Documentation website using markdown files. This simple deployment for a windows machine takes you from nothing to up and running in a minute or two.

Having also completed this on linux machines and git repositories it is still most common in the IT world for others to gravitate towards windows machines. Thus we seek to meet people where they are.

Retype

Work engine for producing Storehouse. Information on creating pages, components, images, video and more found here: retype components.

Deploy 🔨

Login windows machine and run: deploy-retype-storehouse.ps1

Resources

• 📘 Markdown getting started
• 📕 Retype components

Final thoughts

Lets bring documentation into a single site that is easy, simple, free, deploy at scale, full feature search and best of all a highly polished frontend for people to enjoy using.

A set of Powershell based scripts to simplify managing a Citrix site and unlocking its hidden features.

reset-machine-ifdisconnecteduser.ps1

https://github.com/virtualizebrief/collection/blob/main/cvadtools/reset-machine-ifdisconnecteduser.ps1

As you’ll learn from below this script should be run on the legacy site against the old desktop. Performs the following actions:

• Get list of users in an ad group
• Get list of users disconnected from Citrix desktop
• Compare lists and create new list that match both
• Take action: Reset machine if user is both in ad group and disconnected state

Tale of two desktops

I’ve put this to good use when migrating a large Citrix desktop user base that operates 24-7. The above, in addition to StoreFront site aggregation, have published the same desktop twice, one in legacy site another on new site.

By adding an ad group to the new desktop on the new site and having the new site placed higher in site aggregation in addition to the desktop having the same name as the legacy site new and current users will now connect to the new desktop in the ad group.

The hang up is current users will not return to their old desktop with that desktop being in a disconnected state. To prevent trouble this PowerShell script can be coded to run in a loop and check every minute or so to reset machines for these given users.

Final thoughts

Your now free to add people at will to the new ad group to start using the new desktop on the new site. If someone has an old desktop they disconnect from and are entitled to the new desk the old with be reset and new is ready for connection.

A set of Powershell based scripts to simplify managing a Citrix site and unlocking its hidden features.

Get-ConcurrentUser-LicenseCount.ps1

Citrix license count for concurrent users.

• Use BrokeringUserName
• Get unique names per site
• Comparing sites for unique names

This total will give you an accurate idea of how many concurrent license your using in the event you’ve gone overdraft and are now in supplemental grace period. Time to act and knowing how many licenses you need is key.

Powershell code

#-you configure these settings
$site1dc = "site1controller"
$site2dc = "site2controller"
$maxSessions = "1400" #your-license-count

#-welcome
clear-host
Write-host ""
write-host "Powertools" -ForegroundColor cyan
write-host " Citrix license count for concurrent users"
write-host " note: does not include Citrix cloud site" -foregroundcolor yellow
write-host " Available concurrrent license count: $maxSessions" -ForegroundColor green
write-host " $time"
write-host ""
write-host "Results" -foregroundcolor Cyan

#-do the thing
$site1name = (Get-BrokerSite -AdminAddress $site1dc).name
$site1 = ((Get-BrokerSession -AdminAddress $site1dc -MaxRecordCount 10000).BrokeringUserName  | Sort-Object | Get-Unique).count
$site1Users = (Get-BrokerSession -AdminAddress $site1dc -MaxRecordCount 10000).BrokeringUserName  | Sort-Object | Get-Unique
$site2name = (Get-BrokerSite -AdminAddress $site2dc).name
$site2 = ((Get-BrokerSession -AdminAddress $site2dc -MaxRecordCount 10000).BrokeringUserName  | Sort-Object | Get-Unique).count
$site2Users = (Get-BrokerSession -AdminAddress $site2dc -MaxRecordCount 10000).BrokeringUserName  | Sort-Object | Get-Unique

$UniqueUsers = $site1Users + $site2Users
$trueUniqueUsers = ($UniqueUsers | Sort-Object | Get-Unique).count
$time = get-date

If ($trueUniqueUsers -gt $maxSessions){$warning = "red"}
If ($trueUniqueUsers -eq $maxSessions){$warning = "yellow"}
If ($trueUniqueUsers -lt $maxSessions){$warning = "green"}

#-results
write-host " * $site1name site: $site1"
write-host " * $site2name site: $site2"
write-host " Total concurrent users: " -nonewline
write-host "$trueUniqueUsers" -ForegroundColor $warning
write-host ""
pause
write-host ""
write-host ""

A set of Powershell based scripts to simplify managing a Citrix site and unlocking its hidden features.

