read-only (configuring read-only volume access on EqualLogic PS Series via Group Manager) circumvents this problem. Supported Deployments The following table lists the supported modes and deployment restrictions. Table 7-1. Supported Modes and Deployment Restrictions Image Mode Private Image Mode Cache Location Supported No Restrictions Private image disks must be stored on read/write volumes. Separate shared read/write writeback cache storage location is required. vDisk properties cannot be modified while a LUN is read-only; vDisk cannot be mapped on the server.
Standard Image Mode and Difference Disk Mode
Server disk or Encrypted on server disk.
Yes
79
Chapter 7
Managing Stores
Image Mode Standard Image Mode
Cache Location Device RAM
Supported Yes
Restrictions vDisk properties cannot be modified while a LUN is read-only; vDisk cannot be mapped on the server. Fallback to Cache on Server disk is that is will not function if the device hard disk is not found or fails. vDisk properties cannot be modified while LUN is read-only. vDisk cannot be mapped on the server.
Target Device harddisk drive or Encrypted on target device harddisk drive
Yes
The following diagram illustrates a typical deployment architecture that follows Managed Store requirements and supported deployment scenarios.
It is recommended, though not required, that separate read-only LUNs be created for each shared VHD file. This allows VHD files to be updated and taken on and off line independently of each other. 80
Using the Store Management Wizard

The Managed Read-Only Store feature is located on the Store Properties on page 75 and enabled by selecting the This store is a Managed Read-Only Store checkbox. After setting this store to read-only, the store is considered to be a Managed Store. The Store Management Wizard automates the process of toggling between Managed Store modes: w Active Mode the store is available to all Provisioning Servers configured to access the store. The SAN volume is marked as 'read-only' at the NTFS volume level and 'active' at the NTFS level. w Maintenance Mode the store is available to only the designated Maintenance Server. The SAN volume is marked as offline at the NTFS volume level for all Provisioning Servers configured to access the store, except for the Maintenance Server (which is set to 'read-write' at the NTFS volume level). A Managed Store is only updated by the designated Maintenance Server while in Maintenance Mode. Note: When determining which Provisioning Servers to make available for performing tasks such as mapping vDisks or providing bootstrap files, only the Maintenance Server would be considered by Provisioning Services. Run the Store Management Wizard to designate the Maintenance Server and to change the mode of a Managed Store: Note: Issues may occur if using the Server Cache option for private or standard images. 1. Right-click on the Store in the Console tree, then select Manage Store.... The Welcome page appears. 2. Click Next. The Welcome to the Store Management Wizard page appears. 3. Click Next. The Select Store Mode page appears. 4. In the New Store Mode textbox, scroll to select the appropriate mode, Maintenance or Active. 5. In the Maintenance Server textbox, scroll to select the server that will have access to this store while in Maintenance Mode. 6. Review the complete list of Provisioning Servers that can access to this store, the status of each server, and if a server is currently connected. Note: If an attempt is made to change the store's mode while a server is currently connected to the store, the Next button is disabled and an error message may appear. WARNING! Changing modes when a server is offline may cause the volume to become corrupt! In this case a warning message displays and prompts the user to acknowledge the risk, or click Cancel to return to the previous page. 81
Chapter 7
Managing Stores 7. Click Next. The Initiate New Mode page appears. 8. Click Execute to begin transitioning to the selected mode. The table displays the status of the transition for each server and the if the transition was successful. Note: If any server fails to transition successfully, the mode will not be changed. If an error or discrepancy causes the system to be in an intermediate state, the wizard can be run again to attempt to gain a previous state.
82
Chapter 8
Managing Provisioning Servers

Topics:
Provisioning Servers in the Console Provisioning Server Properties Provisioning Server Tasks A Provisioning Server is any server that has Stream Services installed. Provisioning Servers are used to stream software from vDisks, as needed, to target devices. In some implementations, vDisks reside directly on the Provisioning Server. In larger implementations, Provisioning Servers get the vDisk from a shared-storage device on the network. Provisioning Servers also retrieve and provide configuration information to and from the Provisioning Services database. Provisioning Server configuration options are available to ensure high availability and load-balancing of target device connections To configure a Provisioning Server and software components for the first time, run the Configuration Wizard (the Configuration Wizard can be re-run on a Provisioning Server at a later date in order to change network configuration settings). Refer to the Installation and Configuration Guide for Configuration Wizard details. After the Provisioning Server software components are successfully installed, and the wizard configurations have been made, servers are managed through the Provisioning Services Console.
83
Chapter 8
Provisioning Servers in the Console

A Provisioning Server is any server that has Stream Services installed. Provisioning Servers are used to stream software from vDisks, as needed, to target devices. In some implementations, vDisks reside directly on the Provisioning Server. In larger implementations, Provisioning Servers get the vDisk from a shared-storage device on the network. Provisioning Servers also retrieve and provide configuration information to and from the Provisioning Services database. Provisioning Server configuration options are available to ensure high availability and load-balancing of target device connections To configure a Provisioning Server and software components for the first time, run the Configuration Wizard (the Configuration Wizard can be re-run on a Provisioning Server at a later date in order to change network configuration settings). Refer to the Installation and Configuration Guide for Configuration Wizard details. After the Provisioning Server software components are successfully installed, and the wizard configurations have been made, servers are managed through the Provisioning Services Console. The Console is used to perform Provisioning Server management tasks such as editing the configuration settings or the properties of existing Provisioning Servers. Provisioning Servers appear in the Console main window as members of a site within a farm. To manage Provisioning Servers that belong to a specific site, you must have the appropriate administrative role (Site Administrator for this site, or Farm Administrator). Note: In the Console, the appearance of the Provisioning Server icon indicates that servers current status. In the Console, Provisioning Servers are managed by performing actions on them. The following actions can be performed. To view a list of actions that can be performed on a selected Provisioning Server, choose from the following options: w Click the Action menu in the menu bar w Right-click on a Provisioning Server in the Console w Enable the Action pane from the Views menu Note: Actions appear disabled if they do not apply to the selected Provisioning Server (refer to Management Tasks for task details).
Provisioning Server Properties

On the Console, the Provisioning Server Properties dialog allows you to modify Provisioning Server configuration settings. To view an existing Provisioning Servers properties, choose one of the following methods:
84
Administrator's Guide w Highlight a Provisioning Server, then select Properties from the Action menu. w Right-click a Provisioning Server, then select Properties w If the details pane is open, highlight a Provisioning Server, then select the Properties menu item from the list of actions. The Server Properties dialog includes the following tabs: w General on page 85 w Network on page 89 w Stores on page 90 w Options on page 90 w Logging on page 92 Note: Provisioning Services displays a message if a change made on a Provisioning Server Properties dialog requires that the server be rebooted.
General
Field/Button Name and Description Description Displays the name of the Provisioning Server and a brief description. The maximum length for the server name is 15 characters. Do not enter FQDN for the server name. Select this option if you want this Provisioning Server's events to be logged in the Windows Event log. A power rating is assigned to each server, which is then used when determining which server is least busy. The scale to use is defined by the administrator. For example, an administrator may decide to rate all servers on a scale of 1 to 10, or on a scale of 100 to 1000. Using the scale of 1 to 10, a server with a rating of 2 is considered twice as powerful as a server with a rating of 1; therefore it would be assigned twice as many target devices. Likewise, when using a scale of 100 to 1000, a server with a power rating of 200 is considered twice as powerful as a server with the rating of 100; therefore it would also be assigned twice as many target devices. Using the default setting of 1.0 for all servers results in even device loading across servers. In this case, the
Log events to the server's Window Event Log Power Rating
85
Chapter 8
Field/Button
Description load balancing algorithm does not account for individual server power. Ratings can range between 0.1-1000.0; 1.0 is the default. Note: The load balancing method is defined in vDisk Properties on page 103.
Advanced Server Properties
Server tab Threads per port Number of threads in the thread pool that service UDP packets received on a given UDP port. Between four and eight are reasonable settings. Larger numbers of threads allow more target device requests to be processed simultaneously, but is consumes more system resources. Buffers per thread Number of packet buffers allocated for every thread in a thread pool. The number of buffers per thread should be large enough to enable a single thread to read one IO transaction from a target device. So buffers per threads should ideally be set to (IOBurstSize / MaximumTransmissionUnit) + 1). Setting the value too large consumes extra memory, but does not hurt efficiency. Setting the value too small consumes less RAM, but detrimentally affects efficiency. Server cache timeout Every server writes status information periodically to the Provisioning Services database. This status information is time-stamped on every write. A server is considered Up by other servers in the farm, if the status information in the database is newer than the Server cache timeout seconds. Every server in the farm will attempt to write its status information every (Server cache timeout/2) seconds, i.e. at twice the timeout rate. A shorter server cache timeout value allows servers to detect offline servers more quickly, at the cost of extra database processing. A longer Server cache timeout period reduces database load at the cost of a longer period to detect lost servers. Local and Remote Concurrent I/O limits Controls the number of concurrent outstanding I/O transactions that can be sent to a given storage device. A storage device is defined as either a local drive letter (C: or D: for example) or as the base of a UNC path, for example \ \ServerName.
86
Field/Button
Description Since the PVS service is a highly multi-threaded service, it is possible for it to send hundreds of simultaneous I/O requests to a given storage device. These are usually queued up by the device and processed when time permits. Some storage devices, Windows Network Shares most notably, do not deal with this large number of concurrent requests well. They can drop connections, or take unrealistically long to process transactions in certain circumstances. By throttling the concurrent I/O transactions in the PVS Service, better performance can be achieved with these types of devices. Local device is defined as any device starting with a drive letter. Remote is defined as any device starting with a UNC server name. This a simple way to achieve separate limits for network shares and for local drives. If you have a slow machine providing a network share, or slow drives on the machine, then a count of 1 to 3 for the remote limit may be necessary to achieve the best performance with the share. If you are going to fast local drives, you might be able to set the local count fairly high. Only empirical testing would provide you with the optimum setting for a given hardware environment. Setting either count to 0 disables the feature and allows the PVS Service to run without limits. This might be desirable on very fast local drives. If a network share is overloaded, youll see a lot more device retries and reconnections during boot storms. This is caused by read/write and open file times > 60 seconds. Throttling the concurrent I/O transactions on the share reduces these types of problems considerably. Network tab Maximum transmission unit Number of bytes that fit in a single UDP packet. For standard Ethernet, the default value is correct. If you are attempting to operate over a WAN, then a smaller value may be needed to prevent IP fragmentation. Provisioning Services currently does not support IP fragmentation and reassembly. Also, if you are using a device or software layer that adds bytes to every packet (for security reasons for example), a smaller value may be needed. If your entire infrastructure supports jumbo packets (Provisioning Services NIC, target device NIC and any intervening switches and/or routers) then you
87
Chapter 8
Field/Button
Description can set the MTU to 50 bytes less than your jumbo packet max size to achieve much higher network throughput. I/O burst size The number of bytes that will be transmitted in a single read/write transaction before an ACK is sent from the server or device. The larger the IO burst, the faster the throughput to an individual device, but the more stress placed on the server and network infrastructure. Also, larger IO Bursts increase the likelihood of lost packets and costly retries. Smaller IO bursts reduce single client network throughput, but also reduce server load. Smaller IO bursts also reduce the likelihood of retries. IO Burst Size / MTU size must be <= 32, i.e. only 32 packets can be in a single IO burst before a ACK is needed. Socket communications Enable non-blocking I/O for network communications. Pacing tab Boot pause seconds The amount of time that the device will be told to pause if the Maximum devices booting limit has been reached. The device will display a message to the user and then wait Boot pause seconds before attempting to continue to boot. The device will continue to check with the server every Boot pause seconds until the server allows the device to boot. Maximum boot time The amount of time a device will be considered in the booting state. Once a device starts to boot, the device will be considered booting until the Maximum boot time has elapsed for that device. After this period, it will no longer be considered booting (as far as boot pacing is concerned) even if the device has not actually finished booting. Maximum boot time can be thought of as a time limit per device for the booting state for boot pacing. Maximum devices booting The maximum number of devices a server allows to boot at one time before pausing new booting devices. The number of booting devices must drop below this limit before the server will allow more devices to boot. vDisk creation pacing Amount of pacing delay to introduce when creating a vDisk on this Provisioning Server. Larger values increase the vDisk creation time,
88
Field/Button
Description but reduce Provisioning Server overhead to allow target devices that are running, to continue to run efficiently. Device tab License timeout Amount of time since last hearing from a target device to hold a license before releasing it for use by another target device. If a target device shuts down abnormally (loses power for example) its license is held for this long.
Network
Field/Button IP Address Description The IP addresses that the Stream Service should use for an target device to communicate with this Provisioning Server. When adding a new Provisioning Server, enter the valid IP address for the new server. Add Add an IP address for the selected Provisioning Server. Edit Opens the IP address dialog so that IP address for the selected Provisioning Server can be changed. Remove Removes the selected IP address from the list of available IP addresses for the selected Provisioning Server. Ports Enter the First and Last UDP port numbers to indicate a range of ports to be used by the Stream Service for target device communications. Note: The minimum is five ports in a range. The default first port number is 6910 and the last port number is 6930 .
89
Chapter 8
Stores
Field/Button Stores Description Lists all stores (logical names representing physical paths to vDisks that are available to this Provisioning Server. Add Opens the Store Properties dialog so that a new store and that stores properties can be included in the list of stores, which overrides the default path. Edit Opens the Store Properties dialog so that the stores properties can be changed. Select an existing store, then click Edit to change that stores properties. Remove Removes the selected store from the list of available stores for this Provisioning Server. Store Properties (opens when Add or Edit is selected under Stores). Store The name of the store. This displays populated when editing an existing store. If this is a new store, select the store from the drop-down list. Path used to access the store The store path is only required if you need to override the default path configured in the store properties. If the default path in the store properties is valid for this server, leave the path for the store blank in the server store properties. Write Cache Path Click the Add or Edit buttons to open the Write cache path dialog, then enter the appropriate write cache path for this store. Select an existing path from the list, then click Remove to remove the paths association with the store. Use the Move Up and Move Down buttons to change the order of cache path priority. If using HA, the order that the cache paths are listed must be the same order for each HA server.
Options
Field/Button Enable automatic vDisk updates Description Check for new versions of a vDisk Check this box to allow groups of target devices to be automatically updated to use one or more new vDisks, on a scheduled
90
Field/Button
Description basis. The new vDisks are usually newer versions of disk images for one or more sites. Note: For the new vDisk to replace the old vDisk: The Enable automatic updates for this disk field in the Disk Properties Disk Mode tab must be selected. w The Class and Type fields must be the same as the disk to be updated w The version numbers of the new vDisk must be greater than the version numbers in the old vDisk. The update process uses the Class, Type and Provisioning Server to identify the vDisk to be replaced by a new vDisk image Check for incremental updates to a vDisk Check this box to allow a delta file to apply changes to an existing vDisk file in order to add or remove software components without having to distribute an entire new version of the vDisk file. Note: Incremental disk updates are faster to distribute and are for use with images in shared image mode. To enable automatic incremental disk updates, consider the following: w The Class, Type and Version Numbers recorded in the delta file must match those in the vDisk file. w The serial number recorded in the delta file must match that contained in the vDisk file. w If the activation date was set on the delta file, the current system date must be greater than or equal to the activation date. w No target device is currently booted from the vDisk. Check for updates daily at The time of day that the automated disk update process should run. This is usually the time of day when all target device systems are shut down.
Active Directory
Enable automatic password support If your target devices are domain members, and you want to renegotiate machine passwords between Windows
91
Chapter 8
Field/Button
Description Active Directory and the target devices, select the Enable automatic password support, and use the slider to set the number of days between renegotiation. Change computer account password every Select the number of days that should pass before the password should be changed.
Logging
Field/Button Logging Level Description Select from the following logging level options: TRACE TRACE logs all valid operations. DEBUG The DEBUG level logs details related to a specific operation and is the highest level of logging. If logging is set to DEBUG, all other levels of logging information are displayed in the log file. INFO Default logging level. The INFO level logs information about workflow, which generally explains how operations occur. WARN The WARNING level logs information about an operation that completes successfully, but there are issues with the operation. ERROR The ERROR level logs information about an operation that produces an error condition. FATAL
92
Field/Button
Description The FATAL level logs information about an operation that the system could not recover from.
File size maximum
Enter the maximum size that a log file can reach before a new file is created. Enter the maximum number of backup log files to retain. When this number is reached, the oldest log file is automatically deleted.
Backup files maximum
Provisioning Server Tasks

Use the following tasks to managing Provisioning Servers in your farm: w Copying and Pasting Provisioning Server Properties on page 94 w Marking a Provisioning Server as Down on page 94 w Deleting a Provisioning Server on page 94 w Starting, Stopping, or Restarting Provisioning Services on page 95 w Showing Provisioning Server Connections on page 96 w Balancing the Target Device Load on Provisioning Servers on page 97 w Checking for Provisioning Server vDisk Access Updates on page 98 w Configuring Provisioning Servers Manually on page 98 w Auditing on page 243 w Configuring the Bootstrap File From the Console on page 222 Note: After making any changes to a Provisioning Servers properties, restart the Stream Service to implement those changes. Use caution when restarting services. If target devices are connected to the Provisioning Server, changes could prevent the device from reconnecting. The IP address field on the Network tab must reflect the real static IP address of the Provisioning Server.
Adding Additional Provisioning Servers

To add additional Provisioning Servers, install the Provisioning Services software on each server that is to a member of the farm. Run the Provisioning Services Installation Wizard, then the Configuration Wizard on each server. 93
Chapter 8
Note: The maximum length for the server name is 15 characters. Do not enter FQDN for the server name When the Configuration Wizard prompts for the site to add the server to, choose an existing site or create a new site. After adding Provisioning Servers to the site, start the Console and connect to the farm. Verify that all sites and servers display appropriately in the Console window.
Copying and Pasting Provisioning Server Properties

To copy the properties of one Provisioning Server to another Provisioning Server: 1. Right-click on the Provisioning Server to copy properties from, then select Copy server properties. The Copy Server Properties dialog appears. 2. Enable the checkbox next to each property to copy, or click the Select all button to enable all properties to be copied. 3. Click Copy. Right-click on the Provisioning Server that you want to copy properties to, then select Paste .
Marking a Provisioning Server as Down

If an unexpected event occurs, such as a network outage or system crash, and the state of a Provisioning Server becomes unknown for more than ten seconds, the server's state in the database is changed to 'Offline'. For extended outages where the server was shut down, it may be helpful to other users if the administrator acknowledges that the state of the server is known and indeed 'Down'. Marking a server as down refreshes the database record to indicate that the Provisioning Server or stream service is no longer running, and that it was shut down cleanly (which includes moving already booted target devices to another server). Ten seconds after the server comes back online, the server's state is updated to 'Active' in the database and that server becomes available to boot any assigned target devices. If the server was also configured for HA, it now becomes available as a failover server. To initiate target device failover to another server and mark a Provisioning Server as down: 1. Highlight the Provisioning Server in the Console. 2. Select the Mark Server as Down menu option.
Deleting a Provisioning Server

Occasionally, it may be necessary to delete a Provisioning Server from the list of available Provisioning Servers in a farm. 94
Note: Before you can delete a Provisioning Server, you must first mark the server as down or take the server off line, otherwise the Delete menu option will not appear. The Stream Service can not be deleted. When you delete a Provisioning Server, you do not affect vDisk image files or the contents of the server drives. However, you do lose all paths to the vDisk image files on that server. After deleting a Provisioning Server, target devices are no longer assigned to any vDisk image files on that server. The target device records remain stored in the Virtual LAN Drive database, but the device cannot access any vDisk that was associated with the deleted Provisioning Server. Note: If there are vDisks associated with the Provisioning Server being deleted, it is recommended that backup copies are created and stored in the vDisk directory prior to deleting. To delete a Provisioning Server: 1. In the Console, highlight the Provisioning Server that you want to delete, then select Show connected devices from the Action menu, right-click menu, or Action pane. The Connected Target Devices dialog appears. 2. In the Target Device table, highlight all devices in the list, then click Shutdown. The Target Device Control dialog appears. 3. Type a message to notify target devices that the Provisioning Server is being shut down. 4. Scroll to select the number of seconds to delay after the message is received. 5. If the Stream Service is running on the Provisioning Server, stop the Stream Service (Starting, Stopping, or Restarting Provisioning Services on page 95). 6. Unassign all target devices from the Provisioning Server. 7. Highlight the Provisioning Server you want to delete, then choose Delete from the Action menu, right-click menu, or Action pane. A delete confirmation message appears. 8. Click Yes to confirm the deletion. The Provisioning Server is deleted and no longer displays in the Console.
Starting, Stopping, or Restarting Provisioning Services

Note: If the Stream Service you are trying to start, stop, or restart, is not on the local machine, then the logged-in user must have Windows security permissions and be assigned the appropriate Provisioning Server administrative role to start or stop services on the selected Provisioning Server.
95
Chapter 8
Managing Provisioning Servers To start, stop, or restart Provisioning Services on a Provisioning Server: 1. Highlight the Provisioning Server in the Console, than select the Stream Services menu option from the Actions menu, right-click menu, or Actions pane. The Provisioning Server Control dialog appears. 2. Select from the following menu options: Option Description Start Stop Starts the Stream Service Places the Provisioning Server in off-line mode
Restart After modifying Provisioning Server settings, such as adding or removing IPs, restart the Stream Service 3. Highlight the Provisioning Servers that you want to take action on, then click that action's button. 4. Click Close to exit the dialog.
Showing Provisioning Server Connections

To view and manage all target device connections to the Provisioning Server: 1. Highlight a Provisioning Server in the Console, then select Show connected devices from the Action menu, right-click menu, or Action pane. The Connected Target Devices dialog appears. 2. Select one or more target devices in the table to perform any of the following connection tasks: Option Description
Shutdown Shuts down target devices that are highlighted in the dialog. Reboot Message Reboots target devices that are highlighted in the dialog. Opens the Edit Message dialog to allow you to type, and then send a message to target device(s) highlighted in the dialog.
When selecting Shutdown or Reboot, a dialog opens providing the option to type a message that displays on the effected devices. The Shutdown or Reboot options can be delayed by entering a delay time setting. If a message appears confirming that the target device was successfully shut down or rebooted, but the icon in the Console window does not change accordingly, select the Refresh button.
96
Balancing the Target Device Load on Provisioning Servers

To achieve optimum server and target device performance within a highly available network configuration, implement load balancing for each vDisk by enabling it on the vDisk Properties' General tab (for details, refer to High Availability Option Overview on page 203 and vDisk Properties on page 103). With the load balancing algorithm implemented, Provisioning Services continuously redistributes target devices between servers qualified to provide that vDisk; preventing any one server from becoming overloaded. After enabling load balancing for the vDisk, the following additional load balancing algorithm customizations can be set: w Subnet Affinity When assigning the server and NIC combination to use to provide this vDisk to target devices, select from the following subnet settings: None ignore subnets; uses least busy server. Best Effort use the least busy server/NIC combination from within the same subnet. If no server/NIC combination is available within the subnet, select the least busy server from outside the subnet. If more than one server is available within the selected subnet, perform load balancing between those servers. Best Effort is the default setting. Fixed use the least busy server/NIC combination from within the same subnet. Perform load balancing between servers within that subnet. If no server/NIC combination exists in the same subnet, do not boot target devices assigned to this vDisk. w Rebalance Enabled using Trigger Percent Enable to rebalance the number of target devices on each server in the event that the trigger percent is exceeded. When enabled, Provisioning Services checks the trigger percent on each server approximately every ten minutes. For example: If the trigger percent on this vDisk is set to 25%, rebalancing occurs within ten minutes if this server has 25% more load in comparison to other servers that can provide this vDisk. Note: The load balance algorithm takes into account the Provisioning Server Properties on page 84 of each server when determining load. Load balancing will not occur if: w less than five target devices are using a particular server w the average number of target devices using all qualifying servers is less than five w the number of target devices that are booting on a given server is more than 20% of the total number of devices connected to the server (preventing load shift thrashing during a 'boot storm') Load balancing is also considered when target devices boot. Provisioning Services determines which qualified Provisioning Server, with the least amount of load, should 97
Chapter 8
Managing Provisioning Servers provide the vDisk. Whenever additional qualified servers are brought online, rebalancing will occur automatically. To implement load balancing in a HA network configuration w Assign a power rating to each Provisioning Server on the Provisioning Server Properties on page 84. w For each vDisk, select the load balancing method and define any additional load balancing algorithm settings on the vDisk Properties on page 103. Note: Target devices that are not using a vDisk that is in HA mode will not be diverted to a different server. If a vDisk is misconfigured to have HA enabled, but they are not using a valid HA configuration (Provisioning Servers and Store , target devices that use that vDisk can lock up. To rebalance Provisioning Server connections manually 1. In the Console, highlight the Provisioning Servers to rebalance, right-click then select the Rebalance devices menu option. The Rebalance Devices dialog appears. 2. Click Rebalance. A rebalance results message displays under the Status column. 3. Click Close to exit the dialog.
Checking for Provisioning Server vDisk Access Updates

To check for updates to vDisks that the selected Provisioning Server has access to: 1. Right-click the Provisioning Server in the details pane, then select Check for updates. 2. Select the Automatic... or Incremental... menu option. 3. Click OK on the confirmation message that appears. The vDisk is automatically updated or is scheduled to be incrementally updated.
Configuring Provisioning Servers Manually

If you are setting up a remote Provisioning Server, or have special requirements, you will need to configure and start your Stream Services manually. The Configuration Wizard needs to be run on remote Provisioning Servers to insure that all settings are configured properly. Failure to run the Configuration Wizard may make it impossible for you to map a vDisk. Refer to the Installation and Configuration Guide if you are running the Configuration Wizard for the first time.
Re-Running the Configuration Wizard

The Configuration Wizard can be used when updating the Stream Service if the IP address of your Provisioning Server changes. If you change your Provisioning Servers IP 98
Administrator's Guide address for any reason, simply re-run the Configuration Wizard and choose the new IP address when prompted to do so. Completing the Configuration Wizard resets the appropriate IP addresses in the configuration and restarts the Stream Service.
Starting and Configuring the Stream Service Manually

After configuring the Stream Service, you must start the service for the change to take effect. It is highly recommended to set the service to start automatically each time a Provisioning Server boots. Note: The Configuration Wizard starts and configures the necessary services to start automatically. If you need to start and configure the services manually, see the instructions below. The Stream Service needs to be started in order for the Provisioning Server to operate. Start the following boot services if they have not yet been started: w BOOTP Service or PXE Service w TFTP Service To manually start services: 1. From the Windows Start menu, select Settings, and then click Control Panel. 2. From the Control Panel, double-click the Administrative Tools icon. 3. From the Administrative Tools window double-click on the Services icon. The Services window appears. 4. From the Services window, right click on the service you want to start, then select Start. To manually configure services to start automatically upon booting the Provisioning Server: 1. From the Windows Start menu, select Settings, then click Control Panel. 2. From the Control Panel, double-click the Administrative Tools icon. 3. From the Administrative Tools window double-click on the Services icon. The Services window appears. 4. Right-click the service you want to configure, then select Properties. 5. Change the Startup Type to Automatic to configure the service to start automatically each time the system boots.
99
Chapter 8
100
Chapter 9
Managing vDisk
Topics:
vDisk Properties Managing vDisks A vDisk is an image file stored on a Provisioning Server or remote storage location, which acts as a hard disk for a target device. When creating a vDisk image file, keep the following facts in mind: w For organizational purposes, it is best to store vDisk image files in one directory. For large implementations with many target devices, spreading the I/O across multiple disks can increase efficiency. w You can create as many vDisk image files as you want, as long as you have enough space available on the Provisioning Server, or on the storage device containing the vDisk image files. w vDisk files use FAT or NTFS file systems. EXT2 and EXT3 can be used for Linux. w Depending upon the file system used to store the vDisk, the maximum size of a vDisk is 2 terabytes (NTFS) or 4096MB (FAT). w A vDisk may be shared (Standard Image) by one or more target devices, or it can exist for only one target device to access (Private Image). w vDisks can be booted directly from a Windows Virtual Server or Hyper-V without having to stream. w The vDisk image is created using the Imaging Wizard utility and vDisk file is created and configured using the Console.
vDisks in the Console

