Citrix Values 2004

Spain
© 2004 Ozona Consulting
Diego Berea Cabaleiro
diego.berea@ozona.es

User profiles
User profiles design strategies in Terminal
Services and Citrix environments
 Index of contents
Overview
Definition · Components · Functionality · Assigning Profiles

User profile design strategies

Local · Roaming · Mandatory · Multiple roaming

Hybrid profile architectures

Flex profile kit 3.0 · CCS hybrid profile · Tricerat simplify profiles (regset)

Conclusions
User profiles monitoring · Profile feature matrix
 Overview
User profile
Collection of settings that contain user preferences and configuration
settings. These preferences and settings help shape the user desktop,
applications and available resources.

• User-specific files and folders.

• Registry settings.

User profiles allow customization and configuration of the users’

environment (look and feel, application settings, resource availability,
etc.) delivering different environments to users, even if they are
connected to the same server at the same time.
 Overview
Data stored in the user profile

• Windows desktop configuration

• Internet connection settings
• Printers and mapped drive connections
• Temporary Internet file locations
• Application settings

• Per application settings in the registry

(stored in each user's profile in a file called ntuser.dat).
 Overview
Data stored in the user profile
PERSONAL FILES AND FOLDERS

• Temporary Internet files

• Application data
• My documents
• Cookies
• Desktop
• Favorites
• Start menu
• Recent
• Templates

REGISTRY SETTINGS

• Desktop settings
• Application settings
• Resource configuration
• Security lock downs
 Overview
User profile assignment
The appropriate location of the user profile can be assigned in either the
NT or Active Directory-based domain.

Home directory
\\FileServer\homedrive\%username%
Profile
\\FileServer\Profiles\%username%
 Overview
User profiles on SBC environments
Profile design is critical in SBC environments because of the impact of
multiple users making changes that affect performance, funcionality and
settings for all users.

NOTE: Every user will have a user profile, even those running exclusively
published applications.

The Challenge of profile design on SBC environments

• Many users logged in the same server at the same time
• The balance between profile versatility and control.
 Overview
Policies and profiles

• Delete cached roaming profiles

• Disable slow link detection
• Wait for the remote copy of the roaming user profile
• Log users off when roaming profile fails
• Specify number of attempts to unload/update user profile registry
• Redirect user shell folders to default local/roaming specified location
• Establish parameters for user profile size
• Exclude additional directories from roaming profile
 Overview
User profiles size control
Decreases logon time and network traffic

• Redirect folders to locations outside of the user’s profile

My documents, Application data, Start menu, etc. Desktop should not be redirected.

• Exclude folders from being copied to the user’s profile

Local settings, temporary internet files, history, temp, etc.
(Just for the logoff process)

• Disk quota for the user profile

 Overview
Local cache of user profiles
Local copy of roaming profiles
• Decreases logon time and network traffic
• Could cause the server to run out of disk space

Pre-configuration of user profiles

Mandatory and default profiles might be preconfigured so that they’re
ready to go the first time the users logs on.
 User profile design
User profile basic design strategies
strategies
• Local
• Roaming
• Mandatory
• Multiple roaming
 User profile design
User profiles design process. Generic process map
strategies
Checklist definición de
PF-CL1
necesidades

PF-1
1 2 3 4
Definición necesidades Diseño estrategia profiles Configuración arquitectura Presentación propuesta
Si
Definición ¿Aceptación
propuesta?
estrategia
de profiles
No
Dir. Proyecto y consultores Consultores Ingenieros de sistemas Dir. Proyecto y consultores 1

Plantilla de definición de Documentación de diseño de

PF-T1 necesidades PF-T2 la estrategia de profiles

PF-CL2 Checklist de inspecciones

finales y aprobación
Instrucciones técnicas Instrucciones técnicas
PF-2 PF-IT1 prototipo profiles
PF-IT2 migración de usuarios
5 6 7
Prototipo Migración de usuarios Aceptación
Si Si
¿prototipo ¿Migración
Prototipado e satisfactorio? satisfactoria?

implantación
No No
Subconjunto usuarios 2 Usuarios 2 Dirección proyecto

X X+15 Y Y+60

Plantilla de informe de Plantilla de informe de

PF-T3 resultados del prototipo PF-T4 resultados de la migración
 User profile design
Local profiles. Overview
strategies
• A local user profile is stored locally on each computer (PC or server)
• Local profiles are only applied on to the computer where they are stored.
• Settings are not replicated to other computers
 Each user will have a different local profile in each server

