Today, Citrix announced a new, permanent XenDesktop trade-Up program. (Well, mostly permanent – the special offer to users with expired Subscripion Advantage only runs through the end of 2011.) This new offer shouldn’t come as a big surprise, as all indications were that there would be some kind of upgrade path provided after the last trade-up program expired at the end of 2010. What did come as a surprise is the announcement of a concurrent-use (“CCU”) license model for XenDesktop Enterprise and Platinum. The new CCU license is good news for XenDesktop v3 customers, some of whom have not upgraded to XenDektop v4 or v5 because they didn’t want to give up the CCU license model.

The new trade-up program will allow XenApp users to trade up to either the user/device-based license model or the new concurrent use license model. New concurrent use licenses cost roughly 2x the cost of a user/device license. Here are the high points of the new trade-up program:

• As was the case with the earlier trade-up programs, XenApp users can choose a straight one-for-one deal, where they receive one user/device XenDesktop license for each XenApp license, or, if they trade up all of their XenApp licenses, they can choose a two-for-one deal, where they receive two user/device licenses for each XenApp license. It will just cost you a little more than it would have if you had done it before the end of 2010.
• Through the end of 2011, customers with expired Subscription Advantage can trade up their licenses for the same price as customers with current Subscription Advantage – and take advantage of the two-for-one deal. After December 31, 2011, it will cost an additional $50/license if your Subscription Advantage is expired.
• You can now choose to trade up your XenApp licenses one-for-one to XenDesktop concurrent use licenses – although it’s more expensive than trading up to user/device licenses.
• “Trade-up PLUS” – If you trade up all of your XenApp licenses, you can purchase additional XenDesktop licenses (on the same order) for 10% off the suggested retail price. These additional licenses do not have to be the same product version as the version you’re trading up to, i.e., you could trade up to XenDesktop Platinum Edition, and purchase additional XenDesktop Enterprise licenses (although I’m not sure why you’d want to).
• “Trade-up MAX” – If you trade up all of your XenApp licenses, and purchase additional XenDesktop licenses for all of your remaining users (on the same order), the additional licenses would be 35% off the suggested retail price. Again, the additional licenses do not have to be the same version as the trade-up licenses. The order must total a minimum of 2,500 XenDesktop licenses, including both the licenses received via the trade-up offer and the additional licenses. Citrix will accept data from Dun & Bradstreet or Hoovers.com, or the user count from an active Microsoft Enterprise Agreement as evidence of how many users you have.

Here is a summary of the new trade-up suggested retail prices:

Trade-up From	Trade-up 2:1 (User/Device)		Trade-up 1:1 (User/Device)		Trade-up 1:1 (CCU)
	XD-E	XD-P	XD-E	XD-P	XD-E	XD-P
XenApp Platinum	n/a	$185	n/a	$135	n/a	$220
XenApp Enterprise	$130	$275	$85	$225	$155	$330
XenApp Advanced	$190	$330	$140	$280	$230	$395
XenApp Fundamentals	n/a	n/a	$140	$280	n/a	n/a

Note that if your Subscription Advantage is expired, all of the prices above will go up after December 31, 2011. Note also that if you purchased XenApp Fundamentals bundled with Microsoft Terminal Services CALs, and you want to keep those Terminal Services CALs after the trade-up, you must specify that on your trade-up order. Otherwise, the Terminal services CALs will be rescinded along with the XenApp Fundamentals licenses that you’re trading up.

Citrix has provided a new Trade-Up Calculator that makes it really easy to figure out what your trade-up cost will be. You simply enter your data – how many XenApp licenses you own, how many you’re trading up, what edition your trading up from and to, whether your Subscription Advantage is current, whether you’re trading up all of your licenses, and whether you want to purchase additional licenses along with your trade-up – and the calculator will give you the various options available to you, along with the suggested retail price of each option.

I’ve found that one of the least-understood features of XenApp is “VM hosted apps.” So, gentle reader, I thought it was time to try to bring some clarity to what is actually a very cool piece of technology, and may actually be the solution for how to continue to deliver IE6 for the Web apps that require it, even after you upgrade to Win7. (As you probably know, Microsoft has, so far, taken the position that packaging, streaming, or otherwise delivering IE6 by itself is a violation of their license – much to the consternation of users who have applications that depend on it.)

