Month: October 2011

Cloud Architecture is Different

During the day two Super Session at Citrix Synergy Barcelona, Sheng Liang, CTO of the cloud platforms group at Citrix, took the stage to discuss a number of interesting concepts.  One that stood out for me was when he highlighted differences between cloud architecture and enterprise architecture.  He stated that cloud architecture is different from enterprise architecture and that this  fact is missed by many.  At first glance this statement falls into the obvious category however like most simple concepts they only become obvious once stated and laid out in front of you.

I visit server rooms and data centres on a regular basis and it is becoming common for these to be described as company X’s cloud.  However if the environment has been built using the same principles and architecture as the last data centre then the environment will never scale correctly or offer services the way a true cloud can.

Sheng Liang outlined five areas of consideration:

  1. Enterprise architecture scales up server clusters, cloud architecture scales out server farms
  2. Enterprise architecture assumes reliable infrastructure, Cloud architecture expects infrastructure to fail
  3. Enterprise architecture is high cost, Cloud architecture is low cost
  4. Enterprise architecture is IT Mgmt-centric (1:100’s), Cloud architecture is autonomic management (1:1000’s)
  5. Enterprise architecture uses proprietary vendor stack, cloud architecture uses open, value added stack
Its definitely time to rethink that data centre build, to think automation and to resist the urge to monitor each server CPU and IO response time.  Switches will fail, servers will overheat but services will be delivered on time at a cost never seen before by the business allowing rapid scale and mobility.
Bring it on.

Watch the session here Citrix Synergy Live


Mobile Device Access, Citrix NetScaler VPX 9.3 and XenApp 6.5

I am often asked how to enable mobile device access through an existing Citrix Access Gateway Enterprise Edition appliance.  There are a number of useful guides, this is how I configure an environment.

Configure XenApp Services Site

First step is to create a new XenApp Services Site.

Highlight XenApp Services Site and select Actions > Create Site.

Citrix Web Interface create site

On the Specify IIS Location page change the Name to MobileAccess and click Next and Next.

Configure the site now and click Next.

Enter the Farm Name, Add the XenApp Server(s), enter the XML Service port and click Next.

In the Citrix Web Interface Management console high light the new MobileAccess site and from the Actions pane select Secure Access.

Highlight the Default and select Edit.  Change the Access method to Gateway direct, click OK and Next.

Enter the Access (FQDN) of the virtual server and click Next.

Click Add, enter the address of the STA, click OK and Finish.

Configure NetScaler Policy

Return to the NetScaler VPX configuration utility click Access Gateway > Policy Manager > Change group settings and user permissions.

Select Session Policies and Create new session policy.

The Create Access Gateway Session Policy window appears. Enter MobileAccess for the policy name and click New.

Name the Session Profile MobileDevices, on the Published Applications tab Override Global for ICA Proxy, Web Interface Address, Web Interface Portal Mode and Single Sign-On Domain.

Enter the following:

ICA Proxy: ON

Web Interface Address: http://XA65.ctxdemo.local/Citrix/MobileAccess/config.xml

Web Interface Portal Mode: NORMAL

Single Sign-on Domain: ctxdemo

In the Configure Access Gateway Session Policy window, next to Match Any Expression, click Add…

Expression  Type: General

Flow Type: REQ

Protocol: HTTP

Qualifier: HEADER

Operator: CONTAINS

Value: CitrixReceiver

Header Name: User-Agent

Select OK, Create and Close. The Access Gateway Session policy appears as an icon in the Access Gateway Policy Manager.

Under Configured Policies / Resources, expand the Virtual Servers > SmartAccess node and then drag the MobileAccess icon onto the SmartAccess > Session Policies icon.

Modify the priority of the policy so the MobileAccess policy has a high priority than the Remote Access policy.  This is done by assigning a lower policy number.

Close the Access Gateway Policy Manger and Save the configuration.

Test Application Enumeration and Launch

Install the root certificate on the client machine you are going to test from and make sure it is possible to resolve the FQDN of the NetScaler VPX virtual server.

On the mobile device install the Citrix Receiver and configure a profile that points to the FQDN of the gateway.

Setting up Vyatta on XenServer 6.0 Home Lab

I use a Vyatta virtual router in my home lab to segregate my test networks from the home one.  I first used  the virtual appliance over a year ago and its be faultless ever since.  I can’t claim to use more that 1% of its functionality as a) networking is not my thing and b) it does what I need and I’ve left my investigation at that.  So if you want to spin one up on XenServer 6.0 here is what you need to do.

  • Download the latest iso from Vyatta.  You have to enter your details to do this and if you are not paying a subscription then some features, such as the web GUI will not be available to you.  As a tes lab router however you’ll be able to do everything you need.
  • Create a new VM on XenServer 6.0, select Other, and assign a disk (at least 1GB – I use 20GB) and 512MB of RAM (I use 1GB).  In regards to network interfaces you will need to work out in advance where you want your device to site in your network.  I have created two networks on my XenServer host, Network 0 and Testlab and both are bound to the single NIC I use.  My new VM therefore has two network interfaces one on Network 0 and one on Testlab.
  • Make sure the iso you have down loaded is in the new VM DVD drive and start up the machine.
  • The iso is known as the live iso and will not install by default.  Login in using the default credentials (username= vyatta , password = vyatta) and run the following commands:

Select all defaults until you get to the following section, where you change the option to yes “Would you like to set up config files to prepare for the conversion to PV domU? [No]: ” yes

Following the install I run the commit and save commands then shutdown .

  • At reboot you will now want to install the Xen tools.  To do this make sure the xen tools iso is in the VM DVD Drive, login in and and execute the following commands:


sudo mount /dev/cdrom /mnt

ls /mnt/Linux

sudo dpkg -i /mnt/Linux/xe-guest-utilities_6.0.0-743_i386.deb

sudo umount /dev/cdrm /mnt




  • Restart the VM and login to the console.  you can now add IP addresses to the interfaces and a static route so your test lab machines can access you home router and out to the Internet.  I have also set a static route on my home router so it can get back to the testlab VLAN.  I have listed examples of commands that you may find useful below:
Adding an IP address
set interfaces ethernet eth0 address <IP address/subnet e.g.
Adding a route
set protocols static route <Network address/subnet e.g.> next-hop <IP address e.g.>