ADVANTAGES DISADVANTAGES

- Speed and stability - Only applied to the local computer

- No configuration is needed - No consistency across servers
- No network traffic at all - Local disk space consumption
- Highly customizable on a per-user basis
 User profile design
Local profiles. User logon process
strategies
USER LOGON

GET USER’S PROFILE

PATH FROM A DC

LOCAL PROFILE

DOES THE LOCAL A NEW LOCAL PROFILE

PROFILE EXIST? MUST BE CREATED

L2
L1
LOAD THE LOCAL COPY THE
PROFILE DEFAULT PROFILE

BEGIN THE USER’S

SESSION
 User profile design
Roaming profiles. Overview
strategies
• Made up of the same components of a local profile.
• Roaming profiles are centrally stored in a file server.
• Profiles are downloaded during user logon and uploaded during logoff.
 Each user will have an unique profile across servers.

ADVANTAGES DISADVANTAGES

- Same profiles applied accross servers - Increased network traffic

- Easy to configure - Increased logon times
- Consistent working environment - Limited size control
- Centrally stored - Increased risk of corruption
 User profile design
Roaming profiles. User logon process
strategies LOGON DE USUARIO

CONSULTA EN AD
TIPO USER PROFILE

ROAMING PROFILE

NO NO
¿ESTÁ DEFINIDO ¿ESTÁ DEFINIDO
EL TS PROFILE? EL PROFILE?
PROFILE LOCAL

SI

R1 R1 NO ¿HAY COPIA LOCAL

SI
DEL PROFILE?

SI

NO ¿LA COPIA LOCAL

ES MAS RECIENTE?

SI

PREGUNTAR AL CARGA DE LA COPIA

EN CACHÉ
USUARIO

DESCARGA DEL
INICIO DE SESIÓN
ROAMING PROFILE

NOTE: The same roaming profile is applied to PCs and servers

 User profile design
strategies
Roaming profiles. Terminal services user profile assignment
 User profile design
Roaming profiles. User logon process
strategies
(Using an specific terminal server user profile definition)

R1 R2

R2
 User profile design
Roaming profiles. Roaming profile creation process
strategies
3. Profile path is identified and created
4. User logs on the first time
5. The profile is created using the standard default profile
6. The profile is saved to the user profile path on logoff
 User profile design
Mandatory profiles. Overview
strategies
• Mandatory profiles are a form of roaming profiles where user’s settings
are not saved during logoff.
• NTUSER.DAT must be renamed to NTUSER.MAN.
 Users share a read-only user profile.

ADVANTAGES DISADVANTAGES

- Consistent working environment - No user customization allowed

- Small size - No personal setting persistence
- Lowers risk of corruption - Completely restrictive
- Centrally stored (or not)
 User profile design
Mandatory profiles. User logon process
strategies

M1 M1
 User profile design
Mandatory profiles. Mandatory profile storage strategies
• On each SBC server
 Faster loading of profile  Faster logon
• Central file server
 Changes can be made easily
• SYSVOL share on Active Directory domain controllers
 Automatically propagated to all other domain controllers
 User profile design
Multiple roaming profiles. Overview strategy
• Standard terminal services profile assignment but using environment
variables in the profile path: %profileServer%\%username%

• Values are given for the environment

variables on each server (or silo).
 Each users will have several user
profiles.

Note: Win2003 allows the definition of user profile overrides via a policy
 User profile design
Multiple roaming profiles. User logon process
strategy

R1 R2

R3
 Hybrid Profile
Cons of a simple strategy for user profiles Architecture
• Lengthy logon time
• Excessive network traffic
• Eliminate roaming profiles inconsistency and corruption

• Effective mandatory profiles

• Disk space consumption.
• Stability issues.

THE SOLUTION IS TO USE A HYBRID ARCHITECTURE THAT COMBINES THE

CHARACTERISTICS OF ROAMING AND MANDATORY PROFILES.
 Hybrid Profile
User profile Hybrid Architecture Architecture
• Flex Profile Kit 3.0 (FPK)
• CCS Hybrid Profile
• Tricerat Simplify Profiles (regset)

For each one of them:

• Description
• How it works
• Architectural design
• Logon and logoff process
 Hybrid Profile
FPK 3.0. Flex Profile Kit 3.0 overview Architecture
• Based on a “customized” mandatory profiles.
• Created by Jeroen Van Der Kamp (http://www.loginconsultants.nl).
• Uses Microsoft Office 2003 Resource Kit profile wizard component.
• Works Importing and Exporting files and portions of registry to OPS files.
 Hybrid Profile
FPK 3.0. User logon process Architecture

R1 M1
 Hybrid Profile
FPK 3.0. Design Architecture
PF-1

Definición
estrategia
de profiles
1
PF-CL1 Checklist definición de
necesidades

Definición necesidades

Dir. Proyecto y consultores

2
Diseño estrategia profiles

Consultores
3
Configuración arquitectura

Ingenieros de sistemas
4
Presentación propuesta

Dir. Proyecto y consultores

¿Aceptación
propuesta?

