[NEOCUG] Jim Kenzig of The Kenzig Group, Citrix iForum 2003 Review Part 1 of 2 - LONG!

  • From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
  • To: <neocug@xxxxxxxxxxxxx>, <thin@xxxxxxxxxxxxx>
  • Date: Thu, 16 Oct 2003 23:43:54 -0400

Jim Kenzig of The Kenzig Group, Citrix iForum 2003 Review Part 1 of 2
Copyright 2003

You can download the Microsoft word version of this article at:

This review can be found online at:

This is part one of a two part review. Part one reviews the overall Citrix
iForum 2003 and breakout sessions. Part two will review the Sponsors and
Conference Exhibit hall.

First off here are links to the pictures that I took during the event:

Day One http://thethin.net/citrixse/iforum2003

Day Two http://thethin.net/citrixse/iforum2003day2/

Day Three  http://thethin.net/citrixse/iforum2003day3/

Overall I would have to say that this year?s iForum was one of the best
ever! There were more sponsors in the conference hall then ever before and
the content of the Keynotes and the breakouts was for the most part
informative and useful. There were over 2600 people in attendance!
In this review I?ll touch on as much of the most relative technologies and
information from the breakout sessions that I attended.  I?ll assign each
session a grade between A and F (in my opinions of course).  At the end of
the review of the breakout sessions I?ll write about all of the different
sponsor products and if I have an opinion there I?ll also give it.  I am
going to refrain from rating the sponsors because I felt that all of them
did an excellent job with regards to displaying their products.

I arrived in Orlando on Monday noon and checked in at the Dolphin Hotel and
registered for the event.

Day One
There were several breakout sessions that were scheduled on Monday.
Methodology in a Box (MIAB)
The first session I attended was Doug Brown Citrix SE (dabcc.com) and Sunny
Singh?s Methodology in a Box breakout.   Methodology in a box is a several
hundred page document that explains how to rollout a Citrix Deployment.
However the method can be used to plan any type of project. The document
goes through the five phases of a project and explains them quite in depth.
The 5 phases are analysis, design, implementation, readiness and rollout.
At each phase it is recommended a meeting of all key players get together
before going on to the next phase.  Doug dubbed project management as the
?art of setting expectations?.  The document can be found on
http://www.dabcc.com/miab/  and a version 3 of the document that contains
over 830+ pages should be out within the next week or two.  Doug and Sunny
did an outstanding job in this session and I highly recommend this document
to anyone who is involved with planning projects and to all Citrix
consultants involved in planning rollouts.  For more on this presentation
see my raw notes posted on Brian Maddens site at:
Overall Rating: A+
Out of the Box Tools
The second session I attended was also done by Doug Brown along with David
Hart.  This session outlined some really great utilities that should be in
every Citrix Administrators arsenal.  The first utility that was covered is
a utility called Project Compatibility.  I?ll admit that it has been a while
since I checked out this tool on Doug?s site at dabcc.com/pc but I must say
that this project has developed into a very very essential utility for any
Citrix Administrator.  Basically Project Compatibility is a graphical way to
map printers with their respective driver.  It enumerates all Metaframe
servers, presents failed drivers with recommended compatible drivers and
then you can view edit or remove existing mappings from the IMA datastore.
It also lets you view all installed printer drivers across your servers.
The problem administrators face is that even if the correct printer driver
is installed on a server, if the name of the printer on the client is
different than the name on the server, the printer simply will not
autocreate.  The other issue at hand that PC solves is the replication of
printer drivers and mappings to other servers in your farm. There is a
version 3 of the product for Metaframe XP FR3 and version 2.1 for Metaframe

The next utility that was shown was Dsverify. Dsverify is a multipurpose
Metaframe XP datastore health check and
reindexing tool. DSVerify can verify server host record entries in the farm
and remove orphaned entries in the Citrix mmc.
Dsverify /?
Dsverify servers
/Force Specify /clean and servername to delete.

The Ica Client printer Config Utility shown next uses an external database
for auto discovery of client devices in a Metaframe XP Farm. The utility
extends ica clientmname based printer mapping to include network print
queues support. Network print queues and client name mapping are stored in a

Registry Checker (RC) is an automated tool that reads the Metaframe XP
registry entries and compares them to recommended values for best
optimization practices.  It writes the recommended changes to a VB script
which can then be run on the server to apply the values.  This should be
useful for all admins especially those doing multiple server deployments.