Remove-DG-MachinesWithFaultState.ps1

Check a delivery group for machines that meet the following:

• Powered on
• Not in Maintenance
• Unregistered
• FaultState is not: none

Results list machines by name and their current FaultState. If you’d like to remove those machines from the delivery group enter: yes. Or anything else will take no action.

Powershell code

#-Welcome message
Clear-Host
Write-Host ""
Write-Host "Citrix Powertools" -ForegroundColor Cyan
Write-Host ""
Write-Host "Remove Machines from Delivery Group which are:" -ForegroundColor Yellow
Write-Host "1. Powered on"
Write-Host "2. Not in Maintenance"
Write-Host "3. UnRegistered"
Write-Host "4. FaultState is not: none"
Write-Host ""

#-user configurable settings
Write-Host "Note: No action is taken till later if you choose to." -ForegroundColor Green
$DG = Read-Host "Enter delivery group to check"
Write-Host ""

#-do something
Clear-Content .\computers.txt
$totalCount = (Get-BrokerMachine -DesktopGroupName $DG -MaxRecordCount 10000).count
Write-Host "Machine checked: $totalCount"
Write-Host "Reason machine was flagged" -ForegroundColor Yellow
Write-Host "--------------------------------------"

$VMs = (Get-BrokerMachine -DesktopGroupName $DG -InMaintenanceMode $false -PowerState On -RegistrationState Unregistered).MachineName
Foreach ($VM in $VMs) {

    $Result = (Get-BrokerMachine -MachineName $VM).FaultState
    If ($Result -notLike "*none*"){
        Write-Host "$VM " -NoNewline -ForegroundColor Cyan
        Write-Host "$Result"
        Add-Content -Path .\computers.txt -Value "$VM"
        }

}
Write-Host "--------------------------------------"
Write-Host ""

$takeAction = Read-Host "Remove from $DG (yes/anything else to exit without action)?"
Write-Host ""
If ($takeAction -eq "yes"){

$FixMes = Get-Content .\computers.txt
Foreach ($FixMe in $FixMes){

    Remove-BrokerMachine $FixMe -DesktopGroup $DG

}
Write-Host "Completed!" -ForegroundColor Green
Pause
Exit
}

Write-Host "No action taken. Goodbye." -ForegroundColor Green
Pause
Exit

Everything is running fine. You see a new Igel OS update to 11.09 and give it a try. After reboot your left with a screen like this: the Imprivata lock screen did not load.

Deep dive time

After connecting with ssh to an Igel device run the command: ImprivataBootstrap and receive error 404 when trying to find the url:

ProveID embedded 7.12

Looking at Imprivata your on ProvideID Embedded 7.11 and there is a new 7.12 release. Following the steps, download and install on your Imprivata appliance.

PIE 7.12 does install on your Igel device with os 11.09 though still no Imprivata lock screen. SSH to device and run: ImprivataBootstrap now returns:

One off

Fix this for a single device at the command prompt with the following, which will remove the previous install of ImprivataBootstrap with a wipe then request a new install that will be PIE 7.12.

• ImprivataBootstrap -w
• ImprivataBootstrap

Thousands of devices

I’ve put together a bash script that will accomplish the following:

• Wait 5 minutes after boot, good incase an upgrade is still taking place.
• Check if the file /.imprivata_data/runtime/offline/Agent/FirstDomain.txt exist. This file is only present if Imprivata lock screen loads.
• If file is found take no action. If file is not found run the below bootstrap commands to wipe and reboot the device.

Imprivata_Clean.sh

#!/bin/bash
echo $(date +"%Y%m%d_%T")\n >> /run/Imprivata_BootCheck_Start.log

sleep 300

if [ -a /.imprivata_data/runtime/offline/Agent/FirstDomain.txt ]
then
	echo $(date +"%Y%m%d_%T")\n >>  /run/Imprivata_BootCheck_FileYes.log
else
	echo $(date +"%Y%m%d_%T")\n >>  /run/Imprivata_BootCheck_FileNo.log
	ImprivataBootstrap -w
	reboot
fi

#EOF

As you can see this creates a log file when it starts and check files with results. Each file has a timestamp written into it.

Igel policy

Create an Igel policy named: OS11 Imprivata check if bootstrap. Then enter this:

• System > Firmware Customizations > Custom Commands > Desktop > Final desktop command: /run/Imprivata_Clean.sh &

• Create the bash file above, upload it to Igel file and put its path to /run.

• Attach the file to the Igel profile you just created: OS11 Imprivata check if bootstrap.

Final thoughts

Attach the new Igel profile & OS 11.09 to the same folder. Then devices will upgrade to Igel OS 11.09 and PIE 7.12 automatically. In addition I’ve attached this policy to a folder with Igel OS 11.08. The result is a successful downgrade of both OS 11.08 and PIE 7.11.

