Product Documentation

Network components

This article describes the tasks necessary to carry out to manage the network components within your streaming implementation.

Preparing network switches

Network switches provide more bandwidth to each target device and are very common in networks with large groups of users. The use of Citrix Provisioning in the network may require changes to switch configurations. When planning an implementation, give special consideration to managed switches.

Note:

For Citrix Provisioning networks, you must specify all network switch ports to which target devices are connected as edge-ports.

Managed switches usually offer loop detection software. This software turns off a port until the switch is certain the new connection does not create a loop in the network. While important and useful, the delay this causes prevents your target devices from successfully performing a PXE boot.

This problem manifests itself in one of the following ways:

  • Target device (not Windows) login fails.
  • Target device appears to hang during the boot process.
  • Target device appears to hang during the shutdown process.

To avoid this problem, you must disable the loop detection function on the ports to which your target devices are connected. To do this, specify all ports to which target devices are connected as edge-ports. This has the same effect as enabling the fast link feature in older switches (disables loop detection).

Note:

A network speed of at least 100MB is highly recommended. If using a 10MB hub, check whether your network card allows you to turn off auto-negotiation. This can resolve potential connection problems.

Switch manufacturers

This feature is given different names by different switch manufacturers. For example:

  • Cisco; PortFast, STP Fast Link or switch port mode access
  • Dell; Spanning Tree Fastlink
  • Foundry; Fast Port
  • 3COM; Fast Start

Using UNC names

A Universal Naming Convention (UNC) format name defines the location of files and other resources that exist on a network. UNC provides a format so that each shared resource can be identified with a unique address. UNC is supported by Windows and many network operating systems (NOSs).

With Citrix Provisioning, UNC format names can be used to specify the location of the OS Streaming database for all Provisioning Servers, and to specify the location of a particular vDisk.

Syntax

UNC names must conform to the \SERVERNAME\SHARENAME syntax, where SERVERNAME is the name of the Provisioning Server and SHARENAME is the name of the shared resource.

UNC names of directories or files can also include the directory path under the share name, with the following syntax:

\SERVERNAME\SHARENAME\DIRECTORY\FILENAME

For example, to define the folder that contains your configuration database file in the following directory:

C:\Program Files\Citrix\Provisioning Services

On the shared Provisioning Server (server1), enter:

\server1\Provisioning Services

Note:

UNC names do not require that a resource be a network share. UNC can also be used to specify a local storage for use by only a local machine.

Accessing a remote network share

To access a remote network share using a UNC format name, the Stream Service must have a user account name and password on the remote system.

To use a UNC name to access a remote network share:

  1. On the Provisioning Server, create a user account under which the Stream Service will run. This account must have a password assigned, otherwise the Stream Service will not be able to log in correctly. Your Stream Service can share the same user account and password, or separate user accounts and passwords can be set up for each service.
  2. Share the vDisk and configuration database folders. In Windows Explorer, right-click on the folder, then select Properties. Click the Sharing tab, then select the Share this folder radio button. Enter or select a Share name.
  3. Make sure permissions are set to allow full control of all files in the vDisk folder and database folder. Click the Permissions button on the Sharing tab, or click the Security tab, then set the correct permissions.
  4. For the Stream Service:
    • Go to Control Panel > Computer Management > Component Services, right click on the Stream Service, and select Properties.
    • Click the Log On tab. Change the Log on as: setting to This Account, and set up the service to login to the user and password configured in Step 1.
  5. Verify that all Stream Services are restarted. The Configuration Wizard does this automatically. Stream Services can also be started from the Console or from the Control Panel.

Note:

Do not use a mapped drive letter to represent the vDisk or database location directories when configuring Stream Services. The Stream Service cannot access folders using a mapped drive letter for the directory, because the mapped drives do not exist when the services start at boot time.

Reducing network utilization

Windows provides several features that presume the use of a large, fast hard-disk. While many of these features can also be useful on a diskless system where the disk is actually on the network, using them decreases cache effectiveness and thereby increases network utilization. In an environment that is sensitive to network utilization, consider reducing the effect of these features by disabling them or adjusting their properties.

