Community

Citrix Workspace app deployed with Microsoft Intune

Aaron Parker's stealthpuppy - Mon, 08/13/2018 - 04:57

Citrix Workspace app is here to replace Citrix Receiver with a new UI and capabilities (primarily for Citrix Cloud customers). Here’s how to deploy it across various supported platforms in a modern management capacity with Microsoft Intune.

Windows 10

There are multiple deployment options for Workspace app on Windows via Microsoft Intune:

  • Workspace app from the Microsoft Store. This version has some feature limitations but requires the least amount of effort to deploy
  • The full Workspace app that provides the best compatibility, but doesn’t ship as a Windows Installer file and therefore requires custom solutions to deploy
Microsoft Store

Adding the Workspace app from the Microsoft Store is well documented and should take only 5 minutes to get the app from the Store, synchronise to Intune and assign the app to your users. How’s that for done and dusted? – I’m sure you’ve got better things to do than package and maintain applications.

Citrix Workspace in the Microsoft Store

The Workspace app can be assigned as available for end-users to install via the Intune Company Portal or required for automatic deployment. Once deployed, the Store will take care of updates, thus there is no further action required by the administrator.

Citrix Workspace app in the Microsoft Intune Company Portal

If you have already deployed Citrix Receiver from the Microsoft Store via Intune, it should be automatically updated to Citrix Workspace. One they key feature limitations of the Microsoft Store version is pass-through authentication, so you might need to consider alternative deployment options

PowerShell

The Workspace app installer is a single executable just it has been with Citrix Receiver. This presents a challenge to deploy Workspace app as a line-of-business application with Intune which requires Win32 applications to be packaged as a single Windows Installer file. PowerShell scripts are a simple alternative, but deploying applications via PowerShell has two key considerations:

  • PowerShell scripts can’t be applied to computer groups
  • PowerShell scripts are executed on devices only when an Azure Active Directory user is signed in to the device

Deploying this way also means that the Workspace app will be deployed regardless of user choice and of course does not support deployment via the Intune Company Portal.

Like we’ve done previously with Citrix Receiver, the Workspace app can be deployed to Windows 10 machines via Intune with PowerShell without requiring custom packaging. We need a consistent URL that will always download the latest version of Workspace app and a command line to perform a silent installation. Your command line options might differ depending on your target environment, but the example script below will download and install the Workspace app.  

$Url = "https://downloadplugins.citrix.com/Windows/CitrixWorkspaceApp.exe" $Target = "$env:SystemRoot\Temp\CitrixWorkspaceApp.exe" $Arguments = '/AutoUpdateCheck=Auto /AutoUpdateStream=Current /DeferUpdateCount=3 /AURolloutPriority=Slow /NoReboot /Silent EnableCEIP=False' Start-BitsTransfer -Source $Url -Destination $Target -Priority High -TransferPolicy Always -ErrorAction Continue Start-Process -FilePath $Target -ArgumentList $Arguments -Wait

Once deployed, devices must then rely on auto-updates to ensure that Workspace app is kept up-to-date. 

Re-package Citrix Workspace app for Windows Installer

With the right tools and a bit of effort, Citrix Workspace app can be re-packaged into a single Windows Installer file. Once you’ve packaged the app with this method you’ll need to maintain the package and update it regularly. As with the PowerShell method though, auto-updates will keep Workspace app up-to-date once deployed.

Is this approach right for you? This requires maintaining and deploying a custom package and is dependent on how the environment is managed and available skillsets. Only you can answer that for your projects or environments. A custom package isn’t ideal and I recommend using the Microsoft Store version as the default approach instead.

Citrix Workspace app extracted Windows Installer files

HDX RealTime Media Engine

The Citrix HDX RealTime Media Engine – required for optimising Skype for Business under XenApp and XenDesktop, does come as a single Windows Installer file. This makes it easy then to deploy the engine to Windows PCs as a Required line-of-business application without modification or custom packaging. This will ensure that no user interaction is required to install the engine since most users are unlikely to know what it does anyway.

Bonus: Citrix Workspace app for Chrome

If you have Google Chrome deployed in your environment and you’d like to deploy the Citrix Workspace app for Chrome, this can be achieved with a PowerShell script that will either deploy it as a preference that users must approve or as a policy that will be automatically pushed out and users will be unable to remove from Chrome.

Google provides detailed documentation on deploying Chrome extensions on Windows.

Here’s a basic script to deploy Workspace app for Chrome via PowerShell that uses the app’s Chrome Web Store identifier (haiffjcadagjlijoggckpgfnoeiflnem) to tell Chrome to install the app on next launch. This shows both approaches – deploy as a preference or enforced.

# Citrix Receiver / Workspace app as a preference $Path = "Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions" $Value = "update_url" $Data = "https://clients2.google.com/service/update2/crx" $Key = "$Path\haiffjcadagjlijoggckpgfnoeiflnem" New-Item -Path $Key -ErrorAction SilentlyContinue New-ItemProperty -Path $Key -Name $Value -Value $Data -Force -ErrorAction SilentlyContinue # Citrix Receiver / Workspace app as a policy $Key = "Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" $ExistingValues = (Get-Item -Path $Key).Property $Value = [int]$ExistingValues[$ExistingValues.Count-1] + 1 $Data = "haiffjcadagjlijoggckpgfnoeiflnem;https://clients2.google.com/service/update2/crx" New-Item -Path $Key -ErrorAction SilentlyContinue New-ItemProperty -Path $Key -Name $Value -Value $Data -Force -ErrorAction SilentlyContinue

Add the script to the Intune portal and assign to a user group to deploy. Ensure the script runs in the system context because it needs to write to HKLM.

macOS

The Citrix Workspace app can be deployed as a line-of-business application with Microsoft Intune. The Workspace app download comes as an Installer package (inside an Apple Disk Image) that can be converted into suitable file format with the Microsoft Intune App Wrapping Tool, ready to deploy with Intune.

