Is anyone publishing App-V sequences to users running on XenApp (6) servers?
If so, are you using shared cache for the streamed applications to reduce
the disk overhead for the XenApp servers? Does it create a performance
bottleneck for the XenApp users?
TIA,
JRR
--
On two occasions...I have
Actually doing a bit more digging reveals that shared read-only cache
requires a full App-V infrastructure in which the client receives it's
publishing information direct from an App-V Management Server - does that
preclude it from being used when the App-V sequences are being delivered via
*If it's a DMZ, that means that the machines in it are untrusted - that's
why it's called a DMZ, *
Um, no.
It just means that it is less trusted than some other system OR will have
more external access than some other system.
As Ken says, it's all about risk mitigation and containment.
* If
*I'll stand by my statement that opening up the firewall in the proposed
fashion is a very stupid decision, because it doesn't solve the proposed
problem - you might as well not have a firewall at all.
*
So, let's look at the very specific alternative for the situation at hand,
and compare the
+1000
*ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio)
*Exploiting Technology for Business Advantage...*
*
*
On Fri, Jan 7, 2011 at 1:51 AM, Ken Schaefer k...@adopenstatic.com wrote:
Additionally, the concept of a “soft chewy centre” and a hardened edge is
mostly a
How do you plan to configure the drives for storage of the databases? What
kind of databases will these be?Will the database servers also be
virtualized?
I ask this because RAID5 *might* not be what you want to do for heavily used
databases.
*ASB *(My Bio via About.Me
+1
A one-way trust, where the domain is trusted by the DMZ is a better compromise,
so you can pull data from the DMZ into the interior, but nothing in the DMZ can
initiate communication to the interior.
*the nature of the trust says that the DMZ must have some access to know 'what'
to trust,
Honestly,
I wouldn't recommend per-se that you extend your AD into an Untrust area of
your network, which is exactly what a DMZ is in most cases.
I think it goes a little deeper than just firewall ports when you look at the
risk that the organization/business is taking and should be looked
Greetings!
Network subsystem (among other things) crapped out on me. Signals go
through the cable (pilote lights), but nothing TCP/IP related works (can't
ping the gateway by IP).
Opening Network Properties on the NIC hangs. It opens, but it hangs when
I click OK, changes or not.
CAN ONE
Have you tried this procedure (obviously get a backup first)
http://support.microsoft.com/kb/299357
On 7 January 2011 13:34, richardmccl...@aspca.org wrote:
Greetings!
Network subsystem (among other things) crapped out on me. Signals go
through the cable (pilote lights), but nothing
Have no idea if this will answer your question but this comes from a fellow
CTP, App-V MVP and the first person certified by Softricity way back in the
day.
quote
The App-V Client added support for the read-only cache in version 4.6.
The intent for this feature is for use in a VDI
If the recommendation is for the read-only cache to be used in a VDI
environment only, then I guess that for a pure XenApp published desktop
environment, I'll have to cache the applications to the XenApp servers
themselves, and make the necessary allowances for disk space overhead.
Unless, I
How on earth did they even get up there?!?!?
Jonathan L. Raper, MCSE
Thumb-typed from my HTC Incredible (and yes, it really is) Droid. Please excuse
brevity any misspellings.
- Reply message -
From: Daniel Rodriguez drod...@gmail.com
Date: Thu, Jan 6, 2011 11:51 pm
Subject: OT: Not a
Yup. It all depends on your level of paranoia, how much you want to live
in fear, and how much you want to make daily operations a pain in the a$$
for the end user in the name of security.
I worked at TriWest Healthcare. They stole the disk drives. Another
company in Scottsdale they stole
Not having used App-V but used Citrix products, what are you trying to
do with App-V? For our XenDesktop images, I have several, and in all
but just a few cases, the applications are installed directly onto those
images. Only our EMR and accounting packages are still delivered via
Citrix
Okay.
How much RAM do you expect to devote to each DB server?
So far, the specs don't look like a problem, but specific details could
raise red flags...
*ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio)
*Exploiting Technology for Business Advantage...*
*
*
On Fri, Jan 7, 2011
We have a load of apps that won't run on Xen6 (hence 2008 R2) and/or x64
platforms. Therefore a mass of App-V sequences. I would have stood up a Xen5
farm, but I just arrived at this gig...
Typed frustratingly slowly on my BlackBerry® wireless device
-Original Message-
From: Tom Miller
Yes, CHKDSK can be run on any logical volume.
However, I wouldn't be inclined to start with that. (If you must run
CHKDSK, do so initially without the /F paramater, since this will not
require file locks to be dismounted or a reboot.)