Your safe to move up or down both Igel and Imprivata versions moving devices from one folder to the other. For a sense of scale I’ve used this against thousands of devices without a hitch.

Resources

Imprivata ProveID Embedded 7.12

https://community.imprivata.com/s/article/Imprivata-ProveID-Embedded-7-12

Installing PIE 7.12 on iGEL OS with firmware version 11.09.100 getting error - bad magic number in 'MainLoader'

https://community.imprivata.com/s/article/Installing-PIE-7-12-on-iGEL-OS-with-firmware-version-11-09-100

New Extension

There is a way to keep file:// calls in your websites. To the rescue is a new Chrome extension created just for this.

Enable local file links

https://chromewebstore.google.com/detail/enable-local-file-links/nikfmfgobenbhmocjaaboihbeocackld

Having deployed this extension myself, when a user encounters a file:// link for the first time they will be presented with this page.

From here you’ll need to click 1. Open’s link.

Now tick: Allow access to file URLs.

Final thoughts

As things become more secure our outdated stuff ends up falling over. We get a pass this time. In the future it would be best to redesign any legacy sites to call https only. One possible way, if you don’t want to create a full feature website, would be to enable directory browse in IIS but we’ll save that for another time.

Resources

• https://groups.google.com/a/chromium.org/g/chromium-extensions/c/ZtCvVISQU54
• https://microsoftedge.github.io/edgevr/posts/deep-dive-into-site-isolation-part-2/#local-file-disclosure

Mission statement

Rely on scaling a third data center automatically if and when data center one and two become unavailable.

Citrix GSLB

Load balancing citrix.company.com across three data centers hosting their own gateways and internal Storefront urls. Each Storefront internal url is of the set of servers physically located in that data center.

StoreFront servers set

A single group across the three data centers.

Storefront store

A core functionality of StoreFront is the ability to aggregate and de-duplicate common application and desktop resources from multiple Citrix Virtual Apps and Desktops (CVAD) Sites. This functionality is commonly referred to as multi-site aggregation.

Single store will provide all apps and desktops across the three data centers. The store will have two Citrix sites using site aggregation. Site one will have priority over site two.

Site: two

With this site having con's across all three data centers the site will be available at all times. Yet its applications and desktops will only be available, primarily, if site one becomes unavailable. Once the Storefront store checks against site one and two, if one is not found and all of two's apps and desktops will be available.

As users take up connections on vda's in site two other settings will providing for producing additional vda's to maintain a good user experience in real time. These features include but are not limited to Citrix: Autoscaling.

https://docs.citrix.com/en-us/citrix-daas/manage-deployment/autoscale.html

Continuous confirmation data center three is operating

By having con's in all three data centers we can have daily users working out of data center three vda's to understand and know with confidence data center three is fully functioning. This can be accomplished a number of ways. For example AD Group: DataCenter3Users. A small group of people can be added to this AD Group, which explicitly blocks access to App1 from site one. The result being they see App1 on site two.

Example one: business as usual

In this example all three data centers are healthy and available. Users sign in citrix.company.com and launches application: hyperspace. Results are application is launched from site one, through vda in data center one or two.

Business as usual

User is not presented with hyperspace from site two since site one is available. User has no possible way to reach site two's hyperspace application while site one is functioning.

Example two: data center one and two are unavailable

In this example data centers one and two have become unhealthy and unavailable. Users sign in citrix.company.com and launches application: hyperspace. Results are application is launched from site two, through vda in data center three.

Disaster recovery fail

User is not presented with hyperspace from site one since site one is unavailable. User has no possible way to reach site one's hyperspace application while site one is not functioning.

Through automatic scaling additional vda's will come online as needed to provide capacity for all users.

Final thoughts

As with anything there are more than one way to accomplish a mission. Understanding the what and why is going to be key. In this example we have accomplished providing a 3rd data center as a disaster recovery site, which we can confirm functions daily and have a high degree of confidence during a disaster we can recover.

Its time to begin the Citrix Powertools series. A set of Powershell based scripts to simplify managing a Citrix site and unlocking its hidden features.

Get-MachineCatalog-VM-Snapshot

Today we’ll give a look at Get-MachineCatalog-VM-Snapshot.

A picture is worth a thousand words. Here you can see you’ll enter a delivery controller name and the results will show all of your Machine Catalogs that use MCS, the VM name and the snapshot in use.