Other utilities featured were Microsoft?s MDAC Component Checker, a utility
to verify what version of MDAC is installed on the server, Connspeed a
utility to set ica connection speed for Web Interface or with Project
Columbia. To use the Connspeed utility IIS 5 or later with Columbia
or Web interface 2.0 or 1.6 are required.
IMATracer is a utility that enables IMA Datastore debugging information to
be logged.  This utility troubleshoots ima install issues and pinpoints high
resource utilization of the IMA on servers.  SuperScan is a utility that is
a tcp port scanner, pinger and hostname resolver and is great for
troubleshooting ports especially the IMA (port 2512), SQL (port 1433) and
Secure gateway (port 443).

Ethereal is a free Network Protocol analyzer for Unix and windows with
promiscuous support.  It examines data from a live network or capture file
similar to Netmon or lanalyzer. http://www.ethereal.com  Superscan is
another such utility found at http://www.foundstone.com.

The most exciting utility that was discussed was the MFComm API.  Using
Vbscript this API can help with Administration and help desk, Streamline the
Metaframe XP management console functions and perform command line user
shadowing and give admins the ability to quickly unpublish and republish
applications across servers as well as give admins an easy way to hide
server drives via a vbscript. MFCOM script writing can be used to access
most all of MF XP server monitoring and management functions making it a
very powerful and valuable tool.  It will allow developers and admins to
create tools for task frequently performed that would take multiple mouse
clicks in the Citrix MMC.

Below is a list of sample VBScripts that have already been written using the
MFComm utility that will be posted on soon on Doug Brown?s website at
Client query
Session query
Session control
Enumeration virtual channel licensing zones accounts app publishing
SvrOffline/svrOnline Automate unpublishing of apps before performing
maintenance and avoid load manager issues
Take MF XP Server offline by svrOffiline script that unpublishes apps
PubappRpt List all published apps
PrinterCleanup removes hung autocreated prints
MFLicenses report available and lof MF XP connections lices to the app log
in event view
AppIdle enforce specific publishe d app idle session logoffs
SvrSessionCnt displays idle active and total session counts for specified

As you can see there are many useful ones in this list and no Citrix admin
should be without.  I?ll be looking forward to downloading these once Doug
gets them posted.

Other utilities mentioned were Quickshadow, a Gui to quickly shadow a user
and Hidecalc, a utility that automates setting reg files via adm templates
for hiding drives.  Also suggested were sysinternals.com Filemon and Regmon.

Resources for utilities
All will be posted on http://www.Dabcc.com

Contacts at Citrix for questions and suggestions on utilities:
Registry checker don.morse@xxxxxxxxxx
DSVerify david.hart@xxxxxxxxxx
MFComm VB scripts ronn.martin@xxxxxxxxxx
Connspeed doug.brown@xxxxxxxxxx or  Kevin.castelman@xxxxxxxxxx
Quickshadow ronn.martin@xxxxxxxxxx

Overall from a technical standpoint this was probably THE most useful
breakout session that was offered at the event. Once again Doug Brown and
along with David Hart did an outstanding job with this presentation. There
was standing room only at this session and Doug?s previous session on MIAB
which gives credit to the usefulness and sheer need for this type of
information and tools.  Rating: A++
The Benefits of deploying Web Applications on Citrix Metaframe Presentation
Mark Sweeney Consultant
Randall Jacques Principal Director

This breakout session left me walking away very disappointed.  While the
speakers did an excellent job the content was not as described and the
presentation was mostly a lot of sales fluff and a whole lot of statistics.
I came expecting to see some real world uses but was given basically a sales
presentation with way too many statistics.
One of the key points I got out of this presentation were some statistics on
Metaframe XP FR3 versus previous releases of the product. It was claimed
that FR3 with Speedscreen 4 is 47% faster, consumes 16% less bandwidth, and
uses 30-45% less CPU than all previous versions of the product. One other
statistic was that there is a 78% bandwidth improvement between the web
client and the full ica client. I?ll admit that even though I wasn?t
impressed with the content Mark and Randall gave an excellent presentation
and overall did a good job.  Rating: B-
After the breakouts I headed to the conference hall for the opening
reception and toast for Sponsors. David Jones in all his glory once again
kicked off the event and sponsors were given a Citrix USB key hard drive.
(At least they got something for their $75K. : ) )  I perused the conference
hall and took dozens of pn.nctures before the general attendees were let in
which are posted on http://thethethin.net/citrixse

After the opening toast I hoofed it over to the ESPN sports bar at the end
of the Boardwalk to meet up with Barry Flanagan and some of the members from
the CitrixSE mailing list group.  I only could stay for about a half hour
because I had to get back to the conference hall before the attendees were
let in but  it was great to meet some people and put some faces with names.

