Wan Optimization Survey:

Take this quick survey to tell us more about the solutions your organization uses to optimize your WAN.

1. Do you currently have a WAN optimization solution in your IT environment?	Choose
Yes (go to Q2)
No (go to Q3)

2. Which, if any, of the following WAN optimization solutions does your organization currently use? (check all that apply)	Choose
Citrix WAN optimization product(s) (WANScaler, Branch Repeater, Branch Repeater with Windows Server)
Riverbed
Blue Coat
Expand
Other (please specify in a comment)
I don't know

3. Approximately what average percentage of your organization's overall network traffic is via XenApp (ICA)?	Choose
0%
1-25%
26-50%
51-75%
76-99%
100%
I don't know

Thank you If there is anything else you would like to tell us, please leave a comment.

It is always exciting when the first emails start to come in with feedback on a new software release. A few weeks ago, the Apollo team put out a second Tech Preview release of our accelerated bitmap remoting technology for 3D graphics acceleration on XenDesktop. This release introduced support for delivering 3D professional graphics applications -- both OpenGL and DirectX based -- over a DSL-like WAN/Internet connection (1.5 - 6 Mbps). With this new technology, companies can keep their intellectual property safe in the delivery center while enabling workers to access 3D applications remotely, even from another continent. Here are some of the early comments:

• "We have been extremely impressed by early results while testing the Apollo Tech Preview with [Autodesk] Revit Architecture." -- Global architectural firm, testing over high latency trans-Atlantic WAN links.
• "The [test subjects'] reactions are positive so far. At 1.5 Mbps it is still very usable." -- Major software vendor.
• "So far this is the only product to have anywhere near acceptable performance." -- Top tier system integrator.
• "[We're] doing user testing and so far everyone is loving it." -- Diversified manufacturer of commercial and defense products.

Based on the positive response, we are now accepting additional organizations into our Tech Preview Program. So if you'd like to "kick the tires", please complete the application form at www.citrix.com/apollo3Dgraphics.

Derek Thorslund
Product Strategist, Multimedia Virtualization

I thought you might get a kick out of this. As I was walking down the hall in the office today, I saw this hanging on one the walls and got a good little chuckle out it. Come on and go ahead and sign up to be a Virtulization Patriot!

Click on the below thumbnail to view the full size image:

This is a presentation by Walter Hofstetter from Citrix Germany gave at PubForum 2008 in Nice, France on Citrix XenDesktop Updates

This is a presentation by Frederic Serriere from Citrix France given at PubForum 2008 in Nice, France on Citrix Printing Troubleshooting

This is a presentation by Thomas Monahan from Citrix Ireland gave at PubForum 2008 in Nice, France on Citrix XenApp HRP3

This is a presentation by Thomas Monahan from Citrix Ireland gave at PubForum 2008 in Nice, France on Citrix XenApp Troubleshooting

This is a presentation by Karen Sciberras from Citrix Ireland gave at PubForum 2008 in Nice, France on Citrix XenDesktop Troubleshooting

Avoiding being Phished
I interviewed Brandon Olekas for this topic.  Brandon is a Lead Security Engineer at Citrix. He has been working in XenApp security for about four years, has been involved with many security features and improvements in the XenApp product, and helped co-author  Citrix Access Security for IT Administrators. He has a Computer Science degree from Georgia Institute of Technology and is an Associate of (ISC)².
Here is Brandon:

Q: What is Phishing?
A: It is a form of Social engineering - attempting to fool people into revealing information that is subsequently used against them.
Phishing doesn't require a lot of capital, so it is no wonder it is so prevalent.  Research firm Gartner Group estimates that phishers will cost US businesses and consumers a whopping $2.8B this year.  The average take: $1244 per victim.

Phishing primarily targets stealing personal information through the use of e-mail and websites. Phishing emails usually appear to come from well-known financial institutions (which they are not) and their goal is to acquire login information, credit card numbers, social security numbers, or account numbers.

Phishing e-mails attempt to entice the user into clicking a link which will direct them to a malicious website. The thing is, legitimate businesses will never request this information via e-mail.

