You are on page 1of 264
Administrator's Guide Citrix ® Provisioning Services ™ 5.6 SP1 October 2010 Revision 1

Administrator's Guide

Citrix ® Provisioning Services 5.6 SP1 October 2010 Revision 1

Provisioning Services: Copyright and Trademark Notices

Use of the product documented herein is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included with your installation media.

Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.

© 2010 Citrix Systems, Inc. All rights reserved.

The following are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries:

Branch Repeater , Citrix ® , Citrix Access Essentials , Citrix Access Gateway , Citrix Desktop Receiver , Citrix Desktop Server , Citrix EasyCall , Citrix Essentials , Citrix Merchandising Server , Citrix Provisioning Server , Citrix Receiver , Citrix Repeater , Citrix Streaming Server , Citrix Subscription Advantage , Citrix Workflow Studio , Citrix XenApp , Dazzle , EdgeSight ® ,HDX , ICA ® , NetScaler ® ,Request Switching ® , StorageLink , VPX , WANScaler , XenDesktop , XenServer , Xen Data Center , Xen Source

All other trademarks and registered trademarks are the property of their respective owners.

Document code: October 19 2010 13:03:25

Contents

  • 1 Provisioning Services Product Overview..........................................................15

Provisioning Services Streaming Technology...............................................15 Provisioning Services Solution...............................................................16 Provisioning Services Editions...............................................................16 Product Licenses.............................................................................16 Benefits and Features........................................................................18 Benefits for XenApp and other Server Farm Administrators...........................18 Benefits for Desktop Administrators....................................................18 Software-Streaming Process Overview......................................................19 Provisioning Services Product Infrastructure................................................20 Provisioning Services Farm Hierarchy.................................................21

Farms....................................................................................21

Sites.....................................................................................22

Device Collections......................................................................22 Additional Provisioning Services' Product Components....................................23 Provisioning Servers....................................................................23 Provisioning Services Database........................................................23

Console..................................................................................23

vDisks....................................................................................25

Target Devices..........................................................................26

Store.....................................................................................26

Device Collections......................................................................27 User Groups.............................................................................27 Network Services........................................................................27 Product Utilities...............................................................................28 Provisioning Services Administrator Roles..................................................28 Provisioning Services and Resources.......................................................29 Provisioning Services Documentation..................................................29 Getting Service and Support............................................................30 Getting the Subscription Advantage....................................................31 Locating the Citrix Developer Network.................................................31

Contents

Participating in Citrix Education and Training..........................................31

  • 2 Product Technology Overview.....................................................................33

Getting the Boot Program....................................................................34 Network Booting a Target Device ......................................................34 Booting From an Optional Boot Device.................................................36 Provisioning Services vDisk Modes..........................................................36 Standard Image Mode..................................................................36 Private Image Mode.....................................................................37 Difference Disk Image Mode............................................................38 Write Cache Modes..........................................................................39 Cache on a Server Disk.................................................................39 Cache in Device RAM...................................................................39 Cache on Device Hard Drive...........................................................39

  • 3 Using the Console....................................................................................41

Starting the Console..........................................................................42 Understanding the Console Window.........................................................42 Using the Console Tree.................................................................42 Basic Tree Hierarchy....................................................................42 Using the Details View..................................................................43 Common Action Menu Options.........................................................43 Performing Tasks in the Console............................................................44 Action menu.............................................................................44 Right-click (context) Menu..............................................................45 Using Drag-and-Drop...................................................................45 Using Copy and Paste..................................................................45 Using Views........................................................................45

  • 4 Managing Farms......................................................................................47

Configuring the Farm.........................................................................48 Configuration Wizard Settings..........................................................48 Starting the Configuration Wizard......................................................49 Network Topology.......................................................................49 Identify the Farm........................................................................50 Identify the Database ...................................................................51 Create a New Store for a New Farm...................................................52 Identify the Site..........................................................................52 Select the License Server...............................................................53

Administrator's Guide

Configure User Account Settings.......................................................53

Select network cards for the Stream Service...........................................54 Configure Bootstrap Server.............................................................54 Running the Configuration Wizard Silently.............................................57

Prerequisite........................................................................

57

To Create the ConfigWizard.ans File..............................................57 To Copy and Modify the ConfigWizard.ans File...................................57 To Run the ConfigWizard.exe Silently.............................................57

Farm

58

General

58

Security

58

Groups Tab..............................................................................59

Licensing Tab............................................................................59 Options Tab..............................................................................60

Status

61

Farm

61

Farm Connections.......................................................................61

Connecting to a Farm..............................................................61

Managing

62

Creating

62

Site Properties...........................................................................62

General

63

Security Tab........................................................................63

MAK Tab............................................................................63

Options

64

  • 5 Managing Sites.......................................................................................65

Creating Sites.................................................................................66 Site Properties................................................................................66

General

66

Security

67

MAK Tab.................................................................................67

Options Tab..............................................................................68

  • 6 Managing Administrative Roles.....................................................................69

Managing Farm

70

Managing Site Administrators................................................................71

Managing Device

71

Managing Device

72

Contents

7

Managing

Stores.....................................................................................

73

Store Administrative Privileges..............................................................75 Store Properties..............................................................................75 General Tab.............................................................................75 Paths Tab................................................................................76 Servers Tab..............................................................................77 Store Configuration and Management Tasks................................................77 Working with Managed Stores..........................................................78 Prerequisites and Supported Deployments.......................................79 Using the Store Management Wizard.............................................81

  • 8 Managing Provisioning Servers ....................................................................83

Provisioning Servers in the Console.........................................................84 Provisioning Server Properties...............................................................84

General..................................................................................85

Network..................................................................................89

Stores....................................................................................90

Options..................................................................................90

Logging..................................................................................92

Provisioning Server Tasks....................................................................93 Adding Additional Provisioning Servers................................................93 Copying and Pasting Provisioning Server Properties..................................94 Marking a Provisioning Server as Down...............................................94 Deleting a Provisioning Server..........................................................94 Starting, Stopping, or Restarting Provisioning Services...............................95 Showing Provisioning Server Connections.............................................96 Balancing the Target Device Load on Provisioning Servers...........................97 Checking for Provisioning Server vDisk Access Updates.............................98 Configuring Provisioning Servers Manually............................................98 Re-Running the Configuration Wizard............................................98 Starting and Configuring the Stream Service Manually...........................99

  • 9 Managing vDisk....................................................................................101

vDisks in the Console.......................................................................101 vDisk Properties.............................................................................103 General Tab............................................................................103 General Tab for vDisk file..............................................................105 Mode Tab for vDisk file................................................................105

Administrator's Guide

Identification Tab for vDisk file.........................................................106 Microsoft Volume Licensing Tab for vDisk file........................................107 Options Tab for vDisk file..............................................................108 Managing vDisks............................................................................108 Using the Imaging Wizard.............................................................109 Creating and Formatting a New vDisk File............................................110

To create a new vDisk file in the database.......................................111

To format a

111

To unmount a vDisk...............................................................113

Create and Assign a Target

113

To create a target device entry in the

113

To assign a vDisk to a target

113

Building the vDisk

114

Imaging Windows Target Devices................................................114

Imaging Linux Target Devices....................................................114

Building a Common

115

Prerequisites......................................................................115

Building the Common

116

Configuring the Master Target Device............................................116

Exporting Specific Data Files.....................................................116 Booting the Master Target Device................................................117

Adding Additional Target Devices to the Common Image.......................117

Configuring vDisk

Modes..............................................................

118

Adding Existing vDisks to a vDisk Pool or Store......................................119

Viewing vDisk Usage..................................................................120 View target device connections to a vDisk.......................................120 Releasing vDisk Locks.................................................................120 Unassigning vDisks from Target Devices.............................................121 Deleting a vDisk........................................................................121 Deleting Cache on a Difference Disk..................................................122 Copying vDisks to Different Locations................................................122 Copying and Pasting vDisk Properties................................................123 Backing Up a vDisk....................................................................123 Updating vDisks........................................................................123 Choosing a vDisk Update Method...............................................123 Automatically Updating vDisks...................................................124 Incrementally Updating vDisks...................................................127 Rolling Back vDisk Changes.....................................................129 Using Maintenance Utilities with a vDisk..............................................130

Contents

Working with Physical Disks and vDisks..............................................130 Configuring a vDisk for Microsoft Volume Licensing..................................130

  • 10 Managing Target Devices..........................................................................131

Target Device Properties....................................................................132 General Tab............................................................................132 vDisk Tab...............................................................................133 Personality Tab.........................................................................134 Authentication Tab.....................................................................135 Status Tab..............................................................................136

Logging

136

Target Device Tasks.........................................................................137

Preparing a Master Target Device for

137

Preparing the Master Target Device's hard disk.................................138

Configuring a Master Target Device's BIOS.....................................138 Installing Master Target Device software........................................140

To install Provisioning Services target device software on a Windows device

....................................................................................140

To install Provisioning Services target device software on a Linux

device.....

141

Adding Target Devices to the Database...............................................142

Using the Console to Manually Create Target Device Entries..................142

Importing Target Devices

Entries................................................

143

Using the Auto-Add Wizard............................................................143

Assigning vDisks to Target Devices...................................................145 Set the Target Device as the Template for this Collection............................146 Copy and Paste Target Device Properties............................................146 Booting Target Devices................................................................146 Checking a Target Device's Status from the Console................................147 Sending Messages to Target Devices.................................................147

Disabling a Target

Device.............................................................

147

Deleting Target Devices...............................................................148 Shutting Down Target Devices........................................................148 Restarting Target Devices.............................................................148

Moving Target Devices Between Collections.........................................149

Using the Status Tray on a Target

Device............................................

149

Starting the Virtual Disk Status Tray.............................................149 Setting Virtual Disk Status Tray Preferences....................................150 Managing Target Device Personality..................................................150 Define personality data from a single target device using the Console.........151

Administrator's Guide

Define personality data for multiple target device using the Console...........151 Using Target Device Personality Data...........................................152

  • 11 Managing Device Collections......................................................................155

Device Collection Properties................................................................156 General Tab............................................................................156 Security Tab............................................................................156 Auto-Add Tab..........................................................................157

Options.................................................................................159

Device Collection Management Tasks.....................................................159 Creating a Device Collection..........................................................160 Importing Target Devices into a Collection............................................160 Deleting a Collection...................................................................161 Refreshing a Collection in the Console...............................................162 Booting Target Devices within a Collection...........................................162 Restarting Target Devices within a Collection........................................162 Shutdown Target Devices within a Collection.........................................162 Sending Messages to Target Devices within a Collection............................163 Moving Collections within a Site.......................................................163 Managing Microsoft KMS Volume Licensing..........................................163 Preparing the New Base vDisk Image for KMS Volume Licensing.............164 Maintaining or Upgrading a vDisk Image that Uses KMS Volume Licensing

....................................................................................164

Managing Microsoft MAK Volume Licensing on Target Devices.....................165

  • 12 Managing User Assigned vDisks..................................................................169

User Group Properties......................................................................171 General Tab............................................................................171 vDisks Tab.............................................................................171 Managing User Group vDisk Assignments.................................................171 Enabling or Disabling User Group Management for a Collection....................172 Creating a User Group.................................................................172 Enabling or Disabling User Groups...................................................173 Deleting User Groups..................................................................173 Assigning a vDisk to a User Group....................................................173 Unassigning User Groups From vDisks...............................................173

  • 13 Managing Views.....................................................................................175

View Properties.............................................................................176

