PVS5.6 AdminGuide

Administrator's Guide

Citrix® Provisioning Services™ 5.6 SP1October 2010Revision 1

Provisioning Services: Copyright and Trademark NoticesUse of the product documented herein is subject to your prior acceptance of the End User License Agreement. Aprintable copy of the End User License Agreement is included with your installation media.

Information in this document is subject to change without notice. Companies, names, and data used in examples hereinare fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by anymeans, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.

© 2010 Citrix Systems, Inc. All rights reserved.

The following are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in theUnited States Patent and Trademark Office and in other countries:

Branch Repeater™, Citrix®, Citrix Access Essentials™, Citrix Access Gateway™, Citrix DesktopReceiver™, Citrix Desktop Server™, Citrix EasyCall™, Citrix Essentials™, Citrix MerchandisingServer™, Citrix Provisioning Server™, Citrix Receiver™, Citrix Repeater™, Citrix StreamingServer™, Citrix Subscription Advantage™, Citrix Workflow Studio™, Citrix XenApp™, Dazzle™,EdgeSight®,HDX™, ICA®, NetScaler®,Request Switching®, StorageLink™, VPX™, WANScaler™,XenDesktop™, XenServer™, Xen Data Center™, Xen Source™

All other trademarks and registered trademarks are the property of their respective owners.

Document code: October 19 2010 13:03:25

Contents

1 Provisioning Services Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Provisioning Services Streaming Technology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Provisioning Services Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Provisioning Services Editions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Product Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Benefits and Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Benefits for XenApp and other Server Farm Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . .18Benefits for Desktop Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Software-Streaming Process Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Provisioning Services Product Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Provisioning Services Farm Hierarchy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21Farms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22Device Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Additional Provisioning Services' Product Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Provisioning Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Provisioning Services Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26Device Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27Network Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Product Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28Provisioning Services Administrator Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28Provisioning Services and Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Provisioning Services Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29Getting Service and Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30Getting the Subscription Advantage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31Locating the Citrix Developer Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

iii

Participating in Citrix Education and Training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

2 Product Technology Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33Getting the Boot Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

Network Booting a Target Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34Booting From an Optional Boot Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

Provisioning Services vDisk Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Standard Image Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36Private Image Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37Difference Disk Image Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

Write Cache Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39Cache on a Server Disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39Cache in Device RAM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39Cache on Device Hard Drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

3 Using the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41Starting the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42Understanding the Console Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Using the Console Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42Basic Tree Hierarchy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42Using the Details View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43Common Action Menu Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

Performing Tasks in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44Action menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44Right-click (context) Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45Using Drag-and-Drop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45Using Copy and Paste. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Using Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

4 Managing Farms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47Configuring the Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Configuration Wizard Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48Starting the Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49Network Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49Identify the Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50Identify the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51Create a New Store for a New Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52Identify the Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52Select the License Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Contents

iv

Configure User Account Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Select network cards for the Stream Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Configure Bootstrap Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Running the Configuration Wizard Silently. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Prerequisite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57To Create the ConfigWizard.ans File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57To Copy and Modify the ConfigWizard.ans File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57To Run the ConfigWizard.exe Silently. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Farm Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Groups Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59Licensing Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Farm Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Farm Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Connecting to a Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61Managing Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Creating Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Site Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63MAK Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

5 Managing Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65Creating Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66Site Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67MAK Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67Options Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

6 Managing Administrative Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69Managing Farm Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Managing Site Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71Managing Device Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Managing Device Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72


v

7 Managing Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Store Administrative Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75Store Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75Paths Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76Servers Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

Store Configuration and Management Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77Working with Managed Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

Prerequisites and Supported Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79Using the Store Management Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81

8 Managing Provisioning Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83Provisioning Servers in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84Provisioning Server Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Provisioning Server Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Adding Additional Provisioning Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Copying and Pasting Provisioning Server Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94Marking a Provisioning Server as Down. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94Deleting a Provisioning Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94Starting, Stopping, or Restarting Provisioning Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95Showing Provisioning Server Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96Balancing the Target Device Load on Provisioning Servers. . . . . . . . . . . . . . . . . . . . . . . . . . .97Checking for Provisioning Server vDisk Access Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . .98Configuring Provisioning Servers Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Re-Running the Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98Starting and Configuring the Stream Service Manually. . . . . . . . . . . . . . . . . . . . . . . . . . .99

9 Managing vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101vDisks in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101vDisk Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103General Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105Mode Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Contents

vi

Identification Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106Microsoft Volume Licensing Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107Options Tab for vDisk file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Managing vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108Using the Imaging Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109Creating and Formatting a New vDisk File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110

To create a new vDisk file in the database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111To format a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111To unmount a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Create and Assign a Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113To create a target device entry in the database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113To assign a vDisk to a target device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Building the vDisk Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Imaging Windows Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114Imaging Linux Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Building a Common Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115Building the Common Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Configuring the Master Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116Exporting Specific Data Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116Booting the Master Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117Adding Additional Target Devices to the Common Image. . . . . . . . . . . . . . . . . . . . . . .117

Configuring vDisk Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Adding Existing vDisks to a vDisk Pool or Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119Viewing vDisk Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

View target device connections to a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Releasing vDisk Locks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Unassigning vDisks from Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121Deleting a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121Deleting Cache on a Difference Disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Copying vDisks to Different Locations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122Copying and Pasting vDisk Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Backing Up a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Choosing a vDisk Update Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Automatically Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124Incrementally Updating vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127Rolling Back vDisk Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Using Maintenance Utilities with a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130


vii

Working with Physical Disks and vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130Configuring a vDisk for Microsoft Volume Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130

10 Managing Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131Target Device Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132vDisk Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133Personality Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134Authentication Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135Status Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136Logging tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Target Device Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137Preparing a Master Target Device for Imaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Preparing the Master Target Device's hard disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138Configuring a Master Target Device's BIOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138Installing Master Target Device software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140To install Provisioning Services target device software on a Windows device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140To install Provisioning Services target device software on a Linux device. . . . . 141

Adding Target Devices to the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142Using the Console to Manually Create Target Device Entries. . . . . . . . . . . . . . . . . .142Importing Target Devices Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Using the Auto-Add Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143Assigning vDisks to Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145Set the Target Device as the Template for this Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . .146Copy and Paste Target Device Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146Booting Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146Checking a Target Device's Status from the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147Sending Messages to Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147Disabling a Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Deleting Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148Shutting Down Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148Restarting Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148Moving Target Devices Between Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Using the Status Tray on a Target Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Starting the Virtual Disk Status Tray. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149Setting Virtual Disk Status Tray Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150

Managing Target Device Personality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150Define personality data from a single target device using the Console. . . . . . . . .151

Contents

viii

Define personality data for multiple target device using the Console. . . . . . . . . . .151Using Target Device Personality Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152

11 Managing Device Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155Device Collection Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156Security Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156Auto-Add Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159

Device Collection Management Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159Creating a Device Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160Importing Target Devices into a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160Deleting a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161Refreshing a Collection in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162Booting Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162Restarting Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162Shutdown Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162Sending Messages to Target Devices within a Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . .163Moving Collections within a Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163Managing Microsoft KMS Volume Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Preparing the New Base vDisk Image for KMS Volume Licensing. . . . . . . . . . . . .164Maintaining or Upgrading a vDisk Image that Uses KMS Volume Licensing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

Managing Microsoft MAK Volume Licensing on Target Devices. . . . . . . . . . . . . . . . . . . . .165

12 Managing User Assigned vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169User Group Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171vDisks Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171

Managing User Group vDisk Assignments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171Enabling or Disabling User Group Management for a Collection. . . . . . . . . . . . . . . . . . . .172Creating a User Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172Enabling or Disabling User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173Deleting User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173Assigning a vDisk to a User Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173Unassigning User Groups From vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173

13 Managing Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175View Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176


ix

General Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176Members Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176

Managing Views in the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176Creating a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177Pasting Device Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177Deleting a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Refreshing a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Booting Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Restarting Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Shutdown Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178Sending Messages to Target Devices within a View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179

14 Managing Network Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181Preparing Network Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182

Switch Manufacturers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182Using UNC Names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182

Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183Accessing a Remote Network Share. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183

Reducing Network Utilization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184Configuring Windows features on a Standard vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185Configuring the Recycle Bin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185Configuring Offline Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185Configuring Event Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186Configuring System Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187Configuring Logical Prefetch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187Configuring Automatic Disk Defragmentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187Disabling Windows Automatic Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187

Managing Roaming User Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188Configuring Roaming User Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189Configuring Folder Redirection with Roaming User Profiles. . . . . . . . . . . . . . . . . . . . . . . . .189Disabling Offline Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

Booting Through a Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191Configuring for DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192Configuring the Provisioning Services for PXE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192Running PXE and DHCP on the Same Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192

Updating NIC Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193Upgrading NIC Drivers on Target Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193Upgrading NIC Drivers on a Provisioning Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Managing and Accessing a LUN Without Using a Network Share. . . . . . . . . . . . . . . . . . . . . . . .194

Contents

x

Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195Modifying vDisk Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

15 Managing for Highly Available Implementations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199Offline Database Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200Enabling Offline Database Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

Database Mirroring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201Enabling mirroring when configuring a new farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202Enabling Mirroring Within an Existing Farm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

High Availability Option Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203HA Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204HA Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204Configuring the Boot File for HA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205

Adding Provisioning Servers to the boot file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205Adding Login Servers using the Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . .205Adding Login Servers Using the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Enabling HA on vDisks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207Providing Provisioning Servers Access to Stores. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208Configuring HA with Shared Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208

Windows Shared-Storage Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208Creating Stream-Service Account Credentials on the Domain Controller . . . . .209Assigning Stream-Service Account Credentials Manually. . . . . . . . . . . . . . . . . . . . . .209Configuring HA Storage Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210SAN Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

Disabling Write Cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211Testing HA Failover. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

16 Managing Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213Active Directory Integration Prerequistes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214Managing Domain Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214

Password Management Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215Enabling Domain Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215

Enabling Machine Account Password Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216Enabling Automatic Password Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216

Managing Domain Computer Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216Supporting Cross-Forest Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217


xi

Giving Access to Users from Another Domain Provisioning Services AdministratorPrivileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217Adding Target Devices to a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218Removing Target Devices From a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218Reset Computer Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218

17 Managing Bootstrap Files and Boot Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221Configuring the Bootstrap File From the Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222

Configuring the Bootstrap File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224Using the Manage Boot Devices Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226

Configuring Boot Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227

18 Managing Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231Installing Printers on a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Enabling or Disabling Printers on a vDisk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Methods for Enabling Printers on a vDisk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233

Enabling printers for target devices using the Printer Settings option . . . . . . . . . . . . . . .234Enabling printers for target devices using the Printers group folder. . . . . . . . . . . . . . . . .234Enabling printers using Copy and Paste. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235Enabling printers using an existing target device as a template. . . . . . . . . . . . . . . . . . . . .235

Enabling the Printer Management Feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235

19 Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237Configuring Provisioning Server Log Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238Configuring Target Device Log Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239Log Files and Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240

Log File Location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240Log File Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241

20 Auditing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243Enabling Auditing Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245Accessing Auditing Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245Archiving Audit Trail Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .248

21 Managing Multiple Network Interface Cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249Requirements and Considerations for Manufacturer's NIC Teaming. . . . . . . . . . . . . . . . . . . . . .250Requirements and Considerations for Provisioning Services NIC Failover. . . . . . . . . . . . . . .250

Contents

xii

22 Installing and Configuring Embedded Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254Installing Embedded Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254Un-installing an Embedded Target Device Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255Windows XP Embedded Build Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255Setting Up Embedded Target Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Glossary...............................................................................................261


xiii

Contents

xiv

Chapter 1

Provisioning Services Product Overview

Topics:• Benefits and Features

• Software-Streaming ProcessOverview

• Provisioning ServicesProduct Infrastructure

• Additional ProvisioningServices' ProductComponents

• Product Utilities

• Provisioning ServicesAdministrator Roles

• Provisioning Services andResources

Most enterprises struggle to keep up with the proliferationand management of computers in their environment. Eachcomputer, whether it is a desktop PC, a server in a datacenter, or a kiosk-type device, must be managed as anindividual entity. The benefits of distributed processing comeat the cost of distributed management. It costs time andmoney to set up, update, support and ultimatelydecommission each computer. The initial cost of the machineis often dwarfed by operational costs.

Over the years, various software solutions have been offeredthat are designed to address the operational challenges facedby IT organizations. For example:

w Imaging solutions allow backup and duplication of existingmachines.

w Distribution tools can automate many of the tasks requiredto install and upgrade software across many computers.

w Simplifies the management of the end points by removingmost software and processing locally.

Each of these approaches has benefits and limitations.Provisioning Services takes a very different approach byfundamentally changing the relationship between hardwareand the software that runs on it. By streaming a single shareddisk image rather than copying images to individual machines,Provisioning Services enables organizations to reduce thenumber of systems that they manage, even as the number ofcomputers continues to grow. This solution simultaneouslyprovides the efficiencies of a centrally managed solution withthe benefits of distributed processing.

Provisioning ServicesStreaming TechnologyProvisioning Services streaming technology allows computersto be provisioned and re-provisioned in real-time from a singleshared-disk image. In doing so, administrators can completelyeliminate the need to manage and patch individual systems.Instead, all image management is done on the master image.The local hard-disk drive of each system may be used for

15

runtime data caching or, in some scenarios, removed from thesystem entirely, which reduces power usage, system failurerates, and security risks.

Provisioning ServicesSolutionThe Provisioning-Services solution’s infrastructure is based onsoftware-streaming technology. Using Provisioning Services,administrators prepare a device (master target device) forimaging by installing any required software on that device. AvDisk image is then created from the master target device’shard drive and saved to the network (on a Provisioning Serveror storage device).

Once the vDisk is available from the network, the targetdevice no longer needs its local hard drive to operate; it bootsdirectly across the network. The Provisioning Server streamsthe contents of the vDisk to the target device on demand, inreal time. The target device behaves as if it is running fromits local drive. Unlike thin-client technology, processing takesplace on the target device.

Provisioning ServicesEditionsThe Provisioning Server editions you can choose from include:

w Provisioning Services for Datacenters

w Provisioning Services for Desktops

Note:The ability to create an embedded target devices issupported in either edition.

A single Provisioning Server can stream to both data centerand desktop target devices.

Product LicensesProduct licenses are issued based on the product edition thatyou choose. For Citrix product licensing documentation, open

Chapter 1 Provisioning Services Product Overview

16

the Citrix Knowledge Center, then select Licensing under theKnowledge Resources section.


17

Benefits and FeaturesThere are many benefits associated with using vDisks as opposed to hard drives. One ofthose benefits includes not having to install software on each target device within afarm. Instead, when booting, software is dynamically assigned to the target device bythe Provisioning Server. This allows a target device to completely change theiroperating systems and application stack, in the time it takes to reboot.

Using Provisioning Services, any vDisk can be configured in Standard Image mode. AvDisk in Standard Image mode allows many computers to boot from it simultaneously;greatly reducing the number of images that must be maintained and the amount ofstorage that would be required. The vDisk is in read-only format and the image can notbe changed by target devices.

Benefits for XenApp and other Server FarmAdministrators

If you manage pool of servers that work as a farm, such as XenApp servers or webservers, maintaining a uniform patch level on your servers can be difficult and timeconsuming. With traditional imaging solutions you start out with a pristine goldenmaster image, but as soon as a server is build up with it, you now must patch theindividual server along with all of the others. Rolling patches out to individual serversin your farm is not only inefficient, but it can also be unreliable. Patches often fail onan individual server and you may not realize you have a problem until users startcomplaining or the server has an outage. Once that happens, getting the server backinto sync with the rest of the farm can be challenging and sometimes it can require afull re-imaging of the machine.

With Provisioning Services, patch management for server farms is simple and reliable.You start out managing your golden image and you continue to manage that singlegolden image. All patching is done in one place and then streamed to your serverswhen they boot-up. Server build consistency is assured because all your servers areusing a single shared copy of the disk image. If a server becomes corrupted, simplyreboot it and it's instantly back to the known good state of your master image.Upgrades are extremely fast. Once you have your updated image ready for productionyou simply assign the new image version to the servers and reboot them. In the time ittakes them to reboot you can deploy the new image to any number of servers. Just asimportantly, roll-backs can be done in the same manner so problems with new imageswill not take your servers or your users out of commission for an extended period of time.

Benefits for Desktop AdministratorsAs part of XenDesktop, desktop administrators have the ability to use ProvisioningServices' streaming technology to simplify, consolidate, and reduce the costs of bothphysical and virtual desktop delivery. Many organizations are beginning to exploredesktop virtualization. While virtualization addresses many of the consolidation andsimplified management needs of IT, deploying it also requires deployment of supporting


18

infrastructure. Without Provisioning Services, storage costs can put desktopvirtualization out of the budget. With Provisioning Services, IT can reduce the amountof storage required for VDI by as much as 90%. At the same time the ability to managea single image rather than hundreds or thousands of desktops significantly reduces thecost, effort, and complexity for desktop administration.

Not all desktops applications or user groups can be supported by virtual desktops. Forthese scenarios, Provisioning Services IT can still reap the benefits of consolidation andsingle image management. Desktop images are stored and managed centrally in thedatacenter and streamed out to physical desktops on demand. This model worksparticularly well for standardized desktops such as those in lab and trainingenvironments, call centers, and "thin client" devices used to access virtual desktops.

Software-Streaming Process OverviewProvisioning Services provides all of the tools you need to bring software-streamingtechnology to your computing environment. After installing and configuring ProvisioningServices components, a vDisk is created from a device’s hard drive by taking a snapshotof the OS and application image, and then storing that image as a vDisk file on thenetwork. A device that is used during this process is referred to as a Master targetdevice. The devices that use those vDisks are called target devices.

vDisks can exist on a Provisioning Server, file share, or in larger deployments, on astorage system that the Provisioning Server can communicate with (iSCSI, SAN, NAS,and CIFS).

When a target device is turned on, it is set to boot from the network and tocommunicate with a Provisioning Server (refer to Step 1 in the illustration that follows).


19

The target device downloads the boot file from a Provisioning Server (refer to Step 2),and then the target device boots. Based on the device boot configuration settings, theappropriate vDisk is located, then mounted on the Streaming Server (refer to step 3).The software on that vDisk is streamed to the target device as needed. To the targetdevice, it appears like a regular hard drive to the system.

Instead of immediately pulling all the vDisk contents down to the target device (asdone with traditional or imaging deployment solutions), the data is brought across thenetwork in real-time, as needed. This approach allows a target device to get acompletely new operating system and set of software in the time it takes to reboot,without requiring a visit to a workstation. This approach dramatically decreases theamount of network bandwidth required by traditional disk imaging tools; making itpossible to support a larger number of target devices on your network withoutimpacting overall network performance.

vDisks can be assigned to a single target device as Private Image Mode, or to multipletarget devices as Standard Image Mode.

Provisioning Services Product InfrastructureThe infrastructure design includes a hierarchy that directly relates to administrativeroles within a Provisioning Services farm.


20

The graphic that follows provides a high-level view of the Provisioning Servicesinfrastructure and illustrates how Provisioning Services components might appearwithin that implementation.

Provisioning Services Farm HierarchyThe farm hierarchy consists of the following major levels:

w Farms on page 21

w Sites on page 22

w Device Collections on page 22

For each major component level, administrative roles exists.

FarmsA farm represents the top level of a Provisioning Services infrastructure. Farms providea Farm administrator with a method of representing, defining, and managing logicalgroups of Provisioning Services components into sites.

All sites within a farm share that farm’s Microsoft SQL database. A farm also includes aCitrix License Server, local or network shared storage, and collections of target devices.

In the Console window, administrators select the farm that they want to manage orview. Sample tasks that are specific to a farm can include managing:

w Farm configurations

w Product licensing

w High Availability configurations


21

w Active Directory configurations

w User Groups

w Administrative roles

Note: The Console does not need to be directly associated with the farm becauseremote administration is now supported on any Console that can communicate withthat farm’s network.

SitesA site provides both a site administrator and farm administrator, with a method ofrepresenting and managing logical groupings of Provisioning Servers, Device Collections,and local shared storage.

A site administrator can perform any task that a device administrator or deviceoperator can perform. A site administrator can also perform additional tasks such asmanaging:

w Print servers

w Device administrator and device operator role configurations

w Provisioning Servers

w Shared storage

w User Groups

Provisioning Servers within a site, communicate with farm components to obtain theinformation necessary to boot target devices and to provide target devices with theappropriate vDisk. Provisioning Server(s) must be able to communicate with the storewhere those vDisks exist.

Device CollectionsDevice collections provide the ability to create and manage logical groups of targetdevices, which are typically created and managed by a device administrator (a farmand site administrator can also perform a device administrator’s tasks).

A device collection could represent a physical location, a subnet range, or a logicalgrouping of target devices. Creating device collections simplifies device managementby performing actions at the collection level rather than at the target-device level.

A target device can only be a member of one device collection. For device collectiondetails, refer to the Managing Device Collections section in the Administrator's Guide.


22

Additional Provisioning Services' ProductComponents

The Provisioning Services infrastructure also consists of the following additionalcomponents:

Provisioning Servers on page 23

Provisioning Services Database on page 23

Console on page 23

vDisks on page 25

Target Devices on page 26

Store on page 26

Device Collections on page 27

User Groups on page 27

Network Services on page 27

Provisioning ServersA Provisioning Server is any server that has Stream Services installed. It is used tostream software from vDisks, as needed, to target devices. In some implementations,vDisks reside directly on the Provisioning Server. In larger implementations, ProvisioningServers get the vDisk from a shared-storage location on the network.

Provisioning Servers also retrieve and provide configuration information to and from theProvisioning Server Database. Provisioning Server configuration options are available toensure high availability and load-balancing of target device connections.

For Provisioning Server details, refer to “Managing Provisioning Servers”.

Provisioning Services DatabaseThe database stores all system configuration settings that exist within a farm. Only onedatabase can exist within a farm and all Provisioning Servers in that farm must be ableto communicate with that database. You may choose to leverage an existing SQL Serverdatabase or install SQL Server Express, which is free and available from Microsoft.

ConsoleThe Console is a utility that is used to manage your Provisioning Servicesimplementation. After logging on to the Console, you select the farm that you want to


23

connect to. Your administrative role determines what you can view in the Console andmanage in the farm.

The following illustration displays the farm hierarchy in the tree pane and the keyscomponents in the Console window.

Action Menu

The Action menu displays Provisioning Services tasks that can be performed on anobject that is highlighted in the Console. The same tasks are available when you right-click on the object in the Console.

Tasks are object specific and can only be performed if the user has the appropriate roleassigned (role-based administration). Your role determines what displays in theConsole. For example, if you are a farm administrator, you can perform all tasks andsee all objects in the farm. Device administrators can only perform device-collectionmanagement tasks on collections to which they have privileges. Administrator roles aredescribed later in this chapter.

Note:MMC (Microsoft Management Console) specific console features are not described inthis document. Refer to Microsoft’s MMC documentation for detailed information.

Console Tree and Details Pane

To view information about an object in the Details pane, click on the object or folder inthe Tree pane. The Details pane provides information such as the objects name and adescription of that object.

Properties Menus


24

To view or change an object’s properties, right-click on the object, then select theProperties menu option. You can also highlight the object in the Console window, thenselect Properties from the Action menu options. The Properties dialog displays propertysettings in tabular format.

vDisksvDisks exist as disk image files on a Provisioning Server or on a shared storage device.vDisk images are configured to be in Private, Standard, or Difference Disk, or RAM diskmode. (For more information, refer to the Configuring vDisk Modes section in theAdministrator's Guide).

vDisks are associated with a site’s vDisk pool. To view vDisks within a pool, expand thevDisk Pool folder in the Console tree.

vDisk Pools

vDisk pools are the collection of all vDisks available to a site. There is only one vDiskpool per site. The method used to locate a vDisk on a server share is illustrated in thegraphic that follows.

1. The target device begins the boot process by communicating with a ProvisioningServer and acquiring a license.

2. The Provisioning Server checks the vDisk pool for vDisk information, which includesidentifying the Provisioning Server(s) that can provide the vDisk to the targetdevice and the path information that server should use to get to the vDisk. In thisexample, the vDisk shows that only one Provisioning Server in this site can providethe target device with the vDisk and that the vDisk physically resides on theFinance Server (shared storage at the farm level).

3. The Provisioning Server locates the vDisk on Finance Server, then streams thatvDisk, on demand, to the target device.

On the Console’s Create a New vDisk dialog, you can add a new vDisk file to a store andselect the Provisioning Server that will create the vDisk file on a Provisioning Server oron shared storage.


25

Target DevicesA device, such as a desktop computer or server, that boots and gets software from avDisk on the network, is considered a target device.

Note: In the product documentation, the term target device is used generically whenreferring to any device within the a Provisioning Services Farm, which boots and getssoftware from a vDisk on the network.

Target devices deliver a higher level of security than traditional technologies, by fullyutilizing your existing management infrastructure. Each target device continues to haveits own unique identity on the network and within your existing network operatingsystem (i.e. Active Directory, Novell E-Directory and other LDAP directories). Targetdevices can continue to be managed by group policies and existing security policiespushed out by these directory management tools.

In addition to using existing policy management tools, greater security is inherit by thefact that there is no longer a hard drive in the target device. If the target device isstolen, data is not lost. Instead, it is easily ported to another target device.

A target device can only be a member of one device collection. Expanding a DeviceCollection folder in the Console’s tree allows you to view members of a devicecollection and information such as the target device name, IP address, vDisk, and theProvisioning Server currently providing the vDisk.

Target device settings are made in the Console’s Device Properties dialog, whichincludes settings such as printer assignments.

StoreA store is a logical name that is given to a physical vDisk storage location. The storename is the common name used by all Provisioning Servers within the farm.

Example One

The physical vDisk for Windows XP (WINXP1) resides on a Provisioning Server (PVS1)local to a site. The vDisk path is:

C:\vDisks\WINXP1.vhd

The logical name that is given to this physical location is the store.

Store name (logical name): bostonwinxp

Example Two

The physical vDisk for Windows XP (WINXP1) resides on a network share (FinanceShare)at the farm level. The vDisk path for Provisioning Server (PVS1) to WINXP1 is:

\\FinanceShare\vDisks\WINXP1.vhd

Access or visibility to a store depends on the users administrative privileges:


26

w Farm administrators have full access to all stores within the farm.

w Site administrators have access to only those stores owned by the site. They candelete stores owned by the site but they can not modify store properties or addvDisks to the store.

w Device administrators and device operators have read-only access and can not viewstore information. Site Administrators may also have read-only access if that storeexists at the farm level, or if that store belongs to another site.

Stores that exist in a farm can be viewed by expanding the Store parent directory inthe Console’s tree. The Stores property settings can be modified from the PropertiesDialog.

Device CollectionsDevice collections provide the ability to create and manage logical groups of targetdevices. A device collection could represent a physical location, a subnet range, or alogical grouping of target devices. Creating device collections simplifies devicemanagement by performing actions at the collection level rather than at the target-device level.

Note: A target device can only be a member of one device collection.

Device collections are created and managed by farm administrators, site administratorsthat have security privileges to that site, or device administrators that have securityprivileges to that collection. Device administrators can not modify the collection itself;only the devices within it. Device operators can only perform tasks on devicecollections that they are assigned to.

User GroupsUser groups provide farm and site administrators with the ability to create and managegroups of users based on existing Active Directory or Windows groups. Creating usergroups within a site simplifies management tasks by performing actions at the user-group level, rather than at the individual user level. User groups have the same vDisksand settings available if moving from one target device to another.

Network ServicesNetwork services include a BOOTP service, Preboot Execution Environment (PXE)service, and a TFTP service. These service options can be used during the boot processto retrieve IP addresses, and locate then download the boot program from theProvisioning Server to the target device. Alternative boot options are also available,refer to “Booting From an Optional Boot Device”.

Note: For network service details, refer to Managing Bootstrap Files and BootDevices on page 221 in this document.


27

Product UtilitiesIn addition, Provisioning Services includes several tools for use when configuring andmanaging a Provisioning Services deployment. After installing Provisioning Servicessoftware, the following tools become available:

w Installation Wizard – Use this wizard to install Provisioning Services components tocreate a Provisioning Servers and Master target devices.

w Configuration Wizard – Use this wizard to configure Provisioning-Server components,including network services, and database permissions. This wizard is installed duringthe Provisioning Services installation process.

w Imaging Wizard – On the master target device, run the Provisioning Services ImagingWizard to create a vDisk file in the Provisioning Services database and then image tothat file without having to physically go to a Provisioning Server. This utility isinstalled during the target device installation process.

w Virtual Disk Status Tray – Use this target device utility to get target-deviceconnection status and streaming statistical information. This utility is installedduring the Provisioning Services target device installation process.

w Boot Device Manager – Use this utility to configure a boot device, such as a USB or CD-ROM, which then receives the boot program from the Provisioning Services.

w Upgrade Utilities – There are several upgrade methods available. The method youselect depends on your network requirements.

w Programming Utilities – Provisioning Services provides programmers with amanagement application programming utility and a command line utility. Theseutilities can be accessed by all users. However, users can only use those commandsassociated with their administrator privileges. For example, a Device Operator isable to use this utility to get a list of all target devices that they have access to.

Provisioning Services Administrator RolesThe ability to view and manage objects within a Provisioning Services implementationis determined by the administrative role assigned to a group of users. ProvisioningServices makes use of groups that already exist within the network (Windows or ActiveDirectory Groups).

All members within a group share the same administrative privileges within a farm. Anadministrator may have multiple roles if they belong to more than one group.

Groups are managed at the farm level through the Console’s Farm Properties dialog.

The following roles exist within a Provisioning Services farm:

w Farm Administrator – Farm administrators can view and manage all objects within afarm. Farm administrators can also create new sites and manage role membershipsthroughout the entire farm.


28

w Site Administrator – Site administrators have full management access to the allobjects within a site. For example, a site administrator can manage ProvisioningServers, site properties, target devices, device collections, vDisks, vDisk pools, andlocal vDisk stores. A site administrator can also manage device administrator anddevice operator memberships.

w Device Administrator – Device administrators can perform all device-collectionmanagement tasks on collections to which they have privileges.

w Device Operator – Device operators can view vDisks and target devices, boot or shutdown target devices, and send messages to target devices within a device collectionto which they have privileges.

For details on administrator roles, refer to Managing Administrative Roles on page 69.

Provisioning Services and ResourcesThe following services and resources are available to support Provisioning Services.

w Provisioning Services Documentation

w Getting Service and Support

w Getting the Subscription Advantage

w Locating the Citrix Developer Network

w Participating in Citrix Education and Training

Provisioning Services DocumentationThe following identifies the documentation that is available to support ProvisioningServices. All supporting documentation assumes that Provisioning Servicesadministrators are knowledgeable about networking components and administration,and that device operators are familiar with networking concepts.

The majority of product documentation is provided as Adobe Portable DocumentFormat (PDF) files. To view, search, and print PDF documentation, you need to haveAdobe Reader 5.0.5 with Search, or a more recent version. You can download theseproducts for free from Adobe System’s Web site at http://www.adobe.com/

Most PDF product documentation, including knowledge-based topics and white papers,are accessible from the Citrix Knowledge Center, http://support.citrix.com/.

Citrix Product Licensing Documentation

For Citrix product licensing documentation, refer to Licensing Your Product under theTechnologies section.

Release Notes

This document contains important product information and is intended to be read first.Contents include information on new product features, enhancements, and known


29

http://www.adobe.com/

http://support.citrix.com/

http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/infocenter/ic-how-to-use.html

product issues as well as late additions that were not included in the other productdocumentation.

The release notes are accessible from:

w Citrix Knowledge Center: http://support.citrix.com/

w Product installation CD-ROM, when the installation executable is run.

w Programs directory, after completing the product installation: Start>AllPrograms>Citrix Provisioning Services>Provisioning Services Release Notes

Programmer’s Guides

Administrator’s with the appropriate privileges can use any of the following guides tomanage your implementation from command lines.

w MCLI Programmer’s Guide

w SOAP Server Programmer’s Guide

w PowerShell Programmer’s Guide

These guides are available as a PDF and can be accessed from the Citrix KnowledgeCenter: http://support.citrix.com/

Virtual Disk Status Tray Help

The Virtual Disk (vDisk) Status Tray help is available to aid in the management andtroubleshooting of vDisks on target devices.

This help system is assessable from the Help menu on the Virtual Disk Status Tray.

Finding Additional Documentation

From the Help menu or product installation directory, the following additionaldocumentation is available for optional Provisioning Services utilities:

w Boot Device Manager (BDM.chm)

w BOOTPTab Editor (bootptab-editor-help.chm)

w PXE (pxemap.chm)

Getting Service and SupportCitrix provides technical support primarily through the Citrix Solutions AdvisorsProgram. Contact your supplier for the first-line support or check for your nearestSolutions Advisor. In addition to the Citrix Solutions Advisors Program, Citrix offers avariety of self-service, Web-based technical support tools from its Knowledge Centerat: http://support.citrix.com/

The Knowledge Center feature includes:


30




w A knowledge base containing thousands of technical solutions to support your Citrixenvironment.

w An online product documentation library.

w Interactive support forums for every Citrix product.

w Blogs and communities.

w Access to the latest hotfixes and service packs.

w Security bulletins.

w Additional resources are available to customers with valid support contracts,including online problem reporting and tracking.

w Citrix Live Remote Assistance. Using Citrix’s remote assistance product, GoToAssist,a member of our support team can view your desktop and share control of yourmouse and keyboard to get you on your way to a solution.

Another source of support, Citrix Preferred Support Services, provides a range ofoptions that allows you to customize the level and type of support for yourorganization’s Citrix products.

Getting the Subscription AdvantageSubscription Advantage gives you an easy way to stay current with the latest server-based software functionality and information. Not only do you get automatic deliveryof feature releases, software upgrades, enhancements, and maintenance releases thatbecome available during the term of your subscription, you also get priority access toimportant Citrix technology information.

You can find more information on the Citrix Web site (http://www.citrix.com/) byselecting Subscription Advantage from the Support menu.

You can also contact your Citrix sales representative or a member of the CitrixSolutions Advisors Program for more information.

Locating the Citrix Developer NetworkThe Citrix Developer Network (CDN) is at: http://www.citrix.com/cdn/

This enrollment membership program provides access to developer toolkits, technicalinformation, and test programs for software and hardware vendors, system integrators,and corporate IT developers who incorporate Citrix computing solutions into theirproducts.

Note: There is no cost associated with enrolling with the Citrix Developer Network.

Participating in Citrix Education and TrainingThe following identifies the documentation that is available to support ProvisioningServices. All supporting documentation assumes that Provisioning Services


31

http://www.citrix.com/

http://www.citrix.com/cdn/

administrators are knowledgeable about networking components and administration,and that device operators are familiar with networking concepts.

The majority of product documentation is provided as Adobe Portable DocumentFormat (PDF) files. To view, search, and print PDF documentation, you need to haveAdobe Reader 5.0.5 with Search, or a more recent version. You can download theseproducts for free from Adobe System’s Web site at: http://www.adobe.com/


32

http://www.adobe.com/

Chapter 2

Product Technology Overview

Topics:• Getting the Boot Program

• Provisioning Services vDiskModes

• Write Cache Modes

vDisk technology is the key to software streaming. Thistechnology allows a target device to connect to a ProvisioningServer to emulate a local hard drive. The difference betweena physical hard drive and a vDisk is unknown to the targetdevice.

Understanding how Provisioning Services works requiresknowledge of the following underlaying technology:

w Getting the Boot Program on page 34

w Provisioning Services vDisk Modes on page 36

w Write Cache Modes on page 39

33

Getting the Boot ProgramAfter the BIOS is configured to allow the target device to boot from the network, thedevice can boot from, and get a vDisk assignment from the Provisioning Server. Thetarget device firmware gets the boot program using standard network protocols.

Network Booting a Target DeviceNote: The device firmware (NIC) must support PXE 0.99j or greater.

The DHCP service delivers IP configurations to a device. It can also deliver the bootprogram location using options 67, and 60 or 66. Consider delivering the boot programlocation with a DHCP service to reduce the number of services and increase reliability.

The PXE service can deliver the boot program location to a target device according tothe PXE Specification Version 2.1. Use this service if a DHCP service exists and cannotbe changed, and another PXE service is not used.

The BOOTP service can deliver IP configuration to a target device according to BOOTPtab. It can also deliver the boot program location using optional fields. Use of thisservice is no longer typical. Use this service only if DHCP does not meet yourrequirements.

The TFTP service delivers the boot program to a target device on request. Use it ifanother TFTP service is not available.

The illustrations and steps that follow, describe the boot process both with and withoutthe use of PXE.

Using DHCP to Retrieve IP Address and Scope Options (Without PXE)

1. When a target device boots from the network, DHCP sends a request to theProvisioning Server for an IP address and Scope Option settings (66 and 67). TheProvisioning Server returns the information as requested.

2. Using TFTP, a request for the boot file is sent from the target device to theProvisioning Server. The Provisioning Server downloads the boot file on the targetdevice and the target device boots.

Chapter 2 Product Technology Overview

34

Using DHCP with PXE to Retrieve IP Address and Scope Options:

1. When a target device boots from the network, DHCP sends a request to theProvisioning Server for an IP address and Scope Option settings (option 60;PXEClient identifier). The Provisioning Server returns the information as requested.

2. The target device sends a request to the Provisioning Server for the boot file nameand location to the PXE service (options 66 and 67). The PXE service returns theinformation to the target device.

3. Using TFTP, a request for the boot file is sent from the target device to theProvisioning Server. The Provisioning Server downloads the boot file on the targetdevice and the target device boots.


35

Booting From an Optional Boot DeviceAs an alternative to using PXE, the Boot Device Manager (BDM) can create a bootstrapon a local hard drive, USB flash drive or ISO image. The bootstrap will then be used toboot the target device.

The BIOS Embedded Bootstrap boot method also exists to allow OEMs to embedded thebootstrap file on the target device.

Provisioning Services vDisk ModesThe vDisk mode options include:

w Standard Image Mode on page 36

w Private Image Mode on page 37

w Difference Disk Image Mode on page 38

Standard Image ModeStandard Image mode allows multiple target devices to use a single vDisk at the sametime; greatly reducing the amount of vDisk management and storage requirements.


36

To use Standard Image mode, the vDisk must first be set to read-only mode. Eachtarget device then builds a write cache that stores any writes the operating systemneeds to make. There are several write-cache options available.

Having a read-only vDisk offers administrators several advantages. First, each time thetarget device boots, it always boots from a ‘clean’ vDisk. If a machine becomesinfected with a virus or spyware, simply reboot to the ‘clean’ image.

This solution greatly reduces the number of vDisks to maintain in an network. It alsoreduces the amount of change points required. Other installation methods require asuccessful install of a software update on each target device. With a Standard Image,you only have to install software one time. Updated vDisks can then be accessed, by allassigned target devices, through the Provisioning Server. As a result, a single successfulinstallation can upgrade thousands of machines. To get new software, a target devicejust needs to reboot.

While each target device is using the same vDisk, there are plenty of instances when adevice needs to have some unique characteristics while running. A number of tools areprovided to allow for uniqueness within the environment including:

w Computer Name – Each target device is given its own unique network name andeach target device is able to have its own computer account within your existingdirectory management structure.

w Common Image – Allows a vDisk to be used across different hardware platforms.

w Device Personality – While 95% of all software works in a standard image, a numberof applications require each target device to have a unique ID, such as a phoneextension. This feature allows you to store application specific values in thedatabase and retrieve the target device’s unique value as the device loads.

Private Image ModePrivate images closely model how a computer uses a regular hard drive. That is, onlyone target device can use a Private Image vDisk at a time. The Provisioning Serverperforms read or write requests.

The benefits for using Private Images instead of a regular hard drive are:

w Application flexibility; users can install their own applications.

w User software and data can seamlessly move from one computer to another in aminutes without elaborate migration procedures.

w All user data (including E-mail) is automatically backed up to a server.

w Eliminates hard drive failures which is the number one cause of hardware problems.

w Security; prevents data from being downloaded or stolen.

The drawbacks include:

w Increased Provisioning-Server load.

w Private Image vDisks require a lot more storage space.


37

w Each vDisk’s application stack must be maintained.

Difference Disk Image ModeNote: Difference Disk Image mode can not be used with the User Group vDisk feature.

Difference Disk Image Mode allows for the saving of changes between reboots. Usingthis mode, after rebooting, a target device is able to retrieve changes made fromprevious sessions that differ from the read only vDisk image. If a vDisk is set toDifference Disk Image mode, each target device that accesses the vDisk automaticallyhas a device-specific, writable disk file created. Any changes made to the vDisk imageare written to that file (Difference Disk Image), which is not automatically deletedupon shutdown.

The Difference Disk name uniquely identifies the target device by including the targetdevice’s MAC address and disk identifier. A target device can be assigned to multiplevDisks and therefore have multiple cache files associated to it.

In order to restore a vDisk that uses Difference Disk cache, be sure to backup all vDiskfiles and Difference Disk cache files prior to making any vDisk modifications.

The benefits of using Difference Disk Mode include:

w Saves target device specific changes that are made to the vDisk image.

w Same benefits as Standard Image Mode.

The drawbacks of using Difference Disk Mode include:

w The cache file is saved so long as the file remains valid. Any changes made to thevDisk force the cache file to be automatically deleted. For example, if the vDisk isset to Private Image Mode, all associated cache files are deleted.

Invalidating changes include:

w Automatic updates

w Incremental updates

w Mapping the drive from the Console

w Changing the location of the Difference Disk file

w Booting in Private Image mode

w Changing the write-cache path entries for a server (for example, adding,subtracting, or changing the order of those path entries to improve I/O by spreadingthe load with other servers).

w Changing a target device’s MAC address.


38

Write Cache ModesProvisioning Services supports several write cache mode options. The write cache modefor a vDisk is selected on the vDisk File Properties dialog’s ‘Mode’ tab.

The following lists valid write cache options:

w Cache on a Server Disk on page 39

w Cache in Device RAM on page 39

w Cache on Device Hard Drive on page 39

Cache on a Server DiskWrite cache can exist as a temporary file on a Provisioning Server. In this configuration,all writes are handled by the Provisioning Server, which can increase disk IO andnetwork traffic.

