Citrix Branch Repeater VPX Licensing Tutorial

I recently implemented both the new Citrix Access Gateway (CAG) VPX and the Branch Repeater VPX within our development lab. Both are “virtual appliances” designed to run directly on a XenServer host. Both are impressive products and work great – in fact, we can use “live motion” to move the CAG between XenServers while running video in a XenDesktop session with not even a pause in the video playback. The CAG moves with no interruption in service. NONE!

But this isn’t just a post to sing the praises of the virtual appliances. Rather, it’s about LICENSING!!! Specifically, licensing the Branch Repeater VPX.

As with many Citrix products, obtaining the license and getting it properly installed is not necessarily easy and intuitive…and in many cases (particularly with new products), we’ve found that the Citrix licensing support team does not know all the ins and outs of licensing a specific product either. That is not intended as a slam on this team. They do the best they can – but Citrix is a big company now, and sometimes it takes a while for information on new products to filter down to the front-line troops. In this case they worked with me for quite some time until we got this figured out (so there is at least one guy on the Citrix support team who now knows how this works).

So…now that I’ve gone through the pain, I thought I’d try to spare you from it if I can. (You’re welcome.)

One complication you’ll encounter is that, depending upon what you’re attempting to accomplish, these appliances may require one license or two. For example, with the CAG, if you are only going to use it for running secured sessions to a web interface (the equivalent of the legacy Citrix Secure Gateway) then you only need a “platform license.” However, if you also plan to run SSL VPN sessions though the CAG, you will need Access Gateway Universal licenses for your users, which will be rolled into a second license file.

Access Gateway licensing isn’t new and it’s pretty well understood. But what about the Branch Repeater? Just as with the CAG, the Branch Repeater may require one license or two, depending upon the functionality you need. If you are going to use the Branch Repeater VPX to connect to another (physical or virtual) Branch Repeater then you only need a platform license. However, if you want to take advantage of its ability to support client PCs that use the Branch Repeater Plug-in, you will need a second license to enable that feature. So we finally come to the topic of this post: how do you get the license file(s) onto your new Branch Repeater VPX?

First, you must log onto the “MyCitrix” web site with your account credentials, and access the Licensing Tool Box to activate and allocate the license. That part of the process is well documented, and if you’re a Citrix customer, you’ve probably done it at least once. The tricky part is what you have to do to download the VPX license file, what you need to enter in the Repeater itself, where to put it, and what you should see.

Here’s what we learned (NOTE: Click on any graphic to view full-sized):

  1. On the Branch Repeater VPX Web-based management interface, access the “Manage Licenses” screen, and in the right panel, choose “local” as shown below, and click the “Apply” button.
    License Server Configuration

    License Server Configuration

  2. Then click on the “License Information” tab and you will see something similar to this next image. What you will need from this screen is the “Local License Server Host Id:” Write down this information – you will need it in the next step.
    Information Used for License Management

    Information Used for License Management

  3. Now you can download the license file from your “MyCitrix” portal. Save it to your PC, and make a note of where you saved it. As part of the process of downloading the license, you must enter the license server ID. Traditionally, you would enter the name of the Citrix license server in this field (and it was case-sensitive, which tripped up a lot of users). But in this case, the system is expecting the MAC address of the Branch Repeater VPX itself…which is what you just copied in Step 2. Another difference is that in the past the License Server Host Type was always set to “HostName.” However, there is now a drop down box with a second choice, “ETHERNET.” For the Branch Repeater VPX, you want to select “ETHERNET,” and then enter the host id that you wrote down in Step 2:
    Downloading the License File from MyCitrix

    Downloading the License File from MyCitrix

    In case you’re wondering, the MAC address we’re using is the address of the first interface on the Branch Repeater VPX, as displayed in XenCenter. If you want to find it in XenCenter click on the VM in the left column and then select the Network tab in the right window and you should see it there:
    XenCenter Display

