Again, B-Critical is attending E2EVC Virtualization Conference in Berlin. E2EVC is a non-commercial, virtualization community event for engineers to engineers. The main goal is to bring the best virtualization experts together to exchange knowledge and to establish new connections. B-Critical is attending E2EVC LEGEND in June 2019 in Berlin with quite a number of consultants: Ronald Grobben (@rgrobben1), Sander van den Brom (@s_vandenbrom) and Nico van der Stok (@nicovanderstok).
Thursday June 6, 2019
On Thursday, June 6 2019, we traveled by KLM flight from The Netherlands to Berlin Tegel and checked-in to the B&B Berlin Tiergarten hotel. This hotel is next to the venue location for E2EVC, Novotel Berlin Tiergarten. We landed 1,5 hours late due to thunderstorms above Berlin, so we had a (very) late diner at Burger King Tiergarten.
Day 1 Friday June 7, 2019
Sharp 10 AM surprisingly, Alex Cooper welcomed all, 200-300 attendees at Novotel. The name “E2EVC” still is just an alias for the original name “PubForum”, just to fool the wives back home. The first Beers, Whiskeys and Limoncello were available before 11 AM:
Off course some great gadgets were waiting for us, as Alex announced. It looks like Citrix is no longer a sponsor anymore for E2EVC, the Platinum sponsorship has been taken over by VMware:
Alex had a great announcement. Sponsored by VMware, tonight we will have the Highest Held Virtualization Conference, in the Berlin TV Tower, at 207 meters above ground!
The first presentation of the day. “Freshly baked ControlUp – traditional greeting session!”. It is now awell-established E2EVC tradition to kick-start the conference with the latest innovations in EUC monitoring and management from ControlUp. As usual, we saw exciting new ways of monitoring virtualization infrastructures, managing virtualized user workloads, and monitoring user experience, presented by Eugene Kalayev.
In the second presentation Gerko van Veen and Dennis van Dam brought the T4Change tool for migrating Ivanti Workspace Control (former RES ONE Workspace) to Ivanti User Workspace Management (former AppSense). This tool, build by Jeroen van Keimpema (former B-Critical) is great for companies that want or need to migrate from IWC to UWM.
In session 4, Christiaan Brinkhoff and Bas van Kaam presented their new “Book Project Byte-Sized”. The idea behind this project is simple, they were looking for as many Cloud design principles, best or common practices, quotes, and architectural recommendations as possible. Forget about AWS, Azure, Google, IBM, Oracle, and all others, it’s the concept that matters, not the underlying vendor – 99 out of 100 times anyway. It can involve SaaS, IaaS, DaaS, PaaS, RaaS, or whatever aaS you can think of – private, public, or hybrid Cloud are all optional. General recommendations have been noted in the book. https://www.bookprojectbytesized.com/
Session 5. Shawn Bass, CTO from VMware, is a recognized expert in the End User Computing industry. With more than 20 years of consulting experience, he has worked with all facets of End User Computing (Terminal Services, Virtual Desktops, Application Virtualization and Enterprise Mobility Management) since the very beginning of these technologies. Shawn gave the tip to enable “Shawn Base Speed Listening” mode to be able to understand what he was saying. Shawn took us in the End-User Computing (EUC) State of the Union from VMware. VMware Cloud on AWS, VMware working together with Microsoft and even Citrix. Citrix Virtual Apps and Desktops running on VMware Cloud on AWS? Yes, please!
Shawn: “Have you seen Citrix Synergy, did you think they brought great ideas! If you’ve been using VMware Horizon, you’ve been using them already!”.
Next session after lunch. “The Modern Workplace + Windows Virtual Desktop – Best of Both Worlds!” by Christiaan Brinkhoff. Windows Virtual Desktop (WVD) will use ARM Templates in GitHub, provide Windows Search now per user, there is no RDP over UDP yet and just be available in the East USA, for now. WVD will be partnering with Samsung DeX. FSLogix is available for free for on-premises with Profile Containers, App Masking, Java Redirection and Filter drivers.
Christian Drieling from IGEL talks about “The Next Gen OS for Cloud Workspaces”. This is IGEL OS 11. The term “Thin Client” is dirty and a banned word at IGEL. IGEL’s continued growth and disruption in EUC focuses on its own operating system and integrating with the ecosystem of vendors in the EUC space, on-premises, Citrix, VMware or AWS Workspaces. The August 2019 version will have WVD support. With IGEL Cloud Gateway it will be possible to secure shadow IGEL devices outside the company network. The next generation UMS Console will be built on HTML5, have unattended UMS deployment and unattended HA node deployment. We all received a IGEL UD Pocket client on USB-stick.