For additional security, the Provisioning Server can be configured to encrypt writecache files. Since the write-cache file does exist on the hard drive between reboots,the data will be encrypted in the event a hard drive is stolen.

Cache in Device RAMWrite cache can exist as a temporary file in the target device’s RAM. This provides thefastest method of disk access since memory access is always faster than disk access.

Cache on Device Hard DriveWrite cache can exist as a file on the target-device’s hard drive. This write cacheoption frees up the Provisioning Server since it does not have to process write requestsand does not have the finite limitation of RAM.

The hard drive does not require any additional software to enable this feature.

Note: The write cache file is temporary unless the vDisk mode is set to DifferenceDisk Image mode.


39


40

Chapter 3

Using the Console

Topics:• Starting the Console

• Understanding the ConsoleWindow

• Performing Tasks in theConsole

Use the Provisioning Services Console to manage componentswithin a Provisioning Services farm. The Console can beinstalled on any machine that can access the farm.

For more information on the Console refer to:

w Starting the Console on page 42

w Understanding the Console Window on page 42

w Performing Tasks in the Console on page 44

41

Starting the ConsoleBefore starting the Console, make sure that the Stream Service is started and runningon the Provisioning Server. (After the Configuration Wizard runs, the Stream Servicestarts automatically).

To start the Console

From the Start menu, select:

All Programs>Citrix>Provisioning Services>Citrix ProvisioningConsole

The Console’s main window appears.

Note: To connect to a farm refer to Farm Tasks on page 61.

Understanding the Console WindowOn the main Console window, you can perform tasks necessary when setting up,modifying, tracking, deleting, and defining the relationships among vDisks, targetdevices, and Provisioning Servers within your network.

For details on using various Console components, refer to:

w Using the Console Tree on page 42

w Basic Tree Hierarchy on page 42

w Using the Details View on page 43

w Common Action Menu Options on page 43

Using the Console TreeThe tree is located in the left pane of the Console window. The tree shows ahierarchical view of your network environment and managed objects within yournetwork. What displays in the Details view depends on the object you have selected inthe tree and your user role.

In the tree, click + to expand an managed object node, or click - to collapse the node.

Basic Tree HierarchyFarm administrators can create new sites, views, and stores within the farm. The farm-level tree is organized as follows:

w Farm

Chapter 3 Using the Console

42

• Sites

• Views

• Stores

Site administrators generally manage those objects within sites to which they haveprivileges. Site’s contain Provisioning Servers, a vDisk Pool, device collections, usergroups and views. The site-level tree is organized as follows:

w Site

• Servers

• vDisk Pool

• Device Collections

• User Groups

• Views

Using the Details ViewThe right-hand pane of the Console window contains the details view. This viewprovides information about the object selected in the tree, in table format. The typesof objects that display in the view include Provisioning Servers, target devices, andvDisks. For more detailed information, right-click on the object, then select theProperties menu.

The tables that display in the details view can be sorted in ascending and descendingorder.

In the Console, the objects that display and the tasks that you can perform aredependant on the role that you are assigned.

Common Action Menu OptionsThe following menu options are common to most objects in the Console:

New Window From Here

To open a new Console window, right-click on an object in the tree or in the detailspane, then select the New Window from Here menu option. A new Console windowopens. It may be necessary to minimize the window to view and toggle between one ormore windows.

Refresh

To refresh information in the Console, right-click a folder, icon, or object, then selectRefresh.

Export List


43

1. To export table information from the details pane to a text or comma delimitedfile, select Export from the Action menu.

2. Select the location where this file should be saved inSave in:

3. Type or select the file name in the File name textbox.

4. Select the file type from and Save as text boxes.

5. Click Save to save the file.

Help

Select an object in the Console, then select Help from the Action menu to displayinformation about that object.

View Options

To customize a Console view:

1. Select View, then select either Add/Remove Columns... or Customize....

2. If you selected:

• Add/Remove Columns..., use the Add and Remove buttons to select whichcolumns to display.

• Customize..., select the check box next to each MMC and Snap-in view optionthat should display in the Console window.

3. Click OK. The Console view refreshes to display the view options selected.

Performing Tasks in the ConsoleUse the following Console menus and features to perform tasks:

Note: Use the Ctrl key to make non-continuous selections or the Shift key to makecontinuous selections.

w Action menu on page 44

w Right-click (context) Menu on page 45

w Using Drag-and-Drop on page 45

w Using Copy and Paste on page 45

w Using Views on page 45

Action menuSelect object-related tasks from the Action menu such as; boot, restart, send message,view properties, copy or paste properties. For a complete list of tasks, refer to thatobject’s management chapter within this guide.


44

Right-click (context) MenuRight-click a managed object(s) to select object-related tasks. For a complete list oftasks, refer to that object’s management chapter within this guide.

Using Drag-and-Dropw Move target devices by dragging them from one device collection, and dropping

them on another device collection within the same site.

w Assign a vDisk to all target devices within a collection by dragging the vDisk anddropping it on the collection. The vDisk and the collection must be in the same site.(The new vDisk assignment replaces any previous vDisk assignments for thatcollection).

w Add a target device to a view by dragging the device, then dropping it on the viewin Console’s tree.

w Drag a Provisioning Server from one Site, then drop it into another site. (Any vDisksassignments that were specific to this server and any store information will be lost.).

Using Copy and PasteSelect an object in the Console window, then use the Copy and Paste right-click menuoptions to quickly copy one or more properties of a vDisk, Provisioning Server, or targetdevice, to one or more existing vDisks, Provisioning Servers, or target devices.

To copy the properties of a one object type and paste those properties to multipleobjects of the same type:

1. In the tree or details pane, right-click the object which has the properties youwant to copy, then select Copy.The object-specific Copy dialog appears.

2. Place a check in the checkbox next to each of the object properties you want tocopy, then click OK.

3. In the Console tree, expand the directory where the object exists so that thoseobjects display in either the tree or details pane.

4. Right-click on the object(s) in the tree or details pane that you want to pasteproperties to, then select Paste.

Using ViewsCreate views containing target devices to display only those target devices that you arecurrently interested in viewing or performing tasks on. Adding target devices to a viewprovides a quick and easy way to perform a task on members of that view, such as:

w Boot

w Restart


45

w Shutdown

w Send message

Views can be created at the site level or at the farm level. To perform a task onmembers of a view:

1. Right-click on views icon, then select the Create View... menu option.The View Properties dialog appears.

2. Type the name and a description of the new view in the appropriate text boxes,then select the Members tab.

3. To add target devices to this view, click the Add button. The Select Target Devicesdialog appears.

4. If you are creating the view at the farm level, select the site where the targetdevices reside. If you are creating the view at the site level, the site information isalready populated.

5. From the drop-down menu, select the device collection where the target devicesto add are members.

6. Select from the list of target devices that display, then click OK.

7. If necessary, continue adding target devices from different device collectionswithin a site.

8. Click the OK button to close the dialog.

For more information on views, refer to Managing Views on page 175.


46

Chapter 4

Managing Farms

Topics:• Configuring the Farm

• Farm Properties

• Farm Tasks

A farm represents the top level of a Provisioning Servicesinfrastructure. Farms provide a “Farm Administrator” with amethod of representing, defining, and managing logical groupsof Provisioning Services components into sites.

All sites within a farm share that farm’s Microsoft SQLdatabase. A farm also includes a Citrix License Server, local ornetwork shared storage, and collections of target devices.

To learn more about managing farms, refer to the followsections:

w Configuring the Farm on page 48

w Farm Tasks on page 61

w Farm Properties on page 58

47

Configuring the FarmRun the Configuration Wizard on a Provisioning Server when creating a new farm,adding new Provisioning Servers to an existing farm, or reconfiguring an existingProvisioning Server.

When configuring a Provisioning Server, consider the following:

w All Provisioning Servers within a farm must share the same database to locate vDisksfor target devices on shared storage devices within the farm. If that shared storagedevice is a Windows network share, refer to configuration information described inthe Administrator’s Guide, Managing Network Components section. If that sharedstorage device is a SAN, no additional configuration is necessary.

w To properly configure the network services, be sure that you understand networkservice options and settings.

Note: If all Provisioning Servers in the farm share the same configuration settingssuch as site and store information, consider Running the Configuration Wizard Silentlyon page 57.

Configuration Wizard SettingsBefore running the Configuration Wizard, be prepared to make the following selections:

Note: The Configuration Wizard can also be run silently on servers that share similarconfiguration settings. For details, refer to Running the Configuration Wizard Silentlyon page 57.

w Network Topology on page 49

w Identify the Farm on page 50

w Identify the Database on page 51

w Identify the Site on page 52

w Select the License Server on page 53

w Select network cards for the Stream Service on page 54

w Configure Bootstrap Server on page 54

Note: If errors occur during processing, the log is written to a ConfigWizard.log file,which is located at C:\Documents and Settings\All Users\ProgramData\Citrix\Provisioning Services.

Chapter 4 Managing Farms

48

Starting the Configuration WizardThe Configuration Wizard starts automatically after Provisioning Services software isinstalled. The wizard can also be started by selecting:

1. Start>All Programs>Citrix>Provisioning Services>Provisioning ServicesConfiguration Wizard

2. After starting the Configuration Wizard, click Next to begin the configuration tasksthat follow.

Note: When running the Configuration Wizard, the tasks that appear depend onthe network service options that are selected and the purpose for running the wizard.

Network TopologyComplete the network configuration steps that follow.

1. Select the network service to provide IP addresses

Note: Use existing network services if possible. If for any reason existing networkservices can not be used, choose to install the network services that are madeavailable during the installation process.

To provide IP addresses to target devices, select from the following networkservice options:

• If the DHCP service is on this server, select the radio button next to one of thefollowing network services to use, then click Next:

w Microsoft DHCP

w Provisioning Services BOOTP service

w Other BOOTP or DHCP service

• If the DHCP service is not on this server, select the radio button next to Theservice is running on another computer, then click Next.

2. Select the network service to provide PXE boot information

Each target device needs to download a boot file from a TFTP server.

Select the network service to provide target devices with PXE boot information:

• If you choose to use this Provisioning Server to deliver PXE boot information,selectThe service that runs on this computer, then select from either of thefollowing options, then click Next:

w Microsoft DHCP (options 66 and 67)

w Provisioning Services PXE Service


49

• If Provisioning Services will not deliver PXE boot information, select Theinformation is provided by a service on another device option, then clickNext.

Identify the FarmSelect from the following farm options:

• Farm is already configured

Select this option to reconfigure an existing farm, then continue on tothe“Configure user account settings” procedure. This option only appears if a farmalready exists.

• Create farm

i. On the Farm Configuration dialog, select the Create Farm radio button tocreate a new farm, then clickNext.

ii. Use the Browse button to browse for existing SQL databases and instances inthe network, or type the database server name and instance. Optionally, entera TCP port number to use to communicate with this database server.

iii. To enable database mirroring, enable the Specify database mirror failoverpartner option, then type or use the Browse button to identify the failoverdatabase server and instance names. Optionally, enter a TCP port number touse to communicate with this server.

Note: Refer to Database Mirroring in the Provisioning Services Administrator'sGuide for more information.

iv. Click Next to continue on to the“Identify the Database on page 51” procedure.

• Join existing farm

i. On the Farm Configuration dialog, select the Join Existing Farm radio button toadd this Provisioning Server to an existing farm, then clickNext.

ii. Use the Browse button to browse for the appropriate SQL database andinstance within the network.

iii. Select the farm name that displays by default, or scroll to select the farm to join.

Note: More than one farm can exist on a single server. This configuration iscommon in test implementations.

iv. To enable database mirroring, enable the Specify database mirror failoverpartner option, then type or use the Browse button to identify the failoverdatabase server and instance names. Optionally, enter a TCP port number touse to communicate with this server.

Note: Refer to Database Mirroring in the Provisioning Services Administrator'sGuide for more information.


50

v. Click Next.

vi. Select from the following site options, then click Next:

• Existing Site: Select the site from the drop-down menu to join an existing site.

• New Site: Create a site by typing the name of the new site and a collection.

Continue on toConfigure User Account Settings on page 53 procedure.

Identify the DatabaseOnly one database exists within a farm. To identify the database, complete the stepsthat follow.

1. Select the database locationIf the database server location and instance have not yet been selected, completethe following procedure.

a. On the Database Server dialog, click Browse to open the SQL Servers dialog.

b. From the list of SQL Servers, select the name of the server where this databaseexists and the instance to use (to use the default instance, SQLEXPRESS, leavethe instance name blank). In a test environment, this may be a stageddatabase.

Note: When re-running the Configuration Wizard to add additionalProvisioning Servers database entries, the Server Name and Instance Nametext boxes are already populated. By default, SQL Server Express installs asan instance named ‘SQLEXPRESS’.

c. Click Next. If this is a new farm, continue on to the“Defining a Farm”procedure.

2. To change the database to a new database

a. On the old database server, perform a backup of the database to a file.

b. On the new database server, restore the database from the backup file.

c. Run the Configuration Wizard on each Provisioning Server.

d. Select Join existing farm on the Farm Configuration dialog.

e. Enter the new database server and instance on the Database Server dialog.

f. Select the restored database on the Existing Farm dialog.

g. Select the site that the Server was previously a member of on the Site dialog.

h. Click Next until the Configuration Wizard finishes.

3. Define a farm.

Select the security group to use:

• Use Active Directory groups for security


51

Note: When selecting the Active Directory group to act as the FarmAdministrator from the drop-down list, choices include any group the currentuser belongs to. This list includes Builtin groups, which are local to the currentmachine. Avoid using these groups as administrators, except for testenvironments. Also, be aware that some group names may be misleading andappear to be Domain groups, which are actually Local Domain groups. Forexample: ForestA.local/Builtin/Administrators.

• Use Windows groups for security

4. ClickNext.

Continue on to the“Selecting the license server” procedure.

Create a New Store for a New FarmA new store can be created and assigned to the Provisioning Server being configured:

Note: The Configuration Wizard only allows a server to create or join an existing storeif it is new to the database. If a server already exists in the database and it rejoins afarm, the Configuration Wizard may prompt the user to join a store or create a newstore, but the selection is ignored.

1. On the New Store page, name the new Store.

2. Browse or enter the default path (for example: C:\PVSStore) to use to accessthis store, then click Next.If an invalid path is selected, an error message appears. Re-enter a valid path,then continue. The default write cache location for the store is located under thestore path for example: C:\PVSStore\WriteCache.

Identify the SiteWhen joining an existing farm, identify the site where this Provisioning Server is to be amember, by either creating a new site or selecting an existing site within the farm.When a site is created, a default target device collection is automatically created forthat site.

• Create a new site

i. On the Site page, enable the New Site radio button.

ii. In the Site Name text box, type the new site name where this ProvisioningServer is to be a member.

iii. In the Collection Name, accept the default collection, Collection, or create anew default collection name to associate with this Provisioning Server, thenclickNext.

• Select an existing site


52

i. On the Site page, enable the Existing Site radio button. (The default site nameis Site.)

ii. Select the appropriate site from the drop-down list, then click Next.

iii. Create a new store or select an existing store on the Store page, then clickNext.

Select the License ServerNote: When selecting the license server, ensure that all Provisioning Server’s in thefarm are able to communicate with that server in order to get the appropriate productlicenses.

1. Enter the name (or IP address) and port number of the license server (default is27000). The Provisioning Server must be able to communicate with the licenseserver to get the appropriate product licenses.

2. Optionally, select the checkbox Validate license server version andcommunicationto verify that the license server is able to communicate with thisserver and that the appropriate version of the license server is being used. If theserver is not able to communicate with the license server, or the wrong version ofthe license server is being used, an error message displays and does not allow youto proceed.

3. The checkbox Use Datacenter licenses for desktops if no Desktop licenses areavailableenables the license tradeup option and is enabled by default. Optionally,disable this trade up option by clicking on the enabled checkbox(uncheck).

4. Click Next to continue on to the“Configure user account settings” procedure.

Configure User Account SettingsThe Stream and Soap services run under a user account.

1. On the User Account dialog, select the user account that the Stream and Soapservices will run under:

• Specified user account (required when using a Windows Share; workgroup ordomain user account)

Type the user name, domain, and password information in the appropriate textboxes.

• Local system account (for use with SAN)

2. Select the checkbox next to the Configure the database for the account option, ifyou selectedSpecified user account, which adds the appropriate database roles(Datareader and Datawriter) for this user.

3. Click Next, then continue on to the“Selecting network cards for the StreamService” procedure.


53

Select network cards for the Stream ServiceNote: If multiple network adapters are selected, they must be configured with thesame IP subnet address. For example: IP subnet: 100.100.10.x; IP subnet mask255.255.255.0

1. Select the checkbox next to each of the network cards that the Stream Service canuse.

2. Enter the base port number that management services the default port for that theProvisioning Services’ network services communications in the appropriate textbox.

Note: A minimum of 20 ports are required within the range. All ProvisioningServers within a farm must use the same port assignments.

3. Select the Soap Server port (default is 54321) to use for Console access, then clickNext.

Continue on to the“Selecting the bootstrap server” procedure.

Configure Bootstrap ServerComplete the steps that follow to identify the bootstrap server and configure thebootstrap file location.

Note: Bootstrap configurations can be reconfigured by selecting the ConfigureBootstrap option from the Provisioning Services Action menu in the Console.

1. Select the bootstrap server.To use the TFTP service on this Provisioning Server:

a. Select the Use the TFTP Serviceoption, then enter or browse for the boot file.The default location is:C:\Documents and Settings\All Users\ProgramData\Citrix\Provisioning Services\Tftpboot

If a previous version of Provisioning Services was installed on this server, andthe default location is:

C:\Program Files\Citrix\Provisioning Services\TftpBoot

You must run the Configuration Wizard to change the default location to:

C:\Documents and Settings\All Users\ProgramData or ApplicationData\Citrix\Provisioning Services\Tftpboot

If the default is not changed, the bootstrap file can not be configured from theConsole and target devices will fail to boot; receiving a ‘Missing TFTP’ errormessage.


54

b. Click Next.

2. Select Provisioning Servers to use for the boot process:

a. Use the Add button to add additional Provisioning Servers to the list, theEditbutton to edit existing information, orRemove to remove the ProvisioningServer from the list. Use theMove up orMove down buttons to change theProvisioning Server boot preference order.The maximum length for the server name is 15 characters. Do not enter FQDNfor the server name.In an HA implementation, at least two Provisioning Servers must be selected asboot servers.

b. Optionally, highlight the IP address of the Provisioning Server that targetdevices will boot from, then click Advanced. The Advanced Stream ServersBoot List appears.

The following table describes advanced settings that you can choose from. Aftermaking your selections, click OK to exit the dialog, then click Next to continue.

Table 4-1. Advanced Stream Servers Boot List

Verbose Mode Select the Verbose Mode option ifyou want to monitor the bootprocess on the target device(optional) or view system messages.

Interrupt Safe Mode Select Interrupt Safe Mode if you arehaving trouble with your targetdevice failing early in the bootprocess. This enables debugging oftarget device drivers that exhibittiming or boot behavior problems

Advanced Memory Support This setting enables the bootstrap towork with newer Windows OSversions and is enabled by default.Only disable this setting on older XPor Windows Server OS 32 bit versionsthat do not support PAE, or if yourtarget device is hanging or behavingerratically in early boot phase.

Network Recovery Method Restore Network Connections—Selecting this option results in thetarget device attempting indefinitelyto restore it's connection to theProvisioning Server.

Note: Because the Seconds field doesnot apply, it becomes inactive when


55

the Restore Network Connectionsoption is selected.

Reboot to Hard Drive— (a hard drivemust exist on the target device)Selecting this option instructs thetarget device to perform a hardwarereset to force a reboot after failingto re-establish communications for adefined number of seconds. The userdetermines the number of seconds towait before rebooting. Assuming thenetwork connection can not beestablished, PXE will fail and thesystem will reboot to the local harddrive. The default number of secondsis 50, to be compatible with HAconfigurations.

Logon Polling Timeout Enter the time, in milliseconds,between retries when polling forProvisioning Servers. EachProvisioning Server is sent a loginrequest packet in sequence. The firstProvisioning Server that responds isused. In non-HA configurations, thistime-out simply defines how often toretry the single available ProvisioningServer with the initial login request.

This time-out defines how quicklythe round-robin routine will switchfrom one Provisioning Server to thenext in trying to find an activeProvisioning Server. The valid rangeis from 1,000 to 60,000 milliseconds.

Login General Timeout Enter the time-out, in milliseconds,for all login associated packets,except the initial login polling time-out. This time-out is generally longerthan the polling time-out, becausethe Provisioning Server needs time tocontact all associated servers, someof which may be down and willrequire retries and time-outs fromthe Provisioning Server to the otherProvisioning Servers to determine ifthey are indeed online or not. The


56

valid range is from 1,000 to 60,000milliseconds.

c. Verify that all configuration settings are correct, then click Finish.

Running the Configuration Wizard SilentlyRun the Configuration Wizard silently to configure multiple Provisioning Servers thatshare several of the same configuration settings such as the farm, site, and storelocations.

PrerequisiteThe Configuration Wizard must first be run on any Provisioning Server in the farm thathas the configuration settings that will be used in order to create the ProvisioningServices database and to configure the farm.

The basic steps involved in the silent configuration of servers within the farm include:

w Create a ConfigWizard.ans file from a configured Provisioning Server in the farm.

w Copy the ConfigWizard.ans file onto the other servers within the farm, and modifythe IP address in the ConfigWizard.ans file to match each server in the farm.

w Run the ConfigWizard.exe with the /a parameter.

To Create the ConfigWizard.ans File1. Run the ConfigWizard.exe with the /s parameter on a configured server.

2. When selecting farm settings on the Farm Configuration page, choose the Joinexisting farm option.

3. Continue selecting configuration settings on the remaining wizard pages, then clickFinish.

4. Copy the resulting ConfigWizard.ans file from the Provisioning Services ApplicationData directory. The location for this directory varies depending on the Windowsversion. For Windows 2003, use \Documents and Settings\All Users\Application Data\Citrix\Provisioning Services. For Windows 2008and Windows 2008 R2, use \ProgramData\Citrix\Provisioning Services.

To Copy and Modify the ConfigWizard.ans File1. For each server that needs to be configured, copy the ConfigWizard.ans file to the

Provisioning Services Application Data directory.

2. Edit the StreamNetworkAdapterIP= so that is matches the IP of the server beingconfigured. If there is more than one IP being used for Provisioning Services on theserver, add a comma between each IP address.

To Run the ConfigWizard.exe SilentlyTo configure servers, run the ConfigWizard.exe with /a parameter on each server thatneeds to be configured.


57

Note: To get the list of valid ConfigWizard parameters:

1. Run the ConfigWizard.exe with the /? parameter.

2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file fromthe Provisioning Services Application Data directory.

3. Scroll down to the bottom of the file to view all valid parameters.

Note: To get the list of valid ConfigWizard.ans commands with descriptions:

1. Run the ConfigWizard.exe with the /c parameter.

2. Open the resulting ConfigWizard.out file from the ConfigWizard.ans file fromthe Provisioning Services Application Data directory.

3. Scroll down to the bottom of the file to view all valid parameters.

Farm PropertiesThe Farm Properties dialog contains the following tabs:

w General Tab on page 58

w Security Tab on page 58

w Groups Tab on page 59

w Licensing Tab on page 59

w Options Tab on page 60

w Status Tab on page 61

The tables that follow identify and describe farm properties on each tab:

General TabName Enter or edit the name of this farm.

Description Enter or edit a description for this farm.

Security TabAdd button Click the Add button to apply farm

administrator privileges to a group.Check each box next the groups to which


58

farm administrator privileges shouldapply.

Remove button Click the Remove button to removegroups from those groups with farmadministrator privileges. Check each boxnext the groups to which farmadministrator privileges should not apply.

Groups TabAdd button Click the Add button to open the Add

System Groups dialog.

To display all security groups, leave thetext box set to the default ‘*’.

To display select groups, type part of thename using wildcards ‘*’. For example,if you want to see MY_DOMAIN\Builtin\Users, type:

User*, Users, or *ser*

However, in this release, if you typeMY_DOMAIN\Builtin\*, you will getall groups, not just those in theMY_DOMAIN\Builtin path.

Select the checkboxes next to eachgroup that should be included in this farm.

Note: Filtering on groups wasintroduced in 5.0 SP2 for efficiencypurposes.

Remove button Click the Remove button to removeexisting groups from this farm. Highlightthe groups to which privileges should notapply.

Licensing TabNote: Changing licensing properties requires that the Provisioning Services StreamService be restarted on each Provisioning Server for licensing changes to take effect.


59

License server name Type the name of the Citrix LicenseServer in this textbox.

License server port Type the port number that the licenseserver should use or accept the default,which is 27000.

Use Datacenter licenses for desktops ifno Desktop licenses are availablecheckbox

If using the license trade-up feature,which allows you to use Datacenterproduct licenses that you have availableif no Desktop product licenses arecurrently available, check this checkbox.

Options TabAuto-Add Check this checkbox if using the Auto-

add feature, then select the site thatnew target devices will be added to fromthe Add new devices to this site drop-down menu.

If the No default site is chosen for thedefault site setting, then the site of thatProvisioning Server that logs in thetarget device is used during auto-added.Use the No default site setting if yourfarm has site scoped PXE/TFTP servers.

Important! This feature should only beenabled when expecting to add newtarget devices. Leaving this featureenabled could result in computers beingadded without the approval of a farmadministrator.

Auditing Enable or disable the auditing featurefor this farm.

Offline database support Enable or disable the offline databasesupport option. This option allowsProvisioning Servers within this farm, touse a snapshot of the database in theevent that the connection to thedatabase is lost.


60

Status TabCurrent status of the farm Provides database status information and

information on group access rights beingused.

Farm TasksThe farm is initially configured when you run the Configuration Wizard. The wizardprompts you for the farm’s name, a store, and a device collection. When you first openthe Console, those objects display in the tree.

The wizard also prompts you for additional farm information such as the name of thelicense server, your user account information, and those servers that can serve thebootstrap file to target devices. You can always rerun the wizard to change settings.You can also choose to make farm configuration changes using the Farm Properties onpage 58.

A farm administrator can view and manage all objects in any farm to which they haveprivileges. Only farm administrators can perform all tasks at the farm level, including:

w Farm Connections on page 61

w Farm Properties on page 58

w Creating Sites on page 62

w Site Properties on page 62

w Managing Stores on page 73

w Managing Views on page 175

Farm ConnectionsConnecting to a Farm1. Right-click on Provisioning Services Console in the Console tree, then select

Connect to farm...

2. Under Server Information, type the name or IP address of a Streaming Server onthe farm and the port configured for server access.

3. Select to log in using one of the following methods:

• Use the Windows credentials that you are currently logged with, then optionallyenable the Auto-login on application start or reconnect feature.


61

• Use different Windows credentials by entering the username, password, anddomain associated with those credentials, then optionally enable the Savepassword and Auto-login on application start or reconnect feature.

4. Click Connect. The Farm icon appears in the Console tree.

Managing ConnectionsYou can manage connections to farms from the Manage Connections dialog. To open thedialog, right-click on the Provisioning Services Console icon in the tree, then select theManage Connections... menu option.

Creating SitesTo create a new site

1. Right-click on the sites folder in the farm where you want to add the new site.The Site Properties dialog appears.

2. On the General tab, type the name and a description for the site in theappropriate text boxes.

3. On the Security tab, click Add to add security groups that will have the siteadministrator rights in this site.The Add Security Group dialog appears.

4. Check the box next to each group, then click OK. Optionally, check the Domains/group Name checkbox to select all groups in the list.

5. On the Options tab, if new target devices are to be added using the Auto-Addfeature, select the collection where these target devices should reside (thisfeature must first be enabled in the farm’s properties).

To modify an existing site’s properties, right-click on the site in the Console, thenselect Properties. Make any necessary modifications in the Site Properties dialog.

Site PropertiesA new site is added to a farm, or an existing site is modified, using the Site Propertiesdialog. The tabs in this dialog allow you to configure a site. Site administrators can alsoedit the properties of a site that they administer.

The Site Properties dialog contains the following tabs:



w MAK Tab on page 63



62

General TabField/Button Description

Name Type the name of this site in the textbox.

Description Optional. Type the description of thissite in the textbox.

Security TabField/Button Description

Add button Click the Add button to open the AddSecurity Groups dialog. Check the boxnext to each group to which siteadministrator privileges should apply.

To add all groups that are listed, checkthe Domain\Group Name checkbox.

Remove button Click the Remove button select thosegroups to which site administratorprivileges should be removed.

To remove all groups that are listed,check the Domain\Group Namecheckbox.

MAK TabField/Button Description

Enter the administrator credentials usedfor Multiple Activation Key enabledDevices

MAK administrator credentials must beentered before target devices using MAKcan be activated. The user must haveadministrator rights on all target devicesthat use MAK enabled vDisks and on allProvisioning Servers that will streamthose target devices.

After entering the following information,click OK:

User

Password


63

Field/Button Description

Note: If credentials have not beenentered and an activation attempt ismade from the Manage MAKActivations dialog, an error messagedisplays and the MAK tab appears toallow credential information to beentered. After the credentials areentered, click OK and the ManageMAK Activations dialog re-appears.

Options TabField/Button Description

Auto-Add Select the collection that the new targetdevice will be added to from the drop-down menu. (This feature must first beenabled in the farm properties.)


64

Chapter 5

Managing Sites

Topics:• Creating Sites

• Site Properties

A site provides both a site administrator and farmadministrator, with a method of representing and managinglogical groupings of Provisioning Servers, Device Collections,and local shared storage.

Note: If configuring for a high availability (HA), allProvisioning Servers selected as failover servers must residewithin the same site. HA is not intended to cross between sites.

A site administrator can perform any task that a deviceadministrator or device operator within the same farm canperform.

A site administrator can also perform the following tasks:

Farm-level tasks

w Site Properties on page 62

w Store Configuration and Management Tasks on page 77

Site-level tasks

w Managing Printers on page 231

w Managing Site Administrators on page 71

w Managing Provisioning Servers on page 83

w Showing Provisioning Server Connections on page 96

w Managing User Assigned vDisks on page 169

w Creating Sites on page 62

w Balancing the Target Device Load on Provisioning Serverson page 97

w Managing Target Devices on page 131

w Accessing Auditing Information on page 245

65

Creating SitesTo create a new site

1. Right-click on the sites folder in the farm where you want to add the new site.The Site Properties dialog appears.

2. On the General tab, type the name and a description for the site in theappropriate text boxes.

3. On the Security tab, click Add to add security groups that will have the siteadministrator rights in this site.The Add Security Group dialog appears.

4. Check the box next to each group, then click OK. Optionally, check the Domains/group Name checkbox to select all groups in the list.

5. On the Options tab, if new target devices are to be added using the Auto-Addfeature, select the collection where these target devices should reside (thisfeature must first be enabled in the farm’s properties).

To modify an existing site’s properties, right-click on the site in the Console, thenselect Properties. Make any necessary modifications in the Site Properties dialog.

Site PropertiesA new site is added to a farm, or an existing site is modified, using the Site Propertiesdialog. The tabs in this dialog allow you to configure a site. Site administrators can alsoedit the properties of a site that they administer.

The Site Properties dialog contains the following tabs:



w MAK Tab on page 63



Name Type the name of this site in the textbox.

Description Optional. Type the description of thissite in the textbox.

Chapter 5 Managing Sites

66


Add button Click the Add button to open the AddSecurity Groups dialog. Check the boxnext to each group to which siteadministrator privileges should apply.

To add all groups that are listed, checkthe Domain\Group Name checkbox.

Remove button Click the Remove button select thosegroups to which site administratorprivileges should be removed.

To remove all groups that are listed,check the Domain\Group Namecheckbox.

MAK TabField/Button Description

Enter the administrator credentials usedfor Multiple Activation Key enabledDevices

MAK administrator credentials must beentered before target devices using MAKcan be activated. The user must haveadministrator rights on all target devicesthat use MAK enabled vDisks and on allProvisioning Servers that will streamthose target devices.

After entering the following information,click OK:

User

Password

Note: If credentials have not beenentered and an activation attempt ismade from the Manage MAKActivations dialog, an error messagedisplays and the MAK tab appears toallow credential information to beentered. After the credentials are


67


entered, click OK and the ManageMAK Activations dialog re-appears.

Options TabField/Button Description

Auto-Add Select the collection that the new targetdevice will be added to from the drop-down menu. (This feature must first beenabled in the farm properties.)

Chapter 5 Managing Sites

68

Chapter 6

Managing Administrative Roles

Topics:• Managing Farm

Administrators

• Managing Site Administrators

• Managing DeviceAdministrators

• Managing Device Operators

The ability to view and manage objects within a ProvisioningServer implementation is determined by the administrativerole assigned to a group of users. Provisioning Services makesuse of groups that already exist within the network (Windowsor Active Directory Groups). All members within a group willshare the same administrative privileges within a farm. Anadministrator may have multiple roles if they belong to morethan one group.

The following administrative roles can be assigned to a group:

w Farm Administrator

w Site Administrator

w Device Administrator

w Device Operator

After a group is assigned an administrator role through theConsole, if a member of that group attempts to connect to adifferent farm, a dialog displays requesting that a ProvisioningServer within that farm be identified (the name and portnumber). You are also required to either use the Windowscredentials you are currently logged in with (default setting),or enter your Active Directory credentials. ProvisioningServices does not support using both domain and workgroupssimultaneously.

When the information is sent to and received by theappropriate server farm, the role that was associated with thegroup that you are a member of, determines youradministrative privileges within this farm. Group roleassignments can vary from farm to farm.

69

Managing Farm AdministratorsFarm administrators can view and manage all objects within a farm. Farmadministrators can also create new sites and manage role memberships throughout theentire farm. In the Console, farm-level tasks can only be performed by farmadministrators. For example, only a farm administrator can create a new site withinthe farm.

When the farm is first configured using the Configuration Wizard, the administratorthat creates the farm is automatically assigned the Farm Administrator role. Whileconfiguring the farm, that administrator selects the option to use either Windows orActive Directory credentials for user authorization within the farm. After theConfiguration Wizard is run, additional groups can be assigned the Farm Administratorrole in the Console.

To assign additional Farm Administrators

Note: The authorization method displays to indicate if Windows or Active Directorycredentials are used for user authorization in this farm.

1. In the Console, right-click on the farm to which the administrator role will beassigned, then select Properties.The Farm Properties dialog appears.

2. On the Groups tab, highlight all the groups that will be assigned administrativeroles in this farm, then click Add.

3. On the Security tab, highlight all groups to which the Farm Administrator role willbe assigned, the click Add.

4. Click OK to close the dialog box.

Chapter 6 Managing Administrative Roles

70

Managing Site AdministratorsSite administrators have full management access to the all objects within a site. Forexample, the site administrator can manage Provisioning Servers, site properties,target devices, device collections, vDisk assignments and vDisk Pools.

If a farm administrator assigns a site as the ‘owner’ of a particular store, the siteadministrator can also manage that store. Managing a store can include tasks such asadding and removing vDisks from shared storage or assigning Provisioning Servers to thestore. The site administrator can also manage device administrator and device operatormemberships

To assign the Site Administrator role to one or more groups and its members:

1. In the Console, right-click on the site for which the administrator role will beassigned, then select Properties. The Site Properties dialog appears.

2. Click the Security tab, then click the Add button. The Add Security Group dialogappears.

3. From the drop-down menu, select each group to associate with the siteadministrator role, then click OK.

4. Optionally, repeat steps 2 and 3 to continue assigning additional siteadministrators.

5. Click OK to close the dialog.

Managing Device AdministratorsDevice administrators manage device collections to which they have privileges. Devicecollections consist of a logical grouping of devices. For example, a device collectioncould represent a physical location, a subnet range, or a logical grouping of targetdevices. A target device can only be a member of one device collection.

To assign the Device Administrator role to one or more groups and its members:


71

1. In the Console tree, expand the site where the device collection exists, thenexpand the Device Collections folder.

2. Right-click on the device collection that you want to add device administrators to,then select Properties. The Device Collection Properties dialog appears.

3. On the Security tab, under the Groups with ‘Device Administrator’ access list, clickAdd. The Add Security Group dialog appears.

4. To assign a group with the device administrator role, select each system group thatshould have device administrator privileges, then click OK.


Managing Device OperatorsA device operator has administrator privileges to perform the following tasks within aDevice Collection for which they have privileges:

w Boot and reboot a target device

w Shut down a target device

w View target device properties

w View vDisk properties for those vDisks assigned to a target device

To assign the Device Operator role to one or more groups:

1. In the Console tree, expand the site where the device collection exists, thenexpand the Device Collections folder.

2. Right-click on the device collection that you want to add device operators to, thenselect Properties.The Device Collection Properties dialog appears.

3. On the Security tab, under the Groups with ‘Device Operator’ access list, clickAdd.The Add Security Group dialog appears.

4. To assign a group the Device Operator role, select each system group that shouldhave device operator privileges, then click OK.


Chapter 6 Managing Administrative Roles

72

Chapter 7

Managing Stores

Topics:• Store Administrative

Privileges

• Store Properties

• Store Configuration andManagement Tasks

A store is the logical name for the physical location of thevDisk folder. This folder can exist on a local server or onshared storage. When vDisks files are created in the Console,they are assigned to a store. Within a site, one or moreProvisioning Servers are given permission to access that storein order to serve vDisks to target devices.

A Provisioning Server checks the database for the Store nameand the physical location where the vDisk resides, in order toprovide it to the target device

Separating the physical paths to a vDisks storage locationsallows for greater flexibility within a farm configuration,particularly when using High Availability (HA). When HA isimplemented, if the active Provisioning Server in a site fails,the target device can get its vDisk from another Provisioning

73

Server that has access to the store and permissions to servethe vDisk.

If necessary, copies of vDisks can be maintained on asecondary shared-storage location in the event thatconnection to the primary shared-storage location is lost. Inthis case, the default path can be set in the store properties ifall Provisioning Servers can use the same path to access thestore. If a particular server cannot use the path (the defaultpath is not valid for that server, not because of a connectionloss, but because it is simply not valid) then an override pathcan be set in the store properties for that particular server.Provisioning Servers will always use either the default path (ifthe override path does not exist in the database) or theoverride path if it does exists in the database.

For more information on stores, refer to any of the followingtopics:

w Store Administrative Privileges on page 75

w Store Properties on page 75

w Store Configuration and Management Tasks on page 77

w Working with Managed Stores on page 78

Chapter 7 Managing Stores

74

Store Administrative PrivilegesStores are defined and managed at the farm level by a farm administrator. Access orvisibility to a store depends on the users administrative privileges:

w Farm Administrators have full access to all stores within the farm

w Site Administrators have access to only those stores owned by the site

w Device Administrators and Device Operators have read-only access. SiteAdministrators may also have read-only access if that store exists at the farm level,or if that store belongs to another site.

For details, refer to Managing Administrative Roles on page 69

Store PropertiesA store can be created when the Configuration Wizard is run or in the Store Propertiesdialog. The store properties dialogs allows you to:

w Name and provide a description of the store

w Select the owner of the store (the site which will manage the store)

w Provide a default path to the store (physical path to the vDisk)

w Define default write cache paths for this store

w Select the servers that can provide this store

After a store is created, Store information is saved in the Provisioning Servicesdatabase. Each site has one vDisk Pool, which is a collection of vDisk informationrequired by Provisioning Servers that provide vDisks in that site. The vDisk informationcan be added to the vDisk pool using the vDisk Properties dialog or by scanning a storefor new vDisks that have not yet been added to the database.

The Store Properties dialog includes the following tabs:


w Paths Tab on page 76

w Servers Tab on page 77

General TabName View, type the logical name for this

store. For example, PVS-1

View or type a description of this store.


75

Description View or type a description of this store.

Site that acts as owner of this store Optional. View or scroll to select the sitethat will act as owner of this store. Thisfeature allows a farm administrator togive one site’s administrators, specialpermission to manage the store. Theserights are normally reserved for farmadministrators.

This is a Managed Read-Only Store Enable this option to set this store to bea Managed Store on a SAN. Refer toWorking with Managed Stores for moredetails.

Paths TabDefault store path View, type, or browse for the physical

path to the vDisk folder that this storerepresents. The default path is used byall Provisioning Servers that do not havean override store path set.

Default write cache paths View, add, edit, remove, or move thedefault write cache paths for this store.Entering more than one write cache pathallows for vDisk load to be distributed tophysically different drives. When atarget device first connects, the StreamService picks from the list. If using HA,the order of the write cache paths, forany override paths in the server storeproperties, must match the order of thewrite cache paths specified here.

Validate Click to validate store path selectionsfrom the Validate Store Paths dialog. Thevalidation results display under theStatus column.


76

Servers TabSite View or scroll to select the site where

Provisioning Servers that can access thisstore exist (multiple sites can access thesame store).

Servers that provide this store All Provisioning Servers within theselected site display in this list. Checkthe box next to all servers that arepermitted to access this store. If thestore is only for a specific site, onlythose servers within that site are validselections.

If the default path is not valid for aselected Provisioning Server, you mustdefine an override path in that server’sproperties dialog, on the Store tab.

Validate Click to validate store path selectionsfrom the Validate Store Paths dialog. Thevalidation results display under theStatus column.

Store Configuration and Management TasksThe following lists tasks that are specific to configuring and managing a store:

w Creating a Store on page 77

w Adding Existing vDisks to a vDisk Pool or Store on page 119

w Working with Managed Stores on page 78


Creating a Store

1. In the Console tree, right-click on Stores, then select the Create store menuoption.The Store Properties dialog appears.