1
No
Si

Plantilla de definición de Documentación de diseño de

PF-T1 necesidades
PF-T2 la estrategia de profiles

PF-CL2 Checklist de inspecciones

finales y aprobación
Instrucciones técnicas Instrucciones técnicas
PF-2 PF-IT1 prototipo profiles
PF-IT2 migración de usuarios
5 6 7

• Configure a single mandatory profile.

Prototipo Migración de usuarios Aceptación
Si Si
¿prototipo ¿Migración
Prototipado e satisfac torio? satisfactoria?

implantación
No No
Subconjunto usuarios 2 Usuarios 2 Dirección proyecto

X X+15 Y Y+60

• Define folder redirection police.

Plantilla de informe de Plantilla de informe de
PF-T3 resultados del prototipo
PF-T4 resultados de la migración

• Create .INI file to store registry entries.

• Copy proflwiz.exe and .INI files to all TS or Citrix servers.
• Create a login script that calls proflwiz.exe.
• Or edit current login script to call proflwiz.exe.
• Configure User Accounts to use the new profile.
 Hybrid Profile
FPK 3.0. Login and logoff process Architecture

INICIO

CARGA DEL SHELL

INICIO
PROFLWIZ.EXE PROFLWIZ.EXE COPY
CARGA DEL EJECUCIÓN DEL
MANDATORY PROFILE LOGOFF SCRIPT
COPY PROFLWIZ.EXE
LEER .INI DE EXPORTAR RAMAS COPIAR .OPS
CONFIGURACIÓN REGISTRO A .OPS A LA RED
EJECUCIÓN DEL ELIMINACIÓN
LOGIN SCRIPT USER PROFILE
COPIAR .OPS IMPORTAR .OPS
A LOCAL EN EL REGISTRO
EJECUCIÓN DE FINALIZACIÓN
POLÍTICAS SHELL

FIN Copy /Y Z:\appdata\ozona.ops "%temp%\ozona.ops" FIN proflwiz.exe /s "%temp%\ozona.ops" /i d:\ozona.ini /q

proflwiz.exe /r "%temp%\ozona.ops" /q copy /Y "%temp%\ozona.ops" Z:\appdata\ozona.ops
 Hybrid Profile
FPK 3.0. Examples Architecture
 Hybrid Profile
FPK 3.0. Profile Architecture Architecture
Proflwiz.exe dialog box without “/q” switch:

Dialog box changes using a hexadecimal editor

 Hybrid Profile
FPK 3.0. Flex profile optimization Architecture
Recommendation

Execute all local components (proflwiz.exe, .ini files, etc…)

Always use the “quite” switch

Import and Export the .OPS file from local units

Import and export the .OPS file from home drive

Use flex profile to store user files in a .OPS file

Use different INI files per published file per silo.

 Hybrid Profile
CCS hybrid profile. Overview Architecture
• Combines a mandatory profile and user-specific registry settings.
• Developed by Citrix Consulting Services (www.citrix.com/consulting).
• Not sold as a product but as an CCS service.
• 5 days for 2 consultants including knowledge transfer and
documentation (basic project).

• Web based management.

• Settings are stored in XML files and user configuration in binary files.
 Hybrid Profile
Architecture
CCS hybrid profile. Hybrid profile web interface (I)
The hybrid profile GUI is composed by two main items.

• XML settings web maintenance

Define categories and configurations.
• XML configuration web maintenance
Define and maintain the XML configurations.
 Hybrid Profile
Architecture
CCS hybrid profile. Hybrid profile web interface (II)

Category Definitions 
Sample category: “word”
If HKCU/Software/CCS/ServerType = “Office”

Logon: Load “word” and “excel” configurations

Logoff: Store “word” configuration
 Hybrid Profile
Architecture
CCS hybrid profile. Hybrid profile web user interface (III)

Definición de una configuración 

Example configuration: “word”
Hive HKCU/Software/Microsoft/Office/9.0/Word
.dat file: Office.dat
 Hybrid Profile
CCS hybrid profile. User logon process Architecture

R1 M1
 Hybrid Profile
CCS hybrid profile. Design (I)
Architecture
PF-1

Definición
estrategia
de profiles
1
PF-CL1 Checklist definición de
necesidades

Definición necesidades

Dir. Proyecto y consultores

2
Diseño estrategia profiles

Consultores
3
Configuración arquitectura

Ingenieros de sistemas
4
Presentación propuesta

Dir. Proyecto y consultores

¿Aceptación
propuesta?

