solving user profile challenges - xenapp and xendesktop
TRANSCRIPT
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
1/62
Solving User ProfileChallenges for XenApp
and/or XenDesktopJo Harder, Senior Architect
joharder
http://community.
http://twitter.com/account/profile_image/joharder?hreflang=en -
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
2/62
Answer Depends On . . .
One Profile Type Doesnt Fit All
User requirements and customizationsApplication requirements
Citrix technologies XenApp + XenDesktop, XenApp only, XenDesktop only, or ?
Administrator expertise
Existing infrastructure Current profile solution
Storage
Active Directory GPOs, including folder redirection
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
3/62
Microsoft Local
Mandatory
Roaming
Terminal Services
Mandatory
Roaming
Citrix Profile management
Third party, such as AppSense
Profile Types
So many
what kinprofile is
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
4/62
Logon Process
User Profile Characteristics
GPOs
Folder Redirection
Which User Profile Type Should I Use?
Sample Scenarios
Agenda
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
5/62
Logon Process
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
6/62
Select app andaccess XenApp
Load balancing
Initiate serverconnection
Logon
Authenticate
Load user profile
XenApp
User Profiles
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
7/62
XenDesktop
User Profiles
Apps
User Settings
OS
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
8/62
Logon script
Loops, network printers or subsequent script calls
Drive mappings
Roaming or mandatory profile Large or non-optimal profile
Access across busy/congested network
GPO processing Multiple GPOs
Authentication Domain controllers busy/congested
Access to Citrix resource
Less than optimal XenApp load balancing or Citrix XML Service configuration Less than optimal XenDesktop DDC configuration
Why Does It Take Soooooo Long to Logon?
LogonTime
Logon script
Net
P
Authentication
Access toCitrix resource
Drivemappings (inc.
homedirectory)
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
9/62
User Profile Characteristics
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
10/62
Depending on profile type(s) and
configuration, user experiencemay vary based on access todifferent systemsArghhh!
Customizations retained inuser profile Such as: Control panel settings
What Is a User Profile?
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
11/62
What If No Administratively Defined Profile Ex
Situation XenApp XenDesktop Windo
First logon with no network
profile administratively
designated
New profile created on
that server from local
default user
New profile created on
that desktop from local
default user
New pro
that clie
local def
Subsequent logon to same
computer with no network
profile administratively
designated
Existing profile on that
server accessed and
modified in that session
Existing profile on that
desktop accessed and
modified in that session
Existing
client de
and mod
session
Issues User settings notaccessible from
another XenApp
server
When desktop
reprovisioned, user
settings lost
Settings
and Xen
session
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
12/62
Microsoft Profile Precedence
TerminalServices
Mandatory/Roaming
GPO
User
Properties
NetworkMandatory/Roaming
GPO*User
Properties
Local
*Active Directory on Windows Server 2008 or later and Windows Vis
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
13/62
TSProfile
NetworkProfile
TS ProfileApplied to
XenApp
Apply only to Terminal Services and/or XenApp se Does not apply to virtual or physical desktops But does apply to XenApp published desktops
Network profile applies to Terminal Services and/osession only if no Terminal Services profile
Terminal Services Profile
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
14/62
Located under Users directory Ntuser.dat = roaming profile Ntuser.man = mandatory profile
Ntuser.* populates HKCurrent User hive
System PropertiesAdvancedUser ProfilesSettingsAlso SystemPropertiesAdvanced.exe
Microsoft Profile File
Lab\User1
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
15/62
Also called Mandatory Roaming User assigned a profile; typically a task-based user Changes are not saved
Can be applied to:
Profile
Terminal Services Profile
Works with folder redirectionto save some data and providesome personalization Example: Store Outlook configuration
in AppData
Mandatory ProfileTip
Configure t
Printer Pro
Retention p
store data
client devic
the roamin
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
16/62
Included with: XenApp Enterprise/Platinum XenDesktop VDI/Enterprise/Platinum
Based on acquiredSepago technology
Supported by Citrix
Configured by means ofADM template (GPO)
Citrix Profile Management
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
17/62
Environment Manager is most
commonly used third-party userprofile solution
Sold and supported by AppSenseand partners
Retains user policy andpersonalization settings
Cross-platform (x86/x64 and v1/v2) support
AppSense
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
18/62
Criteria
Local
Mandatory
Roaming
Terminal
Servic
es
Mandatory
Terminal
Servic
es
Roaming
Citri
x
Default setting
Administrative
assignment
Where stored Local
device
Network Network Usually
network
Network Netw
Where user
changes saved
Local
machine
Not saved Network Not saved Network Netw
Data written when
profile saved
All None All None All Delt
on
User Profile Characteristics
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
19/62
GPOs
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
20/62
Consider OU structure
and how GPOs applied Will a specific profile apply to
XenApp, XenDesktop, and/orclient device?
