Category: External stuff

Keeping Virtual Sandboxes under control

By Rob Aarts and Max Ranzau

Rob: After using VMware Thinapp in several projects I wanted to share some best practices The first one is about a common mistake I see made on a regular basis. Applications with several entry points for executables, are presented using Workspace Manager, using multiple managed applications. So far so good.

The problem arises when all entry points (from the same Thinapp capture) have their own Zero Profile setting pointing to the same Sandbox location. Are you still with me here? Let’s have a look at the example below:

p1

Here’s a working example:

  • When a user launches Application 1, Zero Profile settings are loaded and written to the sandbox.
  • The user then launches Application 2 and Zero Profile settings are loaded and writes to the same sandbox location.

What is likely to happen, is that settings for Application 1 become corrupted, due to it’s settings are being changed by another process while it’s running. I personally have seen some strange behavior from apps, which absolutely don’t like this messing are around with their appdata behind the scenes. It doesn’t take a degree in rocket science to imagine what may happen when Application 3 is launched. It will just increase the likelyhood of corruption.

The solution to avoid this mess is simple and was covered previously, although for natively installed applications only: Have a look at Max’s article RG056 in the tech library. Setting up a placeholder application as described in the article will allow you to configure  individual apps app to save the sandbox and direct The Zero Profile from Application 1, 2 and 3 to this placeholder App:

p2

Max: Once you have this set-up, the next challenge is to make sure your User-Settings capture configurations are not overlapping. As of WM SR3 there is a setting for global User settings to grab a setting exclusively. This means that if say 3 different global user settings grab the same registry value you can check one of them as exclusive and only that UserSetting will store it. Unfortunately this approach doesn’t work well for Managed Application based user-settings, as the capture-exclusive feature isn’t available there (yet?). Anyhow, there is a workaround for this. Let’s say you start with creating a suite-settings placeholder app, like described above for Office:

  1. You create a new managed app
  2. Under user settings, you add all the capture templates for Word, Excel, Powerpoint etc. and you have a nice list like shown below
  3. Then everything is cool and ready to rumble, right?

p6

Unfortunately that’s not quite the case, as the templates are likely to overlap. This is not the fault of the template designers, but a function of that they need each to be able to stand alone. This means we have a bit of cleaning up to do, but it’s quite easy. When you are on the User Settings|Capturing tab of the SuiteSettings app as shown above, do the following

  1. Click the Show details checkbox at the bottom of the dialog box
  2. Now click on the data column header to sort on files and registry entries being captured
  3. Look for identical rows (highlight)

p5

Note the line for the ‘Microsoft InfoPath Designer 2010’, which I have highlighted and disabled. I disabled it because that particular User Setting was already captured by the template called ‘Microsoft Infopath Filler 2010’ and as you may recall from our discusion above, we do not have the option to capture exclusively on Managed apps.

You disable an item by doubleclicking on it. Don’t fall for the temptation of removing the checkbox you immediately see, as that will disable the entire template, in which you are only interested in disabeling a certain file/reg grab. Instead  go to the Capturing tab, then select the offending/duplicate entry, double click again and THEN remove the Enabled checkbox you see. Sequence shown below:

p7

You can of course also delete the duplicate entries to tidy things up. In this case I kept them around for illustrative purposes. One thing I’d like to make you aware of: First, go to the global User Settings node, and at the bottom check both ‘Show details’ and ‘Show all User Settings’:

p4

dpNotice that once you link up multiple applications to the same suite app, you will see multiple entries of the same user-setting. This is not a bug or an indication that something unnecessary is being captured. For example, look at the example above where about half way down you see about 7 references to %APPDATA\Microsoft\Access and both Word, Excel etc are pointing to it. This does NOT mean the and Word and Excel templates had duplicate entries. It’s simply because the combination of the two checkmarks shows the canonical list of all combinations of apps and user settings, thus the repeats. In short: They’re mostly harmless. Don’t panic!

We hope with this little away-mission into advanced WM User Settings management to have given you some new thoughts on how to both wrangle virtual applications as well as suite settings for multiple apps.

Rob & Max

 

Setting up a Lab HR system for IT Store

xor-logoFrom the Lab Essentials Dept. This article is to show you how you can stand up your very own open-source HR system and hook it up with RES IT Store. One of the things you may often hear about in regards to RES IT Store, is the ability to do employee on/offboarding. If you want to test this out for real, you probably won’t get access to a live HR system in production, thus I wrote this article.

doc-icon2<<< Click here to read the article

 

Aspen Systems and RESguru Consulting partnership

aspen-logoToday it’s my pleasure to announce a new partnership with Mike Meyer over at Aspen Systems. Mike has been in the virtualization business for as many years as I’ve been in the workspace and automation business. Recognizing our respective strengths we quickly realized there is good business to be made by combining these strengths.