Back at the conference hall I hung around the Emergent Online booth handing
out thethin.net pens and EOL T-shirts and meeting hundreds of people.
Thanks again need to go to Emergent for paying my airfare and hotel costs so
that I could attend the event this year. I did get a chance to peruse the
other Sponsors booths during the opening event and will try and review what
products I can later on in this document.

After the conference hall closed I went back to my room and rested a bit,
but then I realized that I hadn?t eaten anything all day so I headed down to
Tubby?s in the Dolphin to get a snack.  On the way down I ran into Brian
Madden and Greg Reese who also realized they were hungry and they joined me.
We ended up chatting for quite some time and I didn?t get back up to my room
until about 1:30 am.  I spent a bit of time reading emails and sent Brian my
session notes for the day and finally got to bed about 2:30 am.

Day 2 Tuesday Birds of a Feather, Keynote, Breakout Sessions, Thethin.net
Thin List Shula?s Dinner

Before I get too much into writing about day 2 I want to make a comment and
pass a tip on to all of the speakers.  I am a pretty fast typist; I can type
as fast as I can read which is pretty fast!  During a presentation, if you
show a slide and I don?t even have time to type a sentence off of it, you
are talking way too fast or your slide is much too busy. I know time is
limited but slow down, use fewer slides and keep them under 10 lines. Before
you do a presentation, do a trial run in front of a mirror and time yourself
so you know how long it will take so you won?t run over and have to skip
through slides and frustrate viewers.  Also, if you ever show a slide with a
link or a registry key specification, especially if it is a long one, READ
THE LINK OUT LOUD and give the audience time to write it down! The
PowerPoint?s from the show take a long time to get up on the iForum site and
meanwhile the user is lost until then.

All right into Day 2
Amazingly enough I was up at 6:30 AM so I could make it to the Remote Access
birds of a feather breakout which ran before the Keynote.

Wireless Access Birds of a feather
David Pollen from Citrix.com
This was a discussion on using wireless. I?ll have to admit and apologize
since I was half asleep at this one and did a terrible job of taking notes,
so I can?t quite remember all what it was about.  I do remember however that
through the entire presentation he teased us with a link to a white paper
from Citrix on the subject that he promised he would give at the end of the
session, and when the end came ? no link.  I had to pipe up and ask for it
and David just said send him an email to get the link to the paper. So if
you want the link to the paper email David.pollen@xxxxxxxxxx Rating: B-

Well with lasers and booming music Mark Templeton burst onto the stage. I
thought the Keynotes this year were much more informative and upbeat than
those in previous years.  I suspect this is because Citrix listened to prior
years feedback.    I am going to point you to Brian Maddens overview of the
Keynote?s because he wrote everything I was intending to..and why reinvent
the wheel. See http://www.brianmadden.com/iforum/#39   You can also read my
raw notes from the sessions that are posted on Brian?s site at:
http://www.brianmadden.com/iforum/day2kenzig.htm I thought Mark did an
excellent job as always as the Emcee and the information was great.  The
only negatives I heard about the keynotes were from those people who left
early near the end to go to the conference hall for lunch and were held
waiting in the hall until the keynote was over and also from everyone else
who stayed and sat through the added length strengthening their bladder
control. Mark should have maybe stopped on time and shortened his final
comments to avoid confusion.
Rating: A

After a break Mark Templeton introduced Bob Kruger CTO. This is always my
favorite part of the entire show. (next to the thethin.net dinner and Steak
at Shula?s)
I love hearing about and seeing the new technology Citrix is working on.
Bob briefly went over some of the key new features in Metaframe XP Feature
Release 3 including support for Windows Terminal Server 2003, Fast
downloading of graphics and bitmaps, Improved printing support and quality,
Simplified license activation (which got a cheer), Integration with MOM,
Enhanced Resource management, Better remote server management, an updated
Management Console, and finally support for Windows XP Luna technology.
Next he described the core products of the Metaframe Access Suite, Secure
access manager (MSAM), Conferencing Manager, and password manager.  Then Bob
introduced Rich Kaplan of Microsoft

Rich Kaplan
Corporate VP of content development and delivery group (Web manager)
Rich showed a video from Microsoft CEO Steve Ballmer. In it Steve stated
that Citrix is a critical partner and one of the first ISV solutions
providers to be certified on Windows 2003.  Rich stated that over 6.8
million dollars are being spent in Research and Development at Microsoft,
said Microsoft is trying to improve the patching experience and gave a lot
of hype and statistics how much greater Windows Server 2003 is over all
their previous products.

