Application virtualization, IoT and Cloud Computing, Blog of Sacha Thomet

Guide

Citrix CVAD and MTU Discovery

Recently I saw an increased number of issues by connecting to Citrix virtual desktops and apps. Desktops were connected from private devices over a Citrix ADC (aka Netscaler) but virtual apps were connected from our internal network from different branch offices.
I wrote a blog article some weeks ago: Issues by accessing Citrix Virtual Apps and Desktops on a pure IPv6 Internet Provider with enabled EDT

Our first workaround for this issue was to disable the UDP based EDT protocol which is now the default for Citrix Virtual Apps and Desktops. But this is not really our intended solution because all the benefits of EDT get lost, so we just did it on client-side with a reg hack, but so we have to identify all the clients with issues. (see the recent blog article)

Further analysis of this issue showed that the root cause of this issue is on the MTU, which means the Maximum Transmission Unit or simplified said Package size.
I found out that our branch offices has a smaller MTU than 1500 what is the default, the reason is a crypto-tunnel which is configured to all our branches. So there will be a fragmentation of the packages, in some cases the fragmentation causes problems because the payload is no more enough that a session launch will work. It looks like EDT is much more sensible on that than the classic ICA protocol on TCP.

Solution 1: How to configure MSS when using EDT on networks with non-standard MTU
In the recent blog article, I called Citrix “please fix that” but they already started on this at this point. In this article, you can see how to configure EDT for non-standard MTUs https://support.citrix.com/article/CTX231821 e.g. put the MTU to 1480 with the default.ica
The disadvantage of this solution is that the MTU is lowered for all connections, also it’s needed to figure out which MTU fits best. The benefit of this solution that it works on every platform with the exception of Android.

Solution 2: enable MTU Discovery
An even smarter option Citrix introduces on the background with CVAD 19.12, this is MTU Discovery for EDT. This feature gives the possibility to have the best MTU for each session. MTU discovery is not a invention by Citrix, just new on EDT. You can read more about MTU discovery here:
https://en.wikipedia.org/wiki/Path_MTU_Discovery

I tried to visualize these 3 scenarios:

standard, MTU set to 1500

Default configuration, MTU to 1500

The default is that MTU of 1500 bytes are sent, if the MTU on the path is somewhere smaller the package gets fragmented, what is not a big issue but in real life we see that it can be a problem.

MTU reduced to 1380 bytes according to the mentioned Citrix article
(Change in default.ica on StoreFront)

Now packaged of 1380 bytes are transmitted.
Is the possible MTU somewhere on the path smaller than 1380, the packages are still fragmented. Example on this picture, the BYOD client from the Internet.
Also, the MTU is lowered when not needed, in this example the Client in the HQ
+ This solution works on all platforms except Android.

MTU with MTU Discovery (Registry Setting on VDA)

MTU Discovery alway use best MTU

+ The MTU is figured out optimal and individually for every session. First, the Session will start with 1024 bytes and the MTU will be increased during the Session.
– Needs Citrix Workspace App for Windows 19.11 or newer.
– If the connection goes over an ADC its a minimum required version 13.0.52.24 or 12.1.56.22. If you are on a lower version the MTU perhaps remains on 1024 bytes!

You can check your EDT MTU with this command:
ctxsession -v

MTU Discovery is today not active as a default, you need to activate it on the VDA with a Registry Key, the VDA must be at minimum 19.12, details here: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/hdx/adaptive-transport.html#edt-mtu-discovery

Update 5.6.2020 – Combine solutions 1 and 2 and have the best config!
For our case, we have separated Storefront Servers for access via ADC, so I decided to implement a solution with the best of both worlds… I set the MTU in the default.ica to 1300 and I enable MTU Discovery – so Apple macOS can use the setting from the default.ica and Windows computers have the optimal value with MTU discovery

Technical:
on VDA, add this DWORD: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\icawd
Name: MtuDiscovery
Type: DWORD
Data: 00000001

default.ica, add this lines:
OutBufLength=1300
udtMSS=1300
edtMSS=1300

If MTU Discovery is active, means enabled and accessed from a Citrix Workplace App the MTU Discovery override the value set in the default.ica, what is very helpful!