In particular, offline folders are not useful on a diskless system and can be detrimental to the performance of Windows on a diskless system. Offline folders cache network files — a feature that is not applicable to a system where all files are on the network.

All of these features are configurable through the target device itself. The following features are configurable in the Windows Group Policy.

  • Offline Folders
  • Event Logs

Configure Windows features on a standard vDisk

  1. Prepare a Standard Image vDisk for configuration.
    • Shut down all target devices that use the Standard Image vDisk.
    • From the Console, change the Disk Access Mode to Private Image.
    • Boot one target device.
  2. Configure one or more features.
  3. Prepare the Standard Image vDisk for use
    • Shut down the target device previously used to configure the vDisk.
    • From the Console, change the Disk Access Mode to Standard Image.
    • Boot one or more target devices.

Configure the recycle bin

If you disable the recycle bin, files are deleted immediately. Consequently, the file system reuses respective disk sectors and cache entries sooner.

To configure the recycle bin:

  1. From the target device, or Windows Explorer, right-click the Recycle Bin.
  2. Select Properties.
  3. Select Global.
  4. Select from the following settings:
    • Use one setting for all drives
    • Do not move files to the Recycle Bin. Remove files immediately when deleted.

Configure offline folders

Disabling offline folders is strongly recommended to prevent Windows from caching network files on its local disk – a feature with no benefit to a diskless system. Configure this feature from the target device or using Windows Group Policy.

To configure from the target device:

  1. Open Windows Explorer.
  2. Select Tools > Folder Options.
  3. Select Offline Folders.
  4. Uncheck Enable Offline Folders.

To configure using the Windows Group Policy:

On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following objects and their associated configuration, administration templates, network or offline files.

  • Policy setting object: Disable user configuration of offline files (Enabled)
  • Policy setting object: Synchronize all offline files before logging off (Disabled)
  • Policy setting object: Prevent use of the Offline Files folder (Enabled)

Configure event logs

Reduce the maximum size of the Application, Security, and System logs. Configure this feature using the target device or Windows Group Policy.

To configure event logs, on the target device:

  1. Select Start > Settings > Control Panel.
  2. Open Administrative Tools > Event Viewer.
  3. Open the properties for each log.
  4. Set the Maximum log size to a relatively low value. Consider 512 kilobytes.

To configure using the Windows Group Policy:

On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following object:

  • Policy setting: Policy Maximum Application Log Size. Relatively low value. Consider 512 kilobytes.
  • Policy setting: Policy Maximum Application Log Size. Relatively low value. Consider 512 kilobytes.
  • Policy setting: Policy Maximum Application Log Size. Relatively low value. Consider 512 kilobytes.

Disable Windows automatic updates

If you have the Windows automatic updates service running on your target device, Windows periodically checks a Microsoft web site and looks for security patches and system updates. If it finds updates that have not been installed, it attempts to download them and install them automatically. Normally, this is a useful feature for keeping your system up-to-date. However, in a Provisioning Services implementation using Standard Image mode, this feature can decrease performance, or even cause more severe problems. This is because the Windows automatic updates service downloads programs that fill the write cache. When using the target device’s RAM cache, filling the write cache can cause your target devices to stop responding.

Re-booting the target device clears both the target device and Provisioning Services write cache. Doing this after an auto-update means that the automatic update changes are lost, which defeats the purpose of running automatic updates. (To make Windows updates permanent, you must apply them to a vDisk while it is in Private Image mode, as described below).

To prevent filling your write cache, disable the Windows Automatic Updates service for the target device used to build the vDisk.

To disable the Windows automatic updates feature:

  1. Select Start > Settings > Control Panel > Administrative Tools.
  2. Select System.
  3. Click the Automatic Updates tab.
  4. Select the Turn Off Automatic Updates radio button.
  5. Click Apply.
  6. Click OK.
  7. Select Services.
  8. Double-click the Automatic Updates service.
  9. Change the Startup Type by selecting Disabled from the drop-down list.
  10. If the Automatic Updates service is running, click the Stop button to stop the service.
  11. Click OK to save your changes.

To make Windows updates permanent:

  1. Shut down all target devices that share the vDisk.
  2. Change the vDisk mode to Private image.
  3. Boot one target device from that vDisk.
  4. Apply Windows updates.
  5. Shut down the target device.
  6. Change vDisk mode to Standard image.
  7. Boot all target devices that share this vDisk.