At the end of the presentation Rich awarded Mark Templeton and Bob Kruger a
trophy for being Microsoft?s Global ISV of the Year.  Templeton held the
trophy up in a moment of triumph?reminiscent of America?s cup.

The Good Stuff!
Finally we got to the good stuff. What is Citrix working on that is new and
exciting?  The first thing Bob Kruger showed us was a streaming divx movie
video run in an ICA session.
Citrix is code-naming this technology RAVE.  RAVE uses a Citrix Virtual
Channel to perform its magic. Basically Rave is streaming video and audio
support on a Metaframe Presentation Server.  It dramatically improves audio
and video stream playback, improves bandwidth usage with multi media content
and has a minimal degradation of performance even with multiple users. The
end result a more transparent and seamless user experience.  I was
particularly happy to see this technology FINALLY as this will help sell
Citrix within my organization.

JPEG Compression
The next thing Bob showed was JPEG Compression technology. During web
browsing it provides for enhanced graphics compression and significantly
improves the performance of viewing graphical content through Metaframe. It
is supposed to improve performance of graphically intensive applications and
bandwidth usage and provide for a faster more responsive overall experience.

Follow Me Roaming Technology
This provides for enhanced control and access to the users workspace. Follow
Me automatically reconnects user to their applications as they move from one
workstation or device to another. It allows sessions to be pulled to another
device. It simplifies disconnect logoff and reconnect. Result users can
easily and quickly move between access devices. I thought this technology
was absolutely cool and it is about time.   Sun has had something like this
using their Smart Card terminals for quite some time. In our organization we
do not have a PC for every staff member, and staff works in shifts so they
may not be at the same workstation all the time and move from station to
station within the branch.  This is an ideal solution to a problem that has
been long standing. Kudos!

Unification of Metaframe Access suite
Allows you to uniformly manage the suite.
Informational dashboard and data providers
Common componentry
Unified licensing across all products
Integration with other management products and tools
Support for wider variety of authentication mechanisms

Citrix management interface
Replacement for CMC
Single point of management console for Metaframe Access Suite
Consistent look and feel for all products
Improved integration and access management
Fully integrated access infrastructure
Result: Easier for IT Admins to manage access observe operations and ensure
Licensing Generate historical reports
New Geographic view of servers

Citrix Long Term Focus?.
Improved manageability scalability and reporting of on demand enterprise
Greater usage of web services to enhance usability and integration
Increased user mobility via broader device support reliable ica traffics
state management
Enhanced secured access for B2E and B2B
Continued integration and transparency of heterogeneous platforms and

This session was loaded with information and new features.  It proves that
Citrix is continuing to innovate and take a lead in the Server Based
Computing industry and that they are committed to their customers.

Overall Rating: A+
Terminal Services and the Windows 2003 Platform
Michael Shulte
This was a business track with a lot of statistics and sales pitch.  However
there was a bit of interesting technical content concerning the discussion
of licensing that I found useful.  My notes on this session say it all and
they are posted on Brian Madden?s site at
Overall Rating: C+
Optimizing the IMA Data Store
Rene Alfonso
Mike Stringer
Global Escalation Team
This was an excellent technical session, however it was one of those that
there was so much content on the slides that I wanted to take note of but
couldn?t type fast enough to keep up with the speakers. You?ll want to look
at my notes on this one on the above link on Brian?s site and get the
PowerPoint?s when they are available for sure! Some key utilities that were
introduced here were:
Kills all open IMA connections to SQL server
Purges temporary object in TempDB
Allows for database maintenance such as consistency check

DSCheck with FR3
Validates the server farms data stores integrity
Dscheck /clean  to check consistency and fix errors

Slim Jim Utility
Removes all XP administrators to enable local admin control of  XP farm
Access to datastore required
Backup datastore prior to using!
Use on MF20.dsn file

Some recommended Hotfixes
XE102W081 contention problem when adding servers to a farm (fix for chfarm)
XE102W028  dsn file could not be loaded causing creation of database
connection to fail
XE103W2K006 adding print driver causes high CPU utilization on Data Store
server FR3
XE103W3K025 license group corruption may cause ima to hang in a starting
state FR3

Overall Rating: A+
After the IMA session I went up to the Vector suite and met Steve Kaplan and
got an autographed copy of is Windows Server 2003 and Citrix book.
While there who should walk in but Bob Kruger Citrix CTO, so I jumped at the
opportunity for a photo!
enzig%20Bob%20Kruger%20Citrix.JPG for the pic.

