Migrate Citrix XenApp 6 Folder Structure Using PowerShell

There are times when you need to migrate all or part of your Citrix XenApp 6 folder structure from one farm to another, or just back up a XenApp 6 folder structure. This post will show you how to accomplish this using PowerShell.

There are times when you want to migrate a folder structure from one Citrix XenApp 6 farm to another.  For instance, if you maintain separate test, quality assurance, and production farms and need to migrate folders and applications between the farms.  Fortunately, this is super easy in XenApp 6 using PowerShell.

note Note: before you get started, be sure to check out this post on how to install the Citrix XenApp 6 PowerShell Cmdlets.


Export Specified Folders

You can export your entire folder structure, or just certain parts of it.  In the example below, I will export only the “Testing” folder (see the screen shot below).

Here is how to export just the “Testing” folder and its subfolders using PowerShell to a XML file called “TestingFolders.xml”:

Get-XAFolder -FolderPath "Applications/Testing" -Recurse | Export-Clixml c:\TestingFolders.xml



Well, the cool thing about PowerShell is that it is pretty readable, so I don’t think this command needs a lot of explanation. However, let’s look at the resulting XML file.

  Applications/Testing/Microsoft Office

No rocket science there either. It is just a list of folders. You could easily hand craft one of these XML files to create a folder structure. What I am going to do here is modify the folder path so that the folders get created in the “Applications/QA” folder and then save the file as “QAfolders.xml”. Here is what the XML file looks like now:

  Applications/QA/Microsoft Office


Import Folders

Now that you have your XML file, it is relatively easy to import. Here is how to do it:

Import-Clixml c:\QAFolders.xml | New-XAFolder


Here are the results:


Next Steps

So all this folder structure stuff is fine, but wouldn’t it be nice to import some apps into those folders? Of course it would. Here is how to export and import XenApp 6 published applications using PowerShell.


Citrix Synergy 2011 Keynote Live Blog

Citrix Synergy 2011 is going on now. I’ll be live blogging the event.

There will be a lot of news coming from Citrix Synergy 2011.  I’m using a new plugin to live blog the event.  Updates will be automatically updated in reverse chronological order (no need to refresh your browser – yeah Ajax!).

Here we go with the keynote:


May 25, 2011, 1:41 pm

#citrixsynergy End of keynote. Nothing follows.

May 25, 2011, 1:38 pm

#citrixsynergy @guspinto showing Citrix Receiver delivering a Mac desktop via XenDesktop. Gus sucks at Angry Birds!

May 25, 2011, 1:31 pm

#citrixsynergy Citrix Receiver can now deliver Android apps. So, now you can have Android apps on a Windows platform via Receiver.

May 25, 2011, 1:28 pm

#citrixsynergy End of message. But, in Steve Jobs fashion, there is “one” more thing. Although, now there are 2 more things.

May 25, 2011, 1:21 pm

#citrixsynergy OpenStack is being discussed now. Citrix is announcing Project Olympus to bring the power of OpenStack to enterprises. This will allow enterprises to build private cloud environments inside their own datacenter that works just like public cloud environments. This is a joint effort including players like Citrix, Dell, Rackspace, etc.

May 25, 2011, 1:09 pm

#citrixsynergy NetScaler Cloud Bridge helps bridge the gap between your enterprise and public clouds. You can run an app in a public cloud but keep the data in your local data center.

May 25, 2011, 12:59 pm

#citrixsynergy Follow-me data. Dropbox, Box.Net, enterprise data, etc. being synced on multiple devices. This data is stored in an encrypted (probably via XenVault) section of the client. Remote wipe, polices, admin control. This is some pretty sweet stuff.

May 25, 2011, 12:51 pm

#citrixsynergy NetScaler Cloud Gateway is one place to aggregate, orchestrate, and deliver SaaS, Web, and Windows apps. Receiver is a one stop shop for access to your enterprise and SaaS apps.

May 25, 2011, 12:43 pm

#citrixsynergy GoToManage for iPad will be free for a 1-to-1 session. Look for it in the App Store soon!

May 25, 2011, 12:37 pm

#citrixsynergy Brad Peterson showing the new Receiver. Published apps are alive and strong. It isn’t all about VDI or hosted virtual desktops – which is refreshing.

May 25, 2011, 12:31 pm

#citrixsynergy Google is deploying Citrix and Chromebooks internally. How cool is that…

May 25, 2011, 12:28 pm

#citrixsynergy Amit Singh from Google is coming on stage to talk about Chromebook and Citrix Reciver for Web. HTML 5 is the man! No need to download client – Citrix just works from the browser. Brad Peterson is showcasing a Chromebook with Receiver for Web. This is awesome.

May 25, 2011, 12:21 pm

#citrixsynergy XenClient XT is available for extreme security. This message will self destruct in 2 minutes…

May 25, 2011, 12:17 pm

#citrixsynergy Now, Mark is talking about XenClient. XenClient is now supported on more hardware – no more dependence on vPro (although full motion video and 3D will suffer a bit on non vPro).

May 25, 2011, 12:14 pm

#citrixsynergy GoToMeeting with HD faces is available for Beta today! 2 new ads are being shown in the keynote.

May 25, 2011, 12:12 pm

#citrixsynergy “Easier & simpler” lowers TCO and raises TVO. So “Easier & Simpler” is the pivot of an inverse proportion.

May 25, 2011, 12:04 pm

#citrixsynergy There are now 3 “PC”‘s – Public Cloud, Private Cloud, Personal Cloud. Is “Personal Cloud” taking things too far – I think maybe/maybe not. With the consumerization of IT, people are brining their compute environment with them wherever, whenever, on whatever device.

May 25, 2011, 11:58 am

#citrixsynergy Any, any, any is now whatever, whenever, wherever. TCO is being replace by TVO (Total Value of Ownership). TVO makes sense because the value can be more or less than the actual cost of something.