Powershell code

#------intro-----

Clear-Host
Write-Host "------- " -NoNewLine
Write-Host "Citrix PowerTools" -NoNewLine
Write-Host " -------"
Write-Host ""
Write-Host "Get Machine Catalog > VM > Snapshot" -ForegroundColor Yellow
$site = Read-Host "Enter delivery controller for site"


#------do thing-----

Add-PsSnapin Citrix*
Get-ProvScheme -AdminAddress $site | select ProvisioningSchemeName,@{n='MasterVM';e={$_.MasterImageVM -replace 'XDHyp:\\HostingUnits\\[^\\]+\\([^\\]+)\.vm\\.*$' , '$1' }},@{n='Snapshot';e={$_.MasterImageVM -replace '^.*\\([^\\]+)\.snapshot$' , '$1' }} | Format-Table -AutoSize | Out-File C:\Support\Report.txt -Force
$Report = Get-Content "C:\Support\Report.txt"
$Report2 = $Report.replace('ProvisioningSchemeName','Machine Catalog').replace("MasterVM","`tvSphere VM")
$siteName = (Get-BrokerSite -AdminAddress $site).name 


#------results-----

Clear-Host
Write-Host "------- " -NoNewLine
Write-Host "Citrix PowerTools" -NoNewLine
Write-Host " -------"
Write-Host ""
Write-Host "Results for site: $siteName" -ForegroundColor cyan
Write-Host "Delivery controller checked: $site" -ForegroundColor yellow
$Report2
pause

Lets see how many tools we can put together.

Picked these up in the last month. Google Cloud making some big moves.

If you run thin clients that have hard drives on the small side under 4gb or even under 2gb you can still convert them to Igel. I recently ran across this at a place that had around 5,000 Dell Wyse 5010’s with 2gb hard drives.

I was able to customize the image taking it down to its most basic features including Imprivata and Citrix Workspace app. This enabled the creation of an Igel USB stick that would take up under 1.5gb.

Unattended installer

In addition this iso will run unattended. If you boot from this iso it will erase and reload the device without hesitation. You have been warned! This makes for a great pxe boot to image for mass converting Igel devices. Or good for Desktop Support to image devices without needing to learn the choices to make: keep it simple.

Things to consider

In the Igel Management Console you may want to setup a folder and policy to move all devices found with 2gb drives. Create a policy that removes all features save for the bare minimum you need.

A special thank you goes out to the GitHub community, especially this post that made gathering this information possible.

GitHub - IGEL-Community/IGEL-Custom-Partitions: IGEL OS is built on a highly secure Linux distribution. Properly deployed, IGEL OS is locked down to the configurations and applications defined via UMS Profiles. The Custom Partitions feature allows you to implement custom scripts, apps, or other files to one or a group of devices running the IGEL OS.

IGEL OS is built on a highly secure Linux distribution. Properly deployed, IGEL OS is locked down to the configurations and applications defined via UMS Profiles. The Custom Partitions feature allo...

GitHubIGEL-Community

You’ll find the goods below and with that have a great rest of your day.

Best Regards
Michael Wood

Bash file

option name: build-igel-iso-1gb.sh

#!/bin/bash
#set -x
#trap read debug

# Creating an silent install ISO image
## Development machine (Ubuntu 18.04)
# Obtain latest IGEL OS ISO Image
#https://www.igel.com/software-downloads/workspace-edition/
if ! compgen -G "$HOME/Downloads/OSC_*.zip" > /dev/null; then
  echo "***********"
  echo "Obtain latest IGEL OS OSC zip file, save into $HOME/Downloads and re-run this script "
  echo "#https://www.igel.com/software-downloads/workspace-edition/"
  echo "***********"
  exit 1
fi

ISO_VER=`basename ~/Downloads/OSC_*.zip | cut -b 5-13`
ISO_IMAGE_NAME="OSC_${ISO_VER}.unattended.iso"

sudo apt install unzip -y
sudo apt install syslinux-utils -y
sudo apt install genisoimage -y

mkdir build_tar
cd build_tar

mkdir custom
cd custom
unzip $HOME/Downloads/OSC_*.zip

mkdir osciso
sudo mount -oloop preparestick/osc*.iso osciso

sudo mkdir newiso
sudo cp -a osciso/./ newiso

sudo umount osciso
rm -rf preparestick

read -p "Make manual changes then press enter to proceed."