Several dozen user
profile-related GPOs exist Review Administrative templates
settings in particular
Depending on the profilesolution, may or may not impactbehavior
GPOs
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
21/62
User ConfigurationPoliciesAdministrative Tem SystemUser Profiles
Exclude directories in roaming profile
Limit profile size
SystemGroup Policy
Group policy slow link detection
Desktop
Prohibit user from manually redirecting profile folders
Additional User Configuration GPOs
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
22/62
Computer Configuration
PoliciesAdministrativeTemplates SystemUser Profiles
ALL!!
SystemGroup Policy
Group policy slow link detection
Additional Computer Configuration GPOs
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
23/62
Folder Redirection
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
24/62
Redirected folder
data not incorporatedinto user profile
Any type of userprofile can use
folder redirection Even mandatory!
Generally recommended and encouraged Eliminates need to store folder data in user profile
Keeps user profile smaller
Folder Redirection Interaction with Network-BUser Profile
Desktop Folder
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
25/62
Can redirect contents of one or
more folders User ConfigurationWindowsFolder
Redirection
Specific folders vary based onActive Directory version
Data stored on networkAccessible to XenApp and XenDesktop
Works with all profile solutions
Folder Redirection
\\Server01\RedirectedFolders\joh\A
GPO: Citrix
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
26/62
Special Folder Redirection
Maps local Documents" and
"Desktop" folders toadministratively configuredFolder Redirection location
Optional setting applicable to:
XenApp 5 for Windows Server 2008 XenApp 6 for Windows Server 2008 R2
Access to client drives must b
Special Folder RedirectionUser must allow access to local dri
Client drive mapping must not be a
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
27/62
Disabled by default in Web Interface
Enabled by default in Policies To disable, click Enabled to enforce
Do Not Allow special folder redirectioncheckbox
Configuration of Special Folder Redirection
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
28/62
Any type of profile can use
folder redirection Even mandatory!
Centrally stores foldercontents on networknot
on local device Ensure that sufficient and
accessible storage exists
Folder Redirection Considerations
Where are my
documents?!?!?
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
29/62
Logon is slow? Redirect folders such as AppData, Documents, etc., so that
folder data is not loaded with profile, resulting in faster user profile
App makes frequent calls to AppData folder? Dont redirect AppData folder in particular because it will generate
frequent calls to redirected folder repository during user session
Each data fetch makes the app appear slow
What If . . . ?
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
30/62
Which User Profile Type Shoul
Use for XenApp and/or XenDes
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
31/62
Basic questions to ask
It Depends . . .
Will the administratively defined user profile be used to accesXenDesktop, and/or physical client device?Resources Accessed
Are the current and new OSs based on same platform and ve(x86 vs x64 and v1 vs v2)?Operating System
Where are user settings and data saved for each app?
Does the app have any unique requirements that impact the Application Requirements
What type is it? Can/will it be used for XenDesktop as is?Existing User Profile
Will a new profile be designated?
Will it be based on the existing profile or will it be a totally newNew User Profile
Does administrative ease negatively impact users?
Has the user experience been validated?User Experience
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
32/62
CriteriaLoc
al
Manda
tory
Roam
ing
Terminal
Services
Manda
tory
Terminal
Services
Roam
ing
Citr
ix
Prof
ile
Applies to physical
Windows device
(physical
only)
Applies to
XenDesktop
sessions(VDA
only)
Applies to Terminal
Services/XenApp
sessions
(server
only)
Applicability to Resource Being Accessed
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
33/62
Based on XenApp and/or XenDesktop
Viability of User Profile Options
With rare exceptions, a local user profile is not an opbecause cannot be read by another network deviceLocal
If user and application settings support, a viable optiMandatory
If >1 resource accessed simultaneously, potential lasissuesRoaming
Cannot be used with XenDesktopTerminal ServicesRoaming or Mandatory
A viable optionCitrix Profile Management
A viable optionThird-Party such as
AppSense or LiquidWare
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
34/62
Some profile settings dont cross over . . .
Unless profile solution explicitly supports, fully test v1 vs. v2
x86 vs. x64
v1:
Windows XP
WindowsServer 2003
Profile Types and Platforms
Example: Citrix Profile shared between XenApp
Server 2003 and XenDesktop based on Windows
yield unexpected results and is not supported at
v2:
Wi
WiSe
x86: c:\Program Files x64: c:\Program
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
35/62
CriteriaLoc
al
Manda
tory
Roam
ing
Terminal
Services
Manda
tory
Terminal
Services
Roam
ing
Citr
ix
Prof
ile
v1/v2
Futu
x86/x64
Futu
True Cross-Platform Integration
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
36/62
Does app installationfollow standards?
Does app install intoc:\Program Files or
other location?
How will app bedelivered?