2. On the General tab, type the store name (logical name for this storage location)and a description of this store.

3. Optional. Select the site that will act as owner of this store. Otherwise, accept thedefault <None> so that only farm administrators can manage this store.


77

4. Optional. Set this store to be read-only by enabling the This store is a ManagedRead-Only store checkbox.

5. On the Servers tab, select a site from the list.All Provisioning Servers in that site appear.

6. Check the box each to each server that is permitted to access this store. If thestore is only for a specific site, only those servers within that site are validselections. Also, if the default path is not valid for a selected server, an overridepath must be defined in for that server on the Server Properties dialogs Store tab.Repeat this step for each site if necessary. (If this procedure is performed by a siteadministrator, only those sites that they administer appear.)

7. On the Paths dialog, type or browse for the default path for this store (physicallocation of the vDisk folder). Optionally, a new folder can be created by clicking onthe browse button, and then cIicking on Create New Folder. If the user is a siteadministrator, only those sites that they administer will be available in the list.

8. The write cache path(s) for the selected store display under the paths list.Optionally, a new store cache folder can be created by clicking on the browsebutton, and then cIicking on Create New Folder. Additional write cache paths canbe added for use by the store by clicking Add. Entering more than one write cachepaths allows for vDisk load to be distributed to physically different drives. When atarget device first connects, the Stream Service picks from the list. If using HA, theorder of the write-cache paths for any override paths in store properties for thatserver, must match the order of the write-cache paths specified hereIf a write cache path is not selected and the OK button is clicked, the user isprompted to create the default write cache path. Click OK on this message tocreate the default write cache path (C:\pvsstore\WriteCache).

9. After configuring the store and paths this store will use, click Validate to open theValidate Store Paths dialog and validate the path settings.

10. Under the Status column, view the path validation results. Click Close to close thisdialog and return to the Store Properties dialog to make any necessary changes orto continue.

11. Click OK to save Property settings.

Working with Managed StoresBy enabling the Managed Store feature in the Console, a SANs read-only LUNs, whichare used for vDisk storage, can be concurrently accessed by multiple ProvisioningServers without having to deploy solutions such as NAS Gateway, Cluster File System,and Windows Cluster Services.

After enabling the Managed Store feature, administrators can quickly change a store'savailability on a SAN volume to be either active (Active Mode/read-only) or offline(Maintenance Mode/read/write).

This section included the following information:

w Prerequisites and Supported Deployments on page 79


78

w Using the Store Management Wizard on page 81

Prerequisites and Supported DeploymentsPrerequisites

w The Read-Only Store feature requires that the Provisioning Server OS be eitherWindows 2008 or Windows 2008 R2.

w The Provisioning Servers meet the minimum Provisioning Services systemrequirements.

w The Microsoft iSCSI initiator software is installed on all Provisioning Servers havingaccess to the SAN.

w The vDisk files being placed on the read-only shared LUN(s) have already beencreated and reside on a normal read-write storage location. Creating vDisk files inplace on the LUN is more difficult than pre-building the VHD files in a normal read-write store and subsequently copying them to the shared LUN.

w The SAN being used has the ability to set a LUN up for shared read-write access orshared read-only access without requiring a shared file system front end. Normally,using a LUN in shared read-write access mode without a shared file system front endresults in a corrupt NTFS volume. Limiting the LUN access to read-only (configuringread-only volume access on EqualLogic PS Series via Group Manager) circumventsthis problem.

Supported Deployments

The following table lists the supported modes and deployment restrictions.

Table 7-1. Supported Modes and Deployment Restrictions

Image Mode Cache Location Supported Restrictions

Private Image Mode No Private image disksmust be stored onread/writevolumes.

Standard ImageMode andDifference DiskMode

Server disk orEncrypted onserver disk.

Yes Separate sharedread/write write-back cache storagelocation isrequired.

vDisk propertiescannot bemodified while aLUN is read-only;vDisk cannot bemapped on theserver.


79

Image Mode Cache Location Supported Restrictions

Standard ImageMode

Device RAM Yes vDisk propertiescannot bemodified while aLUN is read-only;vDisk cannot bemapped on theserver.

Target Device hard-disk drive orEncrypted ontarget device hard-disk drive

Yes Fallback to Cacheon Server disk isthat is will notfunction if thedevice hard disk isnot found or fails.

vDisk propertiescannot bemodified whileLUN is read-only.vDisk cannot bemapped on theserver.

The following diagram illustrates a typical deployment architecture that followsManaged Store requirements and supported deployment scenarios.

It is recommended, though not required, that separate read-only LUNs be created foreach shared VHD file. This allows VHD files to be updated and taken on and off lineindependently of each other.


80

Using the Store Management WizardThe Managed Read-Only Store feature is located on the Store Properties on page 75and enabled by selecting the This store is a Managed Read-Only Store checkbox. Aftersetting this store to read-only, the store is considered to be a Managed Store.

The Store Management Wizard automates the process of toggling between ManagedStore modes:

w Active Mode – the store is available to all Provisioning Servers configured to accessthe store. The SAN volume is marked as 'read-only' at the NTFS volume level and'active' at the NTFS level.

w Maintenance Mode – the store is available to only the designated MaintenanceServer. The SAN volume is marked as offline at the NTFS volume level for allProvisioning Servers configured to access the store, except for the MaintenanceServer (which is set to 'read-write' at the NTFS volume level).

A Managed Store is only updated by the designated Maintenance Server while inMaintenance Mode.

Note: When determining which Provisioning Servers to make available for performingtasks such as mapping vDisks or providing bootstrap files, only the MaintenanceServer would be considered by Provisioning Services.

Run the Store Management Wizard to designate the Maintenance Server and to changethe mode of a Managed Store:

Note: Issues may occur if using the Server Cache option for private or standard images.

1. Right-click on the Store in the Console tree, then select Manage Store.... TheWelcome page appears.

2. Click Next. The Welcome to the Store Management Wizard page appears.

3. Click Next. The Select Store Mode page appears.

4. In the New Store Mode textbox, scroll to select the appropriate mode,Maintenance or Active.

5. In the Maintenance Server textbox, scroll to select the server that will have accessto this store while in Maintenance Mode.

6. Review the complete list of Provisioning Servers that can access to this store, thestatus of each server, and if a server is currently connected.

Note: If an attempt is made to change the store's mode while a server is currentlyconnected to the store, the Next button is disabled and an error message mayappear.

WARNING! Changing modes when a server is offline may cause the volume tobecome corrupt! In this case a warning message displays and prompts the user toacknowledge the risk, or click Cancel to return to the previous page.


81

7. Click Next. The Initiate New Mode page appears.

8. Click Execute to begin transitioning to the selected mode. The table displays thestatus of the transition for each server and the if the transition was successful.

Note: If any server fails to transition successfully, the mode will not be changed. Ifan error or discrepancy causes the system to be in an intermediate state, thewizard can be run again to attempt to gain a previous state.


82

Chapter 8

Managing Provisioning Servers

Topics:• Provisioning Servers in the

Console

• Provisioning ServerProperties

• Provisioning Server Tasks

A Provisioning Server is any server that has Stream Servicesinstalled. Provisioning Servers are used to stream softwarefrom vDisks, as needed, to target devices. In someimplementations, vDisks reside directly on the ProvisioningServer. In larger implementations, Provisioning Servers get thevDisk from a shared-storage device on the network.

Provisioning Servers also retrieve and provide configurationinformation to and from the Provisioning Services database.Provisioning Server configuration options are available toensure high availability and load-balancing of target deviceconnections

To configure a Provisioning Server and software componentsfor the first time, run the Configuration Wizard (theConfiguration Wizard can be re-run on a Provisioning Server ata later date in order to change network configurationsettings). Refer to the Installation and Configuration Guide forConfiguration Wizard details.

After the Provisioning Server software components aresuccessfully installed, and the wizard configurations havebeen made, servers are managed through the ProvisioningServices Console.

83

Provisioning Servers in the ConsoleA Provisioning Server is any server that has Stream Services installed. ProvisioningServers are used to stream software from vDisks, as needed, to target devices. In someimplementations, vDisks reside directly on the Provisioning Server. In largerimplementations, Provisioning Servers get the vDisk from a shared-storage device onthe network.

Provisioning Servers also retrieve and provide configuration information to and from theProvisioning Services database. Provisioning Server configuration options are availableto ensure high availability and load-balancing of target device connections

To configure a Provisioning Server and software components for the first time, run theConfiguration Wizard (the Configuration Wizard can be re-run on a Provisioning Serverat a later date in order to change network configuration settings). Refer to theInstallation and Configuration Guide for Configuration Wizard details.

After the Provisioning Server software components are successfully installed, and thewizard configurations have been made, servers are managed through the ProvisioningServices Console. The Console is used to perform Provisioning Server management taskssuch as editing the configuration settings or the properties of existing ProvisioningServers.

Provisioning Servers appear in the Console main window as members of a site within afarm. To manage Provisioning Servers that belong to a specific site, you must have theappropriate administrative role (Site Administrator for this site, or Farm Administrator).

Note: In the Console, the appearance of the Provisioning Server icon indicates thatserver’s current status.

In the Console, Provisioning Servers are managed by performing actions on them. Thefollowing actions can be performed. To view a list of actions that can be performed ona selected Provisioning Server, choose from the following options:

w Click the Action menu in the menu bar

w Right-click on a Provisioning Server in the Console

w Enable the Action pane from the Views menu

Note: Actions appear disabled if they do not apply to the selected ProvisioningServer (refer to “Management Tasks” for task details).

Provisioning Server PropertiesOn the Console, the Provisioning Server Properties dialog allows you to modifyProvisioning Server configuration settings. To view an existing Provisioning Server’sproperties, choose one of the following methods:

Chapter 8 Managing Provisioning Servers

84

w Highlight a Provisioning Server, then select Properties from the Action menu.

w Right-click a Provisioning Server, then select Properties

w If the details pane is open, highlight a Provisioning Server, then select theProperties menu item from the list of actions.

The Server Properties dialog includes the following tabs:

w General on page 85

w Network on page 89

w Stores on page 90

w Options on page 90

w Logging on page 92

Note: Provisioning Services displays a message if a change made on a ProvisioningServer Properties dialog requires that the server be rebooted.

GeneralField/Button Description

Name and Description Displays the name of the Provisioning Server and a briefdescription. The maximum length for the server name is15 characters. Do not enter FQDN for the server name.

Log events to theserver's Window EventLog

Select this option if you want this Provisioning Server'sevents to be logged in the Windows Event log.

Power Rating A power rating is assigned to each server, which is thenused when determining which server is least busy. Thescale to use is defined by the administrator.

For example, an administrator may decide to rate allservers on a scale of 1 to 10, or on a scale of 100 to1000. Using the scale of 1 to 10, a server with a ratingof 2 is considered twice as powerful as a server with arating of 1; therefore it would be assigned twice asmany target devices. Likewise, when using a scale of100 to 1000, a server with a power rating of 200 isconsidered twice as powerful as a server with the ratingof 100; therefore it would also be assigned twice asmany target devices.

Using the default setting of 1.0 for all servers results ineven device loading across servers. In this case, the


85


load balancing algorithm does not account forindividual server power.

Ratings can range between 0.1-1000.0; 1.0 is the default.

Note: The load balancing method is defined in vDiskProperties on page 103.

Advanced ServerProperties

Server tab

Threads per port — Number of threads in the threadpool that service UDP packets received on a given UDPport. Between four and eight are reasonable settings.Larger numbers of threads allow more target devicerequests to be processed simultaneously, but isconsumes more system resources.

Buffers per thread — Number of packet buffersallocated for every thread in a thread pool. The numberof buffers per thread should be large enough to enablea single thread to read one IO transaction from a targetdevice. So buffers per threads should ideally be set to(IOBurstSize / MaximumTransmissionUnit) + 1). Settingthe value too large consumes extra memory, but doesnot hurt efficiency. Setting the value too smallconsumes less RAM, but detrimentally affects efficiency.

Server cache timeout — Every server writes statusinformation periodically to the Provisioning Servicesdatabase. This status information is time-stamped onevery write. A server is considered ‘Up’ by otherservers in the farm, if the status information in thedatabase is newer than the Server cache timeoutseconds. Every server in the farm will attempt to writeits status information every (Server cache timeout/2)seconds, i.e. at twice the timeout rate. A shorterserver cache timeout value allows servers to detectoffline servers more quickly, at the cost of extradatabase processing. A longer Server cache timeoutperiod reduces database load at the cost of a longerperiod to detect lost servers.

Local and Remote Concurrent I/O limits — Controls thenumber of concurrent outstanding I/O transactions thatcan be sent to a given storage device. A storage deviceis defined as either a local drive letter (C: or D: forexample) or as the base of a UNC path, for example \\ServerName.


86


Since the PVS service is a highly multi-threaded service,it is possible for it to send hundreds of simultaneous I/Orequests to a given storage device. These are usuallyqueued up by the device and processed when timepermits. Some storage devices, Windows NetworkShares most notably, do not deal with this large numberof concurrent requests well. They can dropconnections, or take unrealistically long to processtransactions in certain circumstances. By throttling theconcurrent I/O transactions in the PVS Service, betterperformance can be achieved with these types ofdevices.

Local device is defined as any device starting with adrive letter. Remote is defined as any device startingwith a UNC server name. This a simple way to achieveseparate limits for network shares and for local drives.

If you have a slow machine providing a network share,or slow drives on the machine, then a count of 1 to 3for the remote limit may be necessary to achieve thebest performance with the share. If you are going tofast local drives, you might be able to set the localcount fairly high. Only empirical testing would provideyou with the optimum setting for a given hardwareenvironment. Setting either count to 0 disables thefeature and allows the PVS Service to run withoutlimits. This might be desirable on very fast local drives.

If a network share is overloaded, you’ll see a lot moredevice retries and reconnections during boot storms.This is caused by read/write and open file times > 60seconds. Throttling the concurrent I/O transactions onthe share reduces these types of problems considerably.

Network tab

Maximum transmission unit — Number of bytes that fitin a single UDP packet. For standard Ethernet, thedefault value is correct. If you are attempting tooperate over a WAN, then a smaller value may beneeded to prevent IP fragmentation. ProvisioningServices currently does not support IP fragmentationand reassembly. Also, if you are using a device orsoftware layer that adds bytes to every packet (forsecurity reasons for example), a smaller value may beneeded. If your entire infrastructure supports jumbopackets (Provisioning Services NIC, target device NICand any intervening switches and/or routers) then you


87


can set the MTU to 50 bytes less than your jumbopacket max size to achieve much higher networkthroughput.

I/O burst size — The number of bytes that will betransmitted in a single read/write transaction before anACK is sent from the server or device. The larger the IOburst, the faster the throughput to an individual device,but the more stress placed on the server and networkinfrastructure. Also, larger IO Bursts increase thelikelihood of lost packets and costly retries. Smaller IObursts reduce single client network throughput, but alsoreduce server load. Smaller IO bursts also reduce thelikelihood of retries. IO Burst Size / MTU size must be<= 32, i.e. only 32 packets can be in a single IO burstbefore a ACK is needed.

Socket communications — Enable non-blocking I/O fornetwork communications.

Pacing tab

Boot pause seconds — The amount of time that thedevice will be told to pause if the Maximum devicesbooting limit has been reached. The device will displaya message to the user and then wait Boot pauseseconds before attempting to continue to boot. Thedevice will continue to check with the server everyBoot pause seconds until the server allows the device toboot.

Maximum boot time — The amount of time a devicewill be considered in the booting state. Once a devicestarts to boot, the device will be considered bootinguntil the Maximum boot time has elapsed for thatdevice. After this period, it will no longer be consideredbooting (as far as boot pacing is concerned) even if thedevice has not actually finished booting. Maximum boottime can be thought of as a time limit per device forthe booting state for boot pacing.

Maximum devices booting — The maximum number ofdevices a server allows to boot at one time beforepausing new booting devices. The number of bootingdevices must drop below this limit before the serverwill allow more devices to boot.

vDisk creation pacing — Amount of pacing delay tointroduce when creating a vDisk on this ProvisioningServer. Larger values increase the vDisk creation time,


88


but reduce Provisioning Server overhead to allow targetdevices that are running, to continue to run efficiently.

Device tab

License timeout — Amount of time since last hearingfrom a target device to hold a license before releasingit for use by another target device. If a target deviceshuts down abnormally (loses power for example) itslicense is held for this long.

NetworkField/Button Description

IP Address The IP addresses that the Stream Service should use foran target device to communicate with this ProvisioningServer. When adding a new Provisioning Server, enterthe valid IP address for the new server.

Add — Add an IP address for the selected ProvisioningServer.

Edit — Opens the IP address dialog so that IP address forthe selected Provisioning Server can be changed.

Remove — Removes the selected IP address from thelist of available IP addresses for the selectedProvisioning Server.

Ports Enter the First and Last UDP port numbers to indicate arange of ports to be used by the Stream Service fortarget device communications.

Note: The minimum is five ports in a range. Thedefault first port number is 6910 and the last portnumber is 6930 .


89

StoresField/Button Description

Stores Lists all stores (logical names representing physicalpaths to vDisks that are available to this ProvisioningServer.

Add — Opens the Store Properties dialog so that a newstore and that store’s properties can be included in thelist of stores, which overrides the default path.

Edit — Opens the Store Properties dialog so that thestore’s properties can be changed. Select an existingstore, then click Edit to change that store’s properties.

Remove — Removes the selected store from the list ofavailable stores for this Provisioning Server.

Store Properties

(opens when Add or Editis selected under Stores).

Store — The name of the store. This displays populatedwhen editing an existing store. If this is a new store,select the store from the drop-down list.

Path used to access the store — The store path is onlyrequired if you need to override the ‘default path’configured in the store properties. If the default path inthe store properties is valid for this server, leave thepath for the store blank in the server store properties.

Write Cache Path — Click the Add or Edit buttons toopen the Write cache path dialog, then enter theappropriate write cache path for this store.

Select an existing path from the list, then click Removeto remove the paths association with the store.

Use the Move Up and Move Down buttons to changethe order of cache path priority. If using HA, the orderthat the cache paths are listed must be the same orderfor each HA server.

OptionsField/Button Description

Enable automatic vDiskupdates

Check for new versions of a vDisk — Check this box toallow groups of target devices to be automaticallyupdated to use one or more new vDisks, on a scheduled


90


basis. The new vDisks are usually newer versions of diskimages for one or more sites.

Note: For the new vDisk to replace the old vDisk:

The Enable automatic updates for this disk field in theDisk Properties Disk Mode tab must be selected.

w The Class and Type fields must be the same as thedisk to be updated

w The version numbers of the new vDisk must begreater than the version numbers in the old vDisk.The update process uses the Class, Type andProvisioning Server to identify the vDisk to bereplaced by a new vDisk image

Check for incremental updates to a vDisk— Check thisbox to allow a delta file to apply changes to an existingvDisk file in order to add or remove softwarecomponents without having to distribute an entire newversion of the vDisk file.

Note: Incremental disk updates are faster todistribute and are for use with images in shared imagemode. To enable automatic incremental disk updates,consider the following:

w The Class, Type and Version Numbers recorded inthe delta file must match those in the vDisk file.

w The serial number recorded in the delta file mustmatch that contained in the vDisk file.

w If the activation date was set on the delta file,the current system date must be greater than orequal to the activation date.

w No target device is currently booted from the vDisk.

Check for updates daily at — The time of day that theautomated disk update process should run. This isusually the time of day when all target device systemsare shut down.

Active Directory Enable automatic password support— If your targetdevices are domain members, and you want torenegotiate machine passwords between Windows


91


Active Directory and the target devices, select theEnable automatic password support, and use theslider to set the number of days between renegotiation.

Change computer account password every — Selectthe number of days that should pass before thepassword should be changed.

LoggingField/Button Description

Logging Level Select from the following logging leveloptions:

TRACE

TRACE logs all valid operations.

DEBUG

The DEBUG level logs details related to aspecific operation and is the highestlevel of logging. If logging is set toDEBUG, all other levels of logginginformation are displayed in the log file.

INFO

Default logging level. The INFO level logsinformation about workflow, whichgenerally explains how operations occur.

WARN

The WARNING level logs informationabout an operation that completessuccessfully, but there are issues withthe operation.

ERROR

The ERROR level logs information aboutan operation that produces an errorcondition.

FATAL


92


The FATAL level logs information aboutan operation that the system could notrecover from.

File size maximum Enter the maximum size that a log filecan reach before a new file is created.

Backup files maximum Enter the maximum number of backuplog files to retain. When this number isreached, the oldest log file isautomatically deleted.

Provisioning Server TasksUse the following tasks to managing Provisioning Servers in your farm:

w Copying and Pasting Provisioning Server Properties on page 94

w Marking a Provisioning Server as Down on page 94

w Deleting a Provisioning Server on page 94

w Starting, Stopping, or Restarting Provisioning Services on page 95

w Showing Provisioning Server Connections on page 96

w Balancing the Target Device Load on Provisioning Servers on page 97

w Checking for Provisioning Server vDisk Access Updates on page 98

w Configuring Provisioning Servers Manually on page 98

w Auditing on page 243

w Configuring the Bootstrap File From the Console on page 222

Note: After making any changes to a Provisioning Server’s properties, restart theStream Service to implement those changes. Use caution when restarting services. Iftarget devices are connected to the Provisioning Server, changes could prevent thedevice from reconnecting. The IP address field on the Network tab must reflect the realstatic IP address of the Provisioning Server.

Adding Additional Provisioning ServersTo add additional Provisioning Servers, install the Provisioning Services software oneach server that is to a member of the farm. Run the Provisioning Services InstallationWizard, then the Configuration Wizard on each server.


93

Note: The maximum length for the server name is 15 characters. Do not enter FQDNfor the server name

When the Configuration Wizard prompts for the site to add the server to, choose anexisting site or create a new site.

After adding Provisioning Servers to the site, start the Console and connect to thefarm. Verify that all sites and servers display appropriately in the Console window.

Copying and Pasting Provisioning Server PropertiesTo copy the properties of one Provisioning Server to another Provisioning Server:

1. Right-click on the Provisioning Server to copy properties from, then select Copyserver properties.The Copy Server Properties dialog appears.

2. Enable the checkbox next to each property to copy, or click the Select all buttonto enable all properties to be copied.

3. Click Copy. Right-click on the Provisioning Server that you want to copy propertiesto, then select Paste .

Marking a Provisioning Server as DownIf an unexpected event occurs, such as a network outage or system crash, and the stateof a Provisioning Server becomes unknown for more than ten seconds, the server's statein the database is changed to 'Offline'. For extended outages where the server was shutdown, it may be helpful to other users if the administrator acknowledges that the stateof the server is known and indeed 'Down'. Marking a server as down refreshes thedatabase record to indicate that the Provisioning Server or stream service is no longerrunning, and that it was shut down cleanly (which includes moving already bootedtarget devices to another server).

Ten seconds after the server comes back online, the server's state is updated to 'Active'in the database and that server becomes available to boot any assigned target devices.If the server was also configured for HA, it now becomes available as a failover server.

To initiate target device failover to another server and mark a Provisioning Server asdown:

1. Highlight the Provisioning Server in the Console.

2. Select the Mark Server as Down menu option.

Deleting a Provisioning ServerOccasionally, it may be necessary to delete a Provisioning Server from the list ofavailable Provisioning Servers in a farm.


94

Note: Before you can delete a Provisioning Server, you must first mark the server asdown or take the server off line, otherwise the Delete menu option will not appear. TheStream Service can not be deleted.

When you delete a Provisioning Server, you do not affect vDisk image files or thecontents of the server drives. However, you do lose all paths to the vDisk image files onthat server.

After deleting a Provisioning Server, target devices are no longer assigned to any vDiskimage files on that server. The target device records remain stored in the Virtual LANDrive database, but the device cannot access any vDisk that was associated with thedeleted Provisioning Server.

Note: If there are vDisks associated with the Provisioning Server being deleted, it isrecommended that backup copies are created and stored in the vDisk directory prior todeleting.

To delete a Provisioning Server:

1. In the Console, highlight the Provisioning Server that you want to delete, thenselect Show connected devices from the Action menu, right-click menu, or Actionpane.The Connected Target Devices dialog appears.

2. In the Target Device table, highlight all devices in the list, then click Shutdown.The Target Device Control dialog appears.

3. Type a message to notify target devices that the Provisioning Server is being shutdown.

4. Scroll to select the number of seconds to delay after the message is received.

5. If the Stream Service is running on the Provisioning Server, stop the Stream Service(Starting, Stopping, or Restarting Provisioning Services on page 95).

6. Unassign all target devices from the Provisioning Server.

7. Highlight the Provisioning Server you want to delete, then choose Delete from theAction menu, right-click menu, or Action pane.A delete confirmation message appears.

8. Click Yes to confirm the deletion.The Provisioning Server is deleted and no longer displays in the Console.

Starting, Stopping, or Restarting ProvisioningServices

Note: If the Stream Service you are trying to start, stop, or restart, is not on the localmachine, then the logged-in user must have Windows security permissions and beassigned the appropriate Provisioning Server administrative role to start or stopservices on the selected Provisioning Server.


95

To start, stop, or restart Provisioning Services on a Provisioning Server:

1. Highlight the Provisioning Server in the Console, than select the Stream Servicesmenu option from the Actions menu, right-click menu, or Actions pane.The Provisioning Server Control dialog appears.

2. Select from the following menu options:

Option Description

Start Starts the Stream Service

Stop Places the Provisioning Server in off-line mode

Restart After modifying Provisioning Server settings, such as addingor removing IPs, restart the Stream Service

3. Highlight the Provisioning Servers that you want to take action on, then click thataction's button.

4. Click Close to exit the dialog.

Showing Provisioning Server ConnectionsTo view and manage all target device connections to the Provisioning Server:

1. Highlight a Provisioning Server in the Console, then select Show connecteddevices from the Action menu, right-click menu, or Action pane.The Connected Target Devices dialog appears.

2. Select one or more target devices in the table to perform any of the followingconnection tasks:

Option Description

Shutdown Shuts down target devices that are highlighted in thedialog.

Reboot Reboots target devices that are highlighted in the dialog.

Message Opens the Edit Message dialog to allow you to type, andthen send a message to target device(s) highlighted inthe dialog.

When selecting Shutdown or Reboot, a dialog opens providing the option to type amessage that displays on the effected devices. The Shutdown or Reboot optionscan be delayed by entering a delay time setting.

If a message appears confirming that the target device was successfully shut down orrebooted, but the icon in the Console window does not change accordingly, select theRefresh button.


96

Balancing the Target Device Load on ProvisioningServers

To achieve optimum server and target device performance within a highly availablenetwork configuration, implement load balancing for each vDisk by enabling it on thevDisk Properties' General tab (for details, refer to High Availability Option Overview onpage 203 and vDisk Properties on page 103).

With the load balancing algorithm implemented, Provisioning Services continuouslyredistributes target devices between servers qualified to provide that vDisk; preventingany one server from becoming overloaded.

After enabling load balancing for the vDisk, the following additional load balancingalgorithm customizations can be set:

w Subnet Affinity – When assigning the server and NIC combination to use to providethis vDisk to target devices, select from the following subnet settings:

• None – ignore subnets; uses least busy server.

• Best Effort – use the least busy server/NIC combination from within the samesubnet. If no server/NIC combination is available within the subnet, select theleast busy server from outside the subnet. If more than one server is availablewithin the selected subnet, perform load balancing between those servers. BestEffort is the default setting.

• Fixed – use the least busy server/NIC combination from within the same subnet.Perform load balancing between servers within that subnet. If no server/NICcombination exists in the same subnet, do not boot target devices assigned tothis vDisk.

w Rebalance Enabled using Trigger Percent – Enable to rebalance the number oftarget devices on each server in the event that the trigger percent is exceeded.When enabled, Provisioning Services checks the trigger percent on each serverapproximately every ten minutes. For example: If the trigger percent on this vDisk isset to 25%, rebalancing occurs within ten minutes if this server has 25% more load incomparison to other servers that can provide this vDisk.

Note: The load balance algorithm takes into account the Provisioning ServerProperties on page 84 of each server when determining load.

Load balancing will not occur if:

w less than five target devices are using a particular server

w the average number of target devices using all qualifying servers is less than five

w the number of target devices that are booting on a given server is more than 20% ofthe total number of devices connected to the server (preventing load shift thrashingduring a 'boot storm')

Load balancing is also considered when target devices boot. Provisioning Servicesdetermines which qualified Provisioning Server, with the least amount of load, should


97

provide the vDisk. Whenever additional qualified servers are brought online,rebalancing will occur automatically.

To implement load balancing in a HA network configuration

w Assign a power rating to each Provisioning Server on the Provisioning ServerProperties on page 84.

w For each vDisk, select the load balancing method and define any additional loadbalancing algorithm settings on the vDisk Properties on page 103.

Note: Target devices that are not using a vDisk that is in HA mode will not be divertedto a different server. If a vDisk is misconfigured to have HA enabled, but they are notusing a valid HA configuration (Provisioning Servers and Store , target devices thatuse that vDisk can lock up.

To rebalance Provisioning Server connections manually

1. In the Console, highlight the Provisioning Servers to rebalance, right-click thenselect the Rebalance devices menu option.The Rebalance Devices dialog appears.

2. Click Rebalance.A rebalance results message displays under the Status column.


Checking for Provisioning Server vDisk AccessUpdates

To check for updates to vDisks that the selected Provisioning Server has access to:

1. Right-click the Provisioning Server in the details pane, then select Check forupdates.

2. Select the Automatic... or Incremental... menu option.

3. Click OK on the confirmation message that appears.The vDisk is automatically updated or is scheduled to be incrementally updated.

Configuring Provisioning Servers ManuallyIf you are setting up a remote Provisioning Server, or have special requirements, youwill need to configure and start your Stream Services manually. The ConfigurationWizard needs to be run on remote Provisioning Servers to insure that all settings areconfigured properly. Failure to run the Configuration Wizard may make it impossible foryou to map a vDisk. Refer to the Installation and Configuration Guide if you are runningthe Configuration Wizard for the first time.

Re-Running the Configuration WizardThe Configuration Wizard can be used when updating the Stream Service if the IPaddress of your Provisioning Server changes. If you change your Provisioning Server’s IP


98

address for any reason, simply re-run the Configuration Wizard and choose the new IPaddress when prompted to do so. Completing the Configuration Wizard resets theappropriate IP addresses in the configuration and restarts the Stream Service.

Starting and Configuring the Stream Service ManuallyAfter configuring the Stream Service, you must start the service for the change to takeeffect. It is highly recommended to set the service to start automatically each time aProvisioning Server boots.

Note: The Configuration Wizard starts and configures the necessary services to startautomatically. If you need to start and configure the services manually, see theinstructions below.

The Stream Service needs to be started in order for the Provisioning Server to operate.Start the following boot services if they have not yet been started:

w BOOTP Service or PXE Service

w TFTP Service

To manually start services:

1. From the Windows Start menu, select Settings, and then click Control Panel.

2. From the Control Panel, double-click the Administrative Tools icon.

3. From the Administrative Tools window double-click on the Services icon. TheServices window appears.

4. From the Services window, right click on the service you want to start, then selectStart.

To manually configure services to start automatically upon booting the ProvisioningServer:

1. From the Windows Start menu, select Settings, then click Control Panel.

2. From the Control Panel, double-click the Administrative Tools icon.

3. From the Administrative Tools window double-click on the Services icon. TheServices window appears.

4. Right-click the service you want to configure, then select Properties.

5. Change the Startup Type to Automatic to configure the service to startautomatically each time the system boots.


99


100

Chapter 9

Managing vDisk

Topics:• vDisk Properties

• Managing vDisks

A vDisk is an image file stored on a Provisioning Server orremote storage location, which acts as a hard disk for a targetdevice. When creating a vDisk image file, keep the followingfacts in mind:

w For organizational purposes, it is best to store vDisk imagefiles in one directory. For large implementations with manytarget devices, spreading the I/O across multiple disks canincrease efficiency.

w You can create as many vDisk image files as you want, aslong as you have enough space available on theProvisioning Server, or on the storage device containing thevDisk image files.

w vDisk files use FAT or NTFS file systems. EXT2 and EXT3 canbe used for Linux.

w Depending upon the file system used to store the vDisk,the maximum size of a vDisk is 2 terabytes (NTFS) or4096MB (FAT).

w A vDisk may be shared (Standard Image) by one or moretarget devices, or it can exist for only one target device toaccess (Private Image).

w vDisks can be booted directly from a Windows VirtualServer or Hyper-V without having to stream.

w The vDisk image is created using the Imaging Wizard utilityand vDisk file is created and configured using the Console.

vDisks in the ConsoleIn the Console, a new vDisk can be created by right-clickingon the vDisk Pool or the Store, and then selecting the Createnew vDisk menu option. Once created, vDisks display in thedetails pane when a site’s vDisk pool is selected, or when astore in the farm is selected.

Your administrator role determines what displays and whichtasks you can perform in the Console. For example, you canview and manage vDisks in sites in which you are a siteadministrator. However, unless the farm administrator sets a

101

site as the owner of a store, the site administrator can notperform store management tasks.

To view the properties of a vDisk, right-click on the vDisk,then select Properties.

To view the tasks that can be performed on a vDIsk, refer to Managing vDisks on page 108 to view properties for that vDisk.

Chapter 9 Managing vDisk

102

vDisk PropertiesIn the Console, the vDisk Properties dialogs allows you to modify vDisk configurationsettings. To view an existing vDisk’s properties, choose one of the following methods:

w Highlight a vDisk, then select Properties from the Action menu to display generalvDisk properties, or select File Properties for file details and setttings.

w Right-click on the vDisk, then select Properties.

w Double-click on the vDisk in the details pane.

The following vDisk Properties exist:

w Properties

• General Tab on page 103

w vDisk file Properties

• General Tab for vDisk file on page 105

• Mode Tab for vDisk file on page 105

• Identification Tab for vDisk file on page 106

• Microsoft Volume Licensing Tab for vDisk file on page 107

• Options Tab for vDisk file on page 108


Store The name of the store where the vDisk resides. Thisproperty can not be modified in this dialog.

Site The name of the site where this vDisk is a member of itsvDisk Pool. This property can not be modified in this dialog.

Filename The filename that was given to this vDisk when it wascreated. This property can not be modified in this dialog.

Description A brief description that identifies this vDisk.

BIOS menu text(optional)

This field is optional and allows you to enter a menu textthat will display on the target device when that devicestarts. The user can then select which vDisk to boot from.

Note: Important. If vDisks with the same name fromdifferent Stores are assigned to the same User Group or


103


target device, they display as duplicate names in the menuunless different menu text or descriptions are provided.

Load Balancing Provides the option to use (or not use) a load balancingalgorithm to select the server that is least busy to providethis vDisk to target devices. If using HA, a load balancingmethod must be selected.

To assign a specific server to provide this vDisk, enable theUse this server to provide the vDisk radio button.

To use a load balancing algorithm to determine which servershould provide this vDisk, enable the Use the loadbalancing algorithm radio button, then select from thefollowing load balancing options:

Subnet Affinity. When assigning the server and NICcombination to use to provide this vDisk to target devices,select from the following subnet settings:

w None – ignore subnets; uses least busy server.

w Best Effort – use the least busy server/NIC combinationfrom within the same subnet. If no server/NICcombination is available within the subnet, select theleast busy server from outside the subnet. If more thanone server is available within the selected subnet,perform load balancing between those servers. BestEffort is the default setting.

w Fixed – use the least busy server/NIC combination fromwithin the same subnet. Perform load balancing betweenservers within that subnet. If no server/NIC combinationexists in the same subnet, do not boot target devicesassigned to this vDisk.

Rebalance Enabled. Enable to rebalance the number oftarget devices on each server in the event that the triggerpercent is exceeded. When enabled, Provisioning Serviceschecks the trigger percent on each server every tenminutes. Enabled by default.

Note: Rebalancing will not occur if there are less than fivetarget devices on each server, or if more than 20% of thetarget devices are currently booting. A target device that iscurrently booting will not be moved to a different server.

Trigger Percent The percent of overload that is required totrigger the rebalancing of target devices. For example: Ifthe trigger percent is equal to 25%, rebalancing occurs if


104


this server has 25% more load in comparison to other serversthat can provide this vDisk. Values between 5 - 5000;default is 25.

The server power rating that is assigned to each server isalso factored in when determining load distribution. Referto Provisioning Server Properties on page 84 for details.

For more details about load balancing, refer to Balancingthe Target Device Load on Provisioning Servers on page 97.

Allow use of thisvDisk

If this checkbox is checked, the vDisk becomes locked andcan not be used by any target device within the farm. Thisoption is helpful when performing vDisk maintenance.

Edit file propertiesbutton

To modify the file properties associated with this vDisk,click the Edit file properties button. vDisk file propertiestabs are defined in the tables that follow.

General Tab for vDisk fileField/Button Description

Name Displays the name of this vDisk file.

Size The size of the vDisk file.

Description Provides a brief description of the vDisk file.

Class Enter a class to associate to the vDisk file. This field is usedwith Automatic Disk Update and the Managed Disk Feature inorder to match new vDisk file to the appropriate targetdevices. Up to 40 characters can be entered.

Type Enter a type to associate with the vDisk file. This field isused in Automatic Disk Update, in order to match the newvDisk file to the old file. Up to 40 characters can be entered.

Mode Tab for vDisk fileField/Button Description

Access mode Select the vDisk access mode:

Private Image for use with a single target device, whichhas read and write access


105


Standard Image for use with multiple target devices, whichhave write-cache enabled.

Difference Disk Image for use with multiple targetdevices, which have read and write access to a differencedisk.

For Standard Image only, select the write cache type

w Cache on server disk

w Cache on encrypted on server disk

w Cache in device RAM

w Cache on device’s hard-drive

w Cache encrypted on device hard-drive

Cache Size (MBs)

If you select Standard Image and Cache in target deviceRAM, select the cache size in megabytes.

The max size of the RAM write cache is determined by theregistry setting WcMaxRamCacheMB in the BNIStackParameters. This is a DWORD parameter. If the registry entrydoes not exist, then the default value used is 3584 MB.

Enable AutomaticUpdates

Enables the Automatic Disk Update process on this vDisk file.Select either of the following update processes:

Apply vDisk updates as soon as they are detected by theserver; select to apply updates as they are detected.

Schedule the next vDisk update to occur on; select toschedule the disk update, then select the date to run theupdate process. The update process attempts to find amatch for the selected vDisk file on already existing targetdevices and user groups, and then tests for an automaticupdate.

Identification Tab for vDisk fileField/Button Description

Version (Major,Minor, Build)

Version number for use by the Automatic Disk Image updatefeature and the Incremental Disk Update feature. With theAutomatic Disk Image Update feature, if the new vDiskversion is greater than the old image version, the vDiskimage is replaced for matching Class and Type images.


106


Precedence is: Major, then Minor, then Build. With theIncremental Disk Update feature, the delta file version mustmatch the version number of the vDisk or the delta file isnot applied.

Serial Initially set to a random Globally Unique Identifier (GUID).The user can set the serial number as needed. The serialnumber is used in the Incremental Disk Update feature toensure that a delta file is applied to the correct vDisk imagefile.

Date For user’s informational use only. Initially set to a stringrepresenting the creation date of the image file.

Author For user’s informational use only. Set as appropriate for yourinstallation.

Title For user’s informational use only. Set as appropriate for yourinstallation.

Company For user’s informational use only. Set as appropriate for yourinstallation.

Internal Name For user’s informational use only. Set as appropriate for yourinstallation.

Original File For user’s informational use only. Set as appropriate for yourinstallation.

Hardware Target For user’s informational use only. Set as appropriate for yourinstallation.

Microsoft Volume Licensing Tab for vDisk fileField/Button Description

Microsoft VolumeLicensing

If using Microsoft KMS or MAK volume licenses for targetdevices using this vDisk image, select that licensing optionfrom those listed below. Otherwise, select None.

Note: The vDisk license mode must be set before targetdevices can be activated.

w None

w Key Management Service (KMS)

w Multiple Activation Key (MAK)


107


Note: In order for MAK licensing to work, the VolumeActivation Management Tool (VAMT) must be installedon all login servers within the farm. This tool is availablefrom http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ec7156d2-2864-49ee-bfcb-777b898ad582&displaylang=en.

Options Tab for vDisk fileField/Button Description

High Availability To enable the High Availability option on all target devicesand user groups that use this vDisk file, check the Highavailability (HA) checkbox.

Active Directorymachine accountpasswordmanagement

Check the Active Directory machine account passwordmanagement checkbox to enable the Active Directorypassword management features. If your target devicesbelong to a domain and share a vDisk, also refer to theActive Directory section on the Options tab of theProvisioning Server Properties dialog.

Printer management Check the Printer management option if you are not using adifferent printer system that installs valid printers on eachtarget device. To view printer details for an individual targetdevice, refer to the Target Device Properties’ vDisk tab, thenclick the Printers button.

Managing vDisksTo manage vDisks, choose from the tasks that follow.

vDisk Files

w Creating and Formatting a New vDisk File on page 110

w Assigning vDisks to Target Devices on page 145

vDisk Images

w Using the Imaging Wizard on page 109

w Building a Common Image on page 115

vDisk Maintenance


108

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ec7156d2-2864-49ee-bfcb-777b898ad582&displaylang=en



w Configuring vDisk Modes on page 118

w Adding Existing vDisks to a vDisk Pool or Store on page 119


w Assigning a vDisk to a User Group on page 173

w Viewing vDisk Usage on page 120

w Releasing vDisk Locks on page 120

w Deleting a vDisk on page 121

w Deleting Cache on a Difference Disk on page 122

w Copying vDisks to Different Locations on page 122

w Copying and Pasting vDisk Properties on page 123

w Backing Up a vDisk on page 123

w Updating vDisks on page 123

w Using Maintenance Utilities with a vDisk on page 130

w Working with Physical Disks and vDisks on page 130


w Configuring a vDisk for Microsoft Volume Licensing on page 130

Using the Imaging WizardUse the Provisioning Services Imaging Wizard to create a vDisk image from the mastertarget device.