How do you configure MTU on your Citrix with EDT environment? Leave a comment!

Machine Catalog with overflow

The idea for the concept behind this blog post was born during a lunch break in summer 2018 when in Switzerland the temperature was pretty high and my colleague Stefan Moser and I had the idea to go swimming in the Aare river instead have a proper lunch. This is a good example of how leaving the Office can facilitate creativity! During our walk upstream, Stefan explained to me that he thinks we need to give vGPU also to normal Office Worker users as long we have enough capacity.

Beginning of 2018 we equipped our virtual desktop infrastructure with Nvidia Tesla M10 GPUs after we’ve done some tests and figured out that only in this way we can get the same high user experience like with a powerful physical laptop computer. We purchased 4 new VMware Hosts with each 2 Tesla M10 GPUs, this is good enough to equip 256 VDIs with an M10-B Profile, which is recommended with Windows 10 and 2 screens.

This means our challenge was having 250 pooled non-persistent VDIs with only 100 vGPUs, that’s the amount of vGPUs we don’t need for the dedicated VDIs with special GPU needs. The idea was also to use vGPU-VDIs as long we have and then switch to the cheap GPU-less desktop.

The implementation of this solution is pretty simple if you know the Power of Tags in a Citrix Virtual Desktop environment.

Recipe:

Create 2 Machine Catalogs, one with VDIs with and one without vGPUs.

 

Then create one Delivery Group and restrict the desktops to the Tag “availibleForUsers”.

 

Further, build a simple PoSh script with 3 functions:
– check the number of free VDI’s in the GPU-Catalog

– set tag “availibleForUsers”

– remove “availibleForUsers” tag as soon
enough free VDIs are in GPU pool

The script is running as a scheduled Task e.g. every 5 minutes and opens and close the overflow pool.

Of course, depending on the Logon storm you need to consider how often the script is running and how many spare desktops you keep before you close the pool (VDI Offset, $FreeMachineThreshold in the Script).

Other use cases:
This script is not only useable to overflow a GPU/Non-GPU workload, but it can also be used in the various scenarios.

Just some examples:
– different hardware types, first the new cool servers than the old hardware.
– existing On-Prem resources before pay-per-use cloud resources
– Catalog in the same location before in a remote location (without any Citrix zones)

The script is available on GitHub:

https://github.com/sacha81/MachineCatalogOverflow

FAQ:

Q: Are Tags also working when you are using Citrix Cloud?
A: Yes They are. (Thanks @bjoernmue for this info)

How to use ApplePay without an expensive Credit card even in Switzerland and other countries

Those who follow me on Twitter and Facebook have already seen that I promoted the Revolut card multiple times. This was just as a happy customer! When I’m really convinced of a product I love to spread the word and want that others also can use the new cool stuff! I was a Revolut User since the beginning of 2018 and until today I spend over 8000 CHF over Revolut in 8 countries.

Yesterday 2 very important things happened

#1 Revolut introduced ApplePay for every customer (Standart, Premium & Metal).

#2 Revolut added me to the Pioneer Programm.

#1 Means you can now open a Revolut account in seconds and you are ready after some minutes to use ApplePay!

#2 Means not only that I receive from Revolut nice influencer perks, but it also means when YOU open a Revolut account with my link, but you should also receive your first physical card free of charge. Now you ask yourself why a physical card when you have ApplePay …Ok, first, a backup is always good, e.g. what if your iPhone battery is discharged. Also, you need the card if you want to pull money from an ATM. Revolut does not charge you until up to 200.- month on Standard for cash withdrawals at ATMs!

Ok, wait… was is Revolut precisely?

Revolut is an e-money service, which means app plus physical or virtual card. With Revolut, you can spend at home or abroad at the real interbank exchange rate (without unfair bank fees), set spending budgets, split bills, exchange currencies and withdraw from foreign ATMs for free (up to £200 month on Standard). With Revolut you can freeze/unfreeze your cards at the tap of a button. And with Premium and Metal account, where you pay a monthly fee, the possibilities are even more. But start with the Standard, you can do every time later an upgrade if you need.