May 25, 2011, 11:49 am

#citrixsynergy on no! More “snack, dine, create” analogies. Although, the new term coined is BYO-3 – which makes sense. A lot of people bring multiple devices (laptop, tablet, phone). Also people are brining their own compute environment too (dropbox, cloud apps, gmail, etc.). Consumerization is alive and kicking in IT. Citrix is embracing this.

May 25, 2011, 11:41 am

#citrixsynergy Mark T “Hyper-V a great platform for XenDesktop”

May 25, 2011, 11:39 am

#citrixsynergy Kaviza is the subject. Complexity is “optional”.

May 25, 2011, 11:38 am

#citrixsynergy we’re going to talk a lot about the cloud. Tomorrow the DIA (Defense Intelligence Agency) will be presenting.

May 25, 2011, 11:36 am

#citrixsynergy And… wer’e off. Mark T on stage now. Standing room only.

May 25, 2011, 11:30 am

#citrixsynergy Brian Madden is live blogging too -> http://www.brianmadden.com/blogs/brianmadden/archive/2011/05/25/citrix-synergy-2011-san-francisco-opening-keynote-live-blog.aspx

May 25, 2011, 11:23 am

Watch the keynote live here -> http://www.citrixsynergy.com/sanfrancisco/learning/synergylive.html

May 25, 2011, 11:17 am

People are filing in to the keynote now. There is a DJ spinning some tunes as a rumored 5,500 attendees file in.




Citrix Acquires Cloud Control Panel Company EMS Cortex

Citrix acquired EMS Cortex – a cloud control panel company. This web-based control panel allows for provisioning of a multitude of resources including Microsoft Exchange, Citrix XenApp, Microsoft SharePoint, DNS, SQL, Hyper-V, and more.

citrix cortex

Citrix announced today that they have acquired a Cloud control panel company called EMS Cortex. EMS Cortex makes a web-based cloud control panel that automates the provisioning of an array of Microsoft Products including Exchange, SharePoint, OCS, Web Hosting, SQL Server, DNS, RDS, Microsoft Dynamics CRM, and Hyper-V.  The EMS Cortex control panel also automates the provisioning of Citrix XenApp applications and desktops.  I am personally very excited about this news because I use Cortex in my current job at Xcentric.

What is EMS Cortex?

In a multi-tenant hosting environment, it is very important to have a strict provisioning routine to ensure consistency.  EMS Cortex makes a web-based control panel to automate the provisioning process used in multi-tenant hosting environments.  Cortex provisions Active Directory OUs, user accounts, groups, file shares, SharePoint sites, Citrix XenApp resources, etc.  Through the use of Cortex, you no longer have to visit multiple consoles to provision users – just set up the user in Cortex and the rest is taken care of.  This is good because Cortex removes the human error factor.

As I mentioned before, we use Cortex at Xcentric.  Cortex is the centralized provisioning engine for our multi-tenant hosting environment.  There are a lot of good things about Cortex and some things I wish I could change (I’ve already started talking with Cortex about the things I wish I could change).  I’m hopeful that we, the community, will see even more Citrix-focused integration points in future releases.

How EMS Cortex Works

Cortex is a multi-tier application consisting of the following components:

  • SQL Database – for configuration, users, customers, auditing and reporting.
  • Web Services – for real time interaction with Active Directory and other hosted services.
  • Provisioning Engine – via Microsoft Message Queue (MSMQ), provisioning requests are dispatched to the provisioning engine.

The Cortex web application is loosely coupled with the other Cortex components. This loose coupling provides several security benefits, as the web server has no dependency on Active Directory it can essentially operate outside of the managed domain.  Cortex can also manage multiple domains.

cortex architecture Image source: http://ems-cortex.com/architecture/how-cortex-works.aspx

What will Citrix do with EMS Cortex?

Now, the things I’m about to share are purely off the top of my head and are not necessarily the direction Citrix intends on taking this product (although I hope they do).

Virtual Machine automation – ok, I kind of cheated on this one because Cortex already integrates with Hyper-V.  But this automation is solely based on System Center Microsoft Virtual Machine Manager.  So, it would be cool to provision VMs for XenServer and *gasp* VMware.  SCVMM is somewhat sketchy with VMware ESX and vSphere and there is currently no SCVMM integration with XenServer (although, there were some screenshots of SCVMM and XenServer at Synergy last year – not sure where that is now).  So, either SCVMM will have to amp up on vendor support or Cortex will need to go native API for vendors besides Microsoft.

Cloud bursting – this one goes along with the Virtual Machine automation.  Citrix has been working with Amazon Web Services, SoftLayer, and even has their Citrix Cloud Center (C3).  So, it would be cool to see some hooks built in for platforms like these.  Imagine being able to provision an tenant in one of the vendor clouds instead of provisioning local resources.

Access Gateway Policy provisioning – Cortex provides a lot of self-service functionality for tenants.  It would be cool to give tenants the ability to define Access Gateway policies tailored to their own needs without the help of a system administrator.

XenDesktop integration – currently, Cortex only supports hosted apps and desktops via XenApp.  It would be nice to see integration with XenDesktop.

PowerShell – the current API for Cortex is a mixture of web services and a somewhat proprietary API for the  MSMQ.  It would be cool to see some PowerShell cmdlets to interface with the provisioning lifecycle.

Workflow StudioCitrix Workflow Studio is all about infrastructure automation/orchestration.  Wouldn’t it be cool if Workflow Studio has activities to create a user that utilized the Cortex provisioning engine?  Workflow Studio already has an activity to create Active Directory users, but imagine an activity that used Cortex to create a user instead – thus provisioning all the other “stuff” like Exchange, SharePoint, file system, website access, etc. as well.  That would be cool.

Storage provisioning – one piece that we still have to provision manually at Xcentric is dedicated storage for each tenant.  It would be cool to see some kind of storage provisioning system – maybe pull in the StorageLink group?