Prerequisites

w Enable Windows Automount on Windows Server operating systems.

w Remove any virtualization software before performing a conversion.

w Disable Windows Autoplay.

w Remove any virtualization software before performing a conversion.

w Verify adequate free space exists on the destination, which is approximately 101% ofused space on the source volumes.

w Select a NIC for imaging that has a binding to Provisioning Services, which is the NICbinding chosen during the installation of the Target Device software.

1. From the Master target device's Windows Start menu, select Citrix>ProvisioningServices>Imaging Wizard.The wizard's Welcome page appears.

2. Click Next.The Connect to Farm page appears.


109

3. Enter the name or IP address of a Provisioning Server within the farm to connect toand the port to use to make that connection.

4. Use the Windows credentials (default), or enter different credentials, then clickNext.If using Active Directory, enter the appropriate password information.

5. On the Microsoft Volume Licensing page, select the volume license option to usefor target devices or select None if volume licensing is not being used:

• None

• Key Management Service (KMS)

Note: Additional steps are required to implement KMS licensing after thevDisk image is created. Refer to Managing Microsoft KMS Volume Licensing inthe Administrator's Guide for details.

• Multiple Activation Key (MAK)

Note: For information on managing MAK Licensing refer to ActivatingMicrosoft MAK Volume Licensing in the Administrator's Guide.

6. Select to create a new vDisk (default), or use an existing vDisk by entering thatvDisks name, then click Next.The Add Target Device page appears.

7. Enter the target device name, MAC, and which collection to add this device to,then click Next.If the target device is already a member of the farm, the Existing Target Devicespage appears.

8. Click Next.The Summary of Farm Changes appears.

9. Verify all changes, then click Next.A confirmation message displays.

10. Click Yes on the confirmation message to start the imaging process.

Creating and Formatting a New vDisk FileThe following lists the major steps involved in creating and configuring the vDisk file:

w To create a new vDisk file in the database on page 111

w To format a vDisk on page 111

w To unmount a vDisk on page 113


110

To create a new vDisk file in the database1. In the Console tree, right-click on the vDisk Pool in the site where you want to add

those vDisks, then select the Create vDisk menu option. The Create vDisk dialogappears.

2. If you accessed this dialog from the site’s vDisk pool, in the drop-down menu,select the store where this vDisk should reside. If you accessed this dialog from thestore, from the drop-down menu, select the site where this vDisk will be added.

3. In the Server used to create the vDisk drop-down menu, select the ProvisioningServer that will create the vDisk.

4. Type a filename for the vDisk. Optionally, type a description for this new vDisk inthe description textbox.

5. In the Size text box, scroll to select the appropriate size to allocate for this vDiskfile. If the disk storing the vDisk images is formatted with NTFS, the limit isapproximately 2 terabytes. On FAT file systems, the limit is 4096 MB.

6. In the VHD Format text box, select the format as either Fixed or Dynamic (2040GB for VHD emulating SCSI; 127 GB for VHD emulating IDE).

7. Click Create vDisk, a progress dialog opens. Depending on the disk size and otherfactors, it may take several minutes or more to create the vDisk. After the vDisk issuccessfully created, it displays in the Console’s details pane and is ready to beformatted.

8. Right-click on the vDisk in the Console, then select Mount vDisk. The vDisk icondisplays with an orange arrow if mounted properly.

A vDisk image can not be assigned to, or boot from a target device until that targetdevice exists in the Provisioning Services database. After creating the target device, inthe Console, select the Hard Disk boot option.

To format a vDiskIn order for a target device to access the new vDisk, after you have created andallocated space for the vDisk file on the Provisioning Server, you must format the vDisk.

Note: vDisks for use by Linux target devices are formatted automatically using theLinux image.sh.

Select from one of the following vDisk formatting methods:

w To format a mounted vDisk from the Console on page 111

w To format a mounted vDisk from the target device on page 112

To format a mounted vDisk from the ConsoleFrom the Provisioning Server, the vDisk should appear as a drive to the operating system.

Note: The disk used as the vDisk mounting point is always visible to the operatingsystem, even when a vDisk has not been mounted. When Provisioning Services


111

software is installed on the server, this drive is created. The drive letter will be the nextavailable drive letter on your system. (For example, if your Provisioning Server has anA: drive, C: drive and D:).When mounting a vDisk in Windows 2003 Enterprise or Windows 2008 Enterprise, thevDisk is not assigned a drive letter. This is due to enhanced security in Windows,which does not acknowledge the new plugged-in disk until the user manually bringsit online once

1. Open a Windows Explorer window (click My Computer on the Desktop or on theStart Menu).

2. Right-click on the vDisk, then select Format.

Note: Formatting erases all data stored on the vDisk. You should only format newvDisks that have not yet been imaged from the target device hard disk.

3. Create a descriptive name for the volume label for the vDisk.

4. Click Start, then click OK on the warning message that appears.

5. After formatting, close Windows Explorer.

Continue on to “Unmounting a vDisk”.

To format a mounted vDisk from the target device

1. Ensure that the target device software is installed on the target device.

2. In the Console, create a new vDisk on the Provisioning Server. Assign this vDisk tothe Master Target Device.

3. From the Console, configure the target device to boot from its local hard disk, NOTto the assigned vDisk.

4. PXE-Boot the target device. Once started, confirm connectivity from the targetdevice to the Provisioning Server. When the connection is inactive the Target-Device status icon in the system tray has a red X on it—if there is no red X, thenthe connection is good.

5. Access the Disk Management utility in Windows by right-clicking My Computer onthe desktop and selecting Manage. The Computer Management window shouldappear.

6. Select Disk Management from the left window pane. The right window pane willdisplay all of the storage devices connected to the target device.

7. Identify the vDisk as the next available storage device after the boot disk (C:) andany additional physical drives connected to the computer. For example, if thetarget device has two physical drives, a primary boot disk labeled C:, and anadditional storage device labeled D:, then the vDisk will be labeled E:.

8. Right-click the vDisk in the right window pane and select Format.


112

9. Type a Volume Label if desired, such as vDisk1.

10. Select the desired file system, such as NTFS. Leave the Allocation unit size to thedefault setting.

11. Select Perform a quick format. Leave the box labeled Enable file and foldercompression unchecked, then click OK.

12. Once the format is complete the disk should have a status of Healthy on the rightwindow pane. The disk is now formatted and ready to be imaged from the MasterTarget Device.

To unmount a vDiskMounted vDisks cannot be used by target devices.

To unmount a vDisk and make it available to target devices, in the Console, right-clickon the vDisk, then select the Unmount vDisk vDisk name option.

Create and Assign a Target DeviceTo create a target device entry in the database1. Right-click on the collection where this target device will reside.

2. Select Create Device. The Create Device dialog box appears.

3. Type the name and MAC address of the device, and optionally a description for thatdevice, then click OK.

To assign a vDisk to a target device1. In the Console tree, expand the Device Collections folder, then click on the

collection folder where this target device is a member. The target-device displaysin the details pane.

2. Right-click on the desired target device, then select Properties. The Target DeviceProperties dialog appears.

3. On the General tab, select Hard Disk from the Boot from option.

4. Click on the vDisks tab, then select the Add button within the vDisk for thisDevice section. The Assign vDisks dialog appears.

5. To locate vDisks to assign to this target device, select a specific store or serverunder the Filter options, or accept the default settings, which includes All Storesand All Servers.

6. In the Select the desired vDisks list, highlight the vDisks to assign, then click OK,then OK again to close the Target Device Properties dialog.

Note: In the Console window, use the drag-and-drop feature to quickly assign a vDiskto all target devices in a collection.


113

Building the vDisk ImageHow you build the vDisk depends on if you are using Windows or Linux.

w Using the Imaging Wizard on page 109

w Imaging Linux Target Devices on page 114

Imaging Windows Target DevicesTo image a Windows Target Device, refer to Using the Imaging Wizard on page 109

Imaging Linux Target DevicesLinux pre-imaging considerations

w Prior to imaging, a master target device is generally customized by the user.However, during the imaging process and every subsequent boot process, the /etc/{fstab, hosts, resolv.conf} files are modified by Provisioning Services so that themachine can boot as a diskless device. If these files were customized prior toimaging, they will be overwritten.

w Prior to imaging a Ubuntu device, complete the following:

a. Install Provisioning Services on the master target device, then reboot the system.

b. After Windows Manager starts and the user logs in, click the Network Managericon in the system tray, then click Manual Configuration.... The NetworkSettings dialog appears.

c. Click the Unlock button, then enter the user's password. The Network settingsdialog appears.

d. Highlight the interface that Provisioning Services will use to stream theoperating system, then click the Properties button. The properties dialogappears.

e. Uncheck the Enable Roaming Mode option, then set the Configuration: field toAutomatic Configuration (DHCP).

f. Save and exit open dialog boxes. The Ubuntu device is now ready for imaging.

Image the Linux target device

1. On the Target Device Properties tab, configure the target device to boot from thehard drive and assign a vDisk to it.

2. Boot the Master Target Device and login as root.

3. Verify that the Master Target Device is connected to the Provisioning Server. Thiscan be done by looking for a padlock next to the name of the Master Target Devicein the list of target devices in the Provisioning Server Console.

4. To image the Master Target Device's hard drive to the vDisk, open a terminal andenter the directory into which Provisioning Services target device software wasinstalled. By default, this is /root/citrix.


114

5. At the Console prompt, issue the following command:#sh image.sh

6. After the Linux Imager application starts, click Image.

7. Click Begin to begin the imaging process. Allow the imaging process to complete.

8. Click Done to close the Linux Imager application.

9. Shut down the target device. The target device can now be set to boot from thevDisk. Use the General tab on the Console’s Target Device Properties dialog to setthe target device to boot from the vDisk. Optionally, disconnect the hard disk onthe target device.

Building a Common ImageThe Common Image feature allows a single vDisk to simultaneously support differentmotherboards, network cards, video cards and other hardware devices. The result is avDisk capable of being used by heterogeneous target devices, greatly reducing thenumber of vDisks an administrator must maintain.

Prerequisitesw Make sure all target devices that will use the common image have the a consistent

HAL -- that is, they must have the same number of logical processors.

Note: A single processor hyper-threading capable system is considered to havetwo logical processors when the hyper-threading is enabled in the BIOS.

w The BIOS structure, which is presented to the OS during the boot process, must beof the same format for all target devices that share a Standard Image. The BIOSStructure contains a list of all the components connected to the motherboard sothat the appropriate drivers are loaded to allow the components to function properly.

w Have either a 3Com Managed PC Boot Agent (MBA) or a PXE-compliant NIC available.This card is the common NIC that is inserted into each target device during theCommon Image build process.

w Install all the latest device drivers on each target device.

w Device drivers are missing if devices do not respond after you configure the commonimage. For example, if a target device’s USB mouse and keyboard do not respondafter you assign the common image to the target device, it is likely that you havenot installed drivers for that target device’s chipset. Go to device manager andcheck to insure no yellow exclamation mark display on any devices, especially USBRoot HUBs and controllers.

w Determine which target device contains the latest motherboard chipset. This targetdevice is used as the first target device in the common image build process. Thelatest Intel chipset driver always contains all the drivers for the previous chipset,therefore it is not necessary to install as many drivers when you build the commonimage.


115

w Except on the first target device, disable built-in NICs on all target devices that willuse the common image (leave the built-in NIC on the first target device enabled).This prevents confusion about which NIC to use during the common image buildingprocess

w Install Provisioning Services components

Building the Common ImageThe steps for building a common image are presented in several short procedures:

w Configuring the Master Target Device on page 116

w Exporting Specific Data Files on page 116

w Booting the Master Target Device on page 117

w Adding Additional Target Devices to the Common Image on page 117

Note: Important! When building the common image, create a vDisk that has enoughspace to accommodate additional information that is added by the common imagebuild process.

Configuring the Master Target Device1. Insert the common NIC into the Master Target Device.

2. Install the target device software on the Master Target Device. Select both thecommon NIC and built-in NICs during the installation process.

3. Create a vDisk, then mount, format, and unmount it. You must create a vDisk thathas enough space to accommodate additional information added by the commonimage build process.

4. Run the Imaging Wizard on the target device to build the vDisk.

5. (Recommended) Make a copy of the original vDisk created in Step 3 and save it inthe vDisk directory on the Provisioning Server.

6. On the first target device, copy CIM.exe from C:\Program Files\Citrix\Provisioning Services to a removable storage device, such as a USB flashdrive. This utility is used to include disparate target devices in the common image.

7. Shut down the Master Target Device and remove the common NIC.

Exporting Specific Data Files1. Insert the common NIC into a target device that will be added to the common

image, then boot the target device from its local hard drive.

Note: Although the Windows OS must be installed on this target device, thetarget device software does not have to be installed.

2. Copy CIM.exe from the removable storage device to this target device.


116

3. At a command prompt, navigate to the directory in where CIM.exe is located, thenrun the following command to extract the information form the target device intothe .dat file:CIM.exe e targetdeviceName.datwhere targetdeviceName identifies the first target device that will use thecommon image. For example, TargetDevice1.dat.

Copy the .dat file created in Step 3 to the removable storage device.

4. Shut down the target device and remove the common NIC.

To include additional target devices with disparate hardware in the common image,repeat Step1 through Step 6 for each device, giving each .dat file a unique name.

Booting the Master Target Device1. Reinsert the common NIC into the Master Target Device. Insert the NIC into the

same slot from which it was removed during the Configuring the Master TargetDevice on page 116 procedure. Before booting the Master Target Device, enter theBIOS setup and verify that the common NIC is the NIC used in the boot process.

2. Using the common NIC, boot the Master Target Device from the vDisk, in PrivateImage mode.

3. Copy CIM.exe and the .dat file associated with the first target device from theremovable storage device to the Master Target Device.

4. At a command prompt, navigate to the directory where the CIM.exe and the .datfile are located.

5. Run the following command to merge the information from the .dat file into thecommon image:CIM.exe m targetdeviceName.dat

6. Shut down the Master Target Device.

Adding Additional Target Devices to the Common Image1. Insert the common NIC into additional target devices that will be included in the

Common Image. Insert the NIC into the same slot from which it was removed in the Exporting Specific Data Files on page 116 procedure.

2. Using the common NIC, boot the target device off the vDisk in Private Image mode.

3. Allow Windows time to discover and configure all the device drivers on the targetdevice (this will take some time). If prompted by the “Found New HardwareWizard” to install new hardware, Cancel out of the wizard and proceed to Step 4.

Note: If Windows can’t install drivers for the built-in NIC on a target device, andthe drivers can not be installed manually, the common NIC and the target device’sbuilt-NIC are very similar to each other and the driver installation program tries toupdate the driver for both NICs. For example, this happens if the common NIC isan Intel Pro 100/s and the target device’s built-in NIC is an Intel Pro 100+. Toresolve this conflict, open System Properties. On the Hardware tab, click theDevice Manager button. In the Device Manager list, right-click the built-in NIC and


117

click Update Driver to start the Hardware Update Wizard. Choose Install from alist or specific location and specify the location of the NIC's driver files.

4. Open Network Connections, right-click the connection for the built-in NIC and clickProperties in the menu that appears. (The icon for the built-in NIC is marked witha red X.)

5. Under This connection uses the following items, select Network Stack and clickOK.

6. From a command prompt, run the following command:C:\Program Files\Citrix\Provisioning Server\regmodify.exe

Note: After completing Steps 4-6, reboot the target device and allow Windows todiscover and configure any remaining devices. If prompted by the “Found NewHardware Wizard” to install new hardware, proceed through the Wizard tocomplete the hardware installation.

7. Using the original vDisk, repeat Step1 through Step 6 for each of the additionaltarget devices to be included in the Common Image.

8. Once target devices have been included in the Common Image, on the Console, setthe disk access mode for the Common Image vDisk to Standard Image mode, thenboot the devices.

Configuring vDisk ModesvDisk access modes are selected using the Console. The vDisk modes that you canchoose from include:

w Private Image – Use this mode if a vDisk is only used by a single target device (read/write access is enabled).

w Standard Image – Use this mode if a vDisk is shared by target devices and uses write-cache options.

w Difference Disk Image – Use this mode to save changes between reboots, byretrieving changes made from previous sessions that differ from the read only vDiskimage.

To configure the vDisk mode:

Note: Only those write cache options that are supported for the selected vDiskAccess Mode appear enabled.

1. On the Console, right-click on the vDisk for which you want to configure the vDiskaccess mode, then select File Properties.The vDisk Properties dialog appears.

2. Click on the Mode tab, then select the image mode that applies to this vDisk fromthe Access Mode drop-down menu.


118

3. From the Cache-Type drop-down list, select from the following write cachemethods:

• Cache on server disk

• Cache encrypted on server disk

• Cache in device RAM

• Cache on device’s HD

• Cache encrypted on device’s HD

Note: Refer to the Product and Technology chapter detailed cache optioninformation and considerations. If the cache on local hard-drive type isselected, ensure that the hard-disk drive is formatted with either EXT2 or EXT3file system type for Linux devices, or NTFS for Windows devices with aminimum of 500 MB. If the cache on the target device RAM and StandardImage mode are selected, the max size of the RAM write cache is determinedby the registry setting WcMaxRamCacheMB in the BNIStack Parameters. Thisis a DWORD parameter. If the registry entry does not exist, then the defaultvalue used is 3584 MB.

4. Click OK to exit the Disk Properties dialog.

Adding Existing vDisks to a vDisk Pool or StoreIf vDisks exist in a store, and those vDisks will be used by target devices in your site,you can easily add them to the site’s vDisk Pool by selecting the Console’s Add existingvDisks right-click menu option. This option is available from the vDisk Pool folder andfrom a store folder.

To add existing vDisks to a site:

1. Verify the following:

• Other servers have access to the shared folder where the store is located.

• The new server is associated with that store.

• Enable the Use the load balancing algorithm in that vDisk’s properties.

2. In the Console tree, right-click on the vDisk Pool in the site where you want to addthose vDisks, or right-click on the store where those vDisks exist, then select theAdd existing vDisk menu option.The Add Existing vDisks dialog appears.

3. If you accessed this dialog from the site’s vDisk pool, select the store to searchfrom the drop-down menu. If you accessed this dialog from the store, select thesite where vDisks will be added from the drop-down menu.

4. In the Select the server to use when searching for new vDisks drop-down menu,select the Provisioning Server that will perform the search. Click Search. Any newvDisks that do not exist in the database display in the text box below.


119

5. Check the box next to each vDisk that you want to add, or click Select All to addall vDisks in the list, then click Add.

Viewing vDisk UsageBy right-clicking on a vDisk in the Console window, you can choose to view:

w View target device connections to a vDisk on page 120

w View target devices currently being served by a Provisioning Server on page 120

View target device connections to a vDiskTo view target devices that are connected to a specific vDisk:

1. Right-click a vDisk in the Console, then select the Show usage menu option.The Show vDisk Usage dialog appears.

2. Select one or more target devices in the list to perform any of the following targetdevice connection tasks:

• Shut Down – shuts down the target device

• Reboot – reboots the target device

• Send Message – opens the Edit Message dialog to allow you to type, and thensend a message to target devices.

View target devices currently being served by a Provisioning ServerTo view all target devices currently being served by a Provisioning Server:

1. Right-click on a Provisioning Server in the Console, then select the ShowConnected devices menu option.The Connected Target Devices dialog appears.

2. Select one or more target devices in the list to perform any of the following targetdevice connection tasks:

• Shut Down – shuts down the target device

• Reboot – reboots the target device

• Send Message – opens the Edit Message dialog to allow you to type, and thensend a message to target devices.

Releasing vDisk LocksSince multiple target devices and Provisioning Servers can gain access to a single vDiskimage file, it is necessary to control access to prevent corruption of the image. Shoulda user accidentally assign a private image to multiple target devices, and then try toboot those target devices, a corrupt image would result. Therefore, the image becomeslocked appropriately for a given configuration. The locked vDisk icon appears with asmall ‘lock’ on it.

Be aware that under certain circumstances these locks may not be released properly. Alock on a vDisk image may not be released properly when a target device machine is


120

booted from a vDisk, and then fails (or power is lost). If the same target device bootsagain, the same lock is used and no problem occurs. However, if an administrator triesto mount the drive on the Provisioning Server after the target device has failed, theProvisioning Server will not be able to mount that vDisk because a lock is still held bythe failed target device. The Administrator has the capability to release these locks.

Note: Ensure that the vDisk is not in use before removing a lock. Removing a lock fora vDisk, which is in use, may corrupt the image.

To release select vDisk locks:

1. In the Console, right-click on the vDisk for which you want to release locks, andthen select the Manage Locks... option.The Manage VDisk Locks dialog appears.

2. If a vDisk has a target device lock on it, that target device name appears in thedialog's list. Select one or more target device from the list, then click Removelock. You can also choose Select All to remove all target device locks on the thisvDisk.

3. Click Close to close the dialog.

Unassigning vDisks from Target DevicesTo unassign a vDisk from one or more target devices:

1. Select the vDisk in the Console, then right-click and select the Unassign fromSelected Device(s) menu option.

2. In the Unassign from Devices dialog, select the devices to unassign to this vDisk,then click Unassign.

3. After the target devices are successfully unassigned, close the dialog.

Deleting a vDiskNote: You cannot delete a vDisk if one or more target devices or user groups arecurrently assigned to it. Unassign all target devices from the vDisk, before attemptingto delete it.

To delete a vDisk:

1. In the Console, expand vDisk Pool in the tree, then highlight the vDisk that youwant to delete in the details pane.

2. Right-click on the vDisk, then select Delete.The Delete vDisks dialog appears.

3. To permanently delete the vDisk from the hard drive, select the checkbox fordeleting the vDisk from the hard drive option. Or, do not select the checkbox todelete the vDisk from the store and database.


121

Unless a backup copy is made before deleting a vDisk image file from the store,the vDisk image file is permanently deleted.

4. Click Yes. The vDisk is deleted.

Deleting Cache on a Difference DiskThe Delete Cache from Selected Device(s)... context menu option allows you tomanually delete cache on a difference disk. The option is only available if the vDiskcache mode is set to Cache on Difference Disk.

Write cache on a Difference Disk is automatically deleted if that file becomes invalid.For details refer to Difference Disk Image Mode.

To delete a Difference Disk file:

1. In the Console, right-click on the vDisk that is associated with difference disk filesto delete. Select the Delete Cache from Selected Device(s) menu option.The Delete Cache for Devices dialog appears.

2. Check each target device box for which the cache should be deleted, or clickSelect all to delete all cache files associated with this vDisk.

3. Click Delete to delete the cache files from the server.

Copying vDisks to Different LocationsNote:vDisks may not appear available to add if current permissions do not match theappropriate Provisioning Server permissions when these vDisks are created. Forexample, if the Provisioning Server services are run under the Network Serviceaccount, all vDisks must have their permissions properly set so that ProvisioningServer can access them.

To copy existing vDisks to different storage locations:

1. Ensure the .vhd file is not locked before copying, then using Windows Explorer,copy the .vhd and .pvp files, and paste these files to each new location.

2. In the Console tree, create a new store or select an existing store.

3. Right-click on the store where this vDisk will reside, then select Add ExistingvDisk. (Right-clicking on a vDisk pool will also allow you to search for new vDisks).

4. Select the site where this vDisk will be available, and the Provisioning Server touse for searching, then click Search.

5. To add vDisks to the vDisk pool, check the boxes next to each vDisk to add(optionally, check the Enable load balancing for these vDisks option), then clickAdd.A confirmation message appears.


122

6. Click Close to close the Add existing vDisks dialog.

Copying and Pasting vDisk PropertiesUse the Copy and Paste options to copy properties of one vDisk to one or more vDisks inyour network.

To copy vDisk properties to one or more vDisks:

1. In the Console, right-click on the vDisk that has the properties settings that youwant to share with other vDisks, then select Copy vDisk Properties.The Copy vDisk Properties dialog appears.

2. Select the checkboxes next to the properties that you want to copy to othervDisks, then click Copy.

3. In the details panel, highlight the vDisks that you want to paste properties settingsto, then click Paste from the right-click menu.

Backing Up a vDiskThe Provisioning Server treats a vDisk image file like a regular file, but the targetdevice treats it as a hard drive. The procedure for backing up a vDisk image file is thesame as backing up any other file on your server. If a vDisk image file becomes corrupt,to restore it requires simply replacing the corrupted file with a previous, functionalversion.

Do not back up a vDisk while it is in use or while it is locked. It is recommended tointegrate the backing up of vDisks into your normal Provisioning Server backup routine.

Updating vDisksWhen you create a vDisk, you can configure the vDisk so that if changes to the vDiskare detected, those changes are scheduled to be applied or automatically applied. TheCheck for updates menu option provides you with the option to check for automatic orincremental updates at anytime.

Choosing a vDisk Update MethodThe Console’s Automatic vDisk update method allows groups of target devices to beautomatically updated to use one or more new or delta vDisks on a scheduled basis.

The new vDisks are usually newer versions of the current vDisks. The delta vDiskscontain incremental changes that have been made to the current vDisk.

You can schedule for automatic distribution of newer versions of vDisk images to one ormore sites. vDisks can be configured to all be activated on a specific day, whichpermits all of your target devices to update to the new target device vDisk imagesoftware on the same day, regardless of when the new vDisk image file actually arrivedat the site.


123

Note: To use the Automatic vDisk Update feature, you must select the appropriateProvisioning Server and vDisk settings in the Console.

If using the Difference Disk mode, updating a vDisk invalidates all associated DifferenceDisk files, causing the write cache on that file to be deleted automatically. Be sure tocreate backup copies of all Difference Disks before updating the vDisk.

To check for vDisk updates

1. Right-click a vDisk pool in the Console tree, then select the Check for updatesmenu option.

2. Choose from the following vDisk update menu options:

• Automatic

• Incremental

If updates are found, you can choose to automatically update those vDisks or schedulethose updates.

Automatically Updating vDisksThis vDisk update method provides a way to change a vDisk without having to re-installa hard drive in a diskless target device, or reconfigure all your target device databaserecords. Use this method when adding or removing third-party software applications orfiles to your vDisk. (This method is not intended for updating the target-device software).

Setting vDisk Class and Type Properties

The automatic update process takes advantage of the target device and disk propertiesof Class and Type. A Class can be assigned to target devices, user groups and vDisks.Additionally, the vDisk has the additional property, Type. In order for an automaticupdate to take place, the Class of the target device or user group and vDisk mustmatch. Additionally, for a newer vDisk to replace an older vDisk within a target deviceor user group configuration, the vDisk Type of both vDisks must match.

Since multiple, duplicate vDisk instances can exist within your implementation, andthose vDisks can be assigned to one or more target devices or user groups (in the caseof Provisioning Server Least Busy and First Available boot behaviors), it is necessary tofurther qualify the old vDisk that will be replaced by the new vDisk. This is the reasonfor the Type property of the vDisk. If you want to use the Automatic Disk Image Updatefeature, you should never assign more than one vDisk from the same Provisioning Serverwith the same Type, to the same target device or user group.

Automatic Update Procedures

Automatically Updating a vDisk consists of the following procedures:

1. Enable automatic updates on the original vDisk image file

2. Make a copy of the original vDisk to use to update another vDisk

3. Add the new vDisk file to the database


124

4. Change the disk access mode

5. Assign the new vDisk

6. Boot the target device from the new vDisk

7. Add software or data files to the vDisk

8. Change the vDisk access mode of the new vDisk

9. Increment the version number

10. Update the vDisk

These procedures are described in detail below.

Enable automatic updates on the original vDisk image file

1. In the Console, right-click on the original vDisk (ORIGINAL), then select FileProperties.

2. Select the Mode tab.

3. Select the Enable automatic updates for this vDisk option, then click OK

Make a copy of the original vDisk to use to update another vDisk

1. On the Provisioning Server, open Windows Explorer.

2. Navigate to the directory where you store your vDisk image files.

3. Right-click on the vDisk image file (.vhd) and its properties file (.pvp) that youwant to update, then select Copy from the shortcut menu.

4. Right-click again anywhere in the vDisk directory, then select Paste from theshortcut menu.

5. For each file, right-click on the file, then select Rename from the shortcut menu.Enter a new name for the files. (For the documentation purposes, the new vDiskfile will be referred to as the NEW.vhd file).

Select the Enable automatic updates for this vDisk option, then click OK.

You should now have both the original vDisk image file (ORIGINAL.vhd;ORIGINAL.pvp) and a new copy of the vDisk image file (NEW.vhd; NEW.pvp) in yourvDisk directory.

Add the new vDisk file to the databaseUse the Console to Creating and Formatting a New vDisk File on page 110.

Changing the disk access mode

1. In the Console, right-click on the new vDisk file (NEW.vhd).

2. Select the File Properties menu option.

3. On the Mode tab, select Private Image, then click OK.


125

Assigning the new vDisk

1. In the Console, right-click on a target device, then select Properties.

2. On the vDisks tab, select the original vDisk (ORIGINAL) from the vDisks list, thenclick the Remove button.

3. From the vDisks list, select the new vDisk (NEW), then click the Add button

4. Click OK to save the change

Booting the target device from the new vDiskAfter assigning the new vDisk to the target device, boot the target device from the newvDisk (NEW) to confirm that the new vDisk was updated correctly.

Adding software or data files to the vDisk

1. On the master target device, install or remove the desired software or files. (Forexample, install a new software application or perform a live update of your anti-virus definition files.)

2. When you have finished updating your new vDisk (NEW) with the desired softwareor file changes, shut down the target device.

Changing the vDisk access mode of the new vDisk

1. In the Console, right-click on the new vDisk (NEW), then select File Properties.

2. On the Mode tab, select the access mode to be exactly the same as that of youroriginal vDisk (ORIGINAL).

3. From the cache drop-down menu, select the same cache type that was selected foryour original vDisk (ORIGINAL), then click OK. The Disk Access Mode and CacheType must be exactly the same for both the original vDisk image (ORIGINAL), andthe new copy of the vDisk (NEW).Incrementing the version number

Incrementing the version number

1. In the Console, right-click on the new vDisk (NEW), then click the File Propertiesbutton.

2. Select the Identification tab.

3. Increment the Build number by one, then click OK.

Update vDisks

1. Right-click on the vDisk Pool, then select the Check for Updates menu option.

2. Select either the automatic or incremental vDisk update option, then click OKbutton on the confirmation dialog.If selecting the Incremental vDisk update option, in order for incremental updatesto be applied, the Check for Incremental Updates to vDisk option must beenabled on the Provisioning Server Properties’ Options tab.


126

3. Boot target devices from the newly updated vDisk.

Incrementally Updating vDisksThis method creates an incremental update file, or delta file, to be applied to astandard vDisk. The delta file will apply changes to the vDisk file to add or removesoftware components without having to distribute an entire new version of the vDiskfile. Normally the delta file is created at a home office site and then distributed to thefield office sites. The delta file is then applied by the Provisioning Server to allapplicable vDisk files.

The advantage of using the Incremental Update feature is that delta files are usuallyconsiderably smaller than a vDisk file. If you have a slow communications channel fromyour home office to your field office sites, it is often faster to distribute a delta fileinstead of a new version of a vDisk.

Delta files are actually ‘difference’ files between one vDisk image and another. Thedelta file can therefore be used to ‘transform’ one vDisk file into another vDisk file.Usually the two vDisk files are two versions of the same file. For example, version 1.0.1of the vDisk file may not contain a copy of Microsoft Word. You can copy this vDisk fileto a new vDisk file (with a different name), update the version number to 1.0.2, installMicrosoft Word on the new image file, and then create a delta file between the twoversions of the vDisk. That delta file can then be used to update any 1.0.1 vDisk withMicrosoft Word by simply applying the delta file.

The delta file incremental update can only be applied to vDisk files that are used inStandard Image mode. vDisks that are used in Private Image mode cannot beincrementally updated, since the act of booting from an image in Private Image modeactually modifies the vDisk file and invalidates it for incremental updates. Also notethat if you boot from a vDisk in Private Image mode, or map that vDisk on aProvisioning Server, it cannot be used as a target for incremental updates unless theupdate is made from the image after it has been booted from and/or mapped. A vDiskfile can only be used as a target for incremental updates if it is only changed throughthe incremental update process. Even mapping an image in private image mode willmodify it at the sector level. For example, if you copy an image (a) to (b), then mountimage (a), then unmount (a), (a) and (b) are no longer the same.

Incrementally updating vDisks includes the following procedures:

w Enabling the incremental update feature on a Provisioning Server

w Creating a delta file used to update the vDisk

w Applying the delta file

These procedures are described in detail below.

Enabling the incremental update feature on a Provisioning Server

1. Right-click on a Provisioning Server in the Console, then select Properties.

2. On the Options tab, enable incremental updates by checking the Check forIncremental Updates to a vDisk checkbox.


127

Creating a delta file used to update the vDisk

1. From Windows Explorer, make a copy of the vDisk and properties files in the vDiskfolder. This will be Image B. Do NOT boot, mount, or modify (in any way) Image Aafter you have made the copy to Image B before creating the delta file. This willinvalidate Image A as a predecessor of Image B and corrupt the image after thedelta file is applied.

2. Add Image B to the database using the “Adding Existing vDisks to a vDisk Pool orStore” procedure.

3. Change the boot mode for Image B to boot in Private Image mode. Doing thismakes changes made to the vDisk file persistent.

4. Assign Image B to a compatible target device and boot the target device.

5. Install any software updates for the new version of the image file, then shut downthe target device normally.

6. Change the boot mode of Image B back to Standard Image mode. This is critical.Otherwise, you will not be able to create a delta file from the two vDisk files. Auto-update only works with vDisks that are in Standard Image mode.

7. Increment the version number (major, minor and/or build) of Image B in its diskproperties dialog. This is very important. Failure to do so will cause the image fileto be applied repeatedly by the Automatic Update process.

8. Maintain the same Serial # (from the disk properties dialog) for both Image A andImage B. The update service uses the Serial # to help guarantee that a delta file iscompatible with a vDisk file. Normally the Serial # is set to a random GUID whenthe vDisk is created. If you leave this Serial # in place it will help verify that deltafiles are being applied to the correct vDisk file.

9. Copy AutoUpdate.exe from the Provisioning Server installation directory whereyour vDisks reside.

10. Run the AutoUpdate.exe utility as follows:AutoUpdate createimagefileA.vhd imagefileB.vhd deltafileAB.pvaThis creates a delta file named deltafileAB.pva, which is assigned the Class, Type,Version, and Serial# of image A.

Once the delta file is created, you can optionally assign an activation date to it.The activation date is used to tell the update service at your field offices that thedelta file should only be applied on or after the indicated date. To set theactivation date, use the AutoUpdate.exe utility as follows (assume an activationdate of February 25, 2008 in this example):

AutoUpdate activate deltafileAB.pva 02/25/08

To print the information from the delta file such as activation date, class, typeetc. by using AutoUpdate as follows:

AutoUpdate info deltafileAB.pva

This valid delta file can now be applied to any copy of Image A to convert it intoimage B.


128

Never apply the delta file to a copy of Image A that has been changed, bootedfrom in private image mode, or even mounted on a Provisioning Server. Doing sowill corrupt the image.

Applying the delta file

1. Right-click on the vDisk, then select the Properties menu option.

2. Click the Edit file properties button.The vDisk File properties dialog appears.

3. On the Mode tab, select the Enable automatic updates for this vDisk option, thenselect the Schedule the next vDisk update to occur on option to check the vDiskfolder and a specific day, and then apply those updates (be sure to select a time ofday when you know all of your target devices will be powered down in the fieldoffice). Or, select to Apply vDisk updates as soon as they are detected by theserver option and those updates be applied as soon as they are detected by theProvisioning Server. (Note: *.pva files should be in the same directory as the root ofthe store, where the corresponding *.vhd and *.pvp files reside.)

4. Transfer your delta files to folders containing your vDisks in your field offices.From this point on, the update process is automatic and this procedure only needsto be performed when setting up a Provisioning Server.

5. The update process checks the following when applying delta files to vDisk images:

• The Class, Type and Version Numbers (Major, Minor and Build) recorded in thedelta file must match those in the image file.

• The Serial # recorded in the delta file must match that contained in the imagefile. If an activation date was set on the delta file, the current system datemust be greater than or equal to the activation date.

• That no target device is currently booted from that vDisk.

If all of the above tests pass, the delta file is applied to the vDisk. This modifies thefile so that the next time a target device boots from the vDisk, it contains the newsoftware inherent in the delta file. The version number of the image is also updated tomatch that of the newer image (i.e. Image B in the example above). If one of the testsfail (for example, a target device is booted from the vDisk at the scheduled time), theupdate is not applied. However, it may be applied the next day at the scheduledupdate time. Note that the Incremental Update process differs from the AutomaticvDisk Update process in that all target devices must actually be powered down for theupdate to actually occur.

Rolling Back vDisk ChangesIn addition to applying the delta file, the update process creates a rollback file thatcan be used to convert the new image back to the original image. The rollback file iscreated in a sub-folder of the vDisks folder of the modified vDisk called 'rollback'. Therollback file is named the same as the delta file with a .rbk extension appended to thefilename. A rollback file is, itself, a delta file. One that can be used to convert anupdated image back to its original state.

The rollback file can be copied to the updates folder and the Schedule Automatic DiskUpdates option can be used with the manual update selection. Selecting the Check for


129

incremental updates menu option applies the rollback file to the correct vDisk file androlls it back to the previous version.

Optionally you can apply the rollback file by manually running the AutoUpdate.execommand line utility as follows:

AutoUpdate merge updatedimagefile rollbackfile.pvr

The merge option of AutoUpdate applies a delta file to the indicated image the sameas the automatic update process does using the Console.

Using Maintenance Utilities with a vDiskUsing tools such as ScanDisk, Disk Defragmenter, virus checkers, and other maintenanceutilities with vDisks is identical to using them with real, physical hard drives.

You can perform regular maintenance tasks on your Provisioning Server drives withoutcausing problems in the vDisks. You can also perform maintenance tasks on vDisks fromtarget devices as you would on normal drives.

Working with Physical Disks and vDisksImplementing a vDisk for a target device does not mean that you cannot use a localhard drive. In fact, you can combine vDisks with local, physical hard drives andconfigure master and slave drives by changing a few items in the database.

The key to combining vDisks and physical disks is setting the boot order (boot fromlocal hard drive; boot from vDisk) and the order of a target device's vDisk file listingusing the Console.

Configuring a vDisk for Microsoft Volume LicensingA vDisk can be configured for Microsoft Key Management Service (KMS) or MultipleActivation Key (MAK) volume licensing when the Imaging Wizard is run. If it was notconfigured when the Imaging Wizard was run, it can still be configure from the Console:

Note: The MCLI and SoapServer command-line interfaces can also be used toconfigure Microsoft volume licensing.

1. Select the vDisk in the Console, then right-click and select File Properties.The vDisk File Properties dialog appears.

2. Click the Microsoft Volume Licensing tab, then select the MAK or KMS licensingmethod.

3. Click OK.After a vDisk has been configured for Microsoft volume licensing, additional stepsmay be necessary to activate or maintain that vDisk. For additional information,refer to Managing Microsoft MAK Volume Licensing on Target Devices on page 165and Managing Microsoft KMS Volume Licensing on page 163.


130

Chapter 10

Managing Target Devices

Topics:• Target Device Properties

• Target Device Tasks

A target device becomes a member of a device collectionwhen it is added to the farm. A target device can only be amember in one device collection. However, a target devicecan exist in any number of views. If a target device isremoved from the device collection, it is automaticallyremoved from any associated views.

Target Devices are managed and monitored using the Consoleand Virtual Disk Status Tray utilities.

In the Console, actions can be performed on:

w An individual target device

w All target devices within a collection

w All target devices within a view

When target devices are added to a collection, that devicesproperties are stored in the Provisioning Services database.Target Device properties include information such as thedevice name and description, boot method, and vDiskassignments (refer to Target Device Properties on page 132for details).

To view target device related tasks, refer to Target DeviceTasks on page 137

131

Target Device PropertiesNote: A reboot is required if a target device is active when modifications are made toany of the following device properties:

w Boot from

w MAC

w Port

w vDisks for this Device

The following tables define the properties associated with a target device, whichincludes:


w vDisk Tab on page 133

w Personality Tab on page 134

w Status Tab on page 136

w Authentication tab on page 135

w Logging tab on page 136


Device Name The name of the target device or the name of theperson who uses the target device. The name canbe up to 15 bytes in length. However, the targetdevice name cannot be the same as the machinename being imaged.

Note: If the target device is a domain member,use the same name as in the Windows domain,unless that name is the same as the machinename being imaged. When the target deviceboots from the vDisk, the name entered herebecomes the target device machine name.

Description Description of this target device.

Class Class used for matching new vDisks to targetdevices when using Automatic Disk Image Update

Chapter 10 Managing Target Devices

132


in order to match new vDisks images to theappropriate target devices and user groups.

Boot from The boot method this target device should use.Options include booting from a vDisk, hard disk, orfloppy disk.

MAC Enter the media access control (MAC) address ofthe network interface card that is installed in thetarget device.

Port Displays the UDP port value.

In most instances, you do not have to change thisvalue. However, if target device software conflictswith any other IP/UDP software (that is, they aresharing the same port), you must change this value.

Disable this client Enable this option to prevent target devices frombooting. Regardless if enabled or disabled, newtarget devices that are added using Auto-add, haverecords created in the database.