Contents

General Tab............................................................................176 Members Tab..........................................................................176 Managing Views in the Console............................................................176 Creating a View........................................................................177 Pasting Device Properties.............................................................177 Deleting a View........................................................................178 Refreshing a View.....................................................................178 Booting Devices within a View........................................................178 Restarting Devices within a View......................................................178 Shutdown Devices within a View......................................................178 Sending Messages to Target Devices within a View.................................179

  • 14 Managing Network Components..................................................................181

Preparing Network Switches................................................................182 Switch Manufacturers..................................................................182 Using UNC Names..........................................................................182

Syntax..................................................................................183

Accessing a Remote Network Share..................................................183 Reducing Network Utilization...............................................................184 Configuring Windows features on a Standard vDisk.................................185 Configuring the Recycle Bin...........................................................185 Configuring Offline Folders............................................................185 Configuring Event Logs................................................................186 Configuring System Restore..........................................................187 Configuring Logical Prefetch..........................................................187 Configuring Automatic Disk Defragmentation.........................................187 Disabling Windows Automatic Updates...............................................187 Managing Roaming User Profiles..........................................................188 Configuring Roaming User Profiles...................................................189 Configuring Folder Redirection with Roaming User Profiles.........................189 Disabling Offline Folders...............................................................191 Booting Through a Router..................................................................191 Configuring for DHCP.................................................................192 Configuring the Provisioning Services for PXE.......................................192 Running PXE and DHCP on the Same Computer....................................192 Updating NIC Drivers.......................................................................193 Upgrading NIC Drivers on Target Devices ...........................................193 Upgrading NIC Drivers on a Provisioning Server.....................................193 Managing and Accessing a LUN Without Using a Network Share........................194

Administrator's Guide

Prerequisites...........................................................................195

Implementation.........................................................................195

Modifying vDisk Properties............................................................197

  • 15 Managing for Highly Available Implementations.................................................199

Offline Database Support...................................................................200

Considerations.........................................................................200

Enabling Offline Database Support...................................................201 Database Mirroring..........................................................................201 Enabling mirroring when configuring a new farm.....................................202 Enabling Mirroring Within an Existing Farm...........................................202 High Availability Option Overview..........................................................203 HA Benefits............................................................................204 HA Components.......................................................................204 Configuring the Boot File for HA......................................................205 Adding Provisioning Servers to the boot file.....................................205 Adding Login Servers using the Configuration Wizard..........................205 Adding Login Servers Using the Console........................................206 Enabling HA on vDisks................................................................207 Providing Provisioning Servers Access to Stores....................................208 Configuring HA with Shared Storage..................................................208 Windows Shared-Storage Configuration.........................................208 Creating Stream-Service Account Credentials on the Domain Controller .....209 Assigning Stream-Service Account Credentials Manually......................209 Configuring HA Storage Access.................................................210 SAN Configuration................................................................211 Disabling Write Cache.................................................................211 Testing HA Failover....................................................................211

  • 16 Managing Active Directory.........................................................................213

Active Directory Integration Prerequistes..................................................214 Managing Domain Passwords..............................................................214 Password Management Process......................................................215 Enabling Domain Management.............................................................215 Enabling Machine Account Password Management.................................216 Enabling Automatic Password Management.........................................216 Managing Domain Computer Accounts....................................................216 Supporting Cross-Forest Scenarios ..................................................217

Contents

Giving Access to Users from Another Domain Provisioning Services Administrator

Privileges...............................................................................217

Adding Target Devices to a Domain...................................................218 Removing Target Devices From a Domain...........................................218 Reset Computer Accounts.............................................................218

  • 17 Managing Bootstrap Files and Boot Devices.....................................................221

Configuring the Bootstrap File From the Console..........................................222 Configuring the Bootstrap File.........................................................224 Using the Manage Boot Devices Utility.....................................................226 Configuring Boot Devices..............................................................227

18

Managing

Printers..................................................................................

231

Installing Printers on a vDisk...............................................................232 Enabling or Disabling Printers on a vDisk..................................................232 Methods for Enabling Printers on a vDisk .................................................233 Enabling printers for target devices using the Printer Settings option ...............234 Enabling printers for target devices using the Printers group folder.................234 Enabling printers using Copy and Paste..............................................235 Enabling printers using an existing target device as a template.....................235 Enabling the Printer Management Feature.................................................235

  • 19 Logging..............................................................................................237

Configuring Provisioning Server Log Properties...........................................238 Configuring Target Device Log Properties.................................................239 Log Files and Content......................................................................240 Log File Location.......................................................................240 Log File Contents......................................................................241

  • 20 Auditing..............................................................................................243

Enabling Auditing Information..............................................................245 Accessing Auditing Information.............................................................245 Archiving Audit Trail Information............................................................248

  • 21 Managing Multiple Network Interface Cards......................................................249

Requirements and Considerations for Manufacturer's NIC Teaming......................250 Requirements and Considerations for Provisioning Services NIC Failover...............250

Administrator's Guide

  • 22 Installing and Configuring Embedded Target

Devices..........................................

253

System

Requirements......................................................................

254

Installing Embedded Target Devices.......................................................254 Un-installing an Embedded Target Device Package.......................................255 Windows XP Embedded Build Overview...................................................255

Setting Up Embedded Target

Devices.....................................................

258

Glossary...............................................................................................261

Contents

Chapter 1

Provisioning Services Product Overview

Topics:

Most enterprises struggle to keep up with the proliferation and management of computers in their environment. Each

Benefits and Features

computer, whether it is a desktop PC, a server in a data

Software-Streaming Process Overview

center, or a kiosk-type device, must be managed as an individual entity. The benefits of distributed processing come at the cost of distributed management. It costs time and

Provisioning Services Product Infrastructure

money to set up, update, support and ultimately decommission each computer. The initial cost of the machine is often dwarfed by operational costs.

Additional Provisioning Services' Product Components

Over the years, various software solutions have been offered that are designed to address the operational challenges faced by IT organizations. For example:

Product Utilities

Provisioning Services Administrator Roles

  • w Imaging solutions allow backup and duplication of existing machines.

Provisioning Services and Resources

  • w Distribution tools can automate many of the tasks required to install and upgrade software across many computers.

 
  • w Simplifies the management of the end points by removing most software and processing locally.

Each of these approaches has benefits and limitations. Provisioning Services takes a very different approach by fundamentally changing the relationship between hardware and the software that runs on it. By streaming a single shared disk image rather than copying images to individual machines, Provisioning Services enables organizations to reduce the number of systems that they manage, even as the number of computers continues to grow. This solution simultaneously provides the efficiencies of a centrally managed solution with the benefits of distributed processing.

Provisioning Services Streaming Technology

Provisioning Services streaming technology allows computers to be provisioned and re-provisioned in real-time from a single shared-disk image. In doing so, administrators can completely eliminate the need to manage and patch individual systems. Instead, all image management is done on the master image. The local hard-disk drive of each system may be used for

Chapter 1

Provisioning Services Product Overview

runtime data caching or, in some scenarios, removed from the system entirely, which reduces power usage, system failure rates, and security risks.

Provisioning Services Solution

The Provisioning-Services solution’s infrastructure is based on software-streaming technology. Using Provisioning Services, administrators prepare a device (master target device) for imaging by installing any required software on that device. A vDisk image is then created from the master target device’s hard drive and saved to the network (on a Provisioning Server or storage device).

Once the vDisk is available from the network, the target device no longer needs its local hard drive to operate; it boots directly across the network. The Provisioning Server streams the contents of the vDisk to the target device on demand, in real time. The target device behaves as if it is running from its local drive. Unlike thin-client technology, processing takes place on the target device.

Provisioning Services Editions

The Provisioning Server editions you can choose from include:

  • w Provisioning Services for Datacenters

  • w Provisioning Services for Desktops

Note:

The ability to create an embedded target devices is supported in either edition.

A single Provisioning Server can stream to both data center and desktop target devices.

Product Licenses

Product licenses are issued based on the product edition that you choose. For Citrix product licensing documentation, open

Administrator's Guide

the Citrix Knowledge Center, then select Licensing under the Knowledge Resources section.

Chapter 1

Provisioning Services Product Overview

Benefits and Features

There are many benefits associated with using vDisks as opposed to hard drives. One of those benefits includes not having to install software on each target device within a farm. Instead, when booting, software is dynamically assigned to the target device by the Provisioning Server. This allows a target device to completely change their operating systems and application stack, in the time it takes to reboot.

Using Provisioning Services, any vDisk can be configured in Standard Image mode. A vDisk in Standard Image mode allows many computers to boot from it simultaneously; greatly reducing the number of images that must be maintained and the amount of storage that would be required. The vDisk is in read-only format and the image can not be changed by target devices.

Benefits for XenApp and other Server Farm Administrators

If you manage pool of servers that work as a farm, such as XenApp servers or web servers, maintaining a uniform patch level on your servers can be difficult and time consuming. With traditional imaging solutions you start out with a pristine golden master image, but as soon as a server is build up with it, you now must patch the individual server along with all of the others. Rolling patches out to individual servers in your farm is not only inefficient, but it can also be unreliable. Patches often fail on an individual server and you may not realize you have a problem until users start complaining or the server has an outage. Once that happens, getting the server back into sync with the rest of the farm can be challenging and sometimes it can require a full re-imaging of the machine.

With Provisioning Services, patch management for server farms is simple and reliable. You start out managing your golden image and you continue to manage that single golden image. All patching is done in one place and then streamed to your servers when they boot-up. Server build consistency is assured because all your servers are using a single shared copy of the disk image. If a server becomes corrupted, simply reboot it and it's instantly back to the known good state of your master image. Upgrades are extremely fast. Once you have your updated image ready for production you simply assign the new image version to the servers and reboot them. In the time it takes them to reboot you can deploy the new image to any number of servers. Just as importantly, roll-backs can be done in the same manner so problems with new images will not take your servers or your users out of commission for an extended period of time.

Benefits for Desktop Administrators

As part of XenDesktop, desktop administrators have the ability to use Provisioning Services' streaming technology to simplify, consolidate, and reduce the costs of both physical and virtual desktop delivery. Many organizations are beginning to explore desktop virtualization. While virtualization addresses many of the consolidation and simplified management needs of IT, deploying it also requires deployment of supporting

Administrator's Guide

infrastructure. Without Provisioning Services, storage costs can put desktop virtualization out of the budget. With Provisioning Services, IT can reduce the amount of storage required for VDI by as much as 90%. At the same time the ability to manage a single image rather than hundreds or thousands of desktops significantly reduces the cost, effort, and complexity for desktop administration.

Not all desktops applications or user groups can be supported by virtual desktops. For these scenarios, Provisioning Services IT can still reap the benefits of consolidation and single image management. Desktop images are stored and managed centrally in the datacenter and streamed out to physical desktops on demand. This model works particularly well for standardized desktops such as those in lab and training environments, call centers, and "thin client" devices used to access virtual desktops.

Software-Streaming Process Overview

Provisioning Services provides all of the tools you need to bring software-streaming technology to your computing environment. After installing and configuring Provisioning Services components, a vDisk is created from a device’s hard drive by taking a snapshot of the OS and application image, and then storing that image as a vDisk file on the network. A device that is used during this process is referred to as a Master target device. The devices that use those vDisks are called target devices.

vDisks can exist on a Provisioning Server, file share, or in larger deployments, on a storage system that the Provisioning Server can communicate with (iSCSI, SAN, NAS, and CIFS).

When a target device is turned on, it is set to boot from the network and to communicate with a Provisioning Server (refer to Step 1 in the illustration that follows).