In the Console, a new vDisk can be created by right-clicking on the vDisk Pool or the Store, and then selecting the Create new vDisk menu option. Once created, vDisks display in the details pane when a sites vDisk pool is selected, or when a store in the farm is selected. Your administrator role determines what displays and which tasks you can perform in the Console. For example, you can view and manage vDisks in sites in which you are a site administrator. However, unless the farm administrator sets a 101
Chapter 9
Managing vDisk site as the owner of a store, the site administrator can not perform store management tasks. To view the properties of a vDisk, right-click on the vDisk, then select Properties. To view the tasks that can be performed on a vDIsk, refer to Managing vDisks on page 108 to view properties for that vDisk.
102
vDisk Properties
In the Console, the vDisk Properties dialogs allows you to modify vDisk configuration settings. To view an existing vDisks properties, choose one of the following methods: w Highlight a vDisk, then select Properties from the Action menu to display general vDisk properties, or select File Properties for file details and setttings. w Right-click on the vDisk, then select Properties. w Double-click on the vDisk in the details pane. The following vDisk Properties exist: w Properties General Tab on page 103 w vDisk file Properties General Tab for vDisk file on page 105 Mode Tab for vDisk file on page 105 Identification Tab for vDisk file on page 106 Microsoft Volume Licensing Tab for vDisk file on page 107 Options Tab for vDisk file on page 108
General Tab
Field/Button Store Site Filename Description BIOS menu text (optional) Description The name of the store where the vDisk resides. This property can not be modified in this dialog. The name of the site where this vDisk is a member of its vDisk Pool. This property can not be modified in this dialog. The filename that was given to this vDisk when it was created. This property can not be modified in this dialog. A brief description that identifies this vDisk. This field is optional and allows you to enter a menu text that will display on the target device when that device starts. The user can then select which vDisk to boot from. Note: Important. If vDisks with the same name from different Stores are assigned to the same User Group or
103
Chapter 9
Managing vDisk
Field/Button
Description target device, they display as duplicate names in the menu unless different menu text or descriptions are provided.
Load Balancing
Provides the option to use (or not use) a load balancing algorithm to select the server that is least busy to provide this vDisk to target devices. If using HA, a load balancing method must be selected. To assign a specific server to provide this vDisk, enable the Use this server to provide the vDisk radio button. To use a load balancing algorithm to determine which server should provide this vDisk, enable the Use the load balancing algorithm radio button, then select from the following load balancing options: Subnet Affinity. When assigning the server and NIC combination to use to provide this vDisk to target devices, select from the following subnet settings: w None ignore subnets; uses least busy server. w Best Effort use the least busy server/NIC combination from within the same subnet. If no server/NIC combination is available within the subnet, select the least busy server from outside the subnet. If more than one server is available within the selected subnet, perform load balancing between those servers. Best Effort is the default setting. w Fixed use the least busy server/NIC combination from within the same subnet. Perform load balancing between servers within that subnet. If no server/NIC combination exists in the same subnet, do not boot target devices assigned to this vDisk. Rebalance Enabled. Enable to rebalance the number of target devices on each server in the event that the trigger percent is exceeded. When enabled, Provisioning Services checks the trigger percent on each server every ten minutes. Enabled by default. Note: Rebalancing will not occur if there are less than five target devices on each server, or if more than 20% of the target devices are currently booting. A target device that is currently booting will not be moved to a different server. Trigger Percent The percent of overload that is required to trigger the rebalancing of target devices. For example: If the trigger percent is equal to 25%, rebalancing occurs if
104
Field/Button
Description this server has 25% more load in comparison to other servers that can provide this vDisk. Values between 5 - 5000; default is 25. The server power rating that is assigned to each server is also factored in when determining load distribution. Refer to Provisioning Server Properties on page 84 for details. For more details about load balancing, refer to Balancing the Target Device Load on Provisioning Servers on page 97.
Allow use of this vDisk Edit file properties button
If this checkbox is checked, the vDisk becomes locked and can not be used by any target device within the farm. This option is helpful when performing vDisk maintenance. To modify the file properties associated with this vDisk, click the Edit file properties button. vDisk file properties tabs are defined in the tables that follow.
General Tab for vDisk file

Field/Button Name Size Description Class Description Displays the name of this vDisk file. The size of the vDisk file. Provides a brief description of the vDisk file. Enter a class to associate to the vDisk file. This field is used with Automatic Disk Update and the Managed Disk Feature in order to match new vDisk file to the appropriate target devices. Up to 40 characters can be entered. Enter a type to associate with the vDisk file. This field is used in Automatic Disk Update, in order to match the new vDisk file to the old file. Up to 40 characters can be entered.
Type
Mode Tab for vDisk file

Field/Button Access mode Description Select the vDisk access mode: Private Image for use with a single target device, which has read and write access 105
Chapter 9
Managing vDisk
Field/Button
Description Standard Image for use with multiple target devices, which have write-cache enabled. Difference Disk Image for use with multiple target devices, which have read and write access to a difference disk. For Standard Image only, select the write cache type w Cache on server disk w Cache on encrypted on server disk w Cache in device RAM w Cache on devices hard-drive w Cache encrypted on device hard-drive Cache Size (MBs) If you select Standard Image and Cache in target device RAM, select the cache size in megabytes. The max size of the RAM write cache is determined by the registry setting WcMaxRamCacheMB in the BNIStack Parameters. This is a DWORD parameter. If the registry entry does not exist, then the default value used is 3584 MB.
Enable Automatic Updates
Enables the Automatic Disk Update process on this vDisk file. Select either of the following update processes: Apply vDisk updates as soon as they are detected by the server; select to apply updates as they are detected. Schedule the next vDisk update to occur on; select to schedule the disk update, then select the date to run the update process. The update process attempts to find a match for the selected vDisk file on already existing target devices and user groups, and then tests for an automatic update.
Identification Tab for vDisk file

Field/Button Version (Major, Minor, Build) Description Version number for use by the Automatic Disk Image update feature and the Incremental Disk Update feature. With the Automatic Disk Image Update feature, if the new vDisk version is greater than the old image version, the vDisk image is replaced for matching Class and Type images.
106
Field/Button
Description Precedence is: Major, then Minor, then Build. With the Incremental Disk Update feature, the delta file version must match the version number of the vDisk or the delta file is not applied.
Serial
Initially set to a random Globally Unique Identifier (GUID). The user can set the serial number as needed. The serial number is used in the Incremental Disk Update feature to ensure that a delta file is applied to the correct vDisk image file. For users informational use only. Initially set to a string representing the creation date of the image file. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation. For users informational use only. Set as appropriate for your installation.
Date Author Title Company Internal Name Original File Hardware Target
Microsoft Volume Licensing Tab for vDisk file

Field/Button Microsoft Volume Licensing Description If using Microsoft KMS or MAK volume licenses for target devices using this vDisk image, select that licensing option from those listed below. Otherwise, select None. Note: The vDisk license mode must be set before target devices can be activated. w None w Key Management Service (KMS) w Multiple Activation Key (MAK) 107
Chapter 9
Managing vDisk
Field/Button
Description Note: In order for MAK licensing to work, the Volume Activation Management Tool (VAMT) must be installed on all login servers within the farm. This tool is available from http://www.microsoft.com/downloads/en/ details.aspx?FamilyID=ec7156d2-2864-49eebfcb-777b898ad582&displaylang=en.
Options Tab for vDisk file

Field/Button High Availability Description To enable the High Availability option on all target devices and user groups that use this vDisk file, check the High availability (HA) checkbox. Check the Active Directory machine account password management checkbox to enable the Active Directory password management features. If your target devices belong to a domain and share a vDisk, also refer to the Active Directory section on the Options tab of the Provisioning Server Properties dialog. Check the Printer management option if you are not using a different printer system that installs valid printers on each target device. To view printer details for an individual target device, refer to the Target Device Properties vDisk tab, then click the Printers button.
Active Directory machine account password management
Printer management
Managing vDisks
To manage vDisks, choose from the tasks that follow. vDisk Files w Creating and Formatting a New vDisk File on page 110 w Assigning vDisks to Target Devices on page 145 vDisk Images w Using the Imaging Wizard on page 109 w Building a Common Image on page 115 vDisk Maintenance 108
Administrator's Guide w Configuring vDisk Modes on page 118 w Adding Existing vDisks to a vDisk Pool or Store on page 119 w Assigning vDisks to Target Devices on page 145 w Assigning a vDisk to a User Group on page 173 w Viewing vDisk Usage on page 120 w Releasing vDisk Locks on page 120 w Deleting a vDisk on page 121 w Deleting Cache on a Difference Disk on page 122 w Copying vDisks to Different Locations on page 122 w Copying and Pasting vDisk Properties on page 123 w Backing Up a vDisk on page 123 w Updating vDisks on page 123 w Using Maintenance Utilities with a vDisk on page 130 w Working with Physical Disks and vDisks on page 130 w Accessing Auditing Information on page 245 w Configuring a vDisk for Microsoft Volume Licensing on page 130
Using the Imaging Wizard

Use the Provisioning Services Imaging Wizard to create a vDisk image from the master target device. Prerequisites w Enable Windows Automount on Windows Server operating systems. w Remove any virtualization software before performing a conversion. w Disable Windows Autoplay. w Remove any virtualization software before performing a conversion. w Verify adequate free space exists on the destination, which is approximately 101% of used space on the source volumes. w Select a NIC for imaging that has a binding to Provisioning Services, which is the NIC binding chosen during the installation of the Target Device software. 1. From the Master target device's Windows Start menu, select Citrix>Provisioning Services>Imaging Wizard. The wizard's Welcome page appears. 2. Click Next. The Connect to Farm page appears. 109
Chapter 9
Managing vDisk 3. Enter the name or IP address of a Provisioning Server within the farm to connect to and the port to use to make that connection. 4. Use the Windows credentials (default), or enter different credentials, then click Next. If using Active Directory, enter the appropriate password information. 5. On the Microsoft Volume Licensing page, select the volume license option to use for target devices or select None if volume licensing is not being used: None Key Management Service (KMS) Note: Additional steps are required to implement KMS licensing after the vDisk image is created. Refer to Managing Microsoft KMS Volume Licensing in the Administrator's Guide for details. Multiple Activation Key (MAK) Note: For information on managing MAK Licensing refer to Activating Microsoft MAK Volume Licensing in the Administrator's Guide. 6. Select to create a new vDisk (default), or use an existing vDisk by entering that vDisks name, then click Next. The Add Target Device page appears. 7. Enter the target device name, MAC, and which collection to add this device to, then click Next. If the target device is already a member of the farm, the Existing Target Devices page appears. 8. Click Next. The Summary of Farm Changes appears. 9. Verify all changes, then click Next. A confirmation message displays. 10. Click Yes on the confirmation message to start the imaging process.
Creating and Formatting a New vDisk File

The following lists the major steps involved in creating and configuring the vDisk file: w To create a new vDisk file in the database on page 111 w To format a vDisk on page 111 w To unmount a vDisk on page 113
110
To create a new vDisk file in the database

1. In the Console tree, right-click on the vDisk Pool in the site where you want to add those vDisks, then select the Create vDisk menu option. The Create vDisk dialog appears. 2. If you accessed this dialog from the sites vDisk pool, in the drop-down menu, select the store where this vDisk should reside. If you accessed this dialog from the store, from the drop-down menu, select the site where this vDisk will be added. 3. In the Server used to create the vDisk drop-down menu, select the Provisioning Server that will create the vDisk. 4. Type a filename for the vDisk. Optionally, type a description for this new vDisk in the description textbox. 5. In the Size text box, scroll to select the appropriate size to allocate for this vDisk file. If the disk storing the vDisk images is formatted with NTFS, the limit is approximately 2 terabytes. On FAT file systems, the limit is 4096 MB. 6. In the VHD Format text box, select the format as either Fixed or Dynamic (2040 GB for VHD emulating SCSI; 127 GB for VHD emulating IDE). 7. Click Create vDisk, a progress dialog opens. Depending on the disk size and other factors, it may take several minutes or more to create the vDisk. After the vDisk is successfully created, it displays in the Consoles details pane and is ready to be formatted. 8. Right-click on the vDisk in the Console, then select Mount vDisk. The vDisk icon displays with an orange arrow if mounted properly. A vDisk image can not be assigned to, or boot from a target device until that target device exists in the Provisioning Services database. After creating the target device, in the Console, select the Hard Disk boot option.
To format a vDisk
In order for a target device to access the new vDisk, after you have created and allocated space for the vDisk file on the Provisioning Server, you must format the vDisk. Note: vDisks for use by Linux target devices are formatted automatically using the Linux image.sh. Select from one of the following vDisk formatting methods: w To format a mounted vDisk from the Console on page 111 w To format a mounted vDisk from the target device on page 112
To format a mounted vDisk from the Console

From the Provisioning Server, the vDisk should appear as a drive to the operating system. Note: The disk used as the vDisk mounting point is always visible to the operating system, even when a vDisk has not been mounted. When Provisioning Services 111
Chapter 9
Managing vDisk
software is installed on the server, this drive is created. The drive letter will be the next available drive letter on your system. (For example, if your Provisioning Server has an A: drive, C: drive and D:). When mounting a vDisk in Windows 2003 Enterprise or Windows 2008 Enterprise, the vDisk is not assigned a drive letter. This is due to enhanced security in Windows, which does not acknowledge the new plugged-in disk until the user manually brings it online once 1. Open a Windows Explorer window (click My Computer on the Desktop or on the Start Menu). 2. Right-click on the vDisk, then select Format. Note: Formatting erases all data stored on the vDisk. You should only format new vDisks that have not yet been imaged from the target device hard disk. 3. Create a descriptive name for the volume label for the vDisk. 4. Click Start, then click OK on the warning message that appears. 5. After formatting, close Windows Explorer. Continue on to Unmounting a vDisk.
To format a mounted vDisk from the target device

1. Ensure that the target device software is installed on the target device. 2. In the Console, create a new vDisk on the Provisioning Server. Assign this vDisk to the Master Target Device. 3. From the Console, configure the target device to boot from its local hard disk, NOT to the assigned vDisk. 4. PXE-Boot the target device. Once started, confirm connectivity from the target device to the Provisioning Server. When the connection is inactive the TargetDevice status icon in the system tray has a red X on itif there is no red X, then the connection is good. 5. Access the Disk Management utility in Windows by right-clicking My Computer on the desktop and selecting Manage. The Computer Management window should appear. 6. Select Disk Management from the left window pane. The right window pane will display all of the storage devices connected to the target device. 7. Identify the vDisk as the next available storage device after the boot disk (C:) and any additional physical drives connected to the computer. For example, if the target device has two physical drives, a primary boot disk labeled C:, and an additional storage device labeled D:, then the vDisk will be labeled E:. 8. Right-click the vDisk in the right window pane and select Format.
112
Administrator's Guide 9. Type a Volume Label if desired, such as vDisk1. 10. Select the desired file system, such as NTFS. Leave the Allocation unit size to the default setting. 11. Select Perform a quick format. Leave the box labeled Enable file and folder compression unchecked, then click OK. 12. Once the format is complete the disk should have a status of Healthy on the right window pane. The disk is now formatted and ready to be imaged from the Master Target Device.
To unmount a vDisk
Mounted vDisks cannot be used by target devices. To unmount a vDisk and make it available to target devices, in the Console, right-click on the vDisk, then select the Unmount vDisk vDisk name option.
Create and Assign a Target Device

To create a target device entry in the database
1. Right-click on the collection where this target device will reside. 2. Select Create Device. The Create Device dialog box appears. 3. Type the name and MAC address of the device, and optionally a description for that device, then click OK.
To assign a vDisk to a target device

1. In the Console tree, expand the Device Collections folder, then click on the collection folder where this target device is a member. The target-device displays in the details pane. 2. Right-click on the desired target device, then select Properties. The Target Device Properties dialog appears. 3. On the General tab, select Hard Disk from the Boot from option. 4. Click on the vDisks tab, then select the Add button within the vDisk for this Device section. The Assign vDisks dialog appears. 5. To locate vDisks to assign to this target device, select a specific store or server under the Filter options, or accept the default settings, which includes All Stores and All Servers. 6. In the Select the desired vDisks list, highlight the vDisks to assign, then click OK, then OK again to close the Target Device Properties dialog. Note: In the Console window, use the drag-and-drop feature to quickly assign a vDisk to all target devices in a collection.
113
Chapter 9
Managing vDisk
Building the vDisk Image

How you build the vDisk depends on if you are using Windows or Linux. w Using the Imaging Wizard on page 109 w Imaging Linux Target Devices on page 114
Imaging Windows Target Devices

To image a Windows Target Device, refer to Using the Imaging Wizard on page 109
Imaging Linux Target Devices

Linux pre-imaging considerations w Prior to imaging, a master target device is generally customized by the user. However, during the imaging process and every subsequent boot process, the /etc/ {fstab, hosts, resolv.conf} files are modified by Provisioning Services so that the machine can boot as a diskless device. If these files were customized prior to imaging, they will be overwritten. w Prior to imaging a Ubuntu device, complete the following: a. Install Provisioning Services on the master target device, then reboot the system. b. After Windows Manager starts and the user logs in, click the Network Manager icon in the system tray, then click Manual Configuration.... The Network Settings dialog appears. c. Click the Unlock button, then enter the user's password. The Network settings dialog appears. d. Highlight the interface that Provisioning Services will use to stream the operating system, then click the Properties button. The properties dialog appears. e. Uncheck the Enable Roaming Mode option, then set the Configuration: field to Automatic Configuration (DHCP). f. Save and exit open dialog boxes. The Ubuntu device is now ready for imaging. Image the Linux target device 1. On the Target Device Properties tab, configure the target device to boot from the hard drive and assign a vDisk to it. 2. Boot the Master Target Device and login as root. 3. Verify that the Master Target Device is connected to the Provisioning Server. This can be done by looking for a padlock next to the name of the Master Target Device in the list of target devices in the Provisioning Server Console. 4. To image the Master Target Device's hard drive to the vDisk, open a terminal and enter the directory into which Provisioning Services target device software was installed. By default, this is /root/citrix. 114
Administrator's Guide 5. At the Console prompt, issue the following command: #sh image.sh 6. After the Linux Imager application starts, click Image. 7. Click Begin to begin the imaging process. Allow the imaging process to complete. 8. Click Done to close the Linux Imager application. 9. Shut down the target device. The target device can now be set to boot from the vDisk. Use the General tab on the Consoles Target Device Properties dialog to set the target device to boot from the vDisk. Optionally, disconnect the hard disk on the target device.
Building a Common Image

The Common Image feature allows a single vDisk to simultaneously support different motherboards, network cards, video cards and other hardware devices. The result is a vDisk capable of being used by heterogeneous target devices, greatly reducing the number of vDisks an administrator must maintain.
Prerequisites
w Make sure all target devices that will use the common image have the a consistent HAL -- that is, they must have the same number of logical processors. Note: A single processor hyper-threading capable system is considered to have two logical processors when the hyper-threading is enabled in the BIOS. w The BIOS structure, which is presented to the OS during the boot process, must be of the same format for all target devices that share a Standard Image. The BIOS Structure contains a list of all the components connected to the motherboard so that the appropriate drivers are loaded to allow the components to function properly. w Have either a 3Com Managed PC Boot Agent (MBA) or a PXE-compliant NIC available. This card is the common NIC that is inserted into each target device during the Common Image build process. w Install all the latest device drivers on each target device. w Device drivers are missing if devices do not respond after you configure the common image. For example, if a target devices USB mouse and keyboard do not respond after you assign the common image to the target device, it is likely that you have not installed drivers for that target devices chipset. Go to device manager and check to insure no yellow exclamation mark display on any devices, especially USB Root HUBs and controllers. w Determine which target device contains the latest motherboard chipset. This target device is used as the first target device in the common image build process. The latest Intel chipset driver always contains all the drivers for the previous chipset, therefore it is not necessary to install as many drivers when you build the common image.
115
Chapter 9
Managing vDisk w Except on the first target device, disable built-in NICs on all target devices that will use the common image (leave the built-in NIC on the first target device enabled). This prevents confusion about which NIC to use during the common image building process w Install Provisioning Services components
Building the Common Image

The steps for building a common image are presented in several short procedures: w Configuring the Master Target Device on page 116 w Exporting Specific Data Files on page 116 w Booting the Master Target Device on page 117 w Adding Additional Target Devices to the Common Image on page 117 Note: Important! When building the common image, create a vDisk that has enough space to accommodate additional information that is added by the common image build process.
Configuring the Master Target Device

1. Insert the common NIC into the Master Target Device. 2. Install the target device software on the Master Target Device. Select both the common NIC and built-in NICs during the installation process. 3. Create a vDisk, then mount, format, and unmount it. You must create a vDisk that has enough space to accommodate additional information added by the common image build process. 4. Run the Imaging Wizard on the target device to build the vDisk. 5. (Recommended) Make a copy of the original vDisk created in Step 3 and save it in the vDisk directory on the Provisioning Server. 6. On the first target device, copy CIM.exe from C:\Program Files\Citrix \Provisioning Services to a removable storage device, such as a USB flash drive. This utility is used to include disparate target devices in the common image. 7. Shut down the Master Target Device and remove the common NIC.
Exporting Specific Data Files

1. Insert the common NIC into a target device that will be added to the common image, then boot the target device from its local hard drive. Note: Although the Windows OS must be installed on this target device, the target device software does not have to be installed. 2. Copy CIM.exe from the removable storage device to this target device.
116
Administrator's Guide 3. At a command prompt, navigate to the directory in where CIM.exe is located, then run the following command to extract the information form the target device into the .dat file: CIM.exe e targetdeviceName.dat where targetdeviceName identifies the first target device that will use the common image. For example, TargetDevice1.dat. Copy the .dat file created in Step 3 to the removable storage device. 4. Shut down the target device and remove the common NIC. To include additional target devices with disparate hardware in the common image, repeat Step1 through Step 6 for each device, giving each .dat file a unique name.
Booting the Master Target Device

1. Reinsert the common NIC into the Master Target Device. Insert the NIC into the same slot from which it was removed during the Configuring the Master Target Device on page 116 procedure. Before booting the Master Target Device, enter the BIOS setup and verify that the common NIC is the NIC used in the boot process. 2. Using the common NIC, boot the Master Target Device from the vDisk, in Private Image mode. 3. Copy CIM.exe and the .dat file associated with the first target device from the removable storage device to the Master Target Device. 4. At a command prompt, navigate to the directory where the CIM.exe and the .dat file are located. 5. Run the following command to merge the information from the .dat file into the common image: CIM.exe m targetdeviceName.dat 6. Shut down the Master Target Device.
Adding Additional Target Devices to the Common Image

1. Insert the common NIC into additional target devices that will be included in the Common Image. Insert the NIC into the same slot from which it was removed in the Exporting Specific Data Files on page 116 procedure. 2. Using the common NIC, boot the target device off the vDisk in Private Image mode. 3. Allow Windows time to discover and configure all the device drivers on the target device (this will take some time). If prompted by the Found New Hardware Wizard to install new hardware, Cancel out of the wizard and proceed to Step 4. Note: If Windows cant install drivers for the built-in NIC on a target device, and the drivers can not be installed manually, the common NIC and the target devices built-NIC are very similar to each other and the driver installation program tries to update the driver for both NICs. For example, this happens if the common NIC is an Intel Pro 100/s and the target devices built-in NIC is an Intel Pro 100+. To resolve this conflict, open System Properties. On the Hardware tab, click the Device Manager button. In the Device Manager list, right-click the built-in NIC and 117
Chapter 9
Managing vDisk click Update Driver to start the Hardware Update Wizard. Choose Install from a list or specific location and specify the location of the NIC's driver files. 4. Open Network Connections, right-click the connection for the built-in NIC and click Properties in the menu that appears. (The icon for the built-in NIC is marked with a red X.) 5. Under This connection uses the following items, select Network Stack and click OK. 6. From a command prompt, run the following command: C:\Program Files\Citrix\Provisioning Server\regmodify.exe Note: After completing Steps 4-6, reboot the target device and allow Windows to discover and configure any remaining devices. If prompted by the Found New Hardware Wizard to install new hardware, proceed through the Wizard to complete the hardware installation. 7. Using the original vDisk, repeat Step1 through Step 6 for each of the additional target devices to be included in the Common Image. 8. Once target devices have been included in the Common Image, on the Console, set the disk access mode for the Common Image vDisk to Standard Image mode, then boot the devices.
Configuring vDisk Modes

vDisk access modes are selected using the Console. The vDisk modes that you can choose from include: w Private Image Use this mode if a vDisk is only used by a single target device (read/ write access is enabled). w Standard Image Use this mode if a vDisk is shared by target devices and uses writecache options. w Difference Disk Image Use this mode to save changes between reboots, by retrieving changes made from previous sessions that differ from the read only vDisk image. To configure the vDisk mode: Note: Only those write cache options that are supported for the selected vDisk Access Mode appear enabled. 1. On the Console, right-click on the vDisk for which you want to configure the vDisk access mode, then select File Properties. The vDisk Properties dialog appears. 2. Click on the Mode tab, then select the image mode that applies to this vDisk from the Access Mode drop-down menu.
118
Administrator's Guide 3. From the Cache-Type drop-down list, select from the following write cache methods: Cache on server disk Cache encrypted on server disk Cache in device RAM Cache on devices HD Cache encrypted on devices HD Note: Refer to the Product and Technology chapter detailed cache option information and considerations. If the cache on local hard-drive type is selected, ensure that the hard-disk drive is formatted with either EXT2 or EXT3 file system type for Linux devices, or NTFS for Windows devices with a minimum of 500 MB. If the cache on the target device RAM and Standard Image mode are selected, the max size of the RAM write cache is determined by the registry setting WcMaxRamCacheMB in the BNIStack Parameters. This is a DWORD parameter. If the registry entry does not exist, then the default value used is 3584 MB. 4. Click OK to exit the Disk Properties dialog.
Adding Existing vDisks to a vDisk Pool or Store

If vDisks exist in a store, and those vDisks will be used by target devices in your site, you can easily add them to the sites vDisk Pool by selecting the Consoles Add existing vDisks right-click menu option. This option is available from the vDisk Pool folder and from a store folder. To add existing vDisks to a site: 1. Verify the following: Other servers have access to the shared folder where the store is located. The new server is associated with that store. Enable the Use the load balancing algorithm in that vDisks properties. 2. In the Console tree, right-click on the vDisk Pool in the site where you want to add those vDisks, or right-click on the store where those vDisks exist, then select the Add existing vDisk menu option. The Add Existing vDisks dialog appears. 3. If you accessed this dialog from the sites vDisk pool, select the store to search from the drop-down menu. If you accessed this dialog from the store, select the site where vDisks will be added from the drop-down menu. 4. In the Select the server to use when searching for new vDisks drop-down menu, select the Provisioning Server that will perform the search. Click Search. Any new vDisks that do not exist in the database display in the text box below. 119
Chapter 9
Managing vDisk 5. Check the box next to each vDisk that you want to add, or click Select All to add all vDisks in the list, then click Add.
Viewing vDisk Usage

By right-clicking on a vDisk in the Console window, you can choose to view: w View target device connections to a vDisk on page 120 w View target devices currently being served by a Provisioning Server on page 120
View target device connections to a vDisk

To view target devices that are connected to a specific vDisk: 1. Right-click a vDisk in the Console, then select the Show usage menu option. The Show vDisk Usage dialog appears. 2. Select one or more target devices in the list to perform any of the following target device connection tasks: Shut Down shuts down the target device Reboot reboots the target device Send Message opens the Edit Message dialog to allow you to type, and then send a message to target devices.
View target devices currently being served by a Provisioning Server

To view all target devices currently being served by a Provisioning Server: 1. Right-click on a Provisioning Server in the Console, then select the Show Connected devices menu option. The Connected Target Devices dialog appears. 2. Select one or more target devices in the list to perform any of the following target device connection tasks: Shut Down shuts down the target device Reboot reboots the target device Send Message opens the Edit Message dialog to allow you to type, and then send a message to target devices.
Releasing vDisk Locks

Since multiple target devices and Provisioning Servers can gain access to a single vDisk image file, it is necessary to control access to prevent corruption of the image. Should a user accidentally assign a private image to multiple target devices, and then try to boot those target devices, a corrupt image would result. Therefore, the image becomes locked appropriately for a given configuration. The locked vDisk icon appears with a small lock on it. Be aware that under certain circumstances these locks may not be released properly. A lock on a vDisk image may not be released properly when a target device machine is 120
Administrator's Guide booted from a vDisk, and then fails (or power is lost). If the same target device boots again, the same lock is used and no problem occurs. However, if an administrator tries to mount the drive on the Provisioning Server after the target device has failed, the Provisioning Server will not be able to mount that vDisk because a lock is still held by the failed target device. The Administrator has the capability to release these locks. Note: Ensure that the vDisk is not in use before removing a lock. Removing a lock for a vDisk, which is in use, may corrupt the image. To release select vDisk locks: 1. In the Console, right-click on the vDisk for which you want to release locks, and then select the Manage Locks... option. The Manage VDisk Locks dialog appears. 2. If a vDisk has a target device lock on it, that target device name appears in the dialog's list. Select one or more target device from the list, then click Remove lock. You can also choose Select All to remove all target device locks on the this vDisk. 3. Click Close to close the dialog.
Unassigning vDisks from Target Devices

To unassign a vDisk from one or more target devices: 1. Select the vDisk in the Console, then right-click and select the Unassign from Selected Device(s) menu option. 2. In the Unassign from Devices dialog, select the devices to unassign to this vDisk, then click Unassign. 3. After the target devices are successfully unassigned, close the dialog.
Deleting a vDisk
Note: You cannot delete a vDisk if one or more target devices or user groups are currently assigned to it. Unassign all target devices from the vDisk, before attempting to delete it. To delete a vDisk: 1. In the Console, expand vDisk Pool in the tree, then highlight the vDisk that you want to delete in the details pane. 2. Right-click on the vDisk, then select Delete. The Delete vDisks dialog appears. 3. To permanently delete the vDisk from the hard drive, select the checkbox for deleting the vDisk from the hard drive option. Or, do not select the checkbox to delete the vDisk from the store and database. 121
Chapter 9
Managing vDisk Unless a backup copy is made before deleting a vDisk image file from the store, the vDisk image file is permanently deleted. 4. Click Yes. The vDisk is deleted.
Deleting Cache on a Difference Disk

The Delete Cache from Selected Device(s)... context menu option allows you to manually delete cache on a difference disk. The option is only available if the vDisk cache mode is set to Cache on Difference Disk. Write cache on a Difference Disk is automatically deleted if that file becomes invalid. For details refer to Difference Disk Image Mode. To delete a Difference Disk file: 1. In the Console, right-click on the vDisk that is associated with difference disk files to delete. Select the Delete Cache from Selected Device(s) menu option. The Delete Cache for Devices dialog appears. 2. Check each target device box for which the cache should be deleted, or click Select all to delete all cache files associated with this vDisk. 3. Click Delete to delete the cache files from the server.
Copying vDisks to Different Locations

Note: vDisks may not appear available to add if current permissions do not match the appropriate Provisioning Server permissions when these vDisks are created. For example, if the Provisioning Server services are run under the Network Service account, all vDisks must have their permissions properly set so that Provisioning Server can access them. To copy existing vDisks to different storage locations: 1. Ensure the .vhd file is not locked before copying, then using Windows Explorer, copy the .vhd and .pvp files, and paste these files to each new location. 2. In the Console tree, create a new store or select an existing store. 3. Right-click on the store where this vDisk will reside, then select Add Existing vDisk. (Right-clicking on a vDisk pool will also allow you to search for new vDisks). 4. Select the site where this vDisk will be available, and the Provisioning Server to use for searching, then click Search. 5. To add vDisks to the vDisk pool, check the boxes next to each vDisk to add (optionally, check the Enable load balancing for these vDisks option), then click Add. A confirmation message appears. 122
Administrator's Guide 6. Click Close to close the Add existing vDisks dialog.
Copying and Pasting vDisk Properties