This partnership will effectively allow our respective companies to offer virtualization and workspace expertise combined in north and southern California. Santa Barbara based Aspen Systems has an impressive track record delivering high quality desktop solutions based on Citrix, VMware and other virtualization technologies. RESguru Consulting, based in the San Francisco bay area, brings 15 years of implementation and training experience with RES Software technologies to the table, allowing implementation of fast and predictable managed desktop and automation solutions in the datacenter, as well as in the end-user computing environments. Together we are excited at the prospect of serving current and future clients with well proven technology to increase savings on IT and reduce complexity.

To kickstart this partnership, I’ve created the first of a series of technical articles for the Aspen Systems newsletter that will focus on different aspects of RES technology. The first article is how to use RES Automation Manager in environments where Windows Authentication is required.

doc-icon2<<< Click here to read the article on Aspen Systems’ blog.

 

Secret Weapons of a Master Trainer

By Max Ranzau

 

From the Teacher’s Tips Dept. Having trained a lot of great folks in RES tech over the years, one particular question I often get on the side is this: “Max, what is that digital whiteboard solution that you are using?” I thought I might as well share that with you here, as well as a couple of useful tips. You’ll need these as circumstances have changed around the product’s availability.

cpsFirst of, what I use is called Canson Papershow. It is a quite ingenious solution to white boarding. The Canson Papershow solution differs itself by using a real ballpoint pen tip on real paper. It’s not a recorder pen that plays back later, or one of these Wacom tablet jobs where you can’t see what you’re doing. I’ve even seen folks trying to finger paint on a VGA connected iPad – ye gods! With this kit, everything you write will be drawn precisely in real-time in the whiteboard app on screen as well as on the paper. The kit consists of a USB key, a pen and a special micro-dotted paper pad. The USB key has 3 functions:

  • It’s a Bluetooth receiver for the pen device.
  • It stores the software for the host computer (it supports both Windows PC and Mac)
  • It provides storage for your saved whiteboard drawings (I think the key in total has about half a Gig). The drawings are stored in a vector based format, not as bitmap, so you can edit them later or continue next day of training in the same file.

The pen runs off a single AAA battery. It’ll run for about Read more »

Appsense vs RES article series

TheEditorEditor’s introduction: I have the pleasure today of welcoming Paul Newton as a guest writer here at RESguru.com! Paul has been in IT for 20 years, with the last 15 years spent in the systems management area. Paul is experienced with AppSense, SCCM, AdminStudio, App-V, Citrix and of course RES Software. He has worked in several large and medium sized enterprises in healthcare, energy, and broadcasting.

In the following article, Paul touches on an interesting subject which is sure to get the attention of the usual suspects ;) Over the years, there’s been a couple of more or less useful comparisons between what the merry folks respectively at AppSense and RES Software do, when it comes to managing the user’s persona/profile/environment/workspace (take your pick). The problem with most comparisons is that they basically end up just being a longwinded list of check boxes of who can do what.

The inherent problem with said approach is this: Whoever “dares” to create such a checkbox comparison sheet between any two or more competing vendors, is likely to have at least two vendors breathing down their neck, as the vendors all essentially want to look their best and have every last darn checkbox filled. For a long time, I’ve been advocating another approach: Presuming Vendor X and Vendor Y’s product can do the same things overall – logically the focus must shift from what CAN be done to HOW IT IS DONE.

As for vendor marketeers, this approach is obviously a lot tougher to deal with, especially if your product interface generally speaking is weak, unstructured or down right complicated to use. For the record, I am not referring to any particular vendor indirectly here – these are plain and objective terms to meter by. Of course it is any vendors prerogative to protest that things aren’t being done right, if there is an easier way that has been overlooked. Either way, this cuts the non-technical muglers out of the discussion, so us folks on the factory floor, the engineers can better figure out what product we want to use and recommend.

This is exactly the approach Paul Newton has taken in this article series, which has been moved to the Techlibrary. Let us hand it over to Paul from here: Click below to read the articles:

doc-icon2<<< Part 1: Drivemappings

doc-icon2<<< Part 2: Desktop shortcuts

 

The RES Community – Now with Ninjas!

community-hero-logoFrom the Community Hero Dept. It’s been a while since I took time to look at the RES Community landscape. Yesterday I was pleasantly surprised to find that a new site came up a couple of months ago. I must admit I discovered it only by accident, through the referring sites report on my HiStats. Anyway, allow me to present a promising new site: RESninja.com!

resninja

Right now I actually have no clue who’s running the site, although it seems that the folks behind it know me well. I guess that’s how ninja’s roll :-) Believe me, I fully understand the value of running a site incognito initially. Half a decade ago, some marketeers here at the company did not like one bit what I was doing, hence for a while nobody knew who was behind RESguru. Fortunately those individuals are long gone and I am proud to have a fruitful and collaborative relationship with RES Marketing as of today. These folks truly understand the value of having a semi-rogue and opinionated technical blogs like RESguru in the eco-system.