Insider Tipps?
  • If you have to choose the currency during payment or at an ATM, ALWAYS choose the currency of the country you are currently in, so you avoid bad conversion rates outside of the force of Revolut.
  • You are on a weekend trip and use your Revolut card during the weekend in a foreign currency? Exchange the money you need on the weekend already on Friday and avoid “weekend-fees” from Revolut.
  • There are ATMs which have fees for the transaction by the ATM carrier, you will see this before of the transaction, keep an eye on it, I see fees between 0.- and 5.-! This is outside the force of Revolut.
  • If you are in a Hotel or a Car rental and you want to use the Revolut card, consider that they may block a larger amount of your money!
  • Don’t top up the Revolut card with a classic Credit card, there are Banks (e.g. Corner in Switzerland) who charge 5.- CHF fee to charge Revolut.
How to start?
  1. Click the link
  2. Enter your phone number (a text will be sent upon completion)
  3. To Download the app
  4. Create a new account in minutes
  5. Verify your account and top-up at least €10 or local currency equivalent
  6. Order your physical standard card for free
  7. You can create virtual cards and use those asap!

This Service is not yet available in all countries, but if you are not able to use the service you will see this already in Step 2. As I know there are some readers of my blog in the United States of America I have bad news … Currently, it’s not yet possible to open a Revolut account living in the US. As soon this will be available I will update this blog post.

And how can I use now ApplePay?

iPhone X with Revolut AppYou need a device that supports ApplePay e.g. an iPhone 6 or higher or an AppleWatch. Also, it’s mandatory that ApplePay is enabled in your resident Country.

ApplePay can be added directly in the Revolut App or in a classic way in the Apple Wallet app.

By the way, to use Revolut (even without ApplePay) you need a smartphone on which you can install the Revolut App!


Disclaimer: Some months ago I was pretty sure to never write a blog post about money or a Fin Tech company. Because this is about YOUR money YOU have to make your own decisions and be careful. What I suggest is to start with a free Standart account and just start with some pocket money. Revolut does not replace your today main account!

Citrix Receiver 4.11 – Keyboard and Language Bar

In Citrix Receiver 4.11 there is a new feature for Improved Control Over the Remote Language Bar for Seamless Published Applications (See https://support.citrix.com/article/CTX231913 ). This is especially for us here in Switzerland nice and important as we have four official spoken languages and also different Keyboard layouts. There is German, French, Italian and Romansh. Romansh is more or less neglected but beside German the languages French and Italian play a significant role.

As I plan to roll out the Receiver 4.11 in my company, my aim is to keep the possibility open for the user for configure that on receiver, but I want to have a pre-defined setting. By the way, earlier we always hid the Language bar by making use of the SeamlessFlags (on server side). But I experienced that this had in Server 2016 a negative impact to the logon time, don’t ask me why … But it’s a fact and i’s reproducible so I keep the Language bar visible and now I’m very happy that this is configurable in Receiver.

The configuration of this both features is is described here https://docs.citrix.com/en-us/receiver/windows/current-release/improve/keyboard-layout-and-language-bar.html and it’s possible to hide this Advanced feature with a reg Key.
But there is just described the config via GUI for the user! And there is today no way to configure that in the ADMX 🙁 

With the help of ProcMon and Total Commander I just found out which two settings are getting touched when User set this preferences:

Local Keyboard is in the good old Appsrv.ini – the value is LocalIME=1 to use the local keyboard

Language Bar is HKCU\SOFTWARE\Ica Client\Engine\Configuration\Advanced\Modules\LocalIME
DWORD: DisableLanguageBar

So if you want to configure this for all users you need to “patch” the AppSrv.ini to set the local Keyboard and/or Adjust the reg key above to disable the Language Bar on receiver side.

