Enabling XenApp Administrative logs

If you have a busy XenApp farm with lots of published apps, users and administrators who have (I hope!) got delegated access – you may often want to check on who made a change, or removed a published app or affected some other settings. XenApp 7.5 Desktop Director has logging enabled by default.


It often gets over looked during setup, but the History node in the XenApp AppCentre console is all you need. If you click on it, and it’s blank – then it’s not enabled and you will need to configure it. Here’s how!


Create a  service account for the DB owner- AD or a local SQL account on the database server, documenting the account and password.

Setup a new SQL database on your preferred server. By the way  –  If you want put the logs on the same server as your Farm DataStore server, you could look in the MF20.dsn and look for the “server=” line.  Start/Run  – \\citrixserver1\C$\Program Files (x86)\Citrix\Independent Management Architecture\  – should take you to mf20.dsn.

You can use Oracle, but all customers I come across are on SQL server.

Then create the database with a suitable name – eg xenapplog and assign the service account as the DB Owner.

Now – login to a DataCollector in your Citrix Farm. Right click on the farm name, and go to Farm Properties and click on Configuration Logging.


Then click on Configure Database.


Enter the name of the database server, the authentication mode and the service account details.


Then select the database you created from the list.


Unless your database  uses encryption, select No for Use Encryption. Click Next.


Then click on Test Database Connection – OK, then Finish.


The only other option is to secure the delete options – by ticking the box for “Require Admin to enter database credentials before clearing log”. You did record that account password didn’t you?


Click on Get Log – and recent changes should start to appear. You can also amend the columns and set Filters for tasks and data range if looking to narrow down the search for changes.


So, a very useful addition to the console, and easy to setup. Happy Logging!

ShareFile Enterprise – to Mobility and beyond!

With so many customers looking at ShareFile I often get asked how it works and where does the data get saved and sync’d. In this blog, I will give you a quick overview of ShareFile Enterprise and some of the useful tools you can use for accessing, sharing and syncing your files and data to a secure location in your data centre.

ShareFile is a Citrix product that competes directly with Dropbox, Google Drive and other online file sync tools of which there are now dozens available – all with cloud storage, some with on premise and varying security standards. With ShareFile you can store data in the cloud and in your data centre as well as getting access to your existing file server resources and NAS drives in your secure network.  For full details, check out the Citrix web site – but here is a quick overview for now. 


The StorageZone Controller provides users with secure access to SharePoint document libraries and network file drives through Storage Zones Connectors. Users log onto ShareFile from their mobile device and retrieve a list of enterprise data repositories, which may include network drives and SharePoint document libraries.

After choosing an enterprise resource, the user authenticates with the StorageZone Controller using their company credentials, and is then able to enumerate and securely transfer files between the mobile device and the customer data center.



All  folders here – except Internal NovoShare – are hosted on Citrix ShareFile cloud. We have a 20gb cloud store. By default, all users’ folders are on the internal storage.

The Internal NovoShare is an iSCSI attached NAS with 3TB data available to staff. This is called a StorageZone, and runs on an internal Windows 2008 R2 server and gives our users about 20Gb each.


Being ISO certified, all our key data resides in a secure data center with very controlled access. Only our BCP documents would be stored in the Citrix cloud for emergencies.

Below – Connectors – links into your existing NTFS shares and SharePoint document repositories. New connectors can link into DropBox and other storage to enable migration or two way collaboration.


All of these folders are residing in our secure hosted data center. None of the files get sent to the Citrix Cloud – which only acts as a broker and authentication.

Single Sign-On from AD

Logging into the MDM portal on a browser, allows you to click on ShareFile – and seamlessly login to the ShareFile web site.


SAML single sign-on can also be enabled for using the /SAML/login extension to the normal web portal.

Outlook Plugin






This is very useful and allows files to be attached easily from ShareFile –  and to attach new files, that are then sent into ShareFile instead of emailed to multiple recipients.

Desktop Widget

Allows you to browse into your files and folders from a Windows/Mac desktop.


Sync Tool

Sync Tools allows you to sync local folders up to your ShareFile storage.


So, if your local laptop drive is encrypted as it should be , you can sync all or some of the data files to the Sharefile cloud folders.

Citrix World Wide ShareFile


Citrix ShareFile uses a “Control Plane” – sharefile.com and sharefile.eu, are used for broker authentication and location of data when hosted.  For example, European customers can choose to have the data in .eu. The Control Plane provides users with a list of files and folders, but doesn’t hold them in the Citrix cloud if they are onsite – instead, the device is directed to the on premise store.


