Xc e 4.5 condensed tech deck 17 dec2012 final
-
Upload
nuno-alves -
Category
Technology
-
view
1.016 -
download
2
description
Transcript of Xc e 4.5 condensed tech deck 17 dec2012 final
XenClient Enterprise 4.5 Condensed Technical Presentation
December 17, 2012
© 2012 Citrix | Confidential – Do Not Distribute2
Agenda
• XenClient Overview
• XenClient Solutions
• Architectural Overview
• System Requirements
• Image Management: Layering and Publish Process
• Policy-Based Management
• Data Protection: Disk Encryption and User Data Backup
• Data Backup
• References and Resources
© 2012 Citrix | Confidential – Do Not Distribute3
Centralized ControlPolicy-driven Management Server
XenClient Simplifies and Secures Corporate PCs
© 2012 Virtual Computer Inc
Secure and Optimized Local ExecutionTrue Type-1 Client Hypervisor
© 2012 Citrix | Confidential – Do Not Distribute
Make PCs manageable, reliable, & secure3
© 2012 Citrix | Confidential – Do Not Distribute4
XenClient Components – Client Endpoint
• Engineᵒ Type-1 hypervisor running directly
on the hardware and hidden from the user
• Launcherᵒ The UI which provides an interface
to the user
• Dockᵒ A Dock that provides Citrix Receiver,
RDP Client, and Google Chrome
© 2012 Citrix | Confidential – Do Not Distribute5
XenClient Components – Synchronizer
Objects Description
Users Computer, policy and VM assignments plus backups for each VM
Groups Which users belong to which groups, and group assignments
VMs Which OS, and version, which groups and users, policies
Policies Backup frequency, USB and other device, VM and computer access control, and more
Software What is available in the Software library
Computers Which users are supposed to use them
Events Detailed audit trail of actions for each object
• The management server performs all the administrative tasks for the solution. It keeps a database of all objects in the XenClient Enterprise solution.
Synchronizer Tasks: • Create VMs (Authoring)• Publish VMs• Create Users and Groups• Assign a VM• Restore a VM
© 2012 Citrix | Confidential – Do Not Distribute6
What's New in XenClient Enterprise?
Next Generation Global Desktop
Expanded Use Cases
Supports the latest Ultrabooks and Intel 3rd generation processors Windows 8 support Now available in English and 6 other languages for major markets!
Enables more enterprise network policies with VLAN tagging NetScaler support for Synchronizer external network access
Increased Performance
Dual monitors in dock support Improved hypervisor boot time import and export VMs directly from the client hypervisor
© 2012 Citrix | Confidential – Do Not Distribute7
Customer Challenges and Opportunities• Companies buy thousands units of PCs each year and need a better way to manage their current & new PCs• PCs deliver excellent local performance, but are riddled with patch failures, reliability, & security issues• Traditional Device Management is expensive , distracts focus and budget from higher value service delivery• XenClient FlexCast model turns PCs into Virtual Appliances, cutting management & operations costs by 70+%
Solution includes:
• XenClient Engine to secure PC endpoints and turn them into easy-to-manage Virtual Appliances
• XenClient Synchronizer for simple centralized management of fully virtualized desktops running on PCs
• Citrix Receiver for access to hosted XenDesktop or XenApp in addition to the local virtual desktop
• NetScaler integration for providing secure access to the management interface from any location
Effortless Device Management for PCsProject-based solution
Features BenefitsFailsafe Provisioning, Patching, & Updates
Provision 1000s of PCs as easily as one, eliminate patch failures, and achieve 100% success rates on updates
PC Execution for Local Uses Cases
Delivers local execution for use cases that need them – including distributed offices, limited network bandwidth, etc.
Excellent Scalability with Near-Zero Infrastructure
Offers near-zero backend infrastructure cost by harnessing inexpensive compute and storage available on endpoint PCs
Secure, locked-down, but personalized desktops
Secure the PC with full-disk encryption, protected VM image for instant recovery from malware or corruption, and network isolation
High Reliability and Rapid Recovery
Delivers high reliability with zero patch failures, transparent backup, rapid recovery, and instant full migration to new PCs in case of hardware failure
Value Story:
Citrix delivers the lowest-cost, simplest device management solution for PCs, turning them into centrally managed Virtual Appliances, for use cases where organizations are already using PCs or are planning to purchase them.