Single tenant support – For the near term, the Cortex Cloud Control Panel will be offered as a standalone product on a subscription basis, as it was prior to the acquisition.  Cortex is great for multi-tenant environments, but it is also very helpful in a single tenant environment.  So, it would be cool to see Cortex rolled into one of the editions of XenDesktop or XenApp.

Postini integration – this is another feature that currently isn’t offered by Cortex.  Granted, Google gives you a cool utility to sync users with LDAP directories, but it would be even cooler if Cortex worked with Postini API’s directly.

I could keep making this list for a while.  Needless to say, I’m very excited about this acquisition.

How to Install the Citrix XenApp 6 PowerShell Cmdlets

PowerShell is the new API for Citrix XenApp starting with version 6. Whether you want to write interactive applications or work with your XenApp farm via command line, you first need to set up the XenApp 6 PowerShell SDK. This post will step you through setting up the Citrix XenApp 6 PowerShell SDK in your environment.

PowerShell is the new API for Citrix XenApp starting with version 6.  Whether you want to write interactive applications or work with your XenApp farm via command line, you first need to set up the XenApp 6 PowerShell SDK.  This post will step you through setting up the Citrix XenApp 6 PowerShell SDK in your environment.

Installing the Citrix XenApp 6 PowerShell cmdlets

Before we get started, you first need to download and install the Citrix XenApp PowerShell SDK (which includes the XenApp cmdlets). You can download the SDK here: http://community.citrix.com/display/xa/XenApp+6+PowerShell+SDK.

I recommend installing this on one of your XenApp 6 servers.  Technically, you can install this on a workstation and use remoting to remote all the commands to a XenApp 6 server, but it is very messy and doesn’t always work from my experience.  Anyway, during the setup of the SDK, you will be asked to set the PowerShell execution policy to AllSigned.  It is a good idea to leave this box checked to prevent malicious PowerShell scripts from ruining your day.

XA6 SDK Execution Policy

Adding the Snapins to your Runspace

After installation is complete, the assemblies will be loaded into the GAC (Global Assembly Cache).  Every time you want to use the Citrix XenApp cmdlets, you will need to add the snapins to your PowerShell runspace.  This can be done by launching PowerShell and using the Add-PSSnapin command as seen below:

Citrix PSSnapin

Adding the snapins will allow you to execute all the XenApp cmdlets.  Alternatively,  you can launch PowerShell from the Citrix/XenApp Server SDK folder in the  start menu as seen below.  This will launch a PowerShell runspace with all the Citrix snapins loaded and ready to go. 

XenApp PoSH

You are now ready to start PowerShelling your Citrix environment.

Bulk Update XenApp 6 Published Application Properties with PowerShell

There are times when you need to update a property on multiple XenApp published applications. If you only have a few applications to update, this can be done via the management console. However, if you have more than a few applications to update, then PowerShell is the way to go. In this post, I will show you how to use PowerShell to update published application properties on multiple applications at the same time.

Disclaimer: This article deals with Citrix XenApp 6 and above only. PowerShell cmdlets are available for XenApp 5.0 on Windows Server 2003 and 2008; however, the cmdlets are CTP (Community Technology Preview) and will likely never get “officially” released. The cmdlets in XenApp 5 are not always the same as the cmdlets in XenApp 6.

Have you ever had the need to update a lot of Citrix XenApp published application properties at the same time?  For instance, suppose you publish all your Citrix XenApp applications with sound disabled.  Then, somebody comes up to you and says “hey, we need to have all our applications support sound.  Thanks.”  If the only tool you had to use was the Citrix console, you will probably get carpal tunnel syndrome from all the mouse clicking you will need to do.  Luckily, the management console is not your only tool to solve this dilemma.  By using PowerShell and the Citrix XenApp 6 PowerShell cmdlets, this task is reduced to a single command.

Updating all Citrix XenApp 6 Published Applications with PowerShell

Note Note: if you haven’t already done so, you need to install the Citrix XenApp 6 PowerShell SDK to use the XenApp PowerShell cmdlets.  Refer to this post for more information.

The following command will set every published application in the farm to have an audio type of Basic:

Set-XAApplication * -AudioType Basic

To break this down some more:

  • Set-XAApplication will set a property on any application
  • The * is the search string to match.  If you wanted to match any application that started with test, you could use test*.
  • -AudioType is the property we are setting.  In this case, AudioType is an enumeration.  AudioType can be set to Unknown, None, or Basic

To see a list of all the properties that can be set on a XenApp published application, check out the help file that comes with the XenApp 6 PowerShell SDK, use Get-Member in PowerShell, or check out this page.

Updating Citrix XenApp 6 Published Applications in a Folder

If you only wanted to update some publised applications in a particular folder, you can first select all applications in a folder and then pass those application objects to the Set-XAApplication cmdlet like so:

Get-XAApplication –FolderPath Applications/Testing | Set-XAApplication –PassThru –AudioType Basic

Breaking it down:

  • Get-XAApplication gets a collection of XenApp applications
  • -FolderPath lets Get-XAApplication know that we just want to get applications in a particular folder
  • Applications/Testing is the folder that holds the applications we want.
  • We then pipe (using the pipe ‘|’ character) all these XenApp application objects into the Set-XAApplication cmdlet (the same cmdlet we used above)
  • This time, we use the –PassThru parameter to let Set-XAApplication cmdlet know that we are not going to search for some applications, but instead we are going to pass one or more XenApp application objects to it.
  • The rest of the parameters are the same as above

There you have it.  We have now set a property for all applications using one command, as well as set application properties using selection criteria.  Hope this helps you out with your XenApp environment.

Citrix XenApp 6 PowerShell SDK: Getting a List of Applications with C#

This post will show you how to use the Citrix XenApp 6 PowerShell SDK to obtain a list of applications from your XenApp 6 farm. We’ll look at how to do this with using the PowerShell Runspace and how to do this using the Citrix XenApp 6 wrapper assembly.