I would target a network related issue differently. Have
Makes sense. We are still on XenApp 5 as well having a 2003 server for
our old beast EMR application. Anyone (as in Webster) know if you can
connect a Xen5 to a Xen6 farm?
Rankin, James R kz2...@googlemail.com 1/7/2011 9:07 AM
We have a load of apps that won't run on Xen6 (hence 2008 R2)
The first question is WHY?
Since I can't get past that, HOW is immaterial for me.
*ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio)
*Exploiting Technology for Business Advantage...*
*
*
On Fri, Jan 7, 2011 at 8:55 AM, Raper, Jonathan - Eagle jra...@eaglemds.com
wrote:
How
They can share the web interface no problems, which is what I would have
done if the initial design had been my choice
On 7 January 2011 14:11, Tom Miller tmil...@hnncsb.org wrote:
Makes sense. We are still on XenApp 5 as well having a 2003 server for our
old beast EMR application. Anyone
I would pay money to climb up there.
- Reply message -
From: Daniel Rodriguez drod...@gmail.com
Date: Thu, Jan 6, 2011 11:51 pm
Subject: OT: Not a Friday Funny but quite awesome
To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
When I watched this, my heart started to
“The first question is WHY?”
Because it’s there … or … Because they can
Erik Goldoff
IT Consultant
Systems, Networks, Security
' Security is an ongoing process, not a one time event ! '
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, January 07, 2011 9:12 AM
To:
Also depends on the I/O metrics on the databases also. ( You running
OLAP or OLTP?) its not always about RAM ( which will help with the
Buffer Pool, but if you have a slow disk subsystem that can keep up with
the page spilts, inserts and deletions you are going to start seeing
slow downs in the
Anyone (as in Webster) know if you can connect a Xen5 to a Xen6 farm?
NO!!!
If you attempt to connect 5 to 6 or 6 to 5, you risk damaging, and thereby
destroying, the data store. Already had one customer do that. Lucky for them,
they had a backup of their data store. Citrix even wrote
I thought it was impossible to actually join a Xen5 system to a Xen6 farm.
(I think I tried once). The sort of multi-farmed web interface was the
closest I could get them to interact.
On 7 January 2011 14:24, Webster carlwebs...@gmail.com wrote:
Anyone (as in Webster) know if you can connect a
Found it.
http://community.citrix.com/pages/viewpage.action?pageId=155616889
Webster
From: Webster [mailto:carlwebs...@gmail.com]
Subject: RE: App-V on XenApp - shared cache?
Anyone (as in Webster) know if you can connect a Xen5 to a Xen6 farm?
NO!!!
If you attempt to connect 5 to 6
Thank you for helping out here...
First, things are now back up and running (whew!).
I disconnected the network cable and did a cold boot. When it came back
up, the new settings for that nic had apparently taken. That is, my
numerous attempts to disable that NIC (attempts which hung the
So let's get this straight - the argument against enabling a productivity
enhancing application that will improve your company's bottom line is it's too
hard and we don't understand it?
:)
From: joseph palmieri [mailto:jpalm...@yahoo.com]
Sent: Thursday, January 06, 2011 3:24 PM
To: NT System
I had some interesting issues with a ProLiant recently (can't recall the
model, but it was fairly new) where it would not be able to get on the
network, and all the NICs would show as unable to start in Device Manager.
The network properties box would hang left right and centre too, which is
why
Because it’s there…
From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, January 06, 2011 10:19 PM
To: NT System Admin Issues
Subject: OT: Not a Friday Funny but quite awesome
When I watched this, my heart started to pound. Why would you want to do this?
Dumb question but I have to ask. Firewall rules are by and large IP specific
right? For example, if I have a rule that lets a machine talk to Windows server
at 10.100.10.100 I should be able to flip any server to that IP and access
should work right?
Specifically I have an RDS broker server
Yes. IP and protocol specific. As long as the IP address matches and the
protocol requirements are the same, you should be good to go.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians Associates, PA
jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com
The only catch here is that the FW may refuse to recognize the new
server until you clear the ARP cache, or, alternatively, manually change
the MAC address to match the old one. Messing with the MAC address is
definitely not recommended in almost all situations, though.
From: David Lum
Good catch, Kim. I don't run into that often, but it has happened to me before
- the one time that sticks out in my mind was in 2002 when I was passing ipsec
traffic between two firewalls on someone else's network, and they were doing
some proxy-arping and forgot to tell me about it. Entering
6-8 GB
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the
We run into it here usually when replacing a router or firewall. I just
get to the command line of the firewall and/or router and issue the
appropriate clear arp cache command. Occasionally I've used the brute
force method of rebooting one or the other of the devices, which is
usually not a
Yes, that will work, but keep in mind that it will likely reset any ipsec
tunnels you have up at the time. May or may not be a problem, but be forewarned.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians Associates, PA
Pretty much yes, firewalls base definition is around Layer 3, TCP/IP address
and/or port #s, and NOT FQDN or NetBIOS name, if that’s what you’re asking.
