Microsoft maintains a development methodology commonly refereed to as “eat your own dog food” meaning that the products that Microsoft develops are first tested in its own corporate environment. One of the ways Microsoft “ate its own dog food” was to pilot Windows Server 2008 Terminal Services. The project was so successful that Microsoft IT went on to test the scalability and performance into the production environment (keep in mind that Microsoft has over 78,000 employees worldwide). The implementation of the TS Gateway feature was a major shift at Microsoft. Prior to TS Gateway, employees had to start a VPN prior to establishing a Terminal Services connection.

This implementation lead to a technical white paper called “How MSIT Uses Terminal Services as a Scalable Remote Access Solution - Deploying Windows Server 2008 Terminal Services at Microsoft”. The white paper “…shares the experiences of the deployment team in the deployment of Windows Server 2008 Terminal Services at Microsoft. Also, because of the experience that the team gained during the deployment, this information should provide meaningful guidance to organizations that want to deploy Windows Server 2008 Terminal Services in both small and large terminal server environments.” This really is a good architecture reference and an easy read with specific goals and solutions.

You can download this white paper for your own reference from Microsoft…

Technorati : Load Balancing, Microsoft, TS Gateway, Terminal Services, Windows Server 2008
Del.icio.us : Load Balancing, Microsoft, TS Gateway, Terminal Services, Windows Server 2008
Ice Rocket : Load Balancing, Microsoft, TS Gateway, Terminal Services, Windows Server 2008

One of the more visible changes in the Remote Desktop Client version 6.x is the frontside authentication mechanism. When I say “frontside authentication mechanism”, I am talking about the part where you are prompted for credentials prior to making a connection to a Windows server. This is new behavior in the RDP 6.x client. Prior to the RDP 6.x client, you were prompted for credentials after establishing a connection to the Windows server. So, why did Microsoft make this change? Why is it better to obtain credentials at the client level rather than the server level? As it turns out, there are two main reasons for the - security and single sign on. These reasons are eloquently explained in an article published on the Microsoft “Ask the Performance Team” blog.

First, let us look at the security aspect. “The intent of Frontside Authentication in Terminal Services is to enhance usability and increase security by reducing the potential attack surface exposed to unauthorized users… In previous versions of Windows Server, numerous session-specific components, such as CSRSS.EXE, USERINIT.EXE and WINLOGON.EXE we active during the authentication process. This created the possibility of a pre-authentication attack surface for key operating system components.” So, by obtaining credentials at the client level fixes this - right? Well, almost. As it turns out you need the RDP 6.x and Windows Server 2008. Check out this table from the Microsoft article:

The key to remember is that the “authenticate before connecting” behavior is only valid when both the client and server are using the new CredSSP in Windows Vista and Windows Server 2008.

The second part of the article deals with Single Sign On (SSO). Windows Server 2008 Terminal Services “supports SSO for domain-joined servers to provide a better user experience by eliminating the need for users to enter credentials each time they initiate a remote session.” A couple of key things to note is that for SSO to work, the client must be part of the same domain as the server. So, in the case of TS Web Access, this may not be the case and users will be prompted for credentials multiple times. Also there are some additional steps necessary to configure SSO (which the article steps you through).

Continue at source…

Technorati : Authentication, RDC, RDP, SSO, Single Sign On, Terminal Services
Del.icio.us : Authentication, RDC, RDP, SSO, Single Sign On, Terminal Services
Ice Rocket : Authentication, RDC, RDP, SSO, Single Sign On, Terminal Services

Microsoft Office SharePoint Server and SharePoint Services have quickly become popular portals for many. Integrating Citrix published application access into SharePoint has been possible for quite some time by various methods including, but not limited to:

• Using Citrix Web Interface’s compact layout and SharePoint’s “page viewer” Web Part
• Citrix Web Interface for SharePoint (WISP)
• Citrix Advanced Access Control

With the introduction of Microsoft Windows Server 2008 Terminal Services, you are now able to achieve the same effect using SharePoint, TS Web Access, and RemoteApps. In fact, this process is quite easy because Microsoft has already created the TS Web Access Web Part (Microsoft.TerminalServices.Publishing.Portal.TSPortalWebPart). Additionally, Microsoft created a step by step document on how to install SharePoint, register the Web Part, and add the Web Part to a SharePoint site.