Why it exists
Anyone who has been around the block a few times with XenApp knows that there are some applications that just don’t play nicely in a multi-user environment. I can tell you that our own engineering team has become quite talented at making applications run in a XenApp environment even when the application vendors themselves said it couldn’t be done. And as the older DOS-based and 16-bit Windows applications gradually die of old age, things in general are getting better. Tools like application isolation and application streaming can help as well. But every now and then, you’ll run into an application that either just won’t run in a Remote Desktop Services (formerly Terminal Services) environment, or won’t play nicely with other applications, or misbehaves when more than one person at at time tries to run it.

We also occasionally run into applications that require some kind of hardware “dongle” as a license enforcement mechanism. Other applications have license mechanisms that are dependent on IP or MAC addresses, and/or save user-specific information that will require the application user to go back to the same system each time s/he wants to run the application. Finally, there may be users who need a very high-performance graphics processing unit, e.g., to run a graphics-intensive CAD program.

To help you deal with this, Citrix included a little bit of XenDesktop technology in XenApp, beginning with XenApp 5 Feature Pack 2. It’s only fair, after all, since XenApp functionality is now included in XenDesktop Enterprise and Platinum Editions, but while XenDesktop 4 (and now XenDesktop 5) includes all the functionality of XenApp for delivering applications to your XenDesktop users, XenApp’s VM hosted apps feature contains just enough XenDesktop functionality to create virtual – or physical – desktop systems specifically to run individual applications. In fact, that’s all those systems do. You can’t deliver multiple VM hosted apps from a single PC Operating System (well, not very easily anyway).

How it works
First of all, you have to build out the basic components of a XenDesktop farm. Yes, it can share some components with the rest of your infrastructure, but you’re going to need to build a Desktop Delivery Controller, you’re going to need a XenDesktop farm database, you’re going to need either a virtualization host (if you’re going to use virtual PC instances) or some physical PCs or blades, and you’re going to need an Operating System image with the target application installed into it. You may also deploy Provisioning Services if you want to stream the OS image either to your virtual infrastructure or to your blade PCs. In short, you go through the same process that you would go through if you were putting together a XenDesktop infrastructure to deliver a virtual desktop…but in this case, we’re delivering an application, not a desktop.

Here’s a high-level overview of the process:

• Create an OS image.
• Install the XenDesktop Virtual Desktop Agent into the image.
• Install the desired application. If the application needs “helper apps” (e.g., an accounting app may require Microsoft Excel to display reports), you can install them too. You can even install the Citrix Online Plugin, Offline Plugin, Single Sign-On Plugin, etc., if you want to launch those helper apps on a XenApp server or have XenApp stream them down to the desktop image for local execution.
• Create a shortcut for your desired application. If you really need to launch multiple applications, or launch something like the Citrix Online Plugin, create a script or batch file to launch the applications you want to launch, then create a shortcut to that script or batch file instead.
• Place that shortcut into the C:Program FilesCitrixICA ServiceSeamlessInitialProgram folder of your desktop image. NOTE: If you try to put more than one shortcut in that folder, you will get an error!
• Using the Citrix XenDesktop tools, convert your image into a VHD if you’re going to be streaming it via Provisioning Services or deploying it in a virtual environment. Like any other XenDesktop image, it can be a private image that is either preassigned to a specific user or assigned on first logon, or it can be a public image that you use with Provisioning Services to boot and run multiple instances.
• Publish that application. It can be displayed via the Citrix Web Interface right alongside other applications that are being delivered via XenApp.

When the user clicks the icon, the application will be launched within the desktop OS, but will run as a “seamless app,” meaning that it looks and feels to the user as though it was running locally (just as applications published from the XenApp farm do). The user will never know, or care, which apps are running on XenApp servers and which are running on desktop OS instances.

Just as you would with any other XenDesktop deployment, you can configure, via the Desktop Delivery Controller, how many OS instances you want running in an idle state at any given point in time during the day – this eliminates the need for the user to wait for the PC/OS to boot before launching the app. Remember, though, that a desktop OS is not multiuser…meaning that if you have ten people who may need to run that application at the same time, you have to provide resources for ten virtual PC instances (or ten blades, as the case may be). And if you have two different applications that need to be deployed this way, you’re probably going to need to provide separate resources for each application. (Yes, I suppose you could create a script that launched both apps – but do you really want your users to click on a single icon and launch two completely different apps? Never mind the fact that the users who need one of the apps may have no overlap with the users who need the other one.)

