?
Solved

Need help deploying machine catalog in XenDesktopo 5.6

Posted on 2013-11-26
11
Medium Priority
?
636 Views
Last Modified: 2013-12-06
Environment:
-Citrix XenDesktop 5.6
-Server 2008 R2
-Windows 7 Enterprise

I'm looking for just some general guidance on deploying an image catalog. My catalog more than likely needs to be dedicated since the certificate for web-based software gets installed in the trusted root (I've already tried pooled-static so let's not rehash that one).

Question:
If I deploy 100 or so users in a new deployment to XenDesktop 5.6 with Windows 7 enterprise vm's, while using a Dedicated machine catalog, will I be able to roll out master image updates without disrupting their individual computing experience? (i.e- personally installed programs, backgrounds, settings, etc.)
0
Comment
Question by:Paul Wagner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 39680646
If you are talking about MCS, you can't update the dedicated machines by updating the master image. This is only true with pooled machines!!

See this article to understand it better:
http://infrastructureadventures.com/2011/05/18/understanding-citrix-xendesktop-machine-creation-services/
0
 
LVL 14

Expert Comment

by:amichaell
ID: 39680788
Dedicated machines are basically like taking your physical desktops and simply virtualizing them.  They are still individual read/write machines.  There is no master image to update.

I would see if there was a way to use pooled-random perhaps importing the certificate at logon if necessary or go with pooled-static using personal vDisks.  At least then you could maintain a golden image.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39682659
You've got multiple possibilities here.

1st thing I would check is where the certificate *really* gets stored, and I would test moving it to the personal store. If you can get that working, then the cert becomes part of the profile, and you can use whatever you want.

But, as far as dedicated machines, you need to think about your long term management.
If they are truly dedicated, you don't have a good way to safely update them (in a single image update) once they have been brought up.   You have to treat them as individual machines, including all the work to manage them.  

If you use MCS to create the machines, then again, they are still dedicated and have to be managed individualy, but they are read/write.  The major downside is that once they have been brought up, they are effectively fixed in place on your storage - you cannot migrate them, because they are linked clones.

But, one strong possibility for you would be to use Personal virtual Disks.  When you combine this with either MCS pooled or PVS pooled, it will likely accomplish what you want.  With the pooled images, you can update them from a single master, etc.  But, the key to the PvD is that it is an extra disk attached to each VM.  That extra disk can store the profile, and any user installed apps directly.  So, you can keep all the individuality, but still update the master disk image in 1 swoop for your catalog.  

Coralon
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 5

Author Comment

by:Paul Wagner
ID: 39693187
@coralon

Sorry for the delay.... thanksgiving and all.
Great answer!

The certificate for the web app (third party on the internet) is required to be installed in the trusted root instead of personal certs. Will the trusted root be kept in the vDisk?
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39694444
It depends :-)  Since it is a Trusted Root cert, then you can put it in the Trusted Root store under the user account, or the machine account.  Since it is a root cert, then I would feel comfortable putting it the machine store, since it's used to connect to another cert for the chain of trust.

Go into your MMC, load the certificates snapin, and select the Computer Account. From there, you can put it in your Trusted Root store, and you should be good. You should also check if there was a intermediate certificate to go with it.  (Unless it is a cert from a vendor that is not one of the "normal" trusted root certs.  The major vendors all use intermediate certs these days.

Coralon
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39694499
This vendor (CoStar) requires the cert to be put in the trusted root of the machine.

Is the solution you're describing going to hold in vDisks with pooled-random catalogs?

There is another cert that they have users install but it doesn't show you where it installs. They're VERY vague about this since I think they want to protect each machine license.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39697351
The cert will remain in the image and be part of the machine.  But, the problem is that all the machines will have that cert installed -- they will all be using the same cert.  I don't know if that is problem for your configuration.

The user's individual certs will remain in their profile.  You should be able to locate it in the certificate snapin for the user account.

Coralon
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39698925
So you're saying to put the cert in the master image that I deploy in the image pool?

Ya, that's a big problem.

Each cert is specific to a user license (but it is installed on the machine).... so if a user wants to log in to the site from another machine, they have to revoke the existing license and then get a new one issued to them.

That is why pooled-random/static seems like a such a headache, but I don't want to issue dedicated VM's to 200 people. I might as well just give them all fat clients at that point.

Any ideas?
0
 
LVL 25

Accepted Solution

by:
Coralon earned 2000 total points
ID: 39700056
I don't think you'll have a lot of choice, short of a pooled-static, and you said you didn't have any luck with that.  :-\

In my opinion, you're only real option at that point is just to create standalone VM's, put the VDA on there, if you want to run the option from the VDI.

For a slight rehash, one possibility, (and it's a long shot), would be to assign your VDI's (again, basically a pooled-static) with either MCS or PVS.. *but*, you would basically set up a login/logout powershell script to automatically copy the cert in and out of the machine as they login/logout.  But.. just an idea.. :-)

Beyond that, I'm out of ideas.  :-\

Good luck!

Coralon
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39702516
.... hmmmm..... I like the idea but it sounds like I'd be taking the cleanliness of XD and throwing it out the window with powershell scripts and all.

There is an option in using key fobs instead of machine certificates but it's $170/person. I think I'll end up having to do that (but it's expensive).

I talked to someone else about vDisk and they think that it DOES keep machine certificates, so I'll set up a test pooled-random catalog to see if it works.

Thanks for the input Coralon. Since your advice has helped in molding my decision, I'll give you the solution points.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 39702647
Glad I could at least steer you in the right direction :-)

Coralon
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question