Download the Microsoft Step by Step guide here…

Technorati : Microsoft, Portal, Published Application, RemoteApp, SharePoint, TS Web Access
Del.icio.us : Microsoft, Portal, Published Application, RemoteApp, SharePoint, TS Web Access
Ice Rocket : Microsoft, Portal, Published Application, RemoteApp, SharePoint, TS Web Access

Earlier, I wrote about a new upcoming Citrix technology called Citrix Workflow Studio. I stated that Citrix Workflow Studio is “an IT process automation solution that enables you to compose, integrate and orchestrate rule-based workflows across your application delivery infrastructure.” Unfortunately, this technology is not generally available yet. However, Vishal Ganeriwala has posted a video showcasing a walk through utilizing Citrix Workflow Studio. In the video, Vishal shows us how to quickly construct a new workflow that prompts a user for their password and enumerates all virtual machines hosted on a XenServer. All of this is done without writing a single line of code. From what Vishal says in the video, this is just the first in a series.

Continue at source…

Technorati : Citrix, Development, Screencast, Webcast, Workflow
Del.icio.us : Citrix, Development, Screencast, Webcast, Workflow
Ice Rocket : Citrix, Development, Screencast, Webcast, Workflow

Thomas Koetzing has posted an article detailing some on the new features in Citrix Web Interface version 5.0. that is part of the next release of Citrix Presentation Server XenApp. In the article, Thomas outlines the evolution of Web Interface and then details some of the new features in the 5.0 release of Citrix Web Interface. Some of the enhancements include:

• A new look and feel
• Pre-logon page - used for legal notices or to communicate messages to the end user
• Application set search feature - useful if you publish a lot of applications
• Application set grouping feature - groups are displayed as tabs
• Low graphics design - useful for mobile devices
• Citrix Access Gateway standard support
• Special folder redirection

Keep in mind that Delaware, and thus Citrix Web Interface 5.0, is targeted to run on Windows Server 2008. So, you will need IIS 7 for Web Interface 5.0.

Continue at source…

Technorati : Citrix, Deleware, Published Application, Web Interface, Windows Server 2008
Del.icio.us : Citrix, Deleware, Published Application, Web Interface, Windows Server 2008
Ice Rocket : Citrix, Deleware, Published Application, Web Interface, Windows Server 2008

Gus Pinto is reporting live from Citrix Solutions Summit. One of the “major” announcements made is that Citrix has changed the named of Presentation Server to XenApp. This falls in line with Citrix’s purchase of XenSource. Ever since the purchase of XenSource, Citrix has been re-branding products with the Xen name (XenServer, XenDesktop, XenApp). This is not the first time Citrix has renamed a product. For example (a little history here):

WinView –> WinFrame –> MetaFrame –> MetaFrame XP –> MetaFrame Presentation Server –> Citrix Presentation Server (no more MetaFrame starting in version 4.0) –> XenApp –> ?

NFuse split to NFuse Classic and NFuse Elite. NFuse Classic became Web Interface. NFuse Elite became MSAM (MetaFrame Secure Access Manager - which later died as a product).

