Citrix User Profile Manager…  Part 1 of… 

The successful management of Microsoft User Data Settings (UDS) is a strategic necessity for the centralized application delivery services network (IMHO anyway..:-).  Microsoft does offer tools for the management of UDS, default, roaming, and mandatory profiles in combination with Folder Redirection (FRD) and Active Directory Group Policy Objects. 

From Windows 2000 forward we have been stacking policy objects, redirecting profile folders, turning local profiles into mandatory profiles, writing system and user environment variables, scripting this and setting user permissions for that, and all of it (and this is only a part) in large part has been work focused on bettering the end user experience on the network, while reducing the administrative overhead to get the job done (oddly enough…).

While in the majority of cases, the majority of times, the Microsoft UDS framework gets the job done, if you have read this far into this post I suspect you have fallen out of the majority.

Some of the common questions:  Why are my logons so slow?  Why are users settings not retained session to session?  How do I reduce manual task operations related to user management?  What impact can Microsoft Active Directory have on the network, both for users and administrators?  Will Citrix User Profile Management (UPM) reduce complexity associated with user profile management today?

This last question is what’s most important.  The answer is yes.  Below I will reference some of the items to consider as you craft your own management framework for UDS management.

Requirements

You will need some understanding for the items referenced below.  I will link in some info to get you started at the end of this post.  For purposes of this post, I expect that you have downloaded Citrix UPM and installed the product as necessary for your environment.

1. Group Policy Management:  Leveraging Microsoft Active Directory and Group Policy management delivers consistent and predictable configuration for the Windows network.
2. Folder Redirection (FRD):  Folder redirection is a must.  It is important to understand not only the folders you redirect, but just when in the user logon process these folders need to be there for everything to work.  Also, it is important to understand the consequence of failing to appropriately leverage FRD.
3. User Data:  This is a subset to FRD but is worth noting separately.  User Data is the stuff that users make themselves, the stuff in the My Documents, Desktop, and Favorites folders.
4. Profile Data:  This is a subset of FRD, there is also a consideration for Microsoft policy context as well.  Profile data is tied to the OS version offered as the application delivery platform to the end user.  FRD for Ntuser.dat and Application Data folder per each Microsoft OS instance defines the users profile data.
5. System Environment Variables:  System Environment Variables leverage the Microsoft OS instance to offer scalability to the administration of UDS services.
6. Citrix User Profile Management (UPM):  The goal of the Citrix UPM is to reduce complexity surrounding current administration of Microsoft UDS services, while offering a consistent platform for user experience.

The Goal

The use case will be that of a user required to work across both a W2K3 XA5 and W2K8 R2 XA6 farm environment.  The success criteria for the use case is referenced below.

1. User Data:  Users should have access to all data created from either farm environment.  Applications being offered from the XA5 farm environment should have visibility to data created by applications delivered from the XA6 farm and vice versa.  Note:  As with all things FRD a logical file structure offers scalability to the administration of UDS, the folder structure should be consistent for all FRD configuration.
2. Profile Data:  FRD is a requirement to meet the needs of segregating the Microsoft OS policy context of users HKCU registry hive and Application Data folders.  Note:  The note above applies here as well…
3. Establish System Environment Variables (SEVs):  These configuration items written to the Microsoft OS machine instance offers flexibility in leveraging automation and consistency for proper FRD service to the network.
4. Active Directory Group Policy Management:  Configuration for UDS environment be managed by Microsoft Group Policy and the Group Policy Management Console.  I am working with a W2K8 R2 AD environment.  AD GPO will also be leveraged to configure Citrix UPM settings for the network.

How to Get There

1.    Create the Directory Infrastructure for Microsoft FRD 

I have created two root folders to host the FRD infrastructure, UserData and CitrixUPM. 

UserData will be the root folder for the collection of data that users will access from both the XA5 and XA6 farm, My Documents, Desktop, and Favorites.

CitrixUPM will collect users profile information (Ntuser.dat, and all other non FRD folders within the profile) via Citrix UPM and Application Data folders specific to version 1 (XA5) and version 2 (XA6) OS environments.

