Industry news

IoT Lifecycle attacks – lessons learned from Flash in VDI/Cloud

Rachel Berrys Virtually Visual blog - Wed, 08/23/2017 - 12:55
There are lots of parallels between cloud/vdi deployments and “the Internet of Things (IoT)”, basically they both involve connecting an end-point to a network.

One of the pain points in VDI for many years has been Flash Redirection. Flash is a product that it’s makers Adobe seem to have been effectively de-investing in for years. With redirection there is both server and client software. Adobe dropped development for Linux clients many years ago, then surprisingly resurrected it late last year (presumably after customer pressure). Adobe have since said they will kill the Flash player on all platforms in 2020.

Flash was plagued by security issues and compatibility issues (client versions that wouldn’t work with certain server versions). In a cloud/VDI environment the end-points and cloud/data center are often maintained by different teams or even companies. This is exactly the same challenge that the internet of things faces. A user’s smart lightbulb/washing machine is bought with a certain version of firmware, OEM software etc. and how it is maintained is a challenge.

It’s impossible for vendors to develop products that can predict the architecture of future security attacks and patches are frequent. Flash incompatibility often led to VDI users using registry hacks to disable the version matching between client and server software, simply to keep their applications working. When Linux Flash clients were discontinued, it left users unsupported as Adobe no longer developed the code and VDI vendors were unable to support closed source Adobe code.

The Flash Challenges for The Internet of Things
  • Customers need commitments from OEMs and software vendors for support matrices, how long a product will be updated/maintained.
  • IoT vendors need to implement version checking to protect end-clients/devices being downgraded to vulnerable versions of firm/software and life-cycle attacks.
  • In the same way that VDI can manage/patch end-points, vendors will need to implement ways to manage IoT end-points
  • What happens to a smart device if the vendor drops support / goes out of business. Is the consumer left with an expensive brick. Can it even be used safely?

There was a recent article in the Washington Post on Whirlpool’s lack of success with a connected washing machine, it comes with an app to allow you to “allocate laundry tasks to family members” and share “stain-removing tips with other users”. With the uptake low, it raises the question how long will OEMs maintain and services like applications. Many consumer devices such as washing machines are expect to last 5+ years. Again, this is a challenge VDI/Cloud has largely solved for thin-clients, devices with long 5-10 year refresh cycles.

Android Rooting and IoS Jailbreaking – lessons learned for IoT Security

Rachel Berrys Virtually Visual blog - Mon, 08/21/2017 - 11:38

Many security experts regard Android as the wild west of IT. An OS based on Linux developed by Google primarily for the mobile devices but now becoming key to many end points associated with IoT, Automotive, Televisions etc. With over 80% of smartphones running Android and most of the rest using Apple’s iOS, Android is well established and security is a big concern.

Imagine you are a big bank and you want 20000 employees to be able to access your secure network from their own phones (BYOD, Bring Your Own Device) or you want to offer your millions of customers your bank’s branded payment application on their own phone. How do you do it?


Android and iOS have very different security models and very different ways they can be circumvented. Apple with iOS have gone down the root of only allowing verified applications from the Apple store to be installed. If users want to install other applications they can compromise their devices by Jailbreaking their iPhone or similar. Jailbreaking can allow not only the end user to circumvent Apple controls in iOS but also malicious third-parties. IoS implements a locked bootloader to prevent modification of the OS itself or allowing applications root privileges.

Many people describe “rooting” on Android as equivalent to Jailbreaking. It isn’t. Android already allows users to add additional applications (via side-loading). Rooting of an Android devices can allow the OS itself to be modified. This can present a huge security risk as once the OS on which applications has potentially been compromised, an application running on it can’t really establish if the device is secure. Asking pure software on a device “hello, compromised device – are you compromised?” is simply a risky and silly question. Software alone theoretically can never guarantee to detect a device is secure.

There are pure software applications that pertain to establish if a device is compromised usually via techniques such as looking for common apps that can only be installed if a device is rooted/jailbroken, or characteristics left by rooting/jailbreaking applications, or signs of known malicious viruses/worms etc. These often present a rather falsely reassuring picture as they will detect the simplest and majority of compromises so it looks like such applications can detect a potentially unsecure device. However, for the most sophisticated of compromises where the OS itself is compromised the OS can supply such applications with the answer that the device is secure even if it isn’t. Being able to patch and upgrade the OS has a number of technical benefits, so some OEMs ship Android devices rooted and there is a huge ecosystem of rooting kits to enable it to be done. Rootkits can be very sinister and hide themselves though, lurking waiting to be exploited.

Knowing your OS is compromised is a comparable problem to that faced with hypervisors in virtualisation and one that can be solved by relying on hardware security where the hardware below the OS can detect if the OS is compromised. Technologies such as Intel TXT on servers takes a footprint of a hypervisor, locks it away in a hardware unit and compares the hypervisor to the reference on boot ongoing, if the hypervisor is meddled with the administrator is alerted.

Recognising the need for security for Android and other rich OSs, technologies have emerged from OEMs and chip designers that rely on hardware security. Usually these technologies include hardware support for trusted execution, trusted root and isolation with a stack of partners involved to ensure end applications can access the benefits of hardware security.

Typically, there is some isolation where both a trusted and untrusted processors and memory are provided, (some technologies allow the trusted and untrusted “worlds” to be on the same processor). The trusted world is where tested firmware can be kept and it remains a safe haven that knows what the stack above it including the OS should look like. Trusted execution environments (TEE) and Trusted Root are common in cloud and mobile and have enabled the wide-spread adoption of and confidence in mobile pay applications etc.

Many IoT products have been built upon chips designed for mobile phones, thin clients etc. and as such with Linux/Android OSs have the capabilities to support hardware supported security. However, many embedded devices were never designed to “be connected” with such security considerations. For the IoT (Internet of things) to succeed the embedded and OEM ecosystems need to look to hardware based security following the success of the datacentre and mobile in largely solving secure connection.

Of course, it all depends on the quality of execution. Enabling hardware security is a must for a secure platform however if a software stack is then added where a webcams default password is hardcoded the device can be compromised.

Effective Digital Content: Identifying your content top 10!

Rachel Berrys Virtually Visual blog - Mon, 08/14/2017 - 11:47
Make your top content work even harder!

This is a quick and dirty trick common in enterprise marketing and often used by pro-active Product Managers themselves. Most enterprise product marketing and product managers can get access to the google/Wordpress analytics for their products.

It is typical that a small % of the content on any website is attracting the most reads. I’ve recently done some analysis on my own blog site. In this article, I’ll use it as example to explain:

1)      How to analyse your view metrics to deduce your top content

2)      Tell you what trends you may see and what it may mean

3)      Provide a bit of background theory

There are plenty of tools out there to analyse content success that take time to learn and often are quite expensive and all this requires is a bit of excel. It’s something the lone blogger can also use. Keeping the tools simple also makes sure you are getting hands-on familiarity with your content data and the underlying methodologies those tools use.

Most website analytics should provide you with views/reads per page/blog. Personally, I’d advise looking at unique viewers, if you can, rather than page views (a few frequent users of a page can distort the data). I’d also advise filtering out or analysing separately, internal/intranet viewers, especially in a large company (quite often you’ll find your internal marketing team is the biggest consumer of their own marketing!).

WordPress, google analytics and similar should all provide you with some metrics on readership. It’s often not important as to whether the data has flaws, more that the method of counting views is the same for all the pages and has been consistently over the time the data was collected.

How to analyse your data

This may look a bit scary BUT get to grips with it and you’ll have some graphs and data to add to any marketing update. Once you’ve done it once you can produce a reasonable report in less than an hour and with a bit of practice 15 minutes.

1)      I took my blog site views from wordpress for this year in descending order and exported to .csv using the button in wordpress to do so. I then opened the file in excel. I then plotted the column of views. The blog title was in column A and the number of views in column B, starting at B1. Google analytics will allow you to extract similar.

2)      In cell C1 I then added “= B1”; and in cell B2; “= C1+B2”. This will give you cumulative views across the site incremented for each piece of content

3)      I then used the fill down feature and selected the cells from C2 downwards. In this case there were 108 pieces of content so filled down to cells C108 and D108.

4)      The in two spare cells below I entered (=C108*0.5) and = (C108* 0.8). These will give you the number of views that are 50% and 80% of views.

What are we looking for

·         Are your homepages/landing pages in the top 10%? These are the pieces of content from which you have the most control over user journeys around your site.

·         Which are your top 10% or even top 10 (actual number) pieces of content?

·         Which content attracts 50%, 80% of your viewers

Analysing your view data

Take the 50% and 80% view figures from step 5 above and review column C note the indices/rank of the content where column C is nearest to those numbers, in my case 50% and 80% of views were accounted for by my top 7 and top 24 pieces of content respectively.

From the data in column B I plotted the views for each piece of content (blog or webpage), I also changed the colour of the 7th and 24th piece of content on the graph to highlight these key numbers (in red).

 

This pattern is pretty typical of many websites and blogs. A small percentage, often less than 10% will account for 50% of more of your views. And 80% of your views will typically come from around 20% of your material (this is a manifestation of Parento analysis which in turn links to Kipf’s law…. more of that late), it’s amazing how well most content sites fit this pattern.

 

Make your top content work harder

So, a quick bit of excel and maths has left me with the knowledge of which 7 articles of 108 are attracting the most views. Since these are what people are _actually_ reading, the next steps are to check the quality of the experience and improve the user experience. I’ll cover some checklist and quick tricks to do this in future articles.

It’s also worth reviewing what you least successful content is and why. This is the stuff where you “may” have basically wasted your time! Common reasons include:

·         It’s not a topic of interest so a blog may not have been socialised because people didn’t think it was worth sharing!

·         It’s useful and important content but very niche and specific so low numbers of views are fine and to be expected.

·         You have put very good content on a poor vehicle e.g. on an area of a website hard to navigate to or that has been gated (requires a deterring login/email address to be supplied)

·         The content is very new relative to the time over which the data is fine. Everything may be ok you just need to analyse newer content over shorter more recent timeframes.

·         The content isn’t optimised for SEO or well-linked to from your other content.

In my own analysis, I was pleased to see that my home page is the 2nd ranking piece of content. Normally you’d hope and expect landing/home pages to be high up the list as the friendly entry points to your user journey. The article that came top was one that had been syndicated and socialised on reddit so I was comfortable with understanding it’s unusually high readership.

Key things to remember

·         The set of content you analysed is not independent of other content your company or competitors produce. You need to understand what % of your inbound is coming to your blog site say versus your support forums or knowledge base. You also need to understand whether the numbers coming to your site are good/bad versus the general market and competitors.

·         The time period over which you analyse data _really_ matters. Older well-read material scores higher on google. Very recent material has had less time to accumulate views. My blog is more like a website than a blog in that the % of recent new content is fairly low.

·         Marketing tags, if you are a keen user of tagged urls for different campaigns you may need to do some processing on your view data as multiple urls may map to a single piece of content.

·         If you are looking at a large site and/or one with a lot of legacy history, it’s not unusual to have 1000s of pages with very low views. Sometimes it’s better just to discard data for pages below say 10 views.

 

The theory

Many of the newer tools/applications are like black boxes, your average digital marketer uses them without knowledge of the algorithms. When websites were quite new this type of hands-on analysis was more common. Websites traffic statistics often obey Zipf’s law, a statistical pattern that shows up in language (this is also relevant to current Natural Language (NLP/NLU) work and AI). So, a quick theory/history lesson:

·         Back when “The Sun” newspaper website was fairly young (in 1997) some analysis was done that was widely noted. Jakob Nielsen did some work analysing the Zipf fit for “The Sun” website. Nielsen is one of the godfathers of user experience dating back to the 1980s and dawn of the internet (this guy was in Bell and IBM labs at the right time!); founder of the Nielsen Norman Group who still provide futurology and research to enterprise grade marketing.

·         Data Science Central have discussed web site statistics a few times including the Zipf effect, including some of the caveats of traffic analysis; some sites split content to boost page ratings and SEO/bots can throw in data anomalies.

Zipf’s law is widely found in language, connected ecosystems and networking. It’s used to explain City growth and the connected nature of the internet means it’s not too surprising it crops up. Other insightful reads:

·         Why Zipf’s law explains so many big data and physics phenomenons.

·         An old but very interesting read from HP on various areas of the Internet where Zipf’s law pops up.

·         A nice overview from digital strategists parse.ly: Zipf’s Law of the Internet: Explaining Online Behavior (their clients include The Washington Post and many other large media houses).

·         Do Websites Have Increasing Returns? More insight from Neilsen on implications of Zipf.

·         A nice blog from a real Digital Marketing Manager giving an overview on Zipf.

 

So, I also plotted vs rank both on log scales for my blog site. The shape of the graph pleasingly fits the theory (note the linear trendline overlaid in orange).

*Image(s) licensed by Ingram Image

 

Block Windows XP using selective Ciphers on Citrix NetScaler

Henny Louwers Blog - Tue, 05/06/2014 - 09:48
As you probably know Windows XP is no longer being supported by Microsoft. No (security) updates will be made available for Windows XP making it possibly vulnerable for future exploits. As an organization you will have to decide what you are going to do about these (probably unmanaged) Windows XP workplaces. There will still be […]
Categories: Virtualisation

XenApp 6.5…incoming!

Paul Lowther - Fri, 02/17/2012 - 23:05

Hey folks,

I know it’s been a while and I’m still getting visits to the site.  A lot of the information I posted here is still valid, so thanks for your continued visitations.

I’m just about to embark on getting XenApp 6.5 put into our environment, based on Windows 2008 R2 (of course).  Whereas I won’t be doing the direct engineering myself, I’ll be heading up the team doing it (stuff happens, people move on) but I’ll be able to bring you information as it comes in.

So, keep tuned in.

What’s more we’re looking to do a sizeable implementation of XenDesktop on XenServer too, so I’ll be sure to update you on some of that too.

If you have any requests, let me know – I’ll be sure to try to get the info!

PL


Categories: Citrix

Citrix Receiver and Juniper SSLVPN

Paul Lowther - Sat, 10/02/2010 - 18:25

What do you do if you have a requirement to have your Citrix Farm(s) available outside of the company firewall. ‘Available’ meaning usable on any device, become truly device agnostic!

You could punch some holes through your firewall and hope it meets the stringent company security regulations.

You could buy a Citrix Netscaler solution and use their in-built Access Gateway functionality to ‘easily’ allow ICA traffic into your network.

But…What if your company had already invested in SSLVPN technology and couldn’t justify Netscaler?

The answer, if you chose Juniper, which many companies do due to it’s standing in the technology space and magic quadrant position with Gartner and Forrester, is actually all rather simple.

On September 8th, Juniper released their new Junos Pulse app for iOS4.1 and above. This means that any device currently compatible with iOS4.1 can utilize an SSL connection through the Juniper devices, into a secure company network. Once the connection is established, you can fire up Citrix Receiver, put in your simple connection string for your farm and hey presto, access to your published applications and desktops on XenApp and XenDesktop.

OK, so we’re not device agnostic yet, but…

iOS4.2 is out in November, which will be release for the iPad, a big game changer for mobile computing due to it’s portability and screen real estate (self confessed fanboy!), which will mean Junos Pulse will work immediately, once installed and connected to your SSLVPN device.

For the non-Apple devices, I have it on good authority that Droid, Symbian, Windows Mobile and Blackberry are all in Beta development at the moment and will be released ‘soon’. Great news…and a step towards device agnostic usage, so long as there is a Citrix Receiver for your platform too.

Getting it to work:

Installing the app is as simple as any app from the App Store, configuring it is also pretty simple, what’s more, with the Apple iPhone Configuration Tool for OSX/Windows v3.1, you can create pre-configured connections for your device, which does the ‘hard’ work for your end users!

Configuring the Juniper SSL device is fairly simple too, as long as you are using the NetworkConnect, function your device will have access, albeit fairly pervasive, to the network you’re connecting to.

What do I recommend you do is:

Set up a separate realm for mobile devices, which you specify as the connection string
Create a new sign-in page that is friendly to small screens – check out the Juniper knowledge base for a sample download.
Limit the devices you want to have connect by specifying the client device identifier.
Limit the sign-in screen to be available to the *Junos* browser only.
Add black lists of network locations you don’t want everyone to have access to. These could be highly confidential data repositories or your ‘crown jewels’.
Add white lists of citrix servers you want your folks to have access to while on the network, or if you’re happy that the blacklist is sufficient, allow * for a more seamless and agile implementation which will not need adjustment as your farm grows.

There is a lot of flexibility in the solution and depending on your security needs you can mix and match some of these ideas and more in what constitutes a valid policy for your company. The more controls you add, the more you may need to revisit the configuration as devices arrive and requirements change.

Once you are up and running with NetworkConnect you can configure your Citrix Receiver client, connect and start using your Citrix apps strait away.

I was impressed how quick it was to achieve and painless the process has been made.

I don’t work for Juniper and have only recently become familiar with the technology but in my mind, Junos Pulse is a complete breath of fresh air. In forthcoming releases there will be host checkers and cache cleaners etc to ensure the device is adequately secure before allowing connection.

The area of mobile security is still in it’s infancy, it will be interesting to see if Juniper keeps up with the requirements for more security, or my hope is be the lead for others to follow!

PL


Categories: Citrix

Citrix Merchandising Server 1.2 on VMWare ESX (vSphere)

Paul Lowther - Sun, 03/21/2010 - 10:49

I recently acquired (yesterday) the Tech Preview version of Mechandising Server 1.2 from Citrix, which is specifically packaged for use on VMWare ESX.

Version 1.2 has been out or a short while, and whereas I had it running rather well on a XenServer, my company is a VMWare-only place right now, so getting this into a Production state would have meant jumping through several hoops.  I attempted to convert the Xen package over to VMWare but consistently got issues with the XML data in the OVF.

The new VMWare packaged file, which is around 450Mb, imported without a hitch!  Now I’m up and running on the platform of choice and this should make it easier for me to use in Production!  Good news!

Citrix recommends 2CPUs and 4Gb Ram for the instance.  Depending on your scale of usage, you can get it up and running with 1CPU and 1Gb RAM but that really does depend on how large your Directory data is.  For testing, I recommend 2Gb RAM, although it’s simple to adjust when you are more familiar with the load that is required for your environment.

If I find any gotchas with the configuration or getting Receiver/Plug-ins working with the Web Interface, I’ll let you know!

Thanks for reading, leave a comment!

PL


Categories: Citrix

AppSense 8.0 SP3 CCA Unattended

Paul Lowther - Fri, 03/19/2010 - 14:03

If you’re wanting an unattended installation of you AppSense CCA (Client Communications Agent) you will want to look here.

This is documented in the Admin Guide but I missed it on my first run-through.

The installation is the same for the 32-bit or 64-bit version, simply call the right MSI for your server type.  This is also true for the compatible Operating System versions, there’s only one per architecture but covers all compatible OS, which keeps it relatively simple.

Installation Script @echo off REM *** SETTING UP THE ENVIRONMENT NET USE M: "\\server\share\folder" /pers:no SET INSTALLDIR=M:\ REM **** Installing the AppSense Communications Agent (WatchDog agent installed also!) REM **** Set this VARIABLE for your own (primary) Management Server SET APPSENSESITE=SERVERNAME ECHO Installing AppSense Communications Agent.. cd /d %INSTALLDIR%\AppSenseCCA SET OPTIONS=INSTALLDIR="D:\Program Files\AppSense\Management Center\Communications Agent\" SET OPTIONS=%OPTIONS% WEB_SITE="http://%APPSENSESITE%:80/" SET OPTIONS=%OPTIONS% WATCHDOGAGENTDIR="D:\Program Files\AppSense\Management Center\Watchdog Agent\" SET OPTIONS=%OPTIONS% GROUP_NAME="ZeroPayload" SET OPTIONS=%OPTIONS% REBOOT=REALLYSUPPRESS /qb- /l*v c:\setup\log\cca.log START /WAIT MSIEXEC /i ClientCommunicationsAgent32.msi %OPTIONS%

This will install the CCA, set the installation folders, choose your “preferred” Management Server and then add it to a Deployment Group.

Management Console Considerations

One requirement for the Deployment Group is that it set for “Allow CCAs to self-register with this group”

This is set in the Management Console, in the group you have created, called ZeroPayload here, under the Settings section.  Putting a tick in the box is sufficient to complete the registration setting.

Now, a server will be able to join the group with the above unattended script.

What I have done, to manage how and when the agents and pacakages are deployed, is set the “Installation Schedule” to be set to “At Computer Startup – Agents are installed only when computers are started“.  I have added all the agents into this group but no PACKAGE payloads.  If you now reboot the server at your convenience, once the CCA is installed (in my case part of a wider XenApp install) the server will install the agents and immediately REBOOT the server one more time, since you need to remember that the Performance Manager agent will automatically issue a reboot request upon installation.

If you were to set this as “Immediate” in the Installation Schedule, there would be no control over when your server reboots.  Many people fall foul of that nuance of PM as it’s easy to forget (I’m sure the guys at AppsSense forget that on occasion too!).

One very cool behaviour is that you can add both 32-bit and 64-bit agents into this Deployment Group and your server will only install the version it needs for the given architecture.

So now your server is configured and ready for it’s final deployment.  If you’re like me and have  number of active Deployment Groups, some with a slightly different package payload, you can use this method initially, then move your server to the required deployment group.  If all agent versions are the same, and in the beginning they certainly should be, all that will be deployed when you move to another group is the Packages, and these don’t force a reboot.

One last thing to consider.  Any Environment Manager packages that have “Computer” settings will not be invoked until the next reboot.

So… there you have it in a nutshell.

Leave me a comment if you have experiences to share.

PL


Categories: Citrix

XenApp PowerShell Command Pack CTP3

Paul Lowther - Fri, 03/19/2010 - 09:09

I’ve recently started looking at PowerShell 2.o and bought the “for dummies” book to get me started.  My immediate need for usage of PowerShell was to automate some XenApp farm configurations.  This is where the XenApp Command Pack CTP3 comes into the picture.

Installation:

A pre-requisite, in addition to installing the following two components, is to install .Net Framework 3.5SP1 – this is specific to the XenApp Command Pack and use of CTP3 functionality.

NOTE: Anywhere a  is shown, this is not intended as line break merely a line continuation to overcome the shortcomings in WordPress!

ECHO+ ECHO Installing Windows Management Framework Core (including PowerShell 2.0).. start /wait WindowsServer2003-KB968930-x86-ENG.exe ♦ /quiet /log:c:\setup\log\WMF-PS.log /norestart ECHO Installing XenApp PowerShell Commands.. cd /d "%INSTALLDIR%\Citrix Presentation Server" start /wait msiexec /i Citrix.XenApp.Commands.Install_x86.msi ♦ INSTALLDIR="D:\Program Files\Citrix\XenApp Commands" ♦ /norestart /qb /l*v c:\setup\log\xa-cmds.log

Now I have the Commands installed, it’s relatively simple for me to manipulate the farm in any way I want! As far as I can see, anything that is configurable within the AMC (XenApp 5.0 FP2) can be manipulated with a PowerShell command. This includes both farm settings and server settings. I’ve also been able to set Server Groups, Server Console published icons, Administrator Access, Lesser-mortal-being Access (defined access rights) and more besides.

I would have added some of my code here but there are some sensitive items in it and would have to rewrite a lot just to display it.  It’s quite simple to get some quick results, believe me!

It’s a given that Citrix will increase their use of PowerShell in versions to come, such as FP3 and XenApp 6 for W2K8-R2. This for me can only be seen as a positive move!

I can’t recommend this one highly enough.  Check it out.

Leave a comment and thanks for reading.

PL


Categories: Citrix

AppSense 8.0 SP3 Unattended Installation

Paul Lowther - Fri, 03/19/2010 - 08:18

It’s been a long time in coming but I finally got round to getting some progress with AppSense 8.0 @ work.

I don’t do anything unless I can automate it, so here’s my take on the unattended method for AppSense v8.0, in this case the files I used were SP3.  There is some great information in the documentation for the pre-requisites needed to get the software installed.  This is the condensed and automated sequence.  I recommend you read the documentation too!  One thing that is missing is how to do an unattended installation, which is where I felt it necessary to share my knowledge with you!

A word of warning, this isn’t as end-to-end as I’d hoped.  The pre-requisites and MSI installations are all you need to get the product running on your server but you still have to configure the product with the relevant databases for Management Server, Statistics Server and Personalisation Server, if you are using them.  I did manage to do a lot more with AppSense 7, like defining the database schema to use and setting the admin account to use etc, but I’ve since lost my snippets for v7 (an over zealous colleague being “tidy” on our code file server) and couldn’t find any settings within the MSI that looked like they would be relevant, so it’s install-then-configure this time!

My script here starts off with a server that already has IIS installed, but didn’t have BITS installed, so SYSOCMGR was used to add BITS.  If you’re installing IIS from scratch, ensure you add this component!

The IIS-BITS.inf file is simply:

[Components] BITSServerExtensionsISAPI = ON NOTE:  Anywhere I added the  symbol, it’s not intended as a line break!  I’m just overcoming the shortcomings in WordPress for long lines of continuous text. @echo off REM *** SETTING UP THE ENVIRONMENT NET USE M: "\\server\share\folder" /pers:no IF NOT EXIST M:\ GOTO FAULT SET INSTALLDIR=M:\ REM ** Enable BITS for IIS ECHO Enabling BITS for IIS START /WAIT sysocmgr.exe /i:%systemroot%\inf\sysoc.inf /u: ♦ "%INSTALLDIR%\AppSense\32-bit\IIS-BITS.inf" /r /x REM *** Installing Dot Net 3.5 ECHO .Net Framework 3.5.. cd /d "%INSTALLDIR%\32bit.kit\DotNet35" START /WAIT dotNetFx35sp1.exe /Q /PASSIVE /NORESTART REM *** Installing Visual C++ Runtime 2005 SP1 (needed for hotfixes etc) ECHO Visual C++ Runtime 2005 SP1.. cd /d "%INSTALLDIR%\32bit.kit\vcredist.2005.sp1" START /WAIT vcredist_x86.exe /q:a /c:"VCREDI~3.EXE ♦ /q:a /c:""msiexec /i vcredist.msi /qn"" " REM *** Install MS XML6 Runtime ECHO MSXML6.. cd /d "%INSTALLDIR%\AppSense\32-bit" START /WAIT msiexec /i msxml6.msi REBOOT=ReallySuppress ♦ /qb- /l*v "c:\setup\log\msxml6.log" REM *** Installing AppSense Components cd /d "%INSTALLDIR%\AppSense\32-bit" ECHO Installing 32-bit AppSense Management Server component.. START /WAIT MSIEXEC /i ManagementServer32.msi ♦ INSTALLDIR="D:\Program Files\AppSense\Management Center" ♦ ALLUSERS=TRUE REBOOT=ReallySuppress ♦ /l*v "c:\setup\log\AS-ManagementServer.log" ECHO Installing 32-bit AppSense Management Console.. START /WAIT MSIEXEC /i ManagementConsole32.msi ♦ INSTALLDIR="D:\Program Files\AppSense\Management Center" ♦ ALLUSERS=TRUE REBOOT=ReallySuppress ♦ /l*v "c:\setup\log\AS-ManagementConsole.log" /QB- ECHO Installing 32-bit AppSense Application Manager Console.. START /WAIT MSIEXEC /i ApplicationManagerConsole32.msi ♦ INSTALLDIR="D:\Program Files\AppSense\Application Manager" ♦ ALLUSERS=TRUE REBOOT=ReallySuppress ♦ /l*v "c:\setup\log\AMConsole.log" /QB- ECHO Installing 32-bit AppSense Environment Manager Console.. START /WAIT MSIEXEC /i EnvironmentManagerConsole32.msi ♦ INSTALLDIR="D:\Program Files\AppSense\Environment Manager" ♦ ALLUSERS=TRUE REBOOT=ReallySuppress ♦ /l*v "c:\setup\log\EMConsole.log" /QB- ECHO Installing 32-bit AppSense Performance Manager Console.. START /WAIT MSIEXEC /i PerformanceManagerConsole32.msi ♦ INSTALLDIR="D:\Program Files\AppSense\Performance Manager" ♦ ALLUSERS=TRUE REBOOT=ReallySuppress  ♦/l*v "c:\setup\log\PMConsole.log" /QB-

For the .Net Framework file, don’t go looking for dotNetFx35sp1.exe, since this is merely the download of 3.5SP1 renamed so it doesn’t look like standard 3.5, and was done for my own future sanity if nothing more.

.Net Framework 3.0 is the minimum requirement but I’m aligning all my current work on 3.5SP1 since I may wish to use PowerShell 2.0 as and when possible.  I certainly did for XenApp with favourable results (will post about that later).

Post Installation work:

Once the software is installed, you need to connect to or create the databases you’ll need for your choice of functionality you’re going to make active.

Click Start -> All Programs -> AppSense -> Management Center -> AppSense Management Server Configuration

Go through the GUI, tell it where your blank (but already created) schema resides, present it with some credentials and you’re set!

The only other step you *may* be faced with is that the configuration tool analyses the installation to see if there any anomalies.  These are termed as variances in the GUI.  For me, since I’m logged in as an Administrator anyway, I ask the GUI to repair all variances, in all locations.  Once done, the installation is complete.  The steps are very similar for the Statistics Server and Personalisation Server.  It is recommended (for larger installations) that you put Personalisation on it’s own server instance, but Management Server and Statistics Server can occupy the same instance.

I’m planning on installing the CCA with the XenApp base build, so I will likely post that unattended install next.

Leave a comment, thanks for reading.

PL


Categories: Citrix

Citrix Merchandising Server 1.2

Paul Lowther - Fri, 03/19/2010 - 06:53

I’ve been experimenting with Merchandising Server recently.  Primary objective: To see what all the fuss is about.  How will this make my life (or at least the support team @ work)’s life easier?

Well on first look, it’s all looking rather good!  Here’s why:

  • Delivery of the Receiver software to any compatible device (Windows & Mac)
  • Delivery of Plugins (ICA aka Online/Offline Plugin, EdgeSight, Dazzle, EasyCall, etc)
  • Seamless Updating of new plugin versions (all fully customisable with rules for when to do or when to not do an action)

I can see our rather large user base (35k ICA installs and counting) being quite taken by the fact that they don’t have to seek out a “scripted” install to replace what they already have, we can do the “hard work” for them – and roll it back if a new version sucks (you know it happens occasionally!)

So what’s the catch:

Well since I am bound by the rules that *essentially* we are a VMWare shop at my place of employment, the Merchandising Server is a VM Appliance that is only available for those running XenServer.  This is a big disappointment.  Do you guys realise how many hoops I’d have to jump through to get a XenServer (or two) installed in Production.  Not only that but I’d have to write the documentation to support it, in addition to documenting the Merchandising Server, not a prospect I relish.

Look Citrix we know XenServer is a good product – and it’s free for simple implementations – but it’s not really “enterprise” thinking when you limit the use of a product like this.

But “WAIT”, I hear you say…breaking news…

The good folks at Citrix, in their infinite (albeit slightly tardy) wisdom have done the “enterprise” thing!  Whilst browsing around myCitrix.com today, I noticed that they have just released a VMWare instance!  Now that is good news.

I do have a slight challenge though, my subscription level seems to be limiting my ability to acquire said item.  Fear not, I tell myself, I have an email sat in my Citrix Account Manager’s inbox, asking for assistance of the intervention kind!  If/when I get it, I’ll post about it.  If the step-by-step documentation sucks, I may even write that up too.

If you have client sprawl in your Citrix jurisdiction, I really do recommend you check out the Merchandising Server, it could pave the way for an integrated solution for the future!

PL


Categories: Citrix

Google…Sesame Street

Paul Lowther - Tue, 11/10/2009 - 13:41

Today’s entry is brought to you by the letters J, P and G.

Sesame Street is 40 today and Google is paying homage by changing it’s image to commemorate this momentus day!

I know I spent many an hour clocked in front of the TV watching big bird and the gang…

Google's Image of the day...10th November 2009


Categories: Citrix

Pages

Subscribe to Spellings.net aggregator