Next I headed down to the conference exhibit hall again to talk to more of
the sponsors. When the hall closed at 6,  I had to head to my room to rest
some before the big Thethin.net Thin List dinner at Shula?s.  The pictures
from Shula?s are at the bottom of

I must say the dinner at Shula?s was one of the highlights of the entire
forum for me.

To quote Brian Madden from his blog entry at
http://www.brianmadden.com/iforum/#42 on the dinner:

?One Liter of bottled water from the minibar: $5.00
Draft beer from the hotel bar: $6.50
Grand total of theTHIN net dinner: $1,050.00
Having 16 geeks in a closed room without anyone from Citrix for four hours:


?To me, this is the real value of these kind of events.?

 I couldn?t agree more, Brian!  I can?t say what we talked about for 4 hours
but stay tuned for a possible future  ?happening?  like no other,  from some
great minds.
Day 3
Birds of a feather
State and Local Government IT Trends
Bert Wakely

Governing Magazine Peter Harkness
Difficult to figure TCO in Govt.
State tax revenue has fallen far more sharply relative to economy than n
1980-82 and 1990-91 recessions.
While Fed dropped workers, state and local workers numbers increased.
40 BILLION in spending and 48 by 2006
Homeland Security highest budget
Centralization dominant trend
Outsourcing will increase because privacy and security are growing concerns.
Govt IT workforce is aging.
A whole lot of statistics for that early in the morning.
(Note the only time Citrix was mentioned in this presentation was when Bert
introduced himself as someone who worked for Citrix)
Overall Rating: C
Rapid Deployment of Metaframe XP FR3 on (IBM, HP) Blade Servers
Matt McGrigg  Sr. Enterprise  SE Citrix

This was a great breakout session and very informative.  Matt went at just
the right pace, knew his stuff and presented very well.  There was so much
here that I have to refer you to the notes I took on the subject, I hope you
find them useful:

Benefits of Blades
Systems Management
High Density Computing

  Web Interface
 Rapid Deployment Manager

Proliant essentials
Integrated Lights out
Blade Manager 7

Growth of the data center has led to a need for server consolidation
Blades allow more CPU power in less space
Simplified deployment

Redundancy in Blades
Hot spare blades
Memory protection
Disk mirroring
Hot swap power and cooling modules
Switch modules

Plug in new servers or power supplies on the fly
Pre configuration of the enclosure bay
Rip and replace defective blades
Modular designs
Integrate into existing data center

Server consolidation increased density
Instant deployment of new blades
Headless management
Less network and power cables
Support for next generation hardware

 -Define Requirements Lay out your plan
# of users and apps
Timetable for implementation
Hardware and SW requirements
Planned Growth

 -Test Phase
        Identify and fix potential issues with the planned MF XP Server farm 
        Done before real end users start using
  -Pilot Phase
This proving ground network design?s application compatibility and other
requirements that you identify during planning and testing phases
Included a typical sample of the actual users
Note: contrary to what Doug Brown said in his presentation that you should
use the Happy good users here,  he said to get users who are complainers for
this phase

 -Rollout Phase
        Flip the switch

Deploying MF on blades
HP has Rapid Deployment pack based on Altiris
IBM has RDM Remote Deployment Manager based on Powerquest
Most imaging software suites allow the admin to define scripts to be run on
the server after imaging

FR3 ships with Apputil
Command line util
Applications can be deployed using IM published packages
Administrator can script various different configurations

New apps can be published
Data collector preference level can be set

Blades present the opportunity to simply pull out the failing blade and
replace it with a new server blade

MF XP can then be imaged back down to the new blade

If the blade server assumes the same name it will continue to function in
the same capacity as previous server
Vendor Tools
HP Rip and Replace
Imaging console maintains DB of all the servers that it manages and knows
their physical location
Console can detect when a blade has been replaced with a new one

Runs on IBM Xservers
Simplifies and automates deployment

Rip and Replace works on Citrix MF XP Servers
Replacement server blade automatically assumes the identity and function of
removed blade
Dynamic resource allocation
On Demand resource and application provisioning
Automated Workflows
Capacity on demand
Pay as you play
Dynamic Solution ? hands off for administrator

Grid Computing - dynamically redirect users and HW to available resources
Utility Services
Processor Outsourcing
Linking data center resources
Metaframe for Napster??  Use idle processing time on workstations via peer
to peer
Endless possibilities

IBM Deploying Blade Center PDF

Tivoli Intelligent Orchestrator

IBM Director
HP Scalability and Performance


Overall Rating: A+
XP Embedded Thin Clients
Jeff Albertson

Here are the notes I took from this session which have some useful
information. Jeff did a great job of covering the different technologies.

