Skip to main content

XenDesktop and Active Directory Integration

You have to start testing the XenDesktop beta and go to the XenDesktop forums to have your questions answered.

This is a snippet copy/paste from the Citrix Blog:

If you have followed the discussions in the XenDesktop forums, or - even better - if you've tried the beta version of XenDesktop, you'll be aware that it integrates with Active Directory. Indeed, in particular the Desktop Delivery Controller (DDC - the component responsible for brokering end users to their virtual desktops) has a strong dependency on AD, and stores some data in AD that relates to security and determines how virtual desktops discover and communicate with desktop delivery controllers. Several questions have come up on this integration, and on what is actually stored in Active Directory. This post will show in more detail what's going on under the covers. Just a note of caution: the information in this post reflects the beta release of XenDesktop; however we're not expecting major changes in this area in the final release.

When you install a DDC server, an "AD set-up wizard" will start towards the end of the installation. When you install the first DDC in a farm, the wizard will ask you for the location of an OU, and will populate it with the data that XenDesktop needs to link up virtual desktops and DDCs, and to secure their communication paths. Whenever you install an additional DDC or remove one, the wizard will also start, and add or remove the DDC-specific information from that OU, although you won't typically see this, because it happens without the wizard GUI actually popping up. You can also run the wizard manually at any time, it's installed in the start menu on a DDC, and you can also run it from the command line (c:\program files\citrix\xendesktop server\adsetup.exe; use the 'rungui' option to start the GUI wizard).

When the wizard is running for the first time, it asks you to choose an OU for that farm, as shown in the previous screen shot. Every DDC farm needs a separate OU. The OU can be at an arbitrary level of a domain, and the OU does not need to contain the computer accounts for either the virtual desktops or the DDC servers (although it'd be best practice for the DDC servers to live in the farm's OU). If the user running the wizard has sufficient privileges, they can choose to create a new OU (tick the check box in the wizard). Alternatively, a domain administrator can pre-create an empty OU, and give the XenDesktop administrator running the wizard sufficient delegated privileges over that OU (you'll need 'create child' permissions). In that case, you should select that empty OU in the wizard by using the AD browser, as shown in the example above.

Now let's look at the data that shows up in the OU after the wizard has completed. The following screen shot shows that the OU contains one security group, one service connection point (SCP), and a container that contains another service connection point object:

The 'Controllers' security group is used by virtual desktops to ensure that only authorized DDCs that are members of the farm can broker and control connections (I'll explain how virtual desktops figure out where to find this security group in a moment). Whenever a DDC invokes one of the web services implemented by the virtual desktop, the VDA (Virtual Desktop Agent, the XenDesktop component that you install on a virtual desktop) will check that the caller is a member of this security group. When you add DDCs in the AD set-up wizard, as shown in the following screen shot, one of the things it does is to add the computer account for the DDC into this security group. Because the OS service that invokes web services on the VDA runs using the NetworkService predefined account on the DDC, the VDA will see incoming calls as using the DDC's computer account. You need to exercise caution in which computer accounts are made a member of this group, because all VDAs in your farm will trust these computers to control them.

Read the whole article here!

and for beta, Register Now to Download

Comments

Popular posts from this blog

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…

Avastu Blog is migrating to IdeationCloud.com; 1st Jan 2009 live

YOU DON'T HAVE TO DO ANYTHING. WITHIN 2 SECONDS YOU WILL BE REDIRECTED TO THE NEW HOME OF AVASTU BLOG. PLEASE DO UPDATE AVASTU BLOG'S URL to : http://www.ideationcloud.com on your website.

I will send out emails personally to those who are using my link(s) on their sites.

Thanks much for your co-operation and hope you enjoy the new site and its cool new features :-)




Not like the site is unlive or something..on the contrary, its beginning to get a lot of attention already. Well most of the work is done, you don't have to worry about anything though:

What won't change

Links/Referrals: I will be redirecting the links (all links which you may have cross-posted) to IdeationCloud.com - so you don't have to do anything in all your posts and links. Although, I would urge however that you do change the permalinks, especially on your blogs etc yourselfThis blog is not going away anywhere but within a few months, I will consider discontinuing its usage. I won't obviously do …

Redhot Future Of IT Part 2 :Virtualized Workplaces

Click on the title to hear what I have to say, alternatively click here to listen to what I have to say here.

So what is a virtualized workplace? Does it mean it does not exist? That it's virtual? Well in a certain way YES. This is where the future of our workplace is going to be. Well it is already a reality in some countries.

OK lets start by asking ourselves these questions:
Do you really bond with your colleagues? (think Team cohesiveness)
Do you spend great amount of hours talking about great things that you will do together? (think collaboration)
Do you really feel that you give 100% at work? (think effectiveness)
What do you really miss at your desk? (think personalization)
Is your desk comfortable enough? (Again think optimizing personalization, OK you have done your best to make it your place)Does it really matter to your employer that you are there for him/her? (think commitment)
Or do you get micromanaged over petty issues? (think mismanagement)
Do you see your employees perfor…