Chapter 1

Provisioning Services Product Overview

Chapter 1 Provisioning Services Product Overview The target device downloads the boot file from a Provisioning

The target device downloads the boot file from a Provisioning Server (refer to Step 2), and then the target device boots. Based on the device boot configuration settings, the appropriate vDisk is located, then mounted on the Streaming Server (refer to step 3). The software on that vDisk is streamed to the target device as needed. To the target device, it appears like a regular hard drive to the system.

Instead of immediately pulling all the vDisk contents down to the target device (as done with traditional or imaging deployment solutions), the data is brought across the network in real-time, as needed. This approach allows a target device to get a completely new operating system and set of software in the time it takes to reboot, without requiring a visit to a workstation. This approach dramatically decreases the amount of network bandwidth required by traditional disk imaging tools; making it possible to support a larger number of target devices on your network without impacting overall network performance.

vDisks can be assigned to a single target device as Private Image Mode, or to multiple target devices as Standard Image Mode.

Provisioning Services Product Infrastructure

The infrastructure design includes a hierarchy that directly relates to administrative roles within a Provisioning Services farm.

Administrator's Guide

The graphic that follows provides a high-level view of the Provisioning Services infrastructure and illustrates how Provisioning Services components might appear within that implementation.

Administrator's Guide The graphic that follows provides a high-level view of the Provisioning Services infrastructure and

Provisioning Services Farm Hierarchy

The farm hierarchy consists of the following major levels:

  • w Farms on page 21

  • w Sites on page 22

  • w Device Collections on page 22

For each major component level, administrative roles exists.

Farms

A farm represents the top level of a Provisioning Services infrastructure. Farms provide a Farm administrator with a method of representing, defining, and managing logical groups of Provisioning Services components into sites.

All sites within a farm share that farm’s Microsoft SQL database. A farm also includes a Citrix License Server, local or network shared storage, and collections of target devices.

In the Console window, administrators select the farm that they want to manage or view. Sample tasks that are specific to a farm can include managing:

  • w Farm configurations

  • w Product licensing

  • w High Availability configurations

Chapter 1

Provisioning Services Product Overview

  • w Active Directory configurations

  • w User Groups

  • w Administrative roles

Note: The Console does not need to be directly associated with the farm because remote administration is now supported on any Console that can communicate with that farm’s network.

Sites

A site provides both a site administrator and farm administrator, with a method of representing and managing logical groupings of Provisioning Servers, Device Collections, and local shared storage.

A site administrator can perform any task that a device administrator or device operator can perform. A site administrator can also perform additional tasks such as managing:

  • w Print servers

  • w Device administrator and device operator role configurations

  • w Provisioning Servers

  • w Shared storage

  • w User Groups

Provisioning Servers within a site, communicate with farm components to obtain the information necessary to boot target devices and to provide target devices with the appropriate vDisk. Provisioning Server(s) must be able to communicate with the store where those vDisks exist.

Device Collections

Device collections provide the ability to create and manage logical groups of target devices, which are typically created and managed by a device administrator (a farm and site administrator can also perform a device administrator’s tasks).

A device collection could represent a physical location, a subnet range, or a logical grouping of target devices. Creating device collections simplifies device management by performing actions at the collection level rather than at the target-device level.

A target device can only be a member of one device collection. For device collection details, refer to the Managing Device Collections section in the Administrator's Guide.

Administrator's Guide

Additional Provisioning Services' Product Components

The Provisioning Services infrastructure also consists of the following additional components:

Provisioning Servers on page 23

Provisioning Services Database on page 23

Console on page 23

vDisks on page 25

Target Devices on page 26

Store on page 26

Device Collections on page 27

User Groups on page 27

Network Services on page 27

Provisioning Servers

A Provisioning Server is any server that has Stream Services installed. It is used to stream software from vDisks, as needed, to target devices. In some implementations, vDisks reside directly on the Provisioning Server. In larger implementations, Provisioning Servers get the vDisk from a shared-storage location on the network.

Provisioning Servers also retrieve and provide configuration information to and from the Provisioning Server Database. Provisioning Server configuration options are available to ensure high availability and load-balancing of target device connections.

For Provisioning Server details, refer to “Managing Provisioning Servers”.

Provisioning Services Database

The database stores all system configuration settings that exist within a farm. Only one database can exist within a farm and all Provisioning Servers in that farm must be able to communicate with that database. You may choose to leverage an existing SQL Server database or install SQL Server Express, which is free and available from Microsoft.

Console

The Console is a utility that is used to manage your Provisioning Services implementation. After logging on to the Console, you select the farm that you want to

Chapter 1

Provisioning Services Product Overview

connect to. Your administrative role determines what you can view in the Console and manage in the farm.

The following illustration displays the farm hierarchy in the tree pane and the keys components in the Console window.

Chapter 1 Provisioning Services Product Overview connect to. Your administrative role determines what you can view

Action Menu

The Action menu displays Provisioning Services tasks that can be performed on an object that is highlighted in the Console. The same tasks are available when you right- click on the object in the Console.

Tasks are object specific and can only be performed if the user has the appropriate role assigned (role-based administration). Your role determines what displays in the Console. For example, if you are a farm administrator, you can perform all tasks and see all objects in the farm. Device administrators can only perform device-collection management tasks on collections to which they have privileges. Administrator roles are described later in this chapter.

Note:

MMC (Microsoft Management Console) specific console features are not described in this document. Refer to Microsoft’s MMC documentation for detailed information.

Console Tree and Details Pane

To view information about an object in the Details pane, click on the object or folder in the Tree pane. The Details pane provides information such as the objects name and a description of that object.

Properties Menus

Administrator's Guide

To view or change an object’s properties, right-click on the object, then select the Properties menu option. You can also highlight the object in the Console window, then select Properties from the Action menu options. The Properties dialog displays property settings in tabular format.

vDisks

vDisks exist as disk image files on a Provisioning Server or on a shared storage device. vDisk images are configured to be in Private, Standard, or Difference Disk, or RAM disk mode. (For more information, refer to the Configuring vDisk Modes section in the Administrator's Guide).

vDisks are associated with a site’s vDisk pool. To view vDisks within a pool, expand the vDisk Pool folder in the Console tree.

vDisk Pools

vDisk pools are the collection of all vDisks available to a site. There is only one vDisk pool per site. The method used to locate a vDisk on a server share is illustrated in the graphic that follows.

Administrator's Guide To view or change an object’s properties, right-click on the object, then select the
  • 1. The target device begins the boot process by communicating with a Provisioning Server and acquiring a license.

  • 2. The Provisioning Server checks the vDisk pool for vDisk information, which includes identifying the Provisioning Server(s) that can provide the vDisk to the target device and the path information that server should use to get to the vDisk. In this example, the vDisk shows that only one Provisioning Server in this site can provide the target device with the vDisk and that the vDisk physically resides on the Finance Server (shared storage at the farm level).

  • 3. The Provisioning Server locates the vDisk on Finance Server, then streams that vDisk, on demand, to the target device.

On the Console’s Create a New vDisk dialog, you can add a new vDisk file to a store and select the Provisioning Server that will create the vDisk file on a Provisioning Server or on shared storage.

Chapter 1

Provisioning Services Product Overview

Target Devices

A device, such as a desktop computer or server, that boots and gets software from a vDisk on the network, is considered a target device.

Note: In the product documentation, the term target device is used generically when referring to any device within the a Provisioning Services Farm, which boots and gets software from a vDisk on the network.

Target devices deliver a higher level of security than traditional technologies, by fully utilizing your existing management infrastructure. Each target device continues to have its own unique identity on the network and within your existing network operating system (i.e. Active Directory, Novell E-Directory and other LDAP directories). Target devices can continue to be managed by group policies and existing security policies pushed out by these directory management tools.

In addition to using existing policy management tools, greater security is inherit by the fact that there is no longer a hard drive in the target device. If the target device is stolen, data is not lost. Instead, it is easily ported to another target device.

A target device can only be a member of one device collection. Expanding a Device Collection folder in the Console’s tree allows you to view members of a device collection and information such as the target device name, IP address, vDisk, and the Provisioning Server currently providing the vDisk.

Target device settings are made in the Console’s Device Properties dialog, which includes settings such as printer assignments.

Store

A store is a logical name that is given to a physical vDisk storage location. The store name is the common name used by all Provisioning Servers within the farm.

Example One

The physical vDisk for Windows XP (WINXP1) resides on a Provisioning Server (PVS1) local to a site. The vDisk path is:

C:\vDisks\WINXP1.vhd

The logical name that is given to this physical location is the store.

Store name (logical name): bostonwinxp

Example Two

The physical vDisk for Windows XP (WINXP1) resides on a network share (FinanceShare) at the farm level. The vDisk path for Provisioning Server (PVS1) to WINXP1 is:

\\FinanceShare\vDisks\WINXP1.vhd

Access or visibility to a store depends on the users administrative privileges:

Administrator's Guide

  • w Farm administrators have full access to all stores within the farm.

  • w Site administrators have access to only those stores owned by the site. They can delete stores owned by the site but they can not modify store properties or add vDisks to the store.

  • w Device administrators and device operators have read-only access and can not view store information. Site Administrators may also have read-only access if that store exists at the farm level, or if that store belongs to another site.

Stores that exist in a farm can be viewed by expanding the Store parent directory in the Console’s tree. The Stores property settings can be modified from the Properties Dialog.

Device Collections

Device collections provide the ability to create and manage logical groups of target devices. A device collection could represent a physical location, a subnet range, or a logical grouping of target devices. Creating device collections simplifies device management by performing actions at the collection level rather than at the target- device level.

Note: A target device can only be a member of one device collection.

Device collections are created and managed by farm administrators, site administrators that have security privileges to that site, or device administrators that have security privileges to that collection. Device administrators can not modify the collection itself; only the devices within it. Device operators can only perform tasks on device collections that they are assigned to.

User Groups

User groups provide farm and site administrators with the ability to create and manage groups of users based on existing Active Directory or Windows groups. Creating user groups within a site simplifies management tasks by performing actions at the user- group level, rather than at the individual user level. User groups have the same vDisks and settings available if moving from one target device to another.

Network Services

Network services include a BOOTP service, Preboot Execution Environment (PXE) service, and a TFTP service. These service options can be used during the boot process to retrieve IP addresses, and locate then download the boot program from the Provisioning Server to the target device. Alternative boot options are also available, refer to “Booting From an Optional Boot Device”.

Note: For network service details, refer to Managing Bootstrap Files and Boot Devices on page 221 in this document.

Chapter 1

Provisioning Services Product Overview

Product Utilities

In addition, Provisioning Services includes several tools for use when configuring and managing a Provisioning Services deployment. After installing Provisioning Services software, the following tools become available:

  • w Installation Wizard – Use this wizard to install Provisioning Services components to create a Provisioning Servers and Master target devices.

  • w Configuration Wizard – Use this wizard to configure Provisioning-Server components, including network services, and database permissions. This wizard is installed during the Provisioning Services installation process.

  • w Imaging Wizard – On the master target device, run the Provisioning Services Imaging Wizard to create a vDisk file in the Provisioning Services database and then image to that file without having to physically go to a Provisioning Server. This utility is installed during the target device installation process.

  • w Virtual Disk Status Tray – Use this target device utility to get target-device connection status and streaming statistical information. This utility is installed during the Provisioning Services target device installation process.

  • w Boot Device Manager – Use this utility to configure a boot device, such as a USB or CD- ROM, which then receives the boot program from the Provisioning Services.

  • w Upgrade Utilities – There are several upgrade methods available. The method you select depends on your network requirements.