Jeremy Moskowitz is presenting remotely. He is also the founder of PolicyPak Software and author of the upcoming book on Intune, Autopilot and Azure. At E2EVC he brings the MDM (Mobile Device Management) State of the Union 2019 Edition. Where does MDM shine? And where does it have showstopper issues. https://www.mdmandgpanswers.com/
Next: Parallels RAS – What’s new? The simplified way of application and desktop delivery to any device! During this session, Christian Aquilina, Parallels Program Manager, is presenting a wide range of Parallels Remote Application Server (RAS) v17 capabilities and how Windows based application, Desktops and VDI are quickly and easily delivered to any device, anywhere. New core features in Parallels RAS:
- Google Authenticator;
- AI Session pre-launch;
- Web-based Console;
- REST API;
- Granular Permissions (RBAC).
The Strategic Element in Your Security Stack. Jorrit van Eijk is Senior Security Pre-sales Consultant at Morphisec. Security architecture can be broken down into three main elements: Prevention, Detection and Remediation. Prevention can be considered the most strategically important defense element, dramatically reducing risks and operational costs of the security structure as a whole. As advanced threats evolve and datacenter transformation forces enterprise teams to consolidate security, the need for faster, easier and more deterministic threat prevention is essential and requires a purpose-built set of capabilities that isn’t available in a singular off-the-shelf solution. This session presents a strategic protection model that leverages moving target defense technology to prevent a larger volume of advanced threats and unknown attacks without impacting your virtual or physical environment.
Andrew Wood takes us in the world of Amazon AWS – Putting a Face on Digital Experience. Why do we need all these presenters for anyway? See how Amazon Sumerian Hosts is creating a virtual concierge. Instead of using digital experiences that are limited to voice, text, and motion graphics, Sumerian puts a real face on digital experiences. Expanding on the idea of a virtual concierge, we created a scene that puts a host as the presenter for a slide show presentation. Maybe their live demo could work in Rome?
Virtualization Load/Performance Testing. During the session, Serge Levi founder and CEO at Itexis, explains how important it is to monitor the application response time on user perception, aka UX User eXperience. Especially as the Cloud deployment is gathering momentum worldwide. The UX satisfaction on referential, understandable by everyone, is becoming a key metric to evaluate the Global IT efficiency. Itexis solutions are demonstrating on how easy it is to script scenarios on any Windows applications with no background knowledge (codeless solution) and with no additional code installed on servers. Dashboards and correlation with third party solutions are shown as well to point out poor application response time (the fact) linked to an eventual device failure (the why). http://www.itexis.com/
Let’s go to Berlin TV Tower for a great high level, 207 meters, dinner! What a great location. The dream of Alex Cooper, to organize a E2EVC dinner in Berlin Fernsehturm (TV Tower), has come true. Thanks to VMware EUC and Shawn Bass for making this possible.
Day 2 Saturday June 8, 2019
On day two the sessions were split in three, divided across three rooms in the hotel.
Session 1/Room 1. Citrix Virtual Apps with NVIDIA vGPU – Effect for User Experience and Performance. During this session, Jan Hendrik Meier shows the impact of the NVIDIA vGPU Technology in a Citrix Virtual Apps environment. There is much information about the importants of vGPU to Virtual Desktops. Unfortunately, this information mainly refers to Citrix Virtual Desktops (XenDesktop) and not Citrix Virtual Apps (XenApp). So Jan Hendrik showed adding a vGPU to a Virtual Apps (XenApp) environment and showed performance graphics from LoginVSI, especially for the Frame Buffer Usage in combination with H.264, H.265 and NVEnc.
Session 2/Room 1 Monitoring Citrix Cloud. Eltjo van Gulik is a Workspace Consultant at ICT-Partners and showed us an interesting session about how to query data from the Citrix monitoring database (which is being used by Citrix Director) through an OData connection by using PowerShell scripting. This can be applied both within Citrix Cloud and on-premises in your Citrix environment. A big plus of the method is that it isn’t only highly customizable , but you can also overcome the limit of only 90 days of historical data that can be exported by Citrix Director. By using OData to query the monitoring database its doing this with standard protocols like HTTP and methods such as REST API.
