How to manage clients when SEPM is enrolled for Secure Cloud device management?

I need a solution

Hi everyone,

I have a delemma — How to manage SEP clients when SEPM is enrolled for Secure Cloud device management? In this scenario the traditional items in SEPM that deal with end point clients are all grayed out.

Where does one manage those elements in the Secure Cloud portal? I mean the settings when clients are deleted? For example: delete all clients that have not conected for 90 days. If SEPM is NOT enrolled in secuire cloud all those elemnts are managable at SEPM but with the cloud enrollment they are grayed out in the SEPM console and I can’t find equivalent place on the cloud portal where I get to do it.

All that I have on the portal is a simple silder – manage devices ON or OFF? I know I can manually delete clients using the Secure Cloud portal but that is a one-by-one task. Where do I set the other biz, you know — delete all clients that have not conected for 90 days?

Thank you

0

Related:

  • No Related Posts

Manually Granting Citrix Cloud Access to Your Azure Subscription

Note: Citrix Cloud Studiocan perform all these actions automatically when using the Create new… option while adding a new Hosting Connection. Account privilege level in Azure must be Owner (not Contributor) to perform the actions listed in Step 1 and Step 4. If your Azure account role is Contributor, you might see the error “Invalid Azure Credentials” in Citrix Cloud Studio when choosing the Use Existing… option or no error but a window prompting for credentials again when using the Create New option. Only follow the steps below once you’ve confirmed the current role level for your Azure account.

Step 1: Manually creating an Azure application registration for Citrix Cloud

Define the application registration

  1. Login to your Azure Tenant

  2. Select the Azure Active Directory blade

  3. Select App Registrations

  4. Select “+ New application registration”

    User-added image

  5. Enter:

    1. Name

    2. Application Type: “Web app / API”

    3. Sign-on URL: “https://citrix.cloud.com”

  6. Select Create

    User-added image

  7. Select the App Registration from Step 4 to open its Settings

    Grant Access to the Azure API

  8. Select Required Permissions under API Access

    User-added image

  9. In the Required permissions Tab Select “Windows Azure Active Directory”

  10. Check the box “Read all users’ basic profiles”

  11. Select Save

  12. In the Required permissions Tab Select “+ Add”

  13. Choose “Select an API”

  14. Select Windows Azure Service Management API

    User-added image

  15. Select “Select”

  16. In the Enable Access tab Select “Access Azure Service Management as organization users”

    User-added image

  17. Select “Select”

  18. Select “Done”

    Create the application secret access key

  19. From the Settings tab of the App registration; select “Keys”

    1. Enter a name for this secret in “Key Description”

    2. Select a Duration from the drop down

    3. Select Save

      User-added image

  20. Copy the value of the Key (this is the secret, similar to a password you will only see once)

  21. Select the Properties

  22. Copy the Application ID of the App registration (this is similar to the username)

    User-added image

The Key and Application ID are pieces of information required to create the Host connection to Azure from Citrix Cloud.

Step 2: Manually assigning Resource permissions to the Azure App Registration for Citrix Cloud

Now that the App registration account has been created and access has been granted to the Azure API it needs to be granted permissions to resources within your Azure account.

Citrix recommends that Citrix Cloud specific subscriptions be created. This reduces the risk of worker provisioning or life cycle actions from interfering with or impacting other production systems.

The following instructions utilize the built-in Azure RBAC Roles. The instructions select the most restrictive built-in Role for a particular resource, this allows Citrix Cloud to do what it needs to for worker machine provisioning and lifecycle actions.

Selecting a Citrix Worker management model

At this point, there is a decision of how much control a customer will grant to the Citrix Cloud App registration for machine provisioning.

Citrix Managed – In this model, Citrix Cloud is in full control of Resource Group(s) during the machine provisioning process. As Resource Groups are required, Citrix Cloud will simply add more as necessary to support the additional catalogs being provisioned. This streamlines the management experience by handling these details. This also makes the Citrix administrator the sole arbiter of how many virtual machines can be deployed.