sudo sed -i -e "s/timeout=30/timeout=10/" newiso/boot/grub/igel.conf
sudo sed -i -e "s/default=0/default=1/" newiso/boot/grub/igel.conf
sudo sed -i -e "s/Verbose Installation + Recovery/Installation (Unattended)/" newiso/boot/grub/igel.conf
sudo sed -i -e "s/bzImage igel_syslog=verbose/bzImage quiet osc_unattended=true igel_syslog=quiet/" newiso/boot/grub/igel.conf
#sudo sed -i -e '/Failsafe Installation/i menuentry "Shutdown" { halt }' newiso/boot/grub/igel.conf

cd newiso

#W/O EFI
#sudo genisoimage -r -U -V 'IGEL_OSC_TO' \
  #-o ../../../${ISO_IMAGE_NAME} \
  #-c boot/isolinux/boot.cat -b boot/isolinux/isolinux.bin \
  #-no-emul-boot -boot-load-size 4 -boot-info-table \
  #-no-emul-boot .
#sudo isohybrid ../../../${ISO_IMAGE_NAME}

#W EFI
sudo genisoimage -r -U -V 'IGEL_OSC_TO' \
  -o ../../../${ISO_IMAGE_NAME} \
  -c boot/isolinux/boot.cat -b boot/isolinux/isolinux.bin \
  -boot-load-size 4 -boot-info-table -no-emul-boot \
  -eltorito-alt-boot -e igel_efi.img -no-emul-boot .
sudo isohybrid --uefi ../../../${ISO_IMAGE_NAME}

cd ../../..
sudo rm -rf build_tar

How to create custom iso

Make sure both the files are in the download folder: build-igel-iso-2gb.sh & OSC_*.iso

• Enter terminal prompt
• Run: cd Downloads
• Run: ./build-igel-iso-2gb.sh
• Enter root password

This will pause after extracting the iso with a message: Make manual changes then press enter to proceed. While this is paused and still open, launch a second terminal and do the following.

• Run: sudo chown -R ctxadmin: ./Downloads/build_tar/custom/newiso
• exit this terminal

Open explorer and edit the file: /Downloads/build_tar/custom/newiso/images/linux/lxos/lxos.inf.

• Add the line under [INFO]: custom="true"
• Delete the [PART] section of each you want to exclude, but do this only if the section has the line: dispensable="true"
• Save lxos.inf

Return to the first terminal that is pause and hit: enter. The iso file will be constructed in the /Downloads folder named something like: OSC_11.07.170.unattended.iso

Conclusion

You can now create a USB stick, use pxe, boot a VM or any other way you can think of using an iso to image a device.

HOMESHARE environment variable not compatible with FSLogix?

Microsoft LogoMicah AdamsonMicrosoft contingent staff

Setup

FSLogix is great from managing user profiles and settings when publishing a Citrix or Horizon virtual desktop. In the past I’ve setup vSANs with specific unc paths to call out and store personal disks.

Recently when working with a client they asked if the users home share could be used as the location to store these personal disks. They had multiple domains and somewhere around seven or eight different home share paths.

Home share variable doesn’t work

Now as the quote above suggest this can not be done. Yes, this person is right you cannot use the variable %homeshare% but you can use %username%. This will require you to know all possible root paths that home shares can be found in, which though an extra step does accomplish the desired goal.

FSLogix group policy

First thing to do is gather all possible home share locations:

\\domain1\pathA\%username%
\\domain1\pathB\%username%
\\domain2\pathA\%username%
\\domain2\pathB\%username%
\\domain2\pathC\%username%
\\domain3\pathA\%username%

Let’s head to the FSLogix group policy settings and put these paths into use.

Location

Computer Configuration > Policies > Administrative Templates > FSLogix > Profile Containers

Setting

VHD Location, enter the following

\\domain1\pathA\%username%;\\domain1\pathB\%username%;\\domain2\pathA\%username%;\\domain2\pathB\%username%;\\domain2\pathC\%username%;\\domain3\pathA\%username%

Conclusion

You can have your cake and eat it to. No new storage solution or location be needed. Users will continue to store all of their personal information, now including their personal disk, in their home share.

This will simplify end user support and provide for a great virtual desktop experience with user settings following them and not missing a beat.

I’ve given this a good amount of thought. I have come to conclude if Igel thin clients reboot after 4 hours of not being in use they will then check in with the Igel UMS management server and apply updates. No one gets kicked, updates gradually roll out and everything is natural.

How to know an Igel computer is not in use

Were I live we use Igel for connecting to both VMware Horizon and Citrix Workspace provided virtual desktops and virtual applications.

Knowing this let use identify what process is running when the Horizon client or Workspace app is doing its thing. Come to find out these two process are:

• wfica_orig
• vmware-remotemk

With this knowledge lets construct a profile to check if either one of these processes are running and if yes then do nothing. If no to either one then mark it down until the time reaches 4 hours or 240 minutes. Then reboot.