Here are a couple more things to remember:

• Your users are going to be remotely interacting with a Microsoft Desktop OS. That means you’re going to have to comply with Microsoft’s VDI licensing requirements. We’ve beat that horse to death elsewhere in this blog, so we won’t go into it again here.
• Citrix never expected that VM hosted apps would be used for more than one or two percent of all the applications you may need to deploy in a XenApp environment. But sometimes that one or two percent represent business-critical apps, even if they’re only business-critical to a handful of your users.
• You do not need XenDesktop licenses to do this. Users who launch a VM hosted app will consume a concurrent-use license from your XenApp license server. Users who launch multiple apps, e.g., a VM hosted app and several other apps delivered via XenApp, will still consume a single license.
• You could also use VM hosted apps to quickly deploy an application while you’re figuring out how to make that application run on XenApp. Once you’ve figured that out, just re-publish the application. The users will never know – they’ll go to the same Web Interface and click on the same icon, and the app will launch.

So – back where we started this: If you’re one of those who are struggling to figure out how you’re going to continue to support IE6 in your environment while still migrating your users off of Windows XP, this is one potential answer for you. Deploy IE6 on Windows XP using VM hosted apps. Your users will never see the XP desktop, so they’ll never know.

A very cool tool to have in your toolbox, in our opinion.

If you want to know more about VM hosted apps, here are a couple of videos from Citrix TV. The first is from the XenApp Expert Series, with our old buddy Vinny Sosa (on the left) and Modesto Tabares talking about various use cases for the feature. This one will take you about 25 minutes if you watch the whole thing:

…and here’s a more technical video from the Learning Lap series that actually takes you through the installation and configuration of VM hosted apps. This one is about 20 minutes long:

This is big news for anyone who wants to use XenDesktop to facilitate a Windows 7 migration. Here’s why: It only takes a moment’s thought to realize that if your desktop virtualization project simply trades inexpensive desktop SATA storage for expensive data center SAN storage, it’s not going to do good things for your ROI. So provisioning your virtual desktops from a shared Standard Image is a must. And that’s what Provisioning Services (“PVS”) allows you to do. If your standard Windows 7 OS image is, say, 15 Gb, you only need one instance of it on your SAN regardless of how many virtual PCs you’re provisioning from it. Then, using the Citrix Profile Management tool in conjunction with standard Group Policy folder redirection techniques, you can merge user personalization at logon time.

There was only one problem…turning a Win7 vDisk into a Standard Image broke the Microsoft license key. The only way around that was to use Key Management Services (KMS) to auto-activate systems as they were provisioned, but there were problems in using KMS with PVS, as we’ve documented in earlier posts.

I am happy to report that the problem has been addressed in PVS v5.6, SP1, which is now available for download at the Citrix download site. Not only that, but PVS v5.6, SP1, also works with a Multiple Activation Key (MAK) for smaller environments where KMS is not justified. Here’s the difference between the two activation methods:

KMS is a service that runs on a server in your own network. It supports Windows Server 2008 and 2008 R2, Vista, Win7, and Office 2010. However, it requires a minimum number of systems checking in for activation before any systems will be activated. That threshold is 8 systems for server activation, and 25 systems for workstation activation. Prior to SP1, systems provisioned from a Standard Image looked to the KMS server like the same system checking in again and again, so the threshold counter didn’t increment. SP1 fixes that. Please note, however, that you must be running KMS on a 2008 R2 server if you want virtual machines to increment the threshold counter.

With an MAK, the activation server is hosted at Microsoft. The MAK is a reusable key that’s good for a predefined number of activations. With SP1, PVS will cache the activation confirmation code for each system, so they will automatically reactivate on subsequent reboots.

Here is the configuration process, straight from Citrix. First of all, the Imaging Wizard allows you to choose which activation method you’re going to use:

Once you’ve chosen either KMS or MAK, here are the next steps:

KMS Activation

• Reset the activation status on the vDisk image:
  • Boot the master target device from vDisk in Private Image mode
  • Run slmgr.vbs -rearm in console on master target device
  • Shut-down master target device
• Put disk in Standard Image mode and stream. Target devices will automatically register with KMS server, and activate (provided there are at least 25 systems checking in).

MAK Activation

• Put disk in Standard Image mode and stream.
• Use “Manage MAK Activations” to remotely activate streamed target devices. This is done only once per group of devices.
• Provisioning Services will cache activation confirmation code for each device so that devices will automatically reactivate on subsequent reboots.

Kudos to the Citrix PVS development team for getting this done and out the door. Great job!

Volume 9 of the Microsoft Security Intelligence Report is out, and it makes for some pretty interesting reading. Among other things, it talks extensively about botnets – the various “families” of botnets, how they are used, how they work, and how access to them is sold and traded on the black market. Why? Because (quoting from the report), “When we look at that intelligence as a whole, it’s clear that botnets pose one of the most significant threats to system, organizational, and personal security.”