    XenCenter Display

  4. Now that you have your license downloaded to your local PC, you need to add it to your Branch Repeater. Access the “Local Licenses” tab and click the Add button (note that you will not see all the content in the window as shown here until you’ve added your license):
    Local Licenses Display

    Local Licenses Display

    After you click Add, this screen will appear and you will need to browse to the location where you saved your license file, and click the “Install” button:
    Add License

    Add License

    Now the “Local Licenses” tab should be populated with content:
    Local Licenses Display

    Local Licenses Display

    Next, go to the “Licensed Features” tab. You should see your features listed as shown below:
    Licensed Features

    Licensed Features

  5. As mentioned earlier, if you plan to support client PCs that have the Branch Repeater Plug-in, you will need another license to enable this feature. Once again you will need to go to your MyCitrix portal and follow the same procedure as you did for your platform license to obtain the Plug-in license. Once you have the Plug-in license you will need to add it to the Virtual Appliance in the same manner as you added the platform license. Once that’s done, if you click the down arrow under “Local Licenses” you will see both licenses:
    Manage Licenses Screen

    Manage Licenses Screen

    Finally, if you click the “Licensed Features” tab, both licenses should show up with the number of licenses available:
    Licensed Features

    Licensed Features

This should be all you need to get the Branch Repeater VPX licensed. Now you just need to get it configured correctly… but that’s another blog post.

Looking For the Citrix Acceleration Client for Win 7?

We’ve been working with the new Branch Repeater VPX virtual appliance, which supports the Branch Repeater client plug-in (unlike the hardware Branch Repeater appliances).

Since Moose Logic is a Microsoft Gold Partner, and we like to keep up with the latest releases, most of us have been running Windows 7 for a while now. But when we went looking for a Win7-compatible Branch Repeater plug-in for the Citrix Receiver, we had a tough time finding it.

It does exist, though, and now that we’ve tracked it down, we though we’d share with you just where it’s hiding in case you’ve been searching too.

The first thing to note is that, when you go to the Citrix download site, and search for downloads by product, you will see that the “Citrix Branch Repeater” and the “Citrix Repeater (formerly WANScaler)” are listed separately – and, since products are listed in alphabetical order, they’re quite a ways apart in the list (click on graphic to view full-size):

Downloads by Product

Downloads by Product

If you choose “Citrix Branch Repeater,” which is what we initially did, since we were working with the Branch Repeater VPX, the latest plug-in you will see listed is v5.0.34, which is not Win7-compatible:


So the secret is to choose “Citrix Repeater (formerly WANScaler)” from the product selection drop-down. Then you’ll see several later versions of the plug-in, including v5.5.2, which is Win7-compatible:


Oh, and if anyone from Citrix is reading this: Please – just get rid of the plug-ins listed under “Citrix Branch Repeater,” or, better yet, either have a redirect, or a line that says “Please see ‘Citrix Repeater (formerly WANScaler)’ for Branch Repeater plug-ins.” It will make life much simpler for everyone. Thank you.

Scareware, Ransomware, and How to Avoid It

There’s a new piece of malware going around that falls into the “ransomware” category. This one locks down the user’s desktop, and displays a message warning that copyrighted content has been detected on the PC. It then attempts to extort $400 from the user as a “copyright holder’s fine,” while emphasizing that “the maximum penalties can be five years in prison and up to $250,000 in fines.” You can read more about this particular piece of malware in Dancho Danchev’s blog post over on ZDnet.

According to an earlier post by the same author last September, “scareware” and “ransomware,” have emerged as “the single most profitable monetization strategy for cybercriminals to take advantage of.” In general terms, scareware usually takes the form of fake security software – like the infamous “Antivirus 2008.” It is spread almost entirely through “social engineering” tactics that attempt to entice you to visit a compromised Web site. It attempts to trick you into believing that your computer is already infected with malware (or has some other problem, like the fake copyright violation angle), and that purchasing the fake security application or otherwise giving them money will solve the problem.

