Purpose Built for Desktop Virtualization

erosjellyΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 6 μήνες)

556 εμφανίσεις

1

What’s New in Pano System 4.5


April 20, 2011

Copyright © 2011 Pano Logic, Inc.

2

Contents


One Page Summary


What’s New in Pano System 4.5


Upgrading to Pano System 4.5






Disclaimer


This is document is intended for use as a guideline, for information purposes only, and
is subject to change at any time without notice. Any one of the milestones, features,
release periods or versions could change at any time.

© Copyright 2011 Pano Logic, Inc.

3

Summary

Feature

Function

Benefit

XenDesktop 5

Run Pano System

with XenDesktop 5 as the
connection broker on
XenServer

or VMware
vSphere

virtual infrastructure

Run Pano zero

clients with Citrix’s newest version
of XenDesktop

Windows 7 64
-
bit

Support for desktops

running

64
-
bit version of
Windows 7

Take full advantage of Windows 7 64
-
bit features
in a virtual environment

User Experience Improvements

Optimizations

to Pano Direct Service allow
various operations and interactions to perform
better

End

users will experience better performance
using common applications

Pano Remote Security
Improvements

New security model allows tighter access
control to virtual desktops

Enforce access to virtual desktops on a per

client
basis (requires new serialized Pano Remote keys)

Security Updates for Pano
Manager virtual machine on
vSphere

Pano Manager virtual appliance

for the
VMware
vSphere

platform has been updated
with the latest Linux security patches

Updates

result in a more secure virtual appliance

Upgrade of Pano Direct Service
from the Pano Manager

Control the remote upgrade of Pano Direct
Service from within the Pano Manager
administrator interface

Upgrade

Pano Direct Service more easily and
efficiently

Password Change

Allow end users to reset expired password via
the Pano zero client or Pano Remote

Allow end users to reset expired passwords
without needing assistance from the help desk

Maintenance Fixes and
Enhancements

Various fixes and enhancements based on
feedback from customers.

Experience

a more reliable, capable and easy to
manage system.

© Copyright 2011 Pano Logic, Inc.

4

Pano System Multi
-
Platform Support


Pano System 4.5 adds support for

XenDesktop 5


Pano System 4.1 added support for XenDesktop 4


Citrix Ready Community Verified
status


Search
http://community.citrix.com/citrixready


Download/Install Time Decision


Pano System 4.5 software components support all 3
major virtualization platforms


Pano Manager available in three different forms (one
for each platform) to ease the installation process

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

5

Desktop Delivery
Controller (DDC)

Pano +
XenDesktop

Architecture

Copyright © 2011 Pano Logic, Inc.

Pano
Manager

Directory Service

DHCP

DNS

XenDesktop

Controller

DVM

DVM

DVM

DVM

Hypervisor:
XenServer

/
vSphere

Machine Creation
Services

PDS

Xen

Load Balancer

Data Center

Work Location

Pano Device

Provisioning
Services

XenDesktop 5

6

DDC Redundancy/Scalability


Pano Manager communicates with XenDesktop via the
Xen

Controller which is not inherently redundant


Pano Manager connects to the Controller through the
Controller’s XML Service


Network load balancers may be placed in front of
multiple instances of the Controller XML Service for
redundancy


Pano Logic tested with Citrix
NetScaler


Physical appliance:
NetScaler

9


Virtual appliance:
NetScaler

9.2


Non
-
Citrix load balancers should also work


Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

7

Installation of Pano w/ XenDesktop


Verify XenDesktop configuration


Make sure you are using supported components & versions


Download and import Pano Manager VM into
XenCenter


Configure Pano Manager


Install Pano Direct Service


Prerequisites:
XenServer

Tools and XenDesktop Virtual Desktop
Agent


Pano Remote and Pano Gateway


Pano Remote and Pano Gateway can be used as normal


Will utilize Windows Terminal Service Gateway and RDP (not
ICA/HDX)