This post will show you how to use the Citrix XenApp 6 PowerShell SDK to obtain a list of applications from your XenApp 6 farm. We’ll look at how to do this with using the PowerShell Runspace and how to do this using the Citrix XenApp 6 wrapper assembly. The examples used in this post will be using an ASP.NET website, but the code can be reused in a Windows application, Console application, web service, etc.

Note Note: Be sure to read the getting started post for information about adding the correct references to your project.

Using the PowerShell Runspace

I added a Web Form to my project named RunSpaceFactory.aspx. Here is what it looks like:

using System.Management.Automation;
using System.Management.Automation.Runspaces;

namespace WebApplication1
    public partial class RunSpaceFactory : System.Web.UI.Page
        protected void Page_Load(object sender, EventArgs e)
            Runspace rs = RunspaceFactory.CreateRunspace();

            PowerShell ps = PowerShell.Create();
            ps.Runspace = rs;

            PSSnapInException ex;
            rs.RunspaceConfiguration.AddPSSnapIn("Citrix.XenApp.Commands", out ex);


            // You can add a search string like this:
            // ps.AddCommand("Get-XAApplication").AddParameter("BrowserName", "n*");

            foreach (PSObject app in ps.Invoke())


Lines 10 – 14 are standard PowerShell things you would do to work with PowerShell in any C# application.

Line 17 adds the Citrix PowerShell SnapIn to the Runspace so we can execute the Citrix commands.

Lines 19 – 28 lists all the applications in the XenApp 6 farm.

Note line 21 & 22. If line 22 was uncommented, this excerpt would list all the applications that start with the letter ‘n’ by adding a parameter to the Get-XAApplication command. You can use any matching pattern here like ‘%o*’ which would get all applications whose second letter is ‘o’.

Using the Citrix XenApp 6 Wrapper Assembly

When using the Citrix XenApp 6 wrapper assembly, you first need to add references to the appropriate DLLs to your project. The DLLs can be found in %ProgramFiles%\Citrix\XenApp Server SDK\bin


After adding the references, here is the code to accomplish the same task from above:

using System.Management.Automation;
using System.Management.Automation.Runspaces;

using Citrix.Management.Automation;
using Citrix.XenApp.Sdk;
using Citrix.XenApp.Commands;

namespace WebApplication1
    public partial class ListApplications : System.Web.UI.Page
        protected void Page_Load(object sender, EventArgs e)
            GetXAApplicationByName apps = new GetXAApplicationByName();
            apps.BrowserName = new string[] {"*"};

            foreach (PSObject _app in CitrixRunspaceFactory.DefaultRunspace.ExecuteCommand(apps))
                XAApplication app = (XAApplication)_app.BaseObject;


As you can see, there is quite a bit less code here.

Line 14 sets up all your Runspace stuff and adds the appropriate command.

Line 15 adds a parameter to the command. This is an interesting line because the BrowserName property expects an array of strings. I’m just passing one string here, but you could pass several to match. For example, string[] {“n*”, “%o*”} would find all apps that either started with the letter ‘n’ or the second letter was ‘o’.

We loop through the results in lines 18 – 24. Note that I cast the PSObject (generic PowerShell object) to a XAApplication object. This helps with the type safety and IntelliSense. To be fair, you can do the exact same thing in the PowerShell Runspace example above if you wanted.

The Results

Here is what the Citrix Delivery Services Console looks like concerning published applications:

Citrix Delivery Services Console Applications

Here is the output from both examples:


What’s Next?

The next examples will show you how to publish and application as well as how to manage sessions. You can also get a jump start by downloading the example code below:

Getting Started with the Citrix XenApp PowerShell SDK and C#

In XenApp 6, MFCOM is out and PowerShell is in. This post is the first in a series to help you understand how to develop appliations that utilize the Citrix XenApp 6 PowerShell SDK and Microsoft C#.

At BriForum 2010, Brandon Shell and I presented a session on how to make the transition from MFCOM to PowerShell.  At the end of the session, I presented several examples on how to use the XenApp PowerShell SDK in C#.  I wanted to share some of the details on those examples in a few blog posts.  This first blog post will detail what is needed to get started developing applications that leverage the Citrix XenApp 6 PowerShell SDK.

What you need

To get started, you need to set up a development environment.  You really only need two things:

Actually, there isn’t anything set in stone that says you *have* to use Visual Studio, but it will make your life a whole lot easier.  I recommend installing Visual Studio on a XenApp server because remoting in PowerShell is less than desirable for these examples.

Creating your first project

After you install Visual Studio and the Citrix XenApp 6 PowerShell SDK, you are ready to get started with your first project.  The examples I will be showing will be web projects.  So, launch Visual Studio and select  File > New > Project…

Visual Studio New Project


Add a Reference to System.Management.Automation

After you create your Project, you need to add a reference to System.Management.Automation.dll in order to do stuff with PowerShell in your project.  If you go looking for this DLL in the file system, you will find it at %ProgramFiles%\Reference Assemblies\Microsoft\WindowsPowerShell\v1.0 <- DO NOT USE THIS FILE.  The version of System.Management.Automation you want is in the GAC.

Normally, if you want to add a reference to an assembly that lives in the GAC to your project, you can just right-click your project in Visual Studio, select Add Reference and browse for the name.  But, for some reason, this assembly isn’t like the others.  You actually have to close your project in Visual Studio and manually add a reference to System.Management.Automation by editing the .csproj file.  For example, if your project name was WebApplication1, you would need to edit WebApplication1.csproj (you can use Notepad to edit this file if you like since this file is just XML) and manually add:

<Reference Include=”System.Management.Automation” />


Once you manually add this reference to your project file, you will want to add a couple of using statement to your code files that will deal with PowerShell:

using System.Management.Automation;
using System.Management.Automation.Runspaces;


To Wrap or not to Wrap

There are basically two ways to use the Citrix XenApp 6 PoweShell SDK in a C# project:

  1. Use “traditional” PowerShell Runspace (uses common PowerShell Runspaces)
  2. Use the XenApp 6 wrapper assemply (wraps each command and paramter in a Class for safe typing)

There are pros and cons for both:

“Traditional” PowerShell Runspace pros:

  • Easy to convert existing PowerShell scripts to C#.
  • You can log all the PowerShell commands and save before running – kind or like Microsoft Exchange 2007 does.

“Traditional” PowerShell Runspace cons:

  • No type safety – meaning that commands and parameters are specified as strings – which means you can mess up by typing the wrong string making troubleshooting difficult.
  • No IntelliSense for XenApp commands/odjects in Visual Studio.

XenApp 6 Wrapper pros:

  • Type safety.  Every command and parameter is wrapped in a class so there is no chance of misspelling a string parameter or passing an incorrect parameter.
  • Enables IntelliSense in Visual Studio.

XenApp 6 Wrapper cons:

  • Does not translate well to PowerShell commands.  For instance, the PowerShell command to get an application is Get-XAApplication.  The wrapper assembly’s command is GetXAApplicationByName().

I like using the wrapper assembly personally, but in the end it is all the same.

What’s Next?

I’ll be writing a few more posts on concrete examples of using the XenApp 6 PowerShell SDK.  Stay tuned…

MFCOM to PowerShell: How to Make the Transition

MFCOM has been the de facto standard for programmatically interfacing with Citrix XenApp. Whether you wanted to write a simple script or develop an application that interfaced with XenApp, MFCOM was the answer. Now, Citrix is committed to building their management architecture on PowerShell–not just for XenApp, but for all Citrix products. That’s great news for standardization across platforms and aligning with Microsoft on using PowerShell for management architectures. Now, the question is how do you take what you know about MFCOM and translate that to PowerShell?

As you may of may not already know, Citrix has committed to building their management architecture (and SDK) on PowerShell – not just for XenApp, but for all Citrix products.

In XenApp 6.0, MFCOM is not available anymore. The underlying architecture has changed dramatically enough to make backward compatibility with MFCOM impossible. The replacement for MFCOM is PowerShell. MFCOM-based scripts need to be completely re-written in XenApp cmdlets. In most cases, the conversion should be simple and most MFCOM scripts can be replaced with one-liner PowerShell commands.

Source: Citrix XenApp 6 PowerShell SDK reference manual.

That’s great news for standardization across platforms and aligning with Microsoft on using PowerShell for management architectures.  But, that begs the question – what do you do about all those scripts and applications that leverage MFCOM going forward?  I’ll be presenting a session at BriForum 2010 with Brandon Shell about this very topic.  The session will cover:

  • General Object Orientation
  • Specific Citrix XenApp objects
  • Examples of how scripts and applications were done with MFCOM
  • Converting scripts and applications to use PowerShell
  • PowerShell remoting
  • Availability of PowerShell cmdlets on XenApp 5 and XenApp 6
  • C# applications leveraging the PowerShell command wrapper

BriForum takes place from June 15th to June 17th at the Hilton Chicago Hotel.  There is still time to register.

News from Citrix Synergy

I’m blogging the Citrix Synergy keynote in real time. I’ll be adding to things that strike me as interesting to this post as announcements are made.

I’m blogging the Citrix Synergy keynote in real time.  I’ll be adding to things that strike me as interesting to this post as announcements are made.  Unfortunately, I didn’t think about making a crazy cool AJAX out of band update, so you’ll have to refresh your browser.  You can follow me on Twitter at http://twitter.com/JasonConger as well for snippets.


In beta for a while, XenClient is now released to the public.  The vision of a client hypervisor is moving toward offline VDI.  Citrix will use a technology called Synchronizer to keep the virtual desktop on the XenClient client machine synchronized with a remote copy in the data center.  Another cool feature is the ability to send a “kill pill” to the XenClient VM.  I think this is a very significant announcement.  One word of caution, there is a limited subset of workstations that XenClient supports.

HDX Nitro

There are a lot of announcements surrounding HDX.  HDX “Nitro” includes several sub technologies:

  • Project Mach 3 will give you 3x performance
  • Project Laser is for printing performance
  • Project Zoom is application pre-launch for instant connection
  • Project Mercury is for WAN acceleration

Check out more on HDX Nitro at http://hdx.citrix.com/nitro


Dazzle was shown at the last 2 Synergy conferences.  I like the idea of where Dazzle wants to go – user self-service, but it still lacks some functionality.  Workflow approval has been shown as a demo, but still doesn’t exist yet.  I also think some of the excessive eye candy animations need to go.  Check it out for yourself here: http://www.citrix.com/tv/#search/dazzle

Twitter updates from the event:

Is a User Installed Application Layer Necessary for VDI?

Layering is an emerging concept for VDI. In this article, I will draw some parallels with VDI layering and Service Oriented Architecture (SOA) to look at ways of solving the difficult User Installed Applications layer.

Layering is an emerging concept for VDI.  I am not going to try to explain layering in this post, rather I am going to discuss one aspect of layering – the user installed applications layer.  For more information about what layering is, how it is done, and how it fits into VDI, check out Gabe Knuth’s article.

Service Oriented Architecture

Layering is a new take on an old concept in my mind.  I see layering as an implementation of SOA for desktops.  A key concept of SOA is loose coupling.  Loose coupling involves a consumer and a service.  The consumer doesn’t need to know how a service is implemented.  All the consumer needs to know is how to interface with the service.  The consumer asks the service to do something and the service does it (and possibly returns something to the consumer).

Here is a real life example to illustrate: When I stay at a hotel, I usually call the front desk to schedule a wake up call.  The front desk takes my information and calls me when I ask.  In this example, I am the consumer and the wake up call is the service.  I do not necessarily know how the front desk implements the wake up call – they can put the time in a computer to have an automated system call me, or maybe they write it on a call log and a human actually calls me.  The point is, I don’t know (or care) how the service is implemented.