Continue at source…

Technorati : Citrix, Presentation Server, Xen, XenApp, XenSource
Del.icio.us : Citrix, Presentation Server, Xen, XenApp, XenSource
Ice Rocket : Citrix, Presentation Server, Xen, XenApp, XenSource

PowerShell is quickly becoming the de facto standard scripting method for new Microsoft products. I’ve written in the past about using PowerShell in your environment, which focused mainly on using PowerShell in Citrix environments. PowerShell can also be used to bulk edit Terminal Services attributes as seen in a blog post by Dmitry Sotnikov. Dmitry demonstrates how to get and set Terminal Service attributes using some custom PowerShell cmdlets. Here is an excerpt from the blog post:

Getting TS Attributes

PS C:\> get-qaduser "Dmitry Sotnikov" | format-list Ts*
TsProfilePath : \\server\tsprofiles\DSotnikov
TsHomeDirectory : \\server\tshome\DSotnikov
TsHomeDrive : P:
TsAllowLogon : True
TsRemoteControl : 0
TsMaxDisconnectionTime : 00:00:00
TsMaxConnectionTime : 00:00:00
TsMaxIdleTime : 00:00:00
TsReconnectionAction : 1
TsBrokenConnectionAction : 0
TsConnectClientDrives : True
TsConnectPrinterDrives : True
TsDefaultToMainPrinter : True
TsWorkDirectory : c:\
TsInitialProgram : C:\Program Files\Quest\Initialize.exe


Changing TS Attributes

$u = get-qaduser dsotnikov
$u.TsProfilePath = ‘c:\profile’
$u.CommitChanges()


Continue at source…

Technorati : Microsoft, PowerShell, Scripting, Terminal Services, Users
Del.icio.us : Microsoft, PowerShell, Scripting, Terminal Services, Users
Ice Rocket : Microsoft, PowerShell, Scripting, Terminal Services, Users

Citrix recently released a new product called Citrix Workflow Studio. Citrix Workflow Studio is “an IT process automation solution that enables you to compose, integrate and orchestrate rule-based workflows across your application delivery infrastructure.” What does this mean exactly? Basically, Citrix Workflow Studio, is a GUI that allows you to create automation tasks for your Citrix environment. How does it do this? Citrix Workflow Studio generates PowerShell scripts for you based on the GUI choices made. To see more clearly what I am talking about, check out Rich Crusco’s six part series on Citrix Workflow Studio. There is some speculation in the Citrix and PowerShell communities that this looks to be purchased technology from FullArmor. Check out observations from Shawn Bass, Karl Prosser, and Brandon Shell.

Technorati : Automation, Citrix, PowerShell, Workflow
Del.icio.us : Automation, Citrix, PowerShell, Workflow
Ice Rocket : Automation, Citrix, PowerShell, Workflow

Need help designing your Windows Server 2008 Terminal Services infrastructure? Who better to assist than the people that wrote the product? Michel Roth has highlighted a solutions accelerator from Microsoft called the “Infrastructure Planning and Design guide for Windows Server 2008 Terminal Services”. This is a beta guide that steps you through the design process. You can download this guide for free from Microsoft Connect. You will need to have a Windows Live ID - but that is free too.

Continue at source…

Technorati : Architecture, Infrastructure, Microsoft, Planning, Terminal Services, Windows Server 2008
Del.icio.us : Architecture, Infrastructure, Microsoft, Planning, Terminal Services, Windows Server 2008
Ice Rocket : Architecture, Infrastructure, Microsoft, Planning, Terminal Services, Windows Server 2008

Don’t have a test lab to set up the new features of Microsoft Windows Server 2008 Terminal Services? No problem, Frameworkx recently opened up their Windows Server 2008 Terminal Services lab to the public. You can demo TS RemoteApps, TS Web Access, and TS Gateway from a live demo environment. One thing to note though before you try to launch applications with TS Gateway, you will need to install Framework’s root certificate, since they are not using a public CA like Verisign for SSL connections.

Continue at source…

Technorati : Demo, Lab, TS RemoteApp, TSWeb Access, Terminal Services, Windows Server 2008
Del.icio.us : Demo, Lab, TS RemoteApp, TSWeb Access, Terminal Services, Windows Server 2008
Ice Rocket : Demo, Lab, TS RemoteApp, TSWeb Access, Terminal Services, Windows Server 2008