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

8

Supported Components & Versions


XenDesktop 5


Version: 5.0


Editions: VDI, Enterprise or Platinum


XenDesktop Controller


Version: 5.0


Hypervisors


XenServer 5.6, Standard or Enterprise Editions


VMware vSphere 4.1 (ESX/ESXi 4.1 and vCenter Server 4.1)


XenTools


Version: 5.6


Citrix Provisioning Services


Versions: 5.6 SP1


Citrix NetScaler


Physical appliance: NetScaler 9.2


Virtual Appliance: NetScaler VPX 9.2

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

9

Download & Import Pano Manager


Download PanoManager.zip from
download.panologic.com


From
XenCenter
, select
File

Appliance

Import…


Follow prompts for
XenServers
/Pools; SRs; Network; Security
Settings


On Advanced Options page,
uncheck

“Run Operating System
Fixups
” options


Verify setting and finish the wizard


Import may take 15
-
25 minutes


Select newly created VM and click on Network tab


Launch Properties dialog and select the option to Auto
-
generate a MAC address


Start the Pano Manager VM and observe boot progress

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

10

Configure Pano Manager


Initial setup of the Pano Manager VM is unchanged


Network address and passwords


Directory Configuration (required) is unchanged


Virtualization Configuration section must be left blank


Broker Configuration


Select Citrix XenDesktop


Enter the URL for the XenDesktop Controller


If load
-
balancing Controllers, enter address of load
-
balancer


All other sections of the Setup tab are unchanged

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

11

Pano Manager Configurations

Pano

Manager
Configuration

#
Pano

Manager VMs

Redundant
?

Maximum
Clients/DVMs

Single

1

No

500

Scalability Group

2

No

1000

Failover Group

2

Yes

500

Failover Group with
Scalability

3

Yes

1000

Copyright © 2011 Pano Logic, Inc.


Failover works the same regardless of virtualization platform


Primary node services requests under normal conditions


Secondary

node automatically takes over when primary stops
responding (also offloads some client processing from primary)


Recover

of primary node after failure and return to full
redundancy requires a simple, but
manual step


Third node can be added to offload additional client processing

XenDesktop 5

12

Install Pano Direct


Installation Order Matters

1.
XenServer

Tools

2.
XenDesktop Virtual Desktop Agent

3.
Pano Direct Service


To upgrade a
Xen

component…


First uninstall PDS; upgrade
Xen

component; reinstall PDS


See next slide for guidance on installing/upgrading PDS
for each XD Machine Type

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

13

XD Machine Types

Copyright © 2011 Pano Logic, Inc.

Machine
Type

Required

Service

Supported

w/ Pano?

Install PDS

Upgrade PDS

Pooled

Machine

Creation
Services

Yes

Master VM

Master

VM

Dedicated

Machine

Creation
Services

Yes

Master VM

Via

Pano Manager

Existing


--

Yes

Manual
ly for
e
ach VM

Via

Pano Manager

Physical


--

No

N/A

N/A

Streamed

Provisioning
Services

Yes

vDisk

vDisk

XenDesktop 5

14

Pano Remote & Pano Gateway


Pano Remote and Pano Gateway can be used as
normal


Will utilize Windows Terminal Service Gateway and RDP
(not ICA/HDX)


Make sure to add users to the “Direct RDP Access
Administrators” group for each DVM


See
http://support.citrix.com/article/CTX121657

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

15

Limitations of Pano on
XenDesktop

1.
Microsoft Hyper
-
V hypervisor is not supported

2.
Pano does not use the HDX/ICA protocol

3.
Pano devices and HDX/ICA clients cannot access the same DVMs

4.
Isolation between Pano and ICA desktop groups must be maintained

5.
Roaming between Pano devices and HDX clients is not supported

6.
On windows 7, the login process via HDX will be disabled
automatically by the Pano Direct Installer

7.
All connection brokering is performed by XenDesktop, which does not
support the device
-
based concept; you cannot configure anything
other than a “Citrix XenDesktop” collection

8.
End users cannot restart, reset or trash a DVM from the Options dialog

9.
Smart card, biometric or other USB authentication devices are not
supported

Copyright © 2011 Pano Logic, Inc.