Use the Copy and Paste options to copy properties of one vDisk to one or more vDisks in your network. To copy vDisk properties to one or more vDisks: 1. In the Console, right-click on the vDisk that has the properties settings that you want to share with other vDisks, then select Copy vDisk Properties. The Copy vDisk Properties dialog appears. 2. Select the checkboxes next to the properties that you want to copy to other vDisks, then click Copy. 3. In the details panel, highlight the vDisks that you want to paste properties settings to, then click Paste from the right-click menu.
Backing Up a vDisk
The Provisioning Server treats a vDisk image file like a regular file, but the target device treats it as a hard drive. The procedure for backing up a vDisk image file is the same as backing up any other file on your server. If a vDisk image file becomes corrupt, to restore it requires simply replacing the corrupted file with a previous, functional version. Do not back up a vDisk while it is in use or while it is locked. It is recommended to integrate the backing up of vDisks into your normal Provisioning Server backup routine.
Updating vDisks
When you create a vDisk, you can configure the vDisk so that if changes to the vDisk are detected, those changes are scheduled to be applied or automatically applied. The Check for updates menu option provides you with the option to check for automatic or incremental updates at anytime.
Choosing a vDisk Update Method

The Consoles Automatic vDisk update method allows groups of target devices to be automatically updated to use one or more new or delta vDisks on a scheduled basis. The new vDisks are usually newer versions of the current vDisks. The delta vDisks contain incremental changes that have been made to the current vDisk. You can schedule for automatic distribution of newer versions of vDisk images to one or more sites. vDisks can be configured to all be activated on a specific day, which permits all of your target devices to update to the new target device vDisk image software on the same day, regardless of when the new vDisk image file actually arrived at the site.
123
Chapter 9
Managing vDisk
Note: To use the Automatic vDisk Update feature, you must select the appropriate Provisioning Server and vDisk settings in the Console. If using the Difference Disk mode, updating a vDisk invalidates all associated Difference Disk files, causing the write cache on that file to be deleted automatically. Be sure to create backup copies of all Difference Disks before updating the vDisk. To check for vDisk updates 1. Right-click a vDisk pool in the Console tree, then select the Check for updates menu option. 2. Choose from the following vDisk update menu options: Automatic Incremental If updates are found, you can choose to automatically update those vDisks or schedule those updates.
Automatically Updating vDisks

This vDisk update method provides a way to change a vDisk without having to re-install a hard drive in a diskless target device, or reconfigure all your target device database records. Use this method when adding or removing third-party software applications or files to your vDisk. (This method is not intended for updating the target-device software). Setting vDisk Class and Type Properties The automatic update process takes advantage of the target device and disk properties of Class and Type. A Class can be assigned to target devices, user groups and vDisks. Additionally, the vDisk has the additional property, Type. In order for an automatic update to take place, the Class of the target device or user group and vDisk must match. Additionally, for a newer vDisk to replace an older vDisk within a target device or user group configuration, the vDisk Type of both vDisks must match. Since multiple, duplicate vDisk instances can exist within your implementation, and those vDisks can be assigned to one or more target devices or user groups (in the case of Provisioning Server Least Busy and First Available boot behaviors), it is necessary to further qualify the old vDisk that will be replaced by the new vDisk. This is the reason for the Type property of the vDisk. If you want to use the Automatic Disk Image Update feature, you should never assign more than one vDisk from the same Provisioning Server with the same Type, to the same target device or user group. Automatic Update Procedures Automatically Updating a vDisk consists of the following procedures: 1. Enable automatic updates on the original vDisk image file 2. Make a copy of the original vDisk to use to update another vDisk 3. Add the new vDisk file to the database
124
Administrator's Guide 4. Change the disk access mode 5. Assign the new vDisk 6. Boot the target device from the new vDisk 7. Add software or data files to the vDisk 8. Change the vDisk access mode of the new vDisk 9. Increment the version number 10. Update the vDisk These procedures are described in detail below.
Enable automatic updates on the original vDisk image file

1. In the Console, right-click on the original vDisk (ORIGINAL), then select File Properties. 2. Select the Mode tab. 3. Select the Enable automatic updates for this vDisk option, then click OK
Make a copy of the original vDisk to use to update another vDisk

1. On the Provisioning Server, open Windows Explorer. 2. Navigate to the directory where you store your vDisk image files. 3. Right-click on the vDisk image file (.vhd) and its properties file (.pvp) that you want to update, then select Copy from the shortcut menu. 4. Right-click again anywhere in the vDisk directory, then select Paste from the shortcut menu. 5. For each file, right-click on the file, then select Rename from the shortcut menu. Enter a new name for the files. (For the documentation purposes, the new vDisk file will be referred to as the NEW.vhd file). Select the Enable automatic updates for this vDisk option, then click OK. You should now have both the original vDisk image file (ORIGINAL.vhd; ORIGINAL.pvp) and a new copy of the vDisk image file (NEW.vhd; NEW.pvp) in your vDisk directory.
Add the new vDisk file to the database

Use the Console to Creating and Formatting a New vDisk File on page 110.
Changing the disk access mode

1. In the Console, right-click on the new vDisk file (NEW.vhd). 2. Select the File Properties menu option. 3. On the Mode tab, select Private Image, then click OK.
125
Chapter 9
Managing vDisk
Assigning the new vDisk

1. In the Console, right-click on a target device, then select Properties. 2. On the vDisks tab, select the original vDisk (ORIGINAL) from the vDisks list, then click the Remove button. 3. From the vDisks list, select the new vDisk (NEW), then click the Add button 4. Click OK to save the change
Booting the target device from the new vDisk

After assigning the new vDisk to the target device, boot the target device from the new vDisk (NEW) to confirm that the new vDisk was updated correctly.
Adding software or data files to the vDisk

1. On the master target device, install or remove the desired software or files. (For example, install a new software application or perform a live update of your antivirus definition files.) 2. When you have finished updating your new vDisk (NEW) with the desired software or file changes, shut down the target device.
Changing the vDisk access mode of the new vDisk

1. In the Console, right-click on the new vDisk (NEW), then select File Properties. 2. On the Mode tab, select the access mode to be exactly the same as that of your original vDisk (ORIGINAL). 3. From the cache drop-down menu, select the same cache type that was selected for your original vDisk (ORIGINAL), then click OK. The Disk Access Mode and Cache Type must be exactly the same for both the original vDisk image (ORIGINAL), and the new copy of the vDisk (NEW).Incrementing the version number
Incrementing the version number

1. In the Console, right-click on the new vDisk (NEW), then click the File Properties button. 2. Select the Identification tab. 3. Increment the Build number by one, then click OK.
Update vDisks
1. Right-click on the vDisk Pool, then select the Check for Updates menu option. 2. Select either the automatic or incremental vDisk update option, then click OK button on the confirmation dialog. If selecting the Incremental vDisk update option, in order for incremental updates to be applied, the Check for Incremental Updates to vDisk option must be enabled on the Provisioning Server Properties Options tab. 126
Administrator's Guide 3. Boot target devices from the newly updated vDisk.
Incrementally Updating vDisks

This method creates an incremental update file, or delta file, to be applied to a standard vDisk. The delta file will apply changes to the vDisk file to add or remove software components without having to distribute an entire new version of the vDisk file. Normally the delta file is created at a home office site and then distributed to the field office sites. The delta file is then applied by the Provisioning Server to all applicable vDisk files. The advantage of using the Incremental Update feature is that delta files are usually considerably smaller than a vDisk file. If you have a slow communications channel from your home office to your field office sites, it is often faster to distribute a delta file instead of a new version of a vDisk. Delta files are actually difference files between one vDisk image and another. The delta file can therefore be used to transform one vDisk file into another vDisk file. Usually the two vDisk files are two versions of the same file. For example, version 1.0.1 of the vDisk file may not contain a copy of Microsoft Word. You can copy this vDisk file to a new vDisk file (with a different name), update the version number to 1.0.2, install Microsoft Word on the new image file, and then create a delta file between the two versions of the vDisk. That delta file can then be used to update any 1.0.1 vDisk with Microsoft Word by simply applying the delta file. The delta file incremental update can only be applied to vDisk files that are used in Standard Image mode. vDisks that are used in Private Image mode cannot be incrementally updated, since the act of booting from an image in Private Image mode actually modifies the vDisk file and invalidates it for incremental updates. Also note that if you boot from a vDisk in Private Image mode, or map that vDisk on a Provisioning Server, it cannot be used as a target for incremental updates unless the update is made from the image after it has been booted from and/or mapped. A vDisk file can only be used as a target for incremental updates if it is only changed through the incremental update process. Even mapping an image in private image mode will modify it at the sector level. For example, if you copy an image (a) to (b), then mount image (a), then unmount (a), (a) and (b) are no longer the same. Incrementally updating vDisks includes the following procedures: w Enabling the incremental update feature on a Provisioning Server w Creating a delta file used to update the vDisk w Applying the delta file These procedures are described in detail below.
Enabling the incremental update feature on a Provisioning Server

1. Right-click on a Provisioning Server in the Console, then select Properties. 2. On the Options tab, enable incremental updates by checking the Check for Incremental Updates to a vDisk checkbox.
127
Chapter 9
Managing vDisk
Creating a delta file used to update the vDisk

1. From Windows Explorer, make a copy of the vDisk and properties files in the vDisk folder. This will be Image B. Do NOT boot, mount, or modify (in any way) Image A after you have made the copy to Image B before creating the delta file. This will invalidate Image A as a predecessor of Image B and corrupt the image after the delta file is applied. 2. Add Image B to the database using the Adding Existing vDisks to a vDisk Pool or Store procedure. 3. Change the boot mode for Image B to boot in Private Image mode. Doing this makes changes made to the vDisk file persistent. 4. Assign Image B to a compatible target device and boot the target device. 5. Install any software updates for the new version of the image file, then shut down the target device normally. 6. Change the boot mode of Image B back to Standard Image mode. This is critical. Otherwise, you will not be able to create a delta file from the two vDisk files. Autoupdate only works with vDisks that are in Standard Image mode. 7. Increment the version number (major, minor and/or build) of Image B in its disk properties dialog. This is very important. Failure to do so will cause the image file to be applied repeatedly by the Automatic Update process. 8. Maintain the same Serial # (from the disk properties dialog) for both Image A and Image B. The update service uses the Serial # to help guarantee that a delta file is compatible with a vDisk file. Normally the Serial # is set to a random GUID when the vDisk is created. If you leave this Serial # in place it will help verify that delta files are being applied to the correct vDisk file. 9. Copy AutoUpdate.exe from the Provisioning Server installation directory where your vDisks reside. 10. Run the AutoUpdate.exe utility as follows:AutoUpdate create imagefileA.vhd imagefileB.vhd deltafileAB.pva This creates a delta file named deltafileAB.pva, which is assigned the Class, Type, Version, and Serial# of image A. Once the delta file is created, you can optionally assign an activation date to it. The activation date is used to tell the update service at your field offices that the delta file should only be applied on or after the indicated date. To set the activation date, use the AutoUpdate.exe utility as follows (assume an activation date of February 25, 2008 in this example): AutoUpdate activate deltafileAB.pva 02/25/08 To print the information from the delta file such as activation date, class, type etc. by using AutoUpdate as follows: AutoUpdate info deltafileAB.pva This valid delta file can now be applied to any copy of Image A to convert it into image B. 128
Administrator's Guide Never apply the delta file to a copy of Image A that has been changed, booted from in private image mode, or even mounted on a Provisioning Server. Doing so will corrupt the image.
Applying the delta file

1. Right-click on the vDisk, then select the Properties menu option. 2. Click the Edit file properties button. The vDisk File properties dialog appears. 3. On the Mode tab, select the Enable automatic updates for this vDisk option, then select the Schedule the next vDisk update to occur on option to check the vDisk folder and a specific day, and then apply those updates (be sure to select a time of day when you know all of your target devices will be powered down in the field office). Or, select to Apply vDisk updates as soon as they are detected by the server option and those updates be applied as soon as they are detected by the Provisioning Server. (Note: *.pva files should be in the same directory as the root of the store, where the corresponding *.vhd and *.pvp files reside.) 4. Transfer your delta files to folders containing your vDisks in your field offices. From this point on, the update process is automatic and this procedure only needs to be performed when setting up a Provisioning Server. 5. The update process checks the following when applying delta files to vDisk images: The Class, Type and Version Numbers (Major, Minor and Build) recorded in the delta file must match those in the image file. The Serial # recorded in the delta file must match that contained in the image file. If an activation date was set on the delta file, the current system date must be greater than or equal to the activation date. That no target device is currently booted from that vDisk. If all of the above tests pass, the delta file is applied to the vDisk. This modifies the file so that the next time a target device boots from the vDisk, it contains the new software inherent in the delta file. The version number of the image is also updated to match that of the newer image (i.e. Image B in the example above). If one of the tests fail (for example, a target device is booted from the vDisk at the scheduled time), the update is not applied. However, it may be applied the next day at the scheduled update time. Note that the Incremental Update process differs from the Automatic vDisk Update process in that all target devices must actually be powered down for the update to actually occur.
Rolling Back vDisk Changes

In addition to applying the delta file, the update process creates a rollback file that can be used to convert the new image back to the original image. The rollback file is created in a sub-folder of the vDisks folder of the modified vDisk called 'rollback'. The rollback file is named the same as the delta file with a .rbk extension appended to the filename. A rollback file is, itself, a delta file. One that can be used to convert an updated image back to its original state. The rollback file can be copied to the updates folder and the Schedule Automatic Disk Updates option can be used with the manual update selection. Selecting the Check for 129
Chapter 9
Managing vDisk incremental updates menu option applies the rollback file to the correct vDisk file and rolls it back to the previous version. Optionally you can apply the rollback file by manually running the AutoUpdate.exe command line utility as follows: AutoUpdate merge updatedimagefile rollbackfile.pvr The merge option of AutoUpdate applies a delta file to the indicated image the same as the automatic update process does using the Console.
Using Maintenance Utilities with a vDisk

Using tools such as ScanDisk, Disk Defragmenter, virus checkers, and other maintenance utilities with vDisks is identical to using them with real, physical hard drives. You can perform regular maintenance tasks on your Provisioning Server drives without causing problems in the vDisks. You can also perform maintenance tasks on vDisks from target devices as you would on normal drives.
Working with Physical Disks and vDisks

Implementing a vDisk for a target device does not mean that you cannot use a local hard drive. In fact, you can combine vDisks with local, physical hard drives and configure master and slave drives by changing a few items in the database. The key to combining vDisks and physical disks is setting the boot order (boot from local hard drive; boot from vDisk) and the order of a target device's vDisk file listing using the Console.
Configuring a vDisk for Microsoft Volume Licensing

A vDisk can be configured for Microsoft Key Management Service (KMS) or Multiple Activation Key (MAK) volume licensing when the Imaging Wizard is run. If it was not configured when the Imaging Wizard was run, it can still be configure from the Console: Note: The MCLI and SoapServer command-line interfaces can also be used to configure Microsoft volume licensing. 1. Select the vDisk in the Console, then right-click and select File Properties. The vDisk File Properties dialog appears. 2. Click the Microsoft Volume Licensing tab, then select the MAK or KMS licensing method. 3. Click OK. After a vDisk has been configured for Microsoft volume licensing, additional steps may be necessary to activate or maintain that vDisk. For additional information, refer to Managing Microsoft MAK Volume Licensing on Target Devices on page 165 and Managing Microsoft KMS Volume Licensing on page 163. 130
Chapter 10
Managing Target Devices

Topics:
Target Device Properties Target Device Tasks A target device becomes a member of a device collection when it is added to the farm. A target device can only be a member in one device collection. However, a target device can exist in any number of views. If a target device is removed from the device collection, it is automatically removed from any associated views. Target Devices are managed and monitored using the Console and Virtual Disk Status Tray utilities. In the Console, actions can be performed on: w An individual target device w All target devices within a collection w All target devices within a view When target devices are added to a collection, that devices properties are stored in the Provisioning Services database. Target Device properties include information such as the device name and description, boot method, and vDisk assignments (refer to Target Device Properties on page 132 for details). To view target device related tasks, refer to Target Device Tasks on page 137
131
Chapter 10
Target Device Properties

Note: A reboot is required if a target device is active when modifications are made to any of the following device properties: w Boot from w MAC w Port w vDisks for this Device The following tables define the properties associated with a target device, which includes: w General Tab on page 132 w vDisk Tab on page 133 w Personality Tab on page 134 w Status Tab on page 136 w Authentication tab on page 135 w Logging tab on page 136
General Tab
Field/Button Device Name Description The name of the target device or the name of the person who uses the target device. The name can be up to 15 bytes in length. However, the target device name cannot be the same as the machine name being imaged. Note: If the target device is a domain member, use the same name as in the Windows domain, unless that name is the same as the machine name being imaged. When the target device boots from the vDisk, the name entered here becomes the target device machine name. Description Class Description of this target device. Class used for matching new vDisks to target devices when using Automatic Disk Image Update
132
Field/Button
Description in order to match new vDisks images to the appropriate target devices and user groups.
Boot from
The boot method this target device should use. Options include booting from a vDisk, hard disk, or floppy disk. Enter the media access control (MAC) address of the network interface card that is installed in the target device. Displays the UDP port value. In most instances, you do not have to change this value. However, if target device software conflicts with any other IP/UDP software (that is, they are sharing the same port), you must change this value.
MAC
Port
Disable this client
Enable this option to prevent target devices from booting. Regardless if enabled or disabled, new target devices that are added using Auto-add, have records created in the database. Click this button to inherit the template properties for this collection (excluding Name and MAC).
Get Template Properties
vDisk Tab
Field/Button vDisks for this Device Description Displays the list of vDisk assigned to this target device. Click Add to open the Assign vDisks dialog. To filter the vDisks that display, select a specific store name and Provisioning Server or select All Stores and All Servers to list all vDisks available to this target device. Highlight the vDisks to assign, then click OK. Click Remove to remove vDisks from this device. Click Printers to open the Target Devices vDisk Printers dialog. This dialog allows you to choose the default printer and any network and local printers to enable or disable for this target device.
133
Chapter 10
Field/Button Options
Description Provides secondary boot options: w Include the local hard drive as a boot device. w Include one or more custom bootstraps as boot options. If enabling a custom bootstrap, click Add, to enter the bootstrap file name and the menu text to appear (optional), then click OK. If more than one vdisk is listed in the table or if either (or both) secondary boot options are enabled, the user is prompted with a disk menu at the target devices when it is booted. Enter a menu option name to display to the target device. The target device can select which boot options to use. Click Edit to edit an existing custom bootstrap's file name or menu text. Click Remove to remove a custom bootstrap file from those available to this target device.
Personality Tab
Field/Button Name and String Description There is no fixed limit to the number of names you can add. However, the maximum name length is 250 characters and the maximum value length is 1000 characters. Use any name for the field Name, but do not repeat a field name in the same target device. Field names are not case sensitive. In other words, the system interprets FIELDNAME and fieldname as the same name. Blank spaces entered before or after the field name are automatically removed. A personality name cannot start with a $. This symbol is used for reserved values such as $DiskName and $WriteCacheType.
134
Authentication Tab
Field/Button Authentication Description Password information entered in this dialog is for initial target device login only. It does not affect Windows account login. Authentication methods include: w None w Username and password w External verification (user supplied method) Username If authenticating with a user name and password, enter the user name for the account. Follow your organization's user name conventions. Note: Requires user names be at least two characters and no more than 40 characters in length. User names are NOT case sensitive. If the account already exists, you cannot change the user name. Password If authenticating with a user name and password: Click the Change button to open the Change Password dialog. To create a new password for a user account, type the old password, then type the new password in both the New password and Confirm new password text boxes. Click OK to change the password. Note: Follow your organization's password conventions. Requires passwords be at least three characters and no more than 20 characters in length. Passwords ARE case sensitive. Reenter the new password exactly as you entered it in the previous field to confirm it.
135
Chapter 10
Status Tab
Field/Button Target Device Status Description The following target device status information appears: w Status: current status of this device (active or inactive). w IP Address: provides the IP Address or 'unknown'. w Server: the Provisioning Server that is communicating with this device. w Retries: the number of retries to permit when connecting to this device. w vDisk: provides the name of the vDisk or displays as 'unknown'. w License information; depending on the device vendor, displays product licensing information (including; n/a, Desktop License, Datacenter License, XenApp License, or XenDesktop License).
Logging tab
Field/Button Logging level Description Select the logging level or select Off to disable logging: w Off Logging is disabled for this Provisioning Server. w Fatal logs information about an operation that the system could not recover from. w Error logs information about an operation that produces an error condition. w Warning logs information about an operation that completes successfully, but there are issues with the operation. w Info Default logging level. Logs information about workflow, which generally explains how operations occur. w Debug logs details related to a specific operation and is the highest level of logging. If 136
Field/Button
Description logging is set to DEBUG, all other levels of logging information are displayed in the log file. w Trace logs all valid operations.
Target Device Tasks

To manage and monitor target devices, choose from the following tasks: w Preparing a Master Target Device for Imaging on page 137 w Adding Target Devices to the Database on page 142 w Assigning vDisks to Target Devices on page 145 w Set the Target Device as the Template for this Collection on page 146 w Copy and Paste Target Device Properties on page 146 w Booting Target Devices on page 146 w Checking a Target Device's Status from the Console on page 147 w Sending Messages to Target Devices on page 147 w Disabling a Target Device on page 147 w Deleting Target Devices on page 148 w Shutting Down Target Devices on page 148 w Restarting Target Devices on page 148 w Sending Messages to Target Devices on page 147 w Using the Status Tray on a Target Device on page 149 w Managing Target Device Personality on page 150 w Managing Domain Computer Accounts on page 216 w Accessing Auditing Information on page 245 w Adding Target Devices to the Database on page 142
Preparing a Master Target Device for Imaging

A Master Target Device refers to a target device from which a hard disk image is built and stored on a vDisk. Provisioning Services then streams the contents of the vDisk created from the Master Target Device to other target devices. w Preparing the Master Target Device's hard disk on page 138
137
Chapter 10
Managing Target Devices w Configuring a Master Target Device's BIOS on page 138 w Configuring network adapter BIOS on page 139 w Installing Master Target Device software on page 140
Preparing the Master Target Device's hard disk

The Master Target Device is typically different from subsequent target devices because it initially contains a hard disk. This is the hard disk that will be imaged to the vDisk. If necessary, after imaging, the hard disk can be removed from the Master Target Device. In order to support a single vDisk, that is shared by multiple target devices, those devices must have certain similarities to ensure that the operating system has all required drivers. The three key components that must be consistent include the: w Motherboard w Network card, which must support PXE w Video card However, the Provisioning Services Common Image Utility allows a single vDisk to simultaneously support different motherboards, network cards, video cards, and other hardware devices. If target devices will be sharing a vDisk, the Master Target Device serves as a template for all subsequent diskless target devices as they are added to the network. It is crucial that the hard disk of Master Target Device be prepared properly and all software is installed on it in the proper order: Note: Follow the instructions below after installing and configuring the Provisioning Server and creating target devices. Software must be installed on the Master Target Device in the order that follows: 1. Operating System (Windows or Linux) 2. Device Drivers 3. Service Packs Updates 4. Target Device Software Applications can be installed before or after the target device software is installed. If target devices will be members of a domain, and will share a vDisk, additional configuration steps must be completed (refer to Managing Domain Accounts in the Administrators Guide, before proceeding with the installation). Note: Dual boot vDisk images are not supported.
Configuring a Master Target Device's BIOS

The following steps describe how to configure the target devices systems BIOS and the BIOS extension provided by the network adapter, to boot from the network. Different 138
Administrator's Guide systems have different BIOS setup interfaces if necessary, consult the documentation that came with your system for further information on configuring these options. 1. If the target device BIOS has not yet been configured, re-boot the target device and enter the systems BIOS setup. (To get to BIOS setup, press the F1, F2, F10 or Delete key during the boot process. The key varies by manufacturer). 2. Set the network adapter to On with PXE. Note: Depending on the system vendor, this setting may appear differently. 3. Configure the target device to boot from LAN or Network first. Optionally, select the Universal Network Driver Interface; UNDI first, if using a NIC with Managed Boot Agent (MBA) support. Note: On some older systems, if the BIOS setup program included an option that permitted you to enable or disable disk-boot sector write protection, ensure that the option is disabled before continuing. 4. Save changes, then exit the BIOS setup program. 5. Boot the target device from its hard drive over the network to attach the vDisk to the target device.
Configuring network adapter BIOS

This procedure is only necessary for older systems. 1. Re-boot the Master Target Device. 2. Configure the network adapters BIOS extension through setup. During the system boot, the network adapters BIOS extension will present an initialization message similar to the following: Initializing Intel Boot Agent Version 3.0.03 PXE 2.0 Build 078 (WfM 2.0) RPL v2.43 Enter the network adapters BIOS extension. (Consult the network adapters documentation.) The key combination for entering the network adapters BIOS extension varies by manufacturer. For example, to enter the Intel Boot Agent setup screen, type Ctrl+S. A screen similar to the following appears:
139
Chapter 10
3. Change the boot order to Network first, then local drives. 4. Save any changes, and exit the setup program. In the Intel Boot Agent, typing F4 saves the changes. Alternatively, a device can be configured to provide IP and boot information (boot file) to target devices using the Manage Boot Devices utility.
Installing Master Target Device software

Note: It is recommended that you read the Release Notes document before installing target-device software. Before installing the product software on a Master Target Device, turn off any BIOS-based-virus protection features. To include anti-virus software on the vDisk image, be sure to turn the anti-virus software back on prior to running the Imaging Wizard. Provisioning Services target device software must be installed on a Master Target Device prior to building a vDisk image. Provisioning Services target device software components include: w Provisioning Services Virtual Disk, which is the virtual media used to store the disk components of the operating system and applications. w Provisioning Services Network Stack, which is a proprietary filter driver that is loaded over the NIC driver, allowing communications between the target devices and the Provisioning Server. w Provisioning Services SCSI Miniport Virtual Adapter, which is the driver that allows the vDisk to be mounted to the operating system on the target device. w Provisioning Services Imaging Wizard, use to create the vDisk file and image the Master Target Device. w Virtual Disk Status Tray Utility, to provide general vDisk status and statistical information. This utility includes a help system. w Target Device Optimizer Utility, used to change target device setting to improve performance. Provisioning Services target device software is available for 32-bit and 64-bit Windows and Linux operating systems.
To install Provisioning Services target device software on a Windows device

1. Boot the Master Target Device from the local hard disk. 2. Verify that all applications on the device are closed. 3. Double-click on the appropriate installer. The product installation window appears. 4. On the Welcome dialog that displays, click Next, scroll down to the end, then accept the terms of the license agreement. 140
Administrator's Guide 5. Click Next to continue, the Customer Information dialog appears. 6. Type your user name and organization name in the appropriate text boxes. 7. Select the appropriate install user option. The option you select depends on if this application will be shared by users on this computer, or if only the user associated with this computer should have access to it. 8. Click Next, the Destination Folder dialog appears. 9. Click Next to install the target device to the default folder (C:\Program Files\Citrix \Provisioning Services). Optionally, click Change, then either enter the folder name or navigate to the appropriate folder, and then click Next, then click Install. The installation status information displays in the dialog. Note: The installation process may take several minutes. While the installation process is running, you can click Cancel to cancel the installation and roll-back any system modifications. Close any Windows Logo messages that appear. 10. The "Installation Wizard Completed" message displays in the dialog when the components and options have successfully been installed. Close the wizard window. If both .NET 3.0 SP1 or newer is installed and Windows Automount is enabled, the Imaging Wizard will start automatically by default (for details, refer to Using the Imaging Wizard on page 109). 11. Reboot the device after successfully installing product software and building the vDisk image.
To install Provisioning Services target device software on a Linux device

1. Log on to the Linux system as root. Note: The Linux target device requires root privileges and visual desktop, such as gnome or KDE to install and execute properly. 2. Insert the product CD-ROM into your Linux target devices CD-ROM drive. Your Linux target device should auto-mount the CD-ROM and a message should display on your target device. If your Linux target device doesnt auto-mount the CD-ROM, consult your Linux system documentation on how to mount CD-ROMs or DVDs. 3. Copy the PVS_LinuxDevice.run or PVS_LinuxDevice_x64.run file from the CD-ROM into your /tmp directory. 4. Open a terminal shell/command shell and execute the appropriate Linux target device software. 32-bit # cd /tmp # sh PVS_LinuxDevice.run
141
Chapter 10
Managing Target Devices 64-bit # cd /tmp # sh PVS_LinuxDevice_x64.run The Terms and Conditions associated with this product license agreement appears. Accept the license agreement, and then the installer prompts for a directory location to install the product software. The /root/citrix directory is recommended. 5. After the Linux utilities are installed to the hard disk, the installer prompts you to reboot your system. You can not begin the imaging phase until the target device has been rebooted. The installer adds an entry into the GRUB boot loader. If GRUB is not used, you must add the Provisioning Services kernel and initrd into your boot loader: Kernel: vmlinuz-ardence (This is a symbolic link which points to your distributions kernel) Initrd: initrd-ardence The boot loader prompts you with the Image target device option. Select this option when you are ready to image a target device after booting.
Adding Target Devices to the Database

To create new target device entries in the Provisioning Services database, select one of the following methods: w Using the Console to Manually Create Target Device Entries on page 142 w Using the Auto-Add Wizard on page 143 w Importing Target Devices Entries on page 143 After the target device exists in the database, you can assign a vDisk to the target device (for details, refer to To assign a vDisk to a target device on page 113).
Using the Console to Manually Create Target Device Entries

1. In the Console, right-click on the Device Collection where this target device is to become a member, then select the Create Device menu option. The Target Device Properties dialog appears. 2. Type a name and the MAC address for this target device in the appropriate text boxes. Note: If the target device is a domain member, use the same name as in the Windows domain. When the target device boots from the vDisk, the machine name of the device becomes the name entered. For more information about target devices and Active Directory or NT 4.0 domains, refer to Enabling Automatic Password Management.
142
Administrator's Guide 3. Choose to either manually enter the device description, class, and boot information, or click the Get Template Properties... button to inherit the information from this collection's device template, including vDisk assignments. 4. Click OK to close the dialog box.
Importing Target Devices Entries