Get Template Properties Click this button to inherit the template propertiesfor this collection (excluding Name and MAC).

vDisk TabField/Button Description

vDisks for this Device Displays the list of vDisk assigned to this targetdevice.

Click Add to open the Assign vDisks dialog. To filterthe vDisks that display, select a specific storename and Provisioning Server or select All Storesand All Servers to list all vDisks available to thistarget device. Highlight the vDisks to assign, thenclick OK.

Click Remove to remove vDisks from this device.

Click Printers to open the Target Devices vDiskPrinters dialog. This dialog allows you to choosethe default printer and any network and localprinters to enable or disable for this target device.


133


Options Provides secondary boot options:

w Include the local hard drive as a boot device.

w Include one or more custom bootstraps as bootoptions.

If enabling a custom bootstrap, click Add, to enterthe bootstrap file name and the menu text toappear (optional), then click OK.

If more than one vdisk is listed in the table or ifeither (or both) secondary boot options areenabled, the user is prompted with a disk menu atthe target devices when it is booted. Enter a menuoption name to display to the target device. Thetarget device can select which boot options to use.

Click Edit to edit an existing custom bootstrap'sfile name or menu text.

Click Remove to remove a custom bootstrap filefrom those available to this target device.

Personality TabField/Button Description

Name and String There is no fixed limit to the number of names youcan add. However, the maximum name length is 250characters and the maximum value length is 1000characters.

Use any name for the field Name, but do not repeata field name in the same target device. Field namesare not case sensitive. In other words, the systeminterprets “FIELDNAME” and “fieldname” as thesame name. Blank spaces entered before or afterthe field name are automatically removed.

A personality name cannot start with a $. Thissymbol is used for reserved values such as$DiskName and $WriteCacheType.


134

Authentication TabField/Button Description

Authentication Password information entered in this dialog is forinitial target device login only. It does not affectWindows account login.

Authentication methods include:

w None

w Username and password

w External verification (user supplied method)

Username If authenticating with a user name and password,enter the user name for the account. Follow yourorganization's user name conventions.

Note: Requires user names be at least twocharacters and no more than 40 characters inlength. User names are NOT case sensitive.

If the account already exists, you cannot changethe user name.

Password If authenticating with a user name and password:

Click the Change button to open the ChangePassword dialog. To create a new password for auser account, type the old password, then type thenew password in both the New password andConfirm new password text boxes. Click OK tochange the password.

Note: Follow your organization's passwordconventions. Requires passwords be at leastthree characters and no more than 20 charactersin length. Passwords ARE case sensitive. Re-enter the new password exactly as you entered itin the previous field to confirm it.


135

Status TabField/Button Description

Target Device Status The following target device status informationappears:

w Status: current status of this device (active orinactive).

w IP Address: provides the IP Address or 'unknown'.

w Server: the Provisioning Server that iscommunicating with this device.

w Retries: the number of retries to permit whenconnecting to this device.

w vDisk: provides the name of the vDisk ordisplays as 'unknown'.

w License information; depending on the devicevendor, displays product licensing information(including; n/a, Desktop License, DatacenterLicense, XenApp License, or XenDesktopLicense).

Logging tabField/Button Description

Logging level Select the logging level or select Off to disablelogging:

w Off – Logging is disabled for this ProvisioningServer.

w Fatal– logs information about an operation thatthe system could not recover from.

w Error logs information about an operation thatproduces an error condition.

w Warning– logs information about an operationthat completes successfully, but there areissues with the operation.

w Info – Default logging level. Logs informationabout workflow, which generally explains howoperations occur.

w Debug – logs details related to a specificoperation and is the highest level of logging. If


136


logging is set to DEBUG, all other levels oflogging information are displayed in the log file.

w Trace – logs all valid operations.

Target Device TasksTo manage and monitor target devices, choose from the following tasks:

w Preparing a Master Target Device for Imaging on page 137

w Adding Target Devices to the Database on page 142


w Set the Target Device as the Template for this Collection on page 146

w Copy and Paste Target Device Properties on page 146

w Booting Target Devices on page 146

w Checking a Target Device's Status from the Console on page 147

w Sending Messages to Target Devices on page 147

w Disabling a Target Device on page 147

w Deleting Target Devices on page 148

w Shutting Down Target Devices on page 148

w Restarting Target Devices on page 148

w Sending Messages to Target Devices on page 147

w Using the Status Tray on a Target Device on page 149

w Managing Target Device Personality on page 150

w Managing Domain Computer Accounts on page 216


w Adding Target Devices to the Database on page 142

Preparing a Master Target Device for ImagingA Master Target Device refers to a target device from which a hard disk image is builtand stored on a vDisk. Provisioning Services then streams the contents of the vDiskcreated from the Master Target Device to other target devices.

w Preparing the Master Target Device's hard disk on page 138


137

w Configuring a Master Target Device's BIOS on page 138

w Configuring network adapter BIOS on page 139

w Installing Master Target Device software on page 140

Preparing the Master Target Device's hard diskThe Master Target Device is typically different from subsequent target devices becauseit initially contains a hard disk. This is the hard disk that will be imaged to the vDisk. Ifnecessary, after imaging, the hard disk can be removed from the Master Target Device.

In order to support a single vDisk, that is shared by multiple target devices, thosedevices must have certain similarities to ensure that the operating system has allrequired drivers. The three key components that must be consistent include the:

w Motherboard

w Network card, which must support PXE

w Video card

However, the Provisioning Services Common Image Utility allows a single vDisk tosimultaneously support different motherboards, network cards, video cards, and otherhardware devices.

If target devices will be sharing a vDisk, the Master Target Device serves as a‘template’ for all subsequent diskless target devices as they are added to the network.It is crucial that the hard disk of Master Target Device be prepared properly and allsoftware is installed on it in the proper order:

Note: Follow the instructions below after installing and configuring the ProvisioningServer and creating target devices.

Software must be installed on the Master Target Device in the order that follows:

1. Operating System (Windows or Linux)

2. Device Drivers

3. Service Packs Updates

4. Target Device Software

Applications can be installed before or after the target device software is installed. Iftarget devices will be members of a domain, and will share a vDisk, additionalconfiguration steps must be completed (refer to Managing Domain Accounts in theAdministrator’s Guide, before proceeding with the installation).

Note: Dual boot vDisk images are not supported.

Configuring a Master Target Device's BIOSThe following steps describe how to configure the target devices system’s BIOS and theBIOS extension provided by the network adapter, to boot from the network. Different


138

systems have different BIOS setup interfaces – if necessary, consult the documentationthat came with your system for further information on configuring these options.

1. If the target device BIOS has not yet been configured, re-boot the target deviceand enter the system’s BIOS setup. (To get to BIOS setup, press the F1, F2, F10 orDelete key during the boot process. The key varies by manufacturer).

2. Set the network adapter to On with PXE.

Note: Depending on the system vendor, this setting may appear differently.

3. Configure the target device to boot from LAN or Network first. Optionally, selectthe Universal Network Driver Interface; UNDI first, if using a NIC with ManagedBoot Agent (MBA) support.

Note: On some older systems, if the BIOS setup program included an option thatpermitted you to enable or disable disk-boot sector write protection, ensure thatthe option is disabled before continuing.

4. Save changes, then exit the BIOS setup program.

5. Boot the target device from it’s hard drive over the network to attach the vDisk tothe target device.

Configuring network adapter BIOSThis procedure is only necessary for older systems.

1. Re-boot the Master Target Device.

2. Configure the network adapter’s BIOS extension through setup.

During the system boot, the network adapter’s BIOS extension will present aninitialization message similar to the following:

Initializing Intel ® Boot Agent Version 3.0.03 PXE 2.0 Build 078 (WfM 2.0) RPL v2.43Enter the network adapter’s BIOS extension. (Consult the network adapter’sdocumentation.) The key combination for entering the network adapter’s BIOSextension varies by manufacturer. For example, to enter the Intel Boot Agent setupscreen, type Ctrl+S.

A screen similar to the following appears:


139

3. Change the boot order to Network first, then local drives.

4. Save any changes, and exit the setup program. In the Intel Boot Agent, typing F4saves the changes.

Alternatively, a device can be configured to provide IP and boot information (boot file)to target devices using the Manage Boot Devices utility.

Installing Master Target Device software

Note: It is recommended that you read the Release Notes document before installingtarget-device software. Before installing the product software on a Master TargetDevice, turn off any BIOS-based-virus protection features. To include anti-virussoftware on the vDisk image, be sure to turn the anti-virus software back on prior torunning the Imaging Wizard.

Provisioning Services target device software must be installed on a Master TargetDevice prior to building a vDisk image.

Provisioning Services target device software components include:

w Provisioning Services Virtual Disk, which is the virtual media used to store the diskcomponents of the operating system and applications.

w Provisioning Services Network Stack, which is a proprietary filter driver that isloaded over the NIC driver, allowing communications between the target devicesand the Provisioning Server.

w Provisioning Services SCSI Miniport Virtual Adapter, which is the driver that allowsthe vDisk to be mounted to the operating system on the target device.

w Provisioning Services Imaging Wizard, use to create the vDisk file and image theMaster Target Device.

w Virtual Disk Status Tray Utility, to provide general vDisk status and statisticalinformation. This utility includes a help system.

w Target Device Optimizer Utility, used to change target device setting to improveperformance.

Provisioning Services target device software is available for 32-bit and 64-bit Windowsand Linux operating systems.

To install Provisioning Services target device software on aWindows device1. Boot the Master Target Device from the local hard disk.

2. Verify that all applications on the device are closed.

3. Double-click on the appropriate installer. The product installation window appears.

4. On the Welcome dialog that displays, click Next, scroll down to the end, thenaccept the terms of the license agreement.


140

5. Click Next to continue, the Customer Information dialog appears.

6. Type your user name and organization name in the appropriate text boxes.

7. Select the appropriate install user option. The option you select depends on if thisapplication will be shared by users on this computer, or if only the user associatedwith this computer should have access to it.

8. Click Next, the Destination Folder dialog appears.

9. Click Next to install the target device to the default folder (C:\Program Files\Citrix\Provisioning Services). Optionally, click Change, then either enter the folder nameor navigate to the appropriate folder, and then click Next, then click Install. Theinstallation status information displays in the dialog.

Note: The installation process may take several minutes. While the installationprocess is running, you can click Cancel to cancel the installation and roll-backany system modifications. Close any Windows Logo messages that appear.

10. The "Installation Wizard Completed" message displays in the dialog when thecomponents and options have successfully been installed. Close the wizard window.If both .NET 3.0 SP1 or newer is installed and Windows Automount is enabled, theImaging Wizard will start automatically by default (for details, refer to Using theImaging Wizard on page 109).

11. Reboot the device after successfully installing product software and building thevDisk image.

To install Provisioning Services target device software on aLinux device1. Log on to the Linux system as root.

Note: The Linux target device requires root privileges and visual desktop, suchas gnome or KDE to install and execute properly.

2. Insert the product CD-ROM into your Linux target device’s CD-ROM drive. YourLinux target device should auto-mount the CD-ROM and a message should displayon your target device. If your Linux target device doesn’t auto-mount the CD-ROM,consult your Linux system documentation on how to mount CD-ROMs or DVDs.

3. Copy the PVS_LinuxDevice.run or PVS_LinuxDevice_x64.run file from the CD-ROMinto your /tmp directory.

4. Open a terminal shell/command shell and execute the appropriate Linux targetdevice software.

32-bit

# cd /tmp# sh PVS_LinuxDevice.run


141

64-bit

# cd /tmp# sh PVS_LinuxDevice_x64.runThe Terms and Conditions associated with this product license agreement appears.

Accept the license agreement, and then the installer prompts for a directorylocation to install the product software. The /root/citrix directory is recommended.

5. After the Linux utilities are installed to the hard disk, the installer prompts you toreboot your system. You can not begin the imaging phase until the target devicehas been rebooted.

The installer adds an entry into the GRUB boot loader. If GRUB is not used, youmust add the Provisioning Services kernel and initrd into your boot loader:

Kernel: vmlinuz-ardence

(This is a symbolic link which points to your distribution’s kernel)

Initrd: initrd-ardence

The boot loader prompts you with the Image target device option. Select thisoption when you are ready to image a target device after booting.

Adding Target Devices to the DatabaseTo create new target device entries in the Provisioning Services database, select one ofthe following methods:

w Using the Console to Manually Create Target Device Entries on page 142

w Using the Auto-Add Wizard on page 143

w Importing Target Devices Entries on page 143

After the target device exists in the database, you can assign a vDisk to the targetdevice (for details, refer to To assign a vDisk to a target device on page 113).

Using the Console to Manually Create Target Device Entries1. In the Console, right-click on the Device Collection where this target device is to

become a member, then select the Create Device menu option. The Target DeviceProperties dialog appears.

2. Type a name and the MAC address for this target device in the appropriate text boxes.

Note: If the target device is a domain member, use the same name as in theWindows domain. When the target device boots from the vDisk, the machinename of the device becomes the name entered. For more information about targetdevices and Active Directory or NT 4.0 domains, refer to “Enabling AutomaticPassword Management”.


142

3. Choose to either manually enter the device description, class, and bootinformation, or click the Get Template Properties... button to inherit theinformation from this collection's device template, including vDisk assignments.


Importing Target Devices EntriesTarget device entries can be imported into any device collection from a .csv file. Theimported target devices can then inherit the properties of the template target devicethat is associated with that collection. For details, refer to Importing Target Devicesinto a Collection on page 160.

Using the Auto-Add WizardThe Auto-Add Wizard automates the configuration of rules for automatically addingnew target devices to the Provisioning Services database using the Auto-Add feature.

The Auto-Add Wizard can be started at the Farm, Site, Collection or Device level. Whenstarted at a level lower than Farm, the wizard uses that choice as the default choice.For example, if it is started on a particular target device, it will:

w Select the Site for that Device as the Default Site choice in the combo-box.

w Select the Collection for that Device as the Default Collection choice in the combo-box.

w Select that Device as the Template Device choice in the combo-box.

The wizard displays each page with choices pre-selected based on the location that theAuto-Add Wizard was started from.

A Farm Admininistrator has the ability to turn Auto-Add on or off and to select thedefault Site.

A Site Admininistrator only has the ability to select the default site if the currentdefault site is a site in which that administrator is the Site Administrator. If the SiteAdministrator is not the Administrator of the currently selected default Site, then thatadministrator can only configure the sites they has access to.

To configure Auto-Add settings (the default collection of a site, template device for thedefault collection and target device naming rules):

1. On the Console, right-click on the farm, then select the Auto-Add wizard.The Welcome to the Auto-Add Wizard page appears.

2. Click Next.The Enable Auto-Add dialog appears.

Note: Only a farm administrator can change settings on this page.

3. Check the box next to Enable Auto-Add to enable this feature, then click Next.The Select Site page appears.


143

Note: Site administrators can only select sites to which they have permissions.

4. From the Site drop-down list, select the site where devices should be added, thenselect Next.The Select Collection page displays with the default collection selected.

5. Accept the default collection or select a different collection from the Collectiondrop-down list, then click Next.The Select Template Devices page appears.

6. Select the device to use as a template, so that new devices being added willinherit the existing target device's basic property settings, then click Next.

7. To view the selected device's properties, click Properties.A read-only dialog displays the selected device's properties. Close the dialog afterreviewing the properties.

8. Click Next.The Device Name page displays.

9. Enter a static prefix that helps identify all devices that are being added to thiscollection. For example: 'Boston' to indicate devices located in Boston.

Note: The prefix can be used in combination with the suffix, but is not required ifa suffix is provided. The entire device name can have a maximum of 15characters (the prefix length + number length + suffix length). For example, thefollowing device names are considered valid:

• Boston000Floor2 (prefix, incrementing number length, and suffix provided;the maximum of 15 characters has been reached)

• Boston000 (no suffix is provided)

• 000Floor2 (no prefix is provided)

The prefix cannot end with a digit.

10. Enter the length of the incrementing number to associate with the devices beingadded to this collection. This number is incremented as each device is added. Forexample, if the number length is set to '3', Provisioning Services starts naming at'001' and stops naming or adding devices after the number reaches '999'.

Note: Enable the Zero fill option to automatically add the necessary number ofpreceeding zeros to a numbers length. For example, if the numbers length is setto '4', than the first target device number would be assigned as '0001'.The number length must have a minimum of three digits and a maximum of 9digits.

11. Enter a static suffix that helps to identify all devices being added to thiscollection. For example: Boston001Floor2 might be helpful to indicate the floorwhere these devices reside.


144

The suffix can be used in combination with the prefix, but is not required if aprefix is provided.

The entire device name can have a maximum of 15 characters (the prefix length +number length + suffix length).

The suffix cannot start with a digit.

The prefix and suffix combination must be unique in each collection.

12. Click Next.The Finish dialog appears.

13. Review all Auto-Add wizard settings, then click Finish.Auto-Add is now configured.

Assigning vDisks to Target DevicesWhen a target device boots, the software on the vDisk that is assigned to that devicebecomes available.

If one vDisk is assigned to a target device and the Any Server option is set for thatvDisk, the Provisioning Server will choose the least busy server to service the device. Ifa specific server is selected, then that specific server will service the target device.

If multiple vDisks are assigned to a target device, the user is presented with a menu atBIOS time to select which vdisk to boot from. After this selection, the ProvisioningServer will use the Any Server or specific server option of the chosen vDisk to selectthe Provisioning Server used to service the device.

If the custom bootstrap and/or local HD is selected in the target device properties, theuser will be presented with a menu at BIOS time. The menu prompts to select to bootfrom the vDisk, custom bootstrap, or HD as appropriate.

Note: The quickest method for replacing or assigning a vDisk for a target devicewithin a collection is to select the vDisk in the Console, then drag-and-drop the vDiskonto a target device collection in the tree of a second Console window (open a newConsole window by selecting the New window from here right-click menu option foreither the device collection or the store that contains the vDisk you want to assign.)

To assign a vDisk to a target device:

1. In the Console tree, expand the Device Collections folder, then click on thecollection folder where this target device is a member. The target-device displaysin the details pane.

2. Right-click on the desired target device, then select Properties. The Target DeviceProperties dialog appears.

3. On the General tab, select from the Boot from options.

4. Click on the vDisks tab, then select the Add button within the vDisk for thisDevice section. The Assign vDisks dialog appears.


145

5. To locate vDisks to assign to this target device, select a specific store or serverunder the Filter options, or accept the default settings, which includes All Storesand All Servers.

6. In the Select the desired vDisks list, highlight the vDisks to assign, then click OK,then OK again to close the Target Device Properties dialog.

Set the Target Device as the Template for thisCollection

A target device can be set as the template for new target devices that are added to acollection. A new target device inherits the properties from the template targetdevice, which allows you to quickly add new devices to a collection.

To set a target device as the template device for a collection, in the Console, right-click on the target device, then select Set device as template.

Note: Disable the target device that serves as the template to permit all target devicesusing this template to be added to the database, but not permit the target device toboot. Target devices receive a message requesting that they first contact theadministrator before being allowed to boot. A ‘T’ appears in light blue on the deviceserving as the template. New target devices automatically have a name generated andall other properties will be taken from the default template target device. No userinteraction is required.

Copy and Paste Target Device PropertiesTo copy the properties of one target device, and paste those properties to other targetdevice members:

1. In the Console’s details pane, right-click on the target device that you want tocopy properties from, then select Copy device properties.The Copy Device Properties dialog appears.

2. Select the checkbox next to the properties that you want to copy, then click Copy.The properties are copied to the clipboard and the dialog closes.

3. Right-click on one or more target devices that will inherit the copied properties,then select the Paste menu option. The Paste Device Properties dialog appears.


Booting Target DevicesTo boot target devices:

1. Right-click on a collection to boot all target devices in the collection, or highlightonly those target devices that you want to boot within the collection tree, thenselect the Boot devices menu option.


146

The Target Device Control dialog displays with the Boot devices menu optionselected in the Settings drop-down menu.

2. Click the Boot devices button to boot target devices.The Status column displays the Boot Signal status until the target devicesuccessfully receives the signal, then status changes to Success.

Checking a Target Device's Status from the ConsoleThe target device status indicates whether it is currently active or inactive on thenetwork.

To check the status of a target device:

1. Double-click on the target device in the Console window, then select theProperties menu option.The Device Properties tab appears.

2. Select the Status tab and review the following status information:

• Current status (active or inactive)

• IP address

• Current Provisioning Server

• Current vDisk name

• Provisioning Server cache file size in bytes

Also, in the Console window, if the target device is active, the target device iconappears as a green computer screen. If the target device is inactive, the iconappears as a black computer screen.

Sending Messages to Target DevicesTo send a message to target devices members:

1. Right-click on the collection to send a message to all members within thecollection, or highlight only those target devices within the collection that shouldreceive the message, then select the Send message menu option.The Target Device Control dialog displays with the Message to devices menu optionselected in the Settings drop-down menu. Target devices are display in the Devicetable.

2. Type a message to display on target devices in the Message text box.

3. Click the Send message button.The Status column displays the Message Signal status until target devicessuccessfully receives the message, the status changes to Success.

Disabling a Target DeviceThe Disable Target Device feature prevents a new target devices from booting. Whenenabled, each time a new target device boots, if the Auto-add option is enabled, a


147

new record is automatically created in the database and the following message appearson the target device:

This target device has been disabled. Please Contact your systemadministrator.

Once contacted, the system administrator can validate the target device. After theadministrator disables the option, the target device can boot successfully.

To disable or enable a target device, in the Console, right-click on the target device,then select the Disable or Enable menu option.

Note: Enable the Disable target device option on the template target device, todisable all target devices as they are added to a collection.

Deleting Target DevicesTo delete a target device:

1. In the Console, right-click on the target devices you want to delete within thecollection (multiple selections can be made in the Details view), then select theDelete menu option.

2. Click Yes to confirm the delete request. The target device is deleted from thecollection and any associated views. However, the vDisk image file for the targetdevice still exists.

Shutting Down Target DevicesTo shutdown target devices:

1. Right-click on the collection to shut down all target devices within the collection,or highlight only those target devices that should be shut-down within a collection,then select the Shutdown devices menu option.The Target Device Control dialog displays with the Shutdown devices menu optionselected in the Settings drop-down menu. Target devices display in the Device table.

2. Type the number of seconds to wait before shutting down target devices in theDelay text box.


4. Click the Shutdown devices button to shutdown target devices.The Status column displays the shutdown signal status until the target device shutsdown. As each target device successfully shuts down, the status changes to Success.

Restarting Target DevicesTo restart target devices:


148

1. Right-click on a collection in the Console tree or highlight only those target devicesthat should be restarted within the collection, then select the Restart devicesmenu option.The Target Device Control dialog displays with the Restart devices menu optionselected in the Settings drop-down menu. Target devices display in the Device table.

2. Type the number of seconds to wait before restarting target devices in the Delaytext box.


4. Click the Restart devices button to restart target devices. The Status columndisplays the Restart Signal status until the target device successfully receives thesignal, then status changes to Success.

Moving Target Devices Between CollectionsA target device can be moved from one collection to another collection within a siteusing drag and drop in the Console’s details pane (drag the device(s) from onecollection, then drop the device into another collection). Alternatively, target devicescan be moved using the Move menu option.

To move a target device using the Move menu option:

1. In the Console, expand the collection, right-click on the target device in thedetails pane, then select the Move menu option.

2. From the drop-down menu, select the collection to move this target device into. Ifapplicable, apply the collection’s device template to the target device beingmoved, by enabling Apply target collection’s template device properties tomoved devices.

3. Click Move.

Using the Status Tray on a Target DeviceThe Virtual Disk Status Tray provides device and product edition information on thetarget device. The purpose of this tool is to aid in the management and troubleshootingof vDisks.

Note: This tool is installed automatically during the installation process.

Using the Virtual Disk Status Tray includes the following tasks:

w Starting the Virtual Disk Status Tray on page 149

w Setting Virtual Disk Status Tray Preferences on page 150

Starting the Virtual Disk Status TrayTo manually start the Virtual Disk Status tray, double-click on the Status Tray icon inthe System Tray. The Virtual Disk Status Tray dialog appears.


149

Setting Virtual Disk Status Tray PreferencesOn the General tab of the Virtual Disk Status dialog, the tray can be configured to runautomatically when the target device starts, or it can be manually started. You mayalso choose to have the Virtual Disk Status tray icon appear in your system tray.

To configure the Virtual Disk Status Tray, choose from the following methods:

w Configure the tray to appear automatically as each target device starts.

w Add the Virtual Disk Status tray icon to your system tray.

Configuring the tray to appear automatically as each target device starts

1. Start the Virtual Disk Status Tray, and then select the General tab.

2. Select the Automatically start this program checkbox under Preferences. The traystarts automatically the next time the target device boots.

Adding the Virtual Disk Status tray icon to your system tray

1. Start the Virtual Disk Status tray, and then select the General tab.

2. Select the Show icon in System Tray checkbox under Preferences. The Virtual DiskStatus tray icon appears in your system tray the next time the target device boots.

Managing Target Device PersonalityNormally, all target device’s sharing the same vDisk must have identical configurations.The Target Device Personality feature allows you to define data for specific targetdevices and make it available to the target device at boot time. This data can then beused by your custom applications and scripts for a variety of purposes.

For example, suppose you are using Provisioning Server to support PCs in threeclassrooms. Each classroom has its own printer, and you want the PCs in each classroomto default to the correct printer. By using the Target Device Personality feature, youcan define a default printer field, and then enter a printer name value for each targetdevice. You define the field and values under Target Device Properties. Thisinformation is stored in the database. When the target device boots, the device-specific printer information is retrieved from the database and written to an .INI file onthe vDisk. Using a custom script or application that you develop, you can retrieve theprinter value and write it to the registry. Using this method, each time a target deviceboots, it will be set to use the correct default printer in its classroom.

The number of fields and amount of data that you can define for each target device islimited to 64Kb or 65536 bytes per target device. Each individual field may be up to2047 bytes.

Target Device Personality Tasks

w Define personality data from a single target device using the Console

w Define personality data for multiple target device using the Console

w Using Target Device Personality Data


150

Define personality data from a single target device usingthe ConsoleTo define personality data for a single target device:

1. In the Console, right-click on the target device that you want to define personalitydata for, then select the Properties menu option.

2. Select the Personality tab.

3. Click the Add button. The Add/Edit Personality String dialog appears.

Note: There is no fixed limit to the number of field names and associated stringsyou can add. However, the limits to the total amount of personality data assignedto a single string (names and data combined) is approximately 2047 bytes. Also,the total amount of data contained in names, strings and delimiters is limited toapproximately 64Kb or 65536 bytes per target device. This limit is checked by theadministrator when you attempt to add a string. If you exceed the limit, a warningmessage displays and you are prevented from creating an invalid configuration.

Target device personality data is treated like all other properties. This data will beinherited when new target devices are added automatically to the database byeither the Add New Target Device Silently option, or with the Add New TargetDevice with BIOS Prompts option.

4. Enter a name and string value.

Note: You can use any name for the field Name, but you cannot repeat a fieldname in the same target device. Field names are not case sensitive. In otherwords, the system interprets “FIELDNAME” and “fieldname” as the same name.Blank spaces entered before or after the field name are automatically removed. Apersonality name cannot start with a $. This symbol is used for reserved valuessuch as $DiskName and $WriteCacheType.

5. Click OK.

To add additional fields and values, repeat Steps 5 and 6 as needed. When finishedadding data, click OK to exit the Target Device Properties dialog.

Define personality data for multiple target device using theConsoleDefine target device personality for multiple devices:

1. In the Console, right-click on the target device that has the personality settingsthat you want to share with other device, then select Copy. The Copy deviceproperties dialog appears.

2. Highlight the target devices in the details pane that you want to copy personalitysettings to, then right-click and select the Paste device properties menu.

3. Click on the Personality strings option (you may also choose to copy otherproperties at this time), then click Paste.


151

Using Target Device Personality DataOnce the file system becomes available to the target device, the personality data iswritten to a standard Windows .ini text file called Personality.ini. The file is stored inthe root directory of the vDisk file system for easy access by your custom scripts orapplications.

The file is formatted as follows:[StringData]FieldName1=Field data for first fieldFieldName2=Field data for second fieldThis file is accessible to any custom script or application. It can be queried by thestandard Windows .INI API. Additionally, a command line application, calledGetPersonality.exe, is provided to allow easier batch file access to the personalitysettings.

A target device’s vDisk name and mode can be retrieved using GetPersonality.exe. Thefollowing reserve values are included in the [StringData] section of the Personality.inifile:$DiskName=<xx>$WriteCacheType=<0 (Private image)All other values are standard image; 1 (Server Disk), 2 (Server Disk Encrypted), 3 (RAM), 4 (Hard Disk), 5 (Hard Disk Encrypted), 6 (RAM Disk), or 7 (Difference Disk). Min=0, Max=7, Default=0>The xx is the name of the disk. A vDisk name cannot start with a $. This symbol is usedfor reserved values such as $DiskName and $WriteCacheType. The following messagedisplays if a name that starts with $ is entered:A name cannot start with a $. This is used for reserve values like $DiskName and $WriteCacheType. The $DiskName and $WriteCacheType values can be retrieved on the target device using GetPersonality.exe.GetPersonality.exe

The command line utility GetPersonality.exe allows users to access the Target DevicePersonality settings from a Windows batch file. The program queries the INI file for theuser and places the personality strings in the locations chosen by the user.GetPersonality.exe supports the following command line options:GetPersonality FieldName /r=RegistryKeyPath <- Place field in registryGetPersonality FieldName /f=FileName <- Place field in fileGetPersonality FieldName /o <- Output field to STDOUTGetPersonality /? or /help <- Display helpExamples

Setting a Registry Key Value:

The example below retrieves the Target Device Personality data value from theDefaultPrinter field and writes it to the target device registry to set the default printerfor the device.


152

The Target Device Personality String Set in Target Device Properties is:DefaultPrinter= \\CHESBAY01\SAVIN 9935DPE/2035DPE PCL 5e,winspool,Ne03:A batch file run on the target device would include the following line:GetPersonality DefaultPrinter /r=HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Device

Note: The actual key name should be the UNC name of the network printer, such as \\dc1\Main, and the value that should be entered for the key would be similar towinspool,Ne01: where Ne01 is a unique number for each installed printer.

Setting Environment Variables:

Setting environment variables with personality data is a two-step process:

1. Use the GetPersonality command with the /f option to insert the variable into atemporary file.

2. Use the set command to set the variable. For example, to set the environmentvariable Path statement for the target device a personality name, as Pathnamecould be defined with the string value:%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft Office\OFFICE11\;C:\Program Files\Microsoft SQL Server\80\Tolls\BinnThe /f option creates a temporary file, allowing for a name to be assigned, in thiscase temp.txt. The following lines would then need to be included in the batch file:GetPersonality Pathname /f=temp.txtset /p Path= <temp.txt

Note: If the filename specified with the /f option already exists, GetPersonalitywill not append the line to the file. Instead, the existing line is overwritten in the file.


153


154

Chapter 11

Managing Device Collections

Topics:• Device Collection Properties

• Device CollectionManagement Tasks

Device collections provide the ability to create and managelogical groups of target devices. A device collection couldrepresent a physical location, a subnet range, or a logicalgrouping of target devices. Creating device collectionssimplifies device management by performing actions at thecollection level rather than at the target-device level.

Note: A target device can only be a member of one devicecollection.

Device collections are created and managed by farmadministrators, site administrators that have securityprivileges to that site, or device administrators that havesecurity privileges to that collection. For more information onadministrator roles, refer to Managing Administrative Roles onpage 69.

Expanding a Device Collections folder in the Console’s treeallows you to view members of a device collection. To displayor edit a device collection’s properties, right-click on anexisting device collection in the Console, then select theProperties menu option. The “Device Collection Properties”dialog displays and allows you to view or make modificationsto that collection.

To perform actions on members of a device collection, such asrebooting all target devices members in this collection, referto “Device Collection Management Tasks on page 159”.

155

Device Collection PropertiesDevice collection properties are located on the following tabs and described in thetables that follow.



w Auto-Add Tab on page 157

w Options on page 159


Name The name of this device collection.

Description Describes this device collection.

Template target device To use the settings of an existing targetdevice as the template to apply to alltarget devices that are added to thiscollection, select that device from thedrop-down menu, then click OK.


Groups with Device Administratoraccess

Assign or unassign device administratorsto this collection using Add or Remove.Device administrators can perform taskson all device collections to which theyhave privileges.

Groups with Device Operator access Assign or unassign device operators tothis collection using Add or Remove.Device operators have the followingprivileges:

w Boot and reboot a target device

w Shut down a target device

w View target device properties

Chapter 11 Managing Device Collections

156


w View vDisk properties for assignedtarget devices

Auto-Add TabField/Button Description

Template target device Displays the name of the target device,if a device was previously selected, or<No template device>, if a device wasnot selected.

Use the drop-down menu to select adevice to use as the template for addingnew devices to this collection.

To view a selected device's properties,click Properties (read-only dialogappears).

Prefix Enter a static prefix that helps identifyall devices that are being added to thiscollection. For example: 'Boston' toindicate devices located in Boston.

The prefix can be used in combinationwith the suffix, but is not required if asuffix is provided. The entire devicename can have a maximum of 15characters (the prefix length + numberlength + suffix length). For example, thefollowing device names are consideredvalid:

w Boston000Floor2 (prefix,incrementing number length, andsuffix provided; the maximum of 15characters has been reached)

w Boston000 (no suffix is provided)

w 000Floor2 (no prefix is provided)

The prefix cannot end with a digit.

The prefix and suffix combination mustbe unique in each collection.


157


Number Length Enter the length of the incrementingnumber to associate with the devicesbeing added to this collection. Thisnumber is incremented as each device isadded. For example, if the numberlength is set to '3', Provisioning Servicesstarts naming at '001' and stops namingor adding devices after the numberreaches '999'.

Enable the Zero fill option toautomatically add the necessary numberof preceeding zeros to a numbers length.For example, if the numbers length isequal to 3, than the first target devicenumber would be assigned as '001'.

Enable the Zero fill option toautomatically add the necessary numberof preceeding zeros to a numbers length.For example, if the numbers length is setto '4', than the first target devicenumber would be assigned as '0001'.

The number length must have aminimum of three digits and a maximumof 9 digits.

Suffix Enter a static suffix that helps toidentify all devices being added to thiscollection. For example:Boston001Floor2 might be helpful toindicate the floor where these devicesreside.

The suffix can be used in combinationwith the prefix, but is not required if aprefix is provided.

The entire device name can have amaximum of 15 characters (the prefixlength + number length + suffix length).

The suffix cannot start with a digit.

The prefix and suffix combination mustbe unique in each collection.


158


Last incremental number Indicates the last incremental numberthat was assigned to a device name inthis collection.

This number can be reset to '0' butcannot be lower than the highestnumber for the same Prefix/Suffixcombination.

OptionsField/Button Description

User Groups Enable user login to devices

Enable or disable User Groups fromlogging into target devices in thiscollection.

To permit a user to log in as a member ofa user group within this site, check thisbox (user groups are based on ActiveDirectory or Windows groups).

To prohibit all users that are memberswithin a user group from logging in,uncheck this checkbox. When disabled,if a member of a user group attempts tolog in, Provisioning Services allows theuser to log in using a vDisk that isassigned to the target device.

Device Collection Management TasksTo manage device collections, select from the following tasks:

w Creating a Device Collection on page 160

w Importing Target Devices into a Collection on page 160

w Deleting a Collection on page 161

w Refreshing a Collection in the Console on page 162

w Booting Target Devices within a Collection on page 162

w Restarting Target Devices within a Collection on page 162


159

w Shutdown Target Devices within a Collection on page 162

w Sending Messages to Target Devices within a Collection on page 163

w Moving Collections within a Site on page 163

w Accessing Auditing Information on page 245 for a collection

w Managing Microsoft MAK Volume Licensing on Target Devices on page 165 for targetdevices within a collection

Creating a Device CollectionTo create a new device collection:

1. In the Console, right-click on the Device Collections folder where the newcollection will exist, then select the Create device collection menu option.The Device Collection Properties dialog appears.

2. On the General tab, type a name for this new device collection in the Name textbox, and a description of this collection in the Description text box, then click theSecurity tab.

3. Under the Device Administrators list, click Add.The Add Security Group dialog appears.

4. To assign a group with the Device Administrator role, type or select theappropriate domain and group name in the text box, then click OK.

5. Optionally, repeat steps 2 and 3 to continue assigning groups as deviceadministrators.

6. Under the Device Operators list, click Add.The Add Security Group dialog appears.

7. To assign a group with the Device Operator role, type or select the appropriatedomain and group name in the text box, then click OK.

8. Optionally, repeat steps 2 and 3 to continue assigning groups as device operators.


Importing Target Devices into a CollectionThe Import Target Devices Wizard allows you to import target device information froma file. The target device information must first be saved as a .csv file, it can then beimported into a device collection.

Note: The .csv text file can be created with a .txt file, NotePad.exe or Excel. Itcontains one line per target device, which is formatted as follows:DeviceName,MAC-Address,SiteName,CollectionName,Descriptionwhere DeviceName=Name of new target device and MAC-Address= MAC addressof new device; such as 001122334455, 00-11-22-33-44-55, or 00:11:22:33:44:55.


160

The wizard can be accessed from the farm, site, and device collection right-clickmenus. If accessed from the site or collection, only those target devices in the importfile that match the site and collection by name, will be included in the import list.

The wizard also provides the option to automatically create the site or collection usingthe information in the file, if either does not already exist. There is also the option touse the default collection’s device template, if it exists for that collection.

A log file is generated with an audit trail of the import actions. The file is located in:

C:\Documents and Settings\All Users\Application Data\Citrix\Provisioning Services\log

To Import target devices into a Collection:

1. In the Console, right-click on the device collection that the target devices shouldbe imported to, then click Target Device>Import devices.The Import Target Devices Wizard displays.

2. Type or browse for the file to import. The target device information is read fromthe file and displays in the table below. Information can include the target devicename, MAC address, and optionally description.

3. Highlight one or more target devices to import. If applying the collection templateto the imported target devices, select the Apply collection template device whencreating devices checkbox.

4. Click Import to import the .csv text file containing target device information, intothe selected collection. The status column indicates if the import was successful.

Deleting a CollectionDeleting a collection deletes any target device member records within the collection.The records can be recreated by manually adding them or using the Auto-add feature.

Note: Deleting a target device also deletes that device from any views that it wasassociated with.

If target devices are members of collections within the same site, the members of onecollection can be dragged and dropped to other collections, then the original collectioncan be deleted. If a device collection needs to be moved to a different site or that sitebecomes obsolete, you can use the export and import features to add the devices to acollection in another site, then the original collection can be deleted.

To delete a collection:

1. In the Console tree, right-click on the collection folder that you want to delete,then select the Delete menu option. A confirmation message appears.

2. Click OK to delete this collection. The collection no longer displays in the Consoletree.


161

Refreshing a Collection in the ConsoleAfter making changes to a collection, it may be necessary to refresh the collectionbefore those changes appear in the Console. To refresh, right-click on the collection inthe tree, then select the Refresh menu option.

Booting Target Devices within a CollectionTo boot target devices within a collection:

1. Right-click on the collection in the Console tree, then select the TargetDevice>Boot menu option.The Target Device Control dialog displays with the Boot devices menu optionselected in the Settings drop-down menu. Target devices display in the Device table.

2. Click the Boot devices button to boot target devices. The Status column displaysthe Boot Signal status until the target device successfully receives the signal, thenstatus changes to success.

Restarting Target Devices within a CollectionTo restart target devices within a collection:

1. Right-click on the collection in the Console tree, then select the TargetDevice>Restart devices menu option.The Target Device Control dialog displays with the Restart devices menu optionselected in the Settings drop-down menu. Devices display in the Device table.



4. Click the Restart devices button to restart target devices. The Status columndisplays the restart signal status until the target device successfully receives thesignal, then status changes to Success.

Shutdown Target Devices within a CollectionTo shutdown target devices members within a collection

1. Right-click on the collection in the Console tree, then select the TargetDevice>Shutdown devices menu option.The Target Device Control dialog displays with the Shutdown devices menu optionselected in the Settings drop-down menu. Target devices display in the Device table.

2. Type the number of seconds to wait before shutting down target devices in theDelay text box. Type a message to display on target devices in the Message text box.


162

3. Click the Shutdown devices button to shutdown target devices. The Status columndisplays the shutdown signal status until the target device shuts down. As eachtarget device successfully shuts down, the status changes to Success.

Sending Messages to Target Devices within aCollection

To send a message to target device members within a collection

1. Right-click on the collection in the Console tree, then select the TargetDevice>Send message menu option.The Target Device Control dialog displays with the Message to devices menu optionselected in the Settings drop-down menu. Target devices display in the Device table.


3. Click the Send message button. The Status column displays the message signalstatus until the target device successfully receives the message, then the statuschanges to Success.

Moving Collections within a SiteTarget devices can be moved from one collection to another collection within the samesite.

To move a collection:

1. In the Console, expand the collection, right-click on the target device, then selectthe Move menu option.

2. From the drop-down menu, select the collection to move this target device into,then click OK to close the dialog.

Managing Microsoft KMS Volume LicensingMicrosoft provides two mechanisms for administering volume licenses. This sectiondescribes use of the Key Management Server (KMS) license keys with ProvisioningServices to apply volume licenses for Microsoft Server 2008, Windows 7 and Vista, aswell as Office 2010.

KMS volume licensing utilizes a centralized activation server that runs in thedatacenter, and servers as a local activation point (opposed to having each systemactivate with Microsoft over the internet).

