Citrix Storefront 2.5 and Single Sign on:

March 26, 2014 7 comments

image-01-535x535With the release of XenDesktop / XenApp 7.5, Citrix Storefront has brought back a very sought after feature, Single sign on for local credentials to the storefront site!

Citrix Storefront SSO can be the default configuration or a choice can be given to the user if you select more than one authentication type as below:

 

storefront auth choice

 

 

 

Desktop appliance site: (Slight deviation, bear with me).

 

An interesting addition to storefront in 2.5 is a desktop appliance site is installed by default. Richard covers what a desktop appliance site really well in this article for the current release of storefont here. It’s worth noting the desktop appliance site is running the older storefront code base and does not currently support single sign on, strangely.

 

 

 

Back on topic!

 

Below is a quick guide on how to get it working and any interesting features along the way, I’ve broken this piece down into three parts:

 

XenDesktop Delivery controller configuration:

 

on each delivery controller accessible by the storefront site, run the following two commands:

broker xml trust level

 

Client Configuration:

 

(Shawn Bass did alot of the hardwork here for me, so a thank you for that!)

when installing the client, you can enable the single sign on features with the following command line:

CitrixReceiver.exe /includeSSON /ENABLE_SSON=Yes /silent STORE0="Store;https://yourservername.yourdomain.com/Citrix/Store/discovery;on;Store"

 

Once this is complete, add the storefront url to the trusted sites for the user, then add the following setting to the trusted sites zone:

 

local zone settings

 

Once complete, open group policy on the local machine (or active directory group policy) and import the icaclient.adm file, the typical path is below for convenience:

x86:

C:\Program Files\Citrix\ICA Client\Configuration\icaclient.adm

x64:

C:\Program Files (x86)\Citrix\ICA Client\Configuration\icaclient.adm

 

Once you have imported this adm file, configure the following values in the LOCAL MACHINE configuration*

*the policies dont work in user mode, oddly.

Configure the authentication policy:

 

group policy

Configure the web interface authentication ticket settings also:


group policy2

 

 

 

Now reboot the machine and log in, ensuring SSONSVR.exe is running in task manager.

 

Storefront Configuration:

 

I’m going to go ahead and assume you’ve already installed storefront, so lets start from there.

 

Make your way down to the ‘Authentication’ tab choose add/remove methods and select domain pass-through as an authentication type:

 

add domain pass-through option in storefront config

 

Note the warning, the receiver for web will also need some configuration, so that’s our next step:

 

highlight change needed on storeweb

 

Make your way down to your ‘receiver for web’ tab and select ‘Choose Authentication Methods’:

 

add auth method to storeweb

 

 

 

 

As you can see above, domain pass-through is now an option, with a nice little warning:

 

storeweb passthrough warning

 

 

Note: if you don’t want SSO to be optional, don’t publish additional authentication types on this storeweb.

 

Testing:

The quickest way to test is to go right ahead now and use the storefront in anger, but if you’re the cautious type Storefront 2.5 includes a subdirectory called DomainPassthroughAuth/test.aspx. if you browse to this site from a configured machine, you should see the following screen.

 

 

passthrough auth test site

 

 

if you are prompted as below, or see any of the following errors, go back a few steps and check what you missed:

 

sso test fail via website

 

and the following error’s mean you’ve gotten the configuration wrong on the client side:

 

no trusted submit

no logon methods error - pass creds not set

 

and that’s it, happy sso’ing!

 

HDXWatcher and PCOIPWatcher – Realtime, easy virtual desktop traffic reporting.

February 24, 2014 13 comments

logoWhen checking the bandwidth requirement of multimedia sites, checking how much additional bandwidth video conferencing is going to require or even troubleshooting WAN capacity issues, it’s extremely useful to have a visible interpretation of realtime bandwidth consumption from your virtual desktop.

I wrote a tool quite some time ago called watcher2 while troubleshooting a similar issue. I finally took the time to refactor that tool for use with XenApp 6.5 , XenDesktop and VMware View and they are finally available to download! Both watcher utilities also include a latency counter which was a request that came in over and over.

HDX and PCOIP watcher by default dock to the top of the screen and can be moved left or right as below:

hdx watcher docked

pcoip watcher docked

They can now also be completely un docked:

hdx watcher

pcoip watcher undocked

How do they work?

