Upload
api-3847330
View
133
Download
1
Tags:
Embed Size (px)
Citation preview
User profiles
Citrix Values 2004 Spain© 2004 Ozona Consulting Diego Berea [email protected]
User profiles design strategies in Terminal Services and Citrix environments
Index of contents
Overview Definition · Components · Functionality · Assigning Profiles
User profile design strategies Local · Roaming · Mandatory · Multiple roaming
Hybrid profile architectures Flex profile kit 3.0 · CCS hybrid profile · Tricerat simplify profiles (regset)
Conclusions User profiles monitoring · Profile feature matrix
User profile
Collection of settings that contain user preferences and configuration settings. These preferences and settings help shape the user desktop, applications and available resources.
• User-specific files and folders.• Registry settings.
User profiles allow customization and configuration of the users’ environment (look and feel, application settings, resource availability, etc.) delivering different environments to users, even if they are connected to the same server at the same time.
Overview
OverviewData stored in the user profile
• Windows desktop configuration• Internet connection settings• Printers and mapped drive connections• Temporary Internet file locations• Application settings
• Per application settings in the registry (stored in each user's profile in a file called ntuser.dat).
· Desktop settings· Application settings· Resource configuration· Security lock downs
REGISTRY SETTINGS
OverviewData stored in the user profile
· Temporary Internet files· Application data· My documents· Cookies· Desktop· Favorites· Start menu· Recent· Templates
PERSONAL FILES AND FOLDERS
OverviewUser profile assignmentThe appropriate location of the user profile can be assigned in either the NT or Active Directory-based domain.
Home directory\\FileServer\homedrive\%username%Profile\\FileServer\Profiles\%username%
OverviewUser profiles on SBC environments
Profile design is critical in SBC environments because of the impact of multiple users making changes that affect performance, funcionality and settings for all users.
NOTE: Every user will have a user profile, even