XenApp & XenDesktop Avoid CEIP

Already in February when I updated my Citrix environment to 7.13 I’ve seen that it’s difficult to avoid call home on the license server from now, I made a short message on twitter:

Now when I updated to 7.14 I had the issue again, because my license server and my delivery controller cannot communicate outside there is also a ugly message in Studio:

It’s pretty easy to complete turn off Customer Experience Improvement Program (CEIP):

Just add this line to the Citrix.opt file on the license server:

#CITRIX CEIP NONE

Win10 to Win10 with a Citrix VDA

Intro – my relationship with Windows 10

The company I’m working for, Die Mobiliar, started early with Windows 10, we rolled out in spring 2016 Windows 10 to all our physical devices and also to our virtual Desktops. We have two different kind of VDIs, pooled Win10 Desktops provided by Citrix PVS and also classical installed dedicated VDIs. Both with Citrix XenDesktop 7.x.

To be in the role as early-adopter with such a new operating systems is interesting but also nerve-racking on some days… Especially when you add Citrix XenDesktop on top to Windows 10 and then also special requirements like physical and virtual Smart Cards.
I talked about this adventure on E2EVC in Rome: The stony road of a VDI migration from Win7 to Win10

Next chapter

Now our story goes into the next round, we installed Windows 10 last year with the 1511 Release and we want to go now to the anniversary update (1607). For our pooled desktops it’s no question, fresh install on the new build. But an fresh install of the dedicated desktops where users have installed their own stuff will get me into big troubles … it’s really not an option!

I was curious who is in the same boat, so I created this poll:


36% are doing fresh install of dedicated desktops? Wow … BOFH? 🙂

I tell you now 2 secrets:

  • It’s not possible to update Windows 10 from one version to the other when a Citrix Virtual Desktop Agent (VDA) is installed!
  • Uninstall of Citrix VDA fails most of the times!

    Good News:
    Citrix knows that uninstall of the VDA is a problem, for that reason there exists the
    VDACleanupUtility.exe (https://support.citrix.com/article/CTX209255)
    Bad News: VDACleanupUtility.exe (VCU) should run as a User, need a reboot and login with the same user, what means it’s not in a easy way to automate that.

With some hints of the CTP colleague Stephane Thirion and my collegues at “Die Mobiliar” I was able to create this guide to automate the Windows 10 Update with an automated removal of the VDA.

Task Sequence for SCCM

We are doing this with Microsoft System Center but with the following infos it’s also possible to fulfil this challenge with other ESDs.

Upgrade Steps – Overview 
The Citrix VDI specific things highlighted in yellow, in this guide I’ll focus on that. We are using one task sequence to update all our Windows 10 installation, thats the reason we need to made a decision if the installation is a VDI or not.

After the OS upgrade we just install the VDA again with our existing software package.

Because the Windows upgrade kills the Citrix receiver we also re-install the receiver at the end.

The really hard part is the proper automated removal from the VDA, and thats where I go a bit into the deep in this article.

VDI or not – thats the question
Because we will use one TaskSequence for Win10 with and whiteout Citrix VDA we just check if the VDA is installed, we are doing that by query the Key which has been written by the Software package for VDA
A reboot to start is always smart

Sometimes the VDACleanupUtility ask for a reboot, it’s good to start with a reboot before any other steps are done.

first step of the VDA removal

The VDACleanupUtility should be started in silent mode and with a suppressed reboot:

cmd /c VDACleanupUtility.exe /silent /noreboot

The VDACleanupUtility.exe is the only thing in the Package you see on the screenshot.

Remove an action which would be done after the suppressed reboot in order of the VCU 

cmd.exe /c REG DELETE HKLM\Software\Microsoft
\Windows\CurrentVersion
\RunOnce /v CitrixVdaCleanup /f

 Now you can reboot 

Start the VCU again

this time with the switch silent and reboot – reboot doesn’t mean that it will do a reboot, it’s just the info for VCU that it’s now in phase after the reboot 

cmd /c VDACleanupUtility.exe /silent /reboot

 Now do all the Windows Upgrade steps you want to do,
here you also need to think about drivers or in virtualized environments XenTools, VMwareTools, etc. 
As a next Step install the VDA again
Re-install the Citrix Receiver

Update of Win10 will destroy your Citrix Receiver installation, for this reason install it again at the end

I want to thank here to Stephane Thirion  (https://www.archy.net) for the hints about automate the uninstall of the VDA. Also thanks to my colleagues Stefan Moser and Thomas Hahnel at Die Mobiliar with more Knowhow about SCCM Task Sequences and patience on testing.