XenDesktop 5

16

64
-
bit Windows 7


PDS now supports 64
-
bit Windows 7


Separate MSI: PanoDirect_Win7_x64.msi


Requires

new Authenticode certificate


Required for manual or silent installs


Certificate is named PanoLogicAuthCode.cer


Install as Trusted Publisher in local certificate repository or
via GPO


Certificate supports installation of PDS on both 32
-
bit and
64
-
bit Windows 7


See Online Help for instructions


Same set of USB devices expected to work as long as
device driver is supported on 64
-
bit Windows 7

Confidential Pano Logic

64
-
bit Windows 7

17

User Experience Improvements


Multiple optimizations implemented in Pano
Direct Service 4.5


Pano G2: video playback and general display


Pano G1: primarily general display


Confidential Pano Logic

User Experience

18

Pano Remote: Improved Security


New architecture improves security and allows
basic access control on a per
-
device basis


Three components have changed in this release


Physical USB key


Keys purchased after April 20, 2011 will have a unique serial
number


PanoRemote.exe


Executable installed on the key has been updated


Pano Gateway


New architecture utilizes local accounts and does not require
the gateway server to be joined to the domain


Requires Windows Server 2008 R2


RDS Gateway (
fka

Terminal Services Gateway)

Confidential Pano Logic

Pano Remote

19

Pano Remote: Improved Security


Serialized Pano Remote keys


Starting with 4.5, new Pano Remote keys will come with a
unique serial number


Allows administrators to block a key from being used


Serialized keys need to be registered before use


Auto Registration options


Allow Auto Registration from anywhere


First time a key is used, it is automatically registered


Allow Auto Registration from LAN


Key must be used for the first time on a LAN, at which point it is registered.
Subsequent use can be from anywhere


Disallow Auto Registration


New keys are added to the Clients tab when they are used on the LAN the
first time, but are automatically disabled. An administrator must enable the
key via the Clients tab before an end user can use it.

Confidential Pano Logic

Pano Remote

20

Pano Remote: Improved Security


Legacy (non
-
serialized) keys


Keys produced prior to Pano System 4.5 cannot be
serialized


Upgrading to PanoRemote.exe does not create a serial
number


Legacy keys can be…


Allowed within the corporate network


Allowed outside the corporate network


Not allowed

Confidential Pano Logic

Pano Remote

21

Pano Remote

Confidential Pano Logic

Pano Remote

22

Pano Remote

Confidential Pano Logic

Pano Remote

Note
: Disable Client may also be used with Pano zero clients. This may be useful if you have
multiple independent Pano Managers on the same network.

23

Pano Remote Architecture

External Network

DMZ

Internal Network

Windows Server 2008 Terminal
Services Gateway computer*

RDP over HTTPS

Firewall listening for
HTTPS traffic (port 443)

Pano Gateway

Firewall listening for

HTTPS traffic (port 443)

RDP (port 3389)

Pano Manager

Pano Manager determines
appropriate virtual desktop
for user

* Can be virtual machine

24

Pano Remote Architecture

External Network

Internal Network

Pano Gateway

Firewall listening for

HTTPS traffic (port 443)

RDP (port 3389)

Pano Manager

Pano Manager determines
appropriate virtual desktop
for user

RDP
Gateway

IIS

Local
Accounts

DMZ

HTTPS

RDP over HTTPS with Local Account access to Gateway

RDP over HTTPS to user Virtual Machine

Firewall listening for
HTTPS traffic (port 443)

25

Pano Manager VM Security Updates


Pano Manager virtual appliance updated with
latest security patches


Only the VM for the
vSphere

platform has been
updated


Updates for
XenServer

and Hyper
-
V will come later


To take advantage of these patches…


Install fresh v4.5 virtual appliance (full OVF)