© 2012 Citrix | Confidential – Do Not Distribute8
Customer Challenges and Opportunities• The number of enterprise laptops is increasing rapidly with users spending more time outside the office• Lost data on insecure laptops leads to financial losses, negative customer/market impact, and legal liability • Laptops are difficult to manage and update because of how often they are off the LAN or disconnected• Reliability and rapid recovery is critical for laptop users who are traveling and cannot be visited by IT
Secure & Manage Mobile LaptopsProject-based solution
Features BenefitsHigh Security for Mobile Laptop Users
AES-256 bit full-disk encryption, time-based lockout, and remote kill capabilities protect sensitive corporate data even if a laptop is lost
Failsafe Management Off the Corporate Network
Achieve 100% success rates patching and updating laptops regardless of whether they are on or off the corporate network
Extending Desktop Virtualization to Laptops
Extend desktop virtualization to offline laptops to gain all the benefits of centralized management, enhanced reliability, and high security
Transparent Backup to Protect Corporate Data
Automatically synchronize user data and profile information in the background to protect corporate data against loss or corruption
High Reliability & Rapid Recovery on the Road
Delivers high reliability with zero patch failures, complete data protection, and instant malware/corruption recovery to laptops users on the road
Solution includes:
• XenClient Engine to completely secure laptops online and off, turning them into easy-to-manage Virtual Appliances
• XenClient Synchronizer for simple centralized management of virtual desktops that work both online and off
• Citrix Receiver for access to hosted XenDesktop or XenApp in addition to the local virtual desktop
• NetScaler integration for providing secure access to the management interface from any location
Value Story:
Citrix XenClient extends the benefits of desktop virtualization to corporate laptops, turning them into Virtual Appliances that are completely manageable, reliable, and secure.
© 2012 Citrix | Confidential – Do Not Distribute9
Architectural Overview – Engine
Hardware
Xen™ Hypervisor (Open Source)
… ServicesDomain(DomS)
Managementand Control
Domain(Dom0)
• True Type-1 Hypervisor (No OS below the hypervisor layer)ᵒ Fully virtualized platformᵒ Supports wide range of business-class PCsᵒ Full shared image support for Windows 7, XP & Vistaᵒ Linux supported as custom image or local install (Note: Support is unofficial since there are no PV drivers for Linux)
Virtual Machine #1 Virtual Machine #2
Virtual HW
Windows XP
Applications
User Data
Virtual HW
Windows 7
Applications
User Data
Shared ImagePatch
BackupStore
ManagementServer
© 2012 Citrix | Confidential – Do Not Distribute10
Architectural Overview – Synchronizer
Central Server
Console
Control
Repository
API
LDAP
SQL
Hyper-V
FileSystem
ManagementServer
Storage
© 2012 Citrix | Confidential – Do Not Distribute11
Architectural Overview – Synchronizer InfrastructureServer Components
Management Server XenServer, VMware, Hyper-V or Physical Stores one copy of each image and patch Distributes to all attached devices Stores backups
Authoring Server Physical Server Runs Server 2008 w/ Hyper-v Authors VM’s centrally Publish/patch VMs
Both components can be installed on a single systemDistribute across multiple systems for larger deployments
© 2012 Citrix | Confidential – Do Not Distribute12
Central
Architectural Overview – Hierarchical Mgmt
Management Server (Web/App)
SQL
Remote
Caching Server
WANSQL Server (1433)
HTTPS (443)
• Optimized for low-bandwidth/WAN environments• Intelligent caching of downloaded images• Efficient use of bandwidth between remote offices
• At Remote Office• Local LAN operations for publishing/backups• One copy of OS image and patches• Backups stored locally in Remote Office
• At Central Office• Single view of Environment through management UI
© 2012 Citrix | Confidential – Do Not Distribute13
Architectural Overview – OS Management
Shared ImagePatch
BackupStore
Update
SystemVHD
UserVHD
Backup
LocalVHD
ManagementServer
Shared System DiskOne to many, patch once, publish many
Persistent User DataBacked-up on server for instant recovery
Persistent Local Data (no backup)Page.sys, temp files, indexes, .ost files
One to many from server
SnapshotFor backup
FastRecovery
© 2012 Citrix | Confidential – Do Not Distribute14
System RequirementsClient Hypervisor (Engine)
• Processor:
- Dual-core processor with hardware
virtualization technology support
• System Memory: We strongly recommend at least 4 GB of RAM
• Available Disk Space: 80 GB free disk space, more for multiple OSs
Management Server (Synchronizer)• Operating System:
Windows Server 2008 R2 with Hyper-V (Standard, Enterprise or DataCenter)
• Processor: ᵒ Authoring Server
• 2 Xeon class cores enough to create and update virtual machine images
ᵒ Management Server• 1-2 cores for running backend server• 3 Xeon class cores for each 1GB LAN connection