Another aspect of loose coupling is that the services are interchangeable.  So, in the example above, if the hotel is using some manual method and decides to use an automated method, that is fine.  The service still gets implemented for the consumer because the consumer interface did not change.


So, if each layer is viewed as a service (and potential consumer), then the gaps between the layers are the interfaces.  Also, if each layer is a service, then each service should be interchangeable.  This example works pretty well for things like the hypervisor layer (swapping in and out VMware/XenServer/Hyper-V), but maybe not so well for applications, since applications may have dependencies on one or more layers.  Application virtualization can overcome this by packing the entire stack necessary for an application in a bubble, but do you really want to teach users the intricacies of sequencing (or profiling) applications to solve a user installed app layer?

VDI Layers

Reverse Seamless

So, this got me to thinking, is reverse seamless an answer for a user installed application layer?  If you rely on your local desktop for user installed applications and present these applications seamlessly in a remote desktop, will that suffice?  Maybe – maybe not.  If the user installed applications want to interact with remote applications, you have a problem.  If not, then yeah, maybe reverse seamless does solve this.

VDI/XenApp Double Hop

A side effect of reverse seamless is that it also solves VDI “double hop” issues when using XenApp published applications inside a VDI desktop. For example, if you allow client drive mapping from the local desktop to the VDI desktop, and you also allow client drive mapping from the VDI desktop to the published application, then end user will quickly become confused as to which drive is which when trying to save a file from the published application.  Think about printing and USB redirection also.

Double Hop

By using reverse seamless, both the VDI connection and the published application connection can be made from the local desktop, then “merged” seamlessly.  This way, the VDI desktop is making one hop and the published application is making one hop.  You still have a problem if the published applications needs to interact with the desktop applications.

Single Hop with Reverse Seamless

Type 1 client hypervisor

Will a type 1 hypervisor help with user installed applications? I think this has the most potential.  Running a “personal” VM and “business” VM on the same physical hardware, there are all types of interaction that can happen.  If users install applications on the personal VM, reverse seamless type technology could be used to integrate this layer in a more cohesive way.

I guess the bottom line is that user installed applications in a stateless layered model is going to be hard.

Digging in to Citrix Configuration Logging: Exploring the Database

This is the fifth part in a series on Citrix XenApp Configuration Logging. This part will focus on the database schema, the information contained in the database, and how to decode certain parts of the data.

This is the fifth part in the Citrix Configuration Logging Series. In part 1, we discussed what Citrix Configuration Logging was.  In part 2, we discussed how to prepare the database to log configuration changes. In part 3, we discussed how to set up the Citrix XenApp farm for Configuration Logging, in part 4, we looked at the “out of the box” reporting tools. In this part, we will look at the back end database schema.

Schema on the Surface

Here is what the database schema looks like on the surface.


Just 3 tables – looks pretty easy…  But, if you look at some of the data in those tables, things become less obvious.  Let’s break each table down:

CtxLog_AdminTask_LogEntry – Every change to the XenApp farms creates a new row here.
LogEntry_RecordID Unique Identifier (primary key)
SiteId I honestly don’t know why this is here.  It seems like it might be some kind of farm identifier, but you can only have one farm per database.
LogEvent This holds events that happen on the log (database) as a whole.  This is a numeric value that corresponds to an enumeration.  Possible values are:

  • 0= None
  • 1= Created
  • 2= Cleared
DateTime Date/Time the change occurred.
LogonUserName The user that made the change.
LogonUserId The SID of the user that made the change.
LogonHostName Hostname of server that joins the farm.
LogonHostId SID of a server that joins the farm.
HostName IMA server used to make the change – remember that every change has to go through IMA.
HostId SID of the host HostName above.
Status Status of the change.  This is a numeric value that corresponds to an enumeration.  Possible values are:

  • 0 = Success
  • 1 = Neither success nor failure
  • 2 = Failure
CtxLog_AdminTask_Object – Object(s) changed.
Object_RecordID Unique Identifier (primary key)
SiteId Again – don’t know why this is here.
LogEntry_RecordID Foreign key to CtxLog_AdminTask_LogEntry table.
SequenceID Another one I’m not sure about.
AdminTaskType Enumeration – type of task performed:

  • 0 = None
  • 1 = Created
  • 2 = Modified
  • 3 = Removed
ObjectType Enumeration:

  • 0 = Application
  • 1 = Application Isolation Environment (AIE)
  • 2 = AIE Application
  • 4 = Farm
  • 5 = File Type Association
  • 6 = Folder
  • 7 = Installation Manager Application
  • 8 = Printer
  • 9 = Server
  • 10 = Server Group
  • 11 = User
  • 12 = Policy
  • 13 = Monitoring Profile
  • 14 = Load Manager
  • 15 = Virtual IP Farm Range
  • 16 = Virtual IP Server Range
  • 17 = Print Driver
  • 18 = Database
  • 19 = Zone
ObjectName Name of the object changed.
ObjectUid Internal object ID.  More specifically, this value comes from the object’s ID property in MFCOM.
PropertyList XML field.  Holds before and after values.
AdminTaskFormatResID ID of field in language specific resource file.
CtxLog_AdminTask_ReferenceList – Some objects reference other objects.  For instance, a published application can reference many server objects.  This table keeps track of changes to referenced objects.
ReferenceList_RecordID Unique Identifier (primary key)
Object_RecordID Foreign key to CtxLog_AdminTask_Object table.
ObjectType Same as parent table.
ObjectNamesOriginal Tab delimited list of the names of the original referenced objects.
ObjectIdsOriginal Tab delimited list of internal object IDs of the original referenced objects.
ObjectNamesAdded Tab delimited list of the names of the added referenced objects.
ObjectIdsAdded Tab delimited list of internal object IDs of the added referenced objects.
ObjectNamesRemoved Tab delimited list of the names of the removed referenced objects.
FormatResId_Added Resource IDs of added objects.
FormatResId_Removed Resource IDs of removed objects.