Create a backup of existing Pano Manager database


Restore the backup into the new Pano Manager


If the new Pano Manager VM has a different IP
address than original and you are using DHCP
discovery, make sure to update DHCP server

Confidential Pano Logic

Pano Manager

26

Upgrade PDS from Pano Manager


New “Upgrade desktop…” option available on the DVMs tab


Upgrade one or more existing PDS


PDS must be ver. 3.5.0 or newer


Upgrade not allowed if a user is logged in


Steps to perform upgrade


Configure DVMs’ policies for remote silent install


Windows 7: Install Authenticode certificate in Trusted Publishers (see
online help
)


Windows XP: Set GPO “Devices: Unsigned driver installation behavior
Properties” to “Silently succeed” (see
online help
)


Copy installer (MSI) for PDS to network share


Select set of DVMs to upgrade


Specify location of appropriate MSI on the network


Specify user credentials that has Admin rights on the DVMs


Upgrades occur immediately and DVM will be rebooted


Users will be prevented from logging into the DVM while upgrade is in progress


Upgrades for any DVMs with users logged in will be skipped


Results of upgrade are written to the Pano Manager log




Confidential Pano Logic

PDS Upgrade

27

Upgrade PDS from Pano Manager

Confidential Pano Logic

PDS Upgrade

28

Password Change


Pano login screen now allows end users to reset
an expired password


Works for all cases


OS: Windows XP and Windows 7


Broker: Pano Manager, View and XenDesktop


Client: Pano zero clients and Pano Remote


Workflow


Pano Manager detects expired password and
prompts user to change


Pano Manager submits change to the Directory
Service


User is returned to the login screen so they can login
with new password

Confidential Pano Logic

Password Change

29

Customer Reported Issues Addressed
by Pano System 4.5

Description of Fix/Enhancement

ID

Change passwords via

the Pano Login screen

4715

Support for
OmniKey

3121 Smart Card

5256

Support password change with VMware View

4754

Error code 0x3000001b if Terminal

Services Gateway specifies a security
group in TS_RAP

5341

Support for
Windows+L

key combination to lock the screen in Windows 7

4679

USB Device / COM Port Renumbering

4470

Support for Recent BlackBerry models

3520

Support for
TellerScan

Check Scanner

3062

Display Performance when using
GoToMeeting

5634

Pano Manager performance with large DVM collections

5636

Copyright © 2011 Pano Logic, Inc.

30

Customer Reported Issues Addressed
by Pano System 4.5

Description of Fix/Enhancement

ID

Support for
Upek

TouchChip

fingerprint scanner with Windows 7

5358

Manual backups

of Pano Manager occasionally fail

5690

Assignments for Orphaned DVMs

5695

Windows Crashes in VMware Display Driver

5233

DVM hang

caused by interaction with anti
-
virus software

5598

Pano

Audio driver causes Windows

to crash

5759

Pano Control Panel reflects OEM branding

5660

Copyright © 2011 Pano Logic, Inc.

31

Upgrading to Pano System 4.5


Pano Manager


Upgrade Pano Manager before Pano Direct
Service


Upgrades from 3.0, 3.5, 4.0 and 4.1 are
supported


Pano Direct Service


Upgrades from 3.0, 3.5, 4.0 and 4.1 are
supported

© Copyright 2011 Pano Logic, Inc.

32

Component Versions No Longer Supported


Support for the following platform component
versions have been dropped as part
of the 4.5
release:


Supported virtualization platforms


VMware Virtual Infrastructure 3


ESX/
ESXi

3.5 (any and all updates)


vCenter

Server 2.5 (any and all updates)


Supported Pano Gateway server


Windows Server 2008 Terminal Services Gateway


Note that Windows Server 2008 R2 Remote Desktop
Services is supported

Confidential Pano Logic