Follow the Microsoft Best Practices for Roaming Profile Folder Permissions when creating these folders.  Proper configuration of SMB and NTFS permissions will support the auto creation and security settings for all file activity required for proper UDS service.  The only additional item to reference is to include the Administrators group as necessary for proper management of the FRD/UDS environment. 

Also be sure to disable Offline Caching for the UserData and CitrixUPM directories.  This prevents the corruption of data used to support roaming profiles.  Set the Offline File Settings at the folder level within the Folder Properties>Sharing>Advanced Sharing>Caching option select disable offline caching.

2.    Create System Environment Variables (SEVs)

 The %ProfileVer% SEV will be configured per Microsoft OS for reference within the FRD file structure. For the respective XA5 and XA6 environments I have configured W2K3XA5 and W2K8R2XA6 SEVs. 

I have not done anything fancy to write these configurations to the OS instance.  You can find these settings under the Computer Properties>Advanced System Settings>Environment Variables tab.  Important to configure the SEV within the proper window of the GUI.  The uppermost portion of the configuration window is for User Environment Variables, not the SEV we are looking to create.

Going the manual route will require an OS reboot for these settings to be written to the system instance.

Note: Citrix UPM works with SEVs and Microsoft Active Directory Variables (which are CaSe SeNsItIvE) only.  User Environment Variables are not recognized by UPM.

3.    Create Active Directory GPOs

Citrix UPM and Microsoft FRD will be managed via Active Directory Group Policy Objects (GPO).  The traditional approach of combining Blocking Inheritance and Loopback Replace is recommended for the configuration of Citrix UPM for both XenApp and XenDesktop environments.  The GPO configuration for the lab is referenced below.

I have five GPOs linked to OUs containing the appropriate OS for the configuration of FRD and Citrix UPM.  Microsoft has designated Windows XP and earlier profile environments as version 1, while all profiles later than XP are version 2.  The essential thing to reference is that these profile environments do not commingle, the profile settings you have in XP will not flow through to Vista, W2K8, or W7.  To achieve this segragation we will use a combination of SEVs, and FRD delivered via GPO configuration for the environment.

Another item to reference here is the order in which these GPOs are written to the environment.  Be sure to have your FRD settings have a lower precedence order than the GPO used for Citrix UPM management.  UPM and FRD work in tandem with each other and failing to have FRD in place prior to UPM processing will not make you a happy customer.  It is very important that you map out and test all of the FRD configuration you will require for the network prior to including Citrix UPM into the UDS framework.

The reason for the v1 and v2 approach to GPO is due to the differing configuration requirements between v1 and v2 Microsoft OS environments.  Also, management of Citrix UPM allows for the exclusion and inclusion of files and folders to be retained within the profile directory FRD.  As the folder directory environment for W7 differs from that of XP, the appropriate exclusion and inclusion lists must be manually configured within the GPO assigned to manage settings for Citrix UPM.  Brief reference for the GPOs I have applied are listed below.

XenApp_Loopback:  Applying Loopback Replace has been a recommended GPO configuration for terminal servers since Windows 2000.  Follow this link for more information on this configuration item.

XenApp_CitrixUserProfileManager_v*:  This GPO turns the UPM service off and on for each machine account within the OU, and to which the UPM tool has been installed.  Configuration for v1 and v2 file exclusions and inclusions as well as component implementation within the Citrix UPM are also provided here.

XenApp_FolderRedirection_v*:  The goal with FRD is to keep things simple.  For my own lab I want two root directories as referenced above, UserData and CitrixUPM, this GPO configures these items. 

From the UserData folder users will have access to Documents (formerly My Documents), Desktop, and Favorites data across both v1 and v2 OS platforms.  FRD configuration for folders managed within the UserData directory will be \\Servername\ShareName\%USERNAME%\Folder.  Standard FRD configuration via GPO will be offered from the XenApp_FolderRedirection_v* policy object referenced above.  The resulting directory structure is referenced below. 