Session 2/Room 2. Conditional Access – Zero Trust – Contextual Access with deviceTRUST. Presented by Sascha Göckel, CEO of deviceTRUST GmbH, in which he is also significantly involved in product management. There are many terms and concepts that show that the role of a user alone is no longer enough to decide which applications and data users have access to. Secure and compliant access to enterprise desktops, applications and data must take context into account. DeviceTRUST does not do User Authentication, instead it grants or denies access to resources based on by looking at the contextual dynamic information from the end-point, the network and the location. If the end-point or its context is not fully compliant to the requirements set by the company administrator, a user logging in to a virtual desktop or when launching a published application, will be presented a message that their end-point device is not compliant and they get a button to disconnect their session, nothing else. Dynamic means the compliant check does not stop once the session is established. For example you could be running a published application, while it is running, you disable the firewall on your end-point device, violating your company compliancy requirements, as soon as you disable the firewall on your end-point device, the published application will disappear immediately and the session will be disconnected. A Server sided component is installed on the virtual desktop or apps host, a client component is placed on the end-point device, it doesn’t matter if the device is a Windows device or an IGEL thin client for example. It doesn’t matter if the connection is made through VPN, NetScaler Gateway, StoreFront or otherwise, it works for Citrix and VMware Horizon and even cloud based DaaS services, as long as a known display remoting protocol is used to access the session or published application. Instead of simply disconnecting and preventing access to a session, it is also possible to control what a user can execute within a session, based on a condition of the endpoint they are connecting from. It is even possible to read the location from the endpoint device and use it to determine the location of the user in google maps running within the session.
Session 2/Room 3. Building a Cloud based Application Delivery Controller (NetScaler ADC) by Anton van Pelt and Carsten Bruns. In this session Anton and Carsten talk about the do’s and don’ts when building your Citrix ADC in a public cloud infrastructure like Microsoft Azure, Amazon AWS and Google Cloud Platform. They covered the following topics:
- Cloud Native load balancing (CPX);
- Deployment Methods;
- High Availability.
Session 3/Room1. Going Cloud? It’s where Citrix ADC has a role! Moving your environment towards cloud? Thinking that Azure AD will be your future authentication strategy? It’s likely you’ll still need access to some on-premises resources that won’t make it over that quickly or others that are running outside of a pure Microsoft feature set, such as Amazon AWS or Google Cloud Platform (GCP). In this session Thorsten Rood showed how Citrix ADC bridges the gap between clouds, and how to integrate remaining datacenter resources into a common offering while maintaining user experience. Plus, explore the elements that constitute a true hybrid cloud infrastructure, which will likely be the longest migration episode in many IT lives. The Citrix Workspace Services authentication strategy expands now with Citrix MFA and Citrix Federated Authentication Service (FAS). Still we don’t have Microsoft Azure MFA or SSO. In a new update Citrix ADC (AD+Gateway AAA) comes with a LAN-partition for internal users and SSO with silent logon.
Session 4/Room1. How to provide virtual resources in a Citrix environment with “Overflow Delivery Groups”. This session by Sacha Thomet showed how easy it can be to extend the functionality of a Citrix Virtual Desktops and Apps environment just by using some lines of PowerShell code and the use of machine tags. This can also be used for hybrid Citrix environments with on-premises and Cloud machines or as another example for a mix of virtual desktops with and without vGPUs with the objective to reduce costs and always have best user experience. The PowerShell script is available on the blog of Sacha: https://blog.sachathomet.ch/ and GitHub https://github.com/sacha81/MachineCatalogOverflow.
Session 4/Room 3. Automating with Azure and using a DevOps mindset. Presented by Chris Twiest and Jaap de Koning, both are consultants at Detron IT Consultants. These days vendors are moving to an iteration release schedule. And for you it’s off course important to keep up with the vendors and the updates. So how can you do this? In this session Chris Twiest and Jaap de Koning will talk about Automation, Azure and DevOps. Thinking about the digital desktop environment as a product and releasing it as one. Jaap de Koning presented Azure DevOps. Azure DevOps is the successor of Visual Studio Teams edition and provides us with a number of tools to manage our scripts and code and development processes. Azure Boards is an Agile/Scrum/Kanban board system like Jira or Trello, to track the state of the development project items. Azure Repos is a repository for code like GitHub, to keep your code and the changes to your code organized. Azure Pipeline is for managing and executing YAML templates such as Azure ARM templates that include validation, change auditing and version reversing. Together these tools can help you manage your scripts and templates in an enterprise environment and collaboration with other developers. Chris Twiest presented Azure Automation. Azure Automation, what is it and how does it compare to or integrate with Ivanti Automation. Azure Automation has Desired State Configuration – DSC, the concept of creating a description of the desired state, abstract from the scripts that make it so. Azure Automation is a tool that allows you to deploy desired states from the cloud and comes with an integrated library of PowerShell DSC modules. On the left side you select a node (a node is a configurable artifact in your Azure infrastructure, for example a webserver) on the right side you select a desired state template, and you just apply it. Once applied, if the desired state is changed on the system, the state becomes not compliant, if auto-remediation is enabled, the scripting that ensures the desired state is met, will automatically reconfigure your node.