Target device entries can be imported into any device collection from a .csv file. The imported target devices can then inherit the properties of the template target device that is associated with that collection. For details, refer to Importing Target Devices into a Collection on page 160.
Using the Auto-Add Wizard

The Auto-Add Wizard automates the configuration of rules for automatically adding new target devices to the Provisioning Services database using the Auto-Add feature. The Auto-Add Wizard can be started at the Farm, Site, Collection or Device level. When started at a level lower than Farm, the wizard uses that choice as the default choice. For example, if it is started on a particular target device, it will: w Select the Site for that Device as the Default Site choice in the combo-box. w Select the Collection for that Device as the Default Collection choice in the combobox. w Select that Device as the Template Device choice in the combo-box. The wizard displays each page with choices pre-selected based on the location that the Auto-Add Wizard was started from. A Farm Admininistrator has the ability to turn Auto-Add on or off and to select the default Site. A Site Admininistrator only has the ability to select the default site if the current default site is a site in which that administrator is the Site Administrator. If the Site Administrator is not the Administrator of the currently selected default Site, then that administrator can only configure the sites they has access to. To configure Auto-Add settings (the default collection of a site, template device for the default collection and target device naming rules): 1. On the Console, right-click on the farm, then select the Auto-Add wizard. The Welcome to the Auto-Add Wizard page appears. 2. Click Next. The Enable Auto-Add dialog appears. Note: Only a farm administrator can change settings on this page. 3. Check the box next to Enable Auto-Add to enable this feature, then click Next. The Select Site page appears.
143
Chapter 10
Note: Site administrators can only select sites to which they have permissions. 4. From the Site drop-down list, select the site where devices should be added, then select Next. The Select Collection page displays with the default collection selected. 5. Accept the default collection or select a different collection from the Collection drop-down list, then click Next. The Select Template Devices page appears. 6. Select the device to use as a template, so that new devices being added will inherit the existing target device's basic property settings, then click Next. 7. To view the selected device's properties, click Properties. A read-only dialog displays the selected device's properties. Close the dialog after reviewing the properties. 8. Click Next. The Device Name page displays. 9. Enter a static prefix that helps identify all devices that are being added to this collection. For example: 'Boston' to indicate devices located in Boston. Note: The prefix can be used in combination with the suffix, but is not required if a suffix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). For example, the following device names are considered valid: Boston000Floor2 (prefix, incrementing number length, and suffix provided; the maximum of 15 characters has been reached) Boston000 (no suffix is provided) 000Floor2 (no prefix is provided) The prefix cannot end with a digit. 10. Enter the length of the incrementing number to associate with the devices being added to this collection. This number is incremented as each device is added. For example, if the number length is set to '3', Provisioning Services starts naming at '001' and stops naming or adding devices after the number reaches '999'. Note: Enable the Zero fill option to automatically add the necessary number of preceeding zeros to a numbers length. For example, if the numbers length is set to '4', than the first target device number would be assigned as '0001'. The number length must have a minimum of three digits and a maximum of 9 digits. 11. Enter a static suffix that helps to identify all devices being added to this collection. For example: Boston001Floor2 might be helpful to indicate the floor where these devices reside. 144
Administrator's Guide The suffix can be used in combination with the prefix, but is not required if a prefix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). The suffix cannot start with a digit. The prefix and suffix combination must be unique in each collection. 12. Click Next. The Finish dialog appears. 13. Review all Auto-Add wizard settings, then click Finish. Auto-Add is now configured.
Assigning vDisks to Target Devices

When a target device boots, the software on the vDisk that is assigned to that device becomes available. If one vDisk is assigned to a target device and the Any Server option is set for that vDisk, the Provisioning Server will choose the least busy server to service the device. If a specific server is selected, then that specific server will service the target device. If multiple vDisks are assigned to a target device, the user is presented with a menu at BIOS time to select which vdisk to boot from. After this selection, the Provisioning Server will use the Any Server or specific server option of the chosen vDisk to select the Provisioning Server used to service the device. If the custom bootstrap and/or local HD is selected in the target device properties, the user will be presented with a menu at BIOS time. The menu prompts to select to boot from the vDisk, custom bootstrap, or HD as appropriate. Note: The quickest method for replacing or assigning a vDisk for a target device within a collection is to select the vDisk in the Console, then drag-and-drop the vDisk onto a target device collection in the tree of a second Console window (open a new Console window by selecting the New window from here right-click menu option for either the device collection or the store that contains the vDisk you want to assign.) To assign a vDisk to a target device: 1. In the Console tree, expand the Device Collections folder, then click on the collection folder where this target device is a member. The target-device displays in the details pane. 2. Right-click on the desired target device, then select Properties. The Target Device Properties dialog appears. 3. On the General tab, select from the Boot from options. 4. Click on the vDisks tab, then select the Add button within the vDisk for this Device section. The Assign vDisks dialog appears. 145
Chapter 10
Managing Target Devices 5. To locate vDisks to assign to this target device, select a specific store or server under the Filter options, or accept the default settings, which includes All Stores and All Servers. 6. In the Select the desired vDisks list, highlight the vDisks to assign, then click OK, then OK again to close the Target Device Properties dialog.
Set the Target Device as the Template for this Collection

A target device can be set as the template for new target devices that are added to a collection. A new target device inherits the properties from the template target device, which allows you to quickly add new devices to a collection. To set a target device as the template device for a collection, in the Console, rightclick on the target device, then select Set device as template. Note: Disable the target device that serves as the template to permit all target devices using this template to be added to the database, but not permit the target device to boot. Target devices receive a message requesting that they first contact the administrator before being allowed to boot. A T appears in light blue on the device serving as the template. New target devices automatically have a name generated and all other properties will be taken from the default template target device. No user interaction is required.
Copy and Paste Target Device Properties

To copy the properties of one target device, and paste those properties to other target device members: 1. In the Consoles details pane, right-click on the target device that you want to copy properties from, then select Copy device properties. The Copy Device Properties dialog appears. 2. Select the checkbox next to the properties that you want to copy, then click Copy. The properties are copied to the clipboard and the dialog closes. 3. Right-click on one or more target devices that will inherit the copied properties, then select the Paste menu option. The Paste Device Properties dialog appears. 4. Click Close to close the dialog.
Booting Target Devices

To boot target devices: 1. Right-click on a collection to boot all target devices in the collection, or highlight only those target devices that you want to boot within the collection tree, then select the Boot devices menu option. 146
Administrator's Guide The Target Device Control dialog displays with the Boot devices menu option selected in the Settings drop-down menu. 2. Click the Boot devices button to boot target devices. The Status column displays the Boot Signal status until the target device successfully receives the signal, then status changes to Success.
Checking a Target Device's Status from the Console

The target device status indicates whether it is currently active or inactive on the network. To check the status of a target device: 1. Double-click on the target device in the Console window, then select the Properties menu option. The Device Properties tab appears. 2. Select the Status tab and review the following status information: Current status (active or inactive) IP address Current Provisioning Server Current vDisk name Provisioning Server cache file size in bytes Also, in the Console window, if the target device is active, the target device icon appears as a green computer screen. If the target device is inactive, the icon appears as a black computer screen.
Sending Messages to Target Devices

To send a message to target devices members: 1. Right-click on the collection to send a message to all members within the collection, or highlight only those target devices within the collection that should receive the message, then select the Send message menu option. The Target Device Control dialog displays with the Message to devices menu option selected in the Settings drop-down menu. Target devices are display in the Device table. 2. Type a message to display on target devices in the Message text box. 3. Click the Send message button. The Status column displays the Message Signal status until target devices successfully receives the message, the status changes to Success.
Disabling a Target Device

The Disable Target Device feature prevents a new target devices from booting. When enabled, each time a new target device boots, if the Auto-add option is enabled, a 147
Chapter 10
Managing Target Devices new record is automatically created in the database and the following message appears on the target device: This target device has been disabled. Please Contact your system administrator. Once contacted, the system administrator can validate the target device. After the administrator disables the option, the target device can boot successfully. To disable or enable a target device, in the Console, right-click on the target device, then select the Disable or Enable menu option. Note: Enable the Disable target device option on the template target device, to disable all target devices as they are added to a collection.
Deleting Target Devices

To delete a target device: 1. In the Console, right-click on the target devices you want to delete within the collection (multiple selections can be made in the Details view), then select the Delete menu option. 2. Click Yes to confirm the delete request. The target device is deleted from the collection and any associated views. However, the vDisk image file for the target device still exists.
Shutting Down Target Devices

To shutdown target devices: 1. Right-click on the collection to shut down all target devices within the collection, or highlight only those target devices that should be shut-down within a collection, then select the Shutdown devices menu option. The Target Device Control dialog displays with the Shutdown devices menu option selected in the Settings drop-down menu. Target devices display in the Device table. 2. Type the number of seconds to wait before shutting down target devices in the Delay text box. 3. Type a message to display on target devices in the Message text box. 4. Click the Shutdown devices button to shutdown target devices. The Status column displays the shutdown signal status until the target device shuts down. As each target device successfully shuts down, the status changes to Success.
Restarting Target Devices

To restart target devices: 148
Administrator's Guide 1. Right-click on a collection in the Console tree or highlight only those target devices that should be restarted within the collection, then select the Restart devices menu option. The Target Device Control dialog displays with the Restart devices menu option selected in the Settings drop-down menu. Target devices display in the Device table. 2. Type the number of seconds to wait before restarting target devices in the Delay text box. 3. Type a message to display on target devices in the Message text box. 4. Click the Restart devices button to restart target devices. The Status column displays the Restart Signal status until the target device successfully receives the signal, then status changes to Success.
Moving Target Devices Between Collections

A target device can be moved from one collection to another collection within a site using drag and drop in the Consoles details pane (drag the device(s) from one collection, then drop the device into another collection). Alternatively, target devices can be moved using the Move menu option. To move a target device using the Move menu option: 1. In the Console, expand the collection, right-click on the target device in the details pane, then select the Move menu option. 2. From the drop-down menu, select the collection to move this target device into. If applicable, apply the collections device template to the target device being moved, by enabling Apply target collections template device properties to moved devices. 3. Click Move.
Using the Status Tray on a Target Device

The Virtual Disk Status Tray provides device and product edition information on the target device. The purpose of this tool is to aid in the management and troubleshooting of vDisks. Note: This tool is installed automatically during the installation process. Using the Virtual Disk Status Tray includes the following tasks: w Starting the Virtual Disk Status Tray on page 149 w Setting Virtual Disk Status Tray Preferences on page 150
Starting the Virtual Disk Status Tray

To manually start the Virtual Disk Status tray, double-click on the Status Tray icon in the System Tray. The Virtual Disk Status Tray dialog appears. 149
Chapter 10
Setting Virtual Disk Status Tray Preferences

On the General tab of the Virtual Disk Status dialog, the tray can be configured to run automatically when the target device starts, or it can be manually started. You may also choose to have the Virtual Disk Status tray icon appear in your system tray. To configure the Virtual Disk Status Tray, choose from the following methods: w Configure the tray to appear automatically as each target device starts. w Add the Virtual Disk Status tray icon to your system tray. Configuring the tray to appear automatically as each target device starts 1. Start the Virtual Disk Status Tray, and then select the General tab. 2. Select the Automatically start this program checkbox under Preferences. The tray starts automatically the next time the target device boots. Adding the Virtual Disk Status tray icon to your system tray 1. Start the Virtual Disk Status tray, and then select the General tab. 2. Select the Show icon in System Tray checkbox under Preferences. The Virtual Disk Status tray icon appears in your system tray the next time the target device boots.
Managing Target Device Personality

Normally, all target devices sharing the same vDisk must have identical configurations. The Target Device Personality feature allows you to define data for specific target devices and make it available to the target device at boot time. This data can then be used by your custom applications and scripts for a variety of purposes. For example, suppose you are using Provisioning Server to support PCs in three classrooms. Each classroom has its own printer, and you want the PCs in each classroom to default to the correct printer. By using the Target Device Personality feature, you can define a default printer field, and then enter a printer name value for each target device. You define the field and values under Target Device Properties. This information is stored in the database. When the target device boots, the devicespecific printer information is retrieved from the database and written to an .INI file on the vDisk. Using a custom script or application that you develop, you can retrieve the printer value and write it to the registry. Using this method, each time a target device boots, it will be set to use the correct default printer in its classroom. The number of fields and amount of data that you can define for each target device is limited to 64Kb or 65536 bytes per target device. Each individual field may be up to 2047 bytes. Target Device Personality Tasks w Define personality data from a single target device using the Console w Define personality data for multiple target device using the Console w Using Target Device Personality Data 150
Define personality data from a single target device using the Console
To define personality data for a single target device: 1. In the Console, right-click on the target device that you want to define personality data for, then select the Properties menu option. 2. Select the Personality tab. 3. Click the Add button. The Add/Edit Personality String dialog appears. Note: There is no fixed limit to the number of field names and associated strings you can add. However, the limits to the total amount of personality data assigned to a single string (names and data combined) is approximately 2047 bytes. Also, the total amount of data contained in names, strings and delimiters is limited to approximately 64Kb or 65536 bytes per target device. This limit is checked by the administrator when you attempt to add a string. If you exceed the limit, a warning message displays and you are prevented from creating an invalid configuration. Target device personality data is treated like all other properties. This data will be inherited when new target devices are added automatically to the database by either the Add New Target Device Silently option, or with the Add New Target Device with BIOS Prompts option. 4. Enter a name and string value. Note: You can use any name for the field Name, but you cannot repeat a field name in the same target device. Field names are not case sensitive. In other words, the system interprets FIELDNAME and fieldname as the same name. Blank spaces entered before or after the field name are automatically removed. A personality name cannot start with a $. This symbol is used for reserved values such as $DiskName and $WriteCacheType. 5. Click OK. To add additional fields and values, repeat Steps 5 and 6 as needed. When finished adding data, click OK to exit the Target Device Properties dialog.
Define personality data for multiple target device using the Console
Define target device personality for multiple devices: 1. In the Console, right-click on the target device that has the personality settings that you want to share with other device, then select Copy. The Copy device properties dialog appears. 2. Highlight the target devices in the details pane that you want to copy personality settings to, then right-click and select the Paste device properties menu. 3. Click on the Personality strings option (you may also choose to copy other properties at this time), then click Paste. 151
Chapter 10
Using Target Device Personality Data

Once the file system becomes available to the target device, the personality data is written to a standard Windows .ini text file called Personality.ini. The file is stored in the root directory of the vDisk file system for easy access by your custom scripts or applications. The file is formatted as follows: [StringData] FieldName1=Field data for first field FieldName2=Field data for second field This file is accessible to any custom script or application. It can be queried by the standard Windows .INI API. Additionally, a command line application, called GetPersonality.exe, is provided to allow easier batch file access to the personality settings. A target devices vDisk name and mode can be retrieved using GetPersonality.exe. The following reserve values are included in the [StringData] section of the Personality.ini file: $DiskName=<xx> $WriteCacheType=<0 (Private image) All other values are standard image; 1 (Server Disk), 2 (Server Disk Encrypted), 3 (RAM), 4 (Hard Disk), 5 (Hard Disk Encrypted), 6 (RAM Disk), or 7 (Difference Disk). Min=0, Max=7, Default=0> The xx is the name of the disk. A vDisk name cannot start with a $. This symbol is used for reserved values such as $DiskName and $WriteCacheType. The following message displays if a name that starts with $ is entered: A name cannot start with a $. This is used for reserve values like $DiskName and $WriteCacheType. The $DiskName and $WriteCacheType values can be retrieved on the target device using GetPersonality.exe. GetPersonality.exe The command line utility GetPersonality.exe allows users to access the Target Device Personality settings from a Windows batch file. The program queries the INI file for the user and places the personality strings in the locations chosen by the user. GetPersonality.exe supports the following command line options: GetPersonality FieldName /r=RegistryKeyPath <- Place field in registry GetPersonality FieldName /f=FileName <- Place field in file GetPersonality FieldName /o <- Output field to STDOUT GetPersonality /? or /help <- Display help Examples Setting a Registry Key Value: The example below retrieves the Target Device Personality data value from the DefaultPrinter field and writes it to the target device registry to set the default printer for the device.
152
Administrator's Guide The Target Device Personality String Set in Target Device Properties is: DefaultPrinter= \\CHESBAY01\SAVIN 9935DPE/2035DPE PCL 5e,winspool,Ne03: A batch file run on the target device would include the following line: GetPersonality DefaultPrinter /r=HKEY_CURRENT_USER\Software \Microsoft\Windows NT\CurrentVersion\Device Note: The actual key name should be the UNC name of the network printer, such as \ \dc1\Main, and the value that should be entered for the key would be similar to winspool,Ne01: where Ne01 is a unique number for each installed printer. Setting Environment Variables: Setting environment variables with personality data is a two-step process: 1. Use the GetPersonality command with the /f option to insert the variable into a temporary file. 2. Use the set command to set the variable. For example, to set the environment variable Path statement for the target device a personality name, as Pathname could be defined with the string value: %SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files \Microsoft Office\OFFICE11\;C:\Program Files\Microsoft SQL Server\80\Tolls\Binn The /f option creates a temporary file, allowing for a name to be assigned, in this case temp.txt. The following lines would then need to be included in the batch file: GetPersonality Pathname /f=temp.txt set /p Path= <temp.txt Note: If the filename specified with the /f option already exists, GetPersonality will not append the line to the file. Instead, the existing line is overwritten in the file.
153
Chapter 10
154
Chapter 11
Managing Device Collections

Topics:
Device Collection Properties Device Collection Management Tasks Device collections provide the ability to create and manage logical groups of target devices. A device collection could represent a physical location, a subnet range, or a logical grouping of target devices. Creating device collections simplifies device management by performing actions at the collection level rather than at the target-device level. Note: A target device can only be a member of one device collection. Device collections are created and managed by farm administrators, site administrators that have security privileges to that site, or device administrators that have security privileges to that collection. For more information on administrator roles, refer to Managing Administrative Roles on page 69. Expanding a Device Collections folder in the Consoles tree allows you to view members of a device collection. To display or edit a device collections properties, right-click on an existing device collection in the Console, then select the Properties menu option. The Device Collection Properties dialog displays and allows you to view or make modifications to that collection. To perform actions on members of a device collection, such as rebooting all target devices members in this collection, refer to Device Collection Management Tasks on page 159.
155
Chapter 11
Device Collection Properties

Device collection properties are located on the following tabs and described in the tables that follow. w General Tab on page 156 w Security Tab on page 156 w Auto-Add Tab on page 157 w Options on page 159
General Tab
Field/Button Name Description Template target device Description The name of this device collection. Describes this device collection. To use the settings of an existing target device as the template to apply to all target devices that are added to this collection, select that device from the drop-down menu, then click OK.
Security Tab
Field/Button Groups with Device Administrator access Description Assign or unassign device administrators to this collection using Add or Remove. Device administrators can perform tasks on all device collections to which they have privileges. Assign or unassign device operators to this collection using Add or Remove. Device operators have the following privileges: w Boot and reboot a target device w Shut down a target device w View target device properties
Groups with Device Operator access
156
Field/Button
Description w View vDisk properties for assigned target devices
Auto-Add Tab
Field/Button Template target device Description Displays the name of the target device, if a device was previously selected, or <No template device>, if a device was not selected. Use the drop-down menu to select a device to use as the template for adding new devices to this collection. To view a selected device's properties, click Properties (read-only dialog appears). Prefix Enter a static prefix that helps identify all devices that are being added to this collection. For example: 'Boston' to indicate devices located in Boston. The prefix can be used in combination with the suffix, but is not required if a suffix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). For example, the following device names are considered valid: w Boston000Floor2 (prefix, incrementing number length, and suffix provided; the maximum of 15 characters has been reached) w Boston000 (no suffix is provided) w 000Floor2 (no prefix is provided) The prefix cannot end with a digit. The prefix and suffix combination must be unique in each collection.
157
Chapter 11
Field/Button Number Length
Description Enter the length of the incrementing number to associate with the devices being added to this collection. This number is incremented as each device is added. For example, if the number length is set to '3', Provisioning Services starts naming at '001' and stops naming or adding devices after the number reaches '999'. Enable the Zero fill option to automatically add the necessary number of preceeding zeros to a numbers length. For example, if the numbers length is equal to 3, than the first target device number would be assigned as '001'. Enable the Zero fill option to automatically add the necessary number of preceeding zeros to a numbers length. For example, if the numbers length is set to '4', than the first target device number would be assigned as '0001'. The number length must have a minimum of three digits and a maximum of 9 digits.
Suffix
Enter a static suffix that helps to identify all devices being added to this collection. For example: Boston001Floor2 might be helpful to indicate the floor where these devices reside. The suffix can be used in combination with the prefix, but is not required if a prefix is provided. The entire device name can have a maximum of 15 characters (the prefix length + number length + suffix length). The suffix cannot start with a digit. The prefix and suffix combination must be unique in each collection.
158
Field/Button Last incremental number
Description Indicates the last incremental number that was assigned to a device name in this collection. This number can be reset to '0' but cannot be lower than the highest number for the same Prefix/Suffix combination.
Options
Field/Button User Groups Description Enable user login to devices Enable or disable User Groups from logging into target devices in this collection. To permit a user to log in as a member of a user group within this site, check this box (user groups are based on Active Directory or Windows groups). To prohibit all users that are members within a user group from logging in, uncheck this checkbox. When disabled, if a member of a user group attempts to log in, Provisioning Services allows the user to log in using a vDisk that is assigned to the target device.
Device Collection Management Tasks

To manage device collections, select from the following tasks: w Creating a Device Collection on page 160 w Importing Target Devices into a Collection on page 160 w Deleting a Collection on page 161 w Refreshing a Collection in the Console on page 162 w Booting Target Devices within a Collection on page 162 w Restarting Target Devices within a Collection on page 162 159
Chapter 11
Managing Device Collections w Shutdown Target Devices within a Collection on page 162 w Sending Messages to Target Devices within a Collection on page 163 w Moving Collections within a Site on page 163 w Accessing Auditing Information on page 245 for a collection w Managing Microsoft MAK Volume Licensing on Target Devices on page 165 for target devices within a collection
Creating a Device Collection

To create a new device collection: 1. In the Console, right-click on the Device Collections folder where the new collection will exist, then select the Create device collection menu option. The Device Collection Properties dialog appears. 2. On the General tab, type a name for this new device collection in the Name text box, and a description of this collection in the Description text box, then click the Security tab. 3. Under the Device Administrators list, click Add. The Add Security Group dialog appears. 4. To assign a group with the Device Administrator role, type or select the appropriate domain and group name in the text box, then click OK. 5. Optionally, repeat steps 2 and 3 to continue assigning groups as device administrators. 6. Under the Device Operators list, click Add. The Add Security Group dialog appears. 7. To assign a group with the Device Operator role, type or select the appropriate domain and group name in the text box, then click OK. 8. Optionally, repeat steps 2 and 3 to continue assigning groups as device operators. 9. Click OK to close the dialog box.
Importing Target Devices into a Collection

The Import Target Devices Wizard allows you to import target device information from a file. The target device information must first be saved as a .csv file, it can then be imported into a device collection. Note: The .csv text file can be created with a .txt file, NotePad.exe or Excel. It contains one line per target device, which is formatted as follows: DeviceName,MAC-Address,SiteName,CollectionName,Description where DeviceName=Name of new target device and MAC-Address= MAC address of new device; such as 001122334455, 00-11-22-33-44-55, or 00:11:22:33:44:55.
160
Administrator's Guide The wizard can be accessed from the farm, site, and device collection right-click menus. If accessed from the site or collection, only those target devices in the import file that match the site and collection by name, will be included in the import list. The wizard also provides the option to automatically create the site or collection using the information in the file, if either does not already exist. There is also the option to use the default collections device template, if it exists for that collection. A log file is generated with an audit trail of the import actions. The file is located in: C:\Documents and Settings\All Users\Application Data\Citrix \Provisioning Services\log To Import target devices into a Collection: 1. In the Console, right-click on the device collection that the target devices should be imported to, then click Target Device>Import devices. The Import Target Devices Wizard displays. 2. Type or browse for the file to import. The target device information is read from the file and displays in the table below. Information can include the target device name, MAC address, and optionally description. 3. Highlight one or more target devices to import. If applying the collection template to the imported target devices, select the Apply collection template device when creating devices checkbox. 4. Click Import to import the .csv text file containing target device information, into the selected collection. The status column indicates if the import was successful.
Deleting a Collection
Deleting a collection deletes any target device member records within the collection. The records can be recreated by manually adding them or using the Auto-add feature. Note: Deleting a target device also deletes that device from any views that it was associated with. If target devices are members of collections within the same site, the members of one collection can be dragged and dropped to other collections, then the original collection can be deleted. If a device collection needs to be moved to a different site or that site becomes obsolete, you can use the export and import features to add the devices to a collection in another site, then the original collection can be deleted. To delete a collection: 1. In the Console tree, right-click on the collection folder that you want to delete, then select the Delete menu option. A confirmation message appears. 2. Click OK to delete this collection. The collection no longer displays in the Console tree.
161
Chapter 11
Refreshing a Collection in the Console

After making changes to a collection, it may be necessary to refresh the collection before those changes appear in the Console. To refresh, right-click on the collection in the tree, then select the Refresh menu option.
Booting Target Devices within a Collection

To boot target devices within a collection: 1. Right-click on the collection in the Console tree, then select the Target Device>Boot menu option. The Target Device Control dialog displays with the Boot devices menu option selected in the Settings drop-down menu. Target devices display in the Device table. 2. Click the Boot devices button to boot target devices. The Status column displays the Boot Signal status until the target device successfully receives the signal, then status changes to success.
Restarting Target Devices within a Collection

To restart target devices within a collection: 1. Right-click on the collection in the Console tree, then select the Target Device>Restart devices menu option. The Target Device Control dialog displays with the Restart devices menu option selected in the Settings drop-down menu. Devices display in the Device table. 2. Type the number of seconds to wait before restarting target devices in the Delay text box. 3. Type a message to display on target devices in the Message text box. 4. Click the Restart devices button to restart target devices. The Status column displays the restart signal status until the target device successfully receives the signal, then status changes to Success.
Shutdown Target Devices within a Collection

To shutdown target devices members within a collection 1. Right-click on the collection in the Console tree, then select the Target Device>Shutdown devices menu option. The Target Device Control dialog displays with the Shutdown devices menu option selected in the Settings drop-down menu. Target devices display in the Device table. 2. Type the number of seconds to wait before shutting down target devices in the Delay text box. Type a message to display on target devices in the Message text box.
162
Administrator's Guide 3. Click the Shutdown devices button to shutdown target devices. The Status column displays the shutdown signal status until the target device shuts down. As each target device successfully shuts down, the status changes to Success.
Sending Messages to Target Devices within a Collection

To send a message to target device members within a collection 1. Right-click on the collection in the Console tree, then select the Target Device>Send message menu option. The Target Device Control dialog displays with the Message to devices menu option selected in the Settings drop-down menu. Target devices display in the Device table. 2. Type a message to display on target devices in the Message text box. 3. Click the Send message button. The Status column displays the message signal status until the target device successfully receives the message, then the status changes to Success.
Moving Collections within a Site

Target devices can be moved from one collection to another collection within the same site. To move a collection: 1. In the Console, expand the collection, right-click on the target device, then select the Move menu option. 2. From the drop-down menu, select the collection to move this target device into, then click OK to close the dialog.
Managing Microsoft KMS Volume Licensing

Microsoft provides two mechanisms for administering volume licenses. This section describes use of the Key Management Server (KMS) license keys with Provisioning Services to apply volume licenses for Microsoft Server 2008, Windows 7 and Vista, as well as Office 2010. KMS volume licensing utilizes a centralized activation server that runs in the datacenter, and servers as a local activation point (opposed to having each system activate with Microsoft over the internet). The tasks involved in configuring a vDisk image to use KMS volume licensing and managing that vDisk in a Provisioning Services farm include: w Enabling KMS licensing on the vDisk being created. This is accomplished by selecting the KMS menu option on the Microsoft Volume Licensing tab when running the Imaging Wizard (refer to Using the Imaging Wizard on page 109 for details). 163
Chapter 11
Managing Device Collections w Preparing the New Base vDisk Image for KMS Volume Licensing on page 164 w Maintaining or Upgrading a vDisk Image that Uses KMS Volume Licensing on page 164 Note: If KMS licensing was not configured on the vDisk when the Imaging Wizard was run, it can alternatively be configured using the Console user interface (refer to the vDisk Properties on page 103, or the MCLI and PowerShell command-line interfaces (refer to the MCLI or PowerShell Programmers Guide for details).
Preparing the New Base vDisk Image for KMS Volume Licensing
After a vDisk is created using the Imaging Wizard, it must be reset to a non-activated state using the rearm command. It is important to perform this operation on a system booted from the vDisk in Private Image mode so that the master target device hard disk's rearm count is not reduced. Note: Microsoft limits the number of times you can run rearm on an installed OS image. The operating system will need to be reinstalled if the number of allowed rearm attempts is exceeded. 1. Boot the target device from the vDisk in Private Image Mode to rearm. For Windows Vista, 7, 2008, and 2008R2 run: cscript.exe slmgr.vbs -rearm For Office 2010: Program Files(x86)\Common Files\microsoft shared \OfficeSoftwareProtectionPlatform\OSPPREARM.EXE 2. Shutdown the target device. 3. Set the vDisk mode to Standard Image mode. 4. Stream the vDisk to one or more target devices.
Maintaining or Upgrading a vDisk Image that Uses KMS Volume Licensing