The Citrix Workspace app disk image

Convert the Installer

Instructions for converting a .pkg file to a .intunemac file are outlined in the documentation, and the basic process I have followed to convert the Citrix Workspace app installer file is:

  1. Download the Intune App Wrapping Tool for Mac executable – IntuneAppUtil  – to a local folder. I’ve downloaded it to ~/bin.
  2. Mark the file as executable. In my example, I’ve done this with:
chmod +x ~/bin/IntuneAppUtil
  1. Optionally copy the Install Citrix Workspace.pkg file to a local folder. You should also be able to run the converter against the copy stored in the disk image. In my example, I’ve copied the installer to ~/Projects/Intune-Apps.
  2. Convert the .pkg file into the required .intunemac format with a command similar to the following example – note that the -o switch should include a directory path only.
~/bin/IntuneAppUtil -c ~/Projects/Intune-Apps/Install\ Citrix\ Workspace.pkg -o ~/Projects/Intune-Apps -v

If successful the command line will look similar to the following screenshot:

Converting the Citrix Workspace app with IntuneAppUtil

The Workspace app installer will have been converted into a .intunemac format ready to import into the Intune portal for distributing to users.

The converted Citrix Workspace app

Distribute with Intune

With the prepared package, create a new line-of-business app in the Intune portal, select the .intunemac file and enter application information as follows:

  • Name – Citrix Workspace
  • Description – copy and paste the description from Workspace app on the Microsoft Store
  • Publisher – Citrix
  • Ignore app version – Yes
  • Category – Business or Productivity
  • Information URL – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac.html
  • Privacy URL – https://www.citrix.com.au/about/legal.html
  • Logo – download the Workspace app icon in PNG format here

Once the details have been added, click OK to create the application. I initially had issues with uploading the application on Chrome on macOS. I was successful on Internet Explorer.

Adding the Citrix Workspace app as a line-of-business app in Microsoft Intune

Once the application has been created and assigned to users, it will be available for install in the Intune Company Portal. The application can also be set to required for automatic deployment.

Citrix Workspace available in the Intune Company Portal on macOS

Just as on Windows, updates to the Citrix Workspace app can be managed with the inbuilt updater, post-deployment.

HDX RealTime Media Engine

The Citrix HDX RealTime Media Engine is also available as an installer package that can be converted and deployed the same way as Workspace itself. Citrix Workspace app is now a 64-bit macOS application and will, therefore, require a 64-bit version of the HDX RealTime Media Engine. Right now, a 64-bit HDX RealTime Media Engine is in tech preview that can be downloaded, packaged, uploaded as a line-of-business application and assigned.

iOS

As at the time of writing, Citrix Receiver is still available on the iOS App Store and we should see it updated to Citrix Workspace app soon. Adding an iOS application in Microsoft Intune is, fortunately, a simple process:

  1. Add an application and choose ‘Store app – iOS’, then search the app store
  2. Search for ‘Citrix’, ‘Citrix Receiver’ or ‘Citrix Workspace’
  3. Choose ‘Citrix Receiver’ or ‘Citrix Workspace’ depending on what is returned
  4. Save the change and Add the application
  5. Assign the application as required 

The application will be available in the Intune Company Portal:

Citrix Workspace for iOS available in the Intune Company Portal

For existing deployments of Citrix Receiver, they should be updated to Citrix Workspace app automatically.

Android Android Store app

At the time of writing, the Workspace app for Android is not available in the Google Play Store, but a tech preview is available for download as an APK. I would recommend deploying Citrix Receiver via the Google Play Store, but with access to an APK file, you can deploy Android applications directly to enrolled devices as a line-of-business application with Intune.

The process for deploying Citrix Workspace app or Citrix Receiver on Android follows the standard Android store app deployment steps:

  1. Add an application and choose ‘Store app – Android’, then search the app store
  2. Name – ‘Citrix Workspace’ or ‘Citrix Receiver’
  3. Description – copy and paste the description from Workspace app on the Microsoft Store
  4. Publisher – Citrix
  5. Appstore URL – https://play.google.com/store/apps/details?id=com.citrix.Receiver
  6. Minimum operating system – Android 4.4 (Kitkat)
  7. Category – Business or Productivity
  8. Privacy URL – https://www.citrix.com.au/about/legal.html
  9. Logo – download the Workspace app icon in PNG format here

Assign the application and it will be available to users in the Intune Company Portal.

Android Work Profile app

In the future, it’s more likely that organisations will leverage the Android enterprise capabilities, previously known as Android for Work. This also simplifies Android app deployment with a connection between Microsoft Intune and the Google Play store. Once configured, browse the Google Play store, approve a list of desired apps and these will then appear for assignment in the Mobile Apps node in Intune.

Here’s Citrix Receiver in the Google Play store.

Approving Citrix Receiver in the Google Play store

Once approved, you must choose how new permissions will be approved:

  • Keep approved when app requests new permissions – Users will be able to install the updated app. (Default)
  • Revoke app approval when this app requests new permissions – App will be removed from the store until it is reapproved.

You can approve and deploy Citrix Receiver today, which should be automatically updated to Citrix Workspace app once it is released.

Wrap-up

In this article, I’ve covered the high-level steps required for deployment of the Citrix Workspace app across the various major platforms supported by Microsoft Intune. Mobile platforms, including the Microsoft Store on Windows 10, will require the least amount of administrative effort to configure, deploy and update. For most organisations supporting Windows as their primary platform, even with Microsoft Intune, the choice of deployment solution will depend on Workpace app feature requirements.

This article by Aaron Parker, Citrix Workspace app deployed with Microsoft Intune appeared first on Aaron Parker.

Categories: Community, Virtualisation

DEFCON: key reasons for IT ops people to attend

Theresa Miller - Wed, 08/08/2018 - 11:00

It’s August, I’m in Vegas, and I’m bringing you an ITOPS view of DEFCON 24. Every year I get back to my sysadmin roots and attend DEFCON. No, I’m not a hacker, but these are some IT ops people should get exited about DEFCON. You are forced to go off the grid. I’m not a […]

The post DEFCON: key reasons for IT ops people to attend appeared first on 24x7ITConnection.

