RISC.Blog

Immer bestens informiert – abonnieren Sie hier alle Blog-Artikel per RSS-Feed

CIS – Center of Internet Security

Author: Andrej Gleske Kommentare: 0 Datum: 20 Nov 2018

Einleitung

Dieser Blog beinhaltet die Thematisierung der CIS Security Benchmarks. Hierbei handelt es sich vorwiegend um die Härtung von Betriebssystemen, um eine höhere IT-Security für Unternehmen zu erreichen.

CIS steht für „Center of Internet Security“ und ist eine non-Profit Organisation, welche sich mit IT-Sicherheit befasst und Empfehlungen bzw. Leitfäden bereitstellt.
Die sogenannten Security Benchmarks sind Checklisten, welche Systeme, Prozesse und Unternehmen in Gänze sicherer machen sollen. In der Kategorie des technischen Hardenings von z.B. Windows Server Betriebssystemen enthalten diese Benchmarks primär Konfigurationen von Registry Schlüsseln und Policies.
[ + ] Weiterlesen

RISC@Puppetize Live 2018 in Amsterdam

Author: Oliver Gehrmann Kommentare: 0 Datum: 29 Okt 2018

Anfang Oktober war es endlich soweit. Die Puppetize 2018 stand unter dem Motto „From configuration management to beyond“ vor der Tür und natürlich war auch eine Delegation der RISC bestehend aus Stefan, Mario und mir am Start.

Bei einem Get together am Vorabend hatten wir die Möglichkeit die Community in einem entspannten Rahmen kennenzulernen. Jason Southgate hat es verstanden sein neues Buch „Mastering Puppet 5“ bestmöglich anzupreisen („Don’t buy it, it’s very bad“) und bei Diskussionen ob nun Cloudformation oder Terraform cooler ist gab es auch noch einige Unstimmigkeiten unter den Teilnehmern. 🙂
[ + ] Weiterlesen

AWS Landing Zone – Einführung

Author: Mahir Kukic Kommentare: 0 Datum: 16 Okt 2018

Die Implementierung einer Multi-Account-Umgebung in AWS kann für viele Unternehmen herausfordernd sein. Die Konzeptionierung umfasst viele Aspekte, wie beispielsweise die Definition einer Account Struktur, einzusetzende Services, Security Baselines und Berechtigungen. Die AWS Landing Zone bietet eine Komplettlösung um eine Multi Account Umgebung zu implementieren.

Für Unternehmen ist es effizienter mehrere AWS Accounts für verschiedene Organisationsbereiche oder Projekte einzurichten, statt einen großen Account zu verwalten. Das verschafft eine bessere Übersicht sowie die Unterteilung der einzelnen Aufgabenbereiche. Hierdurch wird eine erhöhte Absicherung erreicht, indem beispielsweise Berechtigungen für spezifische Bereiche festgelegt werden können.

Die AWS Landing Zone bietet eine schnelle und einfache Möglichkeit solch ein Konstrukt aufzubauen, indem eine standardisierte Multi-Account Umgebung, basierend auf AWS best practice Ansätzen, bereitstellt wird.
Dabei wird automatisiert eine Architektur mit grundlegenden Accounts und Diensten geschaffen, die einen sofortigen Einstieg in eine Multi Account Umgebung ermöglicht.
[ + ] Weiterlesen

Inside the AWS Global Infrastructure Platform

Author: Oliver Gehrmann Kommentare: 0 Datum: 28 Mrz 2018

The AWS Platform consists of a huge amount of services to cover nearly all IT relevant use cases. Services can be covered in the following categories:

  • Compute
  • Storage
  • Databases
  • Migration
  • Networking and CDN
  • Dev Tools
  • Management Tools
  • Media Services
  • Machine Learning
  • Analytics
  • Security & Identity & Compliance
  • Mobile Services
  • AR/VR
  • Application Integration
  • Customer Engagement
  • Business Productivity
  • Desktop and App Streaming
  • IoT
  • Game Development

For a better idea of the AWS ecosystem I’ll show you the most useful services for each category in a high-level overview. Before we start it’s important to know the difference between three basic definitions of the global AWS Infrastructure.
[ + ] Weiterlesen

Citrix Package Cloud

Author: Sinisa Sokolic Kommentare: 0 Datum: 29 Sep 2017

So einfach geht’s mit der Citrix Package Cloud!

Sie haben Citrix XenApp oder XenDesktop im Einsatz und wollen eine neue Version installieren oder sogar von XenApp 6.5 auf 7.xx migrieren?