One of the things you’ll find in the report is a discussion of the infection rates of different versions of the Windows Operating System. You may have noticed that every now and then, as part of the critical patches and updates that Microsoft pushes to your PC, there’s something included called the “Malicious Software Removal Tool,” or “MSRT.” Microsoft keeps track of how often the MSRT actually finds malicious software when it runs, and that information is presented here as the number of computers cleaned of bot-related malware per 1,000 executions of the MSRT. Take a look at the following graph, which covers just Q2 of 2010 (click to view larger image):

I would like to particularly direct your attention to the fact that the infection rate for Windows XP SP3 is four times the infection rate for Windows 7, and the rate for Windows XP SP2 is five times the Win7 rate.

I understand that, for some people, the issue of upgrading from Windows XP to something else borders on being a religious discussion. But, honestly, if Windows 7 is that much more secure – which it clearly is – isn’t it getting a bit difficult to justify the “you can have my Windows XP when you pry it from my cold, dead fingers” position?

Of course, larger enterprises have some challenges to overcome. As we discussed in our September post about the cost of a Windows 7 migration, Gartner recently reported that, since most organizations weren’t planning to begin their Win7 migrations until 4Q2010, and with PC hardware replacement cycles typically running at four to five years at present, most organizations simply will not be able to complete a Windows 7 migration through the normal PC replacement cycle before Microsoft ends support for XP SP3. There just isn’t enough time left.

But even if there was enough time – why would you not want to move to an Operating System that’s four times more secure as quickly as you possibly can?

As Gartner pointed out, one alternative is to move some users to a “hosted virtual desktop” instead of a new PC. Translation: Making VDI part of your migration strategy can help get you out from behind the eight ball. It can also boost the overall security of your organization. Doesn’t that make it a conversation worth having?

In our interview with the “Wyse guys,” they talked about the Xenith “zero client” terminal. To clarify, “zero client” doesn’t mean that there’s no local operating system in the device. It means that you – or better yet, your end user – can literally take one out of the box, plug it in, turn it on, and have it up and running with absolutely no need to do anything to configure it. Wyse says you can have it out of the box and running in five minutes. It took us about three…and we weren’t particularly hurrying.

The one thing you do have to do is to configure a DHCP option that will provide a pointer to your config.xml file. When you turn the Xenith on, it will query your DHCP server, and along with the basic stuff like the IP address, subnet mask, default gateway, and DNS settings, the DHCP server will, through the option you configure, provide the Xenith with the URL of your Citrix Web Interface server and the path to the config.xml file. The Xenith boots so fast that by the time your monitor wakes up and syncs to the video signal, you’re looking at a login prompt.

In this video, Steve Parlee of ManageOps and Dave Jolley of Wyse walk you through the process of configuring the necessary DHCP option, and then demonstrate how easy it is to take a new Xenith out of the box and be up and running with a virtual desktop.

At the recent Synergy Berlin conference, Citrix announced Access Gateway 5.0. We have confirmed that, as of now, 5.0 is available for download from the Citrix download site – both as an update for the CAG 2010 hardware appliance, and in Access Gateway VPX (virtual appliance) format. (Note: you will need a “mycitrix” account to download the software.)

One of the things I really like about 5.0 is that it now supports running two 2010 appliances in an active/passive HA configuration with automatic failover. This was a serious shortcoming of the original CAG appliance.

In earlier versions, if you were using the Access Gateway as a general-purpose SSL VPN, you could configure HA of a sort within the Access Gateway client plug-in, by defining primary and secondary Access Gateways for the client to connect to. However, if you were simply running the Access Gateway in “CSG replacement” mode to connect to a XenApp farm without requiring your users to first establish an SSL/VPN connection, you had no ability to provide automatic failover unless you had some kind of network load balancing device in front of multiple Access Gateway appliances. That meant, of course, that to avoid having the load balancing device become a single point of failure, you had to have some kind of HA functionality there as well. By the time you were done, the price tag had climbed to a level that just didn’t make sense for some smaller deployments.

NOTE: This specifically applies to the 2010 appliance. The CAG Enterprise models, because they are built on the NetScaler hardware platform, have always supported operation as HA pairs with automatic failover. Of course, a CAG MPX 5500 also carries a $9,000 list price, compared to $3,500 for a CAG 2010.

Now, with the release of 5.0, you can purchase two 2010 appliances (which will cost you less than a single MPX 5500), and run them as an active/passive HA pair. Thank you very much, Citrix CAG team!