Some of this malware will prevent your legitimate security software from loading, and from being updated. Some will also attempt to prevent you from running system tools or third-party security applications, which makes it even more difficult to get rid of. Some even encrypt your files and attempt to extort money from you in order to decrypt them.

Needless to say, this is an extremely dangerous, and insidious, form of malware, and one that you want to avoid at all costs. To that end, I highly recommend Danchev’s September post, entitled “The ultimate guide to scareware protection.” It will help you understand what it is, how to recognize it, how it attempts to reach you, and how to avoid it, and provides a helpful gallery of images of many of the variants so you can spot them if they happen to pop up.

Blog Authoring tool Verdict

This is my second test of a Blog Authoring tool or as this one is called a “Blog Entry Poster” for the Linux Gnome Desktop Environment. This post is uploaded to our WordPress blog site using Gnome Blog Entry Poster on a Sabayon Linux machine.

I have only tried two Blog Authoring tools, and so far I like them both. Windows Live Writer is a fine product with a nice array of features and Gnome Blog Entry Writer is a simple app that lives in the Panel on my Sabayon Linux desktop. It’s spartan (or better yet it “has a simple elegance!”), but it does at least have a spell checker, the single most important feature I would say! Both of these applications make it easy to send off a blog post from my desktop and are a breeze to use!

How’s this thing work? or….. What can i do for a half hour while i wait for the next mini project to start!

Today I am looking for ways to use technology to improve my life!  Actually now that I think of it I do that most every day!  I find that if I provide myself the right working environment, so that I enjoy working on something, then the whole process is improved, AND I have more fun doing it! 

It might sound like i am trying to justify going out and buying an iPad, but actually I am happy to simply download a free app and save my money!  Besides I have a lovely tablet that I have been using for five years. In fact it has been the only thing that made my MAC friends envious! 

Several years ago after several family events where the topic seemed always switch to “look how cool my new MAC is”, I pulled out my Motion Tablet and started writing on the screen and as they looked on my handwriting turned to text and the same thing happened when I started speaking to it.  They were like “Dang you can do that with WinDOZE and i was like “Nah, this is x64-Vista baby!”. 

So today I went searching for Blog Authoring Tools and here is my first test.  I am writing this blog entry today using Windows Live Writer, and so far, I am reasonably impressed and the fun level is pretty good. 

My next endeavor if I have time before my XENServer 5.0 to 5.5 Upgrade this evening is to try a a Blog Authoring tool on one of my Linux Desktops.    (Testing one two three……..) 

I Can’t Wait for XenClient!

First, a mea culpa: Yesterday I was in a customer meeting, and brought up the subject of the soon-to-be-released XenClient. I told the customer that if they wanted to see some really cool “Citrix TV” videos of what it could do, they should just come to this blog site, because I’d linked to them here. When I got back to the office, I started feeling insecure about that, and found that, sure enough, I hadn’t linked them here…I had linked to them on our Facebook fan page. Oops. But I decided that I probably should link them here because they’ll be easier to find. Hence this post.

I think I’m looking forward to the XenClient content at next month’s Citrix Summit/Synergy events in San Francisco more than I am to any other aspect of the conferences. In my opinion, this could prove to be the “killer app” that drives a lot of VDI. Why? Because of the constant struggle over locking down the desktop OS.

If you talk to anyone who has to manage desktop PCs, you will nearly always find that this is one of their biggest pain points. They want to lock down the desktop…but when they do, they end up with an upper-level manager in their faces because s/he can’t install iTunes. Or they find out that there’s one critical line-of-business application that’s so poorly written that users have to have local admin rights for it to work properly. So they back down and grant some level of local admin rights, and what happens? The users break the desktops (or worse, they let malware into the network). Then the poor admin has to fix them.

But just ask them, “What if you could have two desktops running side by side: one business desktop that’s completely locked down, and a personal desktop that the users can do whatever they want with? They can hotkey back and forth between them, and if they break their personal desktop, you can just wipe it and push out a fresh one.” Then watch their eyes light up as they consider the possibilities!