• System Memory: 8 GB minimumᵒ Authoring Server
• Recommend 6GB free for creating and updating virtual machine images
ᵒ Management Server• Minimum is 8GB• Increasing to 16GB will give the best performance
Browser to connect to Management Server:• IE 9 recommended• Microsoft .NET Framework 2.0 installed• RDP ActiveX control enabled
© 2012 Citrix | Confidential – Do Not Distribute15
Image Management – Layering
• All patches are processed in the background
• All backups are uploaded in the background
• The VHD chains are handled by the engine
Version 1
Version 2
Version 3
Version 4
Base System VHD
The first patch becomes the top of the chain
Adding patches will grow the chain
Pointer to run to the top of the chain (current)
Gold Snap 1 Snap N Leaf
How layering works in XenClient Enterprise:How XenClient Enterprise rolls back an image:
© 2012 Citrix | Confidential – Do Not Distribute16
VM
version1.vhd
version2.vhd
version3.vhd
nxprep.vhd
snapback.vhd
user.vhd
local.vhd
Drive C:
Drive U:
Drive L:
Hypervisor
Downloaded from the backend
Contains NxPrep Results
• Computer name• Domain Account• Device Initialization• NxPrep Extend
Contains any changes made since VM has started
Image Management – Layering
© 2012 Citrix | Confidential – Do Not Distribute17
Image Management – Backups
Drive C: Drive U: Drive L:
Files:C:\C:\Program FilesC:\UsersC:\Users\AdministratorC:\Users\DefaultC:\WindowsC:\Nxtop
Files:C:\Program DataC:\Users\johnsC:\Users\PublicC:\Users\Default
Registry:User disk registry entries
Files:C:\Windows\PrefetchC:\Users\johns\AppData\Local\TempC:\Program Data\Microsoft\SearchC:\Program Data\Microsoft\WindowsDefender
Registry:Local disk registry entries
LocalUserSystem
© 2012 Citrix | Confidential – Do Not Distribute18
Publishing Process – Publishing a VM
Publish Process
• One-time setup, done against initial VHD version• NxTop Service injected offline• Standard software packages installed.
• Per-published version processing• Create differencing disk to hold publish
changes• referred to as ‘n-diff’
• Hyper-V Publish Boot• PV drivers installed• No hardware yet – just added to Windows
database• Final VHD chain is (1..n, n-diff)• Communicated to client in XML description of
VM
Publish Boot Details
• Process Takes ~5 mins• Configure Windows Services• Install PV Drivers & NxTop Mgr Service• Uninstall Hyper-V integration services (3 mins)• Disable services• Speeds up Publish/NxPrep process• Services are enabled again at end of NxPrep
© 2012 Citrix | Confidential – Do Not Distribute19
Publishing Process – Publish Chain
Version 2
Version 1
Version 3
Version 4Versions can be marked as a Staged version for testing. Only users marked to receive a staged version will get them.
2-diff
4-diff
1-diff
Current
Staged
Base System VHD, the start of the chain when the VM is first installed.
When Version 1 is published, the results are stored in 1-diff.
When Version 1 has been published, future patches are applied to a new Version 2 diff disk
When Version 2 is published, the results are stored in 2-diff
Non-published versions can be created as checkpoints.
© 2012 Citrix | Confidential – Do Not Distribute20
Version 2
Version 1
Version 3
Version 4
2-diff
4-diff
1-diff
Current
Staged The most recent version (or versions) can be deleted using the Rollback feature if they are broken.
The topmost versions are simply removed and discarded (so long as no clients are currently using the version)
Publishing Process – Publish Chain Rollback
© 2012 Citrix | Confidential – Do Not Distribute21
Preparation Process
•Client downloads required VHD files•All elements in system disk chain (1..n,n-diff)•Only loads those not already present locally
•User disk chain if it exists•User disk created on client when VM first deployed to user
•Push n-diff-1 disk onto system disk stack•Push new diff disk onto user disk to hold updates•Create local disk VHD if not present•Boot into NxPrep•VM booted with minimal memory size and no network•Runs at the same time as the existing version•Uses PnP to install virtual devices:•QEMU emulated devices not present on server•PV devices (disk, network, mouse, etc)
•Performs user personalization•Rename NxTop user for workgroup users•Create domain account profile
System Disk Collapse Process
•Intent is to collapse entire (1..n) chain•Improve performance•Reduce disk usage•Resulting chain is (1’,n-diff-1,n-diff-2)
•Chain is collapsed in one step•Blocks in versions (2..n) are written to version 1•For each 2MB block, find all the modified sectors in (2..n)•Write these sectors to version 1•This produces updated 1’
•Once complete, VHD chain updated•(n-diff-1) updated to point to (1’)•Meta data updated to indicate (1’) contains all previous versions
•Lastly, old versions (2..n) are discarded.
Publishing Process – Engine-Side Processes
© 2012 Citrix | Confidential – Do Not Distribute22
Policy-Based Management – Overview
Policies control aspects of a VM, Engine, or Synchronizer
• Policies are defined in the Synchronizer, and then assigned to VMs.