1
No
Si

Plantilla de definición de Documentación de diseño de

PF-T1 necesidades
PF-T2 la estrategia de profiles

PF-CL2 Checklist de inspecciones

finales y aprobación
Instrucciones técnicas Instrucciones técnicas
PF-2 PF-IT1 prototipo profiles
PF-IT2 migración de usuarios
5 6 7
Prototipo Migración de usuarios Aceptación
Si Si
¿prototipo ¿Migración
Prototipado e satisfac torio? satisfactoria?

implantación

• Based on CCSUtility.dll
No No
Subconjunto usuarios 2 Usuarios 2 Dirección proyecto

X X+15 Y Y+60

Plantilla de informe de Plantilla de informe de

PF-T3 resultados del prototipo
PF-T4 resultados de la migración

(COM+ object, holding all main functions of the Hybrid Profile)

• Launches HelperApp.dll (The API

used to import/export registry keys)

• Stores comprehensive per-user status

and error information in a log file

• Database GUI based on MS access 

 Hybrid Profile
CCS hybrid profile. Design (II)
Architecture
PF-1

Definición
estrategia
de profiles
1
PF-CL1 Checklist definición de
necesidades

Definición necesidades

Dir. Proyecto y consultores

2
Diseño estrategia profiles

Consultores
3
Configuración arquitectura

Ingenieros de sistemas
4
Presentación propuesta

Dir. Proyecto y consultores

¿Aceptación
propuesta?

1
No
Si

Plantilla de definición de Documentación de diseño de

PF-T1 necesidades
PF-T2 la estrategia de profiles

PF-CL2 Checklist de inspecciones

finales y aprobación
Instrucciones técnicas Instrucciones técnicas
PF-2 PF-IT1 prototipo profiles
PF-IT2 migración de usuarios
5 6 7
Prototipo Migración de usuarios Aceptación
Si Si
¿prototipo ¿Migración
Prototipado e satisfac torio? satisfactoria?

implantación
No No
Subconjunto usuarios 2 Usuarios 2 Dirección proyecto

X X+15 Y Y+60

Plantilla de informe de Plantilla de informe de

PF-T3 resultados del prototipo
PF-T4 resultados de la migración

• Install CCSUtility and register the COM+ object.

• Install the Web GUI and configure access permissions.
• Configure a unique mandatory profile.
• Customize logon.vbs and logoff.vbs scripts.
• From the Web GUI, define configurations and categories.
 Hybrid Profile
CCS hybrid profile. Session Login and logoff Architecture

INICIO

CARGA DEL SHELL

INICIO
CCSUTILITY.DLL HELPERAPP.DLL
CARGA DEL
MANDATORY PROFILE EJECUCIÓN DEL
CCSUTILITY.DLL CCSUTILITY.DLL CCSUTILITY.DLL LOGOFF SCRIPT
LECTURA DE LA EXPORTAR RAMAS
EJECUCIÓN DEL CONFIGURACIÓN DE REGISTRO
LOGIN SCRIPT ELIMINACIÓN
LECTURA DE LA MAPEO DE UNIDADES COPIA DE FICHEROS USER PROFILE
CONFIGURACIÓN E IMPRESORAS Y DIRECTORIOS
EJECUCIÓN DE
POLÍTICAS FINALIZACIÓN
SHELL

FIN
FIN
HELPERAPP.DLL

IMPORTAR RAMAS
EN EL REGISTRO
 Hybrid Profile
Tricerat simplify profiles. Overview Architecture
Based on mandatory profiles with customizations.
• A Tricerat Corp product (http://www.tricerat.com).
• Graphical Interface to import/export registry keys for:
• Users, User groups or machine.
sorting configurations by priority.
• Configurations are stored in a database (Borland database engine) and
replicated to other servers.