Challenging economic environment
Task workers and knowledge workers have different needs
Knowledge workers production applications local data rich web experience
Task workers line of business apps remote data fewer web/mobility needs

Phase out of green screen terminals with limited access to windows apps

Industry Trends
Need for an end-to-end solution
 -Tight integration between client and server reduces tco

Simplicity of design
 -Ease of use training centralized mgmnt rapid deployment

High Reliability
-No moving parts high mean time between failure

Thin Clients need not imply lack of Flexibility
-Server-Based Apps
-Multimedia-Web Browsing
-Embedded Line of Business Applications
-Security, no local data can be compromised

Microsoft Thin Client Strategy
Thin Clients based on CE .Net
-Lowest cost
-All apps functionality deployed on TD
-green screen replacement and task workers
-dedicated device for access content on an intranet where data is limited to
well known formats

Thin Clients based on XP Embedded
-PC Architecture X86 devices
-Intranet/Internet applications that require IE 6 through ActiveX
-No compromise of IE 6 JVM options, streaming media solution

Enable a full solution ? devices, protocols, servers, applications, and

Windows CE .Net
Microsoft?s embedded OS platform for powering basic thin client terminals
Released April 23, 2003 V 4.2
Embedded 32 bit, real time preemptive multitasking environment
Win32 based API
 Familiar software development tools and SDKs
Highly Componentized and scalable
OS is delivered as a granular set of OS components
Hundreds of components provided in catalog
Footprint scales with Functionality Selected
Minimum OS footprint 200kB
Maximum OS Functionality: IE6, WMP, WM, etc?..

Windows XP Embedded
Based on same code as windows XP
Released in November 2003
Binary Compatibility with Windows XP Pro
Eases migration of apps and drivers
Componentized to enable footprint reduction
Choose only the components you need
Full Windows and Multimedia Support

Device Types
Line of Business Terminal  Win32 API Rich device driver coverage Best
Security/performance Richest browser multimedia

Browser terminal Rich browser multimedia low cost fast boot time

Basic Terminal  Lowest cost and footprint All App deployed via TS RDP/ICA
simplicity no moving parts

CE. Net
 Win32 API Subset supported
.Net Compact Framework
Good device driver coverage
Thin Client Device Platform
-Complete support for SBC
RDP/ICA support works across lans wans dial up isdn dsl VPN

-Cost Effective Enterprise Integration
Deployment and Mgmnt: SMS, Device Update agent, remote boot, Active
directory.      Windows app support: windows XP embedded offers full Win32
API and MS .Net Framework Support.
Windows CE .Net supports Win32 variant APIs and MS .Net Compact Framework

-Familiarity and Functionality of Windows
        IE web browsing
        IE shell and XP shell
        Functionality equivalent to the Windows Desktop Shell
        Familiar look and feel to PCs
Windows Media
   Rich set of components to enable audio and video streaming
   State of the art windows media codecs

Real time communications
  Windows Messenger
National Semiconductor
AMD Transmeta

Overall Rating: A
Meet the Citrix Architects
David Manks Sr Director Product Marketing
Tim Simmons Product Architect
Wayne Pendley Usability Architect
Brad Pedersen Chief Architect
Chris Mayers Security Architect
Terry Treder Principal Architect
Rick Feijoo Principal Software Engineer

A real opportunity for Q & A with Citrix Architects.  I wanted to knock out
the few dolts who got up and started describing problems with their farm  AT
LENGTH and asking for technical support from the architects. These people
took up the bulk of the time.   The architects  should of made it more clear
that they were not there to provide technical support for the less

The architects stressed that the SE?s get changes to product management.
They wholeheardetly endorse use of PN Agent over full Client. Check for
Security standards documents in Citrix KB.  If you ever wondered what the
Citrix Architects looked like here is a picture?they are in the order as
listed above:
Overall Rating: C but only because of the dolts who didn?t get what the
session was supposed to be for and it when on for 3 consecutive questions.
Best Practices for Policies and Profiles
Dan Allen
Mike Shafer Citrix Consulting Services

OK Here comes a bitching session from Kenzig: This was a 3-hour session. 3
hours! It was billed in the literature as ADVANCED. Nothing could be further
from the truth.  I am not faulting Dan or Mike here as they did a very good
job with the subject?except for the fact that it was a basic beginners
course on policies and profiles and not much advanced about it. You would
think with all that time available that more could be done. We all came
wanting to be at least thrown about Hybrid profiles but got nothing. (thanks
to the guys for at least mentioning thethin.net) At any rate I sat through
the first two parts of the discussion on Profiles and Policies but had to
leave before the final portion because I began to feel like I was wasting my
time and I really wanted to make one more round of the conference hall
before I left. So I admit I did not see the full presentation.