Thunderbolt end-user experience macOS vs. Windows

Aaron Parker's stealthpuppy - Tue, 08/07/2018 - 04:01

Thunderbolt 3 (and USB-C) are here to provide a single cable for everything, although your experience with this technology will differ depending on your choice of operating system. Here’s a quick look at the end-user experience of TB on macOS and Windows.

Thunderbolt 3 on macOS

Thunderbolt on macOS just works – plug-in a TB device and off you go. This makes sense given that the standard was designed by Intel and Apple. Unpacking and plugging in a Thunderbolt dock with external displays, ethernet, audio etc., on macOS in just about every case will work without installing drivers.

Thunderbolt ports on the MacBook Pro

Here’s Apple’s dirty (not so) secret though – excluding the MacBook Air (and the Mini that comes with TB2), all current Macs have TB3 ports, except for the MacBook. It has a single USB-C port only. Maybe that’s OK – the TB target market is likely to be purchasing the Pro line anyway, but Apple isn’t a fan of labelling their ports, so caveat emptor.

macOS provides a good look at the devices plugged into your TB ports:

macOS System Report showing Thunderbolt devices

Note that while the MacBook Pro with Touch Bar has 4 Thunderbolt 3 ports, these are divided across 2 busses. If you have more than one device plugged in, ensure they’re plugged into either side of the laptop for best performance.

Thunderbolt 3 on Windows

Thunderbolt 3 on Windows 10? That is unfortunately not so straight-forward. 

I’ve been testing connection to my dock on an HP Elitebook x360 G2 that comes equipped with 2 x TB3 ports. The default Windows 10 image for this machine is an absolute mess that has a whole lot of software that isn’t required. Resetting the machine back to defaults strips it right back to the bare essentials, excluding the Thunderbolt driver and software. After plugging in a TB device, it isn’t recognised and no driver or software is downloaded from Windows Update. Interestingly, no driver or software was offered by the HP Support Assistant app designed to help end-users keep their HP PCs up to date.

Windows PCs equipped with Thunderbolt ports will have the driver and software installed by default, so typically this won’t be an issue; however, if you’re resetting the PC or creating a corporate image, you’ll need to install that software. Every OEM should supply Thunderbolt software for download, which for HP PCs is listed as Intel Thunderbolt 3 Secure Connect. The software is actually provided by Intel and available in various downloads on their site.

With the software installed and a device plugged in, the user sees a message box asking to approve the connection to a Thunderbolt device. Management actions such as approving or removing a device requires administrator rights on the PC. Pluggable has a good article on the entire user experience and troubleshooting.

Approving connection to TB devices on Windows 10

Once approved, the device can then be viewed and managed. 

Viewing attached TB devices on Windows 10

Of course, once plugged in, Windows sees the peripherals and connects to them as usual.

Peripherals plugged into a TB dock on Windows 10

Thunderbolt on Windows isn’t as simple as it could be. It would be great to see drivers installed directly from Windows Update instead of being available separately, but once installed everything works as you would expect.

Wrap-up

Thunderbolt will see as wide spread adoption as USB 3.1, but users with specialised requirements such as video editors, CAD, etc., will benefit from the available bandwidth, which today is 40 Gbit/s vs. 10 Gbit/s. Early USB 3.2 hardware with 20 Gbit/s speeds has been demonstrated recently and this may further reduce the need for some users to go to devices providing the higher bandwidth.

The end-user experience of TB on macOS vs. Windows 10 is kind of disappointing – Windows requires that you install drivers and the software requires administrative rights. Not an ideal experience for home or SMB users and these requirements might preclude the usage of Thunderbolt in enterprise environments. However my own personal experience on a MacBook is pretty awesome – just plug in and go. Looks like I’ll be on macOS for the foreseeable future.

Linda Xu

This article by Aaron Parker, Thunderbolt end-user experience macOS vs. Windows appeared first on Aaron Parker.

Categories: Community, Virtualisation

Thunderbolt 3 – One Cable to Rule Them All

Aaron Parker's stealthpuppy - Sat, 08/04/2018 - 13:51

Thunderbolt 3 and USB-C have arrived to make our life easier and more confusing all at the same time. The promise of a single cable that does everything is appealing but for the average consumer, knowing what to purchase is challenging. This article is a view into my research into Thunderbolt, USB-C and 4K monitors and what I’ve ultimately purchased.

In an effort to reduce the clutter on my desk and improve my viewing experience for work, I’ve invested in a Thunderbolt 3 dock and a 4K monitor. This article isn’t necessarily a review of this hardware – instead consider this a walkthrough of how I made these specific choices and my experiences with a Thunderbolt 3 dock. In a follow up article, I’ll discuss Thunderbolt and high HPI experiences on macOS and Windows.

The Quest for Less Clutter

I work primarily from home and given my job, I’m in front of a computer for extended periods; thus, I need a clean and neat workspace to be able to focus. I’m not great at keeping my workspace tidy as I should be, so anything I can do to reduce clutter on my desk has got to assist. This is where the right choice in hardware comes in – I run a 13″ MacBook Pro that comes with four Thunderbolt ports, as my primary driver, so I have the opportunity to do everything through a single cable.

With the right solution, I should be able to run power to the laptop plus all other inputs and outputs from a Thunderbolt dock, providing me the ability to cleanly route cables (as much as I can). This also means that I can arrive at my desk or leave by pulling out or plugging in a single cable. Everything else I then need for travel remains in my backpack, requiring me to only transfer my laptop.

The Hunt for More Pixels

After upgrading to the MacBook Pro last year (from the MacBook Air), the biggest impact to my daily experience has been the quality of the display. Crisp text, icons and high quality OS and application artefacts in both macOS and Windows 10 is a joy to use. 