To maintain or upgrade a vDisk image that is configured to use KMS volume licensing: 1. Set the vDisk mode to Private Image mode. 2. Stream the vDisk to a target device. 3. Apply the OS/application service pack/update, then shutdown the target device. 4. Set the vDisk mode back to Shared Image mode. 5. Stream the vDisk to the target device in Shared Image mode. Note: If Office 2010 is installed as vDisk update, or after vDisk has gone through base disk preparation once, then the base disk preparation needs to be repeated as follows:
164
Administrator's Guide a. In the Console, right-click on the vDisk, then select the File Properties menu option. The vDisk File Properties dialog appears. b. Click on the Microsoft Volume Licensing tab, then change the licensing option from KMS to None. c. On the Mode tab, set the vDisk access mode to Private Image mode. d. PXE boot to the vDisk in Private Image mode to rearm: w For Office 2010: Program Files(x86)\Common Files\microsoft shared \OfficeSoftwareProtectionPlatform\OSPPREARM.EXE w Repeat for Windows Vista, 7, 2008, and 2008R2 run: cscript.exe slmgr.vbs -rearm e. Shutdown the target device. f. In the Console, right-click on the vDisk, then select the File Properties menu option. The vDisk Properties dialog appears. g. Click on the Microsoft Volume Licensing tab, then change the license option from None to KMS. h. On the Mode tab, set the vDisk access mode to Shared Image mode. i. Stream the vDisk to the target devices.
Managing Microsoft MAK Volume Licensing on Target Devices

Microsoft provides two mechanisms for administering volume licenses. This section describes the use of Multiple Activation Keys (MAKs). A MAK corresponds to a certain number of purchased OS licenses. The MAK is entered during the installation of the OS on each system, which activates the OS and decrements the count of purchased licenses centrally with Microsoft. Alternatively, a process of 'proxy activation' is done using the Volume Activation Management Toolkit (VAMT). This allows activation of systems that do not have network access to the internet. Provisioning Services leverages this proxy activation mechanism for Standard Image mode vDisks that have MAK licensing mode selected when the vDisk is created. Note: In order for MAK licensing to work, the Volume Activation Management Tool (VAMT) must be installed on all login servers within a farm. This tool is available from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ec7156d2-2864-49eebfcb-777b898ad582&displaylang=en. MAK licensing tasks include: w Setting the vDisk's licensing mode on page 166 w Entering MAK User Credentials on page 166 w Activating target devices that use MAK enabled vDisks on page 166 165
Chapter 11
Managing Device Collections w Maintaining MAK Activations on page 167 Setting the vDisk's licensing mode A vDisk can be configured to use Microsoft Multiple Activation Key (MAK) licensing when the Imaging Wizard is run (refer to Using the Imaging Wizard on page 109). If MAK licensing was not configured when the Imaging Wizard was run, the vDisk's licensing mode property can be set using the Console, MCLI, or PowerShell user interface. The licensing mode should be set before attempting to activate target devices. Note: For information on using the command-line interfaces, refer to the MCLI or PowerShell Programmers Guide. Entering MAK User Credentials Before target devices that use MAK enabled vDisks can be activated, MAK user credentials must be entered for a site. Note: The user must have administrator rights on all target devices that use MAK enabled vDisks and on all Provisioning Servers that will stream the vDisks to target devices. To enter credentials: 1. Right-click on the site where the target devices exist, then select the Properties menu option. 2. On the MAK tab, enter the user and password information in the appropriate text boxes, then click OK. Activating target devices that use MAK enabled vDisks After a vDisk is configured for MAK volume licensing and user credentials have been entered, each booted target device that uses the vDisk needs to be activated with a MAK. Note: After all licenses for a given MAK have been used, a new key will be required in order to allow additional target devices that share this vDisk image to be activated. To activate target devices that use MAK volume licensing from the Console: 1. Boot all target devices that are to be activated. 2. In the Console, right-click on the collection or view that includes target devices that require MAK license activation, then select the Manage MAK Activations... menu option. The Manage MAK Activations dialog appears. 3. In the Multiple activation key text box, enter the MAK to be used to activate the target devices. 4. The number of booted target devices that require activation, display on the dialog. From the list of booted devices, check the box next to each target device that should be activated.
166
Administrator's Guide 5. Click OK to activate licensing for all selected target devices (do not close the dialog until the activation process is completed. The process can be stopped by clicking the Cancel button. Closing the dialog before the activation process completes stops the process and may result in some target devices not being activated). The Status column indicates if a target device is currently being activated (Activating) or the activation failed (Failed). If all target devices were activated successfully, click OK to close the dialog. After the activation process completes, if one or more target devices were not selected to be activated, or if devices were not activated successfully, the dialog displays listing any unactivated devices. After resolving any issues, repeat this step to activate the remaining target devices. Note: The Manage MAK Activations... option does not display after all currently booted target devices have been successfully activated. Maintaining MAK Activations When a target device has a MAK activated vDisk assigned, unassigning it removes any saved MAK reactivation information. If the vDisk is reassigned in the future, the target device will not reactivate. To prevent the loss of MAK activation, do not unassign the activated disk from the target device. To change a target device's vDisk, without losing the MAK activation, select one of the following methods: a. Assign more than one vDisk to the target device and set the default accordingly. b. Assign additional vDisks to the target device and temporarily disable the MAK activated vDisk. To update a MAK activated vDisk, the AutoUpdate feature must be used so that the MAK activation information, required for shared device reactivation, is maintained. Additional MAK considerations: Use of manual vDisk updates (unassigning one vDisk and reassigning another vDisk) will result in the loss of the required MAK activation information and will require a new activation, which would consume another license. Use of AutoUpdate to deploy a new vDisk, from a different OS install than the previous vDisk, will result in mismatched MAK activation information. In this case, a new activation must be performed from the command line interface, as only unactivated target devices can be activated from the MMC console.
167
Chapter 11
168
Chapter 12
Managing User Assigned vDisks

Topics:
User Group Properties Managing User Group vDisk Assignments By default, vDisks are assigned to target devices. The User Assigned vDisks feature allows farm and site administrators to assign vDisks to the user, based on that users existing Active Directory or Windows Workgroups memberships. Note: Refer to http://technet.microsoft.com/en-us/library/ cc756101.aspx for Active Directory limitations and guidelines. After an administrator creates new user groups, they assign one or more vDisks to that user group. Having vDisks assigned to a user group allows users to log in from different target devices to get their vDisk(s) in a Provisoning Services implementation. When a user group log in is enabled on a Device Collection, the user can log in using any target device within that collection. When a target device first boots, Provisioning Services determines if that device is a member of a collection that has the user groups feature enabled. If the device is not a member of a collection that has the user groups enabled, the target device boots using the vDisk that was assigned to that target device. If the device is a member of a collection that has user groups enabled, the user is prompted to login using their username and domain. When the user logs in, Provisioning Services checks if that user has one or more user groups associated with it. If a user group exists, that user groups vDisk is provided. If multiple vDisks are assigned to the user group, the user is presented with a menu listing all valid vDisk options to choose from. Note: The user and domain name are not used for security purposes. The user and domain name are only used to identify user group associations, which determines vDisk assignments. User authentication is only performed when requesting vDisks assigned to the target device. A user group can have a maximum of ten vDisk assignments. Database caching is not supported when using the User Group feature.
169
Chapter 12
Managing User Assigned vDisks
Each target device maintains its own Difference Disk, which does not follow the user from machine to machine, and numerous users using the same device all keep their data on the same Difference Disk file. Therefore, if using both the Difference Disk and User Group features, the user experience may differ from target device to target device. User groups only appear in the Console for Farm and Site Administrators. Expand the User Groups icon in the Console tree to view all user groups within a selected site. To display or edit a user groups properties, right-click on an existing user group in the Console, then select the Properties menu option. The User Group Properties on page 171 dialog displays and allows you to view or make modifications to that user group. To perform actions on user groups, refer to Managing User Group vDisk Assignments on page 171.
170
User Group Properties

User group properties are described in the tables that follow.
General Tab
Field/Button Name Description Class Description The name of this user group. Describes this user group. Class name used for matching new vDisk images to the appropriate user groups when using the Image Update and the Managed Disk feature. Up to 40 characters can be entered. Check to disable this user group; uncheck to enable this user group. If disabled, a target device uses the vDisk assigned at the target device level.
Disable this user group
vDisks Tab
Field/Button vDisks for this user group Description Click Add to add vDisks to this user group from the vDisk drop-down list. Click Remove to remove vDisks that have been made available to this user group. Remove does not delete the physical vDisk.
Managing User Group vDisk Assignments

To manage user groups, select from the following tasks: w Enabling or Disabling User Group Management for a Collection on page 172 w Creating a User Group on page 172 w Enabling or Disabling User Groups on page 173 w Deleting User Groups on page 173 171
Chapter 12
Managing User Assigned vDisks w Assigning a vDisk to a User Group on page 173 w Unassigning User Groups From vDisks on page 173
Enabling or Disabling User Group Management for a Collection

To enable or disable user group management for a collection: 1. Right-click on the collection in the Console tree, then select the Properties menu option. 2. Select the Options tab. 3. Under User Groups, check or un-check the Enable user login to devices option to enable or disable this feature. 4. Click OK. To disable select user groups within a collection, refer to Enabling or Disabling User Groups.
Creating a User Group

To create a new user group: 1. In the Console, expand the site where the user group is to be created. 2. Right-click User Groups, then select the Create User Group... menu. The User Group Name dialog appears. 3. In the Groups to search for textbox, leave the text box set to the default * to display all security groups. To display select groups, type part of the name using wildcards *. For example, if you want to see MY_DOMAIN\Builtin\Users, type User*, Users, or *ser*. However, if you type MY_DOMAIN\Builtin\*, you will get all groups, not just those in the MY_DOMAIN\Builtin path option. 4. Under Select the name to use, highlight the security group to add to this user group, then click OK. The User Group Properties dialog appears. 5. On the General tab, type a description of this user group in the Description text box. 6. In the Class textbox, type the class name to associate with this user group. When vDisk updates for vDisks of this class are made, they are correctly applied to vDisks used by this user group. 7. Verify that the Disable this user group checkbox is not selected so that users associated with this user group have that groups vDisks and personality strings available at boot time. 8. Click OK.
172
Enabling or Disabling User Groups

To enable or disable user groups, right-click on the user group in the Console tree, then select either the Enable or Disable menu option. To disable all user groups within a collection, refer to Enabling or Disabling User Group Management for a Collection.
Deleting User Groups

Deleting a user group deletes the user group from the Site, but not from Active Directory or Windows. To delete a user group from a site, right-click on the user group in the Console tree, then select the Delete menu option.
Assigning a vDisk to a User Group

It is easy to quickly assign selected user groups to a particular vDisk, or to assign a selected vDisk to all user groups within a Site. To assign a vDisk to a user group: 1. In the Console tree, expand the Sites folder, then expand the appropriate site where this user group resides. 2. Click the User Groups folder. All user groups display in the details pane. 3. Right-click on the desired user group, then select Properties. The User Group Properties dialog appears. 4. Click on the vDisks tab, then select the vDisks to make available to this target device, then click OK. The Consoles drag-and-drop or copy-and-paste feature can also be used to assign vDisks to a user group. 5. Enabling multiple vDisks will cause a boot menu to display when the user logs in, allowing the user to select the appropriate boot method. To assign a vDisk all user groups in a site, in the Console, drag a highlighted vDisk in the details pane, and then drop it on the User Groups node in the tree for that site.
Unassigning User Groups From vDisks

It is easy to quickly unassign selected user groups from a particular vDisk, or to unassign a selected vDisk from all user groups within a Site. To unassign a select user groups from a vDisk: 1. Right-click on the vDisk in the Console, then select Unassign from Selected User Group. The Unassign from User Group dialog appears.
173
Chapter 12
Managing User Assigned vDisks 2. Under User groups from which to unassign, check the box next to each user group that should be unassigned, or click Select all to unassign all user groups from this vDisk. 3. Click Unassign. A confirmation message appears. 4. Click Yes to continue. The unassign status appears in the unassign status log below. To unassign a vDisk from all user groups within a Site: 1. Right-click on the vDisk in the Console, then select Unassign from All Site User Group(s)... 2. A confirmation message appears. Click Yes to continue.
174
Chapter 13
Managing Views
Topics:
View Properties Managing Views in the Console The Consoles Views feature provides a method that allows you to quickly manage a group of devices. Views are typically created according to business needs. For example, a view can represent a physical location, such as a building or user type. Unlike device collections, a target device can be a member of any number of views. Farm administrators can create and manage views in the Console trees Farm>Views folder. Farm views can include any target device that exists in this farm. Site administrators can create and manage views in the Console trees Farm>Sites>YourSite>Views folder. Site views can only include target devices that exist within that site (YourSite). To display or edit a views properties, right-click on an existing view in the Console, then select the Properties menu option. The View Properties on page 176 dialog displays and allows you to view or make modifications to that view. To perform actions on all members of a view, such as rebooting all target devices members in this view, refer to Managing Views in the Console on page 176.
175
Chapter 13
Managing Views
View Properties
To display or edit the properties of an existing view, right-click on the view in the Console, then select the Properties menu option. The View Properties on page 176 dialog displays and allows you to view or make modifications to that view. View properties are described in the tables that follow.
General Tab
Field/Button Name Description Description The name given to this view. Describes the purpose of this view.
Members Tab
Field/Button Members of this view Add button Remove button Remove All button Description Lists target device members that belong to this view. Opens the Select Devices dialog, from which target devices to add to this view are selected. Removes highlighted target devices from this view. Removes all target devices from this view.
Managing Views in the Console

To manage views, select from the following actions: w Creating a View on page 177 w Pasting Device Properties on page 177 w Deleting a View on page 178 w Refreshing a View on page 178 w Booting Devices within a View on page 178 w Restarting Devices within a View on page 178 w Shutdown Devices within a View on page 178 w Sending Messages to Target Devices within a View on page 179 176
Administrator's Guide w Managing Microsoft KMS Volume Licensing on page 163 w Managing Views in the Console on page 176 w Active Directory; to use the Views feature with the Active Directory Management feature, refer to Managing Active Directory on page 213.
Creating a View
1. In the Console, right-click on the Views folder where the new view will exist, then select the Create view menu option. The View Properties dialog appears. 2. On the General tab, type a name for this new view in the Name text box and a description of this view in the Description text box, then click the Members tab. 3. Click the Add button to add new target device members to this view. The Select Devices dialog appears. 4. From the drop-down menus, select the site, then the device collection that you want to add target device(s) from. All members of that device collection appear in the list of available target devices. 5. Highlight one of more target devices in this collection, then click Add to add them to the new view. To add additional target devices from other device collections, repeat steps 4 and 5. 6. Click OK to close the dialog. All selected target devices now display on the Members tab.
Pasting Device Properties

To copy the properties of one target device, and paste those properties to target device members within a view, complete the steps that follow. To paste device properties to members in a view: 1. In the Consoles details pane, right-click on the target device that you want to copy properties from, then select Copy device properties. The Copy Device Properties dialog appears. 2. Select the checkbox next to the properties that you want to copy, then click Copy. The properties are copied to the clipboard and the dialog closes. 3. Right-click on the view containing the target devices that will inherit the copied properties, then select the Paste device properties menu option. The Paste Device Properties dialog appears displaying the name and properties of the target device that were copied. 4. Under the Paste to... table heading, highlight the target devices that will inherit these properties, then click Paste. 5. Click Close to close the dialog.
177
Chapter 13
Managing Views
Deleting a View
If a view becomes obsolete, you can delete the view. Deleting a view does not delete the target device from the collection. 1. In the Consoles tree, right-click on the view folder that you want to delete, then select the Delete menu option. A confirmation message appears. 2. Click OK to delete this view. The view no longer displays in the Console tree.
Refreshing a View
After making changes to a view, it may be necessary to refresh the view before those changes appear in the Console. To refresh the view, right-click on the view in the tree, then select the Refresh menu option.
Booting Devices within a View

1. Right-click on the view in the Console tree, then select the Boot devices menu option. The Target Device Control dialog displays with the Boot devices menu option selected in the Settings drop-down menu. By default, all devices are highlighted in the Device table. 2. Click the Boot devices button to boot target devices. The Status column displays the Boot Signal status until the target device boots. As each target device successfully boots, the status changes to Success.
Restarting Devices within a View

1. Right-click on the view in the Console tree, then select the Restart devices menu option. The Target Device Control dialog displays with the Restart devices menu option selected in the Settings drop-down menu. By default, all devices are highlighted in the Device table. 2. Type the number of seconds to wait before restarting target devices in the Delay text box. 3. Type a message to display on target devices in the Message text box. 4. Click the Restart devices button to restart target devices. The Status column displays the Restart Signal status until the target device restarts. As each target device successfully restarts, the status changes to Success.
Shutdown Devices within a View

1. Right-click on the view in the Console tree, then select the Shutdown devices menu option. The Target Device Control dialog displays with the Shutdown devices 178
Administrator's Guide menu option selected in the Settings drop-down menu. By default, all devices are highlighted in the Device table. 2. Type the number of seconds to wait before shutting down target devices in the Delay text box. 3. Type a message to display on target devices in the Message text box. 4. Click the Shutdown devices button to shutdown target devices. The Status column displays the Shutdown Signal status until the target device shuts down. As each target device successfully shuts down, the status changes to Success.
Sending Messages to Target Devices within a View

To send a message to target devices members within a view: 1. Right-click on the view in the Console tree, then select the Send message menu option. The Target Device Control dialog displays with the Message to devices menu option selected in the Settings drop-down menu. By default, all devices are highlighted in the Device table. 2. Type a message to display on target devices in the Message text box. 3. Click the Send message button. The Status column displays the Message Signal status until target devices receive the message. As each target device successfully receives the message, the status changes to Success.
179
Chapter 13
Managing Views
180
Chapter 14
Managing Network Components

Topics:
Preparing Network Switches Using UNC Names Reducing Network Utilization Managing Roaming User Profiles Booting Through a Router Updating NIC Drivers Managing and Accessing a LUN Without Using a Network Share The tasks necessary to maintain and manage the network components within your streaming implementation include: w Preparing Network Switches on page 182 w Using UNC Names on page 182 w Reducing Network Utilization on page 184 w Managing Roaming User Profiles on page 188 w Booting Through a Router on page 191 w Updating NIC Drivers on page 193 w Managing and Accessing a LUN Without Using a Network Share on page 194
181
Chapter 14
Preparing Network Switches

Network switches provide more bandwidth to each target device and are very common in networks with large groups of users. The use of Provisioning Services in the network may require changes to switch configurations. When planning an implementation, give special consideration to managed switches. Note: For Provisioning Services networks, you must specify all network switch ports to which target devices are connected as edge-ports. Managed switches usually offer loop detection software. This software turns off a port until the switch is certain the new connection does not create a loop in the network. While important and useful, the delay this causes prevents your target devices from successfully performing a PXE boot. This problem manifests itself in one of the following ways: w Target device (not Windows) login fails. w Target device appears to hang during the boot process. w Target device appears to hang during the shutdown process. To avoid this problem, you must disable the loop detection function on the ports to which your target devices are connected. To do this, specify all ports to which target devices are connected as edge-ports. This has the same effect as enabling the fast link feature in older switches (disables loop detection). Note: A network speed of at least 100MB is highly recommended. If using a 10MB hub, check whether your network card allows you to turn off auto-negotiation. This can resolve potential connection problems.
Switch Manufacturers
This feature is given different names by different switch manufacturers. For example: w Cisco; PortFast or STP Fast Link w Dell; Spanning Tree Fastlink w Foundry; Fast Port w 3COM; Fast Start
Using UNC Names

A Universal Naming Convention (UNC) format name defines the location of files and other resources that exist on a network. UNC provides a format so that each shared resource can be identified with a unique address. UNC is supported by Windows and many network operating systems (NOSs). 182
Administrator's Guide With Provisioning Services, UNC format names can be used to specify the location of the OS Streaming database for all Provisioning Servers, and to specify the location of a particular vDisk.
Syntax
UNC names must conform to the \\SERVERNAME\SHARENAME syntax, where SERVERNAME is the name of the Provisioning Server and SHARENAME is the name of the shared resource. UNC names of directories or files can also include the directory path under the share name, with the following syntax: \\SERVERNAME\SHARENAME\DIRECTORY\FILENAME For example, to define the folder that contains your configuration database file in the following directory: C:\Program Files\Citrix\Provisioning Services On the shared Provisioning Server (server1), enter: \\server1\Provisioning Services Note: UNC names do not require that a resource be a network share. UNC can also be used to specify a local storage for use by only a local machine.
Accessing a Remote Network Share

To access a remote network share using a UNC format name, the Stream Service must have a user account name and password on the remote system. To use a UNC name to access a remote network share: 1. On the Provisioning Server, create a user account under which the Stream Service will run. This account MUST have a password assigned, otherwise the Stream Service will not be able to log in correctly. Your Stream Service can share the same user account and password, or separate user accounts and passwords can be set up for each service. 2. Share the vDisk and configuration database folders. In Windows Explorer, rightclick on the folder, then select Properties. Click the Sharing tab, then select the Share this folder radio button. Enter or select a Share name. 3. Make sure permissions are set to allow full control of all files in the vDisk folder and database folder. Click the Permissions button on the Sharing tab, or click the Security tab, then set the correct permissions. Note: In XP it may be necessary to turn off simple sharing, so that you can display the Security tab of the Folder Properties dialog to give permissions to the proper user (the user defined in Step 1 above, or everyone). To turn off simple sharing, select Start>All Programs>Control Panel. Double-click Folder
183
Chapter 14
Managing Network Components Options. On the View tab, under Advanced settings, clear the Use simple file sharing (Recommended) checkbox. 4. For the Stream Service, complete Steps 4-A and 4-B: Go to Control Panel>Computer Management>Component Services, right click on the Stream Service, and select Properties. Click the Log On tab. Change the Log on as: setting to This Account, and set up the service to login to the user and password configured in Step 1. 5. Verify that all Stream Services are restarted. The Configuration Wizard does this automatically. Stream Services can also be started from the Console or from the Control Panel. Note: The Stream Service cannot access folders using a mapped drive letter for the directory, since the mapped drives do not yet exist when the services start at boot time. Do not use a mapped drive letter to represent the vDisk or database-location directories when configuring Stream Services.
Reducing Network Utilization

Windows provides several features that presume the use of a large, fast hard-disk. w Configuring the Recycle Bin on page 185 w Configuring Offline Folders on page 185 w Configuring Event Logs on page 186 w Configuring System Restore on page 187 w Configuring Logical Prefetch on page 187 w Configuring Automatic Disk Defragmentation on page 187 While many of these features can also be useful on a diskless system where the disk is actually on the network, using them decreases cache effectiveness and thereby increases network utilization. In an environment that is sensitive to network utilization, consider reducing the effect of these features by disabling them or adjusting their properties. In particular, System Restore and Offline Folders are not useful on a diskless system and can be detrimental to the performance of Windows on a diskless system. Provisioning Services provides a clearer, more reliable, and simpler restore point than System Restore by simply rebooting the target device. Offline Folders cache network files a feature that is not applicable to a system where all files are on the network. All of these features are configurable through the target device itself (for details, refer to Configuring Windows features on a Standard vDisk on page 185). The following features are configurable in the Windows Group Policy. w Offline Folders 184
Administrator's Guide w Event Logs
Configuring Windows features on a Standard vDisk

1. Prepare a Standard Image vDisk for configuration. Shutdown all target devices that use the Standard Image vDisk. From the Console, change the Disk Access Mode to Private Image. Boot one target device. 2. Configure one or more features. 3. Prepare the Standard Image vDisk for use Shutdown the target device previously used to configure the vDisk. From the Console, change the Disk Access Mode to Standard Image. Boot one or more target devices.
Configuring the Recycle Bin

Disabling the Recycle Bin deletes files immediately. Consequently, the file system reuses respective disk sectors and cache entries sooner. To configure the Recycle Bin: 1. From the target device, or Windows Explorer, right click on the Recycle Bin. 2. Select Properties. 3. Select Global. 4. Select from the following settings: Use one setting for all drives Do not move files to the Recycle Bin. Remove files immediately when deleted.
Configuring Offline Folders

The disabling of Offline Folders is strongly recommended to prevent Windows from caching network files on its local disk a feature with no benefit to a diskless system. Configure this feature from the target device or Windows Group Policy. To configure from the target device: 1. Open Windows Explorer. 2. Select Tools>Folder Options. 3. Select Offline Folders. 4. Uncheck Enable Offline Folders. To configure using the Windows Group Policy: 185
Chapter 14
Managing Network Components On the domain controller, use the Microsoft Management Console with the Group Policy snap-in, to configure the domain policies for the following: Object Policy Setting Policy Setting Policy Setting User Configuration\Administrative Templates\Network\Offline Files Disable user configuration of offline files Enabled Synchronize all offline files before logging off Disabled Prevent use of the Offline Files folder Enabled
Configuring Event Logs

Reduce the maximum size of the Application, Security, and System logs. Configure this feature using the target device or Windows Group Policy. To configure event logs, on the target device: 1. Select Start>Settings>Control Panel. 2. Open Administrative Tools>Event Viewer. 3. Open the properties for each log. 4. Set the Maximum log size to a relatively low value. Consider 512 kilobytes. To configure using the Windows Group Policy: On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following object: Object Policy Setting Policy Setting Policy Setting Computer Configuration\Windows Settings\Event Log\Settings for Event Logs Policy Maximum Application Log Size Relatively low value. Consider 512 kilobytes. Maximum Security Log Size Relatively low value. Consider 512 kilobyte. Maximum System Log Size Relatively low value. Consider 512 kilobytes.
186
Configuring System Restore

The disabling of System Restore is strongly recommended to prevent Windows XP from storing any restore points that result in large disk files. Provisioning Services provides an inherent restore feature whenever the target device reboots. On Windows XP, disable System Restore: 1. Select Start, then Control Panel. 2. Open System. 3. Select System Restore. 4. Check Turn off System Restore.
Configuring Logical Prefetch

Disabling Logical Prefetcher prevents Windows XP from caching additional files. To disable logical prefetcher, set the following registry value to 0 (zero): HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters\EnablePrefetcher
Configuring Automatic Disk Defragmentation

Disabling Automatic Disk Defragmentation prevents Windows XP from filling the vDisk write cache by automatically de-fragmenting the vDisk during boot time. To disable automatic disk defragmentation, set the following registry key value data: Key HKEY_LOCAL_MACHINE\Microsoft\Dfrg\BootOptimizeFunction Value Name Enable Value Type REG_SZ Value Data N
Disabling Windows Automatic Updates

If you have the Windows Automatic Updates service running on your target device, Windows periodically checks a Microsoft Web site and looks for security patches and system updates. If it finds updates that have not been installed, it attempts to download them and install them automatically. Normally, this is a useful feature for keeping your system up-to-date. However, in a Provisioning Services implementation using Standard Image mode, this feature can decrease performance, or even cause more severe problems. This is because the Windows Automatic Updates service downloads programs that fill the write cache. When using the target devices RAM cache, filling the write cache can cause your target devices to stop responding. 187
Chapter 14
Managing Network Components Re-booting the target device clears both the target device and Provisioning Services write cache. Doing this after an auto-update means that the Automatic Updates changes are lost, which defeats the purpose of running Automatic Updates. (To make Windows updates permanent, you must apply them to a vDisk while it is in Private Image mode). To prevent filling your write cache, make sure to disable the Windows Automatic Updates service for the target device used to build the vDisk. To disable the Windows Automatic Updates feature: 1. Select Start>Settings>Control Panel>Administrative Tools. 2. Select System. 3. Click the Automatic Updates tab. 4. Select the Turn Off Automatic Updates radio button. 5. Click Apply. 6. Click OK. 7. Select Services. 8. Double-click the Automatic Updates service. 9. Change the Startup Type by selecting Disabled from the drop-down list. 10. If the Automatic Updates service is running, click the Stop button to stop the service. 11. Click OK to save your changes. To make Windows updates permanent: 1. Shutdown all target devices that share the vDisk. 2. Change the vDisk mode to Private image. 3. Boot one target device from that vDisk. 4. Apply Windows updates. 5. Shutdown the target device. 6. Change vDisk mode to Standard image. 7. Boot all target devices that share this vDisk.
Managing Roaming User Profiles

A Roaming User Profile is a user profile that resides on a network share. It consists of files and folders containing the users personal settings and documents. When a user logs on to a target device system in the domain, Windows copies the respective profile from a network share to the target devices disk. When the user logs off, Windows synchronizes the user profile on the target devices hard disk with the user profile on the network share. For a diskless target device, its disk is actually a vDisk residing in shared storage. Consequently, the profile returns back to the shared storage containing the vDisk. Since 188
Administrator's Guide the persistent user data always resides on shared storage, Windows does not need to download the profile. This saves time, network bandwidth, and file cache. Since some of the files included in the profile can grow very large, the savings can be significant. Using Roaming User Profiles with diskless systems effectively involves configuring relevant policies and using Folder Redirection. Although unrelated to Roaming User Profiles, the Offline Folders feature affects diskless systems similarly. Disabling this feature avoids the same effects. On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following objects.
Configuring Roaming User Profiles

Configuring Roaming User Profiles for diskless systems enables roaming without having to download potentially large files in the profile. On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following objects. To prevent the accumulation of Roaming User Profiles on a vDisk: Object Policy Setting Computer Configuration\Administrative Templates\System \Logon Delete cached copies of roaming profiles. Enabled
To exclude directories with potentially large files from download: Object Policy Setting Properties User Configuration\Administrative Templates\System\Logon/ Logoff Exclude directories in roaming profile Enabled Prevent the following directories from roaming with the profile: Application Data; Desktop; My Documents; Start Menu.
Configuring Folder Redirection with Roaming User Profiles

Using Folder Redirection with Roaming User Profiles and diskless systems retains the availability of user documents. On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the objects that follow. 189
Chapter 14
Managing Network Components To configure folder redirection: 1. Create a network share (\\ServerName\ShareName) to contain the redirected user folders. 2. Give Full Control permission to everyone for the network share. 3. Enable Folder Redirection. Object Computer Configuration\Administrative Templates\System \Group Policy Folder Redirection policy processing Enabled
Policy Setting
4. Redirect the Application Data folder. Object User Configuration\Windows Settings\Folder Redirection \Application Data Basic or Advanced Target folder location: \\ServerName\ShareName\%username% \Application Data 5. Redirect the Desktop folder. Object User Configuration\Windows Settings\Folder Redirection \Desktop Basic or Advanced Target folder location: \\ServerName\ShareName\%username%\Desktop 6. Redirect the My Documents folder. Object User Configuration\Windows Settings\Folder Redirection \My Documents Basic or Advanced Target folder location: \\ServerName\ShareName\%username%\My Documents 7. Redirect the Start Menu folder. 190
Properties
Properties
Properties
Object
User Configuration\Windows Settings\Folder Redirection \Start Menu Basic or Advanced Target folder location: \\ServerName\ShareName\%username%\Start Menu
Properties
Disabling Offline Folders