@Sensei (who I gather is the editor at RESninja) –  I am truly happy to see that you folks have joined the ranks of community content providers. Good-natured competition with a bit of attitude never hurts, so I’m stoked to see you guys have “thrown the sword” and taken the challenge. I for one look forward to see what content the ninjas will bring us next!

In general – If you are a start-up tech blogger and you’re writing anything about RES technology, please reach out if you would like to have your site showcased. You don’t need to have created a truckload of material up front – basically one article is enough, as it’s the will to share RES technical knowledge that counts. I would also like to add that if you don’t have your own blog, the doors at RESguru are always open for guest writers.

 

All about the Workspace Manager SR2

By Max Ranzau

From the There-We-Fixed-It Dept. Once again it’s that time of year where we get the extra presents that didn’t quite make it under the tree. Today RES Software released the long awaited Service Release 2 for RES Workspace Manager. As always due to that I’m on Pacific time, I’m more or less the last RES guy on the planet to know – but hey – at least I can share the nitty-gritty details with you. This time around you’re in for a treat, as the the update contains a massive overhaul on the Citrix publishing subsystems, among other things. As per usual the Service Release is available to our subscribed customers and partners at the RES Support portal. Now, let’s have a quick look at the most interesting things in SR2:

  • handfullofappsAbility to remote publish XenApp published apps ! Yay – this was a personal thorn in my side, as up to now the only way to publish was to run the RES WM console on top of one of the XenApp boxes, as we previously could only communicate with the old MFCOM objects directly underneath. You still need a WM Agent installed on the target publishing XenApp server, as it’s the one doing the handywork. The difference is that now you can publish even from an admin workstation running the WM console.
  • workergroupsSupport for XenApp 6.5 WorkerGroups: Another big enhancement on my wishlist. Even though that Workspace Manager has had servergroups for many years providing this functionality back from the early Citrix Presentation Server days, when Citrix finally added a group object in XAS6.5, we of course had to support it, so customers do not have to do double work.
  • Cross-Farm publishing: RES Workspace Manager SR2 allows you to publish an XA app across multiple farms. Note that if you’re using Relay Servers, they must be upgraded to SR2 as well for this to work.

There is a few other items that relate to Citrix, which you can read more about in the release notes. Other than that, some other noteworthy items:

  • A slew of new registry tweaks to Workspace Manager. The Registry Guide to Workspace Manager has been updated accordingly. See fixes 073 to 066
  • Various performance enhancements on Database Connectivity, User Settings and Logon time. Note: There is a specific reghack to boost logon time when offline. 
  • laptopA new setting under Setup|Advanced Settings: The option is to quote the release notes; “set delay for network refreshes when network connectivity changes”. This works well where a laptop may change network connectivity within a short period of time, possibly causing unnecessary Workspace Composer refreshes. Also, by configuring a delay, you can ensure that the ‘new’ network connection is fully established before the refresh takes place, preventing long refresh actions. Default value is 0 (zero) seconds, meaning it’s business as usual unless you change it.
  • Hiding apps in the startmenu when using merge-mode is now possible when managing the startmenu. Something I’m personally quite happy about, as I got egg on my face during my last training class due to just that :-)
  • Several labels and default views have changed as part of decluttering the console. Nothing crucial, but you might just want to glance over the releasenotes to for a heads-up on all items.
  • New Zone rule for computer’s AD group membership. This has been a long standing wish of mine since we could check on the site and OU of the computer, so now this part of the big picture is complete.
  • New commandline option to export the Network Security log as XML. See this section of the updated WM CommandLine reference for further info.
  • Exception tab on Agents: I believe this is a very important piece to understand for designers and architects (which is why it probably deserves it’s own article at some point): The short story about SR2, quoting from the releasenotes, is that Agent-related zone rules set on the Workspace Container are now taken into account when determining the applicability of an exception tab for the node Administration | Agents. This makes it possible, for example, to define different Datastore or Relay Server connections on exception tabs based on Agent-specific properties such as IP address. Note that the following zone rules are not Agent-specific and are therefore not evaluated when defining the Workspace Containers on which to base an exception tab for the Agents node:
    • Citrix Receiver client type
    • Session Type
    • (Partial) terminal server listener name
    • User property
    • VDX / Workspace Extender

    The Workspace Container’s Access Control/Identity is still ignored for exception tabs on the node Administration > Agents; and the evaluation of Workspace Container applicability for an exception tab remains unchanged for all other features and nodes.