Here are a couple of videos from Citrix TV. The first deals with how to upgrade an existing CAG 2010 to the 5.0 software using a USB flash drive, and then set up the basic system parameters:

The second video shows how to configure a pair of appliances for active/passive failover:

You can access several other “how-to” videos by going to http://www.citrix.com/tv, and searching on “Access Gateway 5.0.”

This is the conclusion of Steve Parlee’s interview with Josh Osborn and Dave Jolley of Wyse. In Part 1, they discussed the Xenith “zero-client” terminal and the new Windows Embedded Standard 7 thin client terminal. In this concluding segment, they talk in more detail about how the Xenith gets its configuration information, as well as the reliability and power savings of Wyse terminal devices compared with desktop PCs.

This week I am getting up close and personal with a  new addition to our fleet of computers, the famous (or infamous, depending on your point of view) Apple iPad.

I have several reasons for doing this:

1. I love my iPhone 3GS with IOS4 and I am excited to see if I will fall in love with a larger HD version of it. More is better when it comes to screen size right?
2. Many of our clients (large and small) are either interested in, or have already decided to support iPads in their IT environment. And many of those who haven’t already decided to support them are feeling huge pressure from their users to provide some level of support.
3. Honestly, my biggest reason for taking this on is that I am a huge geek and love to tinker with new technology to see how it might enhance my life.  If it doesn’t make my life better in some way, then it will end up collecting dust on a shelf or sold on eBay.

Even though the iPad has been out for a while, I wanted to share my unbiased, honest opinion from an IT consumer who also happens to be a technician and consultant.  It might interest you to know that I am a PC and a MAC (and Linux and iPhone and…) – I look at all of these as wonderful tools, and I keep them all in my toolkit and consider which one to reach for depending on the the job at hand.

My first experience with the iPad involved buying one and I grade this experience as a D-.  I simply do not like to purchase a computer online. I want to go see one, touch it, feel it, buy it and take it home.  I visited the Apple store a half-dozen times, and, after not being able to do that (because they were perpetually out of stock), I decided not to buy one.  But after six months or so, I gave in and decided to take Apple up on their standard offer to place my order online. I purchased a 16GB Wi-Fi + 3G model and an Apple iPad Case for $629 and $39, respectively, expecting to have an iPad in my hand in a couple of days. (And I would have, if FedEx hadn’t kept trying to deliver it to my office after hours when no one was there to accept it…but that’s another story.)

The case promises to protect your iPad and be a convenient stand.  My first observation is the case looks like its worth maybe $7 and while it does offer some amount of protection it is a terrible stand.  So my first impressions are not all that great regarding the purchase and the case.

How do I feel about the device itself?  I am going to save the juicy details for my next posting but I will say that after nearly 24 hours I am highly impressed with some features and functions and highly unimpressed with some others. Please stay tuned as I share my experience – I am going to be brutally honest and would invite you to share your thoughts and tips. I may miss some things that you think are important, and would appreciate your tips and observations, both pro and con. Hopefully we can learn from each other how to make this exciting device sing!

Recently, our own Steve Parlee sat down with Josh Osborn, the Wyse Regional Sales Manager for the Northwest, and Dave Jolley, our local Wyse Sales Engineer, to talk about what’s new in the Wyse product line. In this video, they talk about the Xenith “zero-client” device that was introduced last quarter, and the new Windows Embedded Standard 7 device.

Earlier today, at Citrix Synergy in Berlin, Citrix announced XenDesktop 5, which is scheduled for availability in December, 2010. Naturally, we went looking for the “what’s new” list. You can find that list on the Citrix Web site, but, just to save you a few clicks, here’s our take on it.

Most of the user-facing features are evolutionary, as opposed to revolutionary. There have been incremental improvements in devices supported by the Citrix Receiver, the performance of Citrix HDX, user self-service provisioning, and single sign-on. There is also support for XenClient and XenVault, which were recently made available for download as part of XenDesktop 4, Feature Pack 2. But the truly revolutionary, knock-your-socks-off features are on the management side.

Installation and deployment of a large XenDesktop environment is now a snap using the new Desktop Studio tool. Since a video is worth a thousand words, check out the following video demo of Desktop Studio:

But wait! That’s not all! There’s something here for the help desk staff as well, and this may be the coolest part of all. Take a look at a demo of the new Desktop Director tool:

One of Citrix’s stated goals with XenDesktop 5 is to take VDI from “wow” to “how” – to show you how to easily install, scale, and manage a desktop virtualization deployment. Desktop Studio and Desktop Director are huge steps in that direction.