Bottom line is, if you receive an e-mail asking you to login to your bank, do not click the link. Open a browser and go directly to the official bank site.

Q: Don't malicious Phishing sites also attempt to do damage to the victim's computer?
A: Actually, most virus scans catch virus-infected attachments now.  Phishers are looking to steal personal information.  One other case that comes to mind is the Nigerian scam, which is considered phishing because they attempt to fool victims into sending money.  The victims were enticed to send actual money to the Phisher after being convinced some amount of their own money was required to free up the large winnings.  Even though this sounds ludicrous, many victims fell prey to this scam.  Even now, people still fall for the Nigerian type scams

Q: How else can people notice the dangers and avoid "being Phished"?
A: According to phishtank.com, the most important things to look for in a phishing e-mail are:
1.       Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like "First Generic Bank Customer" so they don't have to type all recipients' names out and send emails one-by-one. If you don't see your name, be suspicious.
2.       Forged link. Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, don't click on the link. Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you don't see "https" do not proceed.
3.       Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
4.       Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

In addition, in the URL, pay attention to be sure you are reading correctly.  For example, http://Realbank.hacker.com does not mean it is from Realbank.  To the contrary, it is from hacker.com. 
Also look out for numbers preceded by a % sign, which are encoded characters.  They can trick you.  For example, %47 is just a capital G, but it means the same thing to your web browser, i.e., http://%47oogle.com = = http://www.Google.com.

A good educational resource is at this site: http://cups.cs.cmu.edu/antiphishing_phil/   Anti-Phishing Phil - it's a fun online game that teaches how to recognize phishing websites.

Q: What is "Spear Phishing"? 
A: Just like regular Phishing, the objective is to entice the victim into divulging key information.  Spear Phishing is slightly different in that it is directed to a target person or group, and it is often extremely personalized.  For example, a Spear Phishing exploit may include having all the managers in a company receive a note that looks like it's from the CEO, asking them to click on a malicious web site that could look very credible.  Any person on a network is able to spoof a particular user.  Even a user outside the network could easily get a free email account with the CEO's name clearly evident.

Q: What are "Phishing Kits"?
A: These are sold on hacker forums on the internet.   They provide easy ways for nontechnical people to easily set up a Phishing operation.  Well, often the laugh is even on them: many of these kits create fraudulent web sites that actually send emails back to the Phishing Kit author, giving him the desired Phishing information, instead of or in addition to the Phisher.  Since the nontechnical Kit buyer can't read the code, they can't see that they are actually the dupe.

One of the most prolific phishing groups and kit authors is called Rock Phish.  No one can say for sure where Rock Phish is based, or whether the group operates out of a single country.  "They are sort of the Keyser Soze of Phishing," says Zulfikar Ramzan, senior principal researcher with Symantec's Security Response group, referring to the secretive criminal kingpin in the 1995 film, The Usual Suspects.  Security experts estimate that Rock Phish is responsible for between a third and a half of all phishing messages sent out on a given day.  Information was taken from, and full article can be found at http://www.pcworld.com/article/128175/who_or_what_is_rock_phish_and_why_should_you_care.html

Q: Where can people go for more general information on phishing?
A: There are some Good statistics here:
http://apwg.org/reports/APWG_GlobalPhishingSurvey1H2008.pdf

Other good resources:
[www.phishtank.com]  - Collects and verifies phishing sites. If you suspect a site is fraudulent, you can check it here.
[www.apwg.org]- The Anti-Phishing Working Group. The global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that results from phishing, pharming, and e-mail spoofing of all types

XML firewall

In 9.0, the Application Firewall can be used to protect applications that use XML payloads. These applications include SOAP-based Web services, AJAX applications and REST-based applications that use XML. XML specific security features include

•     XML Denial of Service protection,
•     XML Well-formedness check,
•     XML attachment detection,
•     Message validation (Schema)
•     Cross Site scripting and SQL Injection protection
•     Web services Interoperability (WSI) check

 XML protection is integrated into the Application Firewall. So all applicable firewall features including Start and Deny URLs, Buffer overflow, Cookie protection and Safe Object checks are available. More details on the XML firewall functionality can be found at XML Security Features in Netscaler 9.0

Application Firewall - Integrated Caching interoperability

The 9.0 release has full interoperability between the Application firewall and the Integrated Caching (IC) module on the Netscaler. In the 8.1 release, the Application firewall supports IC for features that do not require parsing the response body.  In 9.0, this restriction is removed. This results in better performance if the application html pages are cacheable. Features like Form field consistency and URL closure benefit from this new functionality.