Customer Managed – In this model, an Azure Admin or Co-Admin pre-creates Resource Groups that worker machines will be provisioned in to. Citrix Cloud cannot create additional Resource Groups as necessary, this will need to be performed by an Azure Subscription Admin or Co-Admin. This will require good communication between the Citrix Administrator and Azure Administrator as the number of Citrix workers in Azure is increased.

Note: The Customer Managed option is currently supported in the Citrix Cloud and in XenApp and XenDesktop 7.16 or later via the Studio GUI.

The primary difference between the two is the level of control that the application service principal has to the Azure Subscription and resources. These two models are detailed below.

Assigning Resource Permissions

The following outlines the permission settings required for the resource that is being secured with the built-in Azure RBAC role that provides the minimum settings necessary for the model.

Most of the settings will be the same for both models, except the settings on the Subscription where Citrix workers will be provisioned and the Resource Groups within it.

For more information about assigning permissions see: https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure

For more information about built-in Azure RBAC roles see: https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles

Subscription

The Subscription where Citrix workers (XenApp and/or XenDesktop will be provisioned) will reside.

Management Model Citrix Managed Customer Managed
Azure RBAC Role Contributor None

Azure Admin / Co-Admin must create Resource Groups manually

To grant the App Registration Contributor permission to a Subscription:

  1. Select the Billing blade
  2. Select the desired Subscription
  3. Select “Access control (IAM)”
  4. Select “+ Add”
  5. Select Contributor from the Role drop down menu
  6. Click in the Select search box and type the full name of the App registration
  7. Select the App registration
  8. Select Save

Resource Group(s)

The Resource Groups within the Subscription where Citrix workers will be provisioned.

Management Model Citrix Managed Customer Managed
Azure RBAC Role Contributor

Inherited from Subscription
Virtual Machine Contributor

Storage Account Contributor

To grant the App Registration Contributor permission to a Resource Group

Citrix Managed – Do nothing, the permissions will be inherited.

Customer Managed – Complete the following:

  1. Select the Resource Group Blade
  2. Create the Resource Group(s)
    1. Select “+ Add”
    2. Enter:
      1. Resource Group Name
      2. Subscription
      3. Region
    3. Select Create
  3. Refresh the Resource Group list
  4. Select the Resource Group that was created
  5. Select “Access control (IAM)”
  6. Select “+ Add”
  7. Select Contributor from the Role drop down menu
  8. Click in the Select search box and type the full name of the App registration
  9. Select the App registration
  10. Select Save
  11. Repeat for each Resource Group

Virtual Network

The Azure Virtual Network that Citrix worker machines will be joined to.

Management Model Citrix Managed Customer Managed
Azure RBAC Role Contributor

Inherited from Subscription
Virtual Machine Contributor

Complete this for both scenarios.

Master Image Storage Account

The Resource Group within the Subscription where Citrix worker master images are maintained. Citrix and / or Desktop administrators should have full access, but the App registration does not need to modify the image.

Management Model Citrix Managed Customer Managed
Azure RBAC Role Contributor

Inherited from Subscription
Virtual Machine Contributor

Complete this for both scenarios.

Step 3: Deploy Cloud Connectors to the Azure Subscription

Citrix Documentation – Citrix Cloud Connector

Step 4: Add an Azure Resource Location using an existing Azure App registration

If you have worked through the process of manually creating an App registration in Azure and properly assigning the permissions, this new App registration now needs to be added to Citrix Cloud as a Resource Location for capacity.