The tasks involved in configuring a vDisk image to use KMS volume licensing andmanaging that vDisk in a Provisioning Services farm include:

w Enabling KMS licensing on the vDisk being created. This is accomplished by selectingthe KMS menu option on the Microsoft Volume Licensing tab when running theImaging Wizard (refer to Using the Imaging Wizard on page 109 for details).


163

w Preparing the New Base vDisk Image for KMS Volume Licensing on page 164

w Maintaining or Upgrading a vDisk Image that Uses KMS Volume Licensing on page164

Note: If KMS licensing was not configured on the vDisk when the Imaging Wizard wasrun, it can alternatively be configured using the Console user interface (refer to the vDisk Properties on page 103, or the MCLI and PowerShell command-line interfaces(refer to the MCLI or PowerShell Programmers Guide for details).

Preparing the New Base vDisk Image for KMS VolumeLicensingAfter a vDisk is created using the Imaging Wizard, it must be reset to a non-activatedstate using the rearm command.

It is important to perform this operation on a system booted from the vDisk in PrivateImage mode so that the master target device hard disk's rearm count is not reduced.

Note: Microsoft limits the number of times you can run rearm on an installed OSimage. The operating system will need to be reinstalled if the number of allowed rearmattempts is exceeded.

1. Boot the target device from the vDisk in Private Image Mode to rearm.

• For Windows Vista, 7, 2008, and 2008R2 run: cscript.exe slmgr.vbs -rearm

• For Office 2010: Program Files(x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE

2. Shutdown the target device.

3. Set the vDisk mode to Standard Image mode.

4. Stream the vDisk to one or more target devices.

Maintaining or Upgrading a vDisk Image that Uses KMSVolume LicensingTo maintain or upgrade a vDisk image that is configured to use KMS volume licensing:

1. Set the vDisk mode to Private Image mode.

2. Stream the vDisk to a target device.

3. Apply the OS/application service pack/update, then shutdown the target device.

4. Set the vDisk mode back to Shared Image mode.

5. Stream the vDisk to the target device in Shared Image mode.

Note: If Office 2010 is installed as vDisk update, or after vDisk has gone throughbase disk preparation once, then the base disk preparation needs to be repeatedas follows:


164

a. In the Console, right-click on the vDisk, then select the File Propertiesmenu option. The vDisk File Properties dialog appears.

b. Click on the Microsoft Volume Licensing tab, then change the licensingoption from KMS to None.

c. On the Mode tab, set the vDisk access mode to Private Image mode.

d. PXE boot to the vDisk in Private Image mode to rearm:

w For Office 2010: Program Files(x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE

w Repeat for Windows Vista, 7, 2008, and 2008R2 run: cscript.exeslmgr.vbs -rearm

e. Shutdown the target device.

f. In the Console, right-click on the vDisk, then select the File Propertiesmenu option. The vDisk Properties dialog appears.

g. Click on the Microsoft Volume Licensing tab, then change the license optionfrom None to KMS.

h. On the Mode tab, set the vDisk access mode to Shared Image mode.

i. Stream the vDisk to the target devices.

Managing Microsoft MAK Volume Licensing onTarget Devices

Microsoft provides two mechanisms for administering volume licenses. This sectiondescribes the use of Multiple Activation Keys (MAKs). A MAK corresponds to a certainnumber of purchased OS licenses. The MAK is entered during the installation of the OSon each system, which activates the OS and decrements the count of purchasedlicenses centrally with Microsoft. Alternatively, a process of 'proxy activation' is doneusing the Volume Activation Management Toolkit (VAMT). This allows activation ofsystems that do not have network access to the internet. Provisioning Servicesleverages this proxy activation mechanism for Standard Image mode vDisks that haveMAK licensing mode selected when the vDisk is created.

Note: In order for MAK licensing to work, the Volume Activation Management Tool(VAMT) must be installed on all login servers within a farm. This tool is available from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ec7156d2-2864-49ee-bfcb-777b898ad582&displaylang=en.

MAK licensing tasks include:

w Setting the vDisk's licensing mode on page 166

w Entering MAK User Credentials on page 166

w Activating target devices that use MAK enabled vDisks on page 166


165



w Maintaining MAK Activations on page 167

Setting the vDisk's licensing mode

A vDisk can be configured to use Microsoft Multiple Activation Key (MAK) licensing whenthe Imaging Wizard is run (refer to Using the Imaging Wizard on page 109). If MAKlicensing was not configured when the Imaging Wizard was run, the vDisk's licensingmode property can be set using the Console, MCLI, or PowerShell user interface. Thelicensing mode should be set before attempting to activate target devices.

Note: For information on using the command-line interfaces, refer to the MCLI orPowerShell Programmers Guide.

Entering MAK User Credentials

Before target devices that use MAK enabled vDisks can be activated, MAK usercredentials must be entered for a site.

Note: The user must have administrator rights on all target devices that use MAKenabled vDisks and on all Provisioning Servers that will stream the vDisks to targetdevices.

To enter credentials:

1. Right-click on the site where the target devices exist, then select the Propertiesmenu option.

2. On the MAK tab, enter the user and password information in the appropriate textboxes, then click OK.

Activating target devices that use MAK enabled vDisks

After a vDisk is configured for MAK volume licensing and user credentials have beenentered, each booted target device that uses the vDisk needs to be activated with a MAK.

Note: After all licenses for a given MAK have been used, a new key will be required inorder to allow additional target devices that share this vDisk image to be activated.

To activate target devices that use MAK volume licensing from the Console:

1. Boot all target devices that are to be activated.

2. In the Console, right-click on the collection or view that includes target devicesthat require MAK license activation, then select the Manage MAK Activations...menu option.The Manage MAK Activations dialog appears.

3. In the Multiple activation key text box, enter the MAK to be used to activate thetarget devices.

4. The number of booted target devices that require activation, display on the dialog.From the list of booted devices, check the box next to each target device thatshould be activated.


166

5. Click OK to activate licensing for all selected target devices (do not close thedialog until the activation process is completed. The process can be stopped byclicking the Cancel button. Closing the dialog before the activation processcompletes stops the process and may result in some target devices not beingactivated).The Status column indicates if a target device is currently being activated(Activating) or the activation failed (Failed). If all target devices were activatedsuccessfully, click OK to close the dialog. After the activation process completes, ifone or more target devices were not selected to be activated, or if devices werenot activated successfully, the dialog displays listing any unactivated devices. Afterresolving any issues, repeat this step to activate the remaining target devices.

Note: The Manage MAK Activations... option does not display after all currentlybooted target devices have been successfully activated.

Maintaining MAK Activations

When a target device has a MAK activated vDisk assigned, unassigning it removesany saved MAK reactivation information. If the vDisk is reassigned in the future,the target device will not reactivate. To prevent the loss of MAK activation, do notunassign the activated disk from the target device.

To change a target device's vDisk, without losing the MAK activation, select one ofthe following methods:

a. Assign more than one vDisk to the target device and set the default accordingly.

b. Assign additional vDisks to the target device and temporarily disable the MAKactivated vDisk.

To update a MAK activated vDisk, the AutoUpdate feature must be used so that theMAK activation information, required for shared device reactivation, is maintained.

Additional MAK considerations:

• Use of manual vDisk updates (unassigning one vDisk and reassigning anothervDisk) will result in the loss of the required MAK activation information and willrequire a new activation, which would consume another license.

• Use of AutoUpdate to deploy a new vDisk, from a different OS install than theprevious vDisk, will result in mismatched MAK activation information. In thiscase, a new activation must be performed from the command line interface, asonly unactivated target devices can be activated from the MMC console.


167


168

Chapter 12

Managing User Assigned vDisks

Topics:• User Group Properties

• Managing User Group vDiskAssignments

By default, vDisks are assigned to target devices. The UserAssigned vDisks feature allows farm and site administrators toassign vDisks to the user, based on that user’s existing ActiveDirectory or Windows Workgroups memberships.

Note: Refer to http://technet.microsoft.com/en-us/library/cc756101.aspx for Active Directory limitations and guidelines.

After an administrator creates new user groups, they assignone or more vDisks to that user group. Having vDisks assignedto a user group allows users to log in from different targetdevices to get their vDisk(s) in a Provisoning Servicesimplementation. When a user group log in is enabled on aDevice Collection, the user can log in using any target devicewithin that collection.

When a target device first boots, Provisioning Servicesdetermines if that device is a member of a collection that hasthe user groups feature enabled. If the device is not amember of a collection that has the user groups enabled, thetarget device boots using the vDisk that was assigned to thattarget device. If the device is a member of a collection thathas user groups enabled, the user is prompted to login usingtheir username and domain. When the user logs in,Provisioning Services checks if that user has one or more usergroups associated with it. If a user group exists, that usergroup’s vDisk is provided. If multiple vDisks are assigned tothe user group, the user is presented with a menu listing allvalid vDisk options to choose from.

Note:The user and domain name are not used for securitypurposes. The user and domain name are only used toidentify user group associations, which determines vDiskassignments. User authentication is only performed whenrequesting vDisks assigned to the target device.

A user group can have a maximum of ten vDisk assignments.

Database caching is not supported when using the UserGroup feature.

169

Each target device maintains its own Difference Disk, whichdoes not follow the user from machine to machine, andnumerous users using the same device all keep their dataon the same Difference Disk file. Therefore, if using boththe Difference Disk and User Group features, the userexperience may differ from target device to target device.

User groups only appear in the Console for Farm and SiteAdministrators.

Expand the User Groups icon in the Console tree to view alluser groups within a selected site. To display or edit a usergroup’s properties, right-click on an existing user group in theConsole, then select the Properties menu option. The UserGroup Properties on page 171 dialog displays and allows youto view or make modifications to that user group.

To perform actions on user groups, refer to Managing UserGroup vDisk Assignments on page 171.

Chapter 12 Managing User Assigned vDisks

170

User Group PropertiesUser group properties are described in the tables that follow.


Name The name of this user group.

Description Describes this user group.

Class Class name used for matching new vDiskimages to the appropriate user groupswhen using the Image Update and theManaged Disk feature. Up to 40characters can be entered.

Disable this user group Check to disable this user group;uncheck to enable this user group. Ifdisabled, a target device uses the vDiskassigned at the target device level.

vDisks TabField/Button Description

vDisks for this user group Click Add to add vDisks to this usergroup from the vDisk drop-down list.

Click Remove to remove vDisks thathave been made available to this usergroup. Remove does not delete thephysical vDisk.

Managing User Group vDisk AssignmentsTo manage user groups, select from the following tasks:

w Enabling or Disabling User Group Management for a Collection on page 172

w Creating a User Group on page 172

w Enabling or Disabling User Groups on page 173

w Deleting User Groups on page 173


171

w Assigning a vDisk to a User Group on page 173

w Unassigning User Groups From vDisks on page 173

Enabling or Disabling User Group Management for aCollection

To enable or disable user group management for a collection:

1. Right-click on the collection in the Console tree, then select the Properties menuoption.

2. Select the Options tab.

3. Under User Groups, check or un-check the Enable user login to devices option toenable or disable this feature.

4. Click OK.

To disable select user groups within a collection, refer to Enabling or Disabling UserGroups.

Creating a User GroupTo create a new user group:

1. In the Console, expand the site where the user group is to be created.

2. Right-click User Groups, then select the Create User Group... menu. The UserGroup Name dialog appears.

3. In the Groups to search for textbox, leave the text box set to the default ‘*’ todisplay all security groups. To display select groups, type part of the name usingwildcards ‘*’. For example, if you want to see MY_DOMAIN\Builtin\Users, typeUser*, Users, or *ser*. However, if you type MY_DOMAIN\Builtin\*, you will getall groups, not just those in the MY_DOMAIN\Builtin path option.

4. Under Select the name to use, highlight the security group to add to this usergroup, then click OK. The User Group Properties dialog appears.

5. On the General tab, type a description of this user group in the Description text box.

6. In the Class textbox, type the class name to associate with this user group. WhenvDisk updates for vDisks of this class are made, they are correctly applied to vDisksused by this user group.

7. Verify that the Disable this user group checkbox is not selected so that usersassociated with this user group have that groups’ vDisks and personality stringsavailable at boot time.

8. Click OK.


172

Enabling or Disabling User GroupsTo enable or disable user groups, right-click on the user group in the Console tree, thenselect either the Enable or Disable menu option.

To disable all user groups within a collection, refer to Enabling or Disabling User GroupManagement for a Collection.

Deleting User GroupsDeleting a user group deletes the user group from the Site, but not from ActiveDirectory or Windows.

To delete a user group from a site, right-click on the user group in the Console tree,then select the Delete menu option.

Assigning a vDisk to a User GroupIt is easy to quickly assign selected user groups to a particular vDisk, or to assign aselected vDisk to all user groups within a Site.

To assign a vDisk to a user group:

1. In the Console tree, expand the Sites folder, then expand the appropriate sitewhere this user group resides.

2. Click the User Groups folder. All user groups display in the details pane.

3. Right-click on the desired user group, then select Properties. The User GroupProperties dialog appears.

4. Click on the vDisks tab, then select the vDisks to make available to this targetdevice, then click OK. The Console’s drag-and-drop or copy-and-paste feature canalso be used to assign vDisks to a user group.

5. Enabling multiple vDisks will cause a boot menu to display when the user logs in,allowing the user to select the appropriate boot method.

To assign a vDisk all user groups in a site, in the Console, drag a highlighted vDisk in thedetails pane, and then drop it on the User Groups node in the tree for that site.

Unassigning User Groups From vDisksIt is easy to quickly unassign selected user groups from a particular vDisk, or tounassign a selected vDisk from all user groups within a Site.

To unassign a select user groups from a vDisk:

1. Right-click on the vDisk in the Console, then select Unassign from SelectedUser Group. The Unassign from User Group dialog appears.


173

2. Under User groups from which to unassign, check the box next to each user groupthat should be unassigned, or click Select all to unassign all user groups from thisvDisk.

3. Click Unassign. A confirmation message appears.

4. Click Yes to continue. The unassign status appears in the unassign status log below.

To unassign a vDisk from all user groups within a Site:

1. Right-click on the vDisk in the Console, then select Unassign from All Site UserGroup(s)...

2. A confirmation message appears. Click Yes to continue.


174

Chapter 13

Managing Views

Topics:• View Properties

• Managing Views in theConsole

The Console’s Views feature provides a method that allowsyou to quickly manage a group of devices. Views are typicallycreated according to business needs. For example, a view canrepresent a physical location, such as a building or user type.Unlike device collections, a target device can be a member ofany number of views.

Farm administrators can create and manage views in theConsole tree’s Farm>Views folder. Farm views can include anytarget device that exists in this farm. Site administrators cancreate and manage views in the Console tree’sFarm>Sites>YourSite>Views folder. Site views can only includetarget devices that exist within that site (YourSite).

To display or edit a views properties, right-click on an existingview in the Console, then select the Properties menu option.The View Properties on page 176 dialog displays and allowsyou to view or make modifications to that view.

To perform actions on all members of a view, such asrebooting all target devices members in this view, refer to Managing Views in the Console on page 176.

175

View PropertiesTo display or edit the properties of an existing view, right-click on the view in theConsole, then select the Properties menu option. The View Properties on page 176dialog displays and allows you to view or make modifications to that view.

View properties are described in the tables that follow.


Name The name given to this view.

Description Describes the purpose of this view.

Members TabField/Button Description

Members of this view Lists target device members that belong to this view.

Add button Opens the Select Devices dialog, from which targetdevices to add to this view are selected.

Remove button Removes highlighted target devices from this view.

Remove All button Removes all target devices from this view.

Managing Views in the ConsoleTo manage views, select from the following actions:

w Creating a View on page 177

w Pasting Device Properties on page 177

w Deleting a View on page 178

w Refreshing a View on page 178

w Booting Devices within a View on page 178

w Restarting Devices within a View on page 178

w Shutdown Devices within a View on page 178

w Sending Messages to Target Devices within a View on page 179

Chapter 13 Managing Views

176

w Managing Microsoft KMS Volume Licensing on page 163

w Managing Views in the Console on page 176

w Active Directory; to use the Views feature with the Active Directory Managementfeature, refer to Managing Active Directory on page 213.

Creating a View1. In the Console, right-click on the Views folder where the new view will exist, then

select the Create view menu option. The View Properties dialog appears.

2. On the General tab, type a name for this new view in the Name text box and adescription of this view in the Description text box, then click the Members tab.

3. Click the Add button to add new target device members to this view. The SelectDevices dialog appears.

4. From the drop-down menus, select the site, then the device collection that youwant to add target device(s) from. All members of that device collection appear inthe list of available target devices.

5. Highlight one of more target devices in this collection, then click Add to add themto the new view. To add additional target devices from other device collections,repeat steps 4 and 5.

6. Click OK to close the dialog. All selected target devices now display on theMembers tab.

Pasting Device PropertiesTo copy the properties of one target device, and paste those properties to targetdevice members within a view, complete the steps that follow.

To paste device properties to members in a view:

1. In the Console’s details pane, right-click on the target device that you want tocopy properties from, then select Copy device properties. The Copy DeviceProperties dialog appears.

2. Select the checkbox next to the properties that you want to copy, then click Copy.The properties are copied to the clipboard and the dialog closes.

3. Right-click on the view containing the target devices that will inherit the copiedproperties, then select the Paste device properties menu option. The PasteDevice Properties dialog appears displaying the name and properties of the targetdevice that were copied.

4. Under the Paste to... table heading, highlight the target devices that will inheritthese properties, then click Paste.



177

Deleting a ViewIf a view becomes obsolete, you can delete the view. Deleting a view does not deletethe target device from the collection.

1. In the Console’s tree, right-click on the view folder that you want to delete, thenselect the Delete menu option. A confirmation message appears.

2. Click OK to delete this view. The view no longer displays in the Console tree.

Refreshing a ViewAfter making changes to a view, it may be necessary to refresh the view before thosechanges appear in the Console. To refresh the view, right-click on the view in the tree,then select the Refresh menu option.

Booting Devices within a View1. Right-click on the view in the Console tree, then select the Boot devices menu

option. The Target Device Control dialog displays with the Boot devices menuoption selected in the Settings drop-down menu. By default, all devices arehighlighted in the Device table.

2. Click the Boot devices button to boot target devices. The Status column displaysthe Boot Signal status until the target device boots. As each target devicesuccessfully boots, the status changes to Success.

Restarting Devices within a View1. Right-click on the view in the Console tree, then select the Restart devices menu

option. The Target Device Control dialog displays with the Restart devices menuoption selected in the Settings drop-down menu. By default, all devices arehighlighted in the Device table.



4. Click the Restart devices button to restart target devices. The Status columndisplays the Restart Signal status until the target device restarts. As each targetdevice successfully restarts, the status changes to Success.

Shutdown Devices within a View1. Right-click on the view in the Console tree, then select the Shutdown devices

menu option. The Target Device Control dialog displays with the Shutdown devices


178

menu option selected in the Settings drop-down menu. By default, all devices arehighlighted in the Device table.

2. Type the number of seconds to wait before shutting down target devices in theDelay text box.


4. Click the Shutdown devices button to shutdown target devices. The Status columndisplays the Shutdown Signal status until the target device shuts down. As eachtarget device successfully shuts down, the status changes to Success.

Sending Messages to Target Devices within a ViewTo send a message to target devices members within a view:

1. Right-click on the view in the Console tree, then select the Send message menuoption. The Target Device Control dialog displays with the Message to devicesmenu option selected in the Settings drop-down menu. By default, all devices arehighlighted in the Device table.


3. Click the Send message button. The Status column displays the Message Signalstatus until target devices receive the message. As each target device successfullyreceives the message, the status changes to Success.


179


180

Chapter 14

Managing Network Components

Topics:• Preparing Network Switches

• Using UNC Names

• Reducing Network Utilization

• Managing Roaming UserProfiles

• Booting Through a Router

• Updating NIC Drivers

• Managing and Accessing aLUN Without Using aNetwork Share

The tasks necessary to maintain and manage the networkcomponents within your streaming implementation include:

w Preparing Network Switches on page 182

w Using UNC Names on page 182

w Reducing Network Utilization on page 184

w Managing Roaming User Profiles on page 188

w Booting Through a Router on page 191

w Updating NIC Drivers on page 193

w Managing and Accessing a LUN Without Using a NetworkShare on page 194

181

Preparing Network SwitchesNetwork switches provide more bandwidth to each target device and are very commonin networks with large groups of users. The use of Provisioning Services in the networkmay require changes to switch configurations. When planning an implementation, givespecial consideration to managed switches.

Note: For Provisioning Services networks, you must specify all network switch portsto which target devices are connected as edge-ports.

Managed switches usually offer loop detection software. This software turns off a portuntil the switch is certain the new connection does not create a loop in the network.While important and useful, the delay this causes prevents your target devices fromsuccessfully performing a PXE boot.

This problem manifests itself in one of the following ways:

w Target device (not Windows) login fails.

w Target device appears to hang during the boot process.

w Target device appears to hang during the shutdown process.

To avoid this problem, you must disable the loop detection function on the ports towhich your target devices are connected. To do this, specify all ports to which targetdevices are connected as edge-ports. This has the same effect as enabling the fast linkfeature in older switches (disables loop detection).

Note: A network speed of at least 100MB is highly recommended. If using a 10MBhub, check whether your network card allows you to turn off auto-negotiation. This canresolve potential connection problems.

Switch ManufacturersThis feature is given different names by different switch manufacturers. For example:

w Cisco; PortFast or STP Fast Link

w Dell; Spanning Tree Fastlink

w Foundry; Fast Port

w 3COM; Fast Start

Using UNC NamesA Universal Naming Convention (UNC) format name defines the location of files andother resources that exist on a network. UNC provides a format so that each sharedresource can be identified with a unique address. UNC is supported by Windows andmany network operating systems (NOSs).

Chapter 14 Managing Network Components

182

With Provisioning Services, UNC format names can be used to specify the location ofthe OS Streaming database for all Provisioning Servers, and to specify the location of aparticular vDisk.

SyntaxUNC names must conform to the \\SERVERNAME\SHARENAME syntax, where SERVERNAMEis the name of the Provisioning Server and SHARENAME is the name of the shared resource.

UNC names of directories or files can also include the directory path under the sharename, with the following syntax:

\\SERVERNAME\SHARENAME\DIRECTORY\FILENAMEFor example, to define the folder that contains your configuration database file in thefollowing directory:

C:\Program Files\Citrix\Provisioning Services

On the shared Provisioning Server (server1), enter:

\\server1\Provisioning Services

Note: UNC names do not require that a resource be a network share. UNC can alsobe used to specify a local storage for use by only a local machine.

Accessing a Remote Network ShareTo access a remote network share using a UNC format name, the Stream Service musthave a user account name and password on the remote system.

To use a UNC name to access a remote network share:

1. On the Provisioning Server, create a user account under which the Stream Servicewill run. This account MUST have a password assigned, otherwise the StreamService will not be able to log in correctly. Your Stream Service can share the sameuser account and password, or separate user accounts and passwords can be set upfor each service.

2. Share the vDisk and configuration database folders. In Windows Explorer, right-click on the folder, then select Properties. Click the Sharing tab, then select theShare this folder radio button. Enter or select a Share name.

3. Make sure permissions are set to allow full control of all files in the vDisk folderand database folder. Click the Permissions button on the Sharing tab, or click theSecurity tab, then set the correct permissions.

Note: In XP it may be necessary to turn off simple sharing, so that you candisplay the Security tab of the Folder Properties dialog to give permissions tothe proper user (the user defined in Step 1 above, or everyone). To turn off simplesharing, select Start>All Programs>Control Panel. Double-click Folder


183

Options. On the View tab, under Advanced settings, clear the Use simple filesharing (Recommended) checkbox.

4. For the Stream Service, complete Steps 4-A and 4-B:

• Go to Control Panel>Computer Management>Component Services, right clickon the Stream Service, and select Properties.

• Click the Log On tab. Change the Log on as: setting to This Account, and setup the service to login to the user and password configured in Step 1.

5. Verify that all Stream Services are restarted. The Configuration Wizard does thisautomatically. Stream Services can also be started from the Console or from theControl Panel.

Note: The Stream Service cannot access folders using a mapped drive letter for thedirectory, since the mapped drives do not yet exist when the services start at boottime. Do not use a mapped drive letter to represent the vDisk or database-locationdirectories when configuring Stream Services.

Reducing Network UtilizationWindows provides several features that presume the use of a large, fast hard-disk.

w Configuring the Recycle Bin on page 185

w Configuring Offline Folders on page 185

w Configuring Event Logs on page 186

w Configuring System Restore on page 187

w Configuring Logical Prefetch on page 187

w Configuring Automatic Disk Defragmentation on page 187

While many of these features can also be useful on a diskless system where the disk isactually on the network, using them decreases cache effectiveness and therebyincreases network utilization. In an environment that is sensitive to networkutilization, consider reducing the effect of these features by disabling them oradjusting their properties.

In particular, System Restore and Offline Folders are not useful on a diskless system andcan be detrimental to the performance of Windows on a diskless system. ProvisioningServices provides a clearer, more reliable, and simpler restore point than SystemRestore by simply rebooting the target device. Offline Folders cache network files — afeature that is not applicable to a system where all files are on the network.

All of these features are configurable through the target device itself (for details, referto Configuring Windows features on a Standard vDisk on page 185). The followingfeatures are configurable in the Windows Group Policy.

w Offline Folders


184

w Event Logs

Configuring Windows features on a Standard vDisk1. Prepare a Standard Image vDisk for configuration.

• Shutdown all target devices that use the Standard Image vDisk.

• From the Console, change the Disk Access Mode to Private Image.

• Boot one target device.

2. Configure one or more features.

3. Prepare the Standard Image vDisk for use

• Shutdown the target device previously used to configure the vDisk.

• From the Console, change the Disk Access Mode to Standard Image.

• Boot one or more target devices.

Configuring the Recycle BinDisabling the Recycle Bin deletes files immediately. Consequently, the file systemreuses respective disk sectors and cache entries sooner.

To configure the Recycle Bin:

1. From the target device, or Windows Explorer, right click on the Recycle Bin.

2. Select Properties.

3. Select Global.

4. Select from the following settings:

• Use one setting for all drives

• Do not move files to the Recycle Bin. Remove files immediately when deleted.

Configuring Offline FoldersThe disabling of Offline Folders is strongly recommended to prevent Windows fromcaching network files on its local disk – a feature with no benefit to a diskless system.Configure this feature from the target device or Windows Group Policy.

To configure from the target device:

1. Open Windows Explorer.

2. Select Tools>Folder Options.

3. Select Offline Folders.

4. Uncheck Enable Offline Folders.

To configure using the Windows Group Policy:


185

On the domain controller, use the Microsoft Management Console with the Group Policysnap-in, to configure the domain policies for the following:

Object User Configuration\Administrative Templates\Network\Offline Files

Policy

Setting

Disable user configuration of offline files

Enabled

Policy

SettingSynchronize all offline files before logging off

Disabled

Policy

Setting

Prevent use of the Offline Files folder

Enabled

Configuring Event LogsReduce the maximum size of the Application, Security, and System logs. Configure thisfeature using the target device or Windows Group Policy.

To configure event logs, on the target device:

1. Select Start>Settings>Control Panel.

2. Open Administrative Tools>Event Viewer.

3. Open the properties for each log.

4. Set the Maximum log size to a relatively low value. Consider 512 kilobytes.

To configure using the Windows Group Policy:

On the domain controller, use the Microsoft Management Console with the Group Policysnap-in to configure the domain policies for the following object:

Object Computer Configuration\Windows Settings\Event Log\Settings for EventLogs

Policy

Setting

Policy Maximum Application Log Size

Relatively low value. Consider 512 kilobytes.

Policy

SettingMaximum Security Log Size

Relatively low value. Consider 512 kilobyte.

Policy

Setting

Maximum System Log Size

Relatively low value. Consider 512 kilobytes.


186

Configuring System RestoreThe disabling of System Restore is strongly recommended to prevent Windows XP fromstoring any restore points that result in large disk files. Provisioning Services providesan inherent restore feature whenever the target device reboots.

On Windows XP, disable System Restore:

1. Select Start, then Control Panel.

2. Open System.

3. Select System Restore.

4. Check Turn off System Restore.

Configuring Logical PrefetchDisabling Logical Prefetcher prevents Windows XP from caching additional files.

To disable logical prefetcher, set the following registry value to 0 (zero):

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\MemoryManagement\PrefetchParameters\EnablePrefetcher

Configuring Automatic Disk DefragmentationDisabling Automatic Disk Defragmentation prevents Windows XP from filling the vDiskwrite cache by automatically de-fragmenting the vDisk during boot time.

To disable automatic disk defragmentation, set the following registry key value data:

Key HKEY_LOCAL_MACHINE\Microsoft\Dfrg\BootOptimizeFunctionValue Name EnableValue Type REG_SZValue Data N

Disabling Windows Automatic UpdatesIf you have the Windows Automatic Updates service running on your target device,Windows periodically checks a Microsoft Web site and looks for security patches andsystem updates. If it finds updates that have not been installed, it attempts todownload them and install them automatically. Normally, this is a useful feature forkeeping your system up-to-date. However, in a Provisioning Services implementationusing Standard Image mode, this feature can decrease performance, or even causemore severe problems. This is because the Windows Automatic Updates servicedownloads programs that fill the write cache. When using the target device’s RAMcache, filling the write cache can cause your target devices to stop responding.


187

Re-booting the target device clears both the target device and Provisioning Serviceswrite cache. Doing this after an auto-update means that the Automatic Updateschanges are lost, which defeats the purpose of running Automatic Updates. (To makeWindows updates permanent, you must apply them to a vDisk while it is in PrivateImage mode).

To prevent filling your write cache, make sure to disable the Windows AutomaticUpdates service for the target device used to build the vDisk.

To disable the Windows Automatic Updates feature:

1. Select Start>Settings>Control Panel>Administrative Tools.

2. Select System.

3. Click the Automatic Updates tab.

4. Select the Turn Off Automatic Updates radio button.

5. Click Apply.

6. Click OK.

7. Select Services.

8. Double-click the Automatic Updates service.

9. Change the Startup Type by selecting Disabled from the drop-down list.

10. If the Automatic Updates service is running, click the Stop button to stop the service.

11. Click OK to save your changes.

To make Windows updates permanent:

1. Shutdown all target devices that share the vDisk.

2. Change the vDisk mode to Private image.

3. Boot one target device from that vDisk.

4. Apply Windows updates.

5. Shutdown the target device.

6. Change vDisk mode to Standard image.

7. Boot all target devices that share this vDisk.

Managing Roaming User ProfilesA Roaming User Profile is a user profile that resides on a network share. It consists offiles and folders containing the user’s personal settings and documents. When a userlogs on to a target device system in the domain, Windows copies the respective profilefrom a network share to the target device’s disk. When the user logs off, Windowssynchronizes the user profile on the target device’s hard disk with the user profile onthe network share.

For a diskless target device, its disk is actually a vDisk residing in shared storage.Consequently, the profile returns back to the shared storage containing the vDisk. Since


188

the persistent user data always resides on shared storage, Windows does not need todownload the profile. This saves time, network bandwidth, and file cache. Since someof the files included in the profile can grow very large, the savings can be significant.

Using Roaming User Profiles with diskless systems effectively involves configuringrelevant policies and using Folder Redirection.

Although unrelated to Roaming User Profiles, the Offline Folders feature affectsdiskless systems similarly. Disabling this feature avoids the same effects.

On the domain controller, use the Microsoft Management Console with the Group Policysnap-in to configure the domain policies for the following objects.

Configuring Roaming User ProfilesConfiguring Roaming User Profiles for diskless systems enables roaming without havingto download potentially large files in the profile.

On the domain controller, use the Microsoft Management Console with the Group Policysnap-in to configure the domain policies for the following objects.

To prevent the accumulation of Roaming User Profiles on a vDisk:

Object Computer Configuration\Administrative Templates\System\Logon

Policy Delete cached copies of roaming profiles.

Setting Enabled

To exclude directories with potentially large files from download:

Object User Configuration\Administrative Templates\System\Logon/Logoff

Policy Exclude directories in roaming profile

Setting Enabled

Properties Prevent the following directories from roaming with theprofile: Application Data; Desktop; My Documents; Start Menu.

Configuring Folder Redirection with Roaming UserProfiles

Using Folder Redirection with Roaming User Profiles and diskless systems retains theavailability of user documents.

On the domain controller, use the Microsoft Management Console with the Group Policysnap-in to configure the domain policies for the objects that follow.


189

To configure folder redirection:

1. Create a network share (\\ServerName\ShareName) to contain the redirecteduser folders.

2. Give Full Control permission to everyone for the network share.

3. Enable Folder Redirection.

Object Computer Configuration\Administrative Templates\System\Group Policy

Policy Folder Redirection policy processing

Setting Enabled

4. Redirect the Application Data folder.

Object User Configuration\Windows Settings\Folder Redirection\Application Data

Properties Basic or Advanced

Target folder location:

\\ServerName\ShareName\%username%\Application Data

5. Redirect the Desktop folder.

Object User Configuration\Windows Settings\Folder Redirection\Desktop



\\ServerName\ShareName\%username%\Desktop

6. Redirect the My Documents folder.

Object User Configuration\Windows Settings\Folder Redirection\My Documents



\\ServerName\ShareName\%username%\MyDocuments

7. Redirect the Start Menu folder.


190

Object User Configuration\Windows Settings\Folder Redirection\Start Menu



\\ServerName\ShareName\%username%\Start Menu

Disabling Offline FoldersDisabling Offline Folders avoids the unnecessary caching of files on diskless systemswith network shares.

On the domain controller, use the Microsoft Management Console with the Group Policysnap-in to configure the domain policies for the object that follows.

To disable offline folders:

Object User Configuration\Administrative Templates\Network\Offline Files

Policy

Setting

Disable user configuration of Offline Files.

Enabled

Policy

Setting

Synchronize all Offline Files before logging off.

Disabled

Policy

Setting

Prevent user of Offline Files folder.

Enabled

Booting Through a RouterThe following documents a basic configuration for booting target devices through anetwork router. This configuration allows the Provisioning Server to exist on a differentsubnet from the target device. Since conditions vary from customer to customer,adjustments may be needed for different network configurations.

The configuration shown in the diagram below separates the Provisioning Server fromthe target device by using a Windows 2000 Server platform acting as a router.


191

Configuring for DHCPIn this configuration, a DHCP server must be active on the local subnet (197.100.x.x) ofthe target device. In the configuration example above, the DHCP service is running onthe same machine acting as a router between the two subnets, though it is notmandatory that the DHCP service actually runs on the router itself. This DHCP serverprovides the IP address and the PXE boot information to the target device.

Configure the DHCP service to provide valid IP addresses to any target device bootingon the local subnet (197.100.x.x).

In order to provide the PXE boot information to the target device, configure thefollowing options in your DHCP server :

1. DISABLE Option 60 (Class ID)

2. Enable Option 66 (Boot Server Host Name) – Enter the IP address of the TFTPServer. In this configuration, the value is 10.64.0.10.

3. Enable option 67 (Boot file name) – Enter the name of the boot file. For a standardconfiguration, the filename is ARDBP32.bin.

Configuring the Provisioning Services for PXEUsing the Console, configure the bootstrap settings to use the Gateway and Subnetmask fields. These fields should reflect the gateway and subnet to be used by thetarget device. In this case, they are 197.100.x.x for the gateway, and 255.255.255.0 forthe netmask.

Verify the TFTP service is running on the Provisioning Server.

The PXE Service on the Provisioning Server in the above configuration is not necessarysince options 66 & 67 in the router’s DHCP service provide the same information to thetarget device. You can stop the PXE Service on the Provisioning Server if you have notarget devices on the Provisioning Server subnet needing its functionality. The same istrue for any DHCP service running on the Provisioning Server itself.

Running PXE and DHCP on the Same ComputerIf PXE and DHCP are running on the same Provisioning Server, an option tag must beadded to the DHCP configuration. This tag indicates to the target devices (using PXE)


192

that the DHCP server is also the PXE boot server. Verify that option tag 60 is added toyour DHCP scope. Provisioning Services setup automatically adds this tag to your scopeprovided that the Microsoft DHCP server is installed and configured before installingProvisioning Services. The Configuration Wizard sets-up the Tellurian DHCP Serverconfiguration file if you use the wizard to configure Provisioning Services.

The following is an example Tellurian DHCP Server configuration file which contains theoption 60 tag.max-lease-time 120;default-lease-time 120;option dhcp-class-identifier "PXEClient";subnet 192.168.4.0 netmask 255.255.255.0 {option routers 192.168.123.1;range 192.168.4.100 192.168.4.120;}.

Updating NIC DriversFrom time to time, you may need to upgrade the drivers for your network interfacecards (NICs). Follow the guidelines below for upgrading NIC drivers.

Upgrading NIC Drivers on Target DevicesNote: Do not attempt to upgrade a NIC driver on a vDisk. Do not attempt to upgrade aNIC driver on a hard disk on which the Provisioning Server is currently installed.Improperly upgrading a NIC may make the hard drive unable to boot.

To upgrade NIC drivers for target devices:

1. Go to the target device with the original hard drive from which you made the vDiskimage.

2. Set the system BIOS to boot from the hard drive.

3. Re-boot the target device directly from the hard drive.

4. Un-install the target device software from this hard drive.

5. Upgrade NIC driver as directed by the manufacturer's instructions.

6. Re-install the target device software on the hard drive.

7. Re-image the hard drive to make a new vDisk image.

Upgrading NIC Drivers on a Provisioning ServerTo upgrade NIC drivers on any Provisioning Server, simply follow the manufacturerinstructions for upgrading NIC drivers.


193

Managing and Accessing a LUN Without Usinga Network Share

Normally, using a SAN for vDisk storage with Provisioning Services requires that a sharedfile system be placed in front of the SAN to coordinate multiple server access to theNTFS formatted LUN(s). However, under certain instances, it is possible to allowProvisioning Services to use a SAN without a shared file system. Provisioning Servicescan do this and still allow multiple servers access to the same LUN(s) without volumecorruption.

Provisioning Services only allows read-only shared access to the SAN LUN(s). Thereforethe desired boot modes for Provisioning Services target devices are important whenusing this feature.

The following table describes the boot mode and its restrictions when using read-onlyvDisk storage.

Boot Mode Write Cache Limitations Restrictions

Private Image Not supported Not supported

StandardImage withcache onserver disk orencryptedcache onserver disk

Separate shared read-writewrite cache location isrequired for the store.

vDisk properties cannot bemodified while the LUN is read-only.

vDisks cannot be mapped on theProvisioning Server.

StandardImage withcache intarget deviceRAM

No limitation. vDisk properties cannot bemodified while the LUN is read-only.


StandardImage withcache on thetargetdevice’s harddrive orcacheencrypted ontargetdevice’s harddrive

Fall back to cache on serverdisk does not function if thetarget device hard drive is notfound or fails.




194

Boot Mode Write Cache Limitations Restrictions

DifferenceDisk Image

Separate shared read-writewrite cache location isrequired for the store.



Basically, the main limitations to placing vDisks on read-only storage include:

w Private image boot from read-only storage is not allowed

w If cache on the Provisioning Server disk is desired, a separate shared storagelocation that has read-write access is needed for the write cache files.

w Modifying the vDisk properties is not allowed when the vDisk storage location is read-only.

w Mounting the vDisk on the server is not allowed when the vDisk storage location isread-only.

PrerequisitesThe following are prerequisites to using this new feature:

w Provisioning Servers that will have access to the read-only shared LUN(s) are serverclass machines (Windows 2003 Server or 2008 Server).

w The Microsoft iSCSI initiator software is installed on all Provisioning Servers that willhave access to the SAN.

w The vDisk files that will be placed on the read-only shared LUN(s) have already beencreated and reside on a normal read-write storage location. Creating vDisk files inplace on the LUN is more difficult than pre-making the VHD files in a normal read-write store and subsequently copying them to the shared LUN. Therefore, thisdocument will describe the procedure assuming the vDisk files have been pre-madeand reside in a normal read-write storage location.

w The SAN being used has the ability to set a LUN up for shared read-write access orshared read-only access without requiring a shared file system front end. Normally,using a LUN in shared read-write access mode without a shared file system front endwill result in a corrupt NTFS volume. Limiting the LUN access to read-onlycircumvents this problem.

ImplementationOn the SAN

1. Create a volume on the EquaLogic SAN using the EqualLogic Group Manager (orother relevant SAN interface front end). Make the volume large enough to hold allVHD and VHD associated PVP files that will be shared between the ProvisioningServers.


195

2. Set the access type for the volume to read/write - shared. Note that the volumewill be made read-only through the NTFS attributes not through the SAN accessrights. While using the volume in read-only shared mode is possible, it requiresextra steps to implement the solution. Therefore this procedure describes theprocess when the volume is set for read-write – shared access.

On Provisioning Servers

1. Use the iSCSI Initiator to login to the SAN volume on only one of the ProvisioningServers.

Note: Do NOT login to the SAN Volume from more than one serversimultaneously until the volume has been marked read-only. If you allowmore than one server to simultaneously login to the volume through theiSCSI interface while the volume is read-write, you will corrupt the volumeand will need to re-format it. All data on the volume will be lost.

2. Format the volume through the Windows Disk Manager with an NTFS file systemand assign a drive letter or mount point path. A mount point path is desirable ifyou will have many LUN/Volumes exposed on a server as there will be no driveletter limitations. Make sure you use a drive letter/Mount point that will beidentical on all servers using the volume. If you cannot make them identical, youwill need to use the Provisioning Services/store override paths to point a specificserver to a different drive letter/mount point for the volume.

3. After the volume is formatted and assigned a drive letter/Mount point, the volumeshould be accessible on this single Provisioning Server as a read/write volume.Make sure all properties for the VHD and PVP files that will reside on the volumeare set correctly (including enabling HA) and then copy all VHD files and theirassociated PVP files to the volume. Lock files do not need to be copied. The PVPfile MUST be copied along with the VHD file. The system will not be able to createa PVP file ‘on the fly’ once the volume is read-only.