Sie kennen sicherlich das Problem…

Im Wandel der Zeit ist gerade die IT durch neue und immer schnellere Umschlagprozesse bei der Einführung neuer Software Releases gefordert. Nicht selten kommt es vor, dass sich die Unternehmen am Ende eines Projektes und der damit verbundenen Kraftanstrengung direkt der nächsten Aufgabe gegenübergestellt sieht. Die kleinste Unregelmäßigkeit in einem Migrationsprozess lässt Sie direkt den Anschluss verlieren. Dies führt zu großer Frustration, da der Begriff Tagesgeschäft somit immer mehr dem Gefühl eines dauerhaften Belastung-Peeks im Arbeitsalltag weicht. Know-How das sie sich als Unternehmen teuer am Markt in Form von Beratungsleistung einkaufen, schafft ohnehin nur selten einen Transfer auf die internen Leistungsträger. [ + ] Weiterlesen

SCCM 2012 R2 – Online vs. Offline Updates

Author: Martin Schmittbetz Kommentare: 0 Datum: 30 Jun 2017

Jeder, der heutzutage SCCM im Einsatz hat, kennt den zyklischen Aktualisierungsumstand. Microsoft hat das Update Intervall deutlich erhöht und unterstützt in diesem Zusammenhang nicht mehr alle Vorgängerversionen.

Wie geht man damit um?

In vielen Unternehmen stellt sich die Frage, wie mit solchen Updates zu verfahren ist. Der SCCM bietet für einen einfachen Aktualisierungsablauf den Online Modus des Service Connection Points an. Updates und Hotfixes werden direkt bei Microsoft heruntergeladen und in der Konsole des SCCM anschließend zur Installation bereitgestellt.

Eine weitere Möglichkeit stellt der Offline Modus dar; mit diesem müssen die Updates manuell bei Microsoft heruntergeladen und bereitgestellt werden.
[ + ] Weiterlesen

Step-by-Step – Install Citrix XenApp 7.13 Server VDA

Author: Sinisa Sokolic Kommentare: 0 Datum: 06 Apr 2017

Hello and welcome to the next part of the series dealing with the installation of a Citrix XenApp / XenDesktop 7.13 on Windows Server 2016.

This is the manual part were we are doing a next, next, I agree walk-through for all of you that are new to Citrix XenApp or want to see what changed in the installation from older versions.

Be sure to take a look at the prerequisites befor moving on:

Supported operating systems:

  • Windows Server 2016, Standard and Datacenter Editions
  • Windows Server 2012 R2, Standard and Datacenter Editions
  • Windows Server 2012, Standard and Datacenter Editions
  • Windows Server 2008 R2 SP1, Standard, Enterprise, and Datacenter Editions

The installer automatically deploys the following requirements, which are also available on the Citrix installation media in the Support folders:

  • Microsoft .NET Framework 4.5.2 (4.6 and 4.6.1 are also supported)
  • Microsoft .NET Framework 3.5.1 (Windows Server 2008 R2 only)
  • Microsoft Visual C++ 2008 SP1, 2010 SP1, and 2013 Runtimes (32-bit and 64-bit)

The installer automatically installs and enables Remote Desktop Services role services, if they are not already installed and enabled.

You are ready?

Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.

Click START either in the XenApp or XenDesktop line.

2016-10-30-13_06_45-xendesktop-7-11

On the next screen Choose Virtual Delivery Agent for Windows Server OS.

On the next screen choose “Enable connections to a server machine” because we haven´t installed Provisioning Services yet. Click NEXT.

Leave the option for Citrix Receiver enabled and choose NEXT. You could also uncheck the Citrix Receiver option if you don´t want to create shortcuts through Citrix Receiver or do not want to test double-hop scenarios.

On the next screen choose if you want to to be able to integrate App-V packages on your VDA. if will leave the checkmark enabled. This gives us the chance to install the App-V infrastructure later. Click NEXT.

In the next screen choose to configure the location of the Delivery Controller manually. In a later configuration step we will configure it via Group Policy.

If you want to dive deeper into the configuration options I suggest the “VDA Configuration Options – Part 1” Blog Post by Martin Zugec which brakes down the configuration options to those 5 possibilites:

  1. Auto-Update Method
  2. Policy-based Method (LGPO or GPO)
  3. Registry-based Method (Manual, GPP, specified during installation)
  4. AD-based Method (Legacy OU discovery)
  5. MCS-based Method (Personality.ini)

For now we should be fine with “Do it later”. NEXT.

The installer will ask us one more time if we are sure. Yes we are. Confirm the message with YES.

Leave all the next Features enabled because it should be fine for our lab or test environment.

Optimize performance will set some optimizations for the VDA (only in virtual environments) that you can check here. In enterprise environments I would create a GPO for that optimizations to be in full control of the optimizations. I created a GPO template for that you can download here.

The Remote Assistance Feature is necessary for our support staff. We won´t be able to shadow users if we don´t install that feature. You might remember, we also installed Remote Assistance on the Controller were Citrix Director was installed.