Did I mention this screen is amazing? I never want to see a pixel again #macbook #apple

— Aaron Parker (@stealthpuppy) August 2, 2017

I’m of course spoilt by having access to a MacBook display, but it’s driven me to want a similar experience from my external monitor. To that end, I’ve looked at adding a 4K display to my layout. I have been plugging into an external 1080p monitor for dual screen work and the difference in quality to a 4K display is noticeable. 

Playing Hardware Roulette

When I first started looking at simplifying my setup, I started with the monitor – originally I was looking at a USB-C or Thunderbolt monitor that could drive everything rather than the seperate dock and monitor that I’ve ended up with. The choices for USB-C monitors are still limited in 2018 and Thunderbolt even more so; however, it seems we’re at an inflection point with USB-C and I suspect that within 12-months, USB-C will be everywhere. Thunderbolt 3 is even appearing in a good number of PCs.

To make a choice for what works for you, I would recommend starting with a display with a resolution and size that suits your needs, then consider ports and how you’ll connect it to your MacBook or PC. However, unless you can test your hardware choices you’re often playing roulette when purchasing tech devices, so relying on reviews and crossing my fingers is what I’ve done with this purchase.

Pixels Be Gone!

High resolution displays are moving beyond 1080p with 4K monitors being a common option for both PC displays and TVs. With a pixel density matched to the right physical size of the display you can have resolutions where it’s impossible to see individual pixels providing an outstanding visual feast.

Here’s two articles I recommend reading on the topic of displays and pixel density – while written primarily for a Mac audience, they’re still applicable to Windows PCs:

The short version is this – the aim of a ‘Retina’ display is that you don’t see individual pixels, so as the screen size increases, you need to increase resolution.  Sounds simple enough, but I think it’s easy to believe that a 4K 27″ display will give you retina quality, which is just not the case.

So with the desire to improve my external display options, I needed to find the right monitor and look at how to connect to it.

Choosing a 4K Display

LG provides two purpose built monitors for the Mac both of which come with trade offs and caveats if you want to support cross platform:

  • The LG Ultrafine 4K monitor. This 21.5″ monitor has an amazing display with full macOS support (given that it was built for the Mac), but the additional 3 USB-C ports are USB 2 speeds only. With the peripherals I need to drive as well, this would just require too many additional dongles. On top of the $1010 AUD, I’d need to account for the price of additional dongles
  • The LG Ultrafine 5K monitor, this model does come with USB-C 3.1 ports, but to drive this display, you’ll need the 15″ MacBook Pro. It has the same number of USB-C outputs and the same issue with dongles if you have more than 3 peripherals to plug into it. This is the model I’ve seen in person and the display is outstanding

Both of these monitors should in theory work with Windows devices, but given that all control is provided in software (built into macOS), they aren’t really going to be a monitor to consider if you’re on PC. There’s plenty of reviews on these monitors if you’re interested.

There is a range of USB-C monitors available in 2018 which typically start at 27″ and for anything reasonable, you’ll be paying $500 USD and up, but I had three drivers for a choice in monitor:

  1. A 4K resolution to get to a Retina display as close as possible
  2. Keep the size 24″ to match my existing 1080p monitor and not go above a physical size that would show individual pixels
  3. Desk space – dual 24″ monitors takes up almost my entire desk, so anything larger would force me back to a single monitor setup

The choices of 24″ 4K monitors is even more limited and considering that I need to connect to it, I need to factor in the cost of a dock. Sticking with a 4K 24″ monitor should match the scaling of my existing monitor at 200%, so items should appear at exactly the same size, but four times the fidelity. However, I had no way of determining exactly how it would look before purchasing.

Picking the Right Cable

To drive a 4K monitor, you have a choice of DisplayPort or HDMI, but today, DisplayPort is your best choice – this might change soon though as HDMI 2.1 devices arrive. DisplayPort and HDMI are a bit of a mess right now with multiple versions that support different resolutions and frame rates. HDMI 2.0 is needed at a minimum, but DisplayPort 1.4 is pretty common.

With DisplayPort though, keep in mind you’re likely to require an Active DisplayPort cable when connecting over DP from a dock. This might be monitor and dock dependant and there’s no guarantee that the DP cable that comes with your monitor is an Active cable.

Thunderbolt 3 Docks

At this point, I should probably explain my choice of Thunderbolt over USB-C – it comes down to bandwidth. Thunderbolt is capable of 40 Gbps, while USB 3.1 over USB-C has a 10 Gbps maximum throughput. To drive 4K and 1080p monitors, 1Gbps ethernet, a USB microphone, scanner, audio and an external HDD, I need no bottlenecks over a single cable. I could possibly replace the 1080p monitor with another 4K, but I may be pushed the Intel GPU a bit far at that point. So Thunderbolt ensures that I have no issue with bandwidth for the foreseeable future.

Here’s a couple of great articles that test and compare various docks and I used these to inform my choice of dock.

  • Guidemaster: Picking the right Thunderbolt 3 or USB-C dock for your desk at ArsTechnica
  • The Best Thunderbolt 3 Docks at WireCutter
Thunderbolt Cable Considerations

If you do go down the Thunderbolt route, be aware that it too has requirements on cables – if you go beyond a 50cm cable, the bandwidth will half and you need to source an Active Thunderbolt cable to keep the 40Gbps bandwidth. My recommendation is to stick with a 50cm cable if you can.

Hardware Experiences

So what is the experience or usability like? Here’s a quick overview of my chosen hardware.

Caldigit TS3 Plus

Picking a Thunderbolt 3 docks was fairly simple – ensure I have enough ports, including DisplayPort, and see what the reviews recommend. With that info in hand, I settled on the Caldigit TS3 Plus. This dock has plenty of ports for all of the peripherals I need to plug into it, including DisplayPort and Ethernet.

Ports on the Caldigit TS3Pro Thunderbolt 3 dock

I have added a USB-C to HDMI adapter to connect my existing 1080p monitor. I’ve found StarTech adapters and cables to be good quality at reasonable prices. Interestingly, I’ve had to plug this into the second Thunderbolt port on the dock to get video out, so even though the dock as 2 USB 3.1 Type-C ports, only the second Thunderbolt port must support DP Alt Mode.

