Xc e 4.5 condensed tech deck 17 dec2012 final

XenClient Enterprise 4.5 Condensed Technical Presentation

December 17, 2012

© 2012 Citrix | Confidential – Do Not Distribute2

Agenda

• XenClient Overview

• XenClient Solutions

• Architectural Overview

• System Requirements

• Image Management: Layering and Publish Process

• Policy-Based Management

• Data Protection: Disk Encryption and User Data Backup

• Data Backup

• References and Resources


Centralized ControlPolicy-driven Management Server

XenClient Simplifies and Secures Corporate PCs

© 2012 Virtual Computer Inc

Secure and Optimized Local ExecutionTrue Type-1 Client Hypervisor

© 2012 Citrix | Confidential – Do Not Distribute

Make PCs manageable, reliable, & secure3


XenClient Components – Client Endpoint

• Engineᵒ Type-1 hypervisor running directly

on the hardware and hidden from the user

• Launcherᵒ The UI which provides an interface

to the user

• Dockᵒ A Dock that provides Citrix Receiver,

RDP Client, and Google Chrome


XenClient Components – Synchronizer

Objects Description

Users Computer, policy and VM assignments plus backups for each VM

Groups Which users belong to which groups, and group assignments

VMs Which OS, and version, which groups and users, policies

Policies Backup frequency, USB and other device, VM and computer access control, and more

Software What is available in the Software library

Computers Which users are supposed to use them

Events Detailed audit trail of actions for each object

• The management server performs all the administrative tasks for the solution. It keeps a database of all objects in the XenClient Enterprise solution.

Synchronizer Tasks: • Create VMs (Authoring)• Publish VMs• Create Users and Groups• Assign a VM• Restore a VM


What's New in XenClient Enterprise?

Next Generation Global Desktop

Expanded Use Cases

Supports the latest Ultrabooks and Intel 3rd generation processors Windows 8 support Now available in English and 6 other languages for major markets!

Enables more enterprise network policies with VLAN tagging NetScaler support for Synchronizer external network access

Increased Performance

Dual monitors in dock support Improved hypervisor boot time import and export VMs directly from the client hypervisor


Customer Challenges and Opportunities• Companies buy thousands units of PCs each year and need a better way to manage their current & new PCs• PCs deliver excellent local performance, but are riddled with patch failures, reliability, & security issues• Traditional Device Management is expensive , distracts focus and budget from higher value service delivery• XenClient FlexCast model turns PCs into Virtual Appliances, cutting management & operations costs by 70+%

Solution includes:

• XenClient Engine to secure PC endpoints and turn them into easy-to-manage Virtual Appliances

• XenClient Synchronizer for simple centralized management of fully virtualized desktops running on PCs

• Citrix Receiver for access to hosted XenDesktop or XenApp in addition to the local virtual desktop

• NetScaler integration for providing secure access to the management interface from any location

Effortless Device Management for PCsProject-based solution

Features BenefitsFailsafe Provisioning, Patching, & Updates

Provision 1000s of PCs as easily as one, eliminate patch failures, and achieve 100% success rates on updates

PC Execution for Local Uses Cases

Delivers local execution for use cases that need them – including distributed offices, limited network bandwidth, etc.

Excellent Scalability with Near-Zero Infrastructure

Offers near-zero backend infrastructure cost by harnessing inexpensive compute and storage available on endpoint PCs

Secure, locked-down, but personalized desktops

Secure the PC with full-disk encryption, protected VM image for instant recovery from malware or corruption, and network isolation

High Reliability and Rapid Recovery

Delivers high reliability with zero patch failures, transparent backup, rapid recovery, and instant full migration to new PCs in case of hardware failure

Value Story:

Citrix delivers the lowest-cost, simplest device management solution for PCs, turning them into centrally managed Virtual Appliances, for use cases where organizations are already using PCs or are planning to purchase them.