Hosted, streamed,locally installed?
Special requirements?Printers, databaseconnection, etc.?
User data?Can unique data be
stored in homedirectory?
App data?
If stored in App Datafolder, use folder
redirection
If stored in otherlocation, can it bemoved, copied, orrerouted to folder?
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
37/62
Common Transitions
XenApp + XenDesktop XenApp XenD
Existing XenApp:Add XenDesktop
Simultaneous use, such as:
XenApp hosted appsaccessed from XenDesktop
XenApp and XenDesktopeach accessed occasionally
Existing XenApp:Transition to XenD
Cutover to XenDe
such as: Users accessing X
today, will only accXenDesktop tomo
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
38/62
XenApp + XenDesktop
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
39/62
Mandatory or Roaming
XenApp + XenDesktop: Existing TS Profile
Options WhenAdding
XenDesktopBased on
Windows 7 VDA
Profile Type NowXenApp
XenApp
Terminal ServicesMandatory
Microsoft: Change GPpointer from Termina
Services tomandatory/roaming
Microsoft: Create newuser profile to be usedfor XenDesktop only
Non-Microsoft: Conveuser profile to a
centralized profile (CitrProfiles, AppSense o
other third party)
Terminal ServicesRoaming
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
40/62
Existing TS Profile
Considerations for XenApp + XenDesktop
If converting TS profile to networkprofile consider whether userprofile should apply to localdesktop or just XenDesktop VDA Block inheritance and/or set up GPO structure accordingly
Using the same roaming profile to access multiple the same time can create last writer wins issuesA better option for mandatory profiles
Terminal Services Mandatory
(ntuser.man)
Mandatory
(ntuser.man)
T
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
41/62
Mandatory or Roaming
XenApp + XenDesktop: Existing Network Prof
Options WhenAdding
XenDesktopBased on
Windows 7 VDA
Profile Type NowXenApp
XenApp
Mandatory
Microsoft: Re-useexisting profile
Microsoft: Create newuser profile to be usedfor XenDesktop only
Non-Microsoft: Conveuser profile to a new
profile type (CitrixProfiles, AppSense o
other third party)
Roaming
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
42/62
Existing Network Profile
Considerations for XenApp + XenDesktop
Mandatory, Citrix, or third-partyprofile solution best options If roaming profile to be opened by both
XenApp and XenDesktop sessionssimultaneously, last writer wins
Last written pro
Roaminprofile
instanc#3
Roamingprofile
instance#1
Roapr
ins
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
43/62
Citrix Profile Management or AppSense
XenApp + XenDesktop: Existing Non-Microso
Options WhenAdding
XenDesktop Bason Windows 7 V
Profile Type NowXenApp
XenApp
Citrix Use same profile
Create additional profAppSense
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
44/62
Citrix Profile Management or AppSense
Considerations for XenApp + XenDesktop
For same user experience, use same profile Most common desired outcome
Citrix Profile management does not currently suppoplatform settings (v1/v2 and x86/x64)
Only deltas written to profile Last writer wins issues minimal or none
Profile streamed Only minimal settings applied during session initiation for faster sta
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
45/62
XenApp XenDesktop
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
46/62
Mandatory or Roaming
XenApp XenDesktop: Existing TermSvcs P
Options WhenAdding
XenDesktopBased on
Windows 7 VDA
Profile Type NowXenApp
XenApp
Terminal ServicesMandatory
Microsoft: Change GPpointer from Termina
Services tomandatory/roaming
Microsoft: Create newuser profile to be usedfor XenDesktop only
Non-Microsoft: Conveuser profile to a
centralized profile (CitrProfiles, AppSense o
other third party)
Terminal ServicesRoaming
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
47/62
Existing TS Profile
Considerations for XenApp XenDesktop
Existing Terminal Services profileconfiguration cannot be used as is Profile itself can be reused; TS setting cannot
If converting TS profile to networkprofile consider whether user
profile should apply to local desktop or just XenDes Block inheritance or set up GPO structure accordingly
Consider also non-Microsoft profile
Terminal Services Mandatory(ntuser.man)
Mandatory
(ntuser.man)
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
48/62
Mandatory or Roaming
XenApp XenDesktop: Existing Network Pro
Options WhenAdding
XenDesktopBased on
Windows 7 VDA
Profile Type NowXenApp
XenApp
Mandatory
Microsoft: Re-useexisting profile
Microsoft: Create newuser profile to be usedfor XenDesktop only
Non-Microsoft: Conveuser profile to a
centralized profile (CitrProfiles, AppSense o
other third party)
Roaming
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
49/62
Existing Network Profile
Considerations for XenApp XenDesktop
Existing network profile can be re-used Being that only one instance opened at a time, roa
work fine
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
50/62