There are 3 basic types of policies in XenClient Enterprise
• Virtual Machine policiesᵒ These policies control various aspects of how a virtual machine (VM) performs
• Engine policiesᵒ Deals with Launcher, Activities Center, Network and Power Management
• Synchronizer policiesᵒ Used to define Admin roles and bandwidth control for e.g. updates
© 2012 Citrix | Confidential – Do Not Distribute23
There are nine different types of XenClient policies:• Administrator Role: Allows an administrator to assign privileges based on an assigned role• Backup: How often automatic backup is performed and how long backups will be retained• Bandwidth: Set the bandwidth policy for an IP or subnet (max bandwidth, time period, etc.)• Engine: Engine Policies affect behavior of XenClient Engines, not VMs• Default policy sets behavior for all XenClient Engines associated with a Synchronizer
• Expiration: Limits VM use to a number of days from first use• Lockout: How long the computer can be out of contact with the Synchronizer before locking users
out of the VM (lease period)• OS Profile: A set of rules for the OS for special handling for applications, services, or other setting. • Snapback is the ability of the OS to return to the condition of the last XenClient publish and
discarding any made changes. • USB Filter: The types of USB devices can be used on the VM• Windows Setting: Establishes logon types and automatic logon settings for users. Configures VLAN
tag settings
Policy-Based Management – Setting Policies
© 2012 Citrix | Confidential – Do Not Distribute24
Partition 2Partition 1BootMBR
Encryption Architecture
Unencrypted K2 Encrypted
VHD RepositoryControl DomainTrustGRUB
BIOS
K1 Encrypted
/boot
unencrypted
encrypted
K1 K2
1 2 3 4
© 2012 Citrix | Confidential – Do Not Distribute25
Data Protection – Remote Kill• Shreds all encryption keys
ᵒ So an encrypted boot can’t be read
• Deletes all VM VHDsᵒ Any running VMs will have blue screen at some point when the data can’t be read.
• Writes random data all over the physical diskᵒ Will completely wipe our software and entire disk (and anything on the system
including dual boot roots)
• Finally, system is halted after 30 minutes if not already stopped
© 2012 Citrix | Confidential – Do Not Distribute26
Data Protection – User Data Backup OverviewBacked up on a schedule
• As defined by policy
Items Included Out-of-the-Box• Users directories• Personalization (Wallpaper, Application data)
OS Profile Customization• XML language defines files/registry values to save
Client-Side Process• Snapshot created on scheduled basis
• Pause guest• Add new diff disk “user-diff-m” onto head of user chain• Update guest to use new head• Resume guest
• Backup sends previous diff disk to server• Sends “user-diff-(m-1)”
• Once backup sent, merge to single VHD• When system is idle
© 2012 Citrix | Confidential – Do Not Distribute27
Data Protection – User Data Backup Process
UserVHD
Snapshot2
Backup of User VHD: Previous disk in chain uploaded to server when connection available
Snapshot2: New COW disk created when scheduled time for backup reached. Changes made by VM are written to new snapshot.
Snapshot3Snapshot3: If scheduled time for backup reached again, a further snapshot is created.Backup of Snapshot2: Once initial backup has
been sent, second one will be transferred
Initial State: Original User VHD, start of the chain
© 2012 Citrix | Confidential – Do Not Distribute28
Data Protection – User Data Backup Process
UserVHD’ (2..1)
Snapshot3
Once backups have been sent to the server, they are merged into the base disk
© 2012 Citrix | Confidential – Do Not Distribute
Customer Quotes
Thanks to XenClient Enterprise, computers are being deployed to our newest hospital at a fraction of the time it would ordinarily take.
Ames Prentis, CEO, IVG Hospitals
XenClient Enterprise is the first product I have ever tested where my users want to adopt merely by word of mouth. We had employees at all levels literally begging to get these systems.
Alan Rabideau, CIO, Residential Finance Corporation
By using XenClient, we can centralize the management of PCs remotely instead of traveling to each site to deploy, update or patch. This has greatly reduced our costs and increased the productivity of our IT staff.
Kraig Stewardson, IT Desktop Manager, Life Time Fitness
© 2012 Citrix | Confidential – Do Not Distribute30
More Technical Resources• Watch XenClient “How-to” videos in the XenClient Enterprise 4.5 How-to Series
• Get more information from the Extended XenClient Technical Presentation
• Get specific technical information about XenClient from the Knowledge Center
• Get technical support from the XenClient Support Forums
• Get the latest XenClient Customer Presentation for use with prospects
• Get the latest sales resources from the XenClient Sales Kit
• Keep up with latest XenClient news by subscribing to the XenClient Blog RSS feed
• Contact the XenClient sales overlay team at [email protected]
• Download the latest version of XenClient at www.citrix.com/xenclient/tryit
Work better. Live better.