The dock came with a 50cm Thunderbolt 3 port and 85W output, thus the single cable powers my laptop and connects to all external peripherals. It’s a solid unit in brushed aluminium with a power supply larger than the device itself, which should hopefully assist with heat dissipation. 

The Caldigit TS3 Plus next to a 60W Apple power supply and its own external power supply

Thunderbolt on macOS is plug-and-play and  I was able to unbox the dock and plug-in within a few minutes. I have the dock on top of my desk rather than mounting underneath for access to the SD card slot and front facing USB slot. The only change I would have liked to see would be to have the audio ports on the back of the unit to make routing cables easier.

Purchase? Yes, absolutely.

Dell P2415Q

In 24″ 4K monitors I had basically two choices:

Based on reviews, an in-built USB hub and an optional speaker that attaches to the bottom of the monitor, I went with the Dell. It has bezels that are thicker than I’d like, but overall it provides a pretty good display. It’s not near the LG Ultrafine in quality, but it’s reasonable for the price. The difference in display quality due to the sheer number of pixels between this screen and the 1080p next to it, is huge.

The monitor comes with a cable with DisplayPort to Mini DisplayPort connectors, which I assume is to either reduce cost, or enable input from Dell PCs with Mini DisplayPort. Thankfully it has work OK, going from full size DisplayPort into the dock and Mini DisplayPort into the monitor. Presumably then, the cable is an Active cable. There are two more full size DisplayPort ports available, so I should be able to plug in my desktop PC in the future.

Scaling in macOS and Windows 10 works a treat and I’ll discuss that in more detail in another article; however, what concerned me before the purchase is exactly how macOS would scale on screen windows. Fortunately, the default scaling is spot on.

Dell P2415Q scaling options on macOS

My audio inputs and outputs are now a little over the top:

macOS audio outputs / inputs with Thunderbolt 3 and DisplayPort

Purchase? Maybe – this depends on your space requirements and budget. Whatever you purchase, keep in mind the capabilities of your GPU and how sharp you want windows and text to appear on screen. The larger the screen the more chance you’ll see pixels.

Wrap-Up

Overall, I’m very happy with this setup. I’ve had a chance to tidy my workspace by connecting to a single cable that does it all. While I’ve chosen Thunderbolt, USB-C might work for you and the options for doing so are increasing. 

Fortunately, this particular setup has worked well and does support both Mac and PC. I started with the intention to discuss the software side as well and compare the experience of macOS and Windows 10 for Thunderbolt and high DPI screens,  but that will now have to wait for a follow up. 

Angela Compagnone

This article by Aaron Parker, Thunderbolt 3 – One Cable to Rule Them All appeared first on Aaron Parker.

Categories: Community, Virtualisation

New VMware Fling – Horizon HelpDesk Agent

Andrew Morgan - from the trenches - Thu, 08/02/2018 - 13:09

Just a quick note on the blog that I’ve put together a new VMware fling, the first of many (hopefully!).

The VMware Horizon HelpDesk Agent is built on the Horizon HelpDesk API to be a more natural and fluid experience for windows administrators of Horizon. I’ve ensured that this application is as responsive and intuitive as possible by leveraging asynchronous calls where possible to ensure the user is rarely left waiting for responses.

With the HelpDesk Agent, you connect once and maintain your session throughout the day to the subscribed service, once you need it, you simply pull it up via keystroke and begin to search for the user you wish to assist or observe. I’ve optimised the search experience to remove some unnecessary steps and allowed quick access to the users data. You can maintain multiple open windows, access everything with simple key strokes, etc.

In addition to everything HelpDesk can do today, I’ve also added intelligence to measure the key performance metrics in the users session and provide a “Session Experience” metric to allow administrators to have an “at a glance” view of how the user is experiencing their session.

For a quick overview of the product here’s a quick video:

Wouter Kursten also wrote up a good overview here: https://www.retouw.nl/vexpert/new-euc-fling-released-horizon-helpdesk-utility/

To get access to the utility or learn more, head over to the VMware labs site: https://labs.vmware.com/flings/horizon-helpdesk-utility#summary

 

Categories: Community, Virtualisation

What FSLogix Cloud Cache can do for your Office 365 Deployment

Theresa Miller - Wed, 08/01/2018 - 05:30

It’s no secret that organizations that have a native Microsoft Office 365 deployment and non-persistent VDI will experience latencies when using Outlook. This will happen with the full Outlook client, because Outlook uses a cache file for email called an .ost file. The size of the .ost file is often quite large, is always changing, […]

The post What FSLogix Cloud Cache can do for your Office 365 Deployment appeared first on 24x7ITConnection.

IT Checklist: what are your must-haves?

Theresa Miller - Thu, 07/26/2018 - 05:30

If you’ve been in IT for a while, you probably have an IT checklist of some sort. Even if you’re not working in a full-on ITIL or Six Sigma shop, there is a basic list of items that you consider and plan out for each of the applications in your environment. A Basic IT Checklist […]

The post IT Checklist: what are your must-haves? appeared first on 24x7ITConnection.

Adobe Reader DC deployment with Microsoft Intune Part 2

Aaron Parker's stealthpuppy - Sun, 07/22/2018 - 11:44

In the previous article we saw how to customise the Adobe Reader DC installation and deploy it via Microsoft Intune. Now that it’s installed on Windows 10 end-points let’s look at how updates work.

First though, it’s important to point out that the version of Adobe Reader DC deployed from the single file Windows Installer is 2015.07.20033, while the version that is current as of July 2018 is 2018.011.20055. The deployed version then is extremely out of date, and given that Intune cannot deploy Windows Installer Patch (MSP) files directly, the end-point needs to rely on the Adobe Acrobat update service to download and install updates.