Customer Challenges and Opportunities• The number of enterprise laptops is increasing rapidly with users spending more time outside the office• Lost data on insecure laptops leads to financial losses, negative customer/market impact, and legal liability • Laptops are difficult to manage and update because of how often they are off the LAN or disconnected• Reliability and rapid recovery is critical for laptop users who are traveling and cannot be visited by IT

Secure & Manage Mobile LaptopsProject-based solution

Features BenefitsHigh Security for Mobile Laptop Users

AES-256 bit full-disk encryption, time-based lockout, and remote kill capabilities protect sensitive corporate data even if a laptop is lost

Failsafe Management Off the Corporate Network

Achieve 100% success rates patching and updating laptops regardless of whether they are on or off the corporate network

Extending Desktop Virtualization to Laptops

Extend desktop virtualization to offline laptops to gain all the benefits of centralized management, enhanced reliability, and high security

Transparent Backup to Protect Corporate Data

Automatically synchronize user data and profile information in the background to protect corporate data against loss or corruption

High Reliability & Rapid Recovery on the Road

Delivers high reliability with zero patch failures, complete data protection, and instant malware/corruption recovery to laptops users on the road

Solution includes:

• XenClient Engine to completely secure laptops online and off, turning them into easy-to-manage Virtual Appliances

• XenClient Synchronizer for simple centralized management of virtual desktops that work both online and off

• Citrix Receiver for access to hosted XenDesktop or XenApp in addition to the local virtual desktop

• NetScaler integration for providing secure access to the management interface from any location

Value Story:

Citrix XenClient extends the benefits of desktop virtualization to corporate laptops, turning them into Virtual Appliances that are completely manageable, reliable, and secure.


Architectural Overview – Engine

Hardware

Xen™ Hypervisor (Open Source)

… ServicesDomain(DomS)

Managementand Control

Domain(Dom0)

• True Type-1 Hypervisor (No OS below the hypervisor layer)ᵒ Fully virtualized platformᵒ Supports wide range of business-class PCsᵒ Full shared image support for Windows 7, XP & Vistaᵒ Linux supported as custom image or local install (Note: Support is unofficial since there are no PV drivers for Linux)

Virtual Machine #1 Virtual Machine #2

Virtual HW

Windows XP

Applications

User Data

Virtual HW

Windows 7

Applications

User Data

Shared ImagePatch

BackupStore

ManagementServer


Architectural Overview – Synchronizer

Central Server

Console

Control

Repository

API

LDAP

SQL

Hyper-V

FileSystem

ManagementServer

Storage


Architectural Overview – Synchronizer InfrastructureServer Components

Management Server XenServer, VMware, Hyper-V or Physical Stores one copy of each image and patch Distributes to all attached devices Stores backups

Authoring Server Physical Server Runs Server 2008 w/ Hyper-v Authors VM’s centrally Publish/patch VMs

Both components can be installed on a single systemDistribute across multiple systems for larger deployments


Central

Architectural Overview – Hierarchical Mgmt

Management Server (Web/App)

SQL

Remote

Caching Server

WANSQL Server (1433)

HTTPS (443)

• Optimized for low-bandwidth/WAN environments• Intelligent caching of downloaded images• Efficient use of bandwidth between remote offices

• At Remote Office• Local LAN operations for publishing/backups• One copy of OS image and patches• Backups stored locally in Remote Office

• At Central Office• Single view of Environment through management UI


Architectural Overview – OS Management

Shared ImagePatch

BackupStore

Update

SystemVHD

UserVHD

Backup

LocalVHD

ManagementServer

Shared System DiskOne to many, patch once, publish many

Persistent User DataBacked-up on server for instant recovery

Persistent Local Data (no backup)Page.sys, temp files, indexes, .ost files

One to many from server

SnapshotFor backup

FastRecovery


System RequirementsClient Hypervisor (Engine)

• Processor:

- Dual-core processor with hardware

virtualization technology support

• System Memory: We strongly recommend at least 4 GB of RAM

• Available Disk Space: 80 GB free disk space, more for multiple OSs

Management Server (Synchronizer)• Operating System:

Windows Server 2008 R2 with Hyper-V (Standard, Enterprise or DataCenter)

• Processor: ᵒ Authoring Server

• 2 Xeon class cores enough to create and update virtual machine images

ᵒ Management Server• 1-2 cores for running backend server• 3 Xeon class cores for each 1GB LAN connection

• System Memory: 8 GB minimumᵒ Authoring Server

• Recommend 6GB free for creating and updating virtual machine images

ᵒ Management Server• Minimum is 8GB• Increasing to 16GB will give the best performance

Browser to connect to Management Server:• IE 9 recommended• Microsoft .NET Framework 2.0 installed• RDP ActiveX control enabled


Image Management – Layering

• All patches are processed in the background

• All backups are uploaded in the background

• The VHD chains are handled by the engine

Version 1

Version 2

Version 3

Version 4

Base System VHD

The first patch becomes the top of the chain

Adding patches will grow the chain

Pointer to run to the top of the chain (current)