Creating an Igel profile

Here’s how to go about putting together the profile in the Igel UMS console.

1. Right click Profiles and select: New Profile
2. Give it a name like: Citrix Workspace or VMware Horizon no connect 4 hours reboot
3. Head over to: System > Firmware Customization > Custom Commands > Desktop
4. Enable: Before Desktop Start and enter the following code:

#!/bin/bash
for (( ; ; ))
do

sleep 120
RUNNING=$(pgrep -u user "wfica_orig|vmware-remotemk")

if [ $RUNNING -gt 0 ]
then
	echo $(date +"%Y%m%d_%T")\n >> /run/WorkspaceOrHorizon_Yes.log
	rm ./run/WorkspaceOrHorizon_No.log
else
	echo $(date +"%Y%m%d_%T")\n >> /run/WorkspaceOrHorizon_No.log
fi

TIME=$(wc -l < /run/WorkspaceOrHorizon_No.log)
if [ $TIME = 120 ]; then reboot ; else echo $TIME ;fi

done &
#EOF

Click: Save

Assigning the new profile

Now go ahead and attach this profile to a folder where the devices live that connect to VMware Horizon or Citrix Workspace provided things. Remember that the new profile needs to apply and won’t take effect until you ironically reboot.

Keep in mind on my end I also work with Igel computers that are using the Igel Desktop experience and not connecting to either VMware Horizon or Citrix Workspace provided things. Some run Firefox and display full screen for kiosk stations in lobbies. In this case we do not want to apply this new profile to these Igel devices as the result would be a reboot every 4 hours without end.

Check the results live

You can connect to an Igel device running the profile to see what is happening.

Based on the code above if you look in /run you’ll find a file created called WorkspaceOrHorizon_No.log if nothing is running. Every 2 minutes this file will be updated with a time stamp. Once the total count of lines equals 120 or better put 240 minutes then a reboot command is run.

If either Horizon client or Workspace app is found running a file will be created called WorkspaceOrHorizon_Yes.log with a time stamp and the WorkspaceOrHorizon_No.log will be deleted to stop counting idle time.

Simple in what it does, great in accomplishing the desired results.

Citrix is the most widely trusted way to deploy Epic Hyperspace. For those not familiar Epic Hyperspace is the application frontend for the most used patient health record system in the good old United States of America.

Lets take a quick look at a good setup for being agile and quick about getting things deployed.

Creating machines

Use machine creation services. The performance gains in memory, network, and disk space is noticeable over Citrix Provisioning. In addition this takes you one step closer to understanding and using Citrix Cloud.

When it becomes time again to refresh your design please approach the challenge with a 2022 mindset and not a 2000 mindset. So yes, these days I would advocate MCS over PVS.

Andreas van Wingerden

In this example we’ll have 3 parent computers. It is possible to have a single parent that would have all 3 releases install together. Though this is possible and cleaner you may find trouble down the road.

Windows Server VMs

Parent-Hyperspace-May2022
> Golden-Hyperspace-May2022-CP01-2022.09.01
> Golden-Hyperspace-May2022-CP02-2022.09.05

Parent-Hyperspace-November2021
> Golden-Hyperspace-November2021-CP09-2022.05.25
> Golden-Hyperspace-November2021-CP10-2022.07.28

Parent-Hyperspace-May2021
> Golden-Hyperspace-May2021-CP13-2021.11.01

Machine catalogs and delivery groups

Keep in mind using machine creation services will provide for a more Citrix Studio focused management. Creating, adding to, and deleting both machine catalogs and delivery groups will be a natural thing and not something static or stuck as they are. Making fresh and new machines is easy.

Delivery group layout

Have a delivery group for each Hyperspace release + client pack. Having all of these resources available one can move environments around quickly.

Citrix Studio

-Delivery Group-                -Applications-
Hyperspace-May2022-CP01	        TST, ACE3, ACE4
Hyperspace-May2022-CP02	        POC, REL
Hyperspace-November2021-CP09	MST, ACE1, ACE2,
Hyperspace-November2021-CP10	PRD, SRO, SUP
Hyperspace-May2021-CP13	        HST

Applications

Move existing environment

Using the above example say someone would want TST to be moved to May2022-CP02. You'd simple change TST's delivery group settings to Hyperspace-May2022-CP02.

Install new client pack and deploy

If someone needs a new client pack installed into a hyperspace release you can:

• Power on parent computer
• Install client pack and power off
• Clone to new golden image to the desired hypervisor hosting the vda's
• Create machine catalog and delivery group named after release + client pack
• Move desired environment to the new delivery group

I've personally done this so many times I can't even count. The average turn around time from request to done is 30 minutes.