URL Transform module

URL transform module provides an easy regular expression based approach to rewrite requests and response URLs. This feature is available separate from the application firewall license. It builds on the application firewall parsing technology to rewrite only valid html links.

Custom error pages

When the Application Firewall detects and blocks an invalid request, it can serve out a custom HTML response that has been uploaded or do a 302 redirect to a configured URL. Previous releases could only do the 302 redirect.

For those who are looking for a place which aggregates Autodesk and Citrix related technical information, I've created a page on Citrix Developer Network at

http://community.citrix.com/display/xa/Autodesk+Citrix+Best+Practices

Your feedbacks are welcome.

Keep in mind...

The average high temperature in South Florida during December is 77°F, and the average low, 61°F
The last time it snowed in South Florida was in 1977

Are you a Network Engineer or a Systems Engineer who specializes in the planning and integration of Citrix XenApp Platinum in an enterprise environment? If so, Citrix Education would like to invite you to participate in a four-day, onsite Job Task Analysis (JTA) workshop at Citrix worldwide headquarters located in sunny Ft. Lauderdale, Florida from Tuesday, December 16th through Friday, December 19th. In this workshop, you will provide input that will be used to design the new Citrix Certified Enterprise Engineer™ (CCEE) certification exams and corresponding training curriculum. 

The objectives of the workshop are the following: 

• Determine the job tasks that Citrix Engineers are responsible for in Citrix XenApp Platinum environments
• Create real-world scenarios that will be used in future training and certifications
• Select the topics that should be taught and tested in the new Citrix Certified Enterprise Engineer (CCEE) track

No need to prepare! Simply attend all four days and provide information about your Citrix implementation as well as the specific tasks you perform.

Compensation: If you are selected to attend the workshop, Citrix Education will pick up the tab for your travel, meals during the workshop, and entertainment in beautiful sunny South Florida!

Criteria for participation:

• Must act as Engineer for a XenApp 5.0 for Windows Server 2008 environment
• Must have integrated XenApp with at least one Platinum component such as:
  • EdgeSight 4.5 or higher
  • WANScaler 4.5 or higher
  • Access Gateway 8.0 Enterprise Edition or higher
• Experience with the following is ideal:
  • Using XenApp SDKs for customizations
  • Scripting (MFCOM or Powershell)
• Experience with or plans for the following are a plus but not required:
  • Virtualizing XenApp on XenServer, VMware, or Hyper-V
  • Provisioning XenApp loads
  • Monitoring Loads of XenApp farms

If you, or a member of your technical team, are interested in participating in this workshop, please send an email to Lourdes Soler at Lourdes.Soler@citrix.com. Please include your phone number, and the dates and times when it would be convenient for you to be contacted.

Space is limited so act now!

This is a presentation I gave at PubForum 2008 in Nice, France on Citrix Provisioning Server 5.0 New Features

The Streaming Client installer goes out of its way to prevent installation on the "home" editions of Windows XP and Vista. Technically, the streaming client does not really care about which edition of the operating system it is; its just a test coverage statement.  This post describes how to convince the streaming client to install on the "home" editions and has some fun debating the dev-test checks and balances that exist in all large software organizations.

Consider this scenario

• Streaming client was written without any particular dependence on "Professional" version of the operating system
• Streaming client installer was written to prevent installation on non-professional versions (meeting requirements).
• Customer feedback during XenApp 5.0 / Streaming 1.2 Beta described this restriction as undesirable. 
• Now - You want to fix it....