 

 Note: I am leveraging W2K8 R2 AD environment to offer Group Policy Preference configuration for the FRD of the Favorites folder from the v1 OS, W2K3 in this instance.  Microsoft v1 OS environments offer FRD configuration for four directories within the user profile space, Desktop, My Documents, Start Menu, and Application Data.  While it is indeed possible to offer FRD to v1 OS platforms, this is achieved by way of configuring the HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders registry settings for all folders in the profile space.  This has been the traditional work of creating a new user profile for purpose of replacing the Default User Profile available from the Microsoft OS platform.  GPP makes easy work of this configuration and I am glad to leverage this service to get the job done. 

The CitrixUPM folder will contain the redirected Application Data folder per v1 and v2 OS platforms, as well as all of the profile data not managed via FRD but retained by Citrix UPM. 

FRD configuration for AppData will be configured via the XenApp_FolderRedirection_v* GPO, while FRD for the CitrixUPM directory will be configured via the XenApp_CitrixUserProfileManager_v*. 

AppData: \\ServerName\ShareName\%USERNAME%\%ProfileVer%\AppData

CitrixUPM:  \\ServerName\ShareName\#sAMAccountName#\%ProfileVer%

Important to note the difference in variable configurations for the UNC paths configured via GPO.  The Citrix UPM service does not recognize user environment variables, instead relying on Active Directory variables (which are CaSe SeNsItIvE), and SEVs. 

Standard FRD for the AppData folder will be offered from the XenApp_FolderRedirection_v* GPO referenced above.

The Citrix UPM path to datastore configuration will be offered from the XenApp_CitrixUserProfileManager_v* referenced above.

The resulting directory structure is referenced below, and will offer a single root directory location for both v1 and v2 environments.

Note:  The approach I take to UDS settings closely mirrors the recommendations offered in the W2K8 Resource Kit Productivity Solutions for IT Professionals.  This approach to UDS will offer you the opportunity to scale these configurations via Dfs. 

Results

The user will logon to a single Web Interface instance on the network for access to published resources available from both W2K3 XA5 and W2K8 R2 XA6 environments.  To keep things simple I will work with Notepad as the published application.  I will work from both desktops open simultaneously.

Starting with XA6 Desktop:

Screenshot of the XA6 Desktop is referenced below.

To begin I will create a folder on the desktop and launch notepad from both XA5 and XA6 environments.  You can see below that I have created the desktop folder, launched both Notepad applications making changes to the Font configuration per each application.

 

I will save the Notepad XA5 output to the DesktopTest folder, while saving Notepad XA6 directly to the desktop.  The screen capture below references the XA6 Notepad document saved to the XA6 Desktop, and the XA5 Notepad document saved to a folder on the Desktop labeled DesktopTest.

 

As I am logged onto both XA5 and XA6 desktops simultaneously, when I bring up the XA5 desktop I notice that the DesktopTest and XA6Notepad documents are immediately available.

Also notice that the application settings regarding fonts have been applied to Notepad from XA5 and XA6 for the respective files to be accessed.

To confirm data access to redirected Documents folder within the XA5 Desktop I have created the folder Test Documents FRD as seen below.

On toggling back to the XA6 Desktop and accessing the Documents directory via the Start Menu the user has immediate access to the Test Documents FRD folder as seen below.

Conclusion 

There is a great deal to talk about with regard to Microsoft UDS configuration for the network.  The steps referenced in this brief article reference some of the concepts Citrix customers are working with to present a consistent and predictable Microsoft UDS workspace to users.  The goal is to leverage the components of the Microsoft UDS framework in combination with Citrix UPM to reduce complexity of network administration, while offering the user a better work experience from the network. 

I will add additional posts to this topic as time permits in the weeks ahead.

More Information

Citrix UPM Documentation

Citrix TV UPM Videos

Microsoft Roaming Profile Security Configurations

Loopback Processing Replace

Disable Active Directory Policy Inheritance

GPOGuy.com

User Profile White Paper by Benny Tritsch

Taking a number of questions from customers regarding the upgrade of XA 4.5 to XA 5 and XA 6. 