Azure Automation also has Process Automation, which is the concept of creating runbooks, executing them on machines, while using variables to answer configuration parameters, which can have its values entered at the time you schedule the runbook to execute. This is actually similar to Ivanti Automation, however for managing Windows systems, the product is mostly limited to PowerShell tasks (and Python tasks for Linux machines). It is not as mature as Ivanti Automation, for example if you would like to make a simple Registry change, you would have to do that via PowerShell commands. Connecting Azure Automation to Ivanti Automation can be done by utilizing the Ivanti Automation API that allows you to create an Azure Runbook, fill in and pass on the parameters from there, then pass on the task via PowerShell to call the Ivanti Runbook. In Azure Automation the runbook will have the running state, while Ivanti executes (in this case building a golden image for a VDI deployment), when the job is finished, the result is returned to Azure Automation. This is a great way to use Azure Automation as a central location for runbook automation, while maintaining the power of the more intuitive and mature Ivanti Automation.
Session 8/Room 2. Load testing large environments with VDI Drones. Presented by Dennis Smith, he is an architect and consultant with a focus on virtualization, and also the creator of VDI Drones and a number of other free and commercial software products. VDI Drones is a VDI load assessment tool, creating stress by claiming resources on target systems, it can generate CPU cycles, fill up RAM, or generate Disk I/O, and then measure how well the system copes with it. There is no infrastructure requirement. You need to run the controller executable with elevated administration rights using an Active Directory admin account that has read/write access to the $IPC share on the target machines. It will spawn the VDI Drone process remotely by copying the exe file to the target devices and remotely starting it, there can be up to 10 performance watchers which are responsible for the controller collects the metrics (CPU utilization, RAM usage, disk performance and processor queue length), and the collected information from multiple performance watchers can be viewed from the controller in real time (at intervals of a few seconds). And the results are also saved as HTML files.
Day 3 Sunday June 9, 2019
The idea was that one of us, Ronald, would leave E2EVC on Saturday evening to fly back to The Netherlands for Whit Sunday. Unfortunately, KLM flights first were delayed, then they were cancelled due to stormy winds at Schiphol Amsterdam. So another day at E2EVC was the result. Finding a hotel was a crime, but eventually a room in Ringhotel Seehof, a 15 min. drive by taxi from the B&B Hotel Tiergarten or the Novotel Tiergarten.
On day three the sessions were split in two, divided across two rooms in the hotel.
Session 1/Room 1. Rachel Berry takes us in the world of Client Hypervisors. Since the death of Citrix XenClient, Desktop Player for Mac and VMware Horizon FLEX. Will the ghost of XenClient arise? Alternatives are Hysolate (Israel Defense community), Bromium (Xen/XenClient staff), Qubes OS (Community) and SecureView (Defense Community, uses OpenXT).
Session 2/Room 1. Containerization for the masses! We in Microsoft land are way behind. The way we deploy infrastructure is ridiculously complicated, slow and not resilient. Containers are a solution for a lot of these issues, but software vendors are simply not providing them. Their excuse? “Nobody uses containers on Microsoft”. Well, there is not much point if you don’t provide us with the bloody containers! The only container available for infrastructures is Citrix ADC (NetScaler CPX). In this session Helmut Hauser and Ton de Vreede demonstrate how much easier life could be if they can start providing us with containerized versions of their software. They attempt to roll out as much infrastructure as possible with containers and show the advantages of this approach. Container-V will be available as a role in Windows Server 2019 and is developed together with Pivotal. The Cloud Native Application Bundle is available at https://cnab.io. This session is also a shout-out to vendors to deliver more infrastructure components as a container!
Session 3/Room 1. Jeremy Moskowitz is into Group Policy and Desktop Management and is founder of GPanswers.com and PolicyPak Software. PolicyPak is available for on-premises, MDM and Cloud. Jeremy showed in a remote session (6AM local time) a way of creating and distributing policies with MDM to a Windows 10 machine that is not joined to an Active Directory domain. A great feature is Browser Router. A way of handling URL’s that should be opened in the right browser. It will route a URL from the wrong browser (ie Internet Explorer) to the right browser (ie Chrome, Edge, FireFox, etc.) and even open the right browser. With Least Privilege Manager it’s possible to dictate applications to run in Admin Mode, for instance to install an application with Admin rights. This can also be used to allow or deny applications from the Microsoft Store to run or not. Learn more about how to secure application settings, report on Group Policy Compliance and deploy all Group Policy settings thru the cloud at https://www.policypak.com or https://www.gpanswers.com. Jeremy will publish a trial for PolicyPak in the E2EVC LEGEND LinkedIn group.
This is it. Thank Alex Cooper and E2EVC Staff for another great weekend!