One more suggestion to Citrix?please please give us another hour in the
conference hall after the last session next time around.  Once again many
people got turned away because the hall was closed once the breakouts
finished at 4:50. Keep the hall open until 6 if possible.

My overall rating?based on the content not it being dubbed the supposed
Advanced Level: B

Anyways here are my notes from the presentation:

Profiles Discussion
A profile is a collection of settings that contain user preferences and
configurations that help shape the users desktop and environment

Profiles on W2K/W2k3
System root/documents and settings/username

Personal Files and Folders cache configuration shortcuts documents

Registry desktop settings applications settings resource config

Common Profile Folders
Temp Internet files app data my docs cookies desktop programs

Registry Component
Setttings stored in NTUser.dat hkey current user hive
Key sections Control Panel, environment, software

Profile Creation
User logon is initiated
Does the user have a profile?
No?default user profile used  Yes use profile

All Users folder added to profile to complete environment
Desktop icons and start menu icons
Users share the folders
All users immediately see changes
Lock down security?.as you want all users to have

Local Profiles
Specific to each server or workstation, stored independently
Advantages- Stable, no config, no network traffic, personal settings are
Disadvantages-No consistency, considerable local disk space consumption

Roaming Profiles
Stored Centrally, downloaded at logon and uploaded at logoff

-Advantages - minimal config, accessibility, person settings persist,
centrally stored for easy backup recover and administration

-Disadvantages-Increased network traffic, can slow logon times, limited size
control, susceptible to corruption

Mandatory Profiles
-NT 4 User Manager for Domains 2000 AD users and Computers
Use different Profiles for
Terminal Services
Read only stored on file server typically. Multiple users can share the same
Mandatory Profile.
Rename ntuser.dat to ntuser.man
-Advantages-Increases consistency, accessibility, small in size, rarely
corrupted, more secure

-Disadvantages- No persistence (can?t save changes to desktop environment)

Preferred Strategies
-Avoid local profiles
-Evaluate application requirements, do they need different settings?
-Evaluate user requirements Do settings change per user? Must they be saved?
-Plan for potential expansion  Implement one profile Solution
Use mandatory profiles if
Users do not need personal settings
Security is primary concern
Logon times are showstopper

Best Practices
-Delete locally cached profiles at logoff
-Deny logon if mandatory profile is not available
-Use policies to limit profile size exclude temp/temporary internet file
-User folder redirection ? Prevents persistence of local settings folder
(Especially My documents folder)
Forwards read and write requests to profile folders from local system to
remote system beneficial because redirected folders are not downloaded or
uploaded at logon
Redirect folders to the Users home drives
Application Data
My Documents
Favorites and Cookies
Change %userprofile% to %homedrive%%homepath%

-Use a unique profile path:
  Easier to delete profiles.  Share one location

Centrally store your profile
-Place in read-only file share
-Add a .man extension to the folder enforces the mandatory profile
-use the net logon share if possible

Multiple roaming profiles
Can be used to set separate profile shares based on the geographic location
of the server
Multiple profiles are beneficial for geographically dispersed farms because
profiles don?t span WAN links
TS Profile path - %profilepath%\%username%
W2k have to add system variable

Copy ntuser.dat to a backup directory to prevent loss of settings via a
logon script.

Policies Discussion
Tools employed by windows environment to automatically configure user
Changes to registry usually

Help restrict users access to prevent changing system settings
Restrict user activity ? deny access to run and control panel for example
Customize Application Settings ? Disable autosave in word for example
Standardize users sessions ? enforce company preferences
Customize Server settings ? set event log properties for example

Computer configuration modify hklm hive
User configuration modify the hkcu hive

NT 4.0  Policy Files
Create modified with System policy editor poledit.exe
Contains users, computers, groups
Assigned to NT 4.0 Workstations and servers
Default is stored in NTConfig.POL
Located in %logonserver%\netlogon
If exists used by all users
Change policy path and name
Set NetworkPath registry key and UpdateMode (value of 2)
Enter unc path or local drive/ add the new policy file name
Make it Reg expand SZ for network paths  like