Guest users and other contacts can be given access to shares and files very easily for single download or time restricted periods. FTP service? – no problem. Customizing your web portal is also very easy and provides a nice familiar interface for users. Various administrative rights can be delegated, and folder permissions granted so you can allow other users to control access and content.

ShareFile Enterprise is available as a separate product. However, if you are also considering an enterprise mobile device management (MDM) solution  Citrix XenMobile Enterprise includes ShareFile Enterprise for just a few dollars more than ShareFile on its own. Definitely worth checking that out. Free 30 days trial also available on request.


Some useful links:

Main product information


ShareFile for Health




Choose where data is stored


XenDesktop & XenApp 7.5 – time to get planning!

Time is moving on for the current XenApp 6.5 platform with only some two years left to go on the standard Life Cycle, that will come around sooner than you think.

There are many things to consider when moving to a new XenApp platform, not least of all changes in operating systems, application compatibility and printing (as always). Since my early days of working on MetaFrame 3, Citrix has been promising reduced management overheads, fewer consoles and better support for mixed OS environments. However, while they did do away with the old Citrix Management Console eventually, you were still left with Web Interface, Licensing and AppCentre to manage different parts of your environment. Then of course XenDesktop came along and brought new consoles, new management protocols and another database – and a StoreFront. Nearly forgot –  a Provisioning Server farm, console and database just to keep you on your toes!

My previous blog post on AppDNA touched on the challenge of making applications compatible with new desktop and server operating systems. But what about the management challenge of hosting virtual desktops, shared desktops and publishing your applications?

Citrix has been working hard on that chestnut for a couple of years and the recent launch of XenDesktop/XenApp 7.5 now provides administrators with the ability to manage and deploy various operating systems and applications from a more unified console, namely Citrix Studio.

Key to this new platform is the FlexCast Management Architecture, or FMA. FlexCast was previously used in licensing terms only. For nearly twenty years now Citrix Presentation Server based products including XenApp 6.5 have relied on IMA – Independent Management Architecture for the underlying farm communications, load balancing, policies, and admin etc etc. A tried and tested product, many millions of users have been relying on IMA all over the world for application and desktop delivery.

Here are a few of the new terms to get your head around –

Instead of this in XenApp 6

Think of this in XenApp 7

Independent Management Architecture (IMA)

FlexCast Management Architecture (FMA)


Delivery Site

Worker Group

Session Machine Catalog, Delivery Group


Virtual Delivery Agent, Server OS Machine

Desktop OS Machine

Zone and Data Collector

Delivery Controller

Delivery Services Console

Citrix Studio and Citrix Director

Publishing applications

Delivering applications

Data store


Load Evaluator

Load Management Policy


Delegated Administrator Role

(Source, XenApp eDocs – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-75/cds-previous-xa-admins.html )

FMA however introduces some new capabilities that IMA could not deliver. The main being the ability to deploy the Citrix Virtual Desktop Agent (VDA) to both Windows desktop operating systems, and servers –  and manage both in the same place. Think about that for a second. No more multiple farms with different version of Windows and XenApp. A single console where you manage desktops, machine images and applications. You can even use the VDA on physical PCs – useful for administrator or power users with heavy graphics and connect directly with HDX.

Key Components:


Of course, with change – there are some things that are no longer. User Shadowing, Oracle Database support, SSO for Win 8.1/2012, Local Text Echo, Legacy Printing (XP/DOS clients) –  are no longer supported. Secure Gateway, still in use by some customers, is no longer supported and customers are advised to move to NetScaler Gateway as a replacement for remote access. Web Interface is still supported but customers are also expected to migrate to StoreFront with Web Interface having a limited shelf life and no further development.

So get planning! A two year window to get all your old x32 or 16 bit applications tested, upgraded or redeveloped is really not very long. Some will be easier than others. With an AppV now bundled, you could give that a try or look at Unidesk. Licensing, print strategy, remote access and your hyper visor platform all need careful consideration. I’ll be looking into those in more depth in my next few blogs.

Useful Links:

XenApp 7.5 and XenDesktop 7.5

XenApp/Desktop 7.5 – Not supported

XenApp Support Matrix


Citrix AppDNA – analyzing your apps for those new OS deployments.