Disabling Offline Folders avoids the unnecessary caching of files on diskless systems with network shares. On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the object that follows. To disable offline folders: Object User Configuration\Administrative Templates\Network \Offline Files Disable user configuration of Offline Files. Enabled Synchronize all Offline Files before logging off. Disabled Prevent user of Offline Files folder. Enabled
Policy Setting Policy Setting Policy Setting
Booting Through a Router

The following documents a basic configuration for booting target devices through a network router. This configuration allows the Provisioning Server to exist on a different subnet from the target device. Since conditions vary from customer to customer, adjustments may be needed for different network configurations. The configuration shown in the diagram below separates the Provisioning Server from the target device by using a Windows 2000 Server platform acting as a router.
191
Chapter 14
Configuring for DHCP

In this configuration, a DHCP server must be active on the local subnet (197.100.x.x) of the target device. In the configuration example above, the DHCP service is running on the same machine acting as a router between the two subnets, though it is not mandatory that the DHCP service actually runs on the router itself. This DHCP server provides the IP address and the PXE boot information to the target device. Configure the DHCP service to provide valid IP addresses to any target device booting on the local subnet (197.100.x.x). In order to provide the PXE boot information to the target device, configure the following options in your DHCP server : 1. DISABLE Option 60 (Class ID) 2. Enable Option 66 (Boot Server Host Name) Enter the IP address of the TFTP Server. In this configuration, the value is 10.64.0.10. 3. Enable option 67 (Boot file name) Enter the name of the boot file. For a standard configuration, the filename is ARDBP32.bin.
Configuring the Provisioning Services for PXE

Using the Console, configure the bootstrap settings to use the Gateway and Subnet mask fields. These fields should reflect the gateway and subnet to be used by the target device. In this case, they are 197.100.x.x for the gateway, and 255.255.255.0 for the netmask. Verify the TFTP service is running on the Provisioning Server. The PXE Service on the Provisioning Server in the above configuration is not necessary since options 66 & 67 in the routers DHCP service provide the same information to the target device. You can stop the PXE Service on the Provisioning Server if you have no target devices on the Provisioning Server subnet needing its functionality. The same is true for any DHCP service running on the Provisioning Server itself.
Running PXE and DHCP on the Same Computer

If PXE and DHCP are running on the same Provisioning Server, an option tag must be added to the DHCP configuration. This tag indicates to the target devices (using PXE) 192
Administrator's Guide that the DHCP server is also the PXE boot server. Verify that option tag 60 is added to your DHCP scope. Provisioning Services setup automatically adds this tag to your scope provided that the Microsoft DHCP server is installed and configured before installing Provisioning Services. The Configuration Wizard sets-up the Tellurian DHCP Server configuration file if you use the wizard to configure Provisioning Services. The following is an example Tellurian DHCP Server configuration file which contains the option 60 tag. max-lease-time 120; default-lease-time 120; option dhcp-class-identifier "PXEClient"; subnet 192.168.4.0 netmask 255.255.255.0 { option routers 192.168.123.1; range 192.168.4.100 192.168.4.120; }.
Updating NIC Drivers

From time to time, you may need to upgrade the drivers for your network interface cards (NICs). Follow the guidelines below for upgrading NIC drivers.
Upgrading NIC Drivers on Target Devices

Note: Do not attempt to upgrade a NIC driver on a vDisk. Do not attempt to upgrade a NIC driver on a hard disk on which the Provisioning Server is currently installed. Improperly upgrading a NIC may make the hard drive unable to boot. To upgrade NIC drivers for target devices: 1. Go to the target device with the original hard drive from which you made the vDisk image. 2. Set the system BIOS to boot from the hard drive. 3. Re-boot the target device directly from the hard drive. 4. Un-install the target device software from this hard drive. 5. Upgrade NIC driver as directed by the manufacturer's instructions. 6. Re-install the target device software on the hard drive. 7. Re-image the hard drive to make a new vDisk image.
Upgrading NIC Drivers on a Provisioning Server

To upgrade NIC drivers on any Provisioning Server, simply follow the manufacturer instructions for upgrading NIC drivers.
193
Chapter 14
Managing and Accessing a LUN Without Using a Network Share

Normally, using a SAN for vDisk storage with Provisioning Services requires that a shared file system be placed in front of the SAN to coordinate multiple server access to the NTFS formatted LUN(s). However, under certain instances, it is possible to allow Provisioning Services to use a SAN without a shared file system. Provisioning Services can do this and still allow multiple servers access to the same LUN(s) without volume corruption. Provisioning Services only allows read-only shared access to the SAN LUN(s). Therefore the desired boot modes for Provisioning Services target devices are important when using this feature. The following table describes the boot mode and its restrictions when using read-only vDisk storage. Boot Mode Private Image Standard Image with cache on server disk or encrypted cache on server disk Standard Image with cache in target device RAM Standard Image with cache on the target devices hard drive or cache encrypted on target devices hard drive Write Cache Limitations Not supported Separate shared read-write write cache location is required for the store. Restrictions Not supported vDisk properties cannot be modified while the LUN is read-only. vDisks cannot be mapped on the Provisioning Server.
No limitation.
vDisk properties cannot be modified while the LUN is read-only. vDisks cannot be mapped on the Provisioning Server.
Fall back to cache on server disk does not function if the target device hard drive is not found or fails.
vDisk properties cannot be modified while the LUN is read-only. vDisks cannot be mapped on the Provisioning Server.
194
Boot Mode Difference Disk Image
Write Cache Limitations Separate shared read-write write cache location is required for the store.
Restrictions vDisk properties cannot be modified while the LUN is read-only. vDisks cannot be mapped on the Provisioning Server.
Basically, the main limitations to placing vDisks on read-only storage include: w Private image boot from read-only storage is not allowed w If cache on the Provisioning Server disk is desired, a separate shared storage location that has read-write access is needed for the write cache files. w Modifying the vDisk properties is not allowed when the vDisk storage location is readonly. w Mounting the vDisk on the server is not allowed when the vDisk storage location is read-only.
Prerequisites
The following are prerequisites to using this new feature: w Provisioning Servers that will have access to the read-only shared LUN(s) are server class machines (Windows 2003 Server or 2008 Server). w The Microsoft iSCSI initiator software is installed on all Provisioning Servers that will have access to the SAN. w The vDisk files that will be placed on the read-only shared LUN(s) have already been created and reside on a normal read-write storage location. Creating vDisk files in place on the LUN is more difficult than pre-making the VHD files in a normal readwrite store and subsequently copying them to the shared LUN. Therefore, this document will describe the procedure assuming the vDisk files have been pre-made and reside in a normal read-write storage location. w The SAN being used has the ability to set a LUN up for shared read-write access or shared read-only access without requiring a shared file system front end. Normally, using a LUN in shared read-write access mode without a shared file system front end will result in a corrupt NTFS volume. Limiting the LUN access to read-only circumvents this problem.
Implementation
On the SAN 1. Create a volume on the EquaLogic SAN using the EqualLogic Group Manager (or other relevant SAN interface front end). Make the volume large enough to hold all VHD and VHD associated PVP files that will be shared between the Provisioning Servers. 195
Chapter 14
Managing Network Components 2. Set the access type for the volume to read/write - shared. Note that the volume will be made read-only through the NTFS attributes not through the SAN access rights. While using the volume in read-only shared mode is possible, it requires extra steps to implement the solution. Therefore this procedure describes the process when the volume is set for read-write shared access. On Provisioning Servers 1. Use the iSCSI Initiator to login to the SAN volume on only one of the Provisioning Servers. Note: Do NOT login to the SAN Volume from more than one server simultaneously until the volume has been marked read-only. If you allow more than one server to simultaneously login to the volume through the iSCSI interface while the volume is read-write, you will corrupt the volume and will need to re-format it. All data on the volume will be lost. 2. Format the volume through the Windows Disk Manager with an NTFS file system and assign a drive letter or mount point path. A mount point path is desirable if you will have many LUN/Volumes exposed on a server as there will be no drive letter limitations. Make sure you use a drive letter/Mount point that will be identical on all servers using the volume. If you cannot make them identical, you will need to use the Provisioning Services/store override paths to point a specific server to a different drive letter/mount point for the volume. 3. After the volume is formatted and assigned a drive letter/Mount point, the volume should be accessible on this single Provisioning Server as a read/write volume. Make sure all properties for the VHD and PVP files that will reside on the volume are set correctly (including enabling HA) and then copy all VHD files and their associated PVP files to the volume. Lock files do not need to be copied. The PVP file MUST be copied along with the VHD file. The system will not be able to create a PVP file on the fly once the volume is read-only. 4. After all files are copied to the volume, you must make the volume read-only. Close all Explorer windows that have access to the volume, then open a command prompt on the server that has access to the volume. 5. Run diskpart.exe. This will start an interactive session with diskpart.exe. 6. Find the volume number by typing the following command: list volume. 7. Note the volume number of your volume and select it by typing the following command: select volume volumeNumber where volumeNumber is the number of the volume identified with the list volume command. 8. After the volume is selected, set the read-only attribute of the volume by typing the following command: attributes volume set readonly. 9. Check that the readonly attribute was set correctly by typing the following command: detail volume. 10. Exit diskpart.exe by typing the command: exit. 11. Using the iSCSI initiator interface, logoff the volume on this server and then relogin to the volume again. Make sure to make the volume a persistent target. You must logoff and then login to the volume to get NTFS on the server to re-read the
196
Administrator's Guide volume attributes so that it will recognize the volume as read-only. Making the volume a persistent target will ensure the volume is accessible when the server reboots. 12. It is now safe to mount the iSCSI volume on all Provisioning Servers. Using the iSCSI Initiator applet and Microsoft Disk Manager, mount the volume on all Provisioning Servers that need access to the volume. Make the target persistent in the iSCSI interface and try to make all servers mount using the same drive letter or mount point, which makes setting up the Provisioning Services Store easier. Note: It may be necessary to make the Provisioning Services Stream Service on all servers dependent on the iSCSI Service. This ensures that the volumes are available at the proper time should the server reboot and target devices are booted during the server reboot. To do this, edit the registry for the Stream Service, then add the DependsOnService value pointing to the iscsiexe.exe service (MSiSCSI). 13. Run the Console on one of the Provisioning Servers to create a store that points to the drive letter/mount point for the volume. 14. Select which Provisioning Servers have access to the volume for this store. Note: If you are using Cache on server or Difference disk mode for any VHDs on the volume, you MUST enter a Default write cache path for the store that does NOT point to the SAN read-only volume. This path must be in a shared location for all Provisioning Servers. You can use a Windows Network Share or any other read-write shared storage device, but the write cache path cannot point to the readonly volume. The read-only volume can only contain the VHD and PVP files. If you are using one of the target device cache modes (local HD or RAM) then you do not need to set up a shared read-write write cache location for the store. 15. On the Console, right-click on the store then select the Add Existing Disk menu option, which scans the store and adds the VHD files to the database. 16. Assign the VHD files that are on this store to target devices, then boot those target devices normally. The VHD files on the read-only volume will always display in the Console as locked with the lock type: Read only media: Shared. You cannot remove this lock type. You cannot create a new vDisk on a store once it has been marked as read-only with diskPart.exe. You cannot edit the properties of the VHD once the store has been marked read-only.
Modifying vDisk Properties

vDisk properties cannot be modified while the SAN LUN location is marked read-only. To edit the vDisk properties or modify the vDisk files on the LUN, complete the following procedure: 1. Shutdown all target devices that use the VHDs that are on the store. 2. Use the iSCSI initiator on all Provisioning Servers (except one) to logoff the volume. Alternately, use the diskpart.exe utility on some server OS types and mark the 197
Chapter 14
Managing Network Components volume as offline on all Provisioning Servers (this feature is not available on all OS types. If necessary, use the iSCSI initiator to logoff the volumes). 3. In order to use the diskpart.exe utility to mark the volume as read/write, Open a command prompt on the server that has access to the volume, then run diskpart.exe. This starts an interactive session with diskpart.exe. 4. Find the volume number by typing the following command: list volume. 5. Note the volume number of your volume and select it by typing the following command: select volume volumeNumber where volumeNumber is the number of the volume identified with the list volume command. 6. After the volume is selected, to clear the readonly attribute, type the following command: attributes volume clear readonly. 7. Check that the readonly attribute was set correctly by typing the following command: detail volume. 8. Exit diskpart.exe by typing the command: exit. 9. Logoff/login the volume (or mark it offline/online in diskpart) on the single server that still has access to the volume. 10. Edit the VHD file attributes through the Console, then copy the new files to the volume. 11. After all edits are complete, use the diskpart.exe utility to mark the volume readonly by selecting the volume, then setting the read-only attribute: attributes volume set readonly. 12. Check that the readonly attribute was set correctly by typing the following command: detail volume 13. Exit diskpart.exe by typing the command: exit. 14. Use the iSCSI Initiator to logoff, then relogin to the volume to re-read the readonly attributes. 15. Use the iSCSI Initiator on all Provisiong Servers to re-login to the volume. Note: IMPORTANT! Do NOT login to the SAN Volume from more than one server simultaneously until the volume has been marked read-only. If you allow more than one server to simultaneously login to the volume through the iSCSI interface while the volume is read-write, you will corrupt the volume and will need to re-format it. All data on the volume will be lost.
198
Chapter 15
Managing for Highly Available Implementations

Topics:
Offline Database Support Database Mirroring High Availability Option Overview Provisioning Services has several options to consider when configuring for a highly available implementation. w Offline Database Support on page 200, which allows Provisioning Servers to use a snapshot of the database if the connection to the database is lost. w Database Mirroring on page 201, Provisioning Service supports database mirroring. w High Availability Option Overview on page 203, which allows target devices to stay connected to a Provisioning Server. The tasks necessary to configure High Availability include: a. Configuring the Boot File for HA on page 205 b. Enabling HA on vDisks on page 207 c. Providing Provisioning Servers Access to Stores on page 208 Optional tasks include; w Configuring HA with Shared Storage on page 208 w Disabling Write Cache on page 211 w Testing HA Failover on page 211
199
Chapter 15
Offline Database Support

The Offline Database Support option allows Provisioning Servers to use a snapshot of the Provisioning Services database in the event that the connection to the database is lost. This option is disabled by default and is only recommended for use with a stable farm running in production. It is not recommended when running an evaluation environment or when reconfiguring farm components on the fly. Only a farm administrator can set this option. When offline database support is enabled on the farm, a snapshot of the database is created and initialized at server startup. It is then continually updated by the Stream Process. If the database becomes unavailable, the Stream Process uses the snapshot to get information about the Provisioning Server and the target devices available to the server. When the database connection becomes available, the Stream Process synchronizes any Provisioning Server or target device status changes made to the snapshot, back to the
database.
Considerations
The following features, options, and processes remain unavailable when the database connection is lost, regardless if the Offline Database Support option is enabled: w AutoAdd target devices w User Groups w AutoUpdate or Incremental vDisk updates w vDisk creation
200
Administrator's Guide w Active Directory password changes w Stream Process startup
Enabling Offline Database Support

To enable the Offline Database Support option 1. In the Console tree, right-click on the Farm, then select Properties. The Farm Properties dialog appears. 2. On the Options tab, check the checkbox next to Offline Database Support. 3. Restart Stream services.
Database Mirroring
In order to provide a highly available MS SQL configuration, Provisioning Services supports mirroring the Provisioning Services database, resulting in improved overall availability of Provisioning Services. Database mirroring can be implemented in a new or existing farm and requires the following high-level tasks: w Creating the Provisioning Services MS SQL primary database (created when the Installation Wizard is run on the server) Note: For database mirroring to function, the recovery model must be set to Full. w Identifying the primary database server and instance (identified when the Configuration Wizard is run) w Identifying an existing MS SQL failover database server (identified, not created, when the Configuration Wizard is run) w Configuring mirroring between the primary and failover database servers (configured using MS SQL database server tools) Note: Citrix recommends that the failover server be up and running before enabling database mirroring in the farm. For helpful information on configuring the MS SQL failover server, refer to http://technet.microsoft.com/en-us/library/ms188712.aspx. To implement and manage mirroring within a Provisioning Services farm, choose from the following: w Database Mirroring on page 201 w Enabling Mirroring Within an Existing Farm on page 202 Note: The procedures that follow are only intended to call out the steps that are applicable to database mirroring when running the Configuration Wizard.
201
Chapter 15
Note: Run the Configuration Wizard to specify the new failover sever so that the status of the Provisioning Service's farm correctly reports the new settings. After rerunning the wizard, some services, including the stream service, restart so that the farm has the new failover server settings specified with the wizard was run.
Enabling mirroring when configuring a new farm

To enable mirroring: 1. Start the Configuration Wizard on a server that will be in the new farm. 2. While running the wizard, when the Farm Configuration page displays, select the Create Farm radio button to create a new farm, then click Next. 3. Type or use the Browse button to identify the primary database server and instance names. Optionally, enter a TCP port number to use to communicate with this database server. 4. Enable the Specify database mirror failover partner option. 5. Type or use the Browse button to identify the failover database server and instance names. Optionally, enter a TCP port number to use to communicate with this server. 6. Click Next. If the failover database has already been configured and it is up and running, Provisioning Services should be able to connect to it. If the failover database server has not yet been created or is not running, an error message may display indicating a failure to connect. In this case, when prompted, click Yes to continue (the failover database can be created and configured after the new farm is created). 7. On the New Farm page, enter a name for the new database on the primary database server, then complete any additional requested information. 8. Click Next. 9. Complete the remaining wizard pages.
Enabling Mirroring Within an Existing Farm

To enable mirroring within an existing farm: 1. Confirm that the primary and failover database servers are up and running. 2. Using MS SQL server tools, mirror the Provisioning Services database to a database on the failover database server. 3. Run the Configuration Wizard on each server. 4. Identify the farm by choosing either the Farm is already configured or the Join exisiting farm option on the Farm Configuration page.
202
Administrator's Guide 5. On the Database Server page, select the primary and failover database servers and instance names, then enable the database mirror failover feature . 6. Complete the remaining wizard pages.
High Availability Option Overview

High Availability (HA) refers to an implementation in which at least two Provisioning Servers are configured to provide a vDisk to one or more target devices. Should the primary Provisioning Server fail for any reason, and HA is enabled, the connection will failover to the secondary Provisioning Server. If more than two Provisioning Servers are configured with HA and a connection fails, the HA server that is least busy is selected. Note: For information on configuring Provisioning Services to automatically balance the target device load between servers, refer to Balancing the Target Device Load on Provisioning Servers on page 97. In order to provide a high degree of uptime, HA-enabled implementations use a shared storage architecture. Multiple Provisioning Servers access the same physical files located on shared storage, which allows a target device to establish a connection on an alternate Provisioning Server if the connection to the active Provisioning Server is interrupted for any reason. A target device does not experience any disruption in service or loss of data when failover occurs. When failover occurs, a target device attempts to connect to the next Provisioning Server in its list. If unable to make a connection, the target device continues to try servers in the list until it successfully connects. Note: When configuring for HA, all Provisioning Servers selected as failover servers must reside within the same site.
203
Chapter 15
Managing for Highly Available Implementations Figure 15-1. Basic HA Implementation
The Provisioning Server to which a target device accesses to login does not necessarily become the Provisioning Server that accesses the vDisk on behalf of the target device. In addition, once connected, if one or more Provisioning Servers can access the vDisk for this target device, the server that is least busy is selected. To purposely force all target devices to connect to a different Provisioning Server in an HA configuration, while avoiding having targets timeout and attempt to reconnect to the current server, stop the Stream Service on that server. Upon shutdown, the Stream Service will notify each target device to re-login to another server.
HA Benefits
Benefits of using HA include: w Automatic failoverfailure of an active component results in an automatic failover to an alternative component without interruption. w Redundant Provisioning Server supportvDisk redundancy is available by making the store where a vDisk resides, accessible by multiple Provisioning Servers. w Support for various network shared storage optionssupport for RAID, SAN, NAS and Windows network storage.
HA Components
The key to establishing any highly available network is to identify the critical HA components, create redundancy for these components, and ensure automatic failover to the secondary component in the event that the active component fails. The critical components are: w Provisioning Server 204
Administrator's Guide w vDisk shared-storage system w Database storage device Note: Write caching must be disabled on the hard drive of each Provisioning Server if the storage device is an IDE or SATA drive, in order to avoid the possibility of file corruption or application failure (refer to Disabling Windows Write Caching). Write caching on the disk is a device-specific property. Some devices, such as a SCSI RAID disk or SAN, may not provide the option.
Configuring the Boot File for HA

The HA feature requires a shared storage system that ensures the availability of the Provisioning Server vDisks. Depending on the type of shared storage, the vDisks use either the Universal Naming Convention (UNC) or the usual DOS naming convention. When a Provisioning Server is configured by the Configuration Wizard, that server can be selected as one of the servers used to connect target devices during the boot process. To use HA, at least two login Provisioning Servers must be listed in the boot file (maximum of four servers). The target devices boot file contains the IP addresses of up to four login Provisioning Servers, as well as other configuration information. The boot file lists the Provisioning Servers that a target device can contact to get access to the Provisioning Services farm. The server that is contacted may hand the target device off to a different Provisioning Server that is able to provide the target device with its vDisk.
Adding Provisioning Servers to the boot file

An administrator must add Provisioning Servers to the boot file in order to provide a target device with the information necessary to make contact with the Stream Service. When first configuring a Provisioning Server, the Configuration Wizard allows you to select to use the server, which is currently being configured, to provide TFTP services. If all target devices are on one network segment, there will typically be one TFTP server per farm. If target devices are on multiple network segments, and each segment is configured as an independent site, then one TFTP server per site (network segment) may be used. Provisioning Servers can also be configured as login servers in the Console using the Configure Bootstrap dialog. Select from either method to add Provisioning Servers to the boot file.
Adding Login Servers using the Configuration Wizard

To add and configure the first Provisioning Server as the TFTP and login server using the Configuration Wizard: 1. Run the Configuration Wizard and when presented with the TFTP option and bootstrap location dialog, select the Use the Provisioning Server TFTP Service option.
205
Chapter 15
Managing for Highly Available Implementations 2. Enter or browse for the bootstrap file location, then click Next. The default location is: C:\Documents and Settings\All Users\Application Data \Citrix\Provisioning Services\Tftpboot Note: If a previous version of Provisioning Server was installed on this server, you may need to change the default location from C:\Program Files\Citrix \Provisioning Server\TFTPBoot or C:\Documents and Settings \All Users\Application Data\Citrix\Provisioning Server \TFTPbootto: C:\Documents and Settings\All Users\Application Data\Citrix\Provisioning Services\TFTPboot. If the default is not changed, the bootstrap file can not be configured from the Console and target devices will fail to boot; receiving a Missing TFTP error message. 3. In the Provisioning Servers boot list, click the Add button to add additional login Provisioning Servers to the list. Use the Move up or Move down buttons to change the Provisioning Server boot preference order. Note: In an HA implementation, at least two Provisioning Server must be selected as boot servers. 4. To set advanced configuration settings, highlight the IP address of the Provisioning Server, click Advanced, then configure the bootstrap file. Note: For field definitions, refer to Provisioning Server Properties on page 84. 5. Click OK, then click Next. 6. Review configuration settings, then click Finish to confirm configuration settings and restart network services on this server. As configuration settings are saved, they display in the progress dialog. 7. To exit the Configuration Wizard, click Done.
Adding Login Servers Using the Console

To add and configure additional Provisioning Servers as a login servers: 1. In the Console, right-click on a Provisioning Server that will be used as a login server, then select the Configure Bootstrap menu option. The Configure Bootstrap dialog appears. Note: Clicking Read DB populates the table with login servers that already exist. When the Stream Service starts, it creates a record in the database with its own IP address. There is only one Stream Service option record per database. If the service is bound to multiple IP addresses, multiple records appear in the database. The Read DB function chooses only one IP address from each Provisioning Server. This function can also be used to populate the boot file with the Stream Service IP settings already configured in the database. 2. Click Add to add a new login Provisioning Server to the bootstrap file. The Streaming Server dialog appears. 206
Administrator's Guide 3. Type the IP address and port number of this Provisioning Server in the appropriate text boxes. 4. Select to either use subnet mask and gateway settings using DHCP/BOOTP, or type in the settings to use, then click OK. The Provisioning Server information displays in the list of available login servers. 5. To configure advanced bootstrap settings, on the Options tab, choose from the following settings: Select Verbose Mode if you want to monitor the boot process on the target device (optional). This enables system messaging on the target device. Select Interrupt Safe Mode if the target device hangs early in the boot process. Select Advanced Memory Support checkbox unless using older versions without PAE enabled. 6. Select from the following Network Recovery Methods: Restore Network Connections - Selecting this option results in the target device attempting indefinitely to restore its connection to the Provisioning Server. Note: Because the Seconds field does not apply, it becomes inactive when the Restore Network Connections option is selected. Reboot to Hard Drive - Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will reboot to the local hard drive. The default number of seconds is 50. 7. Under Timeouts, scroll for the Login Polling Timeout, in milliseconds, between retries when polling for Provisioning Servers. 8. Under Timeouts, scroll for the Login General Timeout, in milliseconds, for all login associated packets, except the initial login polling time-out. 9. Click OK to save your changes.
Enabling HA on vDisks
After the bootstrap file has been configured, the HA feature must be enabled on the vDisk. To enable the HA feature on the vDisk: 1. To enable the HA feature, in the Console, right-click on the vDisk and select the File Properties menu option. 2. Select the Options tab. 3. Select the High availability (HA) checkbox.
207
Chapter 15
Managing for Highly Available Implementations 4. Click OK to save this vDisk property change and continue. 5. Configure load balancing in the vDisk's properties (for details, refer to vDisk Properties on page 103). 6. Optionally, select the power rating for each Provisioning Server (for details, refer to Provisioning Server Properties on page 84) .
Providing Provisioning Servers Access to Stores

For each store, select the Provisioning Servers that can access that store: 1. In the Console, right-click on the Store, then select the Properties menu option. The Store Properties dialog appears. 2. On the Servers tab, select the site where Provisioning Servers that should be able to access this store exists. 3. Enable the checkbox next to each Provisioning Server that can provide vDisks in this store, then click OK.
Configuring HA with Shared Storage

Provisioning Servers are configured to access your shared-storage location. The HA feature supports various shared-storage configurations. The steps for configuring HA in the network varies depending on shared-storage configurations. Note: Installing Provisioning Services affects the following registry key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb \Parameters\OplocksDisabled. Changing this registry key disables Windows Opportunity Locking, providing the fastest possible failover time when contact with the active Provisioning Server is lost. Without this change, failover times can take up to one minute. During this time, Windows does not allow access to the vDisk file that was in use by the failed Provisioning Server. By disabling Windows Opportunity Locking on Provisioning Servers, the Stream Service can have immediate access to vDisk files. However, this reduces caching of remote vDisk data for the entire Provisioning Server.
Windows Shared-Storage Configuration

Note: The instructions below provide the procedures on a Windows XP operating system. If you are using another operating system, the dialogs may appear slightly different, and slightly different steps may be required. The concepts are the same regardless of operating system. See your operating systems online help for more information. Stream Services run under a user account; Service account credentials. If you are using a Windows shared-storage location, the Service account credentials (user account name and password) must be a domain account that is configured on each Provisioning Server, in order to access the Stream Service and the shared storage system. 208
Administrator's Guide Configuring Service Account Credentials for Provisioning Servers includes the following high-level tasks: w Creating Stream-Service Account Credentials on the Domain Controller on page 209 w Assigning Stream-Service Account Credentials Manually on page 209 w Configuring HA Storage Access on page 210 w Enabling HA on vDisks on page 207
Creating Stream-Service Account Credentials on the Domain Controller

The Stream Service runs under the user account. When the Stream Service accesses a vDisk stored locally on the Provisioning Server, the local user rights provide full access. However, when the database or vDisk is located on a remote storage device, the Streaming Server must use a domain account with rights to both the Provisioning Server and the remote storage location. An administrator must assign full control rights to the Stream Service account in order for it to read and write to the remote storage location. An administrator creates service account credentials in Active Directory and assigns the credentials to the Stream Service on all Provisioning Servers that will participate in HA. Alternatively, an existing domain user account can be given full control rights to the network share and be assigned to the Stream Service. Note: Your Microsoft Windows online help contains detailed instructions for creating both local and domain accounts. Consider the following when creating service account credentials: w You must be logged on as an administrator or a member of the Administrator group to create a domain account. w Clear the User must change password at next logon checkbox.
Assigning Stream-Service Account Credentials Manually

When running the Configuration Wizard on a Provisioning Server, you are prompted to enter an account name and password for the Stream Service to use. This account must have access permissions for any stores it is given access to, as well as permissions in SQL Server for database access. If necessary, credentials can be assigned manually. To assign the Service account credentials to the Stream Service: 1. Open the Windows Control Panel. 2. Go to Administrative Tools>Services. 3. Double-click on the first PVS Stream Service name in the Services list. 4. On the Log On tab, select This Account, then click Browse. 5. Click Locations, select the domain node, then click OK. 6. Type the name of the Stream Service user account, then click Check Names.
209
Chapter 15
Managing for Highly Available Implementations 7. Click OK to close the Select User dialog. 8. On the Log On tab, enter and confirm the Stream Service account password, confirm the password, then click OK. 9. After assigning the Service account credentials to the Stream Service, restart the Stream Service.
Configuring HA Storage Access