2000 AD Group Policy Objects
Modify registry settings, apply security templates, perform software
install, enable logon logoff scripts redirect profile and home directory.
Every windows 2000 has a local GPO
Policy location systemroot\system32\GroupPolicy

Local polices apply to ALL users by default. This can be prevented for
certain groups but not recommended MS KB 293655 for how to do this
Only apply to Windows 2000 or later machines.  Receive the highest priority
Created /Modified using MMC Snapin
  Active directory users and computers
  Sites and Services
 Group Policy Objects

GPO?s are applied in a specific order
Site -  Domain ? Parent OU?s ? Object OU

If multiple GPO?s are assigned to one of the above containers the GPO that
is highest in the list takes precedence

Child containers inherit GPO settings from their parent containers

All GPO?s applied to an object determine the Effective Policy or Resultant

Inheritance settings can be controlled
Block inheritance can be enforced using No Override
No Override ignores Block the inheritance

New to 2003
Resultant set of policy RSOP
Allows the simulation of logging of policy settings that are applied to
users and computers
Create and edit using MMC
Active directory users and computers
AD Sites and services

Modify Permissions
Set GPO order
Enable disable or set policy attributes
Configure inheritance rules

Loop back Processing
By default the GPO associated with the location of the user are applied
during logon to all workstations and servers. This not optimal environment
for multiple server types
However loop back processing allows administrators to assign user specific
GPO?s to server Ous for added flexibility
Two options merger or replace
User initiates logon-Site and domain GPO?s applied-loop back enabled?-
No?users OU GPO?s are applied, user shell is launched.  Yes Merge or replace
mode?  User GPO?s associated with server OU?s and user OU?s are applied
shell is launched If  replace OU?s are replaced.

Multiple policies can be applied to multiple containers
Policies can be merged
Stored and replicated in AD
Settings are NOT permanent

NT 4.0 policies
Only one policy per server
Settings are permanent

Policies are comprised of multiple administrative templates that dictate
attributes, descriptions, values, and structure of the policies.

Pure NT 4 environment
Disable default policy
Create separate pol
Store in netlogon

Pure windows 2000 AD
Create separate OU?s for WTS
Add GPO?s with loop back enabled

Mixed Environment
Requires GPO?s and NT 4 policies
Computer policies are retrieved from GPO?s
NT 4 users cannot access User OU?s
Server will search for POL file during logon
Scenario process flow
GPO applied at startup user initiates logon, has default policy been
Modified?  NO Ntconfig.pol is applied,  Yes  New POL file is applied if

Windows 2000 server member of NT 4 domain
Retrieves computer policies from POL file during every logon, Retrieves user
policies from GPO?s assigned to the users OU,  Server OU?s are NOT
available, Loop back option is NOT available  Scenario? User logon, computer
policies are applied if POL configured User GPO?s associated with user OU
are applied,  User logs on

Final Night Party
What can I say but OUTSTANDING! I first went to the Alumni reception and
networked a little bit there and then headed over to the party.  As you can
see by the pictures I took that are at
http://thethin.net/citrixse/iforum2003day3/  everyone had a great time.
The party had a DJ, dancing girls, a magician, karaoke, lady liberty and
uncle sam on stilts as well as several other stilted people, origami
folders, mimes, artists, caricaturists, ice sculptures and lots of food and
alcohol from around the world. (even sushi)

I spent the night hooking up CEO?s from the different sponsors to Citrites
and to each other.
I can say some interesting discussions took place in these rings which of
course I can?t repeat, but it was all very cool conversation.

Wrap  Up
In wrapping all of this up I must say that it was a very worthwhile 3 days.
I noticed that there were more women there this year than previous years.
(Mark T told me to add that to get more guys to come next year *grin*)

Overall rating of the entire event A+  ? Citrix can use this quote:  ?Citrix
iForum 2003 was an outstanding event that allowed me to network with my
peers, learn about new technologies and help plan for the future of our
organization.?  - Jim Kenzig

This is part one of my review. The second part will review all of the
Sponsors that I visited at the event and highlight their new products and

Copyright 2003

Jim Kenzig
CEO The Kenzig Group
President - North East Ohio Citrix Users Group

It is not the intention of NEOCUG to Spam!
You are receiving this message because you have
attended a previous meeting of ours and have
been added to our mailing list to be notified
about future meetings.

To change options or unsubscribe from this list
use the form at the bottom of the webpages at:


Other related posts: