Citrix have announced that XenApp 6 for Windows 2008 R2 will be released for download on March 24th. This will include XenApp 5 Feature Packge 3 for Windows 2003 and 2008 users.
The “key new feature” lists are less than impressive however…
Not having learnt from the previous occurance, it appears Citrix have again included some digitally signed code which will timebomb on March 23rd.
With the tech preview of the next release of XenApp now available, I’ve been thinking more about how the ADÂ integration of Citrix policies into ADÂ will actually work in practice.
Advantages
You can apply a particular configuration by just moving the computer object into an OU, and your new server will inherit all the existing Citrix policies defined for that OU. This is especially useful if you use Citrix Provisioning Server to provision servers.
Disadvantages
XenApp admins are used to being “masters of their realm”. Same with the AD admins. And in large corporate environments – never the twain shall meet. XenApp admins wouldn’t let an AD admin lose on their XenApp farm, and likewise an AD admin wouldn’t let the XenApp guys lose in their group policy management console.
This presents a problem when all your XenApp policies are now in AD. Want to tweak that bandwidth throttling policy for ICA? Now it’s a major change to AD potentially impacting hundreds of thousands of users (depending of course on the size of your organization).
Another issue is because of this split of roles in large organisations, XenApp admins now use third party tools such as AppSense and RES PowerFuse to administer and apply policy for their XenApp users with only a few basic machine policies applied by AD. This means changes can be applied quickly, and with all the advanced filtering that these tools bring over and above AD.
So, how to get your XenApp policy (now applied by AD which you have no control over) to integrate with your security and lockdown policy (applied by AppSense which you have full control over)
I’ve yet to see the solution…and can see this issue limiting adoption of XA6 in very large corporates where AD group policy is locked down in stone and takes months of red tape to change.
I’ve yet to see any comment from RES or AppSense on whether their tools will integrate with XA6, but from what I’ve seen of the tech preview, there is no “Export” facility, or access to the native ADMX files.
Whilst the recent spate of bad weather leaves us eating our own dog food, I found this satirical article on why we can’t just stay indoors! Enjoy, and Merry Christmas!
Here are a few snippets gleaned from the XenApp 6 Tech Preview:
- No mixed farms. Citrix will provide a migration utility that will suck out the details from your existing farm and import them to your new XA6 farm. You can then use Web Interface to provide a seamless migration between your existing farm and the new XA6 farm.
- Server groups allow published applications to assigned to servers automatically. You can provision a new server (using Provisioning Service of course) add it to an AD OU and it will then automatically inherit the published applications available via the server group assigned to that OU. This makes adding new servers to your farm so much faster – especially if you use Provisioning Services.
- Citrix Policies can now be applied by AD Group Policy. I’ve yet to find out how you export these so you can use them in your favourite User Workspace Management tool (Appsense, RES PowerFuse etc)
- No console for print driver management. As Advanced Management Console (aka CMC) finally bites the dust, some remaining aspects have been ported into the AMC/DSC (policies and load evaluator rules for example) and others are provided by PowerShell commands only (Printer Driver replication). I can see this causing a few issues for those used to using a console to do all their driver management as scripts and a knowledge of PowerShell will now be required.
- No Resource Manager. The Edgesight Lite (renamed to Service Monitoring) is provided instead.
That’ll do for now…will post more when I’ve had some time to play with it some more.