So…consider the possibilities as you watch the videos below. (They’re all fairly short, and worth your time, I promise.) First, a brief overview of the concept:

Client-side virtualization involves challenges that really aren’t an issue for server virtualization, like how to arbitrate access to high-performance graphics adapters. Here’s a demonstration of the “HDX” high-definition video performance of XenClient:

This video demonstrates the concept of hotkeying between business and personal desktops:

Finally, check out this demonstration of “Secure Application Sharing.” It shows how you can not only present, on the personal desktop, an application that’s actually running on the business desktop, but also have it protected such that even if the personal desktop has been compromised with a keylogger, that keylogger is unable to capture information that’s typed into the window that’s displaying the secure application. Pretty cool.

I’m sure we’ll have a lot more to say about XenClient after Synergy, but hopefully this will whet your appetite!

Yet Another Article About Apples New iPad…Kinda

Before I get too far into this post there are two things that I must disclose.

  1. I’m a PC
  2. I have not been one of the lucky bloggers out there that has received a free iPad to review, so I have never actually played around with one.

As of right now I have no intention of buying an iPad. That’s not to say I will never own one or that I am not interested in trying it out, but the fact of the matter is that despite all the great toys that Apple makes, they still don’t like to share with the other kids.  I simply don’t like the idea of being in technology lockdown.  Apple holds strong to its closed proprietary control over all things Apple. This has been slightly improved with third party apps, but again your app’s fate is still left to Apple to decide. The more popular Apple devices become, the more and more I hear “I would love to not use Apple but the iPod/(iPhone) is the best  portable media device/(phone) available.”  So, in exchange for locking you in, Apple has been able to connect with consumers on a whole new level and create some of the best user experiences.  But that doesn’t mean I like being locked in.

Will the iPad be a technology hit and another win for Mr. Jobs? I don’t know.  Weak prediction, I know. Yet I do think that this is a big step forward as far as how we, the consumers, want to access technology. One need only to look at the growing number of internet capable devices. Facebook’s popularity has surpassed Google and porn. Conversations are starting with “Do you follow <insert screen name here>?” Clearly we want to be “connected” and smart phones and netbooks have given us this ability. We have opened Pandora ’s  Box wirelessly and there is no going back.

If you have yet to use an iPhone or iTouch you don’t know what you’re missing. Multi-touch interaction is awesome. Now some of you out there are saying, “My smart phone with Windows mobile has a touch screen, so what?” To which I say, “Would you rather drive a Ferrari or a Kia on the autobahn?” (side note:  this is not to say that Kia does not make a fine automobile, it’s just…it’s a frakin’ Ferrari people!).  The secret sauce is the user experience. It’s simple, it’s clear, it’s easy, some might even argue that it is dumbed down a bit, but most of all it’s fun to use. Video sharing on YouTube, Facebook status changes, Twitter updates, ESPN RSS feeds, or just surfing Craigslist are just some of the ways end users are trying to add fun to their boring workday. Fun sells!

Then there is the growing remote workforce. It is becoming less and less necessary for employers to provide a physical workstation to its employees. Companies like Citrix are starting to move to a BYOC (Bring Your Own Computer) program and simply provide a remote desktop to its users (read more of the blog or contact us to learn how this is done). More and more, the hardware we use for work is becoming the device we use for personal stuff. The line is getting blurred and devices that are coming out today need to be able to bring our work and personal lives together on a single device.

I am all for trying to keep the two separate and maintain a healthy balance between them, yet this is the exact reason they should be on the same device. Access your files from the gym or local coffee shop. Update your Twitter feed or look at family pictures on a cross country business trip. As the business world becomes smaller it is becoming difficult for us to disconnect from our jobs even while driving (and please use a hands free device if you do indeed do business from your car – and for your children’s sake, lay off the email and text messaging…a big traffic ticket is the least you’re risking).