The stores that contain the vDisks need to be shared, and the Service account credentials (user account and password) needs to have access to remote HA storage for vDisks, with the appropriate permissions. To share your vDisks stores folders, and grant access permissions to your Service account credentials: 1. In Windows Explorer, right-click on the folder that contains the database and vDisk folders. For example, if the database and vDisk files are stored in the default C: \Program Files\Citrix\Provisioning Services folder, right-click on that folder. 2. Select Sharing and Security from the shortcut menu. 3. Enable the Share this folder radio button, then optionally enter a share name, and comment. 4. Click Permissions. 5. If the Service account credentials user name does not appear in the Group or user names list, click the Add button. Enter the user name of the Service account credentials, and click Check Names to verify. 6. Click OK. 7. Select the service account credentials user name. 8. Enable the Full Control checkbox (the Full Control checkbox and all checkboxes below it should be checked). 9. Click Apply. 10. Click the Security tab. Note: In Windows XP it may be necessary to turn off simple sharing, so that you can display the Security tab of the Folder Properties dialog to give permissions to the proper user (the user defined in Creating Streaming-Service Account Credentials, or Everyone). To turn off simple sharing, select Start > Control Panel. Double-click Folder Options. On the View tab, under Advanced settings, clear the Use simple file sharing (Recommended) checkbox. 11. If the Service account credentials user name does not appear in the Group or user names list, click the Add button. Enter the username of the Service account credentials, then click Check Names to verify. 12. Click OK. 210
Administrator's Guide 13. Select the Service account credentials as user name. 14. Enable the Full Control checkbox, then click Apply. 15. Click OK.
SAN Configuration
If storing the database and vDisks on a SAN, use local system accounts for the Stream Service. Unlike a Windows network share, creating special Service Account Credentials to guarantee access to your data, may not be necessary to guarantee access to your data. In most cases, a SAN configuration allows setting up as if the database and vDisks were stored locally on the Provisioning Server.
Disabling Write Cache

Disable write caching on the hard drive of each Provisioning Server if your storage device is an IDE or SATA drive. Ensure that the write caching option is disabled in Windows for the storage device on which your vDisks are stored. To disable write caching in Windows 1. On the Provisioning Server, open the Control Panel. Select Administrative Tools>Computer Management. 2. Double-click the Disk Management node in the tree. 3. Right-click the storage device for which Windows write caching will be disabled. 4. Select Properties, then click the Hardware tab. 5. Click the Properties button. 6. Click the Policies tab. 7. Clear the Enable write caching on the disk checkbox. 8. Click OK, then click OK again. 9. Close the Computer Management window, then the Administrative Tools window. 10. Right-click the Provisioning Server node in the Console, then click Restart service. Alternatively, you can also re-run the Configuration Wizard to re-start the services, or manually restart the services through the Windows Control Panel>Administrative Tools>Services window. (At the Services window, right-click on the Stream Service, then select Start from the shortcut menu.)
Testing HA Failover
To ensure that HA is successfully configured, complete the following 1. Double-click the vDisk status icon on the target device and then note the IP address of the connected Provisioning Server. 211
Chapter 15
Managing for Highly Available Implementations 2. Right-click the connected Provisioning Server in the Console. Select Stream Services, then select Stop. 3. Confirm that the IP address of the connected Provisioning Server changes to that of an alternate Provisioning Server in the vDisk status dialog on the target device.
212
Chapter 16
Managing Active Directory

Topics:
Active Directory Integration Prerequistes Managing Domain Passwords Enabling Domain Management Managing Domain Computer Accounts Integrating Provisioning Services and Active Directory allows administrators to: w Select the Active Directory Organizational Unit (OU) in which Provisioning Services should create a target device computer account. w Take advantage of Active Directory management features, such as delegation of control and group policies. w Configure the Provisioning Server to automatically manage the computer account passwords of target devices. Note: For more information about using Active Directory organizational units and delegation of control, refer to Microsoft Active Directory documentation. The following major tasks are used to manage Active Directory in a Provisioning Services environment: w Managing Domain Passwords on page 214 w Enabling Domain Management on page 215 w Managing Domain Computer Accounts on page 216
213
Chapter 16
Active Directory Integration Prerequistes

Before integrating Active Directory within the farm, verify that the following prerequistes are met: w The Master Target Device was added to the domain before building the vDisk. w The Disable Machine Account Password Changes option was selected when the image optimization wizard was run during imaging. After all prerequisites have been verified, new target devices can be added and assigned to the vDisk. A machine account must then be created for each target device.
Managing Domain Passwords

When target devices access their own vDisk in Private Image mode, there are no special requirements for managing domain passwords. However, when a target device accesses a vDisk in Standard Image mode, the Provisioning Server assigns the target device its name. If the target device is a domain member, the name and password assigned by Provisioning Server must match the information in the corresponding computer account within the domain. Otherwise, the target device is not able to log on successfully. For this reason, the Provisioning Server must manage the domain passwords for target devices that share a vDisk. To enable domain password management you must disable the Active Directory-(or NT 4.0 Domain) controlled automatic re-negotiation of machine passwords. This is done by enabling the Disable machine account password changes security policy at either the domain or target-device level. Provisioning Server provides equivalent functionality through its own Automatic Password Renegotiate feature. While target devices booting from vDisks no longer require Active Directory password renegotiation, configuring a policy to disable password changes at the domain level applies to any domain members booting from local hard drives. This may not be desirable. A better option is to disable machine account password changes at the local level. This can be accomplished by selecting the Optimize option when building a vDisk image. The setting will then be applied to any target devices that boot from the shared vDisk image. Note: The Provisioning Server DOES NOT in any way change or extend the Active Directory schema. Provisioning Servers function is to create or modify computer accounts in Active Directory, and reset passwords. When domain password management is enabled, it: w Sets a unique password for a target device. w Stores that password in the respective domain computer account. w Gives the information necessary to reset the password at the target device before it logs on to the domain. 214
Password Management Process

The illustration that follows shows how password management validates Active Directory passwords on the domain controller to target device passwords. Figure 16-1. Password Management Process with Active Directory
With password management enabled, the domain password validation process includes: w Creating a machine account in the database for a target device, then assign a password to the account. w Providing an account name to a target device using the Streaming Service. w Having the domain controller validate the password provided by the target device.
Enabling Domain Management

Each target device that logs on to a domain requires a computer account on the domain controller. This computer account has a password that is maintained by the Windows desktop OS and is transparent to the user. The password for the account is stored both on the domain controller and on the target device. If the passwords stored on the target device and on the domain controller do not match, the user can not log on to the domain from the target device. 215
Chapter 16
Managing Active Directory Domain management is activated by completing the following tasks: w Enabling Machine Account Password Management w Enabling Automatic Password Management
Enabling Machine Account Password Management

To enable machine account password management, complete the following: 1. Right-click on a vDisk in the Console, then select the File Properties menu option. 2. On the Options tab, select Active Directory machine account password management. 3. Click OK, then close the properties dialogs, then restart the Streaming Service.
Enabling Automatic Password Management

If your target devices both belong to an Active Directory domain and are sharing a vDisk, the following additional steps must be completed: To enable automatic password support, complete the following: 1. Right-click on a Provisioning Server in the Console, then select the Properties menu option. 2. Select the Enable automatic password support option on the Options tab. 3. Set the number of days between password changes. 4. Click OK to close the Server Properties dialog. 5. Restart the Streaming Service.
Managing Domain Computer Accounts

The following tasks are normally performed in the Active Directory Users and Computers Management Console. However, these actions must now be performed using the Provisioning Server in order to take full advantage of product features. w Supporting Cross-Forest Scenarios w Giving Access to Users from Another Domain Provisioning Services Administrator Privileges w Adding Target Devices to a Domain w Removing Target Devices From a Domain w Reset Computer Accounts
216
Supporting Cross-Forest Scenarios

To support cross-forest scenarios: w Ensure that DNS is properly set up. (Refer to Microsoft's web site for information on how to prepare DNS for a Forest Trust.) w Raise the forest functional level of both forests to Windows Server 2003. w Create the forest trust. In order for Provisioning Services and the user from the Provisioning Services domain to create an account in a domain from another forest, create an Inbound Trust from the external forest to the forest Provisioning Services is in. Parent-child domain scenario A common cross-domain configuration includes the Provisioning Server in a parent domain and users, from one or more child domains, want to administer Provisioning Services and manage Active Directory accounts within their own domains. To implement this configuration: 1. Create a Security Group in the child domain. (It can be a Universal, Global, or Local Domain Group). Make a user from the child domain a member of this group. 2. From the Provisioning Server Console, in the parent domain, make the child domain security group a Provisioning Services Administrator. 3. If the child domain user does not have Active Directory privileges, use the Delegation Wizard in the Active Directory Users & Computers Management Console to assign, create, and delete a user's computer account rights for the specified OU. 4. Install the Provisioning Services Console in the child domain. No configuration is necessary. Log into the Provisioning Server as the child domain user. Cross-forest configuration This configuration is similar to the cross-domain scenario, except that the Provisioning Services Console, user, and Provisioning Services administrator group are in a domain that is in a separate forest. The steps are the same as for the parent-child scenario, except that a forest trust must first be established. Note: Microsoft recommends that administrators do not delegate rights to the default Computers container. The best practice is to create new accounts in the OUs.
Giving Access to Users from Another Domain Provisioning Services Administrator Privileges
There are several methods for giving Provisioning Services Administrator privileges to users that belong to a different domain. However, the following method is recommended:
217
Chapter 16
Managing Active Directory 1. Add the user to a Universal Group in their own domain (not the Provisioning Services Domain). 2. Add that Universal Group to a Local Domain Group in the PVS domain. 3. ) Make that Local Domain Group the PVS Admin group.
Adding Target Devices to a Domain

To add target devices to a domain: Note: The machine name used for the vDisk image is to never be used within your environment again. 1. Right-click on one or more target devices in the Console window (alternatively, rightclick on the device collection itself to add all target devices in this collection to a domain). Select Active Directory, then select Create machine account. The Active Directory Management dialog appears. 2. From the Domain scroll list, select the domain that the target device(s) belongs to, or in the Domain Controller text box, type the name of the domain controller that the target devices should be added to (if you leave the text box blank, the first Domain Controller found is used). 3. From the Organization unit (OU) scroll list, select or type the organization unit to which the target device belongs (the syntax is parent/child, lists are comma separated; if nested, the parent goes first). 4. Click the Add devices button to add the selected target devices to the domain and domain controller. A status message displays to indicate if each target device was added successfully. Click Close to exit the dialog.
Removing Target Devices From a Domain

To remove target devices from a domain: 1. Right-click on one or more target devices in the Console window (alternatively, rightclick on the device collection itself to add all target devices in this collection to a domain). Select Active Directory Management, then select Delete machine account. The Active Directory Management dialog appears. 2. In the Target Device table, highlight those target devices that should be removed from the domain, then click the Delete Devices button. Click Close to exit the dialog.
Reset Computer Accounts

To reset computer accounts for target devices in an Active Directory domain: 1. Right-click on one or more target devices in the Console window (alternatively, rightclick on the device collection itself to add all target devices in this collection to a
218
Administrator's Guide domain), then select Active Directory Management, then select Reset machine account. The Active Directory Management dialog appears. 2. In the Target Device table, highlight those target devices that should be reset, then click the Reset devices button. Note: This target device should have been added to your domain while preparing the first target device. 3. Click Close to exit the dialog. 4. Disable Windows Active Directory automatic password re-negotiation. To do this, on your domain controller, enable the following group policy: Domain member: Disable machine account password changes. Note: To make this security policy change, you must be logged on with sufficient permissions to add and change computer accounts in Active Directory. You have the option of disabling machine account password changes at the domain level or local level. If you disable machine account password changes at the domain level, the change applies to all members of the domain. If you change it at the local level (by changing the local security policy on a target device connected to the vDisk in Private Image mode), the change applies only to the target devices using that vDisk. 5. Boot each target device.
219
Chapter 16
220
Chapter 17
Managing Bootstrap Files and Boot Devices

Topics:
Configuring the Bootstrap File From the Console Using the Manage Boot Devices Utility The following information is detailed in this chapter: w Configuring the Bootstrap File From the Console on page 222 w Using the Manage Boot Devices Utility on page 226
221
Chapter 17
Configuring the Bootstrap File From the Console

For the Provisioning Server to start a target device, a boot file is downloaded by the Provisioning Servicess MBA or PXE-compliant boot ROM, when the device is turned on. This file must be configured so that it contains the information needed to communicate with the Provisioning Servers. The Configure Bootstrap dialog is used to define the IP addresses for up to four Provisioning Servers in the boot file. Note: For alternative boot methods, refer to Using the Manage Boot Devices Utility on page 226 The Configure Bootstrap dialog field descriptions are as follows: General Tab: Configure Bootstrap Field Bootstrap File Description The currently selected boot file displays. If you want to select a different boot file to configure, click the Add button or Read Servers from Database button. The IP Address, Subnet Mask, Gateway, and Port for up to four Provisioning Servers, which will perform login processing. Click the Add button to add a new Provisioning Server to the file. Up to four Provisioning Servers may be specified for Provisioning Servers. Highlight an existing Provisioning Server from the list, then click the Edit button to edit this servers IP settings. Select an existing Provisioning Server from the list, then click the Remove button to remove this server from the list of available Provisioning Servers. Select an existing Provisioning Server, and click to move up or down in the list of Provisioning Servers. The order in which the Provisioning Servers appear in the list determines the order in which the Provisioning Servers are accessed should a server fail. To populate the boot file with the Stream Service IP settings already configured in the database, click the Read Servers from Database button. This removes any existing settings before populating the list from the database.
IP Settings
Add button
Edit button Remove button
Move Up and Move Down buttons
Read Servers from Database button
Target Device IP: Configure Bootstrap 222
Use DHCP to retrieve target device IP Use static target device IP
Select this option to retrieve target device IP; default method. Selecting this method requires that a primary and secondary DNS and Domain be identified.
Server Lookup: Configure Bootstrap Use DNS Select this option to use DNS to find the server. The host name displays in the Host name textbox. If this option is selected and the Use DHCP to retrieve Device IP option is selected (under Device IP Configuration settings), your DHCP server needs to provide option 6 (DNS Server). Note: If using HA, specify up to four Provisioning Servers for the same Host name on your DNS server. Use Static IP Use the static IP address of the Provisioning Server from which to boot from. If you select this option, click Add to enter the following Provisioning Server information, then click OK to exit the dialog: IP Address Subnet Mask Gateway Port (default is 6910) Note: If using HA, enter up to four Provisioning Servers. If you are not using HA, only enter one. Use the Move Up and Move Down buttons to sort the Provisioning Servers boot order. The first Provisioning Server listed will be the server that the target device attempts to boot from. Options Tab: Configure Bootstrap Verbose Mode Select the Verbose Mode option if you want to monitor the boot process on the target device (optional) or view system messages. Select Interrupt Safe Mode if you are having trouble with your target device failing early in the boot process. This setting enables the bootstrap to work with newer Windows OS versions and is enabled by default. Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your
Interrupt Safe Mode Advanced Memory Support
223
Chapter 17
target device is hanging or behaving erratically in early boot phase. Network Recovery Method Restore Network Connections Selecting this option results in the target device attempting indefinitely to restore it's connection to the Provisioning Server. Reboot to Hard Drive (a hard drive must exist on the target device) Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will rebooot to the local hard drive. The default number of seconds is 50, to be compatible with HA configurations. Login Polling Timeout Enter the time, in milliseconds, between retries when polling for Provisioning Servers. Each Provisioning Server is sent a login request packet in sequence. The first Provisioning Server that responds is used. In nonHA systems, this time-out simply defines how often to retry the single available Provisioning Server with the initial login request. This time-out defines how quickly the round-robin routine will switch from one Provisioning Server to the next in trying to find an active Provisioning Server. The valid range is from 1,000 to 60,000 milliseconds. Login General Timeout Enter the time-out, in milliseconds, for all login associated packets, except the initial login polling timeout. This time-out is generally longer than the polling time-out, because the Provisioning Server needs time to contact all associated servers, some of which may be down and will require retries and time-outs from the Provisioning Server to the other Provisioning Servers to determine if they are indeed online or not. The valid range is from 1,000 to 60,000 milliseconds.
Configuring the Bootstrap File

1. In the Console, highlight the Servers folder in the tree, or highlight a Provisioning Server, then select Configure bootstrap from the Action menu. The Configure Bootstrap dialog appears. Select the boot file that was copied to the directory you selected during the Provisioning Server setup. 224
Important: If a previous version of Provisioning services was installed on this server, you must change the default location from: C:\Program Files\<CitrixorOEMname>\Provisioning Server \Tftpboot to: C:\Documents and Settings\All Users\Application Data\<CitrixorOEMname> \Provisioning services\Tftpboot If the default is not changed, the bootstrap file can not be configured from the Console and target devices will fail to boot; receiving a Missing TFTP error message.
Note: If you installed the Console on a separate machine, select the path of the remote Provisioning Server (which has boot services installed). 2. Click Read DB. When the Stream Service starts, it creates a record in the database with its own IP address. There is only one Stream Service option record per database. If the service is bound to multiple IP addresses, multiple records appear in the database. The Read DB function chooses only one IP address from each Provisioning Server. This function can also be used to populate the boot file with the Stream Service IP settings already configured in the database. 3. Choose from the following options: Select the Verbose Mode option if you want to monitor the boot process on the target device (optional). This enables system messaging on the target device. Select Interrupt Safe Mode if the target device hangs early in the boot process. Select Advanced Memory Support option to enable the bootstrap to work with newer Windows OS versions (enabled by default). Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your target device is hanging or behaving erratically in early boot phase. 4. Select from the following Network Recovery Methods: Restore Network Connections - Selecting this option results in the target device attempting indefinitely to restore it's connection to the Provisioning Server. Reboot to Hard Drive - Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection can not be established, PXE will fail and the system will reboot to the local hard drive. The default number of seconds is 50. Click the Browse button to search for and select the folder created in Step 1, or enter a full path or UNC name. Note: If the partition containing the vDisks is formatted as a FAT file system, a message displays a warning that this could result in sub-optimal performance. It is 225
Chapter 17
Managing Bootstrap Files and Boot Devices recommended that NTFS be used to format the partition containing the vDisks. Do not change the address in the Port field.
Caution: All boot services (PXE, TFTP) must be on the same NIC (IP). But the Stream Service can be on a different NIC. The Stream Service allows you to bind to multiple IPs (NICs). 5. Configure the following: Login Polling Timeout Enter the time, in milliseconds, between retries when polling for servers. Each server is sent a login request packet in sequence. The first server that responds is used. This time-out simply defines how often to retry the single available server with the initial login request. If you are using the High Availability feature, this timeout defines how quickly the round-robin routine will switch from one server to the next, in trying to find an active server. The valid range is from 1,000 to 60,000 milliseconds. Login General Timeout Enter the time-out, in milliseconds, for all login associated packets, except the initial login polling time-out. The valid range is from 1,000 to 60,000 milliseconds. 6. Click OK to save your changes.
Using the Manage Boot Devices Utility

The Manage Boot Devices Utility provides an optional method for providing IP and boot information (boot device) to target devices; as an alternative to using the traditional DHCP, PXE, and TFTP methods. Using this method, when the target device starts, it obtains the boot information directly from the boot device. With this information, the target device is able to locate, communicate, and boot from the appropriate Provisioning Server. After the user is authenticated, the Provisioning Server provides the target device with its vDisk image. Supported Boot Devices The following boot devices are supported in this release: Note: The Boot Device Management utility is not supported on operating systems older than, and including, Windows 2000. Wireless NICs are not supported. w USB w CD-ROM (ISO) w Hard Disk Partition Caution: 226
When an entire hard drive is selected as boot device, all existing disk partitions are erased and re-created with a single active partition. The targeted partition is reserved as a boot device and cannot be used by the operating system or data. When a hard disk partition is selected as boot device, the selected disk partition data is deleted and set as an active partition. This active partition becomes the boot device. Boot devices are configured using the Boot Device Management utility. The Manage Boot Devices utility is structured as a wizard-like application, which enables the user to quickly program boot devices. After installing the boot device, complete the procedures that follow.
Configuring Boot Devices

w The vDisk must already be formatted and ready before the BDM.exe is run. w If using the target device hard disk drive as the boot device, copy BDM. exe from the product installation directory on the server, into the product installation directory on the target device. w The target device settings in the Console should be set to boot from the vDisk but the actual device should be set to boot from hard disk first. 1. From C:\Program Files\Citrix\Provisioning Services product installation directory, run BDM.exe. The Boot Device Management window opens. 2. Under Server Lookup, select the radio button that describes the method to use to retrieve Provisioning Server boot information: Use DNS to find the Provisioning Server from which to boot from. If this option is selected and the Use DHCP to retrieve Device IP option is selected (under Device IP Configuration settings), your DHCP server needs to provide option 6 (DNS Server) Note: The boot device uses Host name plus DHCP option 15 (Domain Name, which is optional) as the fully qualified domain name (FQDN) to contact the DNS server to resolve the IP address. If using HA, specify up to four Provisioning Servers for the same Host name on your DNS server. Use the static IP address of the Provisioning Server from which to boot from. If you select this option, click Add to enter the following Provisioning Server information, then click OK to exit the dialog: w IP Address w Subnet Mask w Gateway 227
Chapter 17
Managing Bootstrap Files and Boot Devices w Port (default is 6910) If using HA, enter up to four Provisioning Servers. If you are not using HA, only enter one. Use the Move Up and Move Down buttons to sort the Provisioning Servers boot order. The first Provisioning Server listed will be the server that the target device attempts to boot from. 3. Click Next. The Set Options dialog appears. 4. Configure the following local boot options, then click Next: Verbose Mode; enable/disables the displaying of extensive boot and diagnostic information that is helpful when debugging issues. Interrupt Safe Mode; enable/disable for debugging issues, which is sometimes required for drivers that exhibit timing or boot behavior problems. Advanced Memory Support; enables/disables the address extensions, to match your operating system settings. Select this option to enable the bootstrap to work with newer Windows OS versions (enabled by default). Only disable this setting on older XP or Windows Server OS 32 bit versions that do not support PAE, or if your target device is hanging or behaving erratically in early boot phase. Network Recovery Method; select to attempt to restore the network connection or to reboot from a hard drive if the target device loses connection to the Provisioning Server, and how long (in seconds) to wait to make this connection. Login Polling Timeout; in general, it is recommended that you start values of one second for each of the polling and general timeouts. You should extend these when using 3DES encryption. You should further extend the timers based upon workload. A reasonable setting for 100 target devices running triple DES in the network would be three seconds. Login General Timeout; a reasonable setting for 100 target devices running triple DES in the network would be ten Seconds for the General Timeout. 5. On the Burn the Boot Device dialog, configure the target device IP. If the Use DNS to find the Server option is selected and your DHCP service does not provide option 6 (DNS Server), then enter the following required information (note that the server name must be less than 16 characters length and the domain name less than 48 characters in length): Primary DNS Server Address Secondary DNS Server Address Domain Name 6. Configure the Boot Deviceproperties. Add an active boot partition . Check this option to add a boot partition. Note: A boot partition is required if booting from the device's hard drive (for example, when selecting a XENPVDISK boot device with small partition or partition offset). Select the boot device from the list of devices.
228
Administrator's Guide If a partition offset size is set, a confirmation message displays to confirm the destination size. Type Yes (case sensitive) to continue. 7. If applicable, configure Media Properties. 8. Click Burn. A message appears to acknowledge that the boot device was successfully created. If selecting ISO format, use your CD burning software to burn the ISO image. 9. Click Exit to close the utility. 10. Boot the target device and enter the BIOS Setup. Under the Boot Sequence, move the boot device to the top of the list of bootable devices. Save the change, then boot the target device. After the boot device is programmed, a target device boot sequence can be configured using the Consoles Target Device Disk Properties dialog. These boot behaviors are used after a target device connects to a Provisioning Server. The Console allows multiple vDisk images to be assigned to a target device. The way in which these vDisks boot depends upon the selected boot behavior. When configuring the BIOS to work with the boot device (either USB or ISO image), it is imperative that the NIC PXE option is enabled. The PXE boot option is required in order for the NIC Option ROM to stay resident in memory during the pre-boot process. This way, UNDI will be available to the boot device to properly initialize the NIC. Otherwise, the "API not found" message would be displayed by the boot device.
229
Chapter 17
230
Chapter 18
Managing Printers
Topics:
Installing Printers on a vDisk Enabling or Disabling Printers on a vDisk Methods for Enabling Printers on a vDisk Enabling the Printer Management Feature Provisioning Server provides a Printer Management feature that allows you to manage which printers target devices have access to on a vDisk. Printers are managed from the Target Device Properties dialog. This feature should not be enabled if you use Active Directory to manage printers. If you use an existing printer management tool, this feature should be disabled to avoid printer setting conflicts. There are two types of printers that can appear in the Console window: w Network Printers w Local Printers Before a target device can access a printer, the following tasks must be completed in the order that follows: w Installing Printers on a vDisk on page 232 w Methods for Enabling Printers on a vDisk on page 233 w Enabling the Printer Management Feature on page 235
231
Chapter 18
Managing Printers
Installing Printers on a vDisk

Printers must be installed on the vDisk image before the printers are available to target devices booting from that disk. To install printers on the vDisk: 1. Change the vDisk image mode to Private Image mode. 2. Install the required printers on the target device that is using the vDisk. 3. Perform a clean shut-down of the target device that is using the vDisk. 4. If this vDisk is shared by users, change the vDisk image mode back to Shared Image mode. 5. Verify that the printers display in the Console: a. Right-click on the target device, select the Properties menu option. b. Select the vDisks tab, then click on the Printers button. Printers associated with that vDisk should appear in the list of available printers. After successfully installing printers, the next step is to enable printers for target devices that access this vDisk (for details, refer to Methods for Enabling Printers on a vDisk on page 233).
Enabling or Disabling Printers on a vDisk

Note: The Printer Management feature is only recommended if you are not using Active Directory to manage printer groups. By default, printers are not enabled on the vDisk. Enable or disable printers from the Target Device Properties vDisk tab. On the Printers dialog, enable the checkbox next to each printer to enable or disable it. After enabling (assigning) printers to target devices, the Printer Management feature must then be enabled on the vDisk. Until Printer Management is enabled, all printers that are installed on the target device are available to that target device. By enabling Printer Management, you can select printers or remove printers from individual target devices. After a target device boots, printer information, which is included in a vDisk image, becomes available to target devices. Printer Management is initially disabled until all printer-to-target device assignments are completed for the vDisk. Disabling individual printers prohibits target devices from accessing those printers. Note: Disabling printers does not remove the printer information from the vDisk. Changes to the target devices printer assignments do not occur until the target device reboots. Examples of reasons you may want to disable Printer Management include: 232
Administrator's Guide w You may be using a different printer system that installs the valid printers on each target device and software may delete them or cause conflicting settings. w Printers that are included on the vDisk should be accessible to all users. w The system needs to be configured before being deployed. Until the Printer Management feature is enabled, changes can be made for different target devices as needed. All printers installed on a vDisk appear in the Details panel when the Printers group folder is expanded for that vDisk. If a disk is a HA vDisk (has a duplicate with same vDisk name), changes to that printer (if it is enabled or disabled for a target device) are automatically made to the duplicate vDisk. Enablement Methods Using the Console, you can manage which target devices use which printers. There are several methods for managing target device printer assignments. Choose from the following methods: w Enabling printers for target devices using the Printer settings option. Use this method to enable or disable a single printer to multiple target devices accessing a vDisk. w Enabling printers for target devices using the Printers group folder. Use this method to select printer settings (enable/disable; default) for a single target device. w Enabling printers using Copy and Paste. Use this method to copy printer settings of one target device (enabled/disabled; default printer), to one or more target devices selected in the Details panel. w Enabling printers using an existing target device as a template. Use this method to automatically set printer settings when a target device is added to the network. Note: The Administrator may choose to limit the number of printers for particular target devices or select different default printers for particular target devices. The settings that are selected are saved to the target devices personality information (if the limit for this field, 65K, is reached, a message appears indicating that some of the settings will not be saved and offers suggestions for decreasing the size).
Methods for Enabling Printers on a vDisk

Choose from the following methods to enable printers on a vDisk: w Enabling printers for target devices using the Printer Settings option on page 234 w Enabling printers for target devices using the Printers group folder on page 234 w Enabling printers using Copy and Paste on page 235 w Enabling printers using an existing target device as a template on page 235
233
Chapter 18
Managing Printers
Enabling printers for target devices using the Printer Settings option
Use this method to assign a single printer to multiple target devices. This method is very useful when managing the printer-to-all target devices relationship. 1. In the Console tree, under Provisioning Servers, click the Printers group folder. All printers associated with that group appear in the Details panel. 2. Right-click on a printer in the Details panel, then select the Client Printer Settings... menu option. The printer settings dialog for that printer appears. 3. Enable or disable this printer for one or more target devices using any of the following options: In the Enable column, select the checkbox next to each target device to enable or disable use of this printer. Select the checkbox under the dialogs Enable heading to enable or disable this printer for all target devices assigned to the vDisk. 4. To select this printer as the default printer for target devices accessing this vDisk, select from the following methods: Select the Default checkbox in the dialogs Default heading to set this printer as the default for all target devices assigned to this vDisk. Highlight one or more target devices, then right-click to open the context menu. Select from the following menu options; Default, NotDefault All Default All Not Default In the Default column, select the checkbox next to each target device that should use this printer as the default printer. If there is only one printer, that printer is automatically set as the default printer. 5. Click OK to save settings for this printer and exit the dialog.
Enabling printers for target devices using the Printers group folder
Use this method to select printer settings (enable/disable; default) for a single target device. Note: After selecting printer settings for a single target device, you may choose to duplicate this target devices printer settings using the Copy and Paste features. 1. Under the target devices vDisk, click the Printers group folder in the tree. Printers that are associated with that group appear in the Details panel. By default, printers are not enabled for a target device and the first printer listed is set as the default printer. 234
Administrator's Guide 2. Select or deselect the Enable checkbox next to each printer to enable or disable the printer for this target device. You can also choose from one of the additional selection methods that follow. In the Details panel: Select or unselect the Enable checkbox within the table heading to enable or disable all printers. Highlight a printer, then use the space bar to enable or disable printers.
Enabling printers using Copy and Paste