Within the Citrix Cloud management portal / Citrix Studio;

  1. Select Hosting

  2. Select “Add Connection and Resources”

    1. Select “Create a new Connection”

    2. Select the Azure hosting environment

    3. Select Next

      User-added image

  3. Select “Use existing”

  4. Copy and paste;

    1. Azure Subscription ID (where Citrix workers will be provisioned by Citrix Cloud)

    2. Active Directory ID (the Directory ID of the Azure Active Directory in which the App registration was defined)

    3. Application ID (of the App registration)

    4. Application secret (the Key)

  5. Enter a “Connection name”

  6. Select Next

  7. Select the Azure Region where Citrix workers will be provisioned

  8. Select Next

  9. Enter a Citrix Cloud name for this Azure Subscription and Region

  10. Select the Azure Virtual Network that Citrix Worker machines will be joined to

  11. Select the Azure Virtual Network Subnet that Citrix Worker machines will retrieve IP addresses from

  12. Select Next

  13. Select Finish

To use copy and paste in Citrix Cloud Studio:

  1. Select the Half Circle connection menu in the top center of the browser

    User-added image

  2. Select the Clipboard

    User-added image

  3. Copy your Azure Subscription ID to the Clipboard

  4. Either; right click and paste or use CTRL + v to paste the clipboard contents to the remote clipboard

    User-added image

  5. Select the X to close the Session clipboard

  6. Select the field to paste the data to

  7. Either; right click and paste or use CTRL + v to paste the clipboard contents to the field

Related:

  • No Related Posts

Enabling FAS Authentication with Citrix Cloud XenApp and XenDesktop Service

In order to enable FAS together with the Citrix Cloud, the following Citrix components must be built outside of the XenApp and XenDesktop Service (note that not all are offered today in Citrix Cloud, but are included below for completeness):

  • FAS servers
  • Citrix StoreFront (minimum version 3.6)
  • Server OS / Desktop OS VDAs (minimum version 7.9)
  • (optional) NetScaler Gateway may be required if configured as a SAML IdP or SP to front the StoreFront servers configured for FAS authentication, but NetScaler is not required for FAS itself

The above components may be built in a public cloud or in an on-premises datacenter. The FAS and StoreFront servers should be configured according to product documentation just as they would for a fully customer-owned solution to support FAS authentication, including such items as applying Group Policy settings and configuring Microsoft Certificate Authority servers.

Related:

  • No Related Posts

Citrix ShareFile Custom Workflows – Post to Web Service

This article describes how Custom Workflows can be integrated with third party applications using Post to Web Services action. It is assumed that reader is aware of HTTP, Web service , POST, and Custom Workflows web composer application.

To post data to webservices hosted on-premises, use Citrix Cloud Connector. Otherwise, you can jump to Configuring Post-to-Web-Service in Custom Workflows

Related:

  • No Related Posts

Seamless Flags Configuration for Epic Hyperspace

This article includes recommended configuration for delivering Epic Hyperspace as a published application via Citrix XenApp.

Configuration Instructions

Citrix XenApp includes server-side seamless configuration settings in the Windows Registry that can be used to improve performance of the Epic Hyperspace application. To configure the recommended settings, modify the registry on the XenApp server where the application is installed.

XenApp 6.5 and 7.6 LTSR

The general guidance from Citrix for Epic Hyperspace deployed on XenApp 6.5 and 7.6 LTSR is to disable Active Accessibility Hook.

Create a new value in under the following “TWI” registry key:

  • HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Citrix/wfshell/TWI
  • Value Name: SeamlessFlags
  • Value Type: REG_DWORD
Deployment Type Data Description
For all Hyperspace deployments on XenApp 6.5 and 7.6 LTSR 0x00000004 DISABLE ACTIVE ACCESSIBILITY HOOK (0x4)
For a double hop topology where users launch the Hyperspace published application from within an existing remote session such as a XenDesktop session or a published XenApp desktop. 0x00004004 DISABLE ACTIVE ACCESSIBILITY HOOK (0x4)

DISABLE CLIENT INFO SYNC (0x4000)

Data: (Refer to table directly below for Hexadecimal-formatted data to use.)