Upgrading a Citrix farm from one operating system to another has always been a difficult task to manage particularly if you have a stack of applications that have been developed for an older operating system. Neither Microsoft of Citrix support “in place” upgrade for terminal servers – so you must deploy new server OS and new Citrix platform to move up to the latest system. New servers, new Citrix, new profiles, new printers ..and potentially new applications.

Getting your apps to work on a new OS is often the biggest headache in a Citrix migration. This may be because your internal application team or third party developed the apps for your business on tools that were current at the time – but pretty useless now. If they developed them on Windows XP or Server 2003 – it’s very likely they won’t run at all on Windows 8 or Server 2012 R2. Various changes to Windows security and kernel access on 2008 R2 and 2012 mean that these older apps will fail at the first hurdle on any x64 OS. The same challenge exists if you want to move from Windows XP to Windows 7 or 8, and if you want to go for a VDI solution like Citrix XenDesktop or VMware View.

This is not the same challenge as deploying the application. Using tools like AppV or Citrix Streaming, or Unidesk doesn’t get around the problem of the application not working on the platform. These tools help with deployment – not compatibility if the application doesn’t work.

This is a big challenge for companies with a large set of applications. Hospitals, councils and other government department have hundreds of applications. Some private sector companies with lots of staff and specialist manufacturing systems have apps written by staff that may have left years ago – but the business relies on those applications for critical processes. I know of one customer who is still running Windows NT 4 and Citrix MetaFrame 1.8 because of this very issue. They also have Windows Server 2000 and 2003 with Citrix XP and PS4. The apps are written as 16 bit. The systems are years out of support – but they can’t migrate the applications – they just don’t run. They have a XenApp 6.5 farm on 2008 – but can’t deploy the apps.  The risk to the business is running aging applications on old server platforms with no support, poor recovery methods and lack of best practice and security. With little or no chance or being updated  – without massive cost just to evaluate the code.

So what do you do? You could take the application and ask one of your developers (if you have one) to dissect the code, tell you what’s wrong and then fix it. This could take weeks depending on the code and your developer’s knowledge of an app he didn’t write, in a language he’s never used. There is a good chance something will be missed. You could engage an external developer to look at the app and the code, and give you a quote for rewriting it. That could also take weeks, and be very expensive – per application. Multiply that across your entire application list and you could be looking at a substantial outlay to get your applications up to Windows 8 and Server 2012 standards.

The Citrix answer to this challenge is AppDNA. AppDNA “reduces the amount of testing needed for applications and provides detailed information that can be used as the basis for the overall testing plan when migrating”.


AppDNA – Windows 8 overview. Five applications analysed, one needs re-written, others need some work and two are good to go.

This is a powerful analysis tool that can take your application installer MSI, capture or AppV package and deploy it through a virtual machine template and pull together all the changes, DLL’s, registry and system security changes that are required to get it installed. The AppDNA server is then able to compare this to various target operating systems that you want to migrate to – and provide you with a very detailed breakdown of the applications requirements and what’s needed to get it over to the new OS. Newer applications may only require a few changes.

Older applications may require complete re-write. Either way , the system reports this back in minutes – not days or weeks. Inject a several more application into the system and you could easily have an estimate of the work involved in updating or re-writing  your critical applications. Web sites can also be targeted to report back on browser compatibility using user simulation and a web spider tool. Using an easy to follow Red, Amber,Green traffic light system – management reports and effort calculations can be provided.

The latest 7.5 version is available for download and trial, bundled with Platinum Edition, and includes integration with XenServer, VSphere and Hyper-V as well as VMware Workstation. As a Citrix engineer I can see this being a very useful tool and could drastically reduce the time, effort and cost involved in application migration to the latest server and desktop operating systems. Still, I’m glad I’m not a developer!

Some sample reports:




AppDNA – Over View


Citrix TV – AppDNA


Creating A User Agreement Policy for XenMobile Users

Getting users to agree to security policies is tricky enough at the best of times. It’s one thing to say your managing devices – but do your users agree to how you do it, how you monitor their use of the device and access to your corporate data? We could spend a lot more time discussing that question – but for now, lets get a basic agreement in place for smartphones and tablets. Make sure you run it past HR and that you are quoting the correct IT policies and terms of use. You should have these in place for PC and laptops already.

Notices are pushed out from the XenMobile server using a combination of a simple PDF document and a Deployment package targeted at a group of users or mobile devices. Inserting the Notice to a Base Package will ensure all devices get it on enrollment.