Use Real-Time Audio Transport for audio to enable  use of UDP for audio packets.

Framehawk opens the UDP ports used by Framehawk. Have a look at http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/hdx/framehawk.html to get ore information about Framehawk. Citrix recommends that you enable Framehawk only for users experiencing high packet loss. It is also recommended that you do not enable Framehawk as a universal policy for all objects in the Site.

Enable Citrix App-V publishing components enables the VDA to launch App-V packages. Further information can be gathered here: http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/install-configure/appv.html

Click NEXT.

We will leave the Firewall settings as suggested. Click NEXT.

The next step shows us a summary of our installation settings and the warning that the installed VDA won´t register with a Citrix Delivery Controller. We´ll configure it later.

Let´s scroll down a bit to see the Features and Firewall settings that are part of the installation. Click INSTALL.

The server will reboot several times. The installation will resume automatically after logging back in.

Reboot.

Resume after reboot.

After completion we can configure the Call Home feature. If you participate your configuration and usage data will periodically be sent to Citrix. You will be able to log in to Citrix Insight Services that I will explain in a seperate blog post. If you´re curious browse to https://cis.citrix.com and have a look for yourself.

Click I want to participate in Call Home and click CONNECT the type in your User name and Password. Click OK.

When you´re done click NEXT.

At the end click FINISH and the server will reboot one last time.

If we look at Programs and Features you will see the installed programs.

And that´s it for today. We installed the Server VDA on Windows Server 2016 with the help of the graphical user interface and with default options.

Cheers,

Sinisa

 

Step-by-Step – Install Citrix XenApp / XenDesktop 7.13 Delivery Controller

Author: Sinisa Sokolic Kommentare: 0 Datum: 05 Apr 2017

Hi and welcome to the next blog post of a series covering the installation of infrastructure components for Citrix XenApp 7.13 on Windows Server 2016.

The overview of the published blog posts can be found on this page: https://www.sinisasokolic.com/citrix/.

This is the manual part were we are doing a next, next, I agree walk-through for all of you that are new to Citrix XenApp or want to see what changed in the installation from older versions.

Be sure to take a look at the prerequisites before moving on:

Supported operating systems:

  • Windows Server 2016, Standard and Datacenter Editions
  • Windows Server 2012 R2, Standard and Datacenter Editions
  • Windows Server 2012, Standard and Datacenter Editions
  • Windows Server 2008 R2 SP1, Standard, Enterprise, and Datacenter Editions

Requirements:

  • Microsoft .NET Framework 3.5.1 (Windows Server 2008 R2 only).
  • Microsoft .NET Framework 4.5.2 (4.6 and 4.6.1 are also supported).
  • Windows PowerShell 2.0 (included with Windows Server 2008 R2) or 3.0 (included with later supported Windows Server versions).
  • Visual C++ 2008 SP1 Redistributable package.

Databases

Supported Microsoft SQL Server versions for the Site Configuration, Configuration Logging, and Monitoring databases:

  • SQL Server 2016, Express, Standard, and Enterprise Editions.
  • SQL Server 2014  through SP2, Express, Standard, and Enterprise Editions. By default, SQL Server 2014 SP1 Express is installed when installing the Controller, if an existing supported SQL Server installation is not detected.
  • SQL Server 2012 through SP3, Express, Standard, and Enterprise Editions. 
  • SQL Server 2008 R2 SP2 and SP3, Express, Standard, Enterprise, and Datacenter Editions.

The following database high availability solutions are supported (except for SQL Server Express, which supports only standalone mode):

  • SQL Server AlwaysOn Failover Cluster Instances
  • SQL Server 2012 AlwaysOn Availability Groups
  • SQL Server Database Mirroring

Windows authentication is required for connections between the Controller and the SQL Server database. Have a look here for further information about databases and requirements.

You are ready?

Insert the DVD in the drive or mount the ISO file. If the installer does not launch automatically, double-click the AutoSelect application or the mounted drive.

Click START either in the XenApp or XenDesktop line.

Choose Delivery Controller on the left side of the next screen.

On the next screen accept the license agreement and choose NEXT.

Now you can choose the core components that will be installed along with the Delivery Controller. I will choose to install Citrix Studio and Director. In bigger enterprise environments I would suggest you install both consoles on one administrative VDA where only administrators can log on. On this system additional tools like GPMC for Group Policy editing purposes could be installed.

Because we will use Microsoft SQL Server as a database on a seperate system we won´t choose SQL Express and it wouldn´t fit in an enterprise environment as well. The database for an enterprise class Citrix XenApp environment should be clustered or replicated over more than one system.

Remote assistance is needed for shadowing users with Citrix Director.