Managing roaming user profiles

A Roaming User Profile is a user profile that resides on a network share. It consists of files and folders containing the user’s personal settings and documents. When a user logs on to a target device system in the domain, Windows copies the respective profile from a network share to the target device’s disk. When the user logs off, Windows synchronizes the user profile on the target device’s hard disk with the user profile on the network share.

For a diskless target device, its disk is actually a vDisk residing in shared storage. Consequently, the profile returns back to the shared storage containing the vDisk. Since the persistent user data always resides on shared storage, Windows does not need to download the profile. This saves time, network bandwidth, and file cache. Since some of the files included in the profile can grow very large, the savings can be significant.

Using Roaming User Profiles with diskless systems involves configuring relevant policies and using Folder Redirection.

Although unrelated to Roaming User Profiles, the Offline Folders feature affects diskless systems similarly. Disabling this feature avoids the same effects.

On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following objects.

Configuring roaming user profiles

Configuring Roaming User Profiles for diskless systems enables roaming without having to download potentially large files in the profile.

On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the following objects.

To prevent the accumulation of Roaming User Profiles on a vDisk:

Object Computer configuration\Administrative templates\System\Logon
Policy Delete cached copies of roaming profiles.
Setting Enabled

To exclude directories with potentially large files from download:

Object User configuration\Administrative templates\System\Logon, Logoff
Policy Exclude directories in roaming profile
Setting Enabled
Properties Prevent the following directories from roaming with the profile: Application Data; Desktop; My Documents; Start Menu.

Configure folder redirection with roaming user profiles

Using Folder Redirection with Roaming User Profiles and diskless systems retains the availability of user documents.

On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the objects that follow.

To configure folder redirection:

  1. Create a network share (\ServerName\ShareName) to contain the redirected user folders.
  2. Give Full Control permission to everyone for the network share.
  3. Enable Folder Redirection.
Object Configuration\Administrative templates\System\Group policy
Policy Folder Redirection policy processing
Setting Enabled

Redirect the Application Data folder.

Object Users configuration\Windows settings\Folder redirection\Application data
Properties Basic or Advanced. Target folder location: \ServerName\ShareName\%username%\Application Data

Redirect the desktop folder.

Object Users configuration\Windows settings\Folder redirection\Desktop
Properties Basic or Advanced. Target folder location: \ServerName\ShareName\%username%\Desktop

Redirect the My Documents folder.

Object Users configuration\Windows settings\Folder redirection\Desktop
Properties Basic or Advanced. Target folder location: \ServerName\ShareName\%username%\My Documents

Redirect the Start Menu folder.

Object Users configuration\Windows settings\Folder redirection\Desktop
Properties Basic or Advanced. Target folder location: \ServerName\ShareName\%username%\Start Menu

Disable offline folders

Disabling Offline Folders avoids the unnecessary caching of files on diskless systems with network shares.

On the domain controller, use the Microsoft Management Console with the Group Policy snap-in to configure the domain policies for the object that follows.

To disable offline folders:

Object Users configuration\Windows settings\Folder redirection\Desktop
Policy setting Disable user configuration of Offline Files (Enabled).
Policy setting Synchronize all Offline Files before logging off (Disabled).
Policy setting Prevent user of Offline Files folder (Enabled).

Booting through a router

You can boot target devices through a network router. This allows the Provisioning Server to exist on a different subnet from the target device. Since conditions vary from customer to customer, adjustments may be needed for different network configurations.

The configuration shown in the diagram below separates the Provisioning Server from the target device by using a Windows 2000 Server platform acting as a router.

booting through a router

Configuring for DHCP

In this configuration, a DHCP server must be active on the local subnet (197.100.x.x) of the target device. In the configuration example above, the DHCP service is running on the same machine acting as a router between the two subnets, though it is not mandatory that the DHCP service actually runs on the router itself. This DHCP server provides the IP address and the PXE boot information to the target device.

Configure the DHCP service to provide valid IP addresses to any target device booting on the local subnet (197.100.x.x).