Updating Adobe Reader DC

Adobe Reader (and Acrobat) installs the Adobe Acrobat Update Service. On typical enterprise PCs or virtual desktop environments this service may not be desirable, because updates are managed by Configuration Manager or monthly image updates. On a Windows 10 desktop deployed modern management style, it can be up to the device to ensure the OS and applications are kept up to date; thus, this service should remain enabled on those end-points.

The updater is actually two components – the Update service and a scheduled task that runs ‘C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe’ to check for, download and install updates.

The task has two triggers – one after user logon, but with a delay of 12 minutes, and the other at a scheduled time that is possibly different per device. Here’s the scheduled task:

Adobe Acrobat Update Task

In theory, the service should download and apply an Adobe Reader update within 24-hours after installation. In practice, your mileage will most certainly vary. In my testing (which wasn’t exhaustive), it would take more than that to download an update and I resorted to using the ‘Check for Updates’ option from within Adobe Reader manually. 

Update Process

Downloading and installing updates does not unfortunately go straight to the latest version. In my testing, my target PCs downloaded an intermediate update to 2015.023.20070 before the second update to 2018.011.20055. This means that in the real world, it could be several days before a PC has the most recent version installed.

Adobe Reader DC – An update is available

Fortunately, the updates are downloaded and installed without user intervention, meaning that the update process works for users without administrative rights to their PC.

To Deploy or Not Deploy

So understanding that to deploy Adobe Reader DC via Microsoft Intune requires deploying a version that is more than 3 years old and relying on the end-point to download and install updates, the question that should be asked – should you deploy Adobe Reader to Windows 10 machines via Microsoft Intune?

Here’s what you should consider:

  • Many organisations prefer Adobe Reader over 3rd party PDF readers for first party features and support.
  • Of the top 50 Windows desktop applications in 2018, Adobe Reader had the most vulnerabilities (source: Flexera), beaten only by Windows itself. If the option is to install an old version of Adobe Reader and rely on the automatic updater on the end-point to install the latest version, the time to update may be unacceptable for some organisations
  • PowerShell can be used to deploy Adobe Reader to Windows 10 PCs via Intune; however, this does not allow for user self-service installs and will require building in logic to account for failures in network connectivity during the download or retrying the installation if it were to fail
  • Windows 10 includes a capable PDF Reader in Microsoft Edge and other browsers also implement native PDF viewing features
  • Other PDF readers are available from the Microsoft Store, so it is possible to deploy and keep a PDF reader up to date simpler than the process I’ve outlined in these articles; however, many of these are less than ideal – the UI is often not great and many have up sell features built into them
Summary

In these articles, I’ve demonstrated how to package and deploy Adobe Reader DC as a native application via Microsoft Intune, while relying on the automatic updater installed by the application for an end-point to keep Reader up to date. This approach allows you to deploy Adobe Reader in the same way as other line-of-business applications for required or optional user-driven installs and then reporting in the Intune console.

Because Adobe haven’t released a newer version of the single file Windows Installer for Adobe Reader, you should consider carefully whether this approach is right for your organisation. Deployment of an old version of a high-target, popular application on Windows with the highest number of patched vulnerabilities is probably not a great idea. You might though have good reason to deploy it for features that your users require.

So what can you do if you need to deploy it?

  1. Make it an optional user-driven install and make most users rely on the PDF viewer built into their browser
  2. Deploy via PowerShell if you want to enforce the install on end-points (this could be targeted by Azure AD groups)
  3. Look at alternatives readers from the Store
  4. Request Adobe update their installer or make Adobe Reader available from the Microsoft Store

I would prefer install from the Store but that will require enough organisations asking for this feature. Adobe has a Feature Request form and I would encourage you to use it.

unsplash-logoRuss McCabe

This article by Aaron Parker, Adobe Reader DC deployment with Microsoft Intune Part 2 appeared first on Aaron Parker.

Categories: Community, Virtualisation

Adobe Reader DC deployment with Microsoft Intune Part 1

Aaron Parker's stealthpuppy - Fri, 07/20/2018 - 12:46

Adobe Reader is of course one of the most common applications on Windows desktops and if you’re moving to a Modern Management approach you’re likely looking at how to deploy Adobe Reader DC to Windows 10 via Microsoft Intune. 

This is a challenge today because Adobe Reader DC comes as an executable, that while it can be extracted for the MSI, it includes support files that cannot be deployed via Intune. Microsoft only enables Windows desktop applications to be deployed from Intune where the installer is contained in a single file Windows Installer.

Adobe Reader DC Executable Installer

The Adobe Reader installer hasn’t changed much since as long as I’ve been writing about it (which has been way too long). What is different with Adobe Reader DC is that Adobe has moved to an evergreen model whereby they’re largely moved away from major releases and instead now deliver a continuous release cycle.

The current installer for Adobe Reader DC is a single executable that can run as is, or can be extracted for customisation typical of enterprise environments. When extracted it looks like this:

Adobe Reader DC extracted files

This just won’t work for deployment via Intune or the Windows 10 MDM channel. We need that single Windows Installer file. Better yet, we need Adobe to make Reader DC available via the Windows Store, but that’s a topic for another article.

Adobe Reader Windows Installer

Adobe does make a single file Windows Installer available for Adobe Reader DC, in various languages; however, the file was released in 2015 and unfortunately they’ve not updated it since. There has been several major releases and updates since March 2005.

Adobe Reader DC single file Windows Installer on the public FTP site

So, now we have a way to deploy the file, let’s see how to customise it and deploy via Intune.

Customising the Installer

Customisation of the Adobe Reader installer for enterprise deployment is well documented and I’ve written about previous versions several times. The same process applies but pay attention to any version specific settings.

Just like previous versions, you use the Adobe Customization Wizard to customise the installer for your needs and deploy a custom package.