  • w Programming Utilities – Provisioning Services provides programmers with a management application programming utility and a command line utility. These utilities can be accessed by all users. However, users can only use those commands associated with their administrator privileges. For example, a Device Operator is able to use this utility to get a list of all target devices that they have access to.

Provisioning Services Administrator Roles

The ability to view and manage objects within a Provisioning Services implementation is determined by the administrative role assigned to a group of users. Provisioning Services makes use of groups that already exist within the network (Windows or Active Directory Groups).

All members within a group share the same administrative privileges within a farm. An administrator may have multiple roles if they belong to more than one group.

Groups are managed at the farm level through the Console’s Farm Properties dialog.

The following roles exist within a Provisioning Services farm:

  • w Farm Administrator – Farm administrators can view and manage all objects within a farm. Farm administrators can also create new sites and manage role memberships throughout the entire farm.

Administrator's Guide

  • w Site Administrator – Site administrators have full management access to the all objects within a site. For example, a site administrator can manage Provisioning Servers, site properties, target devices, device collections, vDisks, vDisk pools, and local vDisk stores. A site administrator can also manage device administrator and device operator memberships.

  • w Device Administrator – Device administrators can perform all device-collection management tasks on collections to which they have privileges.

  • w Device Operator – Device operators can view vDisks and target devices, boot or shut down target devices, and send messages to target devices within a device collection to which they have privileges.

For details on administrator roles, refer to Managing Administrative Roles on page 69.

Provisioning Services and Resources

The following services and resources are available to support Provisioning Services.

  • w Provisioning Services Documentation

  • w Getting Service and Support

  • w Getting the Subscription Advantage

  • w Locating the Citrix Developer Network

  • w Participating in Citrix Education and Training

Provisioning Services Documentation

The following identifies the documentation that is available to support Provisioning Services. All supporting documentation assumes that Provisioning Services administrators are knowledgeable about networking components and administration, and that device operators are familiar with networking concepts.

The majority of product documentation is provided as Adobe Portable Document Format (PDF) files. To view, search, and print PDF documentation, you need to have Adobe Reader 5.0.5 with Search, or a more recent version. You can download these products for free from Adobe System’s Web site at http://www.adobe.com/

Most PDF product documentation, including knowledge-based topics and white papers, are accessible from the Citrix Knowledge Center, http://support.citrix.com/.

Citrix Product Licensing Documentation

For Citrix product licensing documentation, refer to Licensing Your Product under the Technologies section.

Release Notes

This document contains important product information and is intended to be read first. Contents include information on new product features, enhancements, and known

Chapter 1

Provisioning Services Product Overview

product issues as well as late additions that were not included in the other product documentation.

The release notes are accessible from:

  • w Citrix Knowledge Center: http://support.citrix.com/

  • w Product installation CD-ROM, when the installation executable is run.

  • w Programs directory, after completing the product installation: Start>All Programs>Citrix Provisioning Services>Provisioning Services Release Notes

Programmer’s Guides

Administrator’s with the appropriate privileges can use any of the following guides to manage your implementation from command lines.

  • w MCLI Programmer’s Guide

  • w SOAP Server Programmer’s Guide

  • w PowerShell Programmer’s Guide

These guides are available as a PDF and can be accessed from the Citrix Knowledge Center: http://support.citrix.com/

Virtual Disk Status Tray Help

The Virtual Disk (vDisk) Status Tray help is available to aid in the management and troubleshooting of vDisks on target devices.

This help system is assessable from the Help menu on the Virtual Disk Status Tray.

Finding Additional Documentation

From the Help menu or product installation directory, the following additional documentation is available for optional Provisioning Services utilities:

  • w Boot Device Manager (BDM.chm)

  • w BOOTPTab Editor (bootptab-editor-help.chm)

  • w PXE (pxemap.chm)

Getting Service and Support

Citrix provides technical support primarily through the Citrix Solutions Advisors Program. Contact your supplier for the first-line support or check for your nearest Solutions Advisor. In addition to the Citrix Solutions Advisors Program, Citrix offers a variety of self-service, Web-based technical support tools from its Knowledge Center at: http://support.citrix.com/

The Knowledge Center feature includes:

Administrator's Guide

  • w A knowledge base containing thousands of technical solutions to support your Citrix environment.

  • w An online product documentation library.

  • w Interactive support forums for every Citrix product.

  • w Blogs and communities.

  • w Access to the latest hotfixes and service packs.

  • w Security bulletins.

  • w Additional resources are available to customers with valid support contracts, including online problem reporting and tracking.

  • w Citrix Live Remote Assistance. Using Citrix’s remote assistance product, GoToAssist, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Another source of support, Citrix Preferred Support Services, provides a range of options that allows you to customize the level and type of support for your organization’s Citrix products.

Getting the Subscription Advantage

Subscription Advantage gives you an easy way to stay current with the latest server- based software functionality and information. Not only do you get automatic delivery of feature releases, software upgrades, enhancements, and maintenance releases that become available during the term of your subscription, you also get priority access to important Citrix technology information.

You can find more information on the Citrix Web site (http://www.citrix.com/) by selecting Subscription Advantage from the Support menu.

You can also contact your Citrix sales representative or a member of the Citrix Solutions Advisors Program for more information.

Locating the Citrix Developer Network

The Citrix Developer Network (CDN) is at: http://www.citrix.com/cdn/

This enrollment membership program provides access to developer toolkits, technical information, and test programs for software and hardware vendors, system integrators, and corporate IT developers who incorporate Citrix computing solutions into their products.

Note: There is no cost associated with enrolling with the Citrix Developer Network.

Participating in Citrix Education and Training

The following identifies the documentation that is available to support Provisioning Services. All supporting documentation assumes that Provisioning Services

Chapter 1

Provisioning Services Product Overview

administrators are knowledgeable about networking components and administration, and that device operators are familiar with networking concepts.

The majority of product documentation is provided as Adobe Portable Document Format (PDF) files. To view, search, and print PDF documentation, you need to have Adobe Reader 5.0.5 with Search, or a more recent version. You can download these products for free from Adobe System’s Web site at: http://www.adobe.com/

Chapter 2

Product Technology Overview

Topics:

Getting the Boot Program

Provisioning Services vDisk Modes

Write Cache Modes

vDisk technology is the key to software streaming. This technology allows a target device to connect to a Provisioning Server to emulate a local hard drive. The difference between a physical hard drive and a vDisk is unknown to the target device.

Understanding how Provisioning Services works requires knowledge of the following underlaying technology:

  • w Getting the Boot Program on page 34

  • w Provisioning Services vDisk Modes on page 36

  • w Write Cache Modes on page 39

Chapter 2

Product Technology Overview

Getting the Boot Program

After the BIOS is configured to allow the target device to boot from the network, the device can boot from, and get a vDisk assignment from the Provisioning Server. The target device firmware gets the boot program using standard network protocols.

Network Booting a Target Device

Note: The device firmware (NIC) must support PXE 0.99j or greater.

The DHCP service delivers IP configurations to a device. It can also deliver the boot program location using options 67, and 60 or 66. Consider delivering the boot program location with a DHCP service to reduce the number of services and increase reliability.

The PXE service can deliver the boot program location to a target device according to the PXE Specification Version 2.1. Use this service if a DHCP service exists and cannot be changed, and another PXE service is not used.

The BOOTP service can deliver IP configuration to a target device according to BOOTP tab. It can also deliver the boot program location using optional fields. Use of this service is no longer typical. Use this service only if DHCP does not meet your requirements.

The TFTP service delivers the boot program to a target device on request. Use it if another TFTP service is not available.

The illustrations and steps that follow, describe the boot process both with and without the use of PXE.

Using DHCP to Retrieve IP Address and Scope Options (Without PXE)

  • 1. When a target device boots from the network, DHCP sends a request to the Provisioning Server for an IP address and Scope Option settings (66 and 67). The Provisioning Server returns the information as requested.

  • 2. Using TFTP, a request for the boot file is sent from the target device to the Provisioning Server. The Provisioning Server downloads the boot file on the target device and the target device boots.

Administrator's Guide

Administrator's Guide Using DHCP with PXE to Retrieve IP Address and Scope Options : 1. When

Using DHCP with PXE to Retrieve IP Address and Scope Options:

  • 1. When a target device boots from the network, DHCP sends a request to the Provisioning Server for an IP address and Scope Option settings (option 60; PXEClient identifier). The Provisioning Server returns the information as requested.

  • 2. The target device sends a request to the Provisioning Server for the boot file name and location to the PXE service (options 66 and 67). The PXE service returns the information to the target device.

  • 3. Using TFTP, a request for the boot file is sent from the target device to the Provisioning Server. The Provisioning Server downloads the boot file on the target device and the target device boots.

Chapter 2

Product Technology Overview

Chapter 2 Product Technology Overview Booting From an Optional Boot Device As an alternative to using

Booting From an Optional Boot Device

As an alternative to using PXE, the Boot Device Manager (BDM) can create a bootstrap on a local hard drive, USB flash drive or ISO image. The bootstrap will then be used to boot the target device.

The BIOS Embedded Bootstrap boot method also exists to allow OEMs to embedded the bootstrap file on the target device.

Provisioning Services vDisk Modes

The vDisk mode options include:

  • w Standard Image Mode on page 36

  • w Private Image Mode on page 37

  • w Difference Disk Image Mode on page 38

Standard Image Mode

Standard Image mode allows multiple target devices to use a single vDisk at the same time; greatly reducing the amount of vDisk management and storage requirements.

Administrator's Guide

To use Standard Image mode, the vDisk must first be set to read-only mode. Each target device then builds a write cache that stores any writes the operating system needs to make. There are several write-cache options available.

Having a read-only vDisk offers administrators several advantages. First, each time the target device boots, it always boots from a ‘clean’ vDisk. If a machine becomes infected with a virus or spyware, simply reboot to the ‘clean’ image.

This solution greatly reduces the number of vDisks to maintain in an network. It also reduces the amount of change points required. Other installation methods require a successful install of a software update on each target device. With a Standard Image, you only have to install software one time. Updated vDisks can then be accessed, by all assigned target devices, through the Provisioning Server. As a result, a single successful installation can upgrade thousands of machines. To get new software, a target device just needs to reboot.

While each target device is using the same vDisk, there are plenty of instances when a device needs to have some unique characteristics while running. A number of tools are provided to allow for uniqueness within the environment including:

  • w Computer Name – Each target device is given its own unique network name and each target device is able to have its own computer account within your existing directory management structure.

  • w Common Image – Allows a vDisk to be used across different hardware platforms.

  • w Device Personality – While 95% of all software works in a standard image, a number of applications require each target device to have a unique ID, such as a phone extension. This feature allows you to store application specific values in the database and retrieve the target device’s unique value as the device loads.

Private Image Mode

Private images closely model how a computer uses a regular hard drive. That is, only one target device can use a Private Image vDisk at a time. The Provisioning Server performs read or write requests.

The benefits for using Private Images instead of a regular hard drive are:

  • w Application flexibility; users can install their own applications.

  • w User software and data can seamlessly move from one computer to another in a minutes without elaborate migration procedures.

  • w All user data (including E-mail) is automatically backed up to a server.

  • w Eliminates hard drive failures which is the number one cause of hardware problems.

  • w Security; prevents data from being downloaded or stolen.

The drawbacks include:

  • w Increased Provisioning-Server load.

  • w Private Image vDisks require a lot more storage space.

Chapter 2

Product Technology Overview

  • w Each vDisk’s application stack must be maintained.

Difference Disk Image Mode

Note: Difference Disk Image mode can not be used with the User Group vDisk feature.