Unfortunately, as consumers are becoming connected and getting used to doing business from anywhere, it forces businesses, and therefore their employees, to be on call. The demand for quick response has grown as more and more information is available to anyone, anytime, and at their finger tips. There is no longer a gatekeeper to information.  If you are trying to grow your business and be a leader while still maintaining a nine to five model, you are fighting a losing battle.  We already see how individuals have started to embrace the always-on mentality. They have found the freedom to work when and where they want while accomplishing their own personal goals.  (This of course is not an overnight switch and there will always be jobs that will never be able to offer this offsite option.)

So the biggest news to me is not the iPad release but rather the shift in what consumers want/expect from technology and the fact that we are getting closer to that.  Always connected, easy to use, and can help me work and play from anywhere. The iPad’s fate is one that time will tell but I don’t really see its business application so I’ll pass for now.  (And, yes, I know that you can run the Citrix Receiver on your iPad and connect to a XenDesktop or XenApp farm.  But you can also do that from a netbook that can also do stuff that today’s iPad can’t do.)

XenApp 6 Worker Groups

In case you missed the announcement, about a month ago, Citrix announced the release of XenApp 6. This is the version of XenApp that will run on Windows Server 2008 R2 – but there are also a lot of features in XenApp 6 that will make your life a lot simpler if you have to manage a XenApp farm. One of those is the concept of “worker groups.”

Over the years, Citrix has added the ability to control more and more XenApp features through policy settings – either through Active Directory Group Policies or through Citrix policies. But some things were still fairly tedious to manage.

For example, when you published an application on your XenApp farm, the information of which servers that application was published on was part of the application properties. If you had a set of applications published on a set of servers, and you wanted to add (or remove) a server from that set, you had to edit the properties of each application in the application set.

With XenApp 6 on Server 2008 R2, you can now create a new AD container called a “worker group.” Settings like computer policies, load balancing policies, and even which applications are published can be set on the worker group, and will be automatically inherited by any server that is added to that group. This literally makes it possible to fully configure a new XenApp server and add it to the farm without even opening the XenApp management console! (And, of course, if you’re using application streaming to deliver the applications to the designated XenApp servers, you don’t have to install those applications – simply assign them to the worker group, and they will be streamed to any server that is part of, or added to, that worker group.)

For a better understanding of how this works, take a look at this “Citrix TV” video by Leo Singleton:

Citrix Buys Microsoft

In a move that stunned the virtualization industry today, Citrix struck a deal to acquire Microsoft Corporation for a price tag rumored to be close to $300 Billion. When questioned about the deal, Citrix CEO Mark Templeton reportedly said, “It seems like every six months or so another rumor surfaces about Microsoft buying Citrix. I just got sick of dealing with that, and decided to end it once and for all by buying them.

Templeton is expected to take over as President and CEO of the combined corporation, while Microsoft’s Steve Ballmer is expected to head up a newly formed multi-level marketing division. An anonymous source within Microsoft commented, “Have you ever seen Ballmer on stage? Heck, he makes those Amway cheerleaders sound like Linus Torvalds on qualudes!” The two companies’ partner programs are expected to transition to a multi-level model. For example, Citrix Silver Partners will now purchase products from Gold Partners, who will in turn purchase products from Platinum Partners. A similar transition will take place within the existing Microsoft channel with their Registered, Certified, and Gold Certified partners.

Rumors continue to swirl over how Citrix, with a total market capitalization of less than $8 billion, could finance a takeover of a company more than 30 times larger than itself. One industry analyst, speaking strictly off the record, said “Hey, they are in South Florida after all. I’m just sayin’.”

Another possible driver for the deal is the lingering bitterness over the 1997 transition from WinFrame, which was a fully functional Windows server with remote access functionality built in, to the dual products of NT Server, Terminal Server Edition, sold by Microsoft, and MetaFrame, sold by Citrix – a situation that persists to this day with XenApp v6 being sold as an enhancement to Windows Server 2008 R2. “It’s about time,” Templeton reportedly said, “that the two products became one again.”

One thing is certain – this year’s Citrix Synergy conference will be the most interesting in years!