In order to provide the PXE boot information to the target device, configure the following options in your DHCP server :

  1. DISABLE Option 60 (Class ID)
  2. Enable Option 66 (Boot Server Host Name) – Enter the IP address of the TFTP Server. In this configuration, the value is 10.64.0.10.
  3. Enable option 67 (Boot file name) – Enter the name of the boot file. For a standard configuration, the filename is ARDBP32.bin.

Configure Provisioning Services for PXE

Using the Console, configure the bootstrap settings to use the Gateway and Subnet mask fields. These fields should reflect the gateway and subnet to be used by the target device. In this case, they are 197.100.x.x for the gateway, and 255.255.255.0 for the netmask.

Verify the TFTP service is running on the Provisioning Server.

The PXE Service on the Provisioning Server in the above configuration is not necessary since options 66 & 67 in the router’s DHCP service provide the same information to the target device. You can stop the PXE Service on the Provisioning Server if you have no target devices on the Provisioning Server subnet needing its functionality. The same is true for any DHCP service running on the Provisioning Server itself.

Running PXE and DHCP on the same computer

If PXE and DHCP are running on the same Provisioning Server, an option tag must be added to the DHCP configuration. This tag indicates to the target devices (using PXE) that the DHCP server is also the PXE boot server. Verify that option tag 60 is added to your DHCP scope. Provisioning Services setup automatically adds this tag to your scope provided that the Microsoft DHCP server is installed and configured before installing Provisioning Services. The Configuration Wizard sets-up the Tellurian DHCP Server configuration file if you use the wizard to configure Provisioning Services.

The following is an example Tellurian DHCP Server configuration file which contains the option 60 tag:

max-lease-time 120;


default-lease-time 120;


option dhcp-class-identifier "PXEClient";


subnet 192.168.4.0 netmask 255.255.255.0 {


option routers 192.168.123.1;


range 192.168.4.100 192.168.4.120;


}

Managing multiple network interface cards

Provisioning Services provides the ability to run redundant networks between the servers and the target devices. This requires that both the servers and the target devices be equipped with multiple network interface cards (NICs).

Multiple NICs on the target device may be configured into a virtual team by using Manufacturer’s NIC teaming drivers, or into a failover group using the Provisioning Services NIC failover feature.

NIC Teaming and NIC Failover features provide resilience to NIC failures that occur after the system is up and running. It is only after the OS has loaded that the actual NIC Team or NIC Failover group is established. If NIC failure occurs after being established:

  • The NIC Teaming feature allows the system to continue to function because the virtual MAC address is the same as the physical MAC address of the primary boot NIC.
  • The NIC Failover feature allows the system to continue to function because it automatically fails over to another NIC that was previously configured for this system.

When using a template with multiple NICs, Provisioning Services overwrites the network configuration of the first NIC. All the other NICs’ configurations are not changed. For a host with multiple network resources, Provisioning Services XenDesktop Setup wizard displays the network resources available to the host and allows you to select the network resource to associate with the first NIC.

Tip:

When a machine powers up, the BIOS goes through the list of available boot devices and the boot order of those devices. Boot devices can include multiple PXE-enabled NICs. Provisioning Services uses the first NIC in the list as the primary boot NIC. The primary boot NIC’s MAC address is used as the lookup key for the target device record in the database. If the primary boot NIC is not available at boot time, Provisioning Services will not be able to locate the target device record in the database (a non-primary NIC may be able to just process the PXE boot phase). Although a workaround would be to add a separate target device entry for each NIC on each system, and then maintain synchronization for all entries, it is not recommended (unless the successful startup of a system is considered as critical as the continued operation of the system that is already running).