4. After all files are copied to the volume, you must make the volume read-only.Close all Explorer windows that have access to the volume, then open a commandprompt on the server that has access to the volume.

5. Run diskpart.exe. This will start an interactive session with diskpart.exe.

6. Find the volume number by typing the following command: list volume.

7. Note the volume number of your volume and select it by typing the followingcommand: select volume volumeNumber where volumeNumber is the number ofthe volume identified with the list volume command.

8. After the volume is selected, set the read-only attribute of the volume by typingthe following command: attributes volume set readonly.

9. Check that the readonly attribute was set correctly by typing the followingcommand: detail volume.

10. Exit diskpart.exe by typing the command: exit.

11. Using the iSCSI initiator interface, logoff the volume on this server and then re-login to the volume again. Make sure to make the volume a persistent target. Youmust logoff and then login to the volume to get NTFS on the server to re-read the


196

volume attributes so that it will recognize the volume as read-only. Making thevolume a persistent target will ensure the volume is accessible when the serverreboots.

12. It is now safe to mount the iSCSI volume on all Provisioning Servers. Using the iSCSIInitiator applet and Microsoft Disk Manager, mount the volume on all ProvisioningServers that need access to the volume. Make the target persistent in the iSCSIinterface and try to make all servers mount using the same drive letter or mountpoint, which makes setting up the Provisioning Services Store easier.

Note: It may be necessary to make the Provisioning Services’ Stream Service onall servers dependent on the iSCSI Service. This ensures that the volumes areavailable at the proper time should the server reboot and target devices arebooted during the server reboot. To do this, edit the registry for the StreamService, then add the DependsOnService value pointing to the iscsiexe.exeservice (MSiSCSI).

13. Run the Console on one of the Provisioning Servers to create a store that points tothe drive letter/mount point for the volume.

14. Select which Provisioning Servers have access to the volume for this store.

Note: If you are using Cache on server or Difference disk mode for any VHDs onthe volume, you MUST enter a Default write cache path for the store that doesNOT point to the SAN read-only volume. This path must be in a shared locationfor all Provisioning Servers. You can use a Windows Network Share or any otherread-write shared storage device, but the write cache path cannot point to the read-only volume. The read-only volume can only contain the VHD and PVP files. If youare using one of the target device cache modes (local HD or RAM) then you donot need to set up a shared read-write write cache location for the store.

15. On the Console, right-click on the store then select the Add Existing Disk… menuoption, which scans the store and adds the VHD files to the database.

16. Assign the VHD files that are on this store to target devices, then boot those targetdevices normally. The VHD files on the read-only volume will always display in theConsole as locked with the lock type: Read only media: Shared. You cannotremove this lock type. You cannot create a new vDisk on a store once it has beenmarked as read-only with diskPart.exe. You cannot edit the properties of the VHDonce the store has been marked read-only.

Modifying vDisk PropertiesvDisk properties cannot be modified while the SAN LUN location is marked read-only. Toedit the vDisk properties or modify the vDisk files on the LUN, complete the followingprocedure:

1. Shutdown all target devices that use the VHDs that are on the store.

2. Use the iSCSI initiator on all Provisioning Servers (except one) to logoff the volume.Alternately, use the diskpart.exe utility on some server OS types and mark the


197

volume as offline on all Provisioning Servers (this feature is not available on all OStypes. If necessary, use the iSCSI initiator to logoff the volumes).

3. In order to use the diskpart.exe utility to mark the volume as read/write, Open acommand prompt on the server that has access to the volume, then rundiskpart.exe. This starts an interactive session with diskpart.exe.

4. Find the volume number by typing the following command: list volume.

5. Note the volume number of your volume and select it by typing the followingcommand: select volume volumeNumber where volumeNumber is the numberof the volume identified with the list volume command.

6. After the volume is selected, to clear the readonly attribute, type the followingcommand: attributes volume clear readonly.

7. Check that the readonly attribute was set correctly by typing the followingcommand: detail volume.


9. Logoff/login the volume (or mark it offline/online in diskpart) on the single serverthat still has access to the volume.

10. Edit the VHD file attributes through the Console, then copy the new files to thevolume.

11. After all edits are complete, use the diskpart.exe utility to mark the volume read-only by selecting the volume, then setting the read-only attribute: attributesvolume set readonly.

12. Check that the readonly attribute was set correctly by typing the followingcommand: detail volume


14. Use the iSCSI Initiator to logoff, then relogin to the volume to re-read the read-only attributes.

15. Use the iSCSI Initiator on all Provisiong Servers to re-login to the volume.

Note: IMPORTANT! Do NOT login to the SAN Volume from more than one serversimultaneously until the volume has been marked read-only. If you allow morethan one server to simultaneously login to the volume through the iSCSIinterface while the volume is read-write, you will corrupt the volume and willneed to re-format it. All data on the volume will be lost.


198

Chapter 15

Managing for Highly AvailableImplementations

Topics:• Offline Database Support

• Database Mirroring

• High Availability OptionOverview

Provisioning Services has several options to consider whenconfiguring for a highly available implementation.

w Offline Database Support on page 200, which allowsProvisioning Servers to use a snapshot of the database ifthe connection to the database is lost.

w Database Mirroring on page 201, Provisioning Servicesupports database mirroring.

w High Availability Option Overview on page 203, whichallows target devices to stay connected to a ProvisioningServer. The tasks necessary to configure High Availabilityinclude:

a. Configuring the Boot File for HA on page 205

b. Enabling HA on vDisks on page 207

c. Providing Provisioning Servers Access to Stores on page208

Optional tasks include;

w Configuring HA with Shared Storage on page 208

w Disabling Write Cache on page 211

w Testing HA Failover on page 211

199

Offline Database SupportThe Offline Database Support option allows Provisioning Servers to use a snapshot ofthe Provisioning Services database in the event that the connection to the database islost.

This option is disabled by default and is only recommended for use with a stable farmrunning in production. It is not recommended when running an evaluation environmentor when reconfiguring farm components ‘on the fly’. Only a farm administrator can setthis option.

When offline database support is enabled on the farm, a snapshot of the database iscreated and initialized at server startup. It is then continually updated by the StreamProcess. If the database becomes unavailable, the Stream Process uses the snapshot toget information about the Provisioning Server and the target devices available to theserver.

When the database connection becomes available, the Stream Process synchronizes anyProvisioning Server or target device status changes made to the snapshot, back to the

database.

ConsiderationsThe following features, options, and processes remain unavailable when the databaseconnection is lost, regardless if the Offline Database Support option is enabled:

w AutoAdd target devices

w User Groups

w AutoUpdate or Incremental vDisk updates

w vDisk creation

Chapter 15 Managing for Highly Available Implementations

200

w Active Directory password changes

w Stream Process startup

Enabling Offline Database SupportTo enable the Offline Database Support option

1. In the Console tree, right-click on the Farm, then select Properties. The FarmProperties dialog appears.

2. On the Options tab, check the checkbox next to Offline Database Support.

3. Restart Stream services.

Database MirroringIn order to provide a highly available MS SQL configuration, Provisioning Servicessupports mirroring the Provisioning Services database, resulting in improved overallavailability of Provisioning Services.

Database mirroring can be implemented in a new or existing farm and requires thefollowing high-level tasks:

w Creating the Provisioning Services MS SQL primary database (created when theInstallation Wizard is run on the server)

Note: For database mirroring to function, the recovery model must be set to Full.

w Identifying the primary database server and instance (identified when theConfiguration Wizard is run)

w Identifying an existing MS SQL failover database server (identified, not created,when the Configuration Wizard is run)

w Configuring mirroring between the primary and failover database servers(configured using MS SQL database server tools)

Note: Citrix recommends that the failover server be up and running before enablingdatabase mirroring in the farm. For helpful information on configuring the MS SQLfailover server, refer to http://technet.microsoft.com/en-us/library/ms188712.aspx.

To implement and manage mirroring within a Provisioning Services farm, choose fromthe following:

w Database Mirroring on page 201

w Enabling Mirroring Within an Existing Farm on page 202

Note: The procedures that follow are only intended to call out the steps that areapplicable to database mirroring when running the Configuration Wizard.


201

http://technet.microsoft.com/en-us/library/ms189047.aspx

Note: Run the Configuration Wizard to specify the new failover sever so that thestatus of the Provisioning Service's farm correctly reports the new settings. After re-running the wizard, some services, including the stream service, restart so that thefarm has the new failover server settings specified with the wizard was run.

Enabling mirroring when configuring a new farmTo enable mirroring:

1. Start the Configuration Wizard on a server that will be in the new farm.

2. While running the wizard, when the Farm Configuration page displays, select theCreate Farm radio button to create a new farm, then click Next.

3. Type or use the Browse button to identify the primary database server andinstance names. Optionally, enter a TCP port number to use to communicate withthis database server.

4. Enable the Specify database mirror failover partner option.

5. Type or use the Browse button to identify the failover database server andinstance names. Optionally, enter a TCP port number to use to communicate withthis server.

6. Click Next. If the failover database has already been configured and it is up andrunning, Provisioning Services should be able to connect to it. If the failoverdatabase server has not yet been created or is not running, an error message maydisplay indicating a failure to connect. In this case, when prompted, click Yes tocontinue (the failover database can be created and configured after the new farmis created).

7. On the New Farm page, enter a name for the new database on the primarydatabase server, then complete any additional requested information.

8. Click Next.

9. Complete the remaining wizard pages.

Enabling Mirroring Within an Existing FarmTo enable mirroring within an existing farm:

1. Confirm that the primary and failover database servers are up and running.

2. Using MS SQL server tools, mirror the Provisioning Services database to a databaseon the failover database server.

3. Run the Configuration Wizard on each server.

4. Identify the farm by choosing either the Farm is already configured or the Joinexisiting farm option on the Farm Configuration page.


202

5. On the Database Server page, select the primary and failover database servers andinstance names, then enable the database mirror failover feature .

6. Complete the remaining wizard pages.

High Availability Option OverviewHigh Availability (HA) refers to an implementation in which at least two ProvisioningServers are configured to provide a vDisk to one or more target devices. Should theprimary Provisioning Server fail for any reason, and HA is enabled, the connection willfailover to the secondary Provisioning Server. If more than two Provisioning Servers areconfigured with HA and a connection fails, the HA server that is least busy is selected.

Note: For information on configuring Provisioning Services to automatically balancethe target device load between servers, refer to Balancing the Target Device Load onProvisioning Servers on page 97.

In order to provide a high degree of uptime, HA-enabled implementations use a sharedstorage architecture. Multiple Provisioning Servers access the same physical fileslocated on shared storage, which allows a target device to establish a connection on analternate Provisioning Server if the connection to the active Provisioning Server isinterrupted for any reason. A target device does not experience any disruption inservice or loss of data when failover occurs.

When failover occurs, a target device attempts to connect to the next ProvisioningServer in its list. If unable to make a connection, the target device continues to tryservers in the list until it successfully connects.

Note:When configuring for HA, all Provisioning Servers selected as failover servers mustreside within the same site.


203

Figure 15-1. Basic HA Implementation

The Provisioning Server to which a target device accesses to login does not necessarilybecome the Provisioning Server that accesses the vDisk on behalf of the target device.In addition, once connected, if one or more Provisioning Servers can access the vDiskfor this target device, the server that is least busy is selected.

To purposely force all target devices to connect to a different Provisioning Server in anHA configuration, while avoiding having targets timeout and attempt to reconnect tothe current server, stop the Stream Service on that server. Upon shutdown, the StreamService will notify each target device to re-login to another server.

HA BenefitsBenefits of using HA include:

w Automatic failover—failure of an active component results in an automatic failoverto an alternative component without interruption.

w Redundant Provisioning Server support—vDisk redundancy is available by making thestore where a vDisk resides, accessible by multiple Provisioning Servers.

w Support for various network shared storage options—support for RAID, SAN, NAS andWindows network storage.

HA ComponentsThe key to establishing any highly available network is to identify the critical HAcomponents, create redundancy for these components, and ensure automatic failoverto the secondary component in the event that the active component fails.

The critical components are:

w Provisioning Server


204

w vDisk shared-storage system

w Database storage device

Note: Write caching must be disabled on the hard drive of each Provisioning Server ifthe storage device is an IDE or SATA drive, in order to avoid the possibility of filecorruption or application failure (refer to “Disabling Windows Write Caching”). Writecaching on the disk is a device-specific property. Some devices, such as a SCSI RAIDdisk or SAN, may not provide the option.

Configuring the Boot File for HAThe HA feature requires a shared storage system that ensures the availability of theProvisioning Server vDisks. Depending on the type of shared storage, the vDisks useeither the Universal Naming Convention (UNC) or the usual DOS naming convention.

When a Provisioning Server is configured by the Configuration Wizard, that server canbe selected as one of the servers used to connect target devices during the bootprocess. To use HA, at least two login Provisioning Servers must be listed in the bootfile (maximum of four servers).

The target device’s boot file contains the IP addresses of up to four login ProvisioningServers, as well as other configuration information. The boot file lists the ProvisioningServers that a target device can contact to get access to the Provisioning Services farm.The server that is contacted may hand the target device off to a different ProvisioningServer that is able to provide the target device with its vDisk.

Adding Provisioning Servers to the boot fileAn administrator must add Provisioning Servers to the boot file in order to provide atarget device with the information necessary to make contact with the Stream Service.

When first configuring a Provisioning Server, the Configuration Wizard allows you toselect to use the server, which is currently being configured, to provide TFTP services.If all target devices are on one network segment, there will typically be one TFTPserver per farm. If target devices are on multiple network segments, and each segmentis configured as an independent site, then one TFTP server per site (network segment)may be used.

Provisioning Servers can also be configured as login servers in the Console using theConfigure Bootstrap dialog.

Select from either method to add Provisioning Servers to the boot file.

Adding Login Servers using the Configuration WizardTo add and configure the first Provisioning Server as the TFTP and login server using theConfiguration Wizard:

1. Run the Configuration Wizard and when presented with the TFTP option andbootstrap location dialog, select the Use the Provisioning Server TFTP Serviceoption.


205

2. Enter or browse for the bootstrap file location, then click Next. The defaultlocation is: C:\Documents and Settings\All Users\Application Data\Citrix\Provisioning Services\Tftpboot

Note: If a previous version of Provisioning Server was installed on this server,you may need to change the default location from C:\Program Files\Citrix\Provisioning Server\TFTPBoot or C:\Documents and Settings\All Users\Application Data\Citrix\Provisioning Server\TFTPbootto: C:\Documents and Settings\All Users\ApplicationData\Citrix\Provisioning Services\TFTPboot. If the default is notchanged, the bootstrap file can not be configured from the Console and targetdevices will fail to boot; receiving a ‘Missing TFTP’ error message.

3. In the Provisioning Servers boot list, click the Add button to add additional loginProvisioning Servers to the list. Use the Move up or Move down buttons to changethe Provisioning Server boot preference order.

Note: In an HA implementation, at least two Provisioning Server must beselected as boot servers.

4. To set advanced configuration settings, highlight the IP address of the ProvisioningServer, click Advanced, then configure the bootstrap file.

Note: For field definitions, refer to Provisioning Server Properties on page 84.

5. Click OK, then click Next.

6. Review configuration settings, then click Finish to confirm configuration settingsand restart network services on this server. As configuration settings are saved,they display in the progress dialog.

7. To exit the Configuration Wizard, click Done.

Adding Login Servers Using the ConsoleTo add and configure additional Provisioning Servers as a login servers:

1. In the Console, right-click on a Provisioning Server that will be used as a loginserver, then select the Configure Bootstrap menu option. The Configure Bootstrapdialog appears.

Note: Clicking Read DB populates the table with login servers that already exist.When the Stream Service starts, it creates a record in the database with its ownIP address. There is only one Stream Service option record per database. If theservice is bound to multiple IP addresses, multiple records appear in thedatabase. The Read DB function chooses only one IP address from eachProvisioning Server. This function can also be used to populate the boot file withthe Stream Service IP settings already configured in the database.

2. Click Add to add a new login Provisioning Server to the bootstrap file. TheStreaming Server dialog appears.


206

3. Type the IP address and port number of this Provisioning Server in the appropriatetext boxes.

4. Select to either use subnet mask and gateway settings using DHCP/BOOTP, or typein the settings to use, then click OK. The Provisioning Server information displaysin the list of available login servers.

5. To configure advanced bootstrap settings, on the Options tab, choose from thefollowing settings:

• Select Verbose Mode if you want to monitor the boot process on the targetdevice (optional). This enables system messaging on the target device.

• Select Interrupt Safe Mode if the target device hangs early in the boot process.

• Select Advanced Memory Support checkbox unless using older versions withoutPAE enabled.

6. Select from the following Network Recovery Methods:

• Restore Network Connections - Selecting this option results in the targetdevice attempting indefinitely to restore its connection to the Provisioning Server.

Note: Because the Seconds field does not apply, it becomes inactive whenthe Restore Network Connections option is selected.

• Reboot to Hard Drive - Selecting this option instructs the target device toperform a hardware reset to force a reboot after failing to re-establishcommunications for a defined number of seconds. The user determines thenumber of seconds to wait before rebooting. Assuming the network connectioncan not be established, PXE will fail and the system will reboot to the localhard drive. The default number of seconds is 50.

7. Under Timeouts, scroll for the Login Polling Timeout, in milliseconds, betweenretries when polling for Provisioning Servers.

8. Under Timeouts, scroll for the Login General Timeout, in milliseconds, for all loginassociated packets, except the initial login polling time-out.


Enabling HA on vDisksAfter the bootstrap file has been configured, the HA feature must be enabled on thevDisk.

To enable the HA feature on the vDisk:

1. To enable the HA feature, in the Console, right-click on the vDisk and select theFile Properties menu option.

2. Select the Options tab.

3. Select the High availability (HA) checkbox.


207

4. Click OK to save this vDisk property change and continue.

5. Configure load balancing in the vDisk's properties (for details, refer to vDiskProperties on page 103).

6. Optionally, select the power rating for each Provisioning Server (for details, referto Provisioning Server Properties on page 84) .

Providing Provisioning Servers Access to StoresFor each store, select the Provisioning Servers that can access that store:

1. In the Console, right-click on the Store, then select the Properties menu option.The Store Properties dialog appears.

2. On the Servers tab, select the site where Provisioning Servers that should be ableto access this store exists.

3. Enable the checkbox next to each Provisioning Server that can provide vDisks inthis store, then click OK.

Configuring HA with Shared StorageProvisioning Servers are configured to access your shared-storage location. The HAfeature supports various shared-storage configurations. The steps for configuring HA inthe network varies depending on shared-storage configurations.

Note: Installing Provisioning Services affects the following registrykey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters\OplocksDisabled. Changing this registry key disables WindowsOpportunity Locking, providing the fastest possible failover time when contact with theactive Provisioning Server is lost. Without this change, failover times can take up toone minute. During this time, Windows does not allow access to the vDisk file that wasin use by the failed Provisioning Server. By disabling Windows Opportunity Locking onProvisioning Servers, the Stream Service can have immediate access to vDisk files.However, this reduces caching of remote vDisk data for the entire Provisioning Server.

Windows Shared-Storage Configuration

Note: The instructions below provide the procedures on a Windows XP operatingsystem. If you are using another operating system, the dialogs may appear slightlydifferent, and slightly different steps may be required. The concepts are the sameregardless of operating system. See your operating system’s online help for moreinformation.

Stream Services run under a user account; Service account credentials. If you are usinga Windows shared-storage location, the Service account credentials (user account nameand password) must be a domain account that is configured on each Provisioning Server,in order to access the Stream Service and the shared storage system.


208

Configuring Service Account Credentials for Provisioning Servers includes the followinghigh-level tasks:

w Creating Stream-Service Account Credentials on the Domain Controller on page 209

w Assigning Stream-Service Account Credentials Manually on page 209

w Configuring HA Storage Access on page 210

w Enabling HA on vDisks on page 207

Creating Stream-Service Account Credentials on theDomain ControllerThe Stream Service runs under the user account. When the Stream Service accesses avDisk stored locally on the Provisioning Server, the local user rights provide full access.However, when the database or vDisk is located on a remote storage device, theStreaming Server must use a domain account with rights to both the Provisioning Serverand the remote storage location. An administrator must assign full control rights to theStream Service account in order for it to read and write to the remote storage location.

An administrator creates service account credentials in Active Directory and assigns thecredentials to the Stream Service on all Provisioning Servers that will participate in HA.Alternatively, an existing domain user account can be given full control rights to thenetwork share and be assigned to the Stream Service.

Note: Your Microsoft Windows online help contains detailed instructions for creatingboth local and domain accounts.

Consider the following when creating service account credentials:

w You must be logged on as an administrator or a member of the Administrator groupto create a domain account.

w Clear the ‘User must change password at next logon’ checkbox.

Assigning Stream-Service Account Credentials ManuallyWhen running the Configuration Wizard on a Provisioning Server, you are prompted toenter an account name and password for the Stream Service to use. This account musthave access permissions for any stores it is given access to, as well as permissions inSQL Server for database access. If necessary, credentials can be assigned manually.

To assign the Service account credentials to the Stream Service:

1. Open the Windows Control Panel.

2. Go to Administrative Tools>Services.

3. Double-click on the first PVS Stream Service name in the Services list.

4. On the Log On tab, select This Account, then click Browse.

5. Click Locations, select the domain node, then click OK.

6. Type the name of the Stream Service user account, then click Check Names.


209

7. Click OK to close the Select User dialog.

8. On the Log On tab, enter and confirm the Stream Service account password,confirm the password, then click OK.

9. After assigning the Service account credentials to the Stream Service, restart theStream Service.

Configuring HA Storage AccessThe stores that contain the vDisks need to be shared, and the Service accountcredentials (user account and password) needs to have access to remote HA storage forvDisks, with the appropriate permissions.

To share your vDisk’s stores folders, and grant access permissions to your Serviceaccount credentials:

1. In Windows Explorer, right-click on the folder that contains the database and vDiskfolders. For example, if the database and vDisk files are stored in the default C:\Program Files\Citrix\Provisioning Services folder, right-click on thatfolder.

2. Select Sharing and Security from the shortcut menu.

3. Enable the Share this folder radio button, then optionally enter a share name, andcomment.

4. Click Permissions.

5. If the Service account credentials user name does not appear in the Group or usernames list, click the Add button. Enter the user name of the Service accountcredentials, and click Check Names to verify.

6. Click OK.

7. Select the service account credentials user name.

8. Enable the Full Control checkbox (the Full Control checkbox and all checkboxesbelow it should be checked).

9. Click Apply.

10. Click the Security tab.

Note: In Windows XP it may be necessary to turn off simple sharing, so that youcan display the Security tab of the Folder Properties dialog to give permissions tothe proper user (the user defined in “Creating Streaming-Service AccountCredentials”, or ‘Everyone’). To turn off simple sharing, select Start > ControlPanel. Double-click Folder Options. On the View tab, under Advanced settings,clear the ‘Use simple file sharing (Recommended) checkbox.

11. If the Service account credentials user name does not appear in the Group or usernames list, click the Add button. Enter the username of the Service accountcredentials, then click Check Names to verify.

12. Click OK.


210

13. Select the Service account credentials as user name.

14. Enable the Full Control checkbox, then click Apply.

15. Click OK.

SAN ConfigurationIf storing the database and vDisks on a SAN, use local system accounts for the StreamService. Unlike a Windows network share, creating special Service Account Credentialsto guarantee access to your data, may not be necessary to guarantee access to your data.

In most cases, a SAN configuration allows setting up as if the database and vDisks werestored locally on the Provisioning Server.

Disabling Write CacheDisable write caching on the hard drive of each Provisioning Server if your storagedevice is an IDE or SATA drive.

Ensure that the write caching option is disabled in Windows for the storage device onwhich your vDisks are stored.

To disable write caching in Windows

1. On the Provisioning Server, open the Control Panel. Select AdministrativeTools>Computer Management.

2. Double-click the Disk Management node in the tree.

3. Right-click the storage device for which Windows write caching will be disabled.

4. Select Properties, then click the Hardware tab.

5. Click the Properties button.

6. Click the Policies tab.

7. Clear the Enable write caching on the disk checkbox.

8. Click OK, then click OK again.

9. Close the Computer Management window, then the Administrative Tools window.

10. Right-click the Provisioning Server node in the Console, then click Restart service.Alternatively, you can also re-run the Configuration Wizard to re-start the services,or manually restart the services through the Windows Control Panel>AdministrativeTools>Services window. (At the Services window, right-click on the Stream Service,then select Start from the shortcut menu.)

Testing HA FailoverTo ensure that HA is successfully configured, complete the following

1. Double-click the vDisk status icon on the target device and then note the IPaddress of the connected Provisioning Server.


211

2. Right-click the connected Provisioning Server in the Console. Select StreamServices, then select Stop.

3. Confirm that the IP address of the connected Provisioning Server changes to that ofan alternate Provisioning Server in the vDisk status dialog on the target device.


212

Chapter 16

Managing Active Directory

Topics:• Active Directory Integration

Prerequistes

• Managing Domain Passwords

• Enabling DomainManagement

• Managing Domain ComputerAccounts

Integrating Provisioning Services and Active Directory allowsadministrators to:

w Select the Active Directory Organizational Unit (OU) inwhich Provisioning Services should create a target devicecomputer account.

w Take advantage of Active Directory management features,such as delegation of control and group policies.

w Configure the Provisioning Server to automatically managethe computer account passwords of target devices.

Note: For more information about using Active Directoryorganizational units and delegation of control, refer toMicrosoft Active Directory documentation.

The following major tasks are used to manage ActiveDirectory in a Provisioning Services environment:

w Managing Domain Passwords on page 214

w Enabling Domain Management on page 215

w Managing Domain Computer Accounts on page 216

213

Active Directory Integration PrerequistesBefore integrating Active Directory within the farm, verify that the followingprerequistes are met:

w The Master Target Device was added to the domain before building the vDisk.

w The Disable Machine Account Password Changes option was selected when theimage optimization wizard was run during imaging.

After all prerequisites have been verified, new target devices can be added andassigned to the vDisk. A machine account must then be created for each target device.

Managing Domain PasswordsWhen target devices access their own vDisk in Private Image mode, there are no specialrequirements for managing domain passwords. However, when a target device accessesa vDisk in Standard Image mode, the Provisioning Server assigns the target device itsname. If the target device is a domain member, the name and password assigned byProvisioning Server must match the information in the corresponding computer accountwithin the domain. Otherwise, the target device is not able to log on successfully. Forthis reason, the Provisioning Server must manage the domain passwords for targetdevices that share a vDisk.

To enable domain password management you must disable the Active Directory-(or NT4.0 Domain) controlled automatic re-negotiation of machine passwords. This is done byenabling the Disable machine account password changes security policy at either thedomain or target-device level. Provisioning Server provides equivalent functionalitythrough its own Automatic Password Renegotiate feature.

While target devices booting from vDisks no longer require Active Directory passwordrenegotiation, configuring a policy to disable password changes at the domain levelapplies to any domain members booting from local hard drives. This may not bedesirable. A better option is to disable machine account password changes at the locallevel. This can be accomplished by selecting the Optimize option when building a vDiskimage. The setting will then be applied to any target devices that boot from the sharedvDisk image.

Note: The Provisioning Server DOES NOT in any way change or extend the ActiveDirectory schema. Provisioning Server’s function is to create or modify computeraccounts in Active Directory, and reset passwords.

When domain password management is enabled, it:

w Sets a unique password for a target device.

w Stores that password in the respective domain computer account.

w Gives the information necessary to reset the password at the target device before itlogs on to the domain.

Chapter 16 Managing Active Directory

214

Password Management ProcessThe illustration that follows shows how password management validates ActiveDirectory passwords on the domain controller to target device passwords.

Figure 16-1. Password Management Process with Active Directory

With password management enabled, the domain password validation process includes:

w Creating a machine account in the database for a target device, then assign apassword to the account.

w Providing an account name to a target device using the Streaming Service.

w Having the domain controller validate the password provided by the target device.

Enabling Domain ManagementEach target device that logs on to a domain requires a computer account on the domaincontroller. This computer account has a password that is maintained by the Windowsdesktop OS and is transparent to the user. The password for the account is stored bothon the domain controller and on the target device. If the passwords stored on thetarget device and on the domain controller do not match, the user can not log on tothe domain from the target device.


215

Domain management is activated by completing the following tasks:

w Enabling Machine Account Password Management

w Enabling Automatic Password Management

Enabling Machine Account Password ManagementTo enable machine account password management, complete the following:

1. Right-click on a vDisk in the Console, then select the File Properties menu option.

2. On the Options tab, select Active Directory machine account passwordmanagement.

3. Click OK, then close the properties dialogs, then restart the Streaming Service.

Enabling Automatic Password ManagementIf your target devices both belong to an Active Directory domain and are sharing avDisk, the following additional steps must be completed:

To enable automatic password support, complete the following:

1. Right-click on a Provisioning Server in the Console, then select the Propertiesmenu option.

2. Select the Enable automatic password support option on the Options tab.

3. Set the number of days between password changes.

4. Click OK to close the Server Properties dialog.

5. Restart the Streaming Service.

Managing Domain Computer AccountsThe following tasks are normally performed in the Active Directory Users andComputers Management Console. However, these actions must now be performed usingthe Provisioning Server in order to take full advantage of product features.

w Supporting Cross-Forest Scenarios

w Giving Access to Users from Another Domain Provisioning Services AdministratorPrivileges

w Adding Target Devices to a Domain

w Removing Target Devices From a Domain

w Reset Computer Accounts


216

Supporting Cross-Forest ScenariosTo support cross-forest scenarios:

w Ensure that DNS is properly set up. (Refer to Microsoft's web site for information onhow to prepare DNS for a Forest Trust.)

w Raise the forest functional level of both forests to Windows Server 2003.

w Create the forest trust. In order for Provisioning Services and the user from theProvisioning Services domain to create an account in a domain from another forest,create an Inbound Trust from the external forest to the forest Provisioning Servicesis in.

Parent-child domain scenario

A common cross-domain configuration includes the Provisioning Server in a parentdomain and users, from one or more child domains, want to administer ProvisioningServices and manage Active Directory accounts within their own domains.

To implement this configuration:

1. Create a Security Group in the child domain. (It can be a Universal, Global, orLocal Domain Group). Make a user from the child domain a member of this group.

2. From the Provisioning Server Console, in the parent domain, make the childdomain security group a Provisioning Services Administrator.

3. If the child domain user does not have Active Directory privileges, use theDelegation Wizard in the Active Directory Users & Computers Management Consoleto assign, create, and delete a user's computer account rights for the specified OU.

4. Install the Provisioning Services Console in the child domain. No configuration isnecessary. Log into the Provisioning Server as the child domain user.

Cross-forest configuration

This configuration is similar to the cross-domain scenario, except that the ProvisioningServices Console, user, and Provisioning Services administrator group are in a domainthat is in a separate forest. The steps are the same as for the parent-child scenario,except that a forest trust must first be established.

Note: Microsoft recommends that administrators do not delegate rights to the defaultComputers container. The best practice is to create new accounts in the OUs.

Giving Access to Users from Another DomainProvisioning Services Administrator Privileges

There are several methods for giving Provisioning Services Administrator privileges tousers that belong to a different domain. However, the following method is recommended:


217

1. Add the user to a Universal Group in their own domain (not the ProvisioningServices Domain).

2. Add that Universal Group to a Local Domain Group in the PVS domain.

3. ) Make that Local Domain Group the PVS Admin group.

Adding Target Devices to a DomainTo add target devices to a domain:

Note: The machine name used for the vDisk image is to never be used within yourenvironment again.

1. Right-click on one or more target devices in the Console window (alternatively, right-click on the device collection itself to add all target devices in this collection to adomain). Select Active Directory, then select Create machine account. TheActive Directory Management dialog appears.

2. From the Domain scroll list, select the domain that the target device(s) belongs to,or in the Domain Controller text box, type the name of the domain controller thatthe target devices should be added to (if you leave the text box blank, the firstDomain Controller found is used).

3. From the Organization unit (OU) scroll list, select or type the organization unit towhich the target device belongs (the syntax is ‘parent/child,’ lists are commaseparated; if nested, the parent goes first).

4. Click the Add devices button to add the selected target devices to the domain anddomain controller. A status message displays to indicate if each target device wasadded successfully. Click Close to exit the dialog.

Removing Target Devices From a DomainTo remove target devices from a domain:

1. Right-click on one or more target devices in the Console window (alternatively, right-click on the device collection itself to add all target devices in this collection to adomain). Select Active Directory Management, then select Delete machineaccount. The Active Directory Management dialog appears.

2. In the Target Device table, highlight those target devices that should be removedfrom the domain, then click the Delete Devices button. Click Close to exit the dialog.

Reset Computer AccountsTo reset computer accounts for target devices in an Active Directory domain:

1. Right-click on one or more target devices in the Console window (alternatively, right-click on the device collection itself to add all target devices in this collection to a


218

domain), then select Active Directory Management, then select Reset machineaccount. The Active Directory Management dialog appears.

2. In the Target Device table, highlight those target devices that should be reset,then click the Reset devices button.

Note: This target device should have been added to your domain while preparingthe first target device.


4. Disable Windows Active Directory automatic password re-negotiation. To do this,on your domain controller, enable the following group policy: Domain member:Disable machine account password changes.

Note: To make this security policy change, you must be logged on with sufficientpermissions to add and change computer accounts in Active Directory. You havethe option of disabling machine account password changes at the domain level orlocal level. If you disable machine account password changes at the domain level,the change applies to all members of the domain. If you change it at the local level(by changing the local security policy on a target device connected to the vDisk inPrivate Image mode), the change applies only to the target devices using that vDisk.

5. Boot each target device.


219


220

Chapter 17

Managing Bootstrap Files and BootDevices

Topics:• Configuring the Bootstrap

File From the Console

• Using the Manage BootDevices Utility

The following information is detailed in this chapter:

w Configuring the Bootstrap File From the Console on page222

w Using the Manage Boot Devices Utility on page 226

221

Configuring the Bootstrap File From the ConsoleFor the Provisioning Server to start a target device, a boot file is downloaded by theProvisioning Services’s MBA or PXE-compliant boot ROM, when the device is turned on.This file must be configured so that it contains the information needed to communicatewith the Provisioning Servers. The Configure Bootstrap dialog is used to define the IPaddresses for up to four Provisioning Servers in the boot file.

Note: For alternative boot methods, refer to Using the Manage Boot Devices Utility onpage 226

The Configure Bootstrap dialog field descriptions are as follows:

General Tab: Configure Bootstrap

Field Description

Bootstrap File The currently selected boot file displays. If you wantto select a different boot file to configure, click theAdd button or Read Servers from Database button.

IP Settings The IP Address, Subnet Mask, Gateway, and Port for upto four Provisioning Servers, which will perform loginprocessing.

Add button Click the Add button to add a new Provisioning Serverto the file. Up to four Provisioning Servers may bespecified for Provisioning Servers.

Edit button Highlight an existing Provisioning Server from the list,then click the Edit button to edit this server’s IP settings.

Remove button Select an existing Provisioning Server from the list,then click the Remove button to remove this serverfrom the list of available Provisioning Servers.

Move Up and Move Downbuttons

Select an existing Provisioning Server, and click tomove up or down in the list of Provisioning Servers.The order in which the Provisioning Servers appear inthe list determines the order in which the ProvisioningServers are accessed should a server fail.

Read Servers fromDatabase button

To populate the boot file with the Stream Service IPsettings already configured in the database, click theRead Servers from Database button. This removes anyexisting settings before populating the list from thedatabase.

Target Device IP: Configure Bootstrap

Chapter 17 Managing Bootstrap Files and Boot Devices

222

Use DHCP to retrievetarget device IP

Select this option to retrieve target device IP; defaultmethod.

Use static target device IP Selecting this method requires that a primary andsecondary DNS and Domain be identified.

Server Lookup: Configure Bootstrap

Use DNS Select this option to use DNS to find the server. Thehost name displays in the Host name textbox. If thisoption is selected and the Use DHCP to retrieve DeviceIP option is selected (under Device IP Configurationsettings), your DHCP server needs to provide option 6(DNS Server).

Note: If using HA, specify up to four ProvisioningServers for the same Host name on your DNS server.

Use Static IP Use the static IP address of the Provisioning Serverfrom which to boot from. If you select this option,click Add to enter the following Provisioning Serverinformation, then click OK to exit the dialog:

IP AddressSubnet MaskGatewayPort (default is 6910)

Note: If using HA, enter up to four ProvisioningServers. If you are not using HA, only enter one. Usethe Move Up and Move Down buttons to sort theProvisioning Servers boot order. The first ProvisioningServer listed will be the server that the target deviceattempts to boot from.

Options Tab: Configure Bootstrap

Verbose Mode Select the Verbose Mode option if you want to monitorthe boot process on the target device (optional) orview system messages.

Interrupt Safe Mode Select Interrupt Safe Mode if you are having troublewith your target device failing early in the boot process.

Advanced MemorySupport

This setting enables the bootstrap to work with newerWindows OS versions and is enabled by default. Onlydisable this setting on older XP or Windows Server OS32 bit versions that do not support PAE, or if your


223

target device is hanging or behaving erratically in earlyboot phase.

Network Recovery Method Restore Network Connections — Selecting this optionresults in the target device attempting indefinitely torestore it's connection to the Provisioning Server.

Reboot to Hard Drive — (a hard drive must exist onthe target device) Selecting this option instructs thetarget device to perform a hardware reset to force areboot after failing to re-establish communications fora defined number of seconds. The user determines thenumber of seconds to wait before rebooting. Assumingthe network connection can not be established, PXEwill fail and the system will rebooot to the local harddrive. The default number of seconds is 50, to becompatible with HA configurations.

Login Polling Timeout Enter the time, in milliseconds, between retries whenpolling for Provisioning Servers. Each ProvisioningServer is sent a login request packet in sequence. Thefirst Provisioning Server that responds is used. In non-HA systems, this time-out simply defines how often toretry the single available Provisioning Server with theinitial login request.

This time-out defines how quickly the round-robinroutine will switch from one Provisioning Server to thenext in trying to find an active Provisioning Server. Thevalid range is from 1,000 to 60,000 milliseconds.

Login General Timeout Enter the time-out, in milliseconds, for all loginassociated packets, except the initial login polling time-out. This time-out is generally longer than the pollingtime-out, because the Provisioning Server needs timeto contact all associated servers, some of which maybe down and will require retries and time-outs fromthe Provisioning Server to the other ProvisioningServers to determine if they are indeed online or not.The valid range is from 1,000 to 60,000 milliseconds.

Configuring the Bootstrap File1. In the Console, highlight the Servers folder in the tree, or highlight a Provisioning

Server, then select Configure bootstrap from the Action menu. The ConfigureBootstrap dialog appears.

Select the boot file that was copied to the directory you selected during theProvisioning Server setup.


224

Important:If a previous version of Provisioning services was installed on this server, youmust change the default location from:

C:\Program Files\<CitrixorOEMname>\Provisioning Server\Tftpboot

to:

C:\Documents and Settings\All Users\Application Data\<CitrixorOEMname>\Provisioning services\Tftpboot

If the default is not changed, the bootstrap file can not be configured from theConsole and target devices will fail to boot; receiving a ‘Missing TFTP’ errormessage.

Note: If you installed the Console on a separate machine, select the path of theremote Provisioning Server (which has boot services installed).

2. Click Read DB. When the Stream Service starts, it creates a record in the databasewith its own IP address. There is only one Stream Service option record perdatabase. If the service is bound to multiple IP addresses, multiple records appearin the database. The Read DB function chooses only one IP address from eachProvisioning Server. This function can also be used to populate the boot file withthe Stream Service IP settings already configured in the database.

3. Choose from the following options:

• Select the Verbose Mode option if you want to monitor the boot process on thetarget device (optional). This enables system messaging on the target device.

• Select Interrupt Safe Mode if the target device hangs early in the boot process.

• Select Advanced Memory Support option to enable the bootstrap to work withnewer Windows OS versions (enabled by default). Only disable this setting onolder XP or Windows Server OS 32 bit versions that do not support PAE, or ifyour target device is hanging or behaving erratically in early boot phase.

4. Select from the following Network Recovery Methods:

• Restore Network Connections - Selecting this option results in the targetdevice attempting indefinitely to restore it's connection to the Provisioning Server.

• Reboot to Hard Drive - Selecting this option instructs the target device toperform a hardware reset to force a reboot after failing to re-establishcommunications for a defined number of seconds. The user determines thenumber of seconds to wait before rebooting. Assuming the network connectioncan not be established, PXE will fail and the system will reboot to the localhard drive. The default number of seconds is 50. Click the Browse button tosearch for and select the folder created in Step 1, or enter a full path or UNCname.

Note: If the partition containing the vDisks is formatted as a FAT file system, amessage displays a warning that this could result in sub-optimal performance. It is


225

recommended that NTFS be used to format the partition containing the vDisks. Donot change the address in the Port field.

Caution: All boot services (PXE, TFTP) must be on the same NIC (IP). Butthe Stream Service can be on a different NIC. The Stream Service allows you tobind to multiple IPs (NICs).

5. Configure the following:

Login Polling Timeout

Enter the time, in milliseconds, between retries when polling for servers. Eachserver is sent a login request packet in sequence. The first server that responds isused. This time-out simply defines how often to retry the single available serverwith the initial login request. If you are using the High Availability feature, this time-out defines how quickly the round-robin routine will switch from one server to thenext, in trying to find an active server. The valid range is from 1,000 to 60,000milliseconds.