The tool finds your username in the performance monitor counters for session bandwidth, once it finds this entry it reads your performance monitor data once every second and reports on it.

In the case of PCOIP watcher, it reads the PCOIP counters from performance monitor.

what do the values mean?

All values are in either Kilobits per second or Megabits per second.

In = Traffic from the client to the virtual, this may spike during large copy / paste jobs,web cams or copying data from a usb key to the session:
Out = Traffic from the virtual desktop to the client, mainly audio or video traffic causes this to spike.
Latency = The delay between your client and the virtual desktop.

Can I Configure it?

Two thresholds are available, a yellow warning and a red warning, currently . These default values can be written to  HKCU\software\sessionmonitor or HKLM\software\sessionmonitor. E.G:

Do they have any dependencies?

.net framework 3.5

if you are running XenApp 6.5 or XenDesktop 5.6, ensure you have the latest hot-fixes installed or the counters may be incorrect.

How do I launch it?

Allow the user to run it manually, or place the executable in their start-up folder or login script.

Where Can I download it?

Here:

What’s coming next:

  • Native Microsoft RDP Counters.
  • Realtime graphs and recording.
  • source code is available on request.

Citrix reverse seamless application deep dive presentation:

November 2, 2013 Leave a comment

Ilogo recently delivered a presention to the Dutch Citrix User Group and E2EVC on the new technology release by Citrix called ‘Local App Access’.

In this post you will find the presentation deck and two utilities I have written for this technology to help empower the user to configure settings.

Synopsis:

As I mentioned in my presentation, this technology is really cool, but it needs work. For a 1.0 it’s very promising but we need to use it in anger and log the bugs with Citrix to get them fixed. This technology  alike Citrix remote PC is not a silver bullet, but it is a very useful utility in your toolbox for concentrating on the low hanging fruit during a migration.

Don’t let a single user or application in a department hold up user migrations by using this technology to keep the application local until you have time to come back to it.

Question: “You mentioned there’s a work around for getting ‘local app access’ to work without requiring desktop viewer?”

Yes, I’m a complete eejit, in both sessions I told you I would show you a way to get around this…. Then completely forgot! To get this working without needing desktop viewer, rename the cdviewer.exe executable in the ica client program folder to something else!

Presentation:

Click to Download.

 

Reverse seamless VDI helper:

revSeamlessVDIhelper

with the reverse seamless VDI helper tool, you can present this application to users In their virtual desktop to allow them to manage which applications are presented to their virtual desktop without having to lead the user through the registry.

Click to Download.

 

Revere Seamless local desktop helper:

revSeamlessLocalHelper

with the reverse seamless local desktop helper tool, you can distribute this tool out to your users to control which folders from which shortcuts are brought up to the virtual desktop.

click to Download.

 

Source code:

Because life is about education, here’s the source code if you want to expand it yourself:

Click to Download

XenDesktop Iconizer, a new tool for XenDesktop icons.

September 26, 2013 1 comment

Recently I read a post from XD Tipster on how to convert Png files into icons and use them for XenDesktop and Storefront… A very interesting piece, but a bit convoluted and long winded for my liking. I didn’t like the idea of the two website hops to get this information into XenDesktop format… So I decided to write two utilities:

icons

 

Iconizer:

 

iconizer

 

Iconizer Converts png files (with transparency supported) to an Ico file format , then in turn converts it To a Base 64 String.

You can send the data to the clipboard or import directly into XenDesktop if you have the powershell tools available.

 

added

 

It’s very simple, I wont bore you with the details, just convert and import. then map with powershell:

 

seticon

 

Reverse Iconizer:

 

reverseiconizer

 

I’m sure you can guess, takes the massive string of information stored in base64 and gives you a visual representation.

An example command line of how to do this is below:

 

poshtoclipreverse

 

Hey wait?

 

Why didn’t you integrate both of these?

Well it seems .net and Powershell have a limit on the data (string length) it can pull out of the pipeline. The default Citrix icon is close to 20,000 characters and results in you being unable to pull this data from powershell directly to .net. WIth great help from http://www.jonathanmedd.net/  we found that, yep the console does seem to have a roughly 8k char limit… Sure I could parse it to a file or the clipboard, but that was messy and frankly, I really couldn’t be arsed.

If you are up to the challenge I’ve got the source code for forward and reverse of the icon data below. I’ve also got a half assed attempt at creating a list… So fill your boots and take up the challenge if you wish.