Update Fall 2017: 

The Version of the Cleanup tool in September 2017 is able to run in unattend mode, see https://support.citrix.com/article/CTX209255 .
Also I’ve found out that the Update from 1607 to 1703 or 1709 works even when a VDA is installed.

Update November 2017: 

Now exists and article by Citrix: “How to Run the VDA Cleanup Utility with SCCM Task Sequences”: https://support.citrix.com/article/CTX229801 

Welcome to the Jungle … of the Citrix Display Modes

When I started to work with Remote Desktop stuff back in 2001 there was one thing definitely not possible, watch a video over a remote connection – not even with Citrix … in the last years a lot of things changed and Citrix improved their protocols and Video codecs from version to version. Today you can do awesome things over a remote connection with Citrix. There are many blogs and articles which shows what’s possible, also for GPU mapping 3D stuff and so on … this blog doesn’t describe how you can get the awesome 3D things out from your VDI. It’s more what if you don’t have special requirements for 3D, you don’t have time to test all possibilities, no time to tune, but you want have the best result according to the Pareto principle.

What do you configure? Nothing? Just default, because default is the setting which will fit for most Users?

 

Are you aware that default setting on XenApp/XenDesktop until VDA  7.9 was Thinwire with H.264 and since VDA 7.9 it’s Thinwire Plus (Compatibility Encoder)?
You need to consider this fact before you upgrade from 7.x to 7.9! Why they changed that? Is Thinwire Plus better? No! Is Thinwire H.264 better? No!
It’s just different! What are the differences? What I need to choose? It depends! But on what?

This blog post is mainly a comparison between Thinwire Plus and Thinwire H264 !

I’ve done a survey what is preferred for the codec on twitter, funny result 50% vs 50%:

Twitter-h264thinwire

I’ve started some tests, also with the Pareto principle, so no deep scientific background! I tested an internal video in our Intranet of 53 seconds and 1 minute of a YouTube video, Big Buck Bunny, with 25 fps,  set to 720p in YouTube. I had an eye on the user experience, means fragments, fluent movie, lip-sync and on the other side on the resource consumption like CPU and bandwidth.

(Advice if you like to do your own tests, Big Buck Bunny is nice to impress people but if you want test for lip-sync take an other movie … the Bunny doesn’t talk much …. )

 

RDAnalyzer14

For this tests I used the best, or the only one tool on the market to analyze remote display stuff, the Remote Desktop Analyzer from
Bram Wolfs and Barry Schiffer. In version 1.4 you can do some very helpful statistic reports:

 

I have tested with:

Virtual Desktop:

  • Windows 10, VDA 7.9, 2 vCPU, 4 GB Memory, virtualized on VMWare ESX.

Video Codecs:

  • Thinwire +
  • Thinwire with H264

Client:

  • Mac OSX
  • Windows 10
  • HDX Raspberry Pi

and thank you to René Bigler (Twitter @dready73 ) to test with those clients:

  • ChromeBook
  • Linux ThinClient (IGEL)

 

And this are our Results:

h264-twplus-Win10-corrected2

h264-twplus-OSX

h264-twplus-RaspberryPi

h264-twplus-iOS

h264-twplus-IGEL_IE h264-twplus-IE-ChromeOS

 

My personal conclusion:

If you have clients like ChromeBook or Windows who can manage H.264 this is your way to go. With limited H264 on the end device you run better with Tw+.

I work in a company which has internal only Windows 10 client devices but from external we have users with BYOD, and MacBooks are not a minority. For this reason I set a Citrix Policy which set all connection not coming over  Netscaler to Tw with H.264. So we have internal the best result and external still a good result over the average. What would be the best, is when it’s possible to set a Citrix Policy according to the Client OS which connects.

