Archive

Archive for the ‘Virtual Desktop Infrastructure’ Category

Briforum 2014: Thin Client myth debunking and general discussion.

May 20, 2014 1 comment

downloadThat was an AWESOME day! well worth the early flight and late flight in one day.

I had the pleasure and privilege to present a session on Thin Clients, debunking the myth’s associated and also talking about the industry as a whole with none other than the rockstar that is Shawn Bass.

In our session, as two consultants in the virtual desktop industry who have spent quite a bit of time in the trenches with Thin Clients recently, we tried to document some of the myth’s, falsities and pitfalls related to choosing and deploying the correct thin client.

Below you will find a link to the slide deck and the rough flow chart I made to consider using as a template and further building upon,  particularly when your customers (or sales people) decide to try to implement Thin Clients. This flow chart is not gospel and you will note the reoccurring theme throughout the presentation is as follows:

  • There is no nirvana device.
  • Agree and commit to the dependencies up front before even considering a model / operating system.
  • Don’t treat the decision of what client to deploy lightly.
  • Don’t trust everything you have heard.
  • Watch out for the typical pitfalls that have burned us or our customers before.

Download Link.

Thank you very much to BriForum, Shawn and TechTarget for an awesome day. I will definitely be attending and recommending BriForum in future to both customers and consultants.

Announcing the ThinKiosk v4 Release

September 12, 2013 Leave a comment

ThinkioskReflection

Thinkiosk Version 4.0 is the culmination of 9 months hard work, rebuilding ThinKiosk in a new development style to include the enterprise features many of you requested, adding a management server, secure key redirection technologies, local group policy control and a number of other features. After weeks of rigorous testing we’re delighted to announce the availability of ThinKiosk version 4… Today!

With the release of Version 4.0 we’re lifting the cloak on the company we’ve setup in order to support and further develop ThinKiosk, ThinScale Technology. We’ve set up ThinScale as a little software company to publish applications to the virtualisation community, tackling the smaller issues and annoyances we face day to day as consultants and administrators. More clever little products are in the pipeline, but for now enough about the company!

ThinKiosk Versions:


The largest change around ThinKiosk 4.0 is the version introduction. ThinKiosk will ship in two editions, Enterprise edition and Community edition. Remko and I took a look at the product back in October last year and identified area’s that the project needed investment in order to reach and fulfill it’s full potential. We also noted that a number of customers really wanted the support and functionality offered by a professional product. After much deliberation we took the decision at that point to invest the time and resources into the product to ensure it fulfils it’s potential, this in turn justified the need for a chargeable Enterprise product.

 

ThinKiosk Community Edition.

  • The community edition is free and will always remain free, we want to make sure the community will always have the benefit of the product.
  • The Community edition is still one of the most powerful Windows alternatives on the market, including paid for products.
  • The Community edition is an extremely powerful piece of software with one or two limitations in comparison to the Enterprise product.
  • The Community edition will receive functionality from the enterprise edition over time.

We’re extremely proud of the community edition and we do recommend it if you do not require the functionality of the Enterprise Version.

 

Enterprise Edition.

ThinKiosk Enterprise Edition will include all the current functionality you know and use in ThinKiosk, along with loads of additional features and benefits. The enterprise version of ThinKiosk delivers far more value than the competitor products and from a functionality perspective beats them hands down even in its first release.

An exact side by side comparison can be found along with pricing and details on the ThinScale Licensing page.

Some of the New goodies are listed below!

 

Central Management:

ThinKiosk 4.0 new central management server. With this central management console, you can:

  • Manage off domain machines.
  • Push updates.
  • Perform remote power commands.
  • Remote Control end users.
  • Report on your current ThinKiosk hardware.
  • and much more.

 

MagicFilter:Magic Filter

Allow me to introduce our new ‘dynamic key pass-through technology’ MagicFilter. Magic filter will now block local Ctrl + Alt + Del and windows + L keystrokes and “magically” send them on to the remote desktop environment as if the user is working locally. This gives the user an immersive, native feeling desktop experience from the ThinKiosk client.

We are extremely proud to say we are the only Windows Thin Client vendor on the market who can do this.

 

Integrated Browser:Intergraded browser

ThinKiosk 4.0 is a fully fledged browser, so you can allow your users access to web resources without compromising on security. You can layer in as many bookmarks as you like to the browser or you can simply allow the users to browse the sites they wish via the address bar.

 

And so much more!

I covered a lot of the functionality previews back in April in the feature teaser.

 

Want to learn more?

Remko and I will be doing a webinar with the good folks over in www.xenappblog.com next week, sign up to hear our story and get some insider information on the product road map!

 

And without further ado:

I’ve taken enough of your time for now, to jump right in click the download button below and we’ll send you everything you need to get started.

The (not so) wonderful world of Lotus Notes in SBC & VDI, Guide Updated.

Just a quick note to say I’ve updated the original Guide to Lotus Notes in SBC / VDI environments with another 2 years of begrudging, pain and bug fixes.

A link to the updated article is here. Best of luck!

A

ThinKiosk 4.0 preview and feature teaser:

May 23, 2013 42 comments

ThinkioskReflection

Everyone having a Good Citrix Synergy week? Some great new products announced! Ready for more announcements?

Great!

After 5 months of coffee, tears of frustration and hair pulling we’re absolutely delighted, thrilled and relieved to announce ThinKiosk 4.0 is nearly ready. Complete with my new partner in crime Remko Weijnen (I’ve been saying ‘we’ for ages, now you know who… awesome eh?) we’ve worked some long nights to get this version out the door.

With that out of the way, we’re proud to announce some of the new features coming in 4.0. Bear in mind this is just a preview, the final features and details of the product are still being hammered out, but below is a taster of some of the functionality you can expect to see shortly.

 

Back to the drawing board:

ThinKiosk 4.0 is a complete rewrite and refactor of ThinKiosk. It’s built on the 4.0 .Net framework which has brought a lot of simplicity and new features to our tool-set. ThinKiosk 4.0 was built with three main aims:

  • Enterprise Ready.
  • Fool Proof.
  • Secure by Design.

With ThinKiosk 4.0, your setup time will go from days to minutes. Out of the box, ThinKiosk is ready for the following technologies without any local machine tuning:

  • Citrix XenDesktop / XenApp.
  • Citrix VDI in a Box.
  • VMware View.
  • Microsoft Remote Desktop Services.

For the exact details of each of these optimizations, follow the subsequent blog posts / documentation.

 

New Look and Feel:

Without further ado, lets start with the new look and feel:

mainWindow

ThinKiosk 4.0 has also been built on the industry leading graphical interface DevExpress giving us a really shiny, professional and sleek interface. Finally giving us an Interface we can be proud to put on your desktops.

ThinKiosk’s interface has been further improved giving you an Applications tab for Publishing desktops for VMware View, Microsoft Remote Desktop services or Citrix Desktops via ICA file or local applications.

appscreen

This Applications tab has been modelled after the windows 8 Metro err, I mean Windows 8 UI. This provides a similar look and feel to the new Windows start menu and it really breathes new life into old hardware. With this tab, you can publish shortcuts to VDI Desktops or local applications making it a one stop shop for applications.

You can flick from one tab to another easily, or disable the one you do not wish to use.

 

It’s all about the customization!

Beauty is in the eye of the beholder right? Agreed!

Themes:

 ThinKiosk 4.0 will ship with over 8 themes and wallpapers, customization of the splash screen, buttons… everything!

foggy black office 2010 black Office 2010 Blue Office 2007 Pink office 2007 Green

The Applications tab can also be completely customized to your tastes:

cust

 

 

Lock down:

As with Previous versions of ThinKiosk, every button and object in ThinKiosk can be locked down to exactly what you wish, for example here’s a stripped back browser session:

lockdown browser

 

Or a stripped back application window:

 

lockdownapps

Anyway… Enough about the appearance, Lets talk tech!

 

Introducing the new ThinKiosk Broker Service and Management console:

tkbroker

The ThinKiosk Broker, Management Console and ThinKiosk clients use an all new ThinKiosk TCP protocol (I never ever, ever want to see a tcp socket again for as long as I live, writing this protocol was a killer!) to allow you to centrally manage, catalog and report on your ThinKiosk devices. The protocol is lightening fast and secure by design.

This new framework will form a long blog post itself, but some quick fire information is below:

  • Complete off domain management.
  • Auto device registration, just point ThinKiosk at the broker and it will check in and download the default profile.
  • Remote Control / Shadowing of end point devices via the console.
  • Device Grouping for profiling multiple devices or creating an organisation structure.
  • Remote actions (power off, restart, update).
  • Device Reporting.
  • No Enterprise database software necessary.
  • Audit logging.

Unlike other Thin Client protocols and software, ThinKiosk does not accept any inbound connections, in user or system context. Removing the ability to hijack thin clients… which is all too possible with certain vendors!

The console is simple, and quick to navigate:

MC

Installation of the broker takes roughly 5 minutes and is ready to serve your Devices as soon as you configure the default profile.

 

New Profile Handler:

The ThinKiosk client has received an overhaul and with it we’ve streamlined the profile. ThinKiosk no longer requires group policies or the clunky offline config tool, we have a new profile system based on XML files with a fitting profile editor to match:

profile editor

No more configuring 5 group policies for one url, the new policy manager is clean, self explanatory, full of new functionality and uses the same interface whether you are using the ThinKiosk management console or modifying the local profile.