Upgrade W2K3 XA 4.5 to XA 5.0 

For those of you seeking documentation for the upgrade to XA 5 reference the link below.  This doc will walk you through the process of upgrading your W2K3 XA 4.5 installation to XA 5.0.  For those of you moving froma W2K3 to W2K8 server environment the recommendation is build a completely new farm.  Installing OS updates over the top has never been recommended as a best practice for terminal server.  When upgrading the OS, the complete rebuild of the server is your best bet for success. 

http://support.citrix.com/article/CTX116622

Upgrade to XA 6

The upgrade path to XA 6 is a parallel path installation.  XA 6 has been developed exclusively for W2K8 R2.  XA 6 does not run on W2K3 or W2K8 R1.  XA 6 does not offer the opportunity to share a farm context with XA 5 servers.  The documentation for upgrading to XA 6 is referenced in the link below.

http://support.citrix.com/article/CTX124241

XA 6 Migration Tool

Citrix has developed a Powershell tool capable of porting XA 5 farm settings into your new XA 6 farm.  To purpose of the XA 6 migration tool is of course to speed the deployment of your new farm.  The video will give you information on installation and configuration of the tool.  The video offers insight into the new XA 6 ability to publish applications to groups of users.  You will see how to configure and leverage the latest release of Web Interface to support user migration to the new XA 6 farm. 

Interestingly you will also notice a seamless workflow in the migration of users from Office 2007 to Office 2010.  This is achieved by leveraging System Environment Variables to publish the office applications, %MSOFFICEDIR%\Excel.exe is referenced as the follow up posts for the video.  System Environment Variables can be a great configuration resource for you on the network.  Remember though that for a System Environment Variable to work you must reboot the server to set the configuration….

Citrix XenApp 6 Migration Tool – Guided Tour

You can download the XenApp 6 Migration Tool from http://support.citrix.com/article/CTX125471

Enjoy your migrating.  Please feel free to pass on your questions. 

RTE

For those that would like to test Citrix application delivery to an iPad, look here for the Citrix Mobile Receiver URL Generator. For some explanation of just what is happening with this tool, look here. Looking to test even more devices check out the Citrix Cloud Demo Environment. These tools offer you an opportunity to test access to Citrix applications via your remote devices.

Tip: Keep these sites handy, I have noticed that our own support teams leverage these sites as troubleshooting tools to assure the Receiver is indeed installed and working correctly.

Next step, read the documentation…..

• http://support.citrix.com/proddocs

Expand the documents tree to see the item below. It is possible to deliver apps via the Receiver for iPad/iPhone via CSG 3.0 as well as AG Standard, Adv (4.5 with Hotfix 4 (AAC450W004)), and AGEE. You will also require Web Interface 5.* from which you will configure a XenApp Services Site (formerly PNAgent site). Read the documentation! Take your time, and be sure you are meeting the minimum requirements. As with anything else, I have some customers who are delivering apps via the CSG and AG products right off the bat without issue, while others need a bit more time to review the details. Take you time, and understand that the technology works! It’s always the little things.

As I write this, I am waiting for my iPad to be delivered to my home home office.  Some folks collect boats, art, sports cars, but I am a gadget guy.  I am windows focused in my orientation, and this will be my first foray into the Mac world in a very long time.  Of course I could not endure the normalcy of the the initial iPad release, I had to wait (and pay) for 3G, and I did go 64GB on disk.

There is not a meeting I am attending these days where discussion of iPhone and iPad is not being referenced.  Consumers are buying iPads like hot cakes.  Citrix is focused on leveraging consumer experience to business as a means of productive delivery of applications to end users, the success of the iPhone Reciever and the Dazzle plugins are great examples of this commitment.  In a basic sense, if a user has the ability to use an iPod, iPhone, iTunes, and now the iPad, our goal at Citrix is to leverage this knowledge to deliver business applications to these very same devices.

Below I will list some information for IT professionals to get started on the process of delivering applications to iPhad and iPhone leveraging the Citrix Delivery Center.