Login General Timeout

Enter the time-out, in milliseconds, for all login associated packets, except theinitial login polling time-out. The valid range is from 1,000 to 60,000 milliseconds.


Using the Manage Boot Devices UtilityThe Manage Boot Devices Utility provides an optional method for providing IP and bootinformation (boot device) to target devices; as an alternative to using the traditionalDHCP, PXE, and TFTP methods. Using this method, when the target device starts, itobtains the boot information directly from the boot device. With this information, thetarget device is able to locate, communicate, and boot from the appropriateProvisioning Server. After the user is authenticated, the Provisioning Server providesthe target device with its vDisk image.

Supported Boot Devices

The following boot devices are supported in this release:

Note: The Boot Device Management utility is not supported on operating systemsolder than, and including, Windows 2000. Wireless NICs are not supported.

w USB

w CD-ROM (ISO)

w Hard Disk Partition

Caution:


226

When an entire hard drive is selected as boot device, all existing disk partitions areerased and re-created with a single active partition. The targeted partition isreserved as a boot device and cannot be used by the operating system or data.

When a hard disk partition is selected as boot device, the selected disk partitiondata is deleted and set as an active partition. This active partition becomes the bootdevice.

Boot devices are configured using the Boot Device Management utility. The ManageBoot Devices utility is structured as a wizard-like application, which enables the user toquickly program boot devices.

After installing the boot device, complete the procedures that follow.

Configuring Boot Devicesw The vDisk must already be formatted and ready before the BDM.exe is run.

w If using the target device hard disk drive as the boot device, copy BDM. exe fromthe product installation directory on the server, into the product installationdirectory on the target device.

w The target device settings in the Console should be set to boot from the vDisk butthe actual device should be set to boot from hard disk first.

1. From C:\Program Files\Citrix\Provisioning Services product installation directory,run BDM.exe. The Boot Device Management window opens.

2. Under Server Lookup, select the radio button that describes the method to use toretrieve Provisioning Server boot information:

• Use DNS to find the Provisioning Server from which to boot from. If this optionis selected and the Use DHCP to retrieve Device IP option is selected (underDevice IP Configuration settings), your DHCP server needs to provide option 6(DNS Server)

Note: The boot device uses Host name plus DHCP option 15 (Domain Name,which is optional) as the fully qualified domain name (FQDN) to contact theDNS server to resolve the IP address.

If using HA, specify up to four Provisioning Servers for the same Host name onyour DNS server.

• Use the static IP address of the Provisioning Server from which to boot from. Ifyou select this option, click Add to enter the following Provisioning Serverinformation, then click OK to exit the dialog:

w IP Address

w Subnet Mask

w Gateway


227

w Port (default is 6910)

If using HA, enter up to four Provisioning Servers. If you are not using HA, onlyenter one. Use the Move Up and Move Down buttons to sort the ProvisioningServers boot order. The first Provisioning Server listed will be the server thatthe target device attempts to boot from.

3. Click Next. The Set Options dialog appears.

4. Configure the following local boot options, then click Next:

• Verbose Mode; enable/disables the displaying of extensive boot and diagnosticinformation that is helpful when debugging issues.

• Interrupt Safe Mode; enable/disable for debugging issues, which is sometimesrequired for drivers that exhibit timing or boot behavior problems.

• Advanced Memory Support; enables/disables the address extensions, to matchyour operating system settings. Select this option to enable the bootstrap towork with newer Windows OS versions (enabled by default). Only disable thissetting on older XP or Windows Server OS 32 bit versions that do not supportPAE, or if your target device is hanging or behaving erratically in early boot phase.

• Network Recovery Method; select to attempt to restore the networkconnection or to reboot from a hard drive if the target device loses connectionto the Provisioning Server, and how long (in seconds) to wait to make thisconnection.

• Login Polling Timeout; in general, it is recommended that you start values ofone second for each of the polling and general timeouts. You should extendthese when using 3DES encryption. You should further extend the timers basedupon workload. A reasonable setting for 100 target devices running triple DES inthe network would be three seconds.

• Login General Timeout; a reasonable setting for 100 target devices runningtriple DES in the network would be ten Seconds for the General Timeout.

5. On the Burn the Boot Device dialog, configure the target device IP. If the Use DNSto find the Server option is selected and your DHCP service does not provideoption 6 (DNS Server), then enter the following required information (note that theserver name must be less than 16 characters length and the domain name less than48 characters in length):

• Primary DNS Server Address

• Secondary DNS Server Address

• Domain Name

6. Configure the Boot Deviceproperties.

• Add an active boot partition . Check this option to add a boot partition. Note:A boot partition is required if booting from the device's hard drive (for example,when selecting a XENPVDISK boot device with small partition or partition offset).

• Select the boot device from the list of devices.


228

If a partition offset size is set, a confirmation message displays to confirm thedestination size. Type Yes (case sensitive) to continue.

7. If applicable, configure Media Properties.

8. Click Burn. A message appears to acknowledge that the boot device wassuccessfully created. If selecting ISO format, use your CD burning software to burnthe ISO image.

9. Click Exit to close the utility.

10. Boot the target device and enter the BIOS Setup. Under the Boot Sequence, movethe boot device to the top of the list of bootable devices. Save the change, thenboot the target device.

After the boot device is programmed, a target device boot sequence can be configuredusing the Console’s Target Device Disk Properties dialog. These boot behaviors are usedafter a target device connects to a Provisioning Server. The Console allows multiplevDisk images to be assigned to a target device. The way in which these vDisks bootdepends upon the selected boot behavior.

When configuring the BIOS to work with the boot device (either USB or ISO image), it isimperative that the NIC PXE option is enabled. The PXE boot option is required in orderfor the NIC Option ROM to stay resident in memory during the pre-boot process. Thisway, UNDI will be available to the boot device to properly initialize the NIC. Otherwise,the "API not found" message would be displayed by the boot device.


229


230

Chapter 18

Managing Printers

Topics:• Installing Printers on a vDisk

• Enabling or DisablingPrinters on a vDisk

• Methods for EnablingPrinters on a vDisk

• Enabling the PrinterManagement Feature

Provisioning Server provides a Printer Management featurethat allows you to manage which printers target devices haveaccess to on a vDisk. Printers are managed from the TargetDevice Properties dialog.

This feature should not be enabled if you use Active Directoryto manage printers. If you use an existing printer managementtool, this feature should be disabled to avoid printer settingconflicts.

There are two types of printers that can appear in the Consolewindow:

w Network Printers

w Local Printers

Before a target device can access a printer, the followingtasks must be completed in the order that follows:

w Installing Printers on a vDisk on page 232

w Methods for Enabling Printers on a vDisk on page 233

w Enabling the Printer Management Feature on page 235

231

Installing Printers on a vDiskPrinters must be installed on the vDisk image before the printers are available to targetdevices booting from that disk.

To install printers on the vDisk:

1. Change the vDisk image mode to Private Image mode.

2. Install the required printers on the target device that is using the vDisk.

3. Perform a clean shut-down of the target device that is using the vDisk.

4. If this vDisk is shared by users, change the vDisk image mode back to Shared Imagemode.

5. Verify that the printers display in the Console:

a. Right-click on the target device, select the Properties menu option.

b. Select the vDisks tab, then click on the Printers button. Printers associatedwith that vDisk should appear in the list of available printers.

After successfully installing printers, the next step is to enable printers for targetdevices that access this vDisk (for details, refer to Methods for Enabling Printers on avDisk on page 233).

Enabling or Disabling Printers on a vDiskNote: The Printer Management feature is only recommended if you are not usingActive Directory to manage printer groups.

By default, printers are not enabled on the vDisk. Enable or disable printers from theTarget Device Properties vDisk tab. On the Printers dialog, enable the checkbox next toeach printer to enable or disable it. After enabling (assigning) printers to targetdevices, the Printer Management feature must then be enabled on the vDisk.

Until Printer Management is enabled, all printers that are installed on the target deviceare available to that target device. By enabling Printer Management, you can selectprinters or remove printers from individual target devices.

After a target device boots, printer information, which is included in a vDisk image,becomes available to target devices. Printer Management is initially disabled until allprinter-to-target device assignments are completed for the vDisk. Disabling individualprinters prohibits target devices from accessing those printers.

Note: Disabling printers does not remove the printer information from the vDisk.Changes to the target devices printer assignments do not occur until the target devicereboots.

Examples of reasons you may want to disable Printer Management include:

Chapter 18 Managing Printers

232

w You may be using a different printer system that installs the valid printers on eachtarget device and software may delete them or cause conflicting settings.

w Printers that are included on the vDisk should be accessible to all users.

w The system needs to be configured before being deployed. Until the PrinterManagement feature is enabled, changes can be made for different target devicesas needed.

All printers installed on a vDisk appear in the Details panel when the Printers groupfolder is expanded for that vDisk.

If a disk is a HA vDisk (has a duplicate with same vDisk name), changes to that printer(if it is enabled or disabled for a target device) are automatically made to theduplicate vDisk.

Enablement Methods

Using the Console, you can manage which target devices use which printers. There areseveral methods for managing target device printer assignments. Choose from thefollowing methods:

w Enabling printers for target devices using the Printer settings option. Use thismethod to enable or disable a single printer to multiple target devices accessing avDisk.

w Enabling printers for target devices using the Printers group folder. Use this methodto select printer settings (enable/disable; default) for a single target device.

w Enabling printers using Copy and Paste. Use this method to copy printer settings ofone target device (enabled/disabled; default printer), to one or more target devicesselected in the Details panel.

w Enabling printers using an existing target device as a template. Use this method toautomatically set printer settings when a target device is added to the network.

Note: The Administrator may choose to limit the number of printers for particulartarget devices or select different default printers for particular target devices. Thesettings that are selected are saved to the target device’s personality information (if thelimit for this field, 65K, is reached, a message appears indicating that some of thesettings will not be saved and offers suggestions for decreasing the size).

Methods for Enabling Printers on a vDiskChoose from the following methods to enable printers on a vDisk:

w Enabling printers for target devices using the Printer Settings option on page 234

w Enabling printers for target devices using the Printers group folder on page 234

w Enabling printers using Copy and Paste on page 235

w Enabling printers using an existing target device as a template on page 235


233

Enabling printers for target devices using thePrinter Settings option

Use this method to assign a single printer to multiple target devices. This method isvery useful when managing the printer-to-all target devices relationship.

1. In the Console tree, under Provisioning Servers, click the Printers group folder. Allprinters associated with that group appear in the Details panel.

2. Right-click on a printer in the Details panel, then select the Client PrinterSettings... menu option. The printer settings dialog for that printer appears.

3. Enable or disable this printer for one or more target devices using any of thefollowing options:

• In the Enable column, select the checkbox next to each target device to enableor disable use of this printer.

• Select the checkbox under the dialogs Enable heading to enable or disable thisprinter for all target devices assigned to the vDisk.

4. To select this printer as the default printer for target devices accessing this vDisk,select from the following methods:

• Select the Default checkbox in the dialogs Default heading to set this printer asthe default for all target devices assigned to this vDisk.

• Highlight one or more target devices, then right-click to open the contextmenu. Select from the following menu options; Default, NotDefault All DefaultAll Not Default

• In the Default column, select the checkbox next to each target device thatshould use this printer as the default printer. If there is only one printer, thatprinter is automatically set as the default printer.

5. Click OK to save settings for this printer and exit the dialog.

Enabling printers for target devices using thePrinters group folder

Use this method to select printer settings (enable/disable; default) for a single targetdevice.

Note: After selecting printer settings for a single target device, you may choose toduplicate this target devices printer settings using the Copy and Paste features.

1. Under the target device’s vDisk, click the Printers group folder in the tree. Printersthat are associated with that group appear in the Details panel. By default,printers are not enabled for a target device and the first printer listed is set as thedefault printer.


234

2. Select or deselect the Enable checkbox next to each printer to enable or disablethe printer for this target device. You can also choose from one of the additionalselection methods that follow.

In the Details panel:

• Select or unselect the Enable checkbox within the table heading to enable ordisable all printers.

• Highlight a printer, then use the space bar to enable or disable printers.

Enabling printers using Copy and PasteUse this method to set the same printer settings (enabled/disabled; default printer)that exist for one target device, to one or more target devices that use the samevDisks. This method is particularly useful when adding new target devices and thosetarget devices use the same vDisks, and therefore the same printers, as an existingtarget device.

1. In the Console, right-click on the target device that you want to copy printersettings from.

2. Select the Copy menu option. The Copy target device properties dialog appears.

3. Under Options, select Printers, then click OK to exit the dialog.

4. In the Tree, highlight the Target Devices directory so that all target devices appearin the Details panel.

5. Highlight one or more target devices that you want to paste the printer settings to(enable/disable; default).

6. Right-click on the highlighted target devices, then select the Paste menu option.

Enabling printers using an existing target device asa template

Use this method if you want all new target devices, that are being added to yournetwork, to automatically share printer settings (enable/disable; default).

1. In the Console, double-click the target device that you want to select as thetemplate. The Target Device Properties dialog appears.

2. On the General tab, select the Set as default target device option.

3. Click OK to exit the dialog.

Enabling the Printer Management FeatureNote: The Printer Management feature is only recommended if you are not usingActive Directory.


235

After assigning printers to target devices, the Printer Management feature must beenabled before any printers on the target device can be removed. Until PrinterManagement is enabled, all printers installed on the target device are available to thetarget device. Once the feature is enabled, any changes to target devices printersettings (enable/disable; default) become available the next time the target deviceboots from the vDisk.

If the Printer Management feature is disabled and a target device boots from a vDiskthat has printers installed on it, that target device has access to all printers on thatvDisk. If the Printer Management feature is enabled and the target device boots fromthat same vDisk, that target device can only access those printers that are enabled forthat target device.

To enable or disable printers on a selected vDisk:

1. In the Console, expand the Provisioning Server node in the tree panel, then selectthe vDisk that you want printers enabled or disabled on.

2. Select File Properties from the right-click menu, then select the Options tab.

3. Under Printer Settings, select the Enable the Printer Settings checkbox option toenable settings, or leave the checkbox blank to disable printer settings.

4. If the Enable the Printer Management checkbox is selected, the Enable PrinterManagement menu options appear checked when the Printers group is highlighted.

5. If the Enable the Printer Management checkbox appears disabled, all printers existon the selected vDisk.

You can also choose from the following methods to enable or disable the PrinterManagement feature using right-click menus:

Printers Group

In the Tree, under Provisioning Servers, expand a Provisioning Server, then expand thevDisk for which you want to disable Printer Management. Right-click on the Printersfolder for that vDisk, then select the Disable Printer Management option.

Virtual Disk

In the Tree, under Provisioning Servers, right click on the vDisk for which you want todisable Printer Management, then select the Disable Printer Management option.


236

Chapter 19

Logging

Topics:• Configuring Provisioning

Server Log Properties

• Configuring Target DeviceLog Properties

• Log Files and Content

Provisioning Services provides logging to help withtroubleshooting and managing a Provisioning Services farm.

All log file settings can be managed from the ProvisioningServices’ Console. Settings are saved to the database asproperties that are specific to each Provisioning Server ortarget device.

Logging includes:

Configuring Provisioning Server Log Properties on page 238

Configuring Target Device Log Properties on page 239

Log Files and Content on page 240

237

Configuring Provisioning Server Log PropertiesProvisioning Server properties include:

w Level of logging (as described in the procedure that follows)

w Maximum size of the log file (MB)

w Maximum number of log file backup copies to retain

To edit a Provisioning Server’s log properties

Note: Changes to target device log properties are immediate. Changes to Server logproperties may take up to ninety seconds to take effect.

1. In the Console, right-click on the Provisioning Server, then select the Propertiesmenu option.

2. On the Logging tab, select one of the following logging levels (Note: The logginglevels that follow are listed from the minimum level to the maximum level oflogging information that can be collected Logging levels are inclusive of previouslevels. For example, if you select INFO, log information will include WARN, ERROR,and FATAL):

• OFF

Logging is disabled for this Provisioning Server.

• FATAL

The FATAL level logs information about an operation that the system could notrecover from.

• ERROR

The ERROR level logs information about an operation that produces an errorcondition.

WARN

• WARN

The WARNING level logs information about an operation that completessuccessfully, but there are issues with the operation.

• INFO

Default logging level. The INFO level logs information about workflow, whichgenerally explains how operations occur.

• DEBUG

The DEBUG level logs details related to a specific operation and is the highestlevel of logging. If logging is set to DEBUG, all other levels of logginginformation are displayed in the log file.

Chapter 19 Logging

238

• TRACE


3. In the Max File Size text box, scroll to select the maximum size that a log file canreach. When the max file size is reached, the file is closed and an index number isappended to the file name, then a new file is created.

4. In the Max Backup Files text box, scroll to select the maximum number of backupfiles to retain, then click OK. The oldest log file is automatically deleted when themaximum number of backup files is reached.

5. On the General tab, enable Log events to the server’s Windows Event Log to allowfor logging events using the Windows Event log on the Provisioning Server that iscommunicating with this target device. This log includes errors that may occurafter the early boot phase as well as any critical error reporting. Click OK.

Note: Provisioning Server logging levels should not be set by modifying theStream_log.config file manually (refer to “Log Files and Locations”) because itmay cause the logging level to be out of sync.

Configuring Target Device Log PropertiesTarget device logging should only be turned on if there are issues with the device;logging on the device is dependant on logging being enabled on the Provisioning Server.Logging information is sent back to the Provisioning server and written to its log file.

Target device log properties include setting the level of logging on the target device.

To edit a target device’s log properties

1. In the Console, right-click on the target device, then select the Properties menuoption.

2. On the Logging tab, select one of the following options:

• OFF

Logging is disabled for this target device.

• FATAL

The FATAL level logs information about an operation that the system could notrecover from.

• ERROR

The ERROR level logs information about an operation that produces an errorcondition.

• WARN

The WARNING level logs information about an operation that completessuccessfully, but there are issues with the operation.

• INFO


239

Default logging level. The INFO level logs information about workflow, whichgenerally explains how operations occur.

• DEBUG

DEBUG logs all system level activity.

• TRACE


Log Files and ContentThis sections describes how to locate log files and identifies the types of informationthe log file contains.

w Log File Location on page 240

w Log File Contents on page 241

Log File LocationFiles used to manage logging and any generated log files are located in: %APPDATA%\Citrix\Provisioning Services\logs

For example:

C:\Documents and Settings\All Users\Application Data\Citrix\Provisioning Services\logs

Log files include:

Stream_log.config

Note: This file should not be edited manually. Logging levels should be set throughthe Console. Any edits made to this file manually are lost when the ProvisioningServer restarts, or when logging levels are changed using the Console.

Stream.log

StreamProcess.exe, StreamProcess.exe, Manager.dll,

and Streamdb.dll all write to the Stream.log file.

MCLI.log

MCLI.exe writes MCLI logging information to MCLI.log

SoapServer.log

SoapServer.exe writes SoapServer logging information to SoapServer.log

Console.log

Console.exe writes Console logging information to Console.log

Chapter 19 Logging

240

ConfigWizard.log

ConfigWizard.exe writes Provisioning Server configuration logging information toConfigWizard.log

Log File ContentsThe content of a log file includes:

w Timestamp

w Logging Level

w Component and method used to perform logging

w Provisioning Server and target device identity (name, IP, or MAC)

w Logging message with supporting data of Windows error codes when appropriate


241

Chapter 19 Logging

242

Chapter 20

Auditing

Topics:• Enabling Auditing Information

• Accessing AuditingInformation

• Archiving Audit TrailInformation

Provisioning Services provides an auditing tool that recordsconfiguration actions on components within the ProvisioningServices farm, to the Provisioning Services database. Thisprovides administrators with a way to troubleshoot andmonitor recent changes that might impact systemperformance and behavior.

The Provisioning Services administrator privileges determinesthe audit information that can be viewed and the menuoptions that are visible. For example; a Farm Administratorcan view all audit information within the farm, unlike aDevice Administrator whom can only view audit informationfor those device collections they have privileges to.

Auditing tasks include:

w Enabling Auditing Information on page 245


w Archiving Audit Trail Information on page 248

Note: Auditing is off by default. Also, if the ProvisioningServices database becomes unavailable, no actions arerecorded.

The managed objects within a Provisioning Servicesimplementation that are audited include:

w Farm

w Site

w Provisioning Servers

w Collection

w Device

w Store

w vDisks

Only those tasks that are performed from one of the followingProvisioning Services utilities are recorded:

w Console

243

w MCLI

w SOAP Server

w PowerShell

Note: Tasks that are not performed using these utilities,such as booting target devices or Provisioning Servers byother methods, are not recorded. If the Provisioning Servicesdatabase becomes unavailable, no actions are recorded.

Chapter 20 Auditing

244

Enabling Auditing InformationThe auditing feature is disabled by default. To enable auditing:

1. In the Console tree, right-click on the farm, then select the farm Properties menuoption.

2. On the Options tab, under Auditing, check the Enable auditing checkbox.

Accessing Auditing InformationAuditing information is accessed using the Console or using one of the followingprogramming utilities:

w MAPI (refer to the MAPI Programming Guide)

w PowerShell (refer to the PowerShell Programming Guide)

w SOAP Server (refer to the SOAP Server Programming Guide)

In the Console, a farm administrator can right-click on a parent or child node in theConsole tree to access audit information. The audit information that otheradministrators can access depends on the role they were assigned.

The tree allows for a drill-down approach when accessing the level of audit informationneeded.

Right-click on a:

w Farm, to view audit information for all managed objects within this farm or toarchive audit information.

w Site, to view audit information for all managed objects within a site.

w Provisioning Server, to view audit information for all servers within a site, or right-click on a single server to view audit information for that server.

w Collection, to view audit information on all managed objects that are members ofthis collection.

w Store, to view audit information for all stores within a site or farm, or right-click ona single store to view audit information for that store.

w Target device, to view audit information for all target devices within a site, or right-click on a single target device to view audit information for that device.

w vDisk, to view audit information for all vDisks within a site or farm, or right-click ona single vDisk to view audit information for that vDisk.

To access auditing information from the Console

1. In the Console, right-click on a managed object, then select the Audit Trail...menu option.


245

The Audit Trail dialog displays or a message appears indicating that no auditinformation is available for the selected object.

2. Under Filter Results, select from the following filter options:

Option Description

User To narrow the resulting audit information that displays byuser, select a user to filter on from the User drop-downmenu. The default is All users.

Domain To narrow the resulting audit information that displays bydomains, select a domain to filter on from the Domaindrop-down menu. The default is All domains.

Start date To narrow the resulting audit information that displays bydate, select a start date for which the audit informationshould display from the Start date drop-down menu. Thedefault is one week prior to the current date. Forexample, if today is the 23rd, the start date woulddefault to the 16th.

End date To narrow the resulting audit information that displays bydate, select an end date for which the audit informationshould display from the End date drop-down menu. Thedefault is the current date.

Action To narrow the resulting audit information that displays bythe action, such as Set Disklocator, select the action fromthe Action drop-down menu. The default is to display allactions.

Type To narrow the resulting audit information that displays bythe type of action, such as Disklocator, select the typefrom the Type drop-down menu. The default is to displayall types.

3. Click Search.The resulting audit information displays in the audit table, which displays thefollowing information:

Note: Columns in the audit table can be sorted in ascending and descendingorder by clicking on the column heading.

• Action list number

Based on the filter criteria selected, the order the actions took place.

• Date/Time

Lists all audit actions that occurred within the Start date and End date filtercriteria.

• Action

Chapter 20 Auditing

246

Identifies the name of the Provisioning Services action taken.

• Type

Identifies the type of action taken, which is based on the type of managedobject for which the action was taken.

• Name

Identifies the name of the object within that object’s type, for which the actionwas taken.

• User

Identifies the user’s name that performed the action.

• Domain

Identifies the domain in which this user is a member.

• Path

Identifies the parent(s) or the managed object. For example, a Device will havea Site and Collection as parents.

4. To view additional details for a particular action, highlight that action’s row withinthe results table, then click one of the option buttons that follow:

Option Description

Secondary Click to view information on any secondary objects thatthis action affected. This opens the Secondary dialog,which includes the Type, Name, and Path information.This dialog allows you to drill down to view secondaryobject actions such as Parameters, Sub Actions, andChanges as described below.

Parameters Click to view any other information used to process theaction. This opens the Parameters dialog, whichincludes Name (parameter name) and Value (objectname) information.

Sub Actions Click it to view additional actions that were performedto complete this action. This opens the Sub Actionsdialog, which includes Action, Type, Name, and Pathinformation.

Changes Click to view any new or changed values (such as‘Description’) associated with the object (such as atarget device). This opens the Changes dialog, whichincludes Name, Old, and New information.

Note: If an option displays disabled, that option is not valid for the currentlyselected action.


247

Archiving Audit Trail InformationThe Farm Administrator determines how long to make audit trail information accessiblebefore it is archived.

To set audit trail archiving

1. In the Console tree, right-click on the farm, then select Archive Audit Trail....The Archive Audit Trail dialog appears.

2. Browse for the location where audit trail information will be save (XML file).The Select File to Archive Audit Trail To dialog opens.

3. Select the location, then type the name of the new file in the File name textbox.

4. Open the calendar from the End date drop-down menu, then select the date thatthe audit trail information should be archived.The default is automatically set to the current date.

5. Check the Remove information archived from the Audit Trail checkbox to removeall audit information. Once the information is removed, it can no longer beaccessed directly from Provisioning Services. It will only exist in the XML file.

6. Click OK.

Chapter 20 Auditing

248

Chapter 21

Managing Multiple Network InterfaceCards

Topics:• Requirements and

Considerations forManufacturer's NIC Teaming

• Requirements andConsiderations forProvisioning Services NICFailover

Provisioning Services provides the ability to run redundantnetworks between the servers and the target devices. Thisrequires that both the servers and the target devices beequipped with either multi-port NICs or multiple NICs.

Multiple NICs on the target device may be configured into avirtual team by using Manufacturer’s NIC teaming drivers, orinto a failover group using the Provisioning Services NICfailover feature.

249

Requirements and Considerations forManufacturer's NIC Teaming

Provisioning Services supports Broadcom and Intel NIC teaming drivers. A vDisk that isbuilt after configuring NIC teaming can run Standard or Private Image Mode.

Note: Broadcom NIC Teaming Drivers v9.52 and 10.24b are not compatible withProvisioning Services target device drivers.

1. The targets operating system must be a server-class operating system, such asMicrosoft Windows 2003 or 2008 .

2. The new virtual team NIC MAC address has to match the physical NIC that performsthe PXE boot.

3. OEM NIC Teaming software should be installed and configured prior to the TargetDevice software.

4. Configure NIC teaming and verify that the selected teaming mode is expected bythe application and the network topology. It should expose at least one virtualteam NIC to the operating system.

5. During the Master Target Device installation process, Provisioning Services targetdevice client drivers need to bind to the new virtual team NIC MAC address. If allphysical NICs have been teamed up to a single virtual NIC, then the ProvisioningServices installer will automatically choose the virtual NIC silently, withoutprompting.

6. If changes are required, Provisioning Services Target Device software must beuninstalled before making changes to the teaming configuration, and thenreinstalled after those changes are complete.

7. Changes to teaming configurations on a Master Target Device that has target devicesoftware installed, may result in unpredictable behavior.

Requirements and Considerations forProvisioning Services NIC Failover

A Provisioning Services target device or Provisioning Server may be configured tosupport failover between multiple NICs. This feature will work with any brand or amixture of different brands of NICs and is available in both Standard and Private ImageMode.

1. The PXE boot NIC is considered the primary target device MAC address, which isstored in the Provisioning Services database.

2. The failover group of NICs is defined when running the Provisioning Services targetdevice installer on the Master Target Device. If the machine has more than oneNIC, the user is prompted to select the NICs that the Provisioning Services drivers

Chapter 21 Managing Multiple Network Interface Cards

250

bind to. Select all the NICs that participate in NIC failover. Alternatively, inProvisioning Services 5.1 or later, run bindcfg.exe, which is located in theinstallation directory, to selectively bind NICs post installation.

3. A Target Device will only failover to NICs that are in the same subnet as the PXEboot NIC.

4. In the event that the physical layer fails, such as when a network cable isdisconnected, the Target Device fails over to the next available NIC. The failovertiming is essentially instantaneous.

5. The NIC failover feature and Provisioning Services HA feature compliment eachother, and provide network layer failover support. If the failure occurs in thehigher network layer, then the target device fails over to the next ProvisioningServer, subject to HA rules.

6. If a NIC fails and the target device is rebooted, the next available NIC from thefailover group will be used. Therefore, these NICs must be PXE capable and PXEenabled.

7. If a virtual NIC (teamed NICs) is inserted into the failover group, the vDisk becomeslimited to Private Image Mode. This is a limitation imposed by the NIC teamingdrivers.

8. Load balancing is not supported in the NIC failover implementation.


251

Chapter 21 Managing Multiple Network Interface Cards

252

Chapter 22

Installing and Configuring EmbeddedTarget Devices

Topics:• System Requirements

• Installing Embedded TargetDevices

• Un-installing an EmbeddedTarget Device Package

• Windows XP EmbeddedBuild Overview

• Setting Up Embedded TargetDevices

Using the Provisioning Services components described in thischapter, it is possible to create Windows XP Embeddedoperating system images that can boot from a vDisk.

Note:This feature is for Windows XP Embedded developers. Thisdocument assumes that you are familiar with the MicrosoftWindows Embedded Studio tools including Target Designerand the Component Database Manager.

For more information on the Microsoft Windows Embeddedtools, please refer to the documentation provided with theMicrosoft Windows Embedded Studio.

Embedded Target Device consists of the following components:

w ProvisioningservicesTargetDeviceSupport.sld - The ServerLevel Definition (SLD) file defines the components that willbe incorporated into the Windows XP Embedded databasefor use in the XP Embedded operating systems.

w ProvisioningservicesRepository - Contains all of the filesused in the ProvisioningservicesTargetDeviceSupport.sld,including Provisioning Services’ drivers and installationutilities. These files are included in an XP Embedded buildcontaining Provisioning Services components.

253

System Requirementsw Windows XP Embedded with the latest service pack.

w In order to build Windows XP Embedded operating systems, Microsoft WindowsEmbedded Studio must first be installed.

w The target device must meet the Windows XP Embedded system requirements. It isrecommended that a Windows XP Embedded operating system be built first on thedesired embedded target device to ensure OS compatibility and to resolve any OSspecific issues (such as driver requirements).

w Each embedded target device must also meet the target device requirementsoutlined in the Provisioning Services Installation Guide.

w A local drive must exist on a target system during the initial XP Embedded operatingsystem build process. This is necessary to allow Microsoft’s First Boot Agent to runand finish your XP Embedded image setup. Once the image is complete and the XPEmbedded disk image has been copied to the vDisk on the Provision Server or onshared network storage, the local disk can be removed (if desired).

w The maximum size of the vDisk is 2 terabytes.

Installing Embedded Target DevicesInstallation of Embedded Target Device components is done through the ProvisioningServices Installation Wizard.

1. Close all Windows and Embedded Studio tools that may be open (Target Designerand/or Component Designer).

2. When the Provisioning Services Installation Wizard is run, components used to buildProvisioning Services into an XP Embedded operating system are installed bydefault. Run the Component Database Manager from the Microsoft Start menu.

3. Select Programs>Microsoft Windows Embedded Studio.

4. Select the Database tab, and then click the Import button.

5. On the Import SLD screen, point the SLD file field to theProvisioningservicesTargetDeviceSupport.sld in the destination directory createdby the Provisioning Services installation. Select the desired root destination(typically there is only one choice), and then click the Import button to start theimporting process.

6. Exit the Component Database Manager.

The Embedded Target Device support components will now be available in TargetDesigner under the Software: System: Network & Communication component group.The Embedded Target Device support macro component causes all necessaryProvisioning Services’ components to be included during dependency checking.

Chapter 22 Installing and Configuring Embedded Target Devices

254

Un-installing an Embedded Target DevicePackage

1. Select Start>Programs>Microsoft Windows Embedded Studio.

2. Select the Package tab.

3. Under Available Packages, select the Provisioning Services Embedded TargetDevice package, then click the Delete Package button.

4. A Confirmation Delete Package dialog appears, displaying all Provisioning Servicescomponents. Check the Delete all Provisioning Services Database files option,and click Yes.

5. Select the Group tab.

6. Under Available Dependency Groups, select Provisioning Services ComponentGroup, then click the Delete Dependency Group button.

7. Go to Control Panel>Add/Remove Programs, select Provisioning Services, andclick Change/Remove to uninstall the program.

Windows XP Embedded Build OverviewTo fully understand how Provisioning Services gets incorporated into a Windows XPEmbedded operating system, it is first necessary to understand how a Windows XPEmbedded operating system is built. The illustration below outlines the major phasesof a Windows XP Embedded operating system build process.

Note: For more information on building an XP Embedded operating systems, refer tothe Windows XP Embedded Platform documentation provided with the WindowsEmbedded Studio tools.


255


256

Provisioning Services installation occurs in two phases. Phase one occurs when theoperating system is built with Target Designer. All necessary files and non-device-specific components are installed in the target operating system.

Phase two occurs the first time the Windows XP Embedded operating system boots. Atthis time, all device-specific installation steps are performed. This second phasecannot occur until after the First Boot Agent has completed and the full operatingsystem is up and running.

Note: If automatic installation was turned off to remove the dependence on theExplorer shell component, it will be necessary to manually run the second phase of theinstallation process.

Once the XP Embedded Image with Provisioning Services support is fully up andrunning, it can be imaged onto the embedded target device’s vDisk, after which theembedded target device can be booted virtually.

Note: Provisioning Services require that at least one of the target systems have aphysical disk for the creation of the initial XP Embedded operating system. After theoperating system is built and transferred to a vDisk, the target system’s physical diskcan be removed (if desired).


257

Setting Up Embedded Target Devices1. Transfer the built XP Embedded Image to the XP Embedded partition on the

embedded target device.


258

Note: The embedded target device must be configured to be bootable by XPEmbedded. To do this, run the BootPrep utility provided by Microsoft. For moreinformation on preparing target media to boot Windows XP Embedded, refer to“Building a Run-Time Image” in the Microsoft Windows XP Embedded Help.

2. Change your embedded target device’s BIOS setting to boot Network first, thenboot the embedded target device.

3. The XP Embedded Image will run through the Microsoft’s First Boot Agent (FBA),and complete the setup of the XP Embedded Operating system.

Note: By including the "Network Command Shell" component, the embeddedtarget device can be configured to use a static IP address from the command line(using netsh.exe). For more information on the Network Command Shell, refer tothe following web page: http://www.microsoft.com/technet/prodtechnol/winxppro/proddocs/netsh.asp

If the XP Embedded Image was created with Automatic installation turned off, orwith a shell other than the Explorer Shell, Provisioning Services installation willhave to be completed manually. This can be done by running bnSetup.bat locatedin the C:\Program Files\Citrix\Provisioning Services directory. If the commandprompt component (CMD - Windows Command Processor) was not included in thebuild, you may have to run the commands in the batch file manually.

Note: The batch file BNSetup.bat will reboot your system.

4. Prepare your embedded target device. Once the XP Embedded Operating system iscompletely up and running an additional local disk appears on the device. This diskis the vDisk associated with the embedded target device and is actually located ona Provisioning Server.


259

http://www.microsoft.com/technet/prodtechnol/winxppro/proddocs/netsh.asp

http://www.microsoft.com/technet/prodtechnol/winxppro/proddocs/netsh.asp


260

Glossary

AutoUpdateA command-line utility that is used to create a delta file when incrementallyupdating a vDisk.

Boot Device Manager (BDM)A utility used to create boot devices that have the bootstrap and IP information pre-installed; enabling a target device to boot over the network without the use of PXEor DHCP.

Boot ServicesA set of network boot services that can be used to get the boot informationnecessary when booting a target device from a vDisk, including PXE, TFTP, and BOOTP.

BOOTPAn IP/UDP bootstrap protocol (BOOTP), which allows a target device to discover itsIP address and other IP configuration parameters.

BOOTPTABBOOTPTAB is the backend table that maps a target devices MAC addres to the IPaddress assigned by the administrator.

Common Image FeatureA feature that allows a single vDisk image to work for target devices using networkinterface cards that vary.

Device AdministratorDevice Administrators manage device collections within a site.

Device CollectionA logical grouping of devices. For example, a device collection could represent aphysical location, a subnet range and a logical grouping of target devices. A targetdevice can only belong to one device collection.

Device OperatorDevice Operators can view the properties of vDisks and target devices and, boot orshut down target devices within a device collection.

Disk Maintenance ModeMarks a vDisk as currently under maintenance and unavailable to target devices. Onlya Maintainer Device can have a vDisk streamed to it when that vDisk is inmaintenance mode; simular to working in Private Image Mode. However, versions of avDisk that are not under maintenance can still be streamed.

Disk Store (Store)A logical name given to a physical storage location for vDisks. The store is used byone or more Provisioning Servers within a farm to refer to a shared storage location.

vDisk PoolThe collection of all vDisks available to a site. There is one vDisk pool per site.

261

DomainAn Active Directory domain as defined by Microsoft.

Dynamic Host Configuration Protocol (DHCP)A protocol used for assigning IP addresses and other IP parameters to devices on anetwork.

EULAEnd-User License Agreement.

Farm AdministratorA farm administrator can view and manage all objects within a farm. Farmadministrators can also create new sites and manage role memberships throughoutthe entire farm.

High Availability Feature (HA)A Provisioning Services environment in which at least one Provisioning Server isconfigured as a backup should the primary Provisioning Server fail for any reason. Ifthe connection between a targetdevice and a Provisioning Server is lost and HA isenabled, the connection will failover to the secondary Provisioning Server.

IPSECInternet Protocol Security.

Master Target DeviceA target device that has Provisioning Services device software installed, and fromwhich a hard disk image is built and stored on a vDisk. Provisioning Services thenstreams the contents of the vDisk created from the Master Target Device to othertarget devices on demand.

Maintainer Device

A target device that is designated as a maintainer device, has the ability to stream avDisk that is currently in maintenance mode. In contrast, non-maintainer targetdevices are not able to stream a vDisk in maintenance mode; instead, they streamthe highest numbered versioned vDisk that is available.

In order to prevent confusion and unexpected results, a maintainer device is onlycapable of booting images that are in maintenance mode.

There is not a hard link between maintainer devices and disks in maintenance mode.As long as the disks are assigned to the devices and the maintenance bits are thesame, the target devices can boot the disk in private image mode.

MMCThe acronym for Microsoft Management Console.

Non-versioned vDiskA single vDisk, VHD file, with no differencing disks associated to it. Switching thevdisk to Private Image Mode will enable the VHD file to be updated directly, withoutcreating a new version of the vDisk. However, the first time a vDisk is placed intomaintenance mode, it becomes a versioned vDisk.

Glossary

262

Optimization UtilityA command-line utility used to apply several settings to your hard drive or vDisk, thatconfigures Windows to perform at optimal performance when running from a vDisk.

Preboot Execution Environment (PXE) ServiceAn optional software service that can deliver the boot file name and location totarget devices.

Provisioning Services Console (Console)A management console utility used to manage configuration settings for targetdevices, Provisioning Servers, and vDisks.

Provisioning Services database (database)Repository of configuration settings for Provisioning Servers, target devices, and vDisks.

Provisioning Services FarmA group of Provisioning Servers that share the same database.

RoleA set of defined permissions that can be assigned to a farm, site, and collection.

Role Based AdministrationThe method of administration that limits the administer’s management permissionsto those defined in the assigned role.

SiteA container that groups a vDisk Pool, Provisioning Servers and Device Collections. Asite can represent a physical or logical location.

StoreA store is the logical name for the physical location of the vDisk folder that can existon a local server or on shared storage.

Stream ServiceThe software service that transfers software between a target device, its vDisk, andwrite cache.

Target DeviceA device, such as a desktop computer or server, that boots and gets software from avDisk on the network, by communicating with a Provisioning Server.

Target Device Optimization UtilityA command-line utility used to apply several settings to your hard drive or vDisk that,when used, configures Windows to perform at optimal performance when runningfrom a vDisk.

User Datagram Protocol (UDP)The primary protocol used by Provisioning Servers.

User GroupsUser groups provide Farm and Site Administrators with the ability to create andmanage groups of users based on existing Active Directory or Windows groups.


263

VHD CollapseWhen a VHD stack becomes too large, it can cause performance issues for thosetarget devices accessing it. To improve performance, collapse the VHD stack intofewer differencing disks.

VHD Differencing Disk (Snapshot)A differencing disk contains the changes made to a VHD, without changing the VHD.In the storage industry similar concepts include thin cloning and snapshots. InProvisioning Services, each version of a VHD is considered a version. The base VHDfile is represented by version 0 (baseVHD.0) and each subsequent differencing diskwill have an incrementing version number (baseVHD.n+1).

VHD StackA series of one or more VHD differencing disks that are associated to a single baseVHD disk.

ViewA logical grouping of target devices within a farm or site, for the purpose of simplifydevice administration. A view can represent target devices spread across multiplesites and device collections. A target device can belong to any

Virtual Disk (vDisk)A file that is accessible to a Provisioning Server and is used to emulate a hard drivefor a target device.

Versioned vDiskA vDisk that has one or more VHD differencing disks referencing a single base VHDfile. This is also referred to as a VHD stack. A versioned disk is created from a non-versioned disk by enabling maintenance mode. Every time maintenance mode isenabled, a new version is created.

Write Cache ModeThe cache option selected to store a target device’s disk writes when using a write-protected vDisk. The write cache can reside on the Provisioning Server, on sharedstorage, in the target device’s RAM, or on the target device’s local hard drive.

XenConvert UtilityA utility that can copy the contents of a hard disk to a vDisk, or from a vDisk to ahard disk.

Glossary

264