Citrix have released this great secure deployment guide for NetScaler MPX and VPX appliance.

I have made a summary in bullets so you can get a quick overview what the guide covers. I recommend that you download the guide to read the entire content.

Overview

NetScaler® Security Best Practices for MPX and VPX

Citrix® NetScaler® MPX appliance is an application delivery controller that accelerates Web sites, provides L4-7 traffic management, offers an integrated application firewall, and offloads servers. Citrix® NetScaler® VPX is a virtual appliance that has all the features of NetScaler MPX appliance, runs on standard servers, and provides higher availability for Web applications including Citrix XenDesktop and XenApp. Utilizing both NetScaler MPX and VPX appliances, an organization can deploy the flex-tenancy solution that further optimizes Web application delivery infrastructure by separating high-volume shared network services from processor-intensive, application-specific services. Furthermore, a NetScaler appliance enables the seamless integration with Citrix OpenCloud Access that can extend a datacenter with the power of the Cloud.

To maintain security through the deployment lifecycle, Citrix recommends the following security considerations:

• PhysicalSecurity
• ApplianceSecurity
• NetworkSecurity
• AdministrationandManagement

Deployment Guidelines

The following are the organizational security considerations and recommendations for the deployment of a NetScaler appliance:

Physical Security

• Deploy the Appliance in the Secure Server Room
• Protect the Front Panel and Console Port from Unauthorized Access
• Protect Power Supply

Appliance Security

• Secure the Server operating system that Hosts a NetScaler VPX Appliance
• PerformRemoteSoftwareUpdates
• FollowSecureLifecycleManagementPractices

Network Security

• Consider using an X.509 Certificate from a Reputed Certificate Authority for the Internet Facing Web Application
• Use Transport Layer Security when Accessing an Administrator Interface
• Use a Non-routable Management IPAddress
• Configure a High Availability Setup
• Configure Network Security Domains
• Use Stateful Firewall Protection

Administration and Management

• Create an Alternate Super User Account
• Change Password for the nsroot Super User Account.
• Follow Best Practices for the Implementation of a NetScaler Appliance
• Use Access Control
• Set up Secure Communication Between Peer Appliances
• Configure Other Accounts Remotely
• Configure Logging to External NetScaler Log Host
• Add SNMP Managers
• Use SNMP v3 Security Features
• Configure NTP
• DisableSSLv2Redirect
• DropinvalidHTTPrequests
• DisableSSLRenegotiation
• Whitelist HTTP headers
• Disable Layer 3 Mode
• Consider Using Application Firewall in a NetScaler Platinum Edition Appliance

NetScaler-FIPS Recommendations

• Change FIPS Crypto Card Passwords
• Store the HSM Password in a Secure Location

Access Gateway Enterprise Edition Security Recommendations

• Use Default Deny
• Use SSLv3/TLS Communication Between Servers
• Use the Intranet applications feature

Application Firewall Security Recommendations

• Deploy the Appliance in the Two-arm Mode
• Use Default Deny

Download the - Secure Deployment Guide for NetScaler MPX and VPX Appliances here

Introduction

XenDesktop 5 relies on the use of an SQL database to store “state information”: which Virtual Desktop groups are available, which Virtual Desktop Appliances are in use, and which users are using them.

Because of the real-time nature of this “state information”, it is not appropriate for updates to be lost or delayed in the event that the SQL database becomes unavailable. For this reason, some users may feel that they need a highly available SQL database to support their business needs, and HA (High Availability) can be an important requirement for these deployments.

This document explores the possibility of using Citrix XenServer and Marathon everRun MX 6.1 to support a highly available Microsoft SQL Server.

Executive Overview

A number of tests were performed to see whether Marathon everRun MX 6.1 could support a highly available Microsoft SQL Server for use by XenDesktop 5 Service Pack 1.

These tests included setting up a constant stream of SQL traffic between a XenDesktop 5 Service Pack 1 broker, and the SQL Server. High Availability events such as loss of a host or loss of network connectivity were then induced to see if the SQL traffic could be interrupted.

The result of the tests showed that Marathon everRun MX was able to handle the High Availability events, and was able to keep the SQL Server running without service interruptions, loss of data, or loss of in-flight transactions that might have caused problems with XenDesktop 5 Service Pack 1.

Performance tests were not appropriate with the available hardware.

Marathon everRun MX 6.1 (description by Marathon Technologies)

Marathon’s everRun MX is a software product that provides zero-downtime fault tolerant protection for Windows application operating in a XenServer pool. With everRun installed, the administrator uses a wizard-based GUI to simply select and protect a VM. Once protected, everRun provides continuous, uninterrupted application availability. Unlike traditional failover technologies there is no downtime or restart of the VM required. In the event of a failure, the application automatically continues without loss of data or interruption of network sessions and all in-flight transactions are completed. everRun protects any Microsoft application without requiring scripting, modification or specialized administrative skills. In addition, everRun’s disk mirroring technology permits use of local disk storage without the requirement for costly and complex shared storage devices.

everRun operates by running redundant VM’s operating across 2 XenServer hosts. Marathon’s Lockstep technology synchronizes the redundant VM’s so they execute identically. In the event of a failure, the surviving VM simply continues to operate without interruption. When a failed component is repaired, redundancy is transparently and automatically re-established .

For full details of Marathon everRun MX see http://www.marathontechnologies.com

Read the full document here

Citrix have released Citrix XenApp 6 service provider automation pack to download

The XenApp 6 Service Provider Automation Pack is specifically designed for use by Citrix Service Providers (use by Enterprise customers is not supported at this time). The Pack contains PowerShell scripts for: (1) the set-up and configuration of a Windows 7 Desktop Experience for session-based “Desktop as a Service” (DaaS) offers and (2) a hands-free deployment of a complete XenApp farm.

The Windows 7 Desktop Experience allows personalization of Themes, Wallpaper, Start Menu and Taskbar, and provides accessory apps like Windows Media Player, Snipping Tool, etc. The Pack also contains PowerShell scripts that set Active Directory policies to lockdown a shared server desktop based on Microsoft best practices.

The deployment of a XenApp farm is handled by a workflow that automates the provisioning and set up of the following XenApp components: Data Collector (and backup DC), Licensing Server, Web Interface Server configured to use an Access Gateway, and Worker Servers.

For service providers with a shared multi-tenant farm, a broker lockdown script is provided in the Pack that will set a stronger level of access control on support tools and restrict a tenant’s ability to see information stored in the broker and data store related to other tenants.

Download Citrix Cloud App Delivery – Setup Tools Administration Guide here

The Citrix Cloud App Delivery document explains, how Citrix Service Providers can use PowerShell scripts to install and configure XenApp farms, add tenants, and manage farm capacity for each tenant.

Download Citrix XenApp 6 Service Provider Automation Pack here (requires mycitrix account)

Citrix Systems announced it has closed its acquisition of Kaviza, makers of the market-leading all-in-one “VDI-in-a-Box” solution for small and medium business. The acquisition adds a unique VDI-only solution to the Citrix portfolio—allowing the company to further expand into the small and medium business market and accelerate its leadership in desktop virtualization across all market segments from small organizations to large enterprises. The Kaviza “VDI-in-a-Box” product complements the market-leading Citrix XenDesktop® product line for enterprise-class desktop virtualization.

SMB organizations are adopting desktop virtualization at an accelerating rate in order to reduce desktop management costs, improve security and increase business agility. In fact, Gartner research shows that hosted virtual desktops have become the number two driver of new server purchases in SMBs across both North America and EMEA, and number four in Asia Pacific(1).  However, many small to medium businesses who are constantly under pressure to do more with less have been hesitant to adopt VDI in the past given the relative cost and complexity of deploying enterprise-class products in an SMB environment. Unlike other VDI products targeted at SMBs, Kaviza VDI-in-a-Box is not just a scaled-down enterprise product with limited functionality, performance and manageability. Instead, Kaviza offers a highly innovative solution designed from the ground up to give SMB customers brilliantly simple, low-cost, “all-in-one” VDI solution purpose-built for their needs.

Kaviza VDI-in-a-Box

Kaviza VDI-in-a-Box gives SMB customers everything they need to “go virtual” with VDI in a single, easy-to-deploy software virtual appliance. This “all-in-one” solution simplifies VDI adoption for SMB customers with an innovative design that requires:

• No separate connection brokers
• No load balancers
• No provisioning servers
• No expensive shared network storage

Kaviza VDI-in-Box:

Installs quickly and is easy to manage – A single all-in-one virtual appliance enables the full production deployment of virtual desktops in two hours or less. Additional servers can be deployed and connected to the grid in minutes. A simple administrator interface makes moves, adds and changes simple.

Delivers a high-definition user experience with HDX™ – Citrix HDX technology delivers high performance and complete virtual desktop capabilities to any device, or any network, while minimizing bandwidth requirements.
Utilizes simple, cost-effective infrastructure to provide a high return on investment – The grid architecture delivers a highly available solution with fewer servers than traditional VDI solutions and no shared storage or management servers.
Provides flexibility and choice – The open architecture provides multi-hypervisor support for Citrix XenServer® and VMware ESX, with Microsoft Hyper-V support coming soon.

Supporting Quotes

“Kaviza understands the needs of small and medium businesses and has made great strides in giving these types of organizations a simple, low-cost solution for virtual desktops. The Kaviza team and the innovative technology they have built will add significant value to our desktop virtualization product line as more and more SMBs adopt virtual desktops, and it will help us drive continued growth and market leadership in desktop virtualization,” said Gordon Payne, senior vice president and general manager, Desktop Division at Citrix.

“The union of Kaviza and Citrix is a natural fit that will benefit our customers and channel partners. We founded Kaviza and created “VDI-in-a-Box” specifically for small and medium customers whose needs have been underserved by existing solutions. By joining Citrix, we will be able to leverage the benefits of increased investment, global presence and a large channel footprint. This represents a win for small and medium-sized businesses that want to adopt desktop virtualization across their organizations,” said Kumar K. Goswami, co-founder and CEO, Kaviza.

“For several years, clients have requested all-in-one server appliances to meet the desktop virtualization needs of their small offices and branch offices. In 2009, I called on the vendor community to meet this requirement and several responded. Here we are, two years later, and there is a bigger need due to the growth in desktop virtualization. Without question, low-cost desktop virtualization in-a-box solutions extend the operational, security and TCO benefits common in large-scale virtual desktop deployments to the small or branch office,” said Chris Wolf, research VP, Gartner.

“We partner with Citrix, Microsoft and Kaviza, and we are very excited by the new opportunities this creates both for customers and for our company.  VDI-in-a-box is game-changing with its simplicity and affordability, and now with the support of Citrix, it becomes a no-brainer,” said Brian Bradley, VP business development, Blue-Chip Consulting, LLC.

Availability
Customers can continue to purchase VDI-in-a-box from Kaviza resellers. Starting July 1, 2011 customers will also be able to buy from Citrix Solution Advisors.

I attended and presented at PubForum or now its called E2E conference and i meet all these amazing people who attended this great conference that was held in Dublin, Ireland.

Jim Moyle did a great smooth presentation about Windows 7 IOPS for VDI – Deep Dive.
Jim Moyle have created a whitepaper based on his research/presentation and its now available.

Great work Jim Moyle.

Click here to download Windows 7 IOPS for VDI: Deep Dive