Sunday, July 12, 2009

XENApp 5.0 on Server 2008 using PVS and XENserver

By: Rick Rohne

I recently had the pleasure of doing a pretty large XENAPP 5.0 on Server 2008 using XENServer and Provisioning Server. I thought it was an extremely successful project, and decided to share some of my experiences.


The objective of the project was to migrate from using a traditional Presentation Server 4.0 farm with published desktops to a more dynamic farm that could use both published desktops and published applications seamlessly.

Some of the challenges that were faced in the "old" farm were:

  • Servers were identical and imaged using Altiris. Although the solution was sound, the amount of time it took to install new applications and re-image all the 30+ servers took 2 to three weeks for image times.
  • Server hardware in the old farm was running on Blade technology, and the server sprawl was getting out of control and the data center power consumption was at peak.
  • Application short cutting for published desktops was also difficult to maintain. A short term solution was to use group policy, but as the organization grew, so did the complexity of shart menu short cuts and permissions.
  • The server hardware was leased, and as technology changed, so did the complexity of running multiple images for different hardware platforms.
  • Introduce the XENApp Plugin (Formerly known as PNAgent) for laptops and PC's on the network while still keeping published desktops available for thin clients.

Design solution

The first discussion was to move the customer to XENAPP 5.0 on 64 bit hardware. While this would satisfy the requirements to eliminate server sprawl, it also introduced new issues, such as 64 bit Print drivers (Yes, the organization was using published desktops with thin clients, so printing actually used print drivers instead of the universal print driver).

Instead of moving to 64 bit servers, I took a more modern approach using 32 bit XENAPP running on XENServer. This would allow the organization to run approximately 4 – 5 VM's per physical box. It would also remove the complexity of migrating between different hardware platforms.

To handle the imaging of the servers, I decided to go with Provisioning Server. After all, it's included with XENServer Enterprise or XENAPP Platinum edition.

To handle the short cutting I decided to introduce XENApp Plugin on both the server desktops and the client PC and laptops.

Profile management would be handled using Citrix Profile manager and a central CIFS share.

XENServer 5.0

The servers that were provided were DELL Dual-quad core servers running XENServer 5.0 embedded edition with local RAID 5 storage. Hyper-threading was enabled, a quantity of 8 NIC cards, and we had 24 GB or RAM to play with.

My first instinct was to limit the amount of VM guests to 4, this allowed me to subscribe up to 4 virtual CPU's to each host and allocate 4 GB of RAM to each host and have plenty of room for adding additional VM's if the capacity was available.

I used local storage instead of shared storage, not that I didn't want to, but simply because it was a convenient choice due to the organizations capacity and performance limitations on their SAN infrastructure.

I allocated 30GB to the first server that was built. Since this server was actually going to be delivered using provisioning server, I decided to get that part out of the way before even considering installing any applications or installing XENApp. (More on that experience later).

Each VM that would be running XENAPP would be allocated a 10 GB virtual local hard drive. Of course this drive has to be pre-formatted with NTFS, so I created a copy from a template VM that had already had it's drive formatted. Finally, I configured the VM for Network boot and optimized each VM for Citrix XENApp.
(See Images Below)

Provisioning Server 5.0

I installed Provisioning Server on two Server 2008 Enterprise Edition 64 bit servers with high availability enabled. If you haven't implemented Provisioning server yet, what are you waiting for? The installation was terrific, and in less than 20 minutes, I was already performing a disk import of the first server.

After importing my first image, I was able to assign the MAC addresses of each of the VM copies and add their names to Active Directory using the PVS management console. A couple notes to remember when using XENServer with PVS.

  1. The option to boot the VM's from PVS will not work, this is because XENServer does not support WAKE-on LAN.
  2. The MAC addresses need to be static, (Do not let XENServer dynamically change the MAC address on boot; otherwise your servers will no longer be associated to PVS).
  3. Don't install Citrix User Profile manager before the disk image, this causes the services to break but a simple re-install will fix it if you did accidentally install UPM beforehand.
Basically placed one of the VM's in private image mode and allowed it to boot from the master image. From there installed XENApp, UPM, and the XENApp Prep tool. The XENApp prep tool is a new service that Citrix introduced that works great with Provisioning server. It basically takes care of all of that scripting that we old guys had to do when we decided to image our PVS servers. It works with PVS as well as any other imaging software.

Since all the servers were virtual and provisioned, I decided to do a little performance tuning on the image. Any time I have a local disk to use on the PVS guest, I like to redirect the Print spooler and the Page file to that disk. This seems to increase performance because the PVS client does not have to proxy the temporary writes to the cache file. Of course, this is XENApp, so the typical XENApp server performance tuning steps are still in play.

XENAPP 5.0 on Server 2008

The final step to the project was designing a good XENApp farm that would accommodate a similar experience for thin client users and PC/laptop users. To accomplish this, I decided to use the XENapp plugin.

The first step after installing all the applications was to remove all the start menu short cuts completely from the system. This allowed me to publish shortcuts using the XENApp plugin and manage security to the applications directly from XENApp. The beautiful thing about this configuration is that if a user receives a published desktop, their short cuts launch the application in a seamless window without waiting on the connection bar (As long as the application was installed on the same server that the user is logged onto).

There was a little trick that I ran into on Serer 2008, however. For some reason, Server 2008 does not allow the PNAgent Pass-through authentication process (ssosrv.exe) to run so pass-through authentication did not work at first. After monkeying around with that for about 8 hours, I called Citrix and they basically told me that I had to use Kerberos for pass-through authentication to work on Server 2008. Simple enough, I changed to Kerberos, (set xml name resolution and trust delegation on the XENapp Servers) and it worked perfectly.

Because users on desktops and laptops usually have applications already installed, I created a second PNAgent site that would create a sub-folder in their start menu called Corporate Applications. This way, they could have the option to use locally installed applications or Citrix Applications without disrupting their start menu.


All in all, the project was a success. We were able to get a mixture of Published application users and desktop users running on the same set of servers. This reduced the overall footprint in the data center, reduced server sprawl and power consumption, reduced management of applications and published desktops, minimized the amount of images needed for the XENApp farm, and allowed for quick hardware independent XENApp server provisioning.

More information on Provisioning Server


  1. I may be experienceing the same pass through issue, do you have any further details? a CTX article etc?


    Jim Moyle

  2. There is no Citrix Article that discusses the issue of Pass-through on server 2008. Sorry (I called Citrix and they verified my story) Setting up Kerberos is not too hard.

  3. Are your PVS servers VMs?

  4. No, you definetly want to run your PVS servers as Physical servers... They are part of your core Infrastructure and should be treated as so. If you are doing a VM, you will want to design your Infrastructure so that you are using host attached iscsi storage or your VDisk store needs to be located on fast dedicated storage... Also pay close attention to RAM and Network I/O.


Microsoft Virtualization, Citrix, XENServer, Storage, iscsi, Exchange, Virtual Desktops, XENDesktop, APPSense, Netscaler, Virtual Storage, VM, Unified Comminications, Cisco, Server Virtualization, Thin client, Server Based Computing, SBC, Application Delivery controllers, System Center, SCCM, SCVMM, SCOM, VMware, VSphere, Virtual Storage, Cloud Computing, Provisioning Server, Hypervisor, Client Hypervisor.