 

Recommended Links:

HDX Graphics Modes – Which Policies Apply to DCR/Thinwire/H.264 – An Overview for XenDesktop/XenApp 7.6 FP3: http://support.citrix.com/article/CTX202687

Citrix Display modes: How to configure, what to configure, when to configure: https://bramwolfs.com/2016/02/24/citrix-display-modes-how-to-configure-what-to-configure-when-to-configure

H.264 compression JUL 19 2013 A graphical deep dive into XenDesktop 7 https://bramwolfs.com/tag/h-264-compression

Update 23.9.2016:

An excelent blog post here: Citrix HDX Just Got Smarter…Again https://www.mycugc.org/blog/citrix-hdx-just-got-smarter…again?source=6 a post about selective H264 with XenApp / XenDesktop 7.11

Use Octoblu with Amazon Echo as trigger to start A/C on Tesla Model S

It need’s a bit courage as a non native english speaker and with my hard swiss accent it’s maybe awkward … but I’ve done it … my first webcast … you cannot win without a risk 🙂

Goal: Use Amazon echo to start the Air Condition of the Tesla Model S.

21.6.2016, Update to this post:

It’s not so difficult to use Alexa without IFTTT in Octoblu, I just created a flow to ask Alexa what’s the battery level and she tell me the remaining battery in percent:

Details about how to integrate Alexa in octoblu look at this:  Use Alexa to kick off automations with Octoblu

By the way: If you don’t have a Tesla but you like to buy one,use my referral Link http://ts.la/sacha3162 and safe 1000.- !

Another LaMetric IoT script – power control

Because I have currently holiday here is another post which is not related to virtualization …

I combined my new “gadgets” the LaMetric time and my new wifi Smart-Plug from MyStrom. The goal was to report the current power consumption of power plug and the possibility to control the plug with the smart ticker.

MyStrom has a very straight forward API (https://mystrom.ch/en/mystrom-api), and the possibility to create apps for LaMetric is pretty easy what I’ve already mentioned in an past blog post.

All what is needed to implement this solution is:

  • a web server which can parse PHP
  • two small scripts
  • and a private app for LaMetric

This is the script to see the current power consumption:

{
    "frames": [
        {
            "index": 0,
            "text": " <!--?php //$host = "http://192.168.1.59/report"; //Call with parameter, e.g.: http://192.168.1.20/LaMetric/myStrom.php?host=192.168.1.59 $host = "http://" . $_GET&#91;"host"&#93; . "/report"; $filestring = file_get_contents($host); $startpos = 0; while($pos = strpos($filestring, "\"power\"", $startpos)) { $string = substr($filestring, $pos, strpos($filestring, ",", $pos + 1) - $pos); //echo $string. " "; $newstring = str_replace("\"power\": ","","$string"); echo round($newstring, 2); $startpos = $pos + 1; } ?--> Watt",
            "icon": "i1692"
        }
    ]
}

I just read the content from the API, which is already in JSON format, but I reformat it that it is in that way which I need to bring it to the LaMetric.
This is the script to control the power outlet:

<!--?php $host = "http://" . $_GET&#91;"host"&#93; . "/report"; $filestring = file_get_contents($host); $startpos = 0; while($pos = strpos($filestring, "relay", $startpos)) { $string = substr($filestring, $pos, strpos($filestring, "}", $pos + 1) - $pos); $newstring = str_replace("relay\": ","","$string"); //echo $newstring; $startpos = $pos + 1; } $newstring = str_replace(chr(13), "", $newstring); if ($newstring == "false ") { echo "Ist ausgeschaltet, wird nun eingeschaltet"; $URL = "http://" . $_GET&#91;"host"&#93; . "/relay?state=1"; $data = file_get_contents($URL); } else { echo "Ist eingeschaltet, wird nun ausgeschaltet"; $URL = "http://" . $_GET&#91;"host"&#93; . "/relay?state=0"; $data = file_get_contents($URL); } ?-->

And the LaMetric private app:

This simple poll app call the script on the webserver (192.168.1.20) with the parameter of the MyStrom plug (192.168.1.59).

On button action the controller script is launched with change the status (off to on or visa verse)

myStromApp-mini

(192.168.1.59 is the ip of my Power outlet. 192.168.1.20 is the address of my web server, this can be a raspberry pi or a Synology.)

Follow me on Twitter