The Streaming Client supports many platforms.  In streaming client 1.2, we dropped Windows 2000 Professional, but it still supports a large list including

• XP Professional
• Vista Professional
• Windows 2003 Server
• Windows 2008 Server 
• XP Professional 64-bit
• Vista Professional 64-bit
• Windows 2003 Server 64-bit
• Windows 2008 Server 64-bit

The above list may not be the correct list, but stick with me on the concept.  That's 8 platforms that the test team has to "certify".  Add in XP and Vista "home" and you have 2 more.  If it takes N days to decide that an operating system version definately works, then that's 2 * N more work to do and this has to be repeated numerous times throughout a development cycle.

Back to the "bug" - Streaming Client refuses to install on "XP Home".

Development point of view: The Streaming Client doesn't care about home vs. professional.  It will work.

Test point of view: I haven't SEEN IT WORK - therefore, it doesn't work.

The solution taken for Streaming Client 1.2 was to publish an installation transform which would FORCE the streaming client to install even if it doesn't like what it sees with regard to the operating system version at installation.  This transform was officially included on the XenApp 5.0 installation media, allowing the "home" editions to remain officially unsupported, yet letting them un-officially really work.

The Citrix Support team has a knowledge base article written on this: ctx118086

What it comes down to is

1) You need the installation transform.  It is on the XenApp 5.0 installation media (DVD) in the "Support\AppStreaming " folder.
2) You need to tell the installer to use the transform.  XenAppStreaming.exe is the streaming client installer.
XenAppStreaming.exe /C:"setup TRANSFORMS=<LocationOfTransform>"

There's one more thing.  The KB references how to do this using the MSI installer.  You'll notice that there is no MSI installer for the streaming client included on the installation media.  I don't recall the reason, but we removed it and I'm sure it was a good reason.  The EXE version extracts the MSI and runs it.  The point: the KB references two methods to run the transform - use the one for the EXE installer.

I extend my thanks to our CEO, Mark Templeton for purchasing a machine with XP Home pre-loaded and expecting to be able to stream to it.  This motivating me to "spread the knowledge" so other folks might work around the same thing without great headaches.   We will do well to remove the "home" limitation in future releases.

A question to solict comments: If we remove the installation check for "home", from a customer point of view, is it necessary to actually test "home"?  Notice that this means that we assume "home" will work given that "professional" does, and let conflicting views arrive during beta feedback.  I note that we already do this for "Media Center" and "Ultimate" editions.

Joe Nord

Product Architect - Application Streaming

Citrix Systems, Fort Lauderdale, FL, USA

Am I the only one who has trouble understanding Cloud Computing?  Is Instant Messenger considered cloud computing? Is my company's enterprise deployment of XenApp on XenServer considered Cloud Computing? Is the iTunes store considered Cloud Computing?  Why is Cloud Computing so hard to figure out?  Well, look at it from a different perspective.

Have you ever laid down on the grass and looked at the sky and tried to figure out what a cloud looked like?  You might think one cloud looks like a puppy and another looks like an airplane while someone else thinks your puppy looks like Homer and the airplane looks like a TV.  Trying to find shapes in the clouds is all based on your perception, just like if you try to get a definition of cloud computing from 5 different people, you will most likely get 5 different ideas. 

Of the many discussions I've had on this topic, I always hear some very similar comments. 

• Isn't Cloud Computing just a new name for the ASP model that Citrix was involved with years ago?
• Is Cloud Computing just the new term for SaaS? 
• Is the Cloud just a new name for the Internet?
  

Well, let's take a very brief look back before we get into the cloud...

ASP

I think one of the problems with understanding cloud computing is many people have been involved with Citrix for a long time. If you have been involved, you will remember the ASP model. In the ASP model, a 3rd party would host your applications for you, typically providing remote access with MetaFrame.  So instead of you having to hire people to manage your set of MetaFrame servers hosting Office 97, you would pay a 3rd party to do it for you.  You would access your applications using a secure connection (Citrix Secure Gateway) over the Internet.   You wouldn't have to worry about managing the servers or providing the data center space/power.  Instead of paying these large up-front costs, you would get a static, recurring bill based on the number of servers hosted.