Difference Disk Image Mode allows for the saving of changes between reboots. Using this mode, after rebooting, a target device is able to retrieve changes made from previous sessions that differ from the read only vDisk image. If a vDisk is set to Difference Disk Image mode, each target device that accesses the vDisk automatically has a device-specific, writable disk file created. Any changes made to the vDisk image are written to that file (Difference Disk Image), which is not automatically deleted upon shutdown.

The Difference Disk name uniquely identifies the target device by including the target device’s MAC address and disk identifier. A target device can be assigned to multiple vDisks and therefore have multiple cache files associated to it.

In order to restore a vDisk that uses Difference Disk cache, be sure to backup all vDisk files and Difference Disk cache files prior to making any vDisk modifications.

The benefits of using Difference Disk Mode include:

  • w Saves target device specific changes that are made to the vDisk image.

  • w Same benefits as Standard Image Mode.

The drawbacks of using Difference Disk Mode include:

  • w The cache file is saved so long as the file remains valid. Any changes made to the vDisk force the cache file to be automatically deleted. For example, if the vDisk is set to Private Image Mode, all associated cache files are deleted.

Invalidating changes include:

  • w Automatic updates

  • w Incremental updates

  • w Mapping the drive from the Console

  • w Changing the location of the Difference Disk file

  • w Booting in Private Image mode

  • w Changing the write-cache path entries for a server (for example, adding, subtracting, or changing the order of those path entries to improve I/O by spreading the load with other servers).

  • w Changing a target device’s MAC address.

Administrator's Guide

Write Cache Modes

Provisioning Services supports several write cache mode options. The write cache mode for a vDisk is selected on the vDisk File Properties dialog’s ‘Mode’ tab.

The following lists valid write cache options:

  • w Cache on a Server Disk on page 39

  • w Cache in Device RAM on page 39

  • w Cache on Device Hard Drive on page 39

Cache on a Server Disk

Write cache can exist as a temporary file on a Provisioning Server. In this configuration, all writes are handled by the Provisioning Server, which can increase disk IO and network traffic.

For additional security, the Provisioning Server can be configured to encrypt write cache files. Since the write-cache file does exist on the hard drive between reboots, the data will be encrypted in the event a hard drive is stolen.

Cache in Device RAM

Write cache can exist as a temporary file in the target device’s RAM. This provides the fastest method of disk access since memory access is always faster than disk access.

Cache on Device Hard Drive

Write cache can exist as a file on the target-device’s hard drive. This write cache option frees up the Provisioning Server since it does not have to process write requests and does not have the finite limitation of RAM.

The hard drive does not require any additional software to enable this feature.

Note: The write cache file is temporary unless the vDisk mode is set to Difference Disk Image mode.

Chapter 2

Product Technology Overview

Chapter 3

Using the Console

Topics:

Starting the Console

Understanding the Console Window

Performing Tasks in the Console

Use the Provisioning Services Console to manage components within a Provisioning Services farm. The Console can be installed on any machine that can access the farm.

For more information on the Console refer to:

  • w Starting the Console on page 42

  • w Understanding the Console Window on page 42

  • w Performing Tasks in the Console on page 44

Chapter 3

Using the Console

Starting the Console

Before starting the Console, make sure that the Stream Service is started and running on the Provisioning Server. (After the Configuration Wizard runs, the Stream Service starts automatically).

To start the Console

From the Start menu, select:

All Programs>Citrix>Provisioning Services>Citrix Provisioning Console

The Console’s main window appears.

Note: To connect to a farm refer to Farm Tasks on page 61.

Understanding the Console Window

On the main Console window, you can perform tasks necessary when setting up, modifying, tracking, deleting, and defining the relationships among vDisks, target devices, and Provisioning Servers within your network.

For details on using various Console components, refer to:

  • w Using the Console Tree on page 42

  • w Basic Tree Hierarchy on page 42

  • w Using the Details View on page 43

  • w Common Action Menu Options on page 43

Using the Console Tree

The tree is located in the left pane of the Console window. The tree shows a hierarchical view of your network environment and managed objects within your network. What displays in the Details view depends on the object you have selected in the tree and your user role.

In the tree, click + to expand an managed object node, or click - to collapse the node.

Basic Tree Hierarchy

Farm administrators can create new sites, views, and stores within the farm. The farm- level tree is organized as follows:

  • w Farm

Administrator's Guide

Sites

Views

Stores

Site administrators generally manage those objects within sites to which they have privileges. Site’s contain Provisioning Servers, a vDisk Pool, device collections, user groups and views. The site-level tree is organized as follows:

w

Site

 

Servers

vDisk Pool

Device Collections

User Groups

Views

Using the Details View

The right-hand pane of the Console window contains the details view. This view provides information about the object selected in the tree, in table format. The types of objects that display in the view include Provisioning Servers, target devices, and vDisks. For more detailed information, right-click on the object, then select the Properties menu.

The tables that display in the details view can be sorted in ascending and descending order.

In the Console, the objects that display and the tasks that you can perform are dependant on the role that you are assigned.

Common Action Menu Options

The following menu options are common to most objects in the Console:

New Window From Here

To open a new Console window, right-click on an object in the tree or in the details pane, then select the New Window from Here menu option. A new Console window opens. It may be necessary to minimize the window to view and toggle between one or more windows.

Refresh

To refresh information in the Console, right-click a folder, icon, or object, then select Refresh.

Export List

Chapter 3

Using the Console

  • 1. To export table information from the details pane to a text or comma delimited file, select Export from the Action menu.

  • 2. Select the location where this file should be saved inSave in:

  • 3. Type or select the file name in the File name textbox.

  • 4. Select the file type from and Save as text boxes.

  • 5. Click Save to save the file.

Help

Select an object in the Console, then select Help from the Action menu to display information about that object.

View Options

To customize a Console view:

  • 1. Select View, then select either Add/Remove Columns

...

or Customize

....

  • 2. If you selected:

 

Add/Remove Columns

...,

use the Add and Remove buttons to select which

columns to display.

Customize

select the check box next to each MMC and Snap-in view option

..., that should display in the Console window.

  • 3. Click OK. The Console view refreshes to display the view options selected.

Performing Tasks in the Console

Use the following Console menus and features to perform tasks:

Note: Use the Ctrl key to make non-continuous selections or the Shift key to make continuous selections.

  • w Action menu on page 44

  • w Right-click (context) Menu on page 45

  • w Using Drag-and-Drop on page 45

  • w Using Copy and Paste on page 45

  • w Using Views on page 45

Action menu

Select object-related tasks from the Action menu such as; boot, restart, send message, view properties, copy or paste properties. For a complete list of tasks, refer to that object’s management chapter within this guide.

Administrator's Guide

Right-click (context) Menu

Right-click a managed object(s) to select object-related tasks. For a complete list of tasks, refer to that object’s management chapter within this guide.

Using Drag-and-Drop

  • w Move target devices by dragging them from one device collection, and dropping them on another device collection within the same site.

  • w Assign a vDisk to all target devices within a collection by dragging the vDisk and dropping it on the collection. The vDisk and the collection must be in the same site. (The new vDisk assignment replaces any previous vDisk assignments for that collection).

  • w Add a target device to a view by dragging the device, then dropping it on the view in Console’s tree.

  • w Drag a Provisioning Server from one Site, then drop it into another site. (Any vDisks assignments that were specific to this server and any store information will be lost.).

Using Copy and Paste

Select an object in the Console window, then use the Copy and Paste right-click menu options to quickly copy one or more properties of a vDisk, Provisioning Server, or target device, to one or more existing vDisks, Provisioning Servers, or target devices.

To copy the properties of a one object type and paste those properties to multiple objects of the same type:

  • 1. In the tree or details pane, right-click the object which has the properties you want to copy, then select Copy. The object-specific Copy dialog appears.

  • 2. Place a check in the checkbox next to each of the object properties you want to copy, then click OK.

  • 3. In the Console tree, expand the directory where the object exists so that those objects display in either the tree or details pane.

  • 4. Right-click on the object(s) in the tree or details pane that you want to paste properties to, then select Paste.

Using Views

Create views containing target devices to display only those target devices that you are currently interested in viewing or performing tasks on. Adding target devices to a view provides a quick and easy way to perform a task on members of that view, such as:

  • w Boot

  • w Restart

Chapter 3

Using the Console

  • w Shutdown

  • w Send message

Views can be created at the site level or at the farm level. To perform a task on

members of a view:

  • 1. Right-click on views icon, then select the Create View

...

The View Properties dialog appears.

menu option.

  • 2. Type the name and a description of the new view in the appropriate text boxes, then select the Members tab.

  • 3. To add target devices to this view, click the Add button. The Select Target Devices dialog appears.

  • 4. If you are creating the view at the farm level, select the site where the target devices reside. If you are creating the view at the site level, the site information is already populated.

  • 5. From the drop-down menu, select the device collection where the target devices to add are members.

  • 6. Select from the list of target devices that display, then click OK.

  • 7. If necessary, continue adding target devices from different device collections within a site.

  • 8. Click the OK button to close the dialog.

For more information on views, refer to Managing Views on page 175.

Chapter 4

Managing Farms

Topics:

Configuring the Farm

Farm Properties

Farm Tasks

A farm represents the top level of a Provisioning Services

infrastructure. Farms provide a “Farm Administrator” with a

method of representing, defining, and managing logical groups

of Provisioning Services components into sites.

All sites within a farm share that farm’s Microsoft SQL

database. A farm also includes a Citrix License Server, local or

network shared storage, and collections of target devices.

To learn more about managing farms, refer to the follow

sections:

  • w Configuring the Farm on page 48

  • w Farm Tasks on page 61

  • w Farm Properties on page 58

Chapter 4

Managing Farms

Configuring the Farm

Run the Configuration Wizard on a Provisioning Server when creating a new farm,

adding new Provisioning Servers to an existing farm, or reconfiguring an existing

Provisioning Server.

When configuring a Provisioning Server, consider the following:

  • w All Provisioning Servers within a farm must share the same database to locate vDisks for target devices on shared storage devices within the farm. If that shared storage device is a Windows network share, refer to configuration information described in the Administrator’s Guide, Managing Network Components section. If that shared storage device is a SAN, no additional configuration is necessary.

  • w To properly configure the network services, be sure that you understand network service options and settings.

Note: If all Provisioning Servers in the farm share the same configuration settings

such as site and store information, consider Running the Configuration Wizard Silently

on page 57.

Configuration Wizard Settings

Before running the Configuration Wizard, be prepared to make the following selections:

Note: The Configuration Wizard can also be run silently on servers that share similar

configuration settings. For details, refer to Running the Configuration Wizard Silently

on page 57.

  • w Network Topology on page 49

  • w Identify the Farm on page 50

  • w Identify the Database on page 51

  • w Identify the Site on page 52

  • w Select the License Server on page 53

  • w Select network cards for the Stream Service on page 54

  • w Configure Bootstrap Server on page 54

Note: If errors occur during processing, the log is written to a ConfigWizard.log file,

which is located at C:\Documents and Settings\All Users\ProgramData

\Citrix\Provisioning Services.

Administrator's Guide

Starting the Configuration Wizard

The Configuration Wizard starts automatically after Provisioning Services software is

installed. The wizard can also be started by selecting:

  • 1. Start>All Programs>Citrix>Provisioning Services>Provisioning Services Configuration Wizard

  • 2. After starting the Configuration Wizard, click Next to begin the configuration tasks that follow.

Note: When running the Configuration Wizard, the tasks that appear depend on

the network service options that are selected and the purpose for running the wizard.

Network Topology

Complete the network configuration steps that follow.

  • 1. Select the network service to provide IP addresses

Note: Use existing network services if possible. If for any reason existing network

services can not be used, choose to install the network services that are made

available during the installation process.

To provide IP addresses to target devices, select from the following network

 

service options:

If the DHCP service is on this server, select the radio button next to one of the

following network services to use, then click Next:

w

Microsoft DHCP

w

Provisioning Services BOOTP service

w

Other BOOTP or DHCP service

If the DHCP service is not on this server, select the radio button next to The

service is running on another computer, then click Next.

  • 2. Select the network service to provide PXE boot information

Each target device needs to download a boot file from a TFTP server.

Select the network service to provide target devices with PXE boot information:

If you choose to use this Provisioning Server to deliver PXE boot information,

selectThe service that runs on this computer, then select from either of the

following options, then click Next:

w

Microsoft DHCP (options 66 and 67)

w

Provisioning Services PXE Service

Chapter 4

Managing Farms

If Provisioning Services will not deliver PXE boot information, select The

information is provided by a service on another device option, then click

Next.

Identify the Farm

Select from the following farm options:

Farm is already configured

Select this option to reconfigure an existing farm, then continue on to

the“Configure user account settings” procedure. This option only appears if a farm

 

already exists.

Create farm

 
  • i. On the Farm Configuration dialog, select the Create Farm radio button to

 

create a new farm, then clickNext.

 

ii. Use the Browse button to browse for existing SQL databases and instances in

 

the network, or type the database server name and instance. Optionally, enter

a TCP port number to use to communicate with this database server.

 

iii. To enable database mirroring, enable the Specify database mirror failover

 

partner option, then type or use the Browse button to identify the failover

database server and instance names. Optionally, enter a TCP port number to

use to communicate with this server.

Note: Refer to Database Mirroring in the Provisioning Services Administrator's

Guide for more information.

 

iv. Click Next to continue on to the“Identify the Database on page 51” procedure.

Join existing farm

  • i. On the Farm Configuration dialog, select the Join Existing Farm radio button to add this Provisioning Server to an existing farm, then clickNext.

ii. Use the Browse button to browse for the appropriate SQL database and

instance within the network.

iii. Select the farm name that displays by default, or scroll to select the farm to join.

Note: More than one farm can exist on a single server. This configuration is

common in test implementations.

iv. To enable database mirroring, enable the Specify database mirror failover

partner option, then type or use the Browse button to identify the failover

database server and instance names. Optionally, enter a TCP port number to

use to communicate with this server.

Note: Refer to Database Mirroring in the Provisioning Services Administrator's

Guide for more information.

Administrator's Guide

  • v. Click Next.

vi. Select from the following site options, then click Next:

Existing Site: Select the site from the drop-down menu to join an existing site.

New Site: Create a site by typing the name of the new site and a collection.

Continue on toConfigure User Account Settings on page 53 procedure.

Identify the Database

Only one database exists within a farm. To identify the database, complete the steps

that follow.

  • 1. Select the database location If the database server location and instance have not yet been selected, complete the following procedure.

    • a. On the Database Server dialog, click Browse to open the SQL Servers dialog.

    • b. From the list of SQL Servers, select the name of the server where this database exists and the instance to use (to use the default instance, SQLEXPRESS, leave the instance name blank). In a test environment, this may be a staged database.

Note: When re-running the Configuration Wizard to add additional

Provisioning Servers database entries, the Server Name and Instance Name

text boxes are already populated. By default, SQL Server Express installs as

an instance named ‘SQLEXPRESS’.

  • c. Click Next. If this is a new farm, continue on to the“Defining a Farm” procedure.

  • 2. To change the database to a new database

    • a. On the old database server, perform a backup of the database to a file.

    • b. On the new database server, restore the database from the backup file.

    • c. Run the Configuration Wizard on each Provisioning Server.

    • d. Select Join existing farm on the Farm Configuration dialog.

    • e. Enter the new database server and instance on the Database Server dialog.

    • f. Select the restored database on the Existing Farm dialog.

    • g. Select the site that the Server was previously a member of on the Site dialog.

    • h. Click Next until the Configuration Wizard finishes.

  • 3. Define a farm. Select the security group to use: •

  • Use Active Directory groups for security

    Chapter 4

    Managing Farms

    Note: When selecting the Active Directory group to act as the Farm

    Administrator from the drop-down list, choices include any group the current

    user belongs to. This list includes Builtin groups, which are local to the current

    machine. Avoid using these groups as administrators, except for test

    environments. Also, be aware that some group names may be misleading and

    appear to be Domain groups, which are actually Local Domain groups. For

    example: ForestA.local/Builtin/Administrators.

    Use Windows groups for security

    • 4. ClickNext.

    Continue on to the“Selecting the license server” procedure.

    Create a New Store for a New Farm

    A new store can be created and assigned to the Provisioning Server being configured:

    Note: The Configuration Wizard only allows a server to create or join an existing store

    if it is new to the database. If a server already exists in the database and it rejoins a

    farm, the Configuration Wizard may prompt the user to join a store or create a new

    store, but the selection is ignored.

    • 1. On the New Store page, name the new Store.

    • 2. Browse or enter the default path (for example: C:\PVSStore) to use to access this store, then click Next. If an invalid path is selected, an error message appears. Re-enter a valid path, then continue. The default write cache location for the store is located under the store path for example: C:\PVSStore\WriteCache.

    Identify the Site

    When joining an existing farm, identify the site where this Provisioning Server is to be a

    member, by either creating a new site or selecting an existing site within the farm.

    When a site is created, a default target device collection is automatically created for

     

    that site.

    Create a new site

    i. On the Site page, enable the New Site radio button.

    ii. In the Site Name text box, type the new site name where this Provisioning

    Server is to be a member.

    iii. In the Collection Name, accept the default collection, Collection, or create a

    new default collection name to associate with this Provisioning Server, then

    clickNext.

    Select an existing site

    Administrator's Guide

    i. On the Site page, enable the Existing Site radio button. (The default site name

    is Site.)

    ii. Select the appropriate site from the drop-down list, then click Next.

    iii. Create a new store or select an existing store on the Store page, then click

    Next.

    Select the License Server

    Note: When selecting the license server, ensure that all Provisioning Server’s in the

    farm are able to communicate with that server in order to get the appropriate product

    licenses.

    • 1. Enter the name (or IP address) and port number of the license server (default is 27000). The Provisioning Server must be able to communicate with the license server to get the appropriate product licenses.

    • 2. Optionally, select the checkbox Validate license server version and communicationto verify that the license server is able to communicate with this server and that the appropriate version of the license server is being used. If the server is not able to communicate with the license server, or the wrong version of the license server is being used, an error message displays and does not allow you to proceed.

    • 3. The checkbox Use Datacenter licenses for desktops if no Desktop licenses are availableenables the license tradeup option and is enabled by default. Optionally, disable this trade up option by clicking on the enabled checkbox(uncheck).

    • 4. Click Next to continue on to the“Configure user account settings” procedure.

    Configure User Account Settings

    The Stream and Soap services run under a user account.

    • 1. On the User Account dialog, select the user account that the Stream and Soap services will run under:

    Specified user account (required when using a Windows Share; workgroup or

    domain user account)

    Type the user name, domain, and password information in the appropriate text

    boxes.

    Local system account (for use with SAN)

    • 2. Select the checkbox next to the Configure the database for the account option, if you selectedSpecified user account, which adds the appropriate database roles (Datareader and Datawriter) for this user.

    • 3. Click Next, then continue on to the“Selecting network cards for the Stream Service” procedure.

    Chapter 4

    Managing Farms

    Select network cards for the Stream Service

    Note: If multiple network adapters are selected, they must be configured with the

    same IP subnet address. For example: IP subnet: 100.100.10.x; IP subnet mask

    255.255.255.0

    • 1. Select the checkbox next to each of the network cards that the Stream Service can use.

    • 2. Enter the base port number that management services the default port for that the Provisioning Services’ network services communications in the appropriate text box.

    Note: A minimum of 20 ports are required within the range. All Provisioning

    Servers within a farm must use the same port assignments.

    • 3. Select the Soap Server port (default is 54321) to use for Console access, then click Next.

    Continue on to the“Selecting the bootstrap server” procedure.

    Configure Bootstrap Server

    Complete the steps that follow to identify the bootstrap server and configure the

    bootstrap file location.

    Note: Bootstrap configurations can be reconfigured by selecting the Configure

    Bootstrap option from the Provisioning Services Action menu in the Console.

    • 1. Select the bootstrap server. To use the TFTP service on this Provisioning Server: a. Select the Use the TFTP Serviceoption, then enter or browse for the boot file.

    The default location is:

    C:\Documents and Settings\All Users\ProgramData\Citrix\Provisioning Services

    \Tftpboot

    If a previous version of Provisioning Services was installed on this server, and

    the default location is:

    C:\Program Files\Citrix\Provisioning Services\TftpBoot

    You must run the Configuration Wizard to change the default location to:

    C:\Documents and Settings\All Users\ProgramData or ApplicationData\Citrix

    \Provisioning Services\Tftpboot

    If the default is not changed, the bootstrap file can not be configured from the

    Console and target devices will fail to boot; receiving a ‘Missing TFTP’ error

    message.

    Administrator's Guide

    • b. Click Next.

    2. Select Provisioning Servers to use for the boot process:

    • a. Use the Add button to add additional Provisioning Servers to the list, theEdit button to edit existing information, orRemove to remove the Provisioning Server from the list. Use theMove up orMove down buttons to change the Provisioning Server boot preference order. The maximum length for the server name is 15 characters. Do not enter FQDN for the server name. In an HA implementation, at least two Provisioning Servers must be selected as boot servers.

    • b. Optionally, highlight the IP address of the Provisioning Server that target devices will boot from, then click Advanced. The Advanced Stream Servers Boot List appears. The following table describes advanced settings that you can choose from. After making your selections, click OK to exit the dialog, then click Next to continue. Table 4-1. Advanced Stream Servers Boot List

    Verbose Mode

    Select the Verbose Mode option if

    you want to monitor the boot

    process on the target device

    (optional) or view system messages.

    Interrupt Safe Mode

    Select Interrupt Safe Mode if you are

    having trouble with your target

    device failing early in the boot

    process. This enables debugging of

    target device drivers that exhibit

    timing or boot behavior problems

    Advanced Memory Support

    This setting enables the bootstrap to

    work with newer Windows OS

    versions and is enabled by default.

    Only disable this setting on older XP

    or Windows Server OS 32 bit versions

    that do not support PAE, or if your

    target device is hanging or behaving

    erratically in early boot phase.

    Network Recovery Method

    Restore Network Connections

    Selecting this option results in the

    target device attempting indefinitely

    to restore it's connection to the

    Provisioning Server.

    Note: Because the Seconds field does

    not apply, it becomes inactive when

    Chapter 4

    Managing Farms

     

    the Restore Network Connections

    option is selected.

    Reboot to Hard Drive— (a hard drive

    must exist on the target device)

    Selecting this option instructs the

    target device to perform a hardware

    reset to force a reboot after failing

    to re-establish communications for a

    defined number of seconds. The user

    determines the number of seconds to

    wait before rebooting. Assuming the

    network connection can not be

    established, PXE will fail and the

    system will reboot to the local hard

    drive. The default number of seconds

    is 50, to be compatible with HA

    configurations.

    Logon Polling Timeout

    Enter the time, in milliseconds,

    between retries when polling for

    Provisioning Servers. Each

    Provisioning Server is sent a login

    request packet in sequence. The first

    Provisioning Server that responds is

    used. In non-HA configurations, this

    time-out simply defines how often to

    retry the single available Provisioning

    Server with the initial login request.

    This time-out defines how quickly

    the round-robin routine will switch

    from one Provisioning Server to the

    next in trying to find an active

    Provisioning Server. The valid range

    is from 1,000 to 60,000 milliseconds.

    Login General Timeout

    Enter the time-out, in milliseconds,

    for all login associated packets,

    except the initial login polling time-

    out. This time-out is generally longer

    than the polling time-out, because

    the Provisioning Server needs time to

    contact all associated servers, some

    of which may be down and will

    require retries and time-outs from

    the Provisioning Server to the other

    Provisioning Servers to determine if

    they are indeed online or not. The

    Administrator's Guide

     

    valid range is from 1,000 to 60,000

    milliseconds.

    c. Verify that all configuration settings are correct, then click Finish.

    Running the Configuration Wizard Silently

    Run the Configuration Wizard silently to configure multiple Provisioning Servers that

    share several of the same configuration settings such as the farm, site, and store

    locations.

    Prerequisite

    The Configuration Wizard must first be run on any Provisioning Server in the farm that

    has the configuration settings that will be used in order to create the Provisioning

    Services database and to configure the farm.

    The basic steps involved in the silent configuration of servers within the farm include:

    • w Create a ConfigWizard.ans file from a configured Provisioning Server in the farm.

    • w Copy the ConfigWizard.ans file onto the other servers within the farm, and modify the IP address in the ConfigWizard.ans file to match each server in the farm.

    • w Run the ConfigWizard.exe with the /a parameter.

    To Create the ConfigWizard.ans File

    • 1. Run the ConfigWizard.exe with the /s parameter on a configured server.

    • 2. When selecting farm settings on the Farm Configuration page, choose the Join existing farm option.

    • 3. Continue selecting configuration settings on the remaining wizard pages, then click Finish.

    • 4. Copy the resulting ConfigWizard.ans file from the Provisioning Services Application Data directory. The location for this directory varies depending on the Windows version. For Windows 2003, use

    \Documents and Settings\All Users

    \Application Data\Citrix\Provisioning Services. For Windows 2008

    and Windows 2008 R2, use \ProgramData\Citrix\Provisioning Services.

    To Copy and Modify the ConfigWizard.ans File

    • 1. For each server that needs to be configured, copy the ConfigWizard.ans file to the Provisioning Services Application Data directory.

    • 2. Edit the StreamNetworkAdapterIP= so that is matches the IP of the server being configured. If there is more than one IP being used for Provisioning Services on the server, add a comma between each IP address.

    To Run the ConfigWizard.exe Silently

    To configure servers, run the ConfigWizard.exe with /a parameter on each server that

    needs to be configured.

    Chapter 4

    Managing Farms

    Note: To get the list of valid ConfigWizard parameters:

    • 1. Run the ConfigWizard.exe with the /? parameter.

    • 2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file from the Provisioning Services Application Data directory.

    • 3. Scroll down to the bottom of the file to view all valid parameters.

    Note: To get the list of valid ConfigWizard.ans commands with descriptions:

    • 1. Run the ConfigWizard.exe with the /c parameter.

    • 2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file from the Provisioning Services Application Data directory.

    • 3. Scroll down to the bottom of the file to view all valid parameters.

    Farm Properties

    The Farm Properties dialog contains the following tabs:

    • w General Tab on page 58

    • w Security Tab on page 58

    • w Groups Tab on page 59

    • w Licensing Tab on page 59

    • w Options Tab on page 60

    • w Status Tab on page 61

    The tables that follow identify and describe farm properties on each tab:

    General Tab

    Name

    Enter or edit the name of this farm.

    Description

    Enter or edit a description for this farm.

    Security Tab

    Add button

    Click the Add button to apply farm

    administrator privileges to a group.

    Check each box next the groups to which

    Administrator's Guide

     

    farm administrator privileges should

    apply.

    Remove button

    Click the Remove button to remove

    groups from those groups with farm

    administrator privileges. Check each box

    next the groups to which farm

    administrator privileges should not apply.

    Groups Tab

    Add button

     

    Click the Add button to open the Add

    System Groups dialog.

    To display all security groups, leave the

    text box set to the default ‘*’.

    To display select groups, type part of the

    name using wildcards ‘*’. For example,

    if you want to see MY_DOMAIN\Builtin

    \Users, type:

    User*, Users, or *ser*

    However, in this release, if you type

    MY_DOMAIN\Builtin\*, you will get

    all groups, not just those in the

    MY_DOMAIN\Builtin path.

    Select the checkboxes next to each

    group that should be included in this farm.

    Note: Filtering on groups was

     

    introduced in 5.0 SP2 for efficiency

    purposes.

     

    Remove button

     

    Click the Remove button to remove

    existing groups from this farm. Highlight

    the groups to which privileges should not

    apply.

    Licensing Tab

    Note: Changing licensing properties requires that the Provisioning Services Stream

    Service be restarted on each Provisioning Server for licensing changes to take effect.

    Chapter 4

    Managing Farms

    License server name

    Type the name of the Citrix License

    Server in this textbox.

    License server port

    Type the port number that the license

    server should use or accept the default,

    which is 27000.

    Use Datacenter licenses for desktops if

    If using the license trade-up feature,

    no Desktop licenses are available

    which allows you to use Datacenter

    checkbox

    product licenses that you have available

    if no Desktop product licenses are

    currently available, check this checkbox.

    Options Tab

    Auto-Add

    Check this checkbox if using the Auto-

    add feature, then select the site that

    new target devices will be added to from

    the Add new devices to this site drop-

    down menu.

    If the No default site is chosen for the

    default site setting, then the site of that

    Provisioning Server that logs in the

    target device is used during auto-added.

    Use the No default site setting if your

    farm has site scoped PXE/TFTP servers.

    Important! This feature should only be

    enabled when expecting to add new

    target devices. Leaving this feature

    enabled could result in computers being

    added without the approval of a farm

    administrator.

    Auditing

    Enable or disable the auditing feature

    for this farm.

    Offline database support

    Enable or disable the offline database

    support option. This option allows

    Provisioning Servers within this farm, to

    use a snapshot of the database in the

    event that the connection to the

    database is lost.

    Administrator's Guide

    Status Tab

    Current status of the farm

    Provides database status information and

    information on group access rights being

    used.

    Farm Tasks

    The farm is initially configured when you run the Configuration Wizard. The wizard

    prompts you for the farm’s name, a store, and a device collection. When you first open

    the Console, those objects display in the tree.

    The wizard also prompts you for additional farm information such as the name of the

    license server, your user account information, and those servers that can serve the

    bootstrap file to target devices. You can always rerun the wizard to change settings.

    You can also choose to make farm configuration changes using the Farm Properties on

    page 58.

    A farm administrator can view and manage all objects in any farm to which they have

    privileges. Only farm administrators can perform all tasks at the farm level, including:

    • w Farm Connections on page 61

    • w Farm Properties on page 58

    • w Creating Sites on page 62

    • w Site Properties on page 62

    • w Managing Stores on page 73

    • w Managing Views on page 175

    Farm Connections

    Connecting to a Farm

    • 1. Right-click on Provisioning Services Console in the Console tree, then select Connect to farm ...

    • 2. Under Server Information, type the name or IP address of a Streaming Server on the farm and the port configured for server access.

    • 3. Select to log in using one of the following methods: •

    Use the Windows credentials that you are currently logged with, then optionally

    enable the Auto-login on application start or reconnect feature.

    Chapter 4

    Managing Farms

    Use different Windows credentials by entering the username, password, and

    domain associated with those credentials, then optionally enable the Save

    password and Auto-login on application start or reconnect feature.

    • 4. Click Connect. The Farm icon appears in the Console tree.

    Managing Connections

    You can manage connections to farms from the Manage Connections dialog. To open the

    dialog, right-click on the Provisioning Services Console icon in the tree, then select the

    Manage Connections

    ...

    menu option.

    Creating Sites

    To create a new site

    • 1. Right-click on the sites folder in the farm where you want to add the new site. The Site Properties dialog appears.

    • 2. On the General tab, type the name and a description for the site in the appropriate text boxes.

    • 3. On the Security tab, click Add to add security groups that will have the site administrator rights in this site. The Add Security Group dialog appears.

    • 4. Check the box next to each group, then click OK. Optionally, check the Domains/ group Name checkbox to select all groups in the list.

    • 5. On the Options tab, if new target devices are to be added using the Auto-Add feature, select the collection where these target devices should reside (this feature must first be enabled in the farm’s properties).

    To modify an existing site’s properties, right-click on the site in the Console, then

    select Properties. Make any necessary modifications in the Site Properties dialog.

    Site Properties

    A new site is added to a farm, or an existing site is modified, using the Site Properties

    dialog. The tabs in this dialog allow you to configure a site. Site administrators can also

    edit the properties of a site that they administer.

    The Site Properties dialog contains the following tabs:

    • w General Tab on page 63

    • w Security Tab on page 63

    • w MAK Tab on page 63

    • w Options Tab on page 64

    Administrator's Guide

    General Tab

    Field/Button

    Description

    Name

    Type the name of this site in the textbox.

    Description

    Optional. Type the description of this

    site in the textbox.

    Security Tab

    Field/Button

    Description

    Add button

    Click the Add button to open the Add

    Security Groups dialog. Check the box

    next to each group to which site

    administrator privileges should apply.

    To add all groups that are listed, check

    the Domain\Group Name checkbox.

    Remove button

    Click the Remove button select those

    groups to which site administrator

    privileges should be removed.

    To remove all groups that are listed,

    check the Domain\Group Name

    checkbox.

    MAK Tab

    Field/Button

    Description

    Enter the administrator credentials used

    MAK administrator credentials must be

    for Multiple Activation Key enabled

    entered before target devices using MAK

    Devices

    can be activated. The user must have

    administrator rights on all target devices

    that use MAK enabled vDisks and on all

    Provisioning Servers that will stream

    those target devices.

    After entering the following information,

    click OK:

    User

    Password

    Chapter 4

    Managing Farms

    Field/Button

     

    Description

       
     

    Note: If credentials have not been

     

    entered and an activation attempt is

    made from the Manage MAK

    Activations dialog, an error message

    displays and the MAK tab appears to

    allow credential information to be

    entered. After the credentials are

    entered, click OK and the Manage

    MAK Activations dialog re-appears.

     

    Options Tab

    Field/Button

     

    Description

    Auto-Add

     

    Select the collection that the new target

    device will be added to from the drop-

    down menu. (This feature must first be

    enabled in the farm properties.)

    Chapter 5

    Managing Sites

    Topics:

    Creating Sites

    Site Properties

    A site provides both a site administrator and farm

    administrator, with a method of representing and managing

    logical groupings of Provisioning Servers, Device Collections,

    and local shared storage.

    Note: If configuring for a high availability (HA), all

    Provisioning Servers selected as failover servers must reside

    within the same site. HA is not intended to cross between sites.

    A site administrator can perform any task that a device

    administrator or device operator within the same farm can

    perform.

    A site administrator can also perform the following tasks:

    Farm-level tasks

    • w Site Properties on page 62

    • w Store Configuration and Management Tasks on page 77

    Site-level tasks

    • w Managing Printers on page 231

    • w Managing Site Administrators on page 71

    • w Managing Provisioning Servers on page 83

    • w Showing Provisioning Server Connections on page 96

    • w Managing User Assigned vDisks on page 169

    • w Creating Sites on page 62

    • w Balancing the Target Device Load on Provisioning Servers on page 97

    • w Managing Target Devices on page 131

    • w Accessing Auditing Information on page 245

    Chapter 5

    Managing Sites

    Creating Sites

    To create a new site

    • 1. Right-click on the sites folder in the farm where you want to add the new site. The Site Properties dialog appears.

    • 2. On the General tab, type the name and a description for the site in the appropriate text boxes.

    • 3. On the Security tab, click Add to add security groups that will have the site administrator rights in this site. The Add Security Group dialog appears.

    • 4. Check the box next to each group, then click OK. Optionally, check the Domains/ group Name checkbox to select all groups in the list.

    • 5. On the Options tab, if new target devices are to be added using the Auto-Add feature, select the collection where these target devices should reside (this feature must first be enabled in the farm’s properties).

    To modify an existing site’s properties, right-click on the site in the Console, then

    select Properties. Make any necessary modifications in the Site Properties dialog.

    Site Properties

    A new site is added to a farm, or an existing site is modified, using the Site Properties

    dialog. The tabs in this dialog allow you to configure a site. Site administrators can also

    edit the properties of a site that they administer.

    The Site Properties dialog contains the following tabs:

    • w General Tab on page 63

    • w Security Tab on page 63

    • w MAK Tab on page 63

    • w Options Tab on page 64

    General Tab

    Field/Button

    Description

    Name

    Type the name of this site in the textbox.

    Description

    Optional. Type the description of this

    site in the textbox.

    Administrator's Guide

    Security Tab

     

    Field/Button

     

    Description

    Add button

     

    Click the Add button to open the Add

    Security Groups dialog. Check the box

    next to each group to which site

    administrator privileges should apply.

    To add all groups that are listed, check

    the Domain\Group Name checkbox.

    Remove button

     

    Click the Remove button select those

    groups to which site administrator

    privileges should be removed.

    To remove all groups that are listed,

    check the Domain\Group Name

    checkbox.

    MAK Tab

     

    Field/Button

     

    Description

    Enter the administrator credentials used

     

    MAK administrator credentials must be

    for Multiple Activation Key enabled

    entered before target devices using MAK

    Devices

    can be activated. The user must have

    administrator rights on all target devices

    that use MAK enabled vDisks and on all

    Provisioning Servers that will stream

    those target devices.

    After entering the following information,

    click OK:

    User

    Password

    Note: If credentials have not been

     

    entered and an activation attempt is

    made from the Manage MAK

    Activations dialog, an error message

    displays and the MAK tab appears to

    allow credential information to be

    entered. After the credentials are

     

    Chapter 5

    Managing Sites

    Field/Button

    Description

     

    entered, click OK and the Manage

    MAK Activations dialog re-appears.

     

    Options Tab

    Field/Button

    Description

    Auto-Add

    Select the collection that the new target

    device will be added to from the drop-

    down menu. (This feature must first be

    enabled in the farm properties.)

    Chapter 6

    Managing Administrative Roles

    Topics:

    Managing Farm

    Administrators

    Managing Site Administrators

    Managing Device

    Administrators

    Managing Device Operators

    The ability to view and manage objects within a Provisioning

    Server implementation is determined by the administrative

    role assigned to a group of users. Provisioning Services makes

    use of groups that already exist within the network (Windows

    or Active Directory Groups). All members within a group will

    share the same administrative privileges within a farm. An

    administrator may have multiple roles if they belong to more

    than one group.

    The following administrative roles can be assigned to a group:

    • w Farm Administrator

    • w Site Administrator

    • w Device Administrator

    • w Device Operator

    After a group is assigned an administrator role through the

    Console, if a member of that group attempts to connect to a

    different farm, a dialog displays requesting that a Provisioning

    Server within that farm be identified (the name and port

    number). You are also required to either use the Windows

    credentials you are currently logged in with (default setting),

    or enter your Active Directory credentials. Provisioning

    Services does not support using both domain and workgroups

    simultaneously.

    When the information is sent to and received by the

    appropriate server farm, the role that was associated with the

    group that you are a member of, determines your

    administrative privileges within this farm. Group role

    assignments can vary from farm to farm.

    Chapter 6

    Managing Administrative Roles

    Managing Farm Administrators

    Farm administrators can view and manage all objects within a farm. Farm

    administrators can also create new sites and manage role memberships throughout the

    entire farm. In the Console, farm-level tasks can only be performed by farm

    administrators. For example, only a farm administrator can create a new site within

    the farm.

    Chapter 6 Managing Administrative Roles Managing Farm Administrators Farm administrators can view and manage all objects

    When the farm is first configured using the Configuration Wizard, the administrator

    that creates the farm is automatically assigned the Farm Administrator role. While

    configuring the farm, that administrator selects the option to use either Windows or

    Active Directory credentials for user authorization within the farm. After the

    Configuration Wizard is run, additional groups can be assigned the Farm Administrator

    role in the Console.

    To assign additional Farm Administrators

    Note: The authorization method displays to indicate if Windows or Active Directory

    credentials are used for user authorization in this farm.

    • 1. In the Console, right-click on the farm to which the administrator role will be assigned, then select Properties.The Farm Properties dialog appears.

    • 2. On the Groups tab, highlight all the groups that will be assigned administrative roles in this farm, then click Add.

    • 3. On the Security tab, highlight all groups to which the Farm Administrator role will be assigned, the click Add.

    • 4. Click OK to close the dialog box.

    Administrator's Guide

    Managing Site Administrators

    Site administrators have full management access to the all objects within a site. For

    example, the site administrator can manage Provisioning Servers, site properties,

    target devices, device collections, vDisk assignments and vDisk Pools.

    Administrator's Guide Managing Site Administrators Site administrators have full management access to the all objects within

    If a farm administrator assigns a site as the ‘owner’ of a particular store, the site

    administrator can also manage that store. Managing a store can include tasks such as

    adding and removing vDisks from shared storage or assigning Provisioning Servers to the

    store. The site administrator can also manage device administrator and device operator

    memberships

    To assign the Site Administrator role to one or more groups and its members:

    • 1. In the Console, right-click on the site for which the administrator role will be assigned, then select Properties. The Site Properties dialog appears.

    • 2. Click the Security tab, then click the Add button. The Add Security Group dialog appears.

    • 3. From the drop-down menu, select each group to associate with the site administrator role, then click OK.

    • 4. Optionally, repeat steps 2 and 3 to continue assigning additional site administrators.

    • 5. Click OK to close the dialog.

    Managing Device Administrators

    Device administrators manage device collections to which they have privileges. Device

    collections consist of a logical grouping of devices. For example, a device collection

    could represent a physical location, a subnet range, or a logical grouping of target

    devices. A target device can only be a member of one device collection.

    To assign the Device Administrator role to one or more groups and its members:

    Chapter 6

    Managing Administrative Roles

    • 1. In the Console tree, expand the site where the device collection exists, then expand the Device Collections folder.

    • 2. Right-click on the device collection that you want to add device administrators to, then select Properties. The Device Collection Properties dialog appears.

    • 3. On the Security tab, under the Groups with ‘Device Administrator’ access list, click Add. The Add Security Group dialog appears.

    • 4. To assign a group with the device administrator role, select each system group that should have device administrator privileges, then click OK.

    • 5. Click OK to close the dialog box.

    Managing Device Operators

    A device operator has administrator privileges to perform the following tasks within a

    Device Collection for which they have privileges:

    • w Boot and reboot a target device

    • w Shut down a target device

    • w View target device properties

    • w View vDisk properties for those vDisks assigned to a target device

    To assign the Device Operator role to one or more groups:

    • 1. In the Console tree, expand the site where the device collection exists, then expand the Device Collections folder.

    • 2. Right-click on the device collection that you want to add device operators to, then select Properties. The Device Collection Properties dialog appears.

    • 3. On the Security tab, under the Groups with ‘Device Operator’ access list, click Add. The Add Security Group dialog appears.

    • 4. To assign a group the Device Operator role, select each system group that should have device operator privileges, then click OK.

    • 5. Click OK to close the dialog box.

    Chapter 7

    Managing Stores

    Topics:

    Store Administrative

    Privileges

    Store Properties

    Store Configuration and

    Management Tasks

    A store is the logical name for the physical location of the

    vDisk folder. This folder can exist on a local server or on

    shared storage. When vDisks files are created in the Console,

    they are assigned to a store. Within a site, one or more

    Provisioning Servers are given permission to access that store

    in order to serve vDisks to target devices.

    Chapter 7 Managing Stores Topics: • Store Administrative Privileges • Store Properties • Store Configuration and

    A Provisioning Server checks the database for the Store name

    and the physical location where the vDisk resides, in order to

    provide it to the target device

    Separating the physical paths to a vDisks storage locations

    allows for greater flexibility within a farm configuration,

    particularly when using High Availability (HA). When HA is

    implemented, if the active Provisioning Server in a site fails,

    the target device can get its vDisk from another Provisioning

    Chapter 7

    Managing Stores

    Server that has access to the store and permissions to serve

    the vDisk.

    If necessary, copies of vDisks can be maintained on a

    secondary shared-storage location in the event that

    connection to the primary shared-storage location is lost. In

    this case, the default path can be set in the store properties if

    all Provisioning Servers can use the same path to access the

    store. If a particular server cannot use the path (the default

    path is not valid for that server, not because of a connection

    loss, but because it is simply not valid) then an override path

    can be set in the store properties for that particular server.

    Provisioning Servers will always use either the default path (if

    the override path does not exist in the database) or the

    override path if it does exists in the database.

    For more information on stores, refer to any of the following

    topics:

    • w Store Administrative Privileges on page 75

    • w Store Properties on page 75

    • w Store Configuration and Management Tasks on page 77

    • w Working with Managed Stores on page 78

    Administrator's Guide

    Store Administrative Privileges

    Stores are defined and managed at the farm level by a farm administrator. Access or

    visibility to a store depends on the users administrative privileges:

    • w Farm Administrators have full access to all stores within the farm

    • w Site Administrators have access to only those stores owned by the site

    • w Device Administrators and Device Operators have read-only access. Site Administrators may also have read-only access if that store exists at the farm level, or if that store belongs to another site.

    For details, refer to Managing Administrative Roles on page 69

    Store Properties

    A store can be created when the Configuration Wizard is run or in the Store Properties

    dialog. The store properties dialogs allows you to:

    • w Name and provide a description of the store

    • w Select the owner of the store (the site which will manage the store)

    • w Provide a default path to the store (physical path to the vDisk)

    • w Define default write cache paths for this store

    • w Select the servers that can provide this store

    After a store is created, Store information is saved in the Provisioning Services

    database. Each site has one vDisk Pool, which is a collection of vDisk information

    required by Provisioning Servers that provide vDisks in that site. The vDisk information

    can be added to the vDisk pool using the vDisk Properties dialog or by scanning a store

    for new vDisks that have not yet been added to the database.

    The Store Properties dialog includes the following tabs:

    • w General Tab on page 75

    • w Paths Tab on page 76

    • w Servers Tab on page 77

    General Tab

    Name

    View, type the logical name for this

    store. For example, PVS-1

    View or type a description of this store.

    Chapter 7

    Managing Stores

    Description

    View or type a description of this store.

    Site that acts as owner of this store

    Optional. View or scroll to select the site

    that will act as owner of this store. This

    feature allows a farm administrator to

    give one site’s administrators, special

    permission to manage the store. These

    rights are normally reserved for farm

    administrators.

    This is a Managed Read-Only Store

    Enable this option to set this store to be

    a Managed Store on a SAN. Refer to

    Working with Managed Stores for more

    details.

    Paths Tab

    Default store path

    View, type, or browse for the physical

    path to the vDisk folder that this store

    represents. The default path is used by

    all Provisioning Servers that do not have