Gold Snap 1 Snap N Leaf

How layering works in XenClient Enterprise:How XenClient Enterprise rolls back an image:


VM

version1.vhd

version2.vhd

version3.vhd

nxprep.vhd

snapback.vhd

user.vhd

local.vhd

Drive C:

Drive U:

Drive L:

Hypervisor

Downloaded from the backend

Contains NxPrep Results

• Computer name• Domain Account• Device Initialization• NxPrep Extend

Contains any changes made since VM has started

Image Management – Layering


Image Management – Backups

Drive C: Drive U: Drive L:

Files:C:\C:\Program FilesC:\UsersC:\Users\AdministratorC:\Users\DefaultC:\WindowsC:\Nxtop

Files:C:\Program DataC:\Users\johnsC:\Users\PublicC:\Users\Default

Registry:User disk registry entries

Files:C:\Windows\PrefetchC:\Users\johns\AppData\Local\TempC:\Program Data\Microsoft\SearchC:\Program Data\Microsoft\WindowsDefender

Registry:Local disk registry entries

LocalUserSystem


Publishing Process – Publishing a VM

Publish Process

• One-time setup, done against initial VHD version• NxTop Service injected offline• Standard software packages installed.

• Per-published version processing• Create differencing disk to hold publish

changes• referred to as ‘n-diff’

• Hyper-V Publish Boot• PV drivers installed• No hardware yet – just added to Windows

database• Final VHD chain is (1..n, n-diff)• Communicated to client in XML description of

VM

Publish Boot Details

• Process Takes ~5 mins• Configure Windows Services• Install PV Drivers & NxTop Mgr Service• Uninstall Hyper-V integration services (3 mins)• Disable services• Speeds up Publish/NxPrep process• Services are enabled again at end of NxPrep


Publishing Process – Publish Chain

Version 2

Version 1

Version 3

Version 4Versions can be marked as a Staged version for testing. Only users marked to receive a staged version will get them.

2-diff

4-diff

1-diff

Current

Staged

Base System VHD, the start of the chain when the VM is first installed.

When Version 1 is published, the results are stored in 1-diff.

When Version 1 has been published, future patches are applied to a new Version 2 diff disk

When Version 2 is published, the results are stored in 2-diff

Non-published versions can be created as checkpoints.


Version 2

Version 1

Version 3

Version 4

2-diff

4-diff

1-diff

Current

Staged The most recent version (or versions) can be deleted using the Rollback feature if they are broken.

The topmost versions are simply removed and discarded (so long as no clients are currently using the version)

Publishing Process – Publish Chain Rollback


Preparation Process

•Client downloads required VHD files•All elements in system disk chain (1..n,n-diff)•Only loads those not already present locally

•User disk chain if it exists•User disk created on client when VM first deployed to user

•Push n-diff-1 disk onto system disk stack•Push new diff disk onto user disk to hold updates•Create local disk VHD if not present•Boot into NxPrep•VM booted with minimal memory size and no network•Runs at the same time as the existing version•Uses PnP to install virtual devices:•QEMU emulated devices not present on server•PV devices (disk, network, mouse, etc)

•Performs user personalization•Rename NxTop user for workgroup users•Create domain account profile

System Disk Collapse Process

•Intent is to collapse entire (1..n) chain•Improve performance•Reduce disk usage•Resulting chain is (1’,n-diff-1,n-diff-2)

•Chain is collapsed in one step•Blocks in versions (2..n) are written to version 1•For each 2MB block, find all the modified sectors in (2..n)•Write these sectors to version 1•This produces updated 1’

•Once complete, VHD chain updated•(n-diff-1) updated to point to (1’)•Meta data updated to indicate (1’) contains all previous versions

•Lastly, old versions (2..n) are discarded.

Publishing Process – Engine-Side Processes


Policy-Based Management – Overview

Policies control aspects of a VM, Engine, or Synchronizer

• Policies are defined in the Synchronizer, and then assigned to VMs.