Use this method to set the same printer settings (enabled/disabled; default printer) that exist for one target device, to one or more target devices that use the same vDisks. This method is particularly useful when adding new target devices and those target devices use the same vDisks, and therefore the same printers, as an existing target device. 1. In the Console, right-click on the target device that you want to copy printer settings from. 2. Select the Copy menu option. The Copy target device properties dialog appears. 3. Under Options, select Printers, then click OK to exit the dialog. 4. In the Tree, highlight the Target Devices directory so that all target devices appear in the Details panel. 5. Highlight one or more target devices that you want to paste the printer settings to (enable/disable; default). 6. Right-click on the highlighted target devices, then select the Paste menu option.
Enabling printers using an existing target device as a template

Use this method if you want all new target devices, that are being added to your network, to automatically share printer settings (enable/disable; default). 1. In the Console, double-click the target device that you want to select as the template. The Target Device Properties dialog appears. 2. On the General tab, select the Set as default target device option. 3. Click OK to exit the dialog.
Enabling the Printer Management Feature

Note: The Printer Management feature is only recommended if you are not using Active Directory.
235
Chapter 18
Managing Printers After assigning printers to target devices, the Printer Management feature must be enabled before any printers on the target device can be removed. Until Printer Management is enabled, all printers installed on the target device are available to the target device. Once the feature is enabled, any changes to target devices printer settings (enable/disable; default) become available the next time the target device boots from the vDisk. If the Printer Management feature is disabled and a target device boots from a vDisk that has printers installed on it, that target device has access to all printers on that vDisk. If the Printer Management feature is enabled and the target device boots from that same vDisk, that target device can only access those printers that are enabled for that target device. To enable or disable printers on a selected vDisk: 1. In the Console, expand the Provisioning Server node in the tree panel, then select the vDisk that you want printers enabled or disabled on. 2. Select File Properties from the right-click menu, then select the Options tab. 3. Under Printer Settings, select the Enable the Printer Settings checkbox option to enable settings, or leave the checkbox blank to disable printer settings. 4. If the Enable the Printer Management checkbox is selected, the Enable Printer Management menu options appear checked when the Printers group is highlighted. 5. If the Enable the Printer Management checkbox appears disabled, all printers exist on the selected vDisk. You can also choose from the following methods to enable or disable the Printer Management feature using right-click menus: Printers Group In the Tree, under Provisioning Servers, expand a Provisioning Server, then expand the vDisk for which you want to disable Printer Management. Right-click on the Printers folder for that vDisk, then select the Disable Printer Management option. Virtual Disk In the Tree, under Provisioning Servers, right click on the vDisk for which you want to disable Printer Management, then select the Disable Printer Management option.
236
Chapter 19
Logging
Topics:
Configuring Provisioning Server Log Properties Configuring Target Device Log Properties Log Files and Content Provisioning Services provides logging to help with troubleshooting and managing a Provisioning Services farm. All log file settings can be managed from the Provisioning Services Console. Settings are saved to the database as properties that are specific to each Provisioning Server or target device. Logging includes: Configuring Provisioning Server Log Properties on page 238 Configuring Target Device Log Properties on page 239 Log Files and Content on page 240
237
Chapter 19
Logging
Configuring Provisioning Server Log Properties

Provisioning Server properties include: w Level of logging (as described in the procedure that follows) w Maximum size of the log file (MB) w Maximum number of log file backup copies to retain To edit a Provisioning Servers log properties Note: Changes to target device log properties are immediate. Changes to Server log properties may take up to ninety seconds to take effect. 1. In the Console, right-click on the Provisioning Server, then select the Properties menu option. 2. On the Logging tab, select one of the following logging levels (Note: The logging levels that follow are listed from the minimum level to the maximum level of logging information that can be collected Logging levels are inclusive of previous levels. For example, if you select INFO, log information will include WARN, ERROR, and FATAL): OFF Logging is disabled for this Provisioning Server. FATAL The FATAL level logs information about an operation that the system could not recover from. ERROR The ERROR level logs information about an operation that produces an error condition. WARN WARN The WARNING level logs information about an operation that completes successfully, but there are issues with the operation. INFO Default logging level. The INFO level logs information about workflow, which generally explains how operations occur. DEBUG The DEBUG level logs details related to a specific operation and is the highest level of logging. If logging is set to DEBUG, all other levels of logging information are displayed in the log file.
238
Administrator's Guide TRACE TRACE logs all valid operations. 3. In the Max File Size text box, scroll to select the maximum size that a log file can reach. When the max file size is reached, the file is closed and an index number is appended to the file name, then a new file is created. 4. In the Max Backup Files text box, scroll to select the maximum number of backup files to retain, then click OK. The oldest log file is automatically deleted when the maximum number of backup files is reached. 5. On the General tab, enable Log events to the servers Windows Event Log to allow for logging events using the Windows Event log on the Provisioning Server that is communicating with this target device. This log includes errors that may occur after the early boot phase as well as any critical error reporting. Click OK. Note: Provisioning Server logging levels should not be set by modifying the Stream_log.config file manually (refer to Log Files and Locations) because it may cause the logging level to be out of sync.
Configuring Target Device Log Properties

Target device logging should only be turned on if there are issues with the device; logging on the device is dependant on logging being enabled on the Provisioning Server. Logging information is sent back to the Provisioning server and written to its log file. Target device log properties include setting the level of logging on the target device. To edit a target devices log properties 1. In the Console, right-click on the target device, then select the Properties menu option. 2. On the Logging tab, select one of the following options: OFF Logging is disabled for this target device. FATAL The FATAL level logs information about an operation that the system could not recover from. ERROR The ERROR level logs information about an operation that produces an error condition. WARN The WARNING level logs information about an operation that completes successfully, but there are issues with the operation. INFO 239
Chapter 19
Logging Default logging level. The INFO level logs information about workflow, which generally explains how operations occur. DEBUG DEBUG logs all system level activity. TRACE TRACE logs all valid operations.
Log Files and Content

This sections describes how to locate log files and identifies the types of information the log file contains. w Log File Location on page 240 w Log File Contents on page 241
Log File Location

Files used to manage logging and any generated log files are located in: %APPDATA% \Citrix\Provisioning Services\logs For example: C:\Documents and Settings\All Users\Application Data\Citrix \Provisioning Services\logs Log files include: Stream_log.config Note: This file should not be edited manually. Logging levels should be set through the Console. Any edits made to this file manually are lost when the Provisioning Server restarts, or when logging levels are changed using the Console. Stream.log StreamProcess.exe, StreamProcess.exe, Manager.dll, and Streamdb.dll all write to the Stream.log file. MCLI.log MCLI.exe writes MCLI logging information to MCLI.log SoapServer.log SoapServer.exe writes SoapServer logging information to SoapServer.log Console.log Console.exe writes Console logging information to Console.log 240
Administrator's Guide ConfigWizard.log ConfigWizard.exe writes Provisioning Server configuration logging information to ConfigWizard.log
Log File Contents

The content of a log file includes: w Timestamp w Logging Level w Component and method used to perform logging w Provisioning Server and target device identity (name, IP, or MAC) w Logging message with supporting data of Windows error codes when appropriate
241
Chapter 19
Logging
242
Chapter 20
Auditing
Topics:
Enabling Auditing Information Accessing Auditing Information Archiving Audit Trail Information Provisioning Services provides an auditing tool that records configuration actions on components within the Provisioning Services farm, to the Provisioning Services database. This provides administrators with a way to troubleshoot and monitor recent changes that might impact system performance and behavior. The Provisioning Services administrator privileges determines the audit information that can be viewed and the menu options that are visible. For example; a Farm Administrator can view all audit information within the farm, unlike a Device Administrator whom can only view audit information for those device collections they have privileges to. Auditing tasks include: w Enabling Auditing Information on page 245 w Accessing Auditing Information on page 245 w Archiving Audit Trail Information on page 248 Note: Auditing is off by default. Also, if the Provisioning Services database becomes unavailable, no actions are recorded. The managed objects within a Provisioning Services implementation that are audited include: w Farm w Site w Provisioning Servers w Collection w Device w Store w vDisks Only those tasks that are performed from one of the following Provisioning Services utilities are recorded: w Console 243
Chapter 20
Auditing w MCLI w SOAP Server w PowerShell Note: Tasks that are not performed using these utilities, such as booting target devices or Provisioning Servers by other methods, are not recorded. If the Provisioning Services database becomes unavailable, no actions are recorded.
244
Enabling Auditing Information

The auditing feature is disabled by default. To enable auditing: 1. In the Console tree, right-click on the farm, then select the farm Properties menu option. 2. On the Options tab, under Auditing, check the Enable auditing checkbox.
Accessing Auditing Information

Auditing information is accessed using the Console or using one of the following programming utilities: w MAPI (refer to the MAPI Programming Guide) w PowerShell (refer to the PowerShell Programming Guide) w SOAP Server (refer to the SOAP Server Programming Guide) In the Console, a farm administrator can right-click on a parent or child node in the Console tree to access audit information. The audit information that other administrators can access depends on the role they were assigned. The tree allows for a drill-down approach when accessing the level of audit information needed. Right-click on a: w Farm, to view audit information for all managed objects within this farm or to archive audit information. w Site, to view audit information for all managed objects within a site. w Provisioning Server, to view audit information for all servers within a site, or rightclick on a single server to view audit information for that server. w Collection, to view audit information on all managed objects that are members of this collection. w Store, to view audit information for all stores within a site or farm, or right-click on a single store to view audit information for that store. w Target device, to view audit information for all target devices within a site, or rightclick on a single target device to view audit information for that device. w vDisk, to view audit information for all vDisks within a site or farm, or right-click on a single vDisk to view audit information for that vDisk. To access auditing information from the Console 1. In the Console, right-click on a managed object, then select the Audit Trail... menu option.
245
Chapter 20
Auditing The Audit Trail dialog displays or a message appears indicating that no audit information is available for the selected object. 2. Under Filter Results, select from the following filter options: Option User Description To narrow the resulting audit information that displays by user, select a user to filter on from the User drop-down menu. The default is All users. To narrow the resulting audit information that displays by domains, select a domain to filter on from the Domain drop-down menu. The default is All domains.
Domain
Start date To narrow the resulting audit information that displays by date, select a start date for which the audit information should display from the Start date drop-down menu. The default is one week prior to the current date. For example, if today is the 23rd, the start date would default to the 16th. End date To narrow the resulting audit information that displays by date, select an end date for which the audit information should display from the End date drop-down menu. The default is the current date. To narrow the resulting audit information that displays by the action, such as Set Disklocator, select the action from the Action drop-down menu. The default is to display all actions. To narrow the resulting audit information that displays by the type of action, such as Disklocator, select the type from the Type drop-down menu. The default is to display all types.
Action
Type
3. Click Search. The resulting audit information displays in the audit table, which displays the following information: Note: Columns in the audit table can be sorted in ascending and descending order by clicking on the column heading. Action list number Based on the filter criteria selected, the order the actions took place. Date/Time Lists all audit actions that occurred within the Start date and End date filter criteria. Action
246
Administrator's Guide Identifies the name of the Provisioning Services action taken. Type Identifies the type of action taken, which is based on the type of managed object for which the action was taken. Name Identifies the name of the object within that objects type, for which the action was taken. User Identifies the users name that performed the action. Domain Identifies the domain in which this user is a member. Path Identifies the parent(s) or the managed object. For example, a Device will have a Site and Collection as parents. 4. To view additional details for a particular action, highlight that actions row within the results table, then click one of the option buttons that follow: Option Secondary Description Click to view information on any secondary objects that this action affected. This opens the Secondary dialog, which includes the Type, Name, and Path information. This dialog allows you to drill down to view secondary object actions such as Parameters, Sub Actions, and Changes as described below.
Parameters Click to view any other information used to process the action. This opens the Parameters dialog, which includes Name (parameter name) and Value (object name) information. Sub Actions Click it to view additional actions that were performed to complete this action. This opens the Sub Actions dialog, which includes Action, Type, Name, and Path information. Changes Click to view any new or changed values (such as Description) associated with the object (such as a target device). This opens the Changes dialog, which includes Name, Old, and New information.
Note: If an option displays disabled, that option is not valid for the currently selected action.
247
Chapter 20
Auditing
Archiving Audit Trail Information

The Farm Administrator determines how long to make audit trail information accessible before it is archived. To set audit trail archiving 1. In the Console tree, right-click on the farm, then select Archive Audit Trail.... The Archive Audit Trail dialog appears. 2. Browse for the location where audit trail information will be save (XML file). The Select File to Archive Audit Trail To dialog opens. 3. Select the location, then type the name of the new file in the File name textbox. 4. Open the calendar from the End date drop-down menu, then select the date that the audit trail information should be archived. The default is automatically set to the current date. 5. Check the Remove information archived from the Audit Trail checkbox to remove all audit information. Once the information is removed, it can no longer be accessed directly from Provisioning Services. It will only exist in the XML file. 6. Click OK.
248
Chapter 21
Managing Multiple Network Interface Cards

Topics:
Requirements and Considerations for Manufacturer's NIC Teaming Requirements and Considerations for Provisioning Services NIC Failover Provisioning Services provides the ability to run redundant networks between the servers and the target devices. This requires that both the servers and the target devices be equipped with either multi-port NICs or multiple NICs. Multiple NICs on the target device may be configured into a virtual team by using Manufacturers NIC teaming drivers, or into a failover group using the Provisioning Services NIC failover feature.
249
Chapter 21
Requirements and Considerations for Manufacturer's NIC Teaming

Provisioning Services supports Broadcom and Intel NIC teaming drivers. A vDisk that is built after configuring NIC teaming can run Standard or Private Image Mode. Note: Broadcom NIC Teaming Drivers v9.52 and 10.24b are not compatible with Provisioning Services target device drivers. 1. The targets operating system must be a server-class operating system, such as Microsoft Windows 2003 or 2008 . 2. The new virtual team NIC MAC address has to match the physical NIC that performs the PXE boot. 3. OEM NIC Teaming software should be installed and configured prior to the Target Device software. 4. Configure NIC teaming and verify that the selected teaming mode is expected by the application and the network topology. It should expose at least one virtual team NIC to the operating system. 5. During the Master Target Device installation process, Provisioning Services target device client drivers need to bind to the new virtual team NIC MAC address. If all physical NICs have been teamed up to a single virtual NIC, then the Provisioning Services installer will automatically choose the virtual NIC silently, without prompting. 6. If changes are required, Provisioning Services Target Device software must be uninstalled before making changes to the teaming configuration, and then reinstalled after those changes are complete. 7. Changes to teaming configurations on a Master Target Device that has target device software installed, may result in unpredictable behavior.
Requirements and Considerations for Provisioning Services NIC Failover

A Provisioning Services target device or Provisioning Server may be configured to support failover between multiple NICs. This feature will work with any brand or a mixture of different brands of NICs and is available in both Standard and Private Image Mode. 1. The PXE boot NIC is considered the primary target device MAC address, which is stored in the Provisioning Services database. 2. The failover group of NICs is defined when running the Provisioning Services target device installer on the Master Target Device. If the machine has more than one NIC, the user is prompted to select the NICs that the Provisioning Services drivers 250
Administrator's Guide bind to. Select all the NICs that participate in NIC failover. Alternatively, in Provisioning Services 5.1 or later, run bindcfg.exe, which is located in the installation directory, to selectively bind NICs post installation. 3. A Target Device will only failover to NICs that are in the same subnet as the PXE boot NIC. 4. In the event that the physical layer fails, such as when a network cable is disconnected, the Target Device fails over to the next available NIC. The failover timing is essentially instantaneous. 5. The NIC failover feature and Provisioning Services HA feature compliment each other, and provide network layer failover support. If the failure occurs in the higher network layer, then the target device fails over to the next Provisioning Server, subject to HA rules. 6. If a NIC fails and the target device is rebooted, the next available NIC from the failover group will be used. Therefore, these NICs must be PXE capable and PXE enabled. 7. If a virtual NIC (teamed NICs) is inserted into the failover group, the vDisk becomes limited to Private Image Mode. This is a limitation imposed by the NIC teaming drivers. 8. Load balancing is not supported in the NIC failover implementation.
251
Chapter 21
252
Chapter 22
Installing and Configuring Embedded Target Devices

Topics:
System Requirements Installing Embedded Target Devices Un-installing an Embedded Target Device Package Windows XP Embedded Build Overview Setting Up Embedded Target Devices Using the Provisioning Services components described in this chapter, it is possible to create Windows XP Embedded operating system images that can boot from a vDisk. Note: This feature is for Windows XP Embedded developers. This document assumes that you are familiar with the Microsoft Windows Embedded Studio tools including Target Designer and the Component Database Manager. For more information on the Microsoft Windows Embedded tools, please refer to the documentation provided with the Microsoft Windows Embedded Studio. Embedded Target Device consists of the following components: w ProvisioningservicesTargetDeviceSupport.sld - The Server Level Definition (SLD) file defines the components that will be incorporated into the Windows XP Embedded database for use in the XP Embedded operating systems. w ProvisioningservicesRepository - Contains all of the files used in the ProvisioningservicesTargetDeviceSupport.sld, including Provisioning Services drivers and installation utilities. These files are included in an XP Embedded build containing Provisioning Services components.
253
Chapter 22
System Requirements
w Windows XP Embedded with the latest service pack. w In order to build Windows XP Embedded operating systems, Microsoft Windows Embedded Studio must first be installed. w The target device must meet the Windows XP Embedded system requirements. It is recommended that a Windows XP Embedded operating system be built first on the desired embedded target device to ensure OS compatibility and to resolve any OS specific issues (such as driver requirements). w Each embedded target device must also meet the target device requirements outlined in the Provisioning Services Installation Guide. w A local drive must exist on a target system during the initial XP Embedded operating system build process. This is necessary to allow Microsofts First Boot Agent to run and finish your XP Embedded image setup. Once the image is complete and the XP Embedded disk image has been copied to the vDisk on the Provision Server or on shared network storage, the local disk can be removed (if desired). w The maximum size of the vDisk is 2 terabytes.
Installing Embedded Target Devices

Installation of Embedded Target Device components is done through the Provisioning Services Installation Wizard. 1. Close all Windows and Embedded Studio tools that may be open (Target Designer and/or Component Designer). 2. When the Provisioning Services Installation Wizard is run, components used to build Provisioning Services into an XP Embedded operating system are installed by default. Run the Component Database Manager from the Microsoft Start menu. 3. Select Programs>Microsoft Windows Embedded Studio. 4. Select the Database tab, and then click the Import button. 5. On the Import SLD screen, point the SLD file field to the ProvisioningservicesTargetDeviceSupport.sld in the destination directory created by the Provisioning Services installation. Select the desired root destination (typically there is only one choice), and then click the Import button to start the importing process. 6. Exit the Component Database Manager. The Embedded Target Device support components will now be available in Target Designer under the Software: System: Network & Communication component group. The Embedded Target Device support macro component causes all necessary Provisioning Services components to be included during dependency checking.
254
Un-installing an Embedded Target Device Package

1. Select Start>Programs>Microsoft Windows Embedded Studio. 2. Select the Package tab. 3. Under Available Packages, select the Provisioning Services Embedded Target Device package, then click the Delete Package button. 4. A Confirmation Delete Package dialog appears, displaying all Provisioning Services components. Check the Delete all Provisioning Services Database files option, and click Yes. 5. Select the Group tab. 6. Under Available Dependency Groups, select Provisioning Services Component Group, then click the Delete Dependency Group button. 7. Go to Control Panel>Add/Remove Programs, select Provisioning Services, and click Change/Remove to uninstall the program.
Windows XP Embedded Build Overview

To fully understand how Provisioning Services gets incorporated into a Windows XP Embedded operating system, it is first necessary to understand how a Windows XP Embedded operating system is built. The illustration below outlines the major phases of a Windows XP Embedded operating system build process. Note: For more information on building an XP Embedded operating systems, refer to the Windows XP Embedded Platform documentation provided with the Windows Embedded Studio tools.
255
Chapter 22
256
Administrator's Guide Provisioning Services installation occurs in two phases. Phase one occurs when the operating system is built with Target Designer. All necessary files and non-devicespecific components are installed in the target operating system. Phase two occurs the first time the Windows XP Embedded operating system boots. At this time, all device-specific installation steps are performed. This second phase cannot occur until after the First Boot Agent has completed and the full operating system is up and running. Note: If automatic installation was turned off to remove the dependence on the Explorer shell component, it will be necessary to manually run the second phase of the installation process. Once the XP Embedded Image with Provisioning Services support is fully up and running, it can be imaged onto the embedded target devices vDisk, after which the embedded target device can be booted virtually. Note: Provisioning Services require that at least one of the target systems have a physical disk for the creation of the initial XP Embedded operating system. After the operating system is built and transferred to a vDisk, the target systems physical disk can be removed (if desired).
257
Chapter 22
Setting Up Embedded Target Devices

1. Transfer the built XP Embedded Image to the XP Embedded partition on the embedded target device. 258
Note: The embedded target device must be configured to be bootable by XP Embedded. To do this, run the BootPrep utility provided by Microsoft. For more information on preparing target media to boot Windows XP Embedded, refer to Building a Run-Time Image in the Microsoft Windows XP Embedded Help. 2. Change your embedded target devices BIOS setting to boot Network first, then boot the embedded target device. 3. The XP Embedded Image will run through the Microsofts First Boot Agent (FBA), and complete the setup of the XP Embedded Operating system. Note: By including the "Network Command Shell" component, the embedded target device can be configured to use a static IP address from the command line (using netsh.exe). For more information on the Network Command Shell, refer to the following web page: http://www.microsoft.com/technet/prodtechnol/winxppro/ proddocs/netsh.asp If the XP Embedded Image was created with Automatic installation turned off, or with a shell other than the Explorer Shell, Provisioning Services installation will have to be completed manually. This can be done by running bnSetup.bat located in the C:\Program Files\Citrix\Provisioning Services directory. If the command prompt component (CMD - Windows Command Processor) was not included in the build, you may have to run the commands in the batch file manually. Note: The batch file BNSetup.bat will reboot your system. 4. Prepare your embedded target device. Once the XP Embedded Operating system is completely up and running an additional local disk appears on the device. This disk is the vDisk associated with the embedded target device and is actually located on a Provisioning Server.
259
Chapter 22
260
Glossary
AutoUpdate A command-line utility that is used to create a delta file when incrementally updating a vDisk. Boot Device Manager (BDM) A utility used to create boot devices that have the bootstrap and IP information preinstalled; enabling a target device to boot over the network without the use of PXE or DHCP. Boot Services A set of network boot services that can be used to get the boot information necessary when booting a target device from a vDisk, including PXE, TFTP, and BOOTP. BOOTP An IP/UDP bootstrap protocol (BOOTP), which allows a target device to discover its IP address and other IP configuration parameters. BOOTPTAB BOOTPTAB is the backend table that maps a target devices MAC addres to the IP address assigned by the administrator. Common Image Feature A feature that allows a single vDisk image to work for target devices using network interface cards that vary. Device Administrator Device Administrators manage device collections within a site. Device Collection A logical grouping of devices. For example, a device collection could represent a physical location, a subnet range and a logical grouping of target devices. A target device can only belong to one device collection. Device Operator Device Operators can view the properties of vDisks and target devices and, boot or shut down target devices within a device collection. Disk Maintenance Mode Marks a vDisk as currently under maintenance and unavailable to target devices. Only a Maintainer Device can have a vDisk streamed to it when that vDisk is in maintenance mode; simular to working in Private Image Mode. However, versions of a vDisk that are not under maintenance can still be streamed. Disk Store (Store) A logical name given to a physical storage location for vDisks. The store is used by one or more Provisioning Servers within a farm to refer to a shared storage location. vDisk Pool The collection of all vDisks available to a site. There is one vDisk pool per site.
261
Glossary Domain An Active Directory domain as defined by Microsoft. Dynamic Host Configuration Protocol (DHCP) A protocol used for assigning IP addresses and other IP parameters to devices on a network. EULA End-User License Agreement. Farm Administrator A farm administrator can view and manage all objects within a farm. Farm administrators can also create new sites and manage role memberships throughout the entire farm. High Availability Feature (HA) A Provisioning Services environment in which at least one Provisioning Server is configured as a backup should the primary Provisioning Server fail for any reason. If the connection between a targetdevice and a Provisioning Server is lost and HA is enabled, the connection will failover to the secondary Provisioning Server. IPSEC Internet Protocol Security. Master Target Device A target device that has Provisioning Services device software installed, and from which a hard disk image is built and stored on a vDisk. Provisioning Services then streams the contents of the vDisk created from the Master Target Device to other target devices on demand. Maintainer Device A target device that is designated as a maintainer device, has the ability to stream a vDisk that is currently in maintenance mode. In contrast, non-maintainer target devices are not able to stream a vDisk in maintenance mode; instead, they stream the highest numbered versioned vDisk that is available. In order to prevent confusion and unexpected results, a maintainer device is only capable of booting images that are in maintenance mode. There is not a hard link between maintainer devices and disks in maintenance mode. As long as the disks are assigned to the devices and the maintenance bits are the same, the target devices can boot the disk in private image mode. MMC The acronym for Microsoft Management Console. Non-versioned vDisk A single vDisk, VHD file, with no differencing disks associated to it. Switching the vdisk to Private Image Mode will enable the VHD file to be updated directly, without creating a new version of the vDisk. However, the first time a vDisk is placed into maintenance mode, it becomes a versioned vDisk.
262
Administrator's Guide Optimization Utility A command-line utility used to apply several settings to your hard drive or vDisk, that configures Windows to perform at optimal performance when running from a vDisk. Preboot Execution Environment (PXE) Service An optional software service that can deliver the boot file name and location to target devices. Provisioning Services Console (Console) A management console utility used to manage configuration settings for target devices, Provisioning Servers, and vDisks. Provisioning Services database (database) Repository of configuration settings for Provisioning Servers, target devices, and vDisks. Provisioning Services Farm A group of Provisioning Servers that share the same database. Role A set of defined permissions that can be assigned to a farm, site, and collection. Role Based Administration The method of administration that limits the administers management permissions to those defined in the assigned role. Site A container that groups a vDisk Pool, Provisioning Servers and Device Collections. A site can represent a physical or logical location. Store A store is the logical name for the physical location of the vDisk folder that can exist on a local server or on shared storage. Stream Service The software service that transfers software between a target device, its vDisk, and write cache. Target Device A device, such as a desktop computer or server, that boots and gets software from a vDisk on the network, by communicating with a Provisioning Server. Target Device Optimization Utility A command-line utility used to apply several settings to your hard drive or vDisk that, when used, configures Windows to perform at optimal performance when running from a vDisk. User Datagram Protocol (UDP) The primary protocol used by Provisioning Servers. User Groups User groups provide Farm and Site Administrators with the ability to create and manage groups of users based on existing Active Directory or Windows groups.
263
Glossary VHD Collapse When a VHD stack becomes too large, it can cause performance issues for those target devices accessing it. To improve performance, collapse the VHD stack into fewer differencing disks. VHD Differencing Disk (Snapshot) A differencing disk contains the changes made to a VHD, without changing the VHD. In the storage industry similar concepts include thin cloning and snapshots. In Provisioning Services, each version of a VHD is considered a version. The base VHD file is represented by version 0 (baseVHD.0) and each subsequent differencing disk will have an incrementing version number (baseVHD.n+1). VHD Stack A series of one or more VHD differencing disks that are associated to a single base VHD disk. View A logical grouping of target devices within a farm or site, for the purpose of simplify device administration. A view can represent target devices spread across multiple sites and device collections. A target device can belong to any Virtual Disk (vDisk) A file that is accessible to a Provisioning Server and is used to emulate a hard drive for a target device. Versioned vDisk A vDisk that has one or more VHD differencing disks referencing a single base VHD file. This is also referred to as a VHD stack. A versioned disk is created from a nonversioned disk by enabling maintenance mode. Every time maintenance mode is enabled, a new version is created. Write Cache Mode The cache option selected to store a target devices disk writes when using a writeprotected vDisk. The write cache can reside on the Provisioning Server, on shared storage, in the target devices RAM, or on the target devices local hard drive. XenConvert Utility A utility that can copy the contents of a hard disk to a vDisk, or from a vDisk to a hard disk.
264

Citrix Provisioning Services 5.6 SP1 Administrator&#39;s Guide

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Citrix Provisioning Services 5.6 SP1 Administrator&#39;s Guide

Uploaded by

Copyright:

Available Formats

Administrator's Guide

Citrix Provisioning Services 5.6 SP1 October 2010 Revision 1

2010 Citrix Systems, Inc. All rights reserved.

Provisioning Services Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Participating in Citrix Education and Training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Product Technology Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Using the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Managing Farms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Managing Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Managing Administrative Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Managing Provisioning Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Managing vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

10 Managing Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131

11 Managing Device Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155

12 Managing User Assigned vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169

13 Managing Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175

14 Managing Network Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181

15 Managing for Highly Available Implementations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

16 Managing Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213

17 Managing Bootstrap Files and Boot Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221

18 Managing Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

21 Managing Multiple Network Interface Cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249

22 Installing and Configuring Embedded Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Provisioning Services Product Overview

Provisioning Services Streaming Technology

Provisioning Services Solution

Provisioning Services Editions

Provisioning Services Product Overview

Benefits and Features

Benefits for XenApp and other Server Farm Administrators

Benefits for Desktop Administrators

Software-Streaming Process Overview

Provisioning Services Product Overview

Provisioning Services Product Infrastructure

Provisioning Services Farm Hierarchy

Additional Provisioning Services' Product Components

Provisioning Services Database

Provisioning Services Product Overview

Provisioning Services Product Overview

Provisioning Services Administrator Roles

Provisioning Services and Resources

Provisioning Services Documentation

Getting Service and Support

Getting the Subscription Advantage

Locating the Citrix Developer Network

Participating in Citrix Education and Training

Product Technology Overview

Product Technology Overview

Getting the Boot Program

Network Booting a Target Device

Product Technology Overview

Booting From an Optional Boot Device

Provisioning Services vDisk Modes

Standard Image Mode

Private Image Mode

Product Technology Overview w Each vDisks application stack must be maintained.

Difference Disk Image Mode

Write Cache Modes

Cache on a Server Disk

Cache in Device RAM

Cache on Device Hard Drive

Product Technology Overview

Using the Console

Citrix Provisioning Services 5.6 SP1 Administrator's Guide

Citrix Provisioning Services 5.6 SP1 Administrator's Guide