If you want to still use group policy to deploy configuration? No problem! just drop the file on the client via group policy preferences!

 

And the Client!

Lets talk about the 4.0 client.

 

Supported platforms:

Windows XP – Windows 8

 

Browser Ahoy!

browser

ThinKiosk is now a fully fledged browser, complete with address bar. If you want to allow your users to browse around, now you can.

 

Browser improvements:

The ThinKiosk 4.0 browser will:

  • Supress scripting errors.
  • Allow you to add your sites to the trusted sites via policy.
  • Auto tunes the browser for VDI portals.
  • Auto circumvent silly SSL untrusted or mismatched errors (great for POC’s *cough* VDI in a Box *cough*)
  • ThinKiosk now runs as an Internet explorer executable. No more flicking between iexplore.exe and thinkiosk.exe.

 

VDI Improvements:

Now to the nuts and bolts!

 

Local login pass through:

Now that you have the ability to add direct VDI connections. ThinKiosk will handle the log in experience and pass the credentials to the responsible technology:

login

This integration allows ThinKiosk to better manage the desktop experience and provide your users with a single login pane rather than the recurrent login screens you can experience with Microsoft / Citrix file connections.

These connection files can also be auto launched, to remove that pesky click first thing each day.

 

Citrix Technologies:

  • Log off screen redirection for Web interface, storefront and VDI in a box.
  • Log off the web portal when a desktop launches for the above platforms.
  • Support for Adding ICA file connections.
  • Auto configuration of Single sign on from local pc to remote desktop. (Nightmare previously).
  • VDI in a Box auto browser tuning for compatibility.
  • Optionally disable the Citrix Desktop viewer (CDviewer.exe).

 

VMware View:

  • Support for publishing multiple pool connections
  • Support for publishing multiple direct desktop connections.
  • Support for PassThrough.
  • Disables Certificate checking by default for quick POC’s.
  • Pass through ctrl alt del / Windows + l (more on this later).

 

Microsoft Remote Desktop Services:

  • Support for publishing multiple connections.
  • Support for 2012 RDS and VDI.
  • SSL Certificate warning suppression.
  • Support for login once.

 

Improved local application handling:

ThinKiosk 4.0 has an improved local application engine, When you add an application to the Applications tab, it will automatically pull in the icon window and you can also specify to launch apps but hide them (think run key entries). If ThinKiosk is restarted via admin task, it’s smart enough to know not to relaunch them.

Environment variables for paths and arguments are fully supported and i’ve also added a variable for 32bit program files paths… I always wondered why Microsoft didn’t do this, but I digress.

 

Windows secure keystroke blocking and passthrough:

You asked… (and asked and asked and asked and asked). It’s done, with ThinKiosk 4.0 you will be able to block CTRL + Alt + Del, [Windows] + [L] etc.

Pass through of these keystrokes to the remote desktop is available for VMware View already and will be coming shortly after 4.0 for Citrix and Microsoft connections.

machine lockdown

 

Group Policy Lockdown:

By default when you install ThinKiosk 4.0, it will arm the PC with the most restrictive policies via the local group policy engine, disabling access to all admin utilities and even local disks. This lockdown can be tuned or turned off via policy if required.

ThinKiosk performs privileged actions via the ThinKiosk Machine service which installs as part of the installation.

 

Auto log in account:shell

ThinKiosk will ship with it’s own user account for fast deployment. This account will be created on the local machine and gives you a quick an easy method to manage local accounts on non domain joined PC.

The accounts password is synchronized with the ThinKiosk unlock password you specify.

This account is completely optional and you can turn it off or substitute it with a domain account of your choice.

ThinKiosk will also manage the Windows Shell replacement policy itself via policy, so no more mucking around with local group policy or registry keys.

ThinKiosk also now encrypts the auto login account using LSA.

 

Active Setup:

as

With ThinKiosk as shell, you can now run Active Setup with ThinKiosk’s improved Active Setup Async.

Active setup Async is a utility we have implemented into ThinKiosk that will perform active setup 60% faster than standard Microsoft active setup via a threading and queuing engine, the end result is active setup support ( for example: HDX flash redirection) with a much faster (and prettier)  interface.

 

Start up Script:startup sript

ThinKiosk can now implement the local group policy engines start-up script to allow you to manage off domain PC’s. With the start-up script, you can install software, updates, disable services, uninstall software, delete files, profiles… anything!

The only limitation here is your own imagination or scripting abilities.

If the latter is a concern? worry not, we’ll be creating a scripting library where ThinKiosk enthusiasts can share and collaborate on similar tasks.

