Thursday, September 26, 2013

Citrix Storefront and HTML 5 Receiver using ALTADDR (not secure!)

This article is just for reference and is not a recommended solution!

 

I needed to setup a quick and dirty solution to get some colleagues access to an application published using Citrix XenApp for the purpose of demonstrating performance.

 

The three key components were, XenApp server, StoreFront server and the HTML 5 receiver.

 

I unfortunately did not have the time or resources to setup and configured a Netscaler or Access Gateway (hence the quick and dirty approach).

 

I’ll stick a disclaimer at the top “This is in no way secure and I always recommend using a combination of  Netscalers/Access Gateway and SSL certificates for any kind of public facing XenApp solution!”.

For the purpose of my “quick and dirty solution”, I’ve restricted access to a set of specific set of source IP addresses.

 

This also assume you have two public IP addresses assigned, one for the Storefront server and one for the XenApp server.

You’ll also need to configure firewall rules to allow inbound connections to the XenApp NAT using the WebSockets port configured within the XenApp policies. (default is 8008)

 

 

So, armed with NAT and a few configuration tweaks, I was able to publish my Citrix Storefront and allow my colleagues to access the published application using the Citrix HTML 5 receiver, here is how.

 

 

1.       Enable Alternate Addressing on the storefront server…

a.       Browse to the C:\InetPub\wwwroot\citrix\<storefront> folder.

b.      Open the web.config file.

c.       Find the “alternateAddress=”off” section and change it to “alternateAddress=”on”.

d.      Save and close the file.

e.      From the command prompt, run IISRESET

 

 

2.       On the XenApp server, open up a command prompt and run.

a.       ALTADDR /set nnn.nnn.nnn.nnn (where N is the public IP address that NATs to the private IP of the XenApp server)

b.      Reboot the server.

c.       Run ALTADDR /v to confirm the Alternate Address has taken.

 

3.       Login to your storefront service, launch click on the application icon and he presto, the application launches.

Tuesday, September 10, 2013

Preparing XenApp Servers for image (AMIs, Provisioning services etc

Open up the XenApp Role Manager from the start men....

http://infrastructureguy.files.wordpress.com/2013/04/xenapp-server-clone-1.gif

Choose Edit configuration and then select the option "prepare this server for imaging..."



http://infrastructureguy.files.wordpress.com/2013/04/xenapp-server-clone-2.gif

You can remove the current server from the farm but checking the box, or remove the check to leave the existing server in the farm.


Thursday, September 05, 2013

Enable Access Based Enumeration Server 2012

I have a Windows Server 2012 file server hosting home directories for a large number of users.

Even though I have a NTFS access lists preventing users from accessing other users folders, I don't really want users from even being able to see each other top level folders.

Enter Access Based Enumeration. Easy to enable and gives everyone that nice warm fuzzy feeling that everything is even more secure than it was before.

1. Open Server Manager.

'

2. Click on File and Storage Services.


3. Choose Shares from the left hand menu.


4. Pick a share, right click and choose properties from the context menu.


5. Check the box for "Enable access-based enumeration".

Hey presto, job done.

Onwards and upwards.....

Tuesday, September 03, 2013

Using AWS Micro Instances to test my RDS Application: Part 1

·         Launch a t1.micro instance using an Ubuntu AMI

 

·         Connect to the instance via SSH using the associated private key (remembering to append “ubuntu@” to the start of the instance IP if you’re using putty or some other terminal tool.

 

·         Run sudo apt-get update

 

·         Run sudo apt-get install vnc4server

 

·         Run vncserver :0

 

·         Set a password for your VNC connection

 

·         Edit the xstartup file within ~/.vnc/ folder, remove the last couple of lines and add in a line for gnome-session&

 

·         Should look a bit like this…

 

#!/bin/sh

 

# Uncomment the following two lines for normal desktop:

# unset SESSION_MANAGER

# exec /etc/X11/xinit/xinitrc

 

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

xsetroot -solid grey

vncconfig -iconic &

gnome-session&

 

·         Next run sudo nano /etc/init.d/vncserver

 

·         Within the nano within paste the following: (remember to modify the USER variable to be the name of your current user, note the DISPLAY variable, this is the port number / session ID)

 

#!/bin/sh -e

### BEGIN INIT INFO

# Provides:          vncserver

# Required-Start:    networking

# Default-Start:     3 4 5

# Default-Stop:      0 6

### END INIT INFO

 

PATH="$PATH:/usr/X11R6/bin/"

 

# The Username:Group that will run VNC

export USER="ubuntu"

#${RUNAS}

 

# The display that VNC will use

DISPLAY="1"

 

# Color depth (between 8 and 32)

DEPTH="16"

 

# The Desktop geometry to use.

#GEOMETRY="<WIDTH>x<HEIGHT>"

#GEOMETRY="800x600"

GEOMETRY="1024x768"

#GEOMETRY="1280x1024"

 

# The name that the VNC Desktop will have.

NAME="my-vnc-server"

 

OPTIONS="-name ${NAME} -depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY}"

 

. /lib/lsb/init-functions

 

case "$1" in

start)

log_action_begin_msg "Starting vncserver for user '${USER}' on localhost:${DISPLAY}"

su ${USER} -c "/usr/bin/vncserver ${OPTIONS}"

;;

 

stop)

log_action_begin_msg "Stoping vncserver for user '${USER}' on localhost:${DISPLAY}"

su ${USER} -c "/usr/bin/vncserver -kill :${DISPLAY}"

;;

 

restart)

$0 stop

$0 start

;;

esac

 

exit 0

 

·         Press CTRL + X and save the file

 

·         Run “sudo update-rc. /etc/init.d/vncserver defaults”

 

·         Reboot by running “sudo reboot”

 

·         Launch VNC viewer enter the IP address followed by the “:1” or whatever port your chose.

 

·         Hit Connect and you should be logged in.

 

A little about Me

My photo
My name is Mitch Beaumont and I've been a technology professional since 1999. I began my career working as a desk-side support engineer for a medical devices company in a small town in the middle of England (Ashby De La Zouch). I then joined IBM Global Services where I began specialising in customer projects which were based on and around Citrix technologies. Following a couple of very enjoyable years with IBM I relocated to London to work as a system operations engineer for a large law firm where I responsible for the day to day operations and development of the firms global Citrix infrastructure. In 2006 I was offered a position in Sydney, Australia. Since then I've had the privilege of working for and with a number of companies in various technology roles including as a Solutions Architect and Technical team leader.