Identifying Changes

As stated above, the PropertyList field in the CtxLog_AdminTask_Object table is a XML field.  This field maps out the before and after values of each property of an object after a change.  Here is an excerpt of what a PropertyList field looks like:

<?xml version="1.0"?>
  . . .
  <property nameresid="290042">
    <valuelist original="0">
        <valstr>Notepad - test</valstr>
    <valuelist original="1">
    . . .

Notice that each property has a value where original=”0” or original=”1”.   If the two values are different, that is a change.  Original=”1” is the before value and original=”0” is the after value (that seems backwards to me).  So, from the excerpt above, we can see that “Notepad” was renamed to “Notepad – test”.

Resource IDs

Several of the fields have “ResID” somewhere in their name.  This is short for Resource ID.  The values in these fields are numeric and correspond to a language specific Resource File.  For instance, the nameresid in the excerpt above is 290042.  This maps to “Display Name” in the en-US resource file; however, 290042 maps to “Anzeigename” in the de-DE resource file.  The resource file(s) used to decode the numbers can be found on the computer running the AMC at:

%ProgramFiles%\Common Files\Citrix\Access Management Console – Report Center\Reports\ConfigurationLoggingReport

The English resources are located in ConfigurationLoggingReport.dll.  Other localized languages can be found in a subdirectory of the path given above.  For instance, the German language resources would be in:

<above path>\de\ConfigurationLoggingReport.resources.dll

This concludes our “behind the scenes” look at the database schema.  Now that we know exactly what information is stored in the database and how to decipher the data, we will look at how to do some custom reporting in the final post in this series.

Digging in to Citrix Configuration Logging: Reporting

This is the fourth part in a series on Citrix XenApp Configuration Logging. This part will foucus on out of the box reporting tool. In a later article, we will look at custom reporting.

This is the fourth part in the Citrix Configuration Logging Series. In part 1, we discussed what Citrix Configuration Logging was. In part 2, we discussed how to prepare the database to log configuration changes. In part 3, we discussed how to set up the Citrix XenApp farm for Configuration Logging. In this part, we will look at the out of the box reporting tools (in a later article, we will look at custom reporting).

Citrix Report Center

Report Center is part of the Citrix Access Management Console. Report Center allows you to create, schedule, and distribute various types of canned reports. One of the types of reports available is the, you guessed it, “Configuration Logging Report”. There are several other reports available as well including, but not limited to:

  • Alerts Report
  • Application Usage Report
  • Client Type Report
  • CPU Utilization Management Report
  • Policy Report
  • Server Availability Report
  • Environment Usage Report

Report Specification

Before you can run any report in the Access Management Console, you have to create a report specification. A report specification basically tells a report where to get its data and where/how to output the data. Different reports will have different data sources. For instance, the Configuration Logging Report’s data source would be the Configuration Logging database, whereas the Application Usage Report’s data source would be the Resource Manager Summary Database. There is a wizard in the AMC that will step you through setting up a report specification. To start the wizard, simply right-click the Report Center node in the AMC and select “Generate specification”. The wizard is pretty self explanatory, but I do want to point out one part.


When you choose to store a report for later viewing, the report is stored in your user profile (actually, all report specification options as well as the report specification itself is stored in the user profile). The bad thing about this is all this stuff is stored in your local profile by default in the following path:

%USERPROFILE%\Local Settings\Application Data\Citrix\ReportCenter\

If you are using roaming profiles, these reports/specifications will get wiped out when you log off (since Local Settings do not roam). However, there is an option to store reports in your roaming profile. This setting is located in the middle column of the AMC when you select the Report Center node.


Scheduling Reports

One of the interesting things you can do is schedule a report to run on a recurring basis. Say you wanted to get a summary of configuration changes every morning. You could create a schedule to run this report and email it to you. To schedule a report, right-click the report specification and select “Schedule report”.


Clicking “Schedule report” brings up a wizard that looks a lot like Windows Task Scheduler. The reason it looks like Windows Task Scheduler is because you are actually creating an ordinary Windows Scheduled Task. However, if you try to look for this scheduled task in Windows, you probably will not see it. That is because Citrix was sneaky and made the scheduled task hidden. To view the schedule task in Windows, you will have to enable “View Hidden Tasks”.


Viewing Reports

To view a report, you first need to run a job. You can run a job by right-clicking on a report specification and selecting “Run report now”. Scheduled reports create jobs as well. Once a job completes, you can view the report from the “Jobs” section of Report Center. Reports can be generated in HTML format or CSV format. The default format of a report is specified in the report specification; however, you can view any report in either format via the AMC.


Modifying the Report Layout

There isn’t much to discuss about the CSV format, but I do want to show you a few things about the HTML format. By default, the HTML format report looks pretty ugly.


There are a few things we can do to make this report look better. To better understand how to modify the report, it is important to understand how the reports are generated.

The raw data behind a report is XML. A command line utility called genrep.exe is responsible for going out to the data source and generating the XML in the form of a dataset. Once the data has been retrieved, a XML style sheet transformation (XSLT) is applied to produce the resulting HTML. The XSLT files are stored in:

%ProgramFiles%\Common Files\Citrix\Access Management Console – Report Center\Reports\ConfigurationLoggingReport

There are some common and language specific transforms here. The simplest way to style the report is to modify ConfigurationLoggingReportHTML.xslt. Here is a screen shot of a report generated with a modified transform:


This concludes our look at “out of the box” capabilities. Even though we were talking mainly about Configuration Logging reporting, most of this information also applies to other reports in Report Center. In the next posts, we will explore the back end database and how to do some custom reporting.