• PPS: 499 € per server + 99 € Support

Price per server up to 4 processors. Support contract is mandatory for the first year.
 Hybrid Profile
Architecture
Tricerat simplify profiles. RegSet Administrator (I)

Available definitions 
There are three different ones:
• Set or Write only (RSRun.exe)
• Delete (RSRun.exe)
• Save/restore

Definitions applied to “dbc” 

 Hybrid Profile
Architecture
Tricerat simplify profiles. RegSet administrator (II)

Profile folder redirection 

(Set/delete example)

 Store application settings

(save/restore example)
 Hybrid Profile
Tricerat simplify profiles. User logon process Architecture

R1 M1
 Hybrid Profile
Tricerat simplify profiles. Design Architecture
PF-1

Definición
estrategia
de profiles
1
PF-CL1 Checklist definición de
necesidades

Definición necesidades

Dir. Proyecto y consultores

2
Diseño estrategia profiles

Consultores
3
Configuración arquitectura

Ingenieros de sistemas
4
Presentación propuesta

Dir. Proyecto y consultores

¿Aceptación
propuesta?

1
No
Si

Plantilla de definición de Documentación de diseño de

PF-T1 necesidades
PF-T2 la estrategia de profiles

PF-CL2 Checklist de inspecciones

finales y aprobación
Instrucciones técnicas Instrucciones técnicas
PF-2 PF-IT1 prototipo profiles
PF-IT2 migración de usuarios
5 6 7

• Create a shared folder \\server\regset$

Prototipo Migración de usuarios Aceptación
Si Si
¿prototipo ¿Migración
Prototipado e satisfac torio? satisfactoria?

implantación
No No
Subconjunto usuarios 2 Usuarios 2 Dirección proyecto

X X+15 Y Y+60

• From RegSet Administrator console:

Plantilla de informe de Plantilla de informe de
PF-T3 resultados del prototipo
PF-T4 resultados de la migración

- Configure the default path to share folder

- Define all servers on the replication list.
- Create configurations and assign them to users, groups or machine.

REPLACE USERINIT.EXE WITH RSSTART.EXE

 Hybrid Profile
Architecture
Tricerat simplify profiles. Session Login and logoff

INICIO

INICIO CARGA DEL SHELL

RSSTART.EXE RSSTART.EXE

EJECUCIÓN DEL CARGA DEL

LOGOFF SCRIPT MANDATORY PROFILE
RSTART.EXE RSTART.EXE
LECTURA DE LA EXPORTAR RAMAS
CONFIGURACIÓN DE REGISTRO
ELIMINACIÓN EJECUCIÓN DEL
USER PROFILE LOGIN SCRIPT
LECTURA DE LA IMPORTAR RAMAS
CONFIGURACIÓN EN EL REGISTRO

FINALIZACIÓN EJECUCIÓN DE
SHELL POLÍTICAS

FIN FIN
HYBRID
LOCAL

ROAMING

MANDATORY
Cu
st
om
iz
Profile feature matrix

ab
le
on
Ac a
ce pe
ss r-
ib us
le er
fr ba
om s is
Co an
ns y
is se
te rv
nt er
w
or
ki
U ng
se
r en
pr vi
o fil ro
e nm
si en
ze t
Op co
ti nt
m ro
iz l
es
ne
tw
or
De k
cr tr
ea af
se fic
s
lo
go
n
Lo ti
w m
er es
s
ri
sk
of
co
rr
up
ti
on
Conclusions
 Conclusions
Final Considerations
• Local, roaming and mandatory sometimes don't fit every need.

• The Hybrid Architecture may require some adjustments.

Incorrectly used, may present the same problems as the basic ones.

• Proactive monitoring of user profiles is recommended.

• Progressive migration if multiple roaming profiles.

 Conclusions
How to elect one user profile strategy

• Administrative effort
Impact of adding an user, a server or a zone.

• Need for manual configuration

User account configuration. Pre-configured options.

• Flexibility vs. control

Balance between profile personalization and disk space consumption.
 Ozona Consulting
I SANTIAGO DE COMPOSTELA
Raxoeira 2, 4º - O Milladoiro - 15895 - A
Coruña
Sebastián Santiago
(Sebastian.Santiago@ozona.es)
Teléfono: 981 53 63 03

I MADRID
Serrano 41, 3º - 28001 – Madrid
Raúl Nogales (Raul.Nogales@ozona.es)
Teléfono: 91 297 33 68

I LISBOA
Avda. João Crisóstomo, 31, 2º - 1050-125 –
Lisboa
Cristina Sousa (Cristina.Sousa@ozona.com.pt)
Teléfono: 21 319 16 30

I BARCELONA
Coming soon...