 

Download:

 

As with most of my utilities the download links and source code are below, and a few icons to get you going:

System-Windows-icon Windows8

Download utilities.

Download Source Code.

Categories: Tools, XenDesktop Tags: , ,

Announcing the ThinKiosk v4 Release

September 12, 2013 Leave a comment

ThinkioskReflection

Thinkiosk Version 4.0 is the culmination of 9 months hard work, rebuilding ThinKiosk in a new development style to include the enterprise features many of you requested, adding a management server, secure key redirection technologies, local group policy control and a number of other features. After weeks of rigorous testing we’re delighted to announce the availability of ThinKiosk version 4… Today!

With the release of Version 4.0 we’re lifting the cloak on the company we’ve setup in order to support and further develop ThinKiosk, ThinScale Technology. We’ve set up ThinScale as a little software company to publish applications to the virtualisation community, tackling the smaller issues and annoyances we face day to day as consultants and administrators. More clever little products are in the pipeline, but for now enough about the company!

ThinKiosk Versions:


The largest change around ThinKiosk 4.0 is the version introduction. ThinKiosk will ship in two editions, Enterprise edition and Community edition. Remko and I took a look at the product back in October last year and identified area’s that the project needed investment in order to reach and fulfill it’s full potential. We also noted that a number of customers really wanted the support and functionality offered by a professional product. After much deliberation we took the decision at that point to invest the time and resources into the product to ensure it fulfils it’s potential, this in turn justified the need for a chargeable Enterprise product.

 

ThinKiosk Community Edition.

  • The community edition is free and will always remain free, we want to make sure the community will always have the benefit of the product.
  • The Community edition is still one of the most powerful Windows alternatives on the market, including paid for products.
  • The Community edition is an extremely powerful piece of software with one or two limitations in comparison to the Enterprise product.
  • The Community edition will receive functionality from the enterprise edition over time.

We’re extremely proud of the community edition and we do recommend it if you do not require the functionality of the Enterprise Version.

 

Enterprise Edition.

ThinKiosk Enterprise Edition will include all the current functionality you know and use in ThinKiosk, along with loads of additional features and benefits. The enterprise version of ThinKiosk delivers far more value than the competitor products and from a functionality perspective beats them hands down even in its first release.

An exact side by side comparison can be found along with pricing and details on the ThinScale Licensing page.

Some of the New goodies are listed below!

 

Central Management:

ThinKiosk 4.0 new central management server. With this central management console, you can:

  • Manage off domain machines.
  • Push updates.
  • Perform remote power commands.
  • Remote Control end users.
  • Report on your current ThinKiosk hardware.
  • and much more.

 

MagicFilter:Magic Filter

Allow me to introduce our new ‘dynamic key pass-through technology’ MagicFilter. Magic filter will now block local Ctrl + Alt + Del and windows + L keystrokes and “magically” send them on to the remote desktop environment as if the user is working locally. This gives the user an immersive, native feeling desktop experience from the ThinKiosk client.

We are extremely proud to say we are the only Windows Thin Client vendor on the market who can do this.

 

Integrated Browser:Intergraded browser

ThinKiosk 4.0 is a fully fledged browser, so you can allow your users access to web resources without compromising on security. You can layer in as many bookmarks as you like to the browser or you can simply allow the users to browse the sites they wish via the address bar.

 

And so much more!

I covered a lot of the functionality previews back in April in the feature teaser.

 

Want to learn more?

Remko and I will be doing a webinar with the good folks over in www.xenappblog.com next week, sign up to hear our story and get some insider information on the product road map!

 

And without further ado:

I’ve taken enough of your time for now, to jump right in click the download button below and we’ll send you everything you need to get started.

Update to AppV launcher for Version 5

Just a quick note to say I’ve updated the AppV launcher tool to support Appv 5.

appv5

 

The app-V launcher tool is a self contained executable which lists your installed App-V packages and allows you to launch an executable in that virtual applications environment. This is particularly useful if you or your admins / users are not PowerShell friendly or you would prefer to not publish PowerShell scripts as programs.

You can get a copy of the latest version and/or it’s source code over here.

As an added benefit I’ve included source code for running PowerShell commands in .Net, so if you are interested in trying to do so grab the source code!

Follow

Get every new post delivered to your Inbox.

Join 2,057 other followers