 

Local session control:session

ThinKiosk 4.0 offers you the ability to control local volume, printers, screen saver and even background color.

 

Improved debug logging:debug window

ThinKiosk logs everything, every action, command, hiccup… everything.

If something isn’t quite working as expected, chances are the debugging window will announce in triumphant glory exactly what is broken!

 

Redundant profile management:

ThinKiosk takes a copy of it’s profile on each check in to an FTP server or Broker server.

In the event of the server being offline ThinKiosk attempts five times to connect before failing back to the local profile allowing your users to continue working without an outage.

If the broker server becomes available again throughout the day, ThinKiosk will check back in to allow management but will not disturb the user.

 

And so much more!

I’m not going to go on and on, but as you can see… It’s awesome!

Check back in a few weeks for the release as we ready the build.

I need your help Server Based Computing / VDI Experts!

February 7, 2013 20 comments

Hi Guys and Gals. I’m currently fighting the good fight with Microsoft support and require your help and backing in order to close down a long standing bug in the Windows Explorer Shell.

As you are all aware, hiding the c: drive and restricting access has been a utility we use frequently in shared computing and VDI environments. Restricting this functionality removes views of the shared drive from users and adds a layer of security and complexity* to ensure the users in question have access to only what they need in order to do their jobs day to day.

*I’m not looking to argue the merit of doing this either, it really depends on the business case or environment to dictate whether this option is set. I’m NOT saying it should be done in every case.

We all know it’s not fool proof, there are certain ways for users to circumvent this layer and I particularly don’t want to discuss them here to give potential devious users a landing page for idea’s!

The problem:

Prior to windows Vista, when you hide the c: drive and an application requests access to a c: drive folder, be it from an “open save dialog” or otherwise, Windows detects this event knows that the folder is restricted and merely redirects them to the desktop which they can see then browse to where they wish to open or save a document. This has worked fine to memory since windows server 2000.

But with the changes to Windows Vista’s windows explorer, repeating the above steps will result in the following annoying, unnecessary and interrupting error message “This operation has been cancelled due to.. bla bla blah”:

noname

This issue can be easily recreated, simply hide and restrict the c: drive, then click start > run > browse… bang.

The more annoying problem here, is after the error message, windows simply redirects back to visible folder. In most cases this is the documents library. So the error message is simply poping up then reverting to the functionality seen in previous operating systems.

So to review:

  • Issue introduced in Vista / 2008 and above.
  • error message displays.
  • Previous redirect functionality is still there and occurs after ok is pressed.

To Microsoft!

Being a pedantic individual, along with my colleague we brought this to Microsoft support and somehow lost months in the conversation as follows:

  1. Microsoft then redirected us to RES Software.
  2. Who (although very nice about it) sent us back to Microsoft.
  3. At which point I got involved.

Now with the correct audience and suitable severity, this problem has been identified as “introduced in Windows Vista” as an “Added Security feature“. How an annoying pop up box, masking previous functionality is a security feature is anyones guess, but it’s bloody annoying…

We have raised this as a bug and have requested Microsoft to fix it. The change in question was deemed as large change or substantial change due to WIndows explorer being used by all of the operating systems and basically told, without significant backing, this change wont be implemented.

Bureaucracy and broken policies, yes but that doesn’t help my customer.

Here’s where I need you:

In order to bolster this change and fix an issue in our beloved operating systems for Server Based Computing and VDI environments I need to hear from you and your customers to confirm they have had this issue, or currently face the issue and wish for a fix.

  • If you are a customer and suffer this issue, email me.
  • If you are a consultant and have customers with this issue, email me.
  • If you or your customer have enterprise support with Microsoft, I ESPECIALLY want to hear from you.

What’s in it for you?

Microsoft have provided us a work around, as a process that watches window messages and suppresses this dialog box when it occurs. If you get in touch, I’ll recompile this application with Microsofts permission and pass it on to you for use in your environment while we get “The Man” to fix it!

This fix is a bit of hack, as it’s scraping window messages but it’s light weight and scalable. Use this process for now and I’ll provide you with updates on a fix as and when I get them.

How do you contact me?

Please drop me and email on andrew{at}andrewmorgan{dot}ie with the following information:

  • Customer name:
  • Affected users:
  • Has enterprise support: (yes/no)

Once I have that information, I’ll send you back an executable via dropbox and keep you updated on the call process. This information is merely going to be fed straight to Microsoft with my personal guarantee of confidentiality. No funny business.

If you can’t share customer information, but have suffered this issue in the past, no problem! Please comment on this blog post the number of seats that were affected and roughly how many times you’ve seen it.

That’s it!

Thanks for entertaining my request for help and hopefully you too want to get this issue fixed as much as I.

Follow

Get every new post delivered to your Inbox.

Join 2,301 other followers