Digging in to Citrix Configuration Logging: Setting up the Citrix XenApp farm for Configuration Logging

This is the third part in a series on Citrix XenApp Configuration Logging. This part will show you how to configure your Citrix XenApp farm for Configuration Logging, what all the settings mean, what happens when you configure your farm for logging, what happens when things go wrong, and more.

This is the third part in the Citrix Configuration Logging Series.  In part 1, we discussed what Citrix Configuration Logging was.  In part 2, we discussed how to prepare the database to log configuration changes.  In this part, we will discuss how to set up the Citrix XenApp farm to use the database and what happens under the covers when we do this.

Configuring the Citrix XenApp Farm to use the Database

You use the Access Management Console to configure the XenApp farm for Configuration Logging.  Configuration Logging is a farm setting, so once you open the Access Management Console, simply right-click your farm name and select “Properties”.  Select “Configuration Logging” from the Farm-wide properties.


Now, we need to point our farm to the database we created before.  To do this, click the “Configure Database…” button to start the database configuration wizard.


The screen shot above is pretty self-explanatory, but here are a couple of tips:

  • Even though there is a drop down next to the “Server name” box, the discovery does not always work.  I suggest just typing in the database server name or IP address.
  • Be sure to specify server\instance if you are not using the default database instance.
  • If using Windows integrated security, type domain\username in the “User name” field
  • Keep in mind that the username and password is saved in the data store.  So, be sure that the password does not expire, or remember to change this when the password does expire.
  • Discovery does not work well with the database name on the next step either.  Again, you will most likely have to type in the database name.


The screen shot above shows a lot of settings, but there is not a lot of explanation of what these settings do.  Remember, Configuration Logging is built on top of ADO.NET.  In order to make sense of these settings, you can look at ADO.NET properties.  So, here ya go:

  • Connection time-out (seconds) – amount of time to wait for a command to execute.  If a database write command cannot execute in 20 seconds, you’ve got a problem.
  • Packet size (bytes) – the size of the network packet.  8192 is the default.  This value can be anywhere from 512 to 32767.
  • Use encryption – more on this in a minute…
  • Connection pooling enabled – connection pooling is just like session sharing.  Building up and tearing down database connections can be an expensive process.  Connection pooling allows a connection to stay up for an amount of time before closing just in case another database request comes in.  If another database request comes in before the time out, the request will use the same connection.
  • Minimum pool size – specifies the minimum number of connections to maintain in a pool.  If you set this number to 3, for example, ADO.NET would create 3 connections the first time you connect to the server. Zero is the ADO.NET default.
  • Maximum pool size – maximum number of connections in a pool.  100 is the ADO.NET default.
  • Connection lifetime (seconds) – specifies the maximum age of connections. If a connection has been open for more than this number of seconds when you call its Close() or Dispose() method, it will be destroyed rather than being returned to the pool. Zero is the ADO.NET default, which means that connections are kept in the pool regardless of age.
  • Connection reset – specifies whether the database connection is reset when being removed from the pool.  True is the ADO.NET default.
  • Enlist – specifies whether to enlist this connection into a current transaction context of the creation thread.  In other words, if this is set to true and the database server is doing some transactions, let the connection use the already generated transaction.  True is the ADO.NET default.

Almost all of those defaults are just great.  The only one you need to be careful about is the “Use encryption” option.  This option is set to “Yes” by default.  But, in order to use Configuration Logging encryption, you must be using IMA encryption.  If you are not using IMA encryption, you cannot use Configuration Logging encryption.  You will get this nasty undescriptive error when you test the connection if there is a mismatch:


For information on how to setup IMA encryption, check out the Citrix XenApp documentation.

Configuring the Citrix XenApp farm to Log Changes

Now that we have the farm configured to point to the database, we have some options on how to log changes.  Remember this screen shot?


This is pretty easy, there are only 3 checkboxes:

  • Log administrative tasks to logging database – this is what tells the IMA service to use the CitrixLogServer.dll hook to log changes explained in part 1.
  • Allow changes to the farm when database is disconnected – this is self explanatory.
  • Require administrators to enter database credentials before clearing the log – “the log” referred to in this option is all the data in the database.  An administrator can clear the log by opening the AMC, right-clicking on the farm name – > All Tasks –> Clear configuration log.

If you do not allow changes to be made to your farm and your Configuration Logging database is offline, you will get the following error message when trying to make a change:


Wow – that error message is actually pretty descriptive!

Note – even if you do not allow changes to be made to your Citrix XenApp farm when the Configuration Logging database cannot be reached, you can still change which database your farm uses.  That means if you are trying to make a change and your database took a dive and it doesn’t look like it will be back up anytime soon, you can always change which database logs the changes and carry on.  Of course, changing which database logs changes gets logged <- say that 5 times fast…

Adjusting Database Permissions

As you may recall, when we created the data base user in part 2, we had to make sure the database user belonged to the db_owner role.  This is due to the fact when the XenApp farm connects to the database, the schema is checked.  If the schema does not exit, it is created – which requires db_owner rights.  So, after that first connection, you can dial back the permissions.  Here are the minimum operating permissions:

Configuration Logging Task Database permissions needed
To create log entries in the database tables INSERT for the database tables,
EXECUTE for the stored procedures, and
SELECT for sysobjects and sysusers (SQL Server) or sys.all_objects (Oracle)

(Oracle also requires SELECT for sequence objects and the create session system privilege)

To clear the log DELETE/INSERT for the database tables,
EXECUTE for the GetFarmData stored procedure, and
SELECT for sysobjects and sysusers (SQL Server)
or sys.all_objects (Oracle) (Oracle also requires SELECT for sequence objects and the create session system privilege)
To create a report EXECUTE for the Citrix Configuration Logging
stored procedures
SELECT for sysobjects and sysusers (SQL Server) or sys.all_objects (Oracle)
(Oracle also requires the create session system


Delegated Administration

Delegated administration is supported to an extent.  It is basically an on or off thing.  It is a good idea to make sure administrators have to enter credentials to clear the log as well.