Once a given delivery group no longer has any Epic Hyperspace clients published off it, you can go into Citrix Studio and delete the delivery group and machine catalog. Or if you prefer keep it in place for as long as you feel comfortable, having it in your back pocket for any unforeseen rollback requests.

Conclusion

In addition to providing a great on premise setup the above layout is more akin to how Citrix Cloud functions and organizes machines. It must be said there is a multitude of ways to structure, design and deploy Citrix Virtual Apps and Desktops resources this being one of many great ways.

Best Regards
Michael Wood

References

• Is PVS still the go to solution in 2022?

If your team seeks to keep old tradition alive lets at least do our best to not kick people out of applications or desktops.

We can do this with a bit of a creative restart scheduling with existing resources. If needed maybe add a few extra machines as this will depend on your setup and 24-7 capacity use case.

Studio Already Has a Restart Scheduler

Of course Citrix Studio has a built in scheduled restart feature for every delivery group. Just set it and forget it. You’ll have to pick one of these two choices:

• Restart all computers at once. This will cause all resources provided to be unavailable during the time until at least the first machine registers. This could take anywhere from 5-15 minutes of down time.
• Staged restarts over time. This will cause users to potentially experience back to back forced kick outs. They’ll see your restart warning message twice. Its a bit confusing, try it yourself sometime and you’ll see how odd it can be.

New Thinking For Old Ideas

So you still want to restart every machine every day but you admit its a bad time for users and you don’t want that. Enough talk lets get down to it.

Below I’ve provided three PowerShell scripts to accomplish the following restart schedule, keep in mind this is for Windows Server OS VDAs:

• 2:30pm. Place half of the machines in a delivery group into maintenance. These machines will continue to provide existing sessions and not new logins.
• 10:30pm. Send message of pending restart to users, wait 5 minutes, power off machines, wait a minute, power on machines, wait 5 minutes, turn off maintenance. Check to see if at least one machine is out of maintenance and registered, if yes, now set the other half of machines to maintenance.
• 6:30am. Send message of pending restart to users, wait 5 minutes, power off machines, wait a minute, power on machines, wait 5 minutes, turn off maintenance.

This will achieve the least disruption with the shortest possible session that gets kicked being around 8 hours and a max session time just shy of 24 hours.

Bonus For Machines That Fail Studios Restart Schedule

As you’ll note from below the command used to restart, reboot, shutdown, or what you’d like to call it is actually this:

New-BrokerHostingPowerAction -Action TurnOff -MachineName $vdaInMaintenance

I’ve used this command rather than shutdown as I’ve seen in some setups where machines would not gracefully shutdown. Our goal here is to make sure every machine is powered off and powered on without exception.

Best Regards
Michael Wood

2:30pm for Task Scheduler on Delivery Controller

#-Your input please
$dg = "MyDeliveryGroup"

#-Get list of machines
$vdas = Get-BrokerDesktop -Filter {DesktopGroupName -eq $dg} | ForEach {$_.MachineName}
$count = $vdas | Measure-Object | Select-Object Count | ForEach-Object {$_.Count}
$half = $count / 2
$halfRound = [math]::Round($Half)
$vdaToMaintenances = $vdas | Select -First $halfRound

#-Put in maintenance
ForEach ($vdaToMaintenance in $vdaToMaintenances){
    Set-BrokerMachineMaintenanceMode -InputObject $vdaToMaintenance $true
}

10:30pm for Task Scheduler on Delivery Controller

#-Your input please
$dg = "MyDeliveryGroup"

#-Get list of machines
$vdaInMaintenances = Get-BrokerDesktop -Filter {(DesktopGroupName -eq $dg) -and (InMaintenanceMode -eq "true")} | ForEach {$_.MachineName}
$vdaNotMaintenances = Get-BrokerDesktop -Filter {(DesktopGroupName -eq $dg) -and (InMaintenanceMode -eq "false")} | ForEach {$_.MachineName}

#-Take machines in maintenance, sends message, power off, power on, take out of maintenance
Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    Get-BrokerSession -MachineName $vdaInMaintenance | Send-BrokerSessionMessage -Title "StoreFront Maintenance" -MessageStyle Critical -Text "In 5 minutes your Desktop will logoff. Your also free to logoff now and get a new Desktop."
}
Start-Sleep -S 300

Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    New-BrokerHostingPowerAction -Action TurnOff -MachineName $vdaInMaintenance
}
Start-Sleep -S 60

Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    New-BrokerHostingPowerAction -Action TurnOn -MachineName $vdaInMaintenance
}
Start-Sleep -S 300

Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    Set-BrokerMachineMaintenanceMode -InputObject $vdaInMaintenance $false
}
Start-Sleep -S 60

#-Put other machines in maintenance if previous one not in maintenance and also registered.
#-If these two things are not true do not put other machines in maintenance, you investigate.
$vdaInMaintenanceOut = (Get-BrokerMachine -MachineName $vdaInMaintenance | Select-Object InMaintenanceMode | ForEach {$_.InMaintenanceMode}) -eq $False
$vdaInMaintenanceReg = (Get-BrokerMachine -MachineName $vdaInMaintenance | Select-Object RegistrationState | ForEach {$_.RegistrationState}) -eq "Registered"
If ($vdaInMaintenanceOut -and $vdaInMaintenanceReg) {
    Foreach ($vdaNotMaintenance in $vdaNotMaintenances) {
    Set-BrokerMachineMaintenanceMode -InputObject $vdaNotMaintenances $true
    }

}

6:30am for Task Scheduler on Delivery Controller

#-Your input please
$dg = "MyDeliveryGroup"

#-Get list of machines
$vdaInMaintenances = Get-BrokerDesktop -Filter {(DesktopGroupName -eq $dg) -and (InMaintenanceMode -eq "true")} | ForEach {$_.MachineName}

#-Take machines in maintenance, sends message, power off, power on, take out of maintenance
Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    Get-BrokerSession -MachineName $vdaInMaintenance | Send-BrokerSessionMessage -Title "StoreFront Maintenance" -MessageStyle Critical -Text "In 5 minutes your Desktop will logoff. Your also free to logoff now and get a new Desktop."
}
Start-Sleep -S 300

Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    New-BrokerHostingPowerAction -Action TurnOff -MachineName $vdaInMaintenance
}
Start-Sleep -S 60

Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    New-BrokerHostingPowerAction -Action TurnOn -MachineName $vdaInMaintenance
}
Start-Sleep -S 300

Foreach ($vdaInMaintenance in $vdaInMaintenances) {
    Set-BrokerMachineMaintenanceMode -InputObject $vdaInMaintenance $false
}

On a side note before we start I’d recommend Chocolatey as an application delivery packaging system to anyone. Far more friendly and easy to use both on the frontend and backend than any other tool I’ve used including SCCM, Symantec Altiris, AppV, AppStack, etc.

Now to the task at hand: You’ve updated a Chocolatey package from its source folder and want to repack it. Lets do that with some PowerShell script.

What Do You Need From Me?

• Make sure to put the proper path in the script by replacing unc with your own.
• Confirm your package works
• If not rinse and repeat. Update the source, repack, retry, until good.

There is a few more tips to give on Chocolatey. Just to drop one I have setup a User & System ran login script, both that run at user login, to drop in choco lines to correct or add new software on the fly. In short instantly deploying a new piece of software across 7,000 VM’s. Many cool things can be done with Chocolatey if you think creatively.

Best Regards
Michael Wood

#------The setup------------

Clear-Host
Write-Host ""
Write-Host " Chocolatey Repackage Utility" -ForegroundColor Cyan
Write-Host "============================================"
Write-Host ""
Write-Host " Why? To repackage an existing Chocolatey" -ForegroundColor Yellow
Write-Host " Package quick like." -ForegroundColor Yellow
Write-Host ""
Write-Host " This only works for packages already made!" -Foreground Red
Write-Host "============================================"

    $PackMe = Read-Host -Prompt ' Repack Name (ie, pdfsambasic)'

Write-Host ""
Write-Host ""


#-------Do the work---------

Write-Host " Results..." -Foreground Cyan
Write-Host "============================================"

    Choco Pack \\unc\Source\$PackMe\$PackMe.nuspec
    $NewPackage = Get-ChildItem -Path "." -Filter $PackMe*.nupkg | ForEach {$_.Name}
    $Overwrite = Test-Path -LiteralPath "\\unc\Packages\$NewPackage"
    
    If ($Overwrite){
    Write-Host "File already exist named $PackMe.nupkg. You'll be prompted if you'd like to overwrite." -ForegroundColor Yellow
    Move-Item .\$NewPackage -Destination \\unc\Packages -Confirm -Force}

    Else {
    Move-Item .\$NewPackage -Destination "\\unc\Packages"
    Write-Host "$NewPackage now available in \\unc\Packages" -Foreground Yellow}

    Start-Process "\\unc\Packages"

Write-Host "============================================"
Write-Host ""
Write-Host ""
Write-Host " Done! Good-bye." -ForegroundColor Green 
Pause