Adobe Customization Wizard DC

However, we can’t customise the single file Windows Installer directly because when saving the customisations, we get this:

Adobe Customization Wizard DC – setup.ini was not found

To customise the installer, we need to use a 3 step process:

  1. Download and extract Adobe Reader DC executable installer
  2. Create a custom transform for this installer
  3. Apply the transform to the single file Windows Installer, so that the customisations are embedded into the installer. InstEd It! is a great free MSI editor to do that

I won’t go into a detailed step-by-step on how to use the Adobe Customization Wizard here because the documentation is detailed enough, but I will include a list of options I recommend you embed into the installer. There are some additional defaults and you may have specific options applicable to your environment.

OptionValue Personalization Options / EULA OptionSuppress display of End User License Agreement (EULA) Installation Options / Run InstallationSilently Installation Options / If reboot required at the end of installationSuppress reboot Shortcuts / DesktopRemove the Adobe Reader DC shortcut (no one needs that one on the desktop...) Online Services and Features / Disable product updatesDisabled (i.e. not ticked) - ensure Adobe Reader can update post-deployment Online Services and Features / Disable UpsellEnabled

As I’ve listed in the table, it’s important to keep the Adobe Updater enabled, so that once Reader is deployed via Intune, end-points can manage updates themselves. I’ll cover more on updates in the next article.

Now that you have a customised single file Windows Installer for Adobe Reader DC, you can import that into Microsoft Intune, and make it available for deployment.

Adobe Reader DC installed via Intune

Summary

In this article, I’ve taken a look at how to deploy Adobe Reader DC as a mobile application for Windows 10 devices enrolled in Microsoft Intune via MDM by creating a customised package based on a single file Windows Installer.

In part 2, I’ll take a look at how Adobe Reader is updated post-deployment and discuss whether this type of deployment is the right approach. There are other options and ideally I’d like to see Adobe make Reader DC available via the Microsoft Store.

Larry Costales

This article by Aaron Parker, Adobe Reader DC deployment with Microsoft Intune Part 1 appeared first on Aaron Parker.

Categories: Community, Virtualisation

Is Speech Recognition or Dictation in Windows 10 Good Enough Yet?

Theresa Miller - Thu, 07/19/2018 - 05:30

Is Speech Recognition or Dictation in Windows 10 Good Enough Yet? In the Windows 10 Fall Creators Update (1803), a new voice recognition option turned up. There was still the older ‘Windows Speech Recognition’ which has been around for a while, but Dictation https://support.microsoft.com/en-au/help/4042244/windows-10-use-dictation seems to be a more modern implementation. I couldn’t find too […]

The post Is Speech Recognition or Dictation in Windows 10 Good Enough Yet? appeared first on 24x7ITConnection.

Simplify Troubleshooting your IT Healthcare Virtual Architecture with Goliath Technologies

Theresa Miller - Tue, 07/17/2018 - 05:30

Virtual architecture is complex to stand-up and deploy, and when it comes to the ability of your support team to fix an issue it needs to be done fast and when possible – proactively.  This is extremely important from the business user perspective in all organizations, but even more importantly in healthcare where there is […]

The post Simplify Troubleshooting your IT Healthcare Virtual Architecture with Goliath Technologies appeared first on 24x7ITConnection.

10ZiG: Citrix Ready, Synergy & H.265 (sponsored)

Citrix UK User Group - Thu, 07/12/2018 - 10:37

Citrix Ready, Synergy & H.265 10ZiG are annual exhibitors of Citrix Synergy and this year gave us the opportunity for our CTO to take some time with the Citrix Ready Team. Kevin Greenway is based here with us in the …

Read more »

The post 10ZiG: Citrix Ready, Synergy & H.265 (sponsored) appeared first on UK Citrix User Group.

Your Guide to Secure Web Browsing

Theresa Miller - Thu, 07/12/2018 - 05:30

For as long as many of us can remember we have been starting our World Wide Web journeys by typing http://. If you have not already noticed, many sites now require https:// to access them. As a refresher, recall that HTTP actually stands for hyper text transfer protocol, and when we add an S on […]

The post Your Guide to Secure Web Browsing appeared first on 24x7ITConnection.

Getting Started with VDI, here’s what you NEED to know

Theresa Miller - Tue, 07/03/2018 - 05:30

It can be confusing to consider the many options available for application and workstation virtualization especially when getting started with VDI.  VDI is yet another common virtualization technology option that would be important to take a close look at if your enterprise has any need for desktop virtualization.  If you were an early adopter of […]

The post Getting Started with VDI, here’s what you NEED to know appeared first on 24x7ITConnection.

Mental health in the IT industry

Theresa Miller - Tue, 06/19/2018 - 05:30

*** Warning: This post and the links in it contain content relating to mental health, depression and burnout. If you or someone you know needs help, contact the National Suicide Prevention Lifeline https://suicidepreventionlifeline.org/ on 1800 273 8255 ***   In the news recently, we’ve seen the high-profile deaths of some well-known names. With IT being […]

The post Mental health in the IT industry appeared first on 24x7ITConnection.

DiskLED is Now Open Source

Helge Klein - Sun, 06/17/2018 - 22:48

DiskLED is a tool I wrote a while ago that displays performance counter data using an animated system tray icon. It comes with a graphical configuration dialog that lets you choose from all performance counters available on the local system – you can monitor network throughput just as easily as hard disk activity or memory usage.

There still seems to be a decent userbase – after all, DiskLED works on Windows 10 just as well as it did on XP. I sometimes get requests for new features or modifications. Unfortunately, I do not have the time for that. But I am more than happy to comply with Brian H’s request to make DiskLED open source.

You can find DiskLED’s source code on GitHub. Have fun!

The post DiskLED is Now Open Source appeared first on Helge Klein.

Your Guide to Cisco Live 2018 in Orlando, Florida!

Theresa Miller - Tue, 06/12/2018 - 05:30

This week is the annual Cisco Live conference, where the attendees are spending the time with their favorite Disney and Universal characters in Orlando, Florida!  Beyond the superheroes and animated characters, let’s take a look at what this conference has for technical attendees, and what opportunities the conference provides. First of all, the conference is […]

The post Your Guide to Cisco Live 2018 in Orlando, Florida! appeared first on 24x7ITConnection.