XenApp 7.15 LTSR

The general guidance from Citrix for Epic Hyperspace deployed on XenApp 7.15 LTSR is for Active Accessibility Hook to remain enabled but with the addition of a value named “AAHookFlags” value set to “1” in the “TWI” registry key:

  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCitrixwfshellTWI
  • Value Name: AAHookFlags
  • Type: REG_DWORD
  • Data: (Refer to table directly below for Hexadecimal-formatted data to use.)
Deployment Type Value: Data: Description
For all Hyperspace deployments on XenApp 7.15 LTSR AAHookFlags 1 The purpose of setting this value to “1” is to activate newer performance improvements that have shown to be effective for some 3rd party

applications such as Epic Hyperspace that may require fine

tuning

For double hop deployments, in addition to setting the AAHookFlags value set to “1” as above, create a new value under the following “TWI” registry key:

  • HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Citrix/wfshell/TWI
  • Value Name: SeamlessFlags
  • Value Type: REG_DWORD
  • Data: (Refer to table directly below for Hexadecimal-formatted data to use.)
Deployment Type Value: Data: Description
For a double hop topology where users launch the Hyperspace published application from within an existing remote session such as a XenDesktop session or a published XenApp desktop. SeamlessFlags 0x00004000 DISABLE CLIENT INFO SYNC (0x4000)

Related:

True Enterprise File Sharing and Access with Filr

qmangus

You need to keep your files and systems secure, however, your users may be sharing and storing files on cloud sharing solutions that are not secure and are not managed by your organization. There needs to be a balance between the functionality that your end users want and the security that your organization needs. IT, …

+read more

The post True Enterprise File Sharing and Access with Filr appeared first on Cool Solutions. qmangus

Related:

  • No Related Posts

How to extract Old Admin logs from XenMobile Cloud Environment

Question: How to extract Old Admin logs for Audit purpose from XenMobile Cloud Environment ?

Answer: Whenever a Xenmobile cloud Site upgrades, the whole site gets redeployed, hence archiving the previous log entries. The max days up till which we will be able to see the logs will only be until the site gets redeployed.

The Xenmobile cloud site gets redeployed / upgraded every 15 days, hence the Xenmobile cloud can retain the log entries for 15 days Max.

Citrix recommends the Cloud Admins to Log into Xenmobile console and download a copy of Logs by going to Xenmobile Console -> Wrench icon-> Logs.

These logs can be captured on daily/weekly basis for Audit purposes.

Related:

  • No Related Posts

7023213: How to clear/reset barclamp deployment from crowbar deployment queue

This document (7023213) is provided subject to the disclaimer at the end of this document.

Environment

SUSE OpenStack Cloud 7

Situation

After deployment of a barclamp the barclamp still shows “deploying” in deployment queue while it has actually stopped due to failures.
Url of deployment queue:
http://<admin-node>/deployment_queue

Resolution

On the admin node run the following:
crowbar_reset_proposal <proposal name e.g. “cinder”>

crowbar_reset_nodes

Cause

The state of the proposal is still deploying.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

Moving to Multi-cloud: How to Get Stakeholders Aligned

EMC logo


This blog is part of the Moving to Multi-Cloud series, which gives practical advice on how to move your multi-cloud strategy forward.

It All Starts with the Stakeholders

Top performing CIOs enlist full executive and line-of-business support for their IT transformation initiatives. However, building consensus across stakeholders, including IT leaders and executives, can be challenging. You need to get upfront agreement around your organization’s strategic goals, guiding principles, issues and near-term priorities. It’s important to make sure everyone is on the same page; however, that’s easier said than done. Here’s some advice on how to gain the alignment you need to accelerate your transformation.

Bring Everyone to the Table

Identify key IT and executive stakeholders for your transformation. This may include executives from operations, applications, and infrastructure teams. Depending on the issues and IT strategy concerns, team leads from IT finance, security, business relationship management, and enterprise architecture groups may need to be involved.

Plan, guide and manage a group meeting consisting of all key stakeholders. Topics to consider including are IT trends and strategy, multi-cloud operating model, application portfolio, financial transparency, and infrastructure service delivery platforms and technologies.