Citrix Profile Management or AppSense
XenApp XenDesktop: Existing Non-Microso
Options WhenAddingXenDesktop Bason Windows 7 V
Profile Type NowXenApp
XenApp
Citrix Use same profile
Create additional profAppSense
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
51/62
Citrix Profile Management or AppSense
Considerations for XenApp XenDesktop
For same user experience, use same profile Most common desired outcome
Citrix Profile management does not currently suppoplatform settings (v1/v2 and x86/x64)
Only deltas written to profile Last writer wins issues minimal or none
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
52/62
CriteriaLoc
al
Manda
tory
Roam
ing
Terminal
Services
Manda
tory
Terminal
Services
Roam
ing
Citr
ix
Profile
Can transition from
mandatoryn/a n/a
Can transition from
roamingn/a n/a
Can transition tomandatory
n/a
Can transition to
roaming n/a
Transitioning User Profile Types
*If mandatory profile saved as a template, can be transitioned
**Can be done by manually extracting profile settings from database
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
53/62
Sample Scenarios:
Terminal Services Profile for Xe
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
54/62
XenApp 5 for Windows Server 2008 x86 + Windows 7 x86
Sample Scenario: XenApp + XenDesktop
NeApplications
Resources to be
AccessedTomorrow
Existing UserProfileResourcesAccessed Today
XenApp 5 forWindows Server
2008 (x86)
TS roaming w/folderredirection
Windows 7 VDA(x86)
Most same; somenew apps withstandard save
locations
XenApp 5 forWindows Server
2008 (x86)All same
New/f
Will this work? Same platform and profile type (x86 and v2)
No new apps with unique requirements
. . . if roaminaccessed simultacould experience wins issues!
Better alternative is a mor a non-Microsoft profi
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
55/62
XenApp 5 for Windows Server 2008 x64 + Windows 7 x86
Sample Scenario: XenApp + XenDesktop
NeApplications
Resources to be
AccessedTomorrow
Existing UserProfileResourcesAccessed Today
XenApp 5 forWindows Server
2008 (x64)
TS mandatoryw/folder redirection
Windows 7 VDA(x86)
Most same butsome new with
unique requirements
XenApp 5 forWindows Server
2008 (x64)
All same but sometrue x64
New/f
Will this work? Same profile type (v2) but different platform (x86/x64)
New apps with unique requirements
Need to fully test to ensure compatibility
Better alternative: move to a profile type that explicitly supports distinct platf
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
56/62
XenApp 5 for Windows Server 2008 x86 Windows 7 x86
Sample Scenario: XenApp XenDesktop
NeApplications
Resources to be
AccessedTomorrow
Existing UserProfileResourcesAccessed Today
XenApp 5 forWindows Server
2008 (x86)
TS roaming w/folderredirection
Windows 7 VDA(x86)
Most same; somenew apps withstandard save
locations
Nw/
Will this work? Same platform (x86) and profile type (v2)
No new apps with unique requirements
Would also work for mandatory profile
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
57/62
XenApp 5 for Windows Server 2003 x86 Windows 7 x86
Sample Scenario: XenApp XenDesktop
NeApplications
Resources to be
AccessedTomorrow
Existing UserProfileResourcesAccessed Today
XenApp 5 forWindows Server
2003 (x86)
TS roaming w/folderredirection
Windows 7 VDA(x86)
Most same but somenew with unique
requirements
Nw/
Will this work? Same platform (x86/x64) but different profile type (v1/v2)
New apps with unique requirements
Need to fully test to ensure compatibility
Better alternative: move to a profile type that explicitly supportsplatforms and unique app requirements
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
58/62
Summary
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
59/62
Dont do nothing unintentionally; that defaults to loc
Use simplest user profile solution that addresses n
General Recommendations: User Profile Type
Microsoft User ProfilesXenApp only: Terminal Services Mandatory or Roaming
XenDesktop only: Mandatory or Roaming
XenApp + XenDesktop: Mandatory
Citrix ProfilesThird-Pa
such as App
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
60/62
If a mandatory profile will address requirements, th
simplest and easiest option Many variables to user profile configuration
Apply profile-related GPOs carefully
Ensure compatibility with non-Microsoft profiles
Fully test any user profile changes EdgeSight provides insight into user logon
Folder redirection is typically beneficial
Make sure your users are happy!
General Recommendations
-
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
61/62
User Profiles for XenApp and/or XenDesktop white
(http://support.citrix.com/articles/CTX124799) Technical Intro to User Profiles video
(http://www.citrix.com/tv/#videos/595)
User Profile Management Streaming feature video
(http://www.citrix.com/tv/#videos/1691)
Resources
http://www.citrix.com/tv/http://www.citrix.com/tv/http://www.citrix.com/tv/http://www.citrix.com/tv/ -
7/26/2019 Solving User Profile Challenges - XenApp and XenDesktop
62/62