There are three main steps to deploying the notice:

  • Create Security Notice document
  • Deploy to test user/group
  • Deploy in live package

First, start by creating your security or user agreement notice – bearing in mind the size of the device screen. For example, A5 is well suited to 9/10” tablet devices. Include your company logo or letter heading to brand and make it look official.

Save the document as a PDF to your local PC. Then go into the MDM Console.


In the Files tab, click on New File – upload the document.


Select the document, and tick the button for Term and Conditions PDF – and Default if required.


Then go to the Deployment tab. Select a Base Package – select Files, and use “>” to add to Resources to Deploy.


You can then deploy the Package. New devices should now get prompted with the notice on enrollment.

Once in place, you can then use the Reporting tab and get feedback on who has accepted the policy using the Terms and Conditions report.


Session Printers in XenApp 6.5

Citrix has several ways to enable printers in user’s sessions including network print server based printers. These are called Session Printers and are configured in the Policies node in the Citrix AppCentre Management console.

Printers can also be mapped using a login script or Vb-script. In this case, all the print server drivers for individual printers need install on the XenApp server of PVS image. Printers mapped in scripts are outside of the control of Citrix Policies and management.

By Using Citrix Policies, administrators have more control over when and how printers are made available.

For example, a set of Printer Policies filtered by IP Subnets could be used to enable roaming printers on mobile devices or laptops. Users would then find printers in session that are close to the department they are working in at the time. Other filters include Groups/Users and client device names.

So, you could have a Policy that is enabled by “IPAD*” for example where all devices called IPAD will get that policy – and enabled printers and other settings.

Client connected printers (not addressed here) are either locally attached OR may be mapped network printers on a PC or Mac client machine. These can be controlled in Citrix AppCentre Management and are known as Client Connected printers.

Citrix XenApp servers can use server printers in two ways:

  • Citrix Universal Print Server (requires UPS server and client install, on XenApp media).
  • Native Manufacturers Printer driver.

To install a native driver

  • login as an admin to the XenApp server.
  • browse the print server and find the printer (must have x64 drivers).
  • double click and install the printer as normal.
  • then delete the printer from the Control Panel/Devices and Printers – leaving the driver installed.

Creating a Policy with Session Printers

The three steps you need to enable Session printers are:

Create a new User Policy

Under Policies – select the User tab, and click on New – or edit an existing policy. Givr your policy a name.

Assign the Session Printers

Go to Settings and look for Printers

Click on Add/Edit at Session Printers – when prompted type the name of the print server – and browse the servers printers – select the printer you need.

Add in other printers if required – you can also set the Default printer as shown above.

Filter by AD User Group

Click on the item you want to use as the filter – for example, User of Group.

You should then test the policy by using a suitable test account or known user. If the UPS service is compatible with the printer – the device should be shown as an available printer in the users session and applications.


  • Citrix UPS is not compatible with manufacturers Universal Drivers.
  • If the Citrix UPS Driver does not print to the device – the native driver will need to be installed. The server policy should be set to “fallback” to native in this case.
  • Some printer drivers may not be Citrix ready. It is recommended to check the vendors support or documentation regarding suitable models and drivers.

Some manufacturers support references:

HP Supported Printers in XenApp


Ricoh Terminal and Citrix supported printers








What’s up at Synergy 2014?

If you have never been to a Citrix Synergy event – Synergy is the best conference for Citrix engineers, sales and geeks everywhere. The event used to be held in both the USA and Europe until Citrix split up the event in the EU to 4-5 separate product days instead.

As you can imagine, the whole event is about the many great products in the Citrix portfolio. This has changed somewhat since my first one ten years ago when it was nearly all about Presentation Server, some remote access, best practice for terminal servers and what thin client worked best.

Today, the event is a very busy and full featured show with many industry leading products like XenDesktop, ShareFile, XenMobile, AppDNA and Netscaler being just a few.

In fact, the tricky part is fitting in everything you want to see in the three days. Along with experts on the various products and real customer experiences, you can also indulge in technical labs and even have a crack at some certifications in between sessions.

This year promises a feast of information and best practice for anyone interested in Mobility. With product like ShareFile, Worx Mail not to mention XenMobile taking up many of the sessions. There are also a load of specialist breakout sessions focused on specific technologies from real live customers and partners. You can catch me at 1630 pm on Thursday 8th May talking about XenMobile use cases.

I’m looking forward to some exciting demos from Brad Peterson – why do his demos always work?

What’s that? You can’t make it to LA? Don’t worry you can catch up on all the best sessions and demos at Citrix TV.