There are 3 basic types of policies in XenClient Enterprise

• Virtual Machine policiesᵒ These policies control various aspects of how a virtual machine (VM) performs

• Engine policiesᵒ Deals with Launcher, Activities Center, Network and Power Management

• Synchronizer policiesᵒ Used to define Admin roles and bandwidth control for e.g. updates


There are nine different types of XenClient policies:• Administrator Role: Allows an administrator to assign privileges based on an assigned role• Backup: How often automatic backup is performed and how long backups will be retained• Bandwidth: Set the bandwidth policy for an IP or subnet (max bandwidth, time period, etc.)• Engine: Engine Policies affect behavior of XenClient Engines, not VMs• Default policy sets behavior for all XenClient Engines associated with a Synchronizer

• Expiration: Limits VM use to a number of days from first use• Lockout: How long the computer can be out of contact with the Synchronizer before locking users

out of the VM (lease period)• OS Profile: A set of rules for the OS for special handling for applications, services, or other setting. • Snapback is the ability of the OS to return to the condition of the last XenClient publish and

discarding any made changes. • USB Filter: The types of USB devices can be used on the VM• Windows Setting: Establishes logon types and automatic logon settings for users. Configures VLAN

tag settings

Policy-Based Management – Setting Policies


Partition 2Partition 1BootMBR

Encryption Architecture

Unencrypted K2 Encrypted

VHD RepositoryControl DomainTrustGRUB

BIOS

K1 Encrypted

/boot

unencrypted

encrypted

K1 K2

1 2 3 4


Data Protection – Remote Kill• Shreds all encryption keys

ᵒ So an encrypted boot can’t be read

• Deletes all VM VHDsᵒ Any running VMs will have blue screen at some point when the data can’t be read.

• Writes random data all over the physical diskᵒ Will completely wipe our software and entire disk (and anything on the system

including dual boot roots)

• Finally, system is halted after 30 minutes if not already stopped


Data Protection – User Data Backup OverviewBacked up on a schedule

• As defined by policy

Items Included Out-of-the-Box• Users directories• Personalization (Wallpaper, Application data)

OS Profile Customization• XML language defines files/registry values to save

Client-Side Process• Snapshot created on scheduled basis

• Pause guest• Add new diff disk “user-diff-m” onto head of user chain• Update guest to use new head• Resume guest

• Backup sends previous diff disk to server• Sends “user-diff-(m-1)”

• Once backup sent, merge to single VHD• When system is idle


Data Protection – User Data Backup Process

UserVHD

Snapshot2

Backup of User VHD: Previous disk in chain uploaded to server when connection available

Snapshot2: New COW disk created when scheduled time for backup reached. Changes made by VM are written to new snapshot.

Snapshot3Snapshot3: If scheduled time for backup reached again, a further snapshot is created.Backup of Snapshot2: Once initial backup has

been sent, second one will be transferred

Initial State: Original User VHD, start of the chain


Data Protection – User Data Backup Process

UserVHD’ (2..1)

Snapshot3

Once backups have been sent to the server, they are merged into the base disk

© 2012 Citrix | Confidential – Do Not Distribute

Customer Quotes

Thanks to XenClient Enterprise, computers are being deployed to our newest hospital at a fraction of the time it would ordinarily take.

Ames Prentis, CEO, IVG Hospitals

XenClient Enterprise is the first product I have ever tested where my users want to adopt merely by word of mouth. We had employees at all levels literally begging to get these systems.

Alan Rabideau, CIO, Residential Finance Corporation

By using XenClient, we can centralize the management of PCs remotely instead of traveling to each site to deploy, update or patch. This has greatly reduced our costs and increased the productivity of our IT staff.

Kraig Stewardson, IT Desktop Manager, Life Time Fitness


More Technical Resources• Watch XenClient “How-to” videos in the XenClient Enterprise 4.5 How-to Series

• Get more information from the Extended XenClient Technical Presentation

• Get specific technical information about XenClient from the Knowledge Center

• Get technical support from the XenClient Support Forums

• Get the latest XenClient Customer Presentation for use with prospects

• Get the latest sales resources from the XenClient Sales Kit

• Keep up with latest XenClient news by subscribing to the XenClient Blog RSS feed

• Contact the XenClient sales overlay team at [email protected]

• Download the latest version of XenClient at www.citrix.com/xenclient/tryit

http://www.citrix.com/tv/

http://www.citrix.com/tv/

http://www.citrix.com/skb/articles/RDY7019

http://support.citrix.com/product/xc/ev4.1/

http://forums.citrix.com/category.jspa?categoryID=219

http://www.citrix.com/skb/articles/RDY7024

http://community.citrix.com/kits/

http://blogs.citrix.com/product/xenclient/

mailto:[email protected]

http://www.citrix.com/xenclient/tryit

Work better. Live better.

Technology

Xc e 4.5 condensed tech deck 17 dec2012 final