We won´t change the firewall settings in the next screen and will leave it as it is. Click NEXT.

Check the summary page and click INSTALL.

The installer takes care of all the prerequisites.

After completion we can configure the Call Home feature. If you participate your configuration and usage data will periodically be sent to Citrix. You will be able to log in to Citrix Insight Services that I will explain in a seperate blog post. If you´re curious browse to https://cis.citrix.com and have a look for yourself.

Click I want to participate in Call Home and click CONNECT the type in your User name and Password. Click OK.

If you´re connected successfully you will see a green checkmark left to the CONNECT button.

Now we´re done with the installation and the next step is to click on FINISH. If you want to launch Studio leave the checkmark active, otherwise leave it blank.


And with that we are done for today´s manual installation of the Citrix Delivery Controller for XenApp 7.13 on Windows Server 2016. I hope you found it usefull.

Cheers,
Sinisa

Citrix XenApp Login Times – There is always (simple) room for improvement

Author: Sinisa Sokolic Kommentare: 0 Datum: 04 Apr 2017

Last week I had the chance to visit a new customer. I was introduced as Citrix geek with a lot of experience and had to troubleshoot slow logon times and a few other problems the customer had in his Citrix XenApp environment ;-). This is what I like the most 🙂

I started with a few questions regarding the setup of the environment and asked which problems the customer had. It turned out that is was a small environment with 10 VDAs running Windows Server 2012 R2 with Citrix XenApp 7.6.0.5026. [ + ] Weiterlesen

Step by Step – Configure Microsoft RDS Licensing on Windows Server 2016

Author: Sinisa Sokolic Kommentare: 0 Datum: 20 Mrz 2017

Hi and welcome everybody to the next blog post of a series about installing and configuring Citrix XenApp 7.13 on Windows Server 2016. After the sucessfull installation of the Microsoft Remote Desktop (RDS) Licensing component we now need to configure it.

So today we will configure Microsoft RDS Licensing. The RD Licensing Manager can be started over a Start Menu link or through a link in the Servermanager. It is not necessary to add RDS Licenses if you are in a lab environment because the License Server will issue temporary licenses for 180 days and in most cases this should be sufficient for a few tests or demos.

The first thing you will notice is that the License Server is not activated. You can see that on the red mark left to the server name.

2016-10-30-17_54_47-server-manager

If you right click on the server name you can open the configuration of the server. You can see that the Discovery Scope of the License Server is configured to Domain.

2016-10-30-17_54_56-homewap0002-configuration

To change the scope the user we use to reconfigure this option needs to have Enterprise Admin privileges in Active Directory. Click CONTINUE.

2016-10-30-17_55_08-rd-licensing-manager

In the next screen you can choose The forest. Click OK.

2016-10-30-17_55_17-rd-licensing-manager

Choosing Forest makes this Licensing Server available to multiple domains within the forest. Click OK again to finish the configuration for the scope.

2016-10-30-17_55_27-rd-licensing-manager

In the next step we will add this License Server to the Terminal Server License group. Without this configuration the License Server won´t issue CALs to users and no reporting will be possible. Click ADD TO GROUP.

2016-10-30-17_55_36-rd-licensing-manager

In the next screen click CONTINUE.

2016-10-30-17_55_41-desktop

Click OK in the next screen to finish the configuration.

2016-10-30-17_55_46-desktop

The next screen shows green checkmarks for all configuration items. Click OK.

2016-10-30-17_55_50-desktop

Now right click on the server name again and start the Activate Server Wizard. Click NEXT.

2016-10-30-17_56_47-activate-server-wizard

There are a few options you can choose to activate the license server. I have internet access and therefor I will leave it on Automatic connection (recommended).

2016-10-30-17_56_55-desktop

In the next screen type in your First name, last name, company and Country. Click NEXT.

2016-10-30-17_57_25-rd-licensing-manager

Add further company information. Click NEXT.

2016-10-30-17_57_53-rd-licensing-manager

With the next screen we are ready to activate the license server. Leave the checkmark next to Start Install Licenses Wizard now activated.

2016-10-30-17_58_05-rd-licensing-manager

The Activate Server Wizard opens. Click NEXT.

2016-10-30-17_58_14-desktop

Again we have a few options to choose for a license program. As Microsoft partner we have access to a few licenses. I will leave License Pack (retail Purchase).

2016-10-30-18_04_14-activate-server-wizard

On the next screen we need to type in a License code. Click ADD and NEXT.

 

We´re done with adding Licenses. Click FINISH.

2016-10-30-18_05_23-rd-licensing-manager

Now you should be able to see the newly added Licenses in the RD Licensing Manager.

2016-10-30-18_12_09-rd-licensing-manager

That´s your Microsoft RDS Licensing server on Windows Server 2016.

Cheers,
Sinisa