  • Windows-8-logoLast but not least is the question on everybody’s lips: Does SR2 support Windows 8? The answer is yes and no. Yes, the software is supported running on Windows 8. Yes, it can now recognize Windows 8 as there’s now OS Zone rules for Win8 and Server 2012. This makes the temporary hack I created in article RG04C obsolete. However SR2 does NOT include management of the Metro/Modern tiles. Aparently there are some things we are working on together with Microsoft in order to make that a reality. Hopefully we’ll see this in the next Service Release.

For now, here are the releasenotes for you to download: pdffile

Enjoy!

 

New Reference Architecture doc for WM

scrollFrom the Document Division. Those following me on twitter (@RESguru) saw yesterday the release of the Reference Architechture document for RES Workspace Manager. This document is interesting as it covers many of the questions our partners and customersreswm-solutionscope have had in regards to best practices, the Relay Server, diskspace consumption and bandwidth usage. The document also covers the complete solution scope, making it easier to understand where RES Workspace Manager fits in.

The document can be downloaded here: pdffile 

 

New Tool: GPO to RES Converter

From the Community Hero Dept. One of the things I state over and over, is that we're our own worst critics here at RES Software. While this is good thing, yammering about stuff, is one way of getting things changed. Another approach is actually DOING something about it yourself. This is the reason why I want to highlight a really nice tool, called ImportGPO – which my good friend and colleague, Dennis Raemakers has developed on his own. Today I'm proud to be able share it with the RES community at large:

The ability to read the given configuration information stored in GPO's and import it into the RES Workspace Manager, has been a long sought after feature. This is exactly what this tool does and a bit more! While there are other tools out there, such as the previously covered VEToolkit, which does similar – the more tools of this kind enriches the RES community resource pool. Either way, the advantage of exporting the GPO's themselves is that they contain the whole picture, not just the resulting set o settings being applied via the .POL files. The ImportGPO utility works like this:

  1. First go to a Win7/2008 box and start your Group Policy Management Console, for example by running GPMC.MSC
  2. Now navigate to the policy which you want to convert. Go to the Settings tab
  3. Rightclick and chose "Save Report.."
  4. Chose to save the report as .XML format (not .TXT) This is important.

Just do it like shown above on the right, where I've used the Domain Default policy as an example.

Once you got the XML export of the given GPO, it's time to fire up the ImportGPO utility, which can be downloaded further down.

In the tool, you want to use the Import XML file button on the right and get the report you've just created into the tool. Once imported, there is a couple of things to know about what you're looking at. All settings in RED are disabled settings. With the checkboxes at the bottom of the screen you can chose to hide disabled settings. You can also decide not to export disabled settings. You might also see some settings appearing in BLUE. These are HKEY_LOCAL_MACHINE based settings. The tool will export both HKCU and HKLM settings as seperate .reg files, which you now can import respectively into Workspace Manager and RES Automation Manager.

The tool also supports GPO's for Folder Redirection. This means if you have a policy which specifies that some shellfolders (such as Desktop or MyDocuments) should be living somewhere else, you can export this to a BuildingBlock that will import directly into the Folder Redirection node of Workspace Manager 2012 (yes, only this version and up). If you import a GPO file which contains any folder redirections, an asterix (*) will flash on each side of the Folder Redirection tab in the tool. All you need to do is go there and select which shellfolder redirections you want to include.

One important thing is the checkbox to enable the Folder Redirection node at the bottom of the tab. Enabeling this box, will instruct Workspace Manager to turn on the Folder Redirection feature under Composition | Actions by Type | File and Folders | Folder Redirection when you import the BuildingBlock. Only do this when you are absolutely sure the paths are valid and sound, otherwise first review the redirection paths in the Workspace Manager console. Also, if you uncheck a given redirection policy, it will still be exported to the BuildingBlock, but will be disabled per default. This concludes the walkthrough of the ImportGPO tool.

Download the ImportGPO v0.3 tool here – This package contains a couple of sample GPO xml exports as well, one for some generic HKCU based settings, and one that contains folder redirection settings.

This is a tool in development and provided as-is. There is good things to come – Stay tuned! If you have ideas or feedback to Dennis on the ImportGPO tool in the meantime, feel free to comment below.

Enjoy!

 

New RES related blog!

From the RES Community Hero Dept. Today I’d like to introduce a new blog site, which one of my good colleagues, Musa Cakar from RES Support has launched. The blog is called My Virtual Environment, or MYVE.nl. His first article is very useful, as it deals with reducing the size of Mozilla Firefox profiles, using the RES Workspace Manager. Be sure to check out the article here!