Erik Goldoff
IT Consultant
Systems, Networks, Security
' Security is an ongoing process, not a one time event ! '
From: David Lum
True, but also applies to switches and routers for any change … *and* I’ve
found it necessary in some cases on servers and workstations to clear the
ARP cache there too for a change to work.
Erik Goldoff
IT Consultant
Systems, Networks, Security
' Security is an ongoing process, not a
Speaking of which - if the new server name is different or if you have static
entries for the server in DHCP (I don't know why you would, but I digress),
make sure you update those accordingly in DNS/WINS/DHCP.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians
True, but I think I overlooked that because we use something else beside
our firewall to anchor those tunnels.
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Friday, January 07, 2011 9:24 AM
To: NT System Admin Issues
Subject: RE: Firewall Q
Yes, that will work, but keep
And check the eventlogs...
*ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio)
*Exploiting Technology for Business Advantage...*
*
*
On Fri, Jan 7, 2011 at 9:31 AM, richardmccl...@aspca.org wrote:
Thank you for helping out here...
First, things are now back up and running
+1 This helps out when we need to log in as the admin to perform admin
stuff.
_
Cameron Cooper
Network Administrator | CompTIA A+ Certified
Aurico
Phone: 847-890-4021 | Fax: 847-255-1896
ccoo...@aurico.com | www.aurico.com
From: Steve Ens
Still happening, but just on the Exchange server. On the DNS server nslookup it
does not fail. Got to be a communication issue between the two server?
-Original Message-
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Thursday, January 06, 2011 7:09 PM
To: NT System Admin
Thx, we were trying to find something under 500.00 for this client, but there
are work arounds for APC using ESXi and such where nothing is sure on any other
models. Guess they just have to eat the cost. Thanks!!
Greg Sweers
CEO
ACTS360.com
P.O. Box 1193
Brandon, FL 33509
813-657-0849 Office
Good to know about the task manager logoff option-I think I used it once on
RDS, but hadn't thought about Win7. It was decided early on that we should
disable the user switching for students, so I haven't done much w/out it off on
W7 (which we are still rolling out).
-B
From: Cameron Cooper
Most of my servers have static entries in DHCP. The more things I can manage
from one point the better (servers, printers, etc).
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 503.548.5229 // (Cell) 503.267.9764
From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
So you'll obviously need to update the MAC address in DHCP. Can't believe I
thought of that AND that you are actually doing it. Wow. I should go play the
lottery. :)
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians Associates, PA
I am in DHCP management enough that this was a given to flip a servers IP
address :). Where many folks flip IP's at the Network Properties of a box of
the server itself, I go into DHCP management. I'd say 50% of my 100 servers
have DHCP reservations.
Excellent thing to mention though as it
Meh. Just give your servers dynamically-allocated addresses.
On 7 January 2011 16:13, David Lum david@nwea.org wrote:
I am in DHCP management enough that this was a given to “flip” a servers IP
address J. Where many folks flip IP’s at the Network Properties” of a box
of the server itself,
Time for a packet capture, perhaps.
*ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio)
*Exploiting Technology for Business Advantage...*
*
*
On Fri, Jan 7, 2011 at 10:46 AM, Kennedy, Jim
kennedy...@elyriaschools.orgwrote:
Still happening, but just on the Exchange server. On
+1
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, January 07, 2011 11:19 AM
To: NT System Admin Issues
Subject: Re: DNS oddities
Time for a packet capture, perhaps.
ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio)
Exploiting Technology for Business Advantage...
I do...for 50% of them. We have situations where we are served better by
specific systems having DHCP reservations.
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, January 07, 2011 8:15 AM
To: NT System Admin Issues
Subject: Re: Firewall Q
Meh. Just give your servers
You could always go refurb - refurbups.com is one vendor.
Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955
On 1/7/11 10:51 AM, greg.swe...@actsconsulting.net
greg.swe...@actsconsulting.net wrote:
Thx, we were
Harsh. The only system I've found recently where I had to statically assign
an IP was WebSense. Although I did it with VirtualCenter as well as I was
scared of the effects of an unintentional change :-)
On 7 January 2011 16:29, David Lum david@nwea.org wrote:
I do…for 50% of them. We have
You want paranoia try working in an environment where many of the employees
are wearing orange.
Or khakis
Or camouflage
Or dark blue
etc.