NIC teaming

When configuring NIC teaming, consider the following requirements:

  • Provisioning Services supports Broadcom, HP branded ‘Moonshot’ Mellanox NICS and Intel NIC teaming drivers. A vDisk that is built after configuring NIC teaming can run Standard or Private Image Mode. Broadcom NIC Teaming Drivers v9.52 and 10.24b are not compatible with Provisioning Services target device drivers.
  • Teaming of multi-port network interfaces is not supported with Provisioning Services.
  • Multi-NIC is supported for XenDesktop Private virtual machine desktops. Using the wizard, Provisioning Services allows you to select the network to associate with the Provisioning Services NIC (NIC 0). The Delivery Controller provides the list of associated network resources for host connections.
  • The target device operating system must be a server-class operating system.
  • The new virtual team NIC MAC address has to match the physical NIC that performs the PXE boot.
  • Microsoft Windows Server 2012 built-in NIC teaming or OEM NIC teaming software should be installed and configured prior to the Target Device software.
  • Configure NIC teaming and verify that the selected teaming mode is expected by the application and the network topology. It should expose at least one virtual team NIC to the operating system.
  • When provisioning machines to a SCVMM server, the XenDesktop Setup wizard automatically changes the network configuration of both the first legacy NIC and the second synthetic NIC.
  • During the master target device installation process, Provisioning Services target device client drivers need to bind to the new virtual team NIC MAC address. If all physical NICs have been teamed up to a single virtual NIC, the Provisioning Services installer automatically chooses the virtual NIC silently, without prompting.
  • If changes are required, Provisioning Services Target Device software must be uninstalled before making changes to the teaming configuration, then reinstalled after changes are complete. Changes to teaming configurations on a master target device that has target device software installed, may result in unpredictable behavior.
  • When installing Provisioning Services target device software on NT6.x systems within a multi-NIC environment, all available NICs can be used. Therefore bindcfg.exe is no longer required and no longer installed with target device software.

NIC failover

A Provisioning Services target device or Provisioning Server can be configured to support failover between multiple NICs. This feature works with any NIC brand or mixture of brands. Provisioning Services supports NIC failover for vDisks in either Standard and Private Image Mode.

  • The PXE boot NIC is considered the primary target device MAC address, which is stored in the Provisioning Services database.
  • You define the failover group of NICs when you run the Provisioning Services target device installer on the Master Target Device. If the machine has more than one NIC, the user is prompted to select the NICs in which to bind. Select all the NICs that participate in NIC failover.
  • A target device will only failover to NICs that are in the same subnet as the PXE boot NIC.
  • Teaming of multi-port network interfaces is not supported with Provisioning Services.
  • In the event that the physical layer fails, such as when a network cable is disconnected, the target device fails over to the next available NIC. The failover timing is essentially instantaneous.
  • The NIC failover feature and Provisioning Services HA feature compliment each other providing network layer failover support. If a failure occurs in the higher network layer, the target device fails over to the next Provisioning Server subject to HA rules.
  • The next available NIC from the failover group is used should the NIC fail and the target device reboots. NICs must be PXE capable and PXE enabled.
  • If a virtual NIC (teamed NICs) is inserted into the failover group, the vDisk becomes limited to Private Image Mode. This is a limitation imposed by NIC teaming drivers.
  • By default, Provisioning Services automatically switches from legacy Hyper-V NICs to synthetic NICs if both exist in the same subnet. To disable the default behavior (allowing for the use of legacy HyperV NICS even if synthetic NICs exist), edit the target device’s registry settings: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BNIStack\Parameters] DisableHyperVLegacyNic”=dword:00000000
  • Load balancing is not supported in the NIC failover implementation.

Update NIC drivers

From time to time, you may need to upgrade the drivers for your network interface cards (NICs). Follow the guidelines below for upgrading NIC drivers.

Upgrade NIC drivers on target devices

To upgrade NIC drivers for target devices:

  1. Go to the target device with the original hard drive from which you made the vDisk image.
  2. Set the system BIOS to boot from the hard drive.
  3. Re-boot the target device directly from the hard drive.
  4. Un-install the target device software from this hard drive.
  5. Upgrade NIC driver as directed by the manufacturer’s instructions.
  6. Re-install the target device software on the hard drive.
  7. Re-image the hard drive to make a new vDisk image.

Note:

Do not attempt to upgrade a NIC driver on a vDisk. Do not attempt to upgrade a NIC driver on a hard disk on which the Provisioning Server is currently installed. Improperly upgrading a NIC may make the hard drive unable to boot.

Upgrade NIC drivers on a Provisioning Server

To upgrade NIC drivers on any Provisioning Server, simply follow the manufacturer instructions for upgrading NIC drivers.