Agree on the Need for Transformation

Moving to multi-cloud is an ambitious undertaking, and you need to really understand why the transformation is needed. What business outcomes are you looking for? What are the issues and pain points that are keeping you from realizing those outcomes today? What metrics do you have, and what metrics will you need to determine the success of the change? Think about things like agility, business drivers, usage and capacity, equipment lifecycles, contractual obligations, workforce trends and demands, and alignment with organizational goals and priorities. What are the gaps between where you are now and where you need to be? What does success look like? All of this should be discussed, agreed to, and documented.

Develop a Strategic Vision and High-Level Future State

Clarify the strategic vision. For example, you may want to make IT investments more predictable, shift resources away from maintenance and towards innovation, establish cloud service delivery and consumption models, progressively reduce technical debt, reduce IT footprints, or employ more best-of-breed SaaS services. Identify your guiding principles. This may include placement of applications in private and public clouds, including migration efforts to the target environment. It may include simplifying operations to provide more efficient scaling up/down. It may also involve rethinking CapEx vs. OpEx and variable spending models.

Define the high-level future state to realize this vision, following the guiding principles. Document how the future state is different from the current state with regard to infrastructure, consumption model, operating model, and applications.

Identify Near-Term Priorities

Identify near-term priorities that can be planned, sustained and measured when placed at a later stage into a roadmap. Near-term priorities should be shown in terms of governance, operating model, applications and infrastructure concerns.

Define the Value and Benefits

Defining the benefits of the transformation program can provide proof of positive impact, validating its value.  Consider the impact to operating costs, operating process cycle time, availability, time to provision, resource optimization, businesses’ service costs, % of the catalog which is self-service, customer satisfaction, and compliance. Stakeholders will understand the benefits but also appreciate the need for sustained engagement to achieve them.  Establishing a transformation dashboard will sustain the enthusiasm as well as determine where the plan needs to be adjusted.

Get an Outside Perspective

Getting stakeholder alignment to define a common vision, determine priorities, resolve conflicts and make decisions can be challenging. Consider running a facilitated workshop designed to achieve consensus and get you moving to multi-cloud faster.

Summary

Transforming to a business and services focused multi-cloud environment requires the coordination of IT’s governance, infrastructure, service management, security, applications and business partners.  The benefits are best achieved through a shared vision and support.  Establishing that vision needs all stakeholders to be at the table to agree upon the goals, guidelines, timeline, priorities and the metrics of determining success.  This can be accelerated though a facilitated workshop in which a guided dialogue produces the results and answers needed to move forward.

Continue your reading with a few other relevant posts:

Moving to Multi-cloud: Roadmap Considerations

IT Transformation: CIO’s Priorities and Successes

4 Steps for a Successful Transition to a Multi-cloud Model

Why Multi-cloud Can Bridge the Gap Between Public and Private Clouds

The post Moving to Multi-cloud: How to Get Stakeholders Aligned appeared first on InFocus Blog | Dell EMC Services.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

How to Configure NetScaler Gateway for Use With Citrix Receiver for Mobile Devices Using Web Interface as Backend

This article describes how to configure NetScaler Gateway for use with Citrix Receiver for Mobile Devices when using Web Interface as backend.

Background

The Citrix Receiver supports SSL connections to NetScaler Gateway. The process to enable connections from the Citrix Receiver is similar to configuring NetScaler Gateway to accept the Citrix XenApp connections, but with a minor difference.

When configuring a NetScaler Gateway for XenApp connections, a Web Interface site contains information about the published applications that a user has rights to access. The Web Interface site displays a web page, which has icons to start the applications.

User-added image
The Citrix Receiver uses a XenApp services site, which was earlier known as the “Program Neighborhood Agent” site, to gather information and enable the site to appear on the application list of the Citrix Receiver. Both configurations, the traditional Citrix XenApp connections using a Web Interface and the Citrix Receiver using XenApp Services, can exist within the same NetScaler Gateway Virtual Server.

Related:

  • No Related Posts