Basically anywhere that some or all of the employees carry one or more
automatic weapons at all times :)
From: Ray [mailto:rz...@qwest.net]
Sent:
OK. I ran into this a while back. Looked back at your OP. You say you have
large DNS turned off. Where? Is it off on your network gear? We had to kill
it on the ASA/PIX for some clients. Saw the same behavior; DNS would fall
back to the A record rather than the MX...
Check your whole chain for the
I would hope the people carrying the weapons haven't broken the law like
those in orange, whether it be white collar fraud, a sex offense, or murder.
At this time, our inmates can't be in AD, so they log on locally. But they
also need access to server resources, including our ERP system.
I need to setup a domain user to be able to read ADUC. They won't have
permissions to change anything, but they need to be able to browse, look at
certain groups, and get memberships of those groups.
Sadly, I've never had to do this before, the only people who have ever had
access were Domain
It gets weird with the packet capture.
Sometimes the Exchange server is apending my internal domain name to the MX
lookup.
So instead of doing an MX query forgoogle.com it is asking for
google.com.MyInternal.local
From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Friday,
You won't need to do anything beyond loading the RSAT tools on the user's
workstation. By default, users have read access to most everything in the
directory.
-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
Sent: Friday, January 07, 2011 10:49 AM
To: NT System Admin
Definitely not, you have to have very thorough clearance to even physically get
into the installations I was thinking of. If there are any black marks on your
record, forget about getting in at all.
I was only trying to note a similar level of paranoia, certainly for a
different reason.
Have you seen:
http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/a9b1a718-7b22-4678-aa91-c8ecebb4c6fa
http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/a9b1a718-7b22-4678-aa91-c8ecebb4c6faI'm
actually looking for a different link to give you,
Also you can see how the DNS suffixs work when you set the D2 switch on
nslookup.
See the example below:
set type=A
set D2
set d2
google.com
Server: DNS_SERVER
Address: Address
SendRequest(), len 50
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
Anyone got a lead on a reliable NAS adapter with a gigabit port and support
for up to 2 TB of USB drive (partitions 32GB) that can be mapped to drive
letters on Windows clients?
Yes, trying to make a file server for 3 people out of minimal hardware, some
of which is already owned (a 1.5TB WD
Sheevaplug?
Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955
From: Carl Houseman c.house...@gmail.commailto:c.house...@gmail.com
Reply-To: NT System Admin Issues
I saw a blurb about this a few weeks ago on this list but now I cant find the
thread. I have a 2008 server on which I have installed a 64bit print driver and
I installed as an additional driver the 32bit version but it will not work with
Win7 32bit clients. If I install the driver directly on a
I did this again just today...
From the Windows 7 32-bit box, you connect to the 64-bit server print share,
and when it asks for drivers you point it to a local folder (on the 32-bit
machine) where you had downloaded the 32-bit drivers from the printer
manufacturer.
In short, manually install
Agreed, the old MM paradigm is long gone. The other thing I find intriguing
about this thread is that the proximity of the OP's DMZ to the internet is
unknown, let alone its intended purpose. The classic definition of a DMZ only
standing between an internal network and the internet is no
Ok, so that was a red herring but I get it nowm tyvm. The appending was only
from nslookup. Exchange is not doing it that way, I can see that sitting her
watching wireshark. Moving it off to another switch now I think.
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Friday, January 07,
I did some work for a member of the Global Fortune 15 where there network
was:
Internet - FW - perimeter servers - FW - DCs - FW - member servers -
FW - PCs
I couldn't ping by NetBIOS name or FQDN DC1 sitting above DC2 in the same
rack because DNS was in the perimeter network. And they
And that was my point... I have multiple DMZs for multiple purposes... Some
internet based and some are not...
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: Free, Bob r...@pge.com
Date: Fri, 7 Jan 2011 21:12:01
To: NT System Admin
Yeah it depends on how you want to design your network and how security
conscious paranoid you want to be.
DMZ can be inside, you are just separating areas of trust, or lack
thereof in the below example.
Z
Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan
Just tried this and the drivers uploaded to the server but it still doesn't
work. I even tried installing the driver on a 32bit server and that doesn't
work either. This is a driver for a Canon color copier. At this point I've
wasted an entire day trying to get this damn driver to work with
Interesting. Do you have NAS experience with one of the commercial
products? TonidoPlug is in the price range. I just want to make sure
whatever I recommend is going to be stable and if warranty/support is
needed, there will be someone who knows what's going on to respond.
Carl
From:
Gentleman as I sit on the change advisory board its been very enlightening
reading these post. The DMZ in question is a perimeter DMZ and all servers
within the DMZ are accessible from the outside for remote management when
consultants and staff are off site. However I did hear some chatter
77 matches
Mail list logo