A great 21st Citrix Synergy for Liquidware (sponsored)

Citrix UK User Group - Thu, 05/31/2018 - 21:20

Citrix Synergy 2018 took place in Anaheim, California May 8-10th. I was at the first Citrix “Thinergy” in 1998 at the Swan Hotel in Orlando. The conference remains one of the most Windows desktop focused conferences in the industry. The …

Read more »

The post A great 21st Citrix Synergy for Liquidware (sponsored) appeared first on UK Citrix User Group.

Everything to the Cloud! How Uila can help with your Pre-migration Assessment

Theresa Miller - Thu, 05/31/2018 - 05:30

Whether your organization will be moving everything to the cloud or not, most organizations are looking at what it means to migrate at least some of their applications or workloads.  Interdependencies may force organizations to run in a hybrid configuration where some infrastructure is on-premises, but a majority of the workload is now running in […]

The post Everything to the Cloud! How Uila can help with your Pre-migration Assessment appeared first on 24x7ITConnection.

Inexpensive GPU Virtualization Options for Testing

Helge Klein - Fri, 05/25/2018 - 00:01
Contents

For a new chapter in my ongoing series of talks and articles about browser performance I wanted to examine how key user experience metrics like page load time are dependent on available hardware resources. I prepared a VM and started my tests with a single CPU core and 2 GB of RAM, planning to gradually add more cores, more RAM and, eventually, a GPU. As it turned out, the latter is harder than anticipated.

Virtualizing a GPU – the Options

There seem to be many different ways to equip a VM with a GPU these days, but not all of them make sense for a test environment. Nvidia Grid, specifically, is pretty expensive, given that it requires specific professional GPUs and supported server hardware, unlocked by Grid software licenses.

Another variant that I did not find suitable: GPU-enabled VMs, e.g. from AWS or Azure. The reason being not even cost (I would only have used the VM for a dozen hours or so), but flexibility (I had to be able to change the VM’s hardware configuration).

With Nvidia Grid and a cloud VM out of the way, I was left with the following options. Please note that I was looking for a simple and inexpensive solution.

  1. Client Hyper-V with RemoteFX
  2. Client Hyper-V with direct device assignment (DDA)
  3. VMware Workstation

Let’s take a look at each of these in turn.

Client Hyper-V with RemoteFX Configuration

RemoteFX GPU virtualization has been available in Windows 10 Client Hyper-V since version 1511. Some docs state that the Enterprise SKU of Windows 10 is required in the guest, but I did not find that to be correct: Pro and Enterprise gave identical results.

To enable RemoteFX GPU virtualization:

  • Host: in Hyper-V settings, enable a physical GPU for use with RemoteFX
  • Guest: in the VM’s settings, add a RemoteFX 3D Video Adapter to the VM

No need to care about GPU drivers in the VM: they are part of Hyper-V Integration Services.

Operation

With the above steps completed, you will see a virtual GPU in the VM (Microsoft RemoteFX Graphics Device – WDDM):

DXDiag seems to be quite happy with it:

Chrome not so much:

Also, there is no GPU in Task Manager:

Verdict

RemoteFX does not map (part of) the physical GPU into the VM. Instead, it virtualizes certain DirectX APIs. That may be enough for some uses cases, but Chrome is looking for something different and consequently sticks to software rendering.

By the way, a good indicator that there is no “real” GPU available in the VM is that you do not need to install GPU vendor drivers.

Client Hyper-V with Direct Device Assignment (DDA) DDA Requirements

DDA maps a physical GPU into a VM. While it is documented only for Windows Server I thought it just might work with Windows 10, too.

With DDA, the VM “sees” a real GPU. Therefore vendor drivers need to be installed in the VM.

DDA only works if the host machine’s BIOS supports SR-IOV. In other words, the BIOS must support relinquishing control of the PCI Express bus to the OS. That, unfortunately, is a capability typically only found in server hardware. SR-IOV is not to be confused with VT-d, which is typically found in consumer hardware but which is not to sufficient to make DDA work.

DDA and Licensing

Even if you have a machine that meets the hardware requirements for DDA outlined above, you may run into a problem of a very different nature: Nvidia’s consumer cards cannot be used because of restrictions in the driver. Nvidia’s Grid cards, on the other hand, require software licenses in addition to the professional-grade hardware. Rachel Berry has a good overview of Nvidia Grid licensing.

AMD GPUs (purportedly) do support DDA, but I did not test that.

VMware Workstation Configuration

The first thing you may notice after installing VMware Workstation is that it does not work if Hyper-V is enabled. If you want to keep using Hyper-V your best option is to create a new boot menu entry with Hyper-V disabled. That way you can switch between Hyper-V and VMware Workstation simply by rebooting. From Stack Overflow:

C:\>bcdedit /copy {current} /d "No Hyper-V" The entry was successfully copied to {ff-23-113-824e-5c5144ea}. C:\>bcdedit /set {ff-23-113-824e-5c5144ea} hypervisorlaunchtype off The operation completed successfully.

As with RemoteFX, there is no need to care about GPU drivers in the VM: they are part of VMware Tools. This indicates that the concept is similar in nature to RemoteFX.

Operation

The virtual GPU you will see in the VM is of the type VMware SVGA 3D:

Again, DXDiag is happy:

Again, Chrome not so much:

As with RemoteFX, there is no GPU in Task Manager:

Verdict

From an application’s point of view, VMware Workstation GPU virtualization is similar to RemoteFX: potentially good enough for some use cases, but there is no “real” GPU in the VM.

Conclusion

It’s 2018. This should be easier!

GPU virtualization is most definitely not mainstream yet. Currently, server hardware with either AMD or Nvidia Grid GPUs is required. That makes testing unnecessarily difficult and expensive.

The post Inexpensive GPU Virtualization Options for Testing appeared first on Helge Klein.

Pages

Subscribe to Spellings.net aggregator - Community