SaaS

After the ASP model faded into memory, we got into the SaaS (Software as a Service) model.  In this model, a software vendor will host their proprietary applications to their subscribing customers.  When you hear SaaS, you always hear about SalesForce.com.  Well, Citrix Online is SaaS as well.  Citrix Online hosts the GoToMeeting/GoToWebinar/GoToMyPC/GoToAssist services and users access these services across the Internet.  Users are charged a recurring bill, and do not have to worry about maintaining and supporting the underlying infrastructure.  The SaaS model has been very successful because one would expect the people who know the best way to deliver an application are the ones who developed the application to begin with. 

Cloud Computing

Now we get into Cloud Computing.  Cloud computing can take on many different shapes, just like the clouds in the sky.  But one thing is common, all delivered services occur over the Internet, which is THE CLOUD. Cloud computing is essentially granting the ability to allow any user, on any device, from any location to get access to their applications and data. 

As I see it, Cloud Computing is a big white board waiting for organizations to make their requirements known.  Do you want a Test/QA environment to do whatever? This is cloud computing. Do you want someone to deliver office productivity applications for you? That is cloud computing. Do you want to have all of your MP3s stored on an Internet storage repository so you can get to it from any device?  That is also cloud computing.

I think the big thing with Cloud Computing, which helps differentiate it from the ASP model, is that the environment is dynamic, meaning that a server is not a SAP server or an Exchange server or a SharePoint server. A server is instead anything you want it to be with server virtualization and server provisioning.  So instead of a SAP server or a SharePoint server, we now have SAP and SharePoint workloads than can be moved and provisioned to any infrastructure available. It can be scaled up or down based on changing needs and defined rules.   With Cloud Computing, making these changes does not require rebuilding systems, it happens automatically and only involves resetting parameters.

If these are core requirements for any cloud provider, Citrix Cloud Center(C3) is able to help deliver the cloud-based solution. 

• With Citrix XenServer Cloud Edition, we can help provide the dynamic workload provisioning
• With Citrix NetScaler, we can provide the optimized, compressed and secured connections required for Cloud-based connections
• With Citrix WANScaler, we can provide the efficient link between the cloud and the enterprise infrastructure
• With Workflow Studio, we can create and implement automated workflows that will manage and maintain the environment for us
  

So, the next time you talk about Cloud Computing, remember it is very similar to the dynamic clouds in the sky, Cloud Computing can be pretty much anything. One thing is common though, you need an underlying infrastructure that is dynamic, optimized, secured and automated. 

Daniel

It is great to see the Citrix Technology Professional (CTP) program growing and involving more and more of the community. There is now a new logo for members of the CTP program to be recognized by their peers and the industry.

Continue to: http://community.citrix.com/display/cdn/Citrix+Technology+Professionals

If you don't know about the Citrix Technology Professional (CTP) program, here is a brief description of the program.

The Citrix Technology Professional (CTP) program recognizes and supports the contributions of highly visible, credible and accessible individuals that have invested a tremendous amount of time, resources and expertise in Citrix products and solutions. These individuals have consistently demonstrated their real-world knowledge, industry expertise and technological insights.

CTPs have enabled the success of Citrix implementations worldwide, whether through sharing knowledge on web sites, publishing technical documentation, creating active communities of Citrix users, participating through online discussion forums, offering technical expertise in the field, and/or speaking publicly at conferences. The wealth of knowledge they have developed - and more importantly, openly shared - has proven invaluable to both Citrix and our customers.

Through the CTP program, Citrix is reaching out to the technical community to share ideas and provide insight into our plans. In turn we gather insightful opinions and collect valuable feedback. Through the CTP program and under non-disclosure agreement, we intend to offer both greater details into publicly available information, as well as advance knowledge of some of our strategies and planned technologies, in order to facilitate their ability to continue to offer trusted guidance and technical knowledge with the broader technical community.

Continue to: http://community.citrix.com/display/cdn/Citrix+Technology+Professional+Program+Overview

AutoDesk and Citrix Tips and Tricks Part 4

Here is a video demo of how to apply Autodesk AutoCAD Map 3D 2009 on XenApp post installation script.

http://citrix.utipu.com/app/tip/id/5027/

Here is the embeded version of the same video.The embedded video currently doesn't have associated notes. Please click the links above to see the same video with notes and at a higher resolution

For more information and download the script, please visit the following link

 http://community.citrix.com/display/xa/Autodesk+AutoCAD+Map+3D+2009+on+XenApp+post+installation+script

Tip:

• You can find a log with details about the execution of the scripts in the user profile directory named AutodeskForCitrix.log
• The template directory in which the information is saved has to exist before running the scripts
• Change the batch files to use a different directory to save information. Network share is supported
• Run the apply script automatically whenever a user logs in

Please see my blogs for the complete series.

Ray Yang

NetScaler's Application Firewall offers great protection for Web Applications via a positive security model that lets the user decide what is allowed to reach their web server. Web site vulnerability and compliance requirements can be met by deploying this integrated firewall.

But the concept of the web is changing. Expanding beyond the traditional web pages, many sites now include programmable interfaces accessible via XML based APIs. While web sites are mainly for consumers, the programmable APIs are used by business partners and customers to automate and integrate systems. The APIs are also getting used by emerging Web 2.0 enabled Rich Internet Applications (such as Adobe Flex and Microsoft Silverlight) that get deployed inside a consumer's browser. Once deployed, these RIAs will make active and passive calls to the exposed APIs of a web site. Often exchanging information in the background using an XML based protocol like REST or Web Services.

As the Web and programmatic APIs continue to become more of an integrated offering, it is important to provide security for the APIs as well as for the Web site. NetScaler 9.0 introduces a major new module inside the Application Firewall centered on XML Security. With these new capabilities, users will be able to simultaneously secure HTML based web sites as well as XML based REST and Web Services APIs.      

_{Useful Links}

• XML Security Features in Netscaler 9.0

I remember stories of my grandmothers childhood about how there was no such thing as electricity or the automobile, and how she had to walk to or ride a horse just to get to school. I think about today sometimes when I am with my nieces and nephews, and how they will never have known a world without the internet or cell phones, or that they even use a computer at school. Even for myself I remember some of the first cell phones that came out, and wow, were they huge compared to today's standards. Well they are about to get even bigger, but not in size, but in capabilities.

In a recent article posted on BetaNews, Virtualization is poised to give mobile phones the business, takes this viewpoint and the abilities even a bit further.

"The possibilities are tantalizing. For instance, Citrix is said to be nearing the Apple App Store (metaphorically speaking) with virtualization software for the iPhone. If the makers of the popular GoToMyPC app can deliver, the new number-two smartphone vendor could offer a powerful push for adoption to business folk using Wintel systems at work."

http://www.betanews.com/article/Virtualization_is_poised_to_give_mobile_phones_the_business/1226714481

Can you imagine running, or should I say accessing, any of your applications from your cell phone? Sure, the screen is a little small, but it is usable. Recently at Citrix Summit, Citrix gave you a glimpse of running applications from the iPhone, with the Citrix Application Receiver. The screen size of an iPhone is just about right for delivering a user experience that one could/should have no problem, with exception of course. What an incredible time it is when you can actually have access to phone calls, text messaging, email, the internet, and your applications or even your desktop, all from a cell phone.

AutoDesk and Citrix Tips and Tricks Part 3

How to publish AutoCAD Map3D 2009 on XenApp

Here is  a short demo of publishing AutoCAD Map3D 2009 as a published application on XenApp.

http://citrix.utipu.com/app/tip/id/5015/

Tip: publish executable acad.exe

How to change published Map3D 2009 icon

When you use the default settings to publish AutoCAD Map 3D 2009 on XenApp, the icon associated with this published application is different from the official blue icon the installation placed on the desktop. This short demo shows how to associate the right icon with the published application.

http://citrix.utipu.com/app/tip/id/5017/

Tip: get the icon file location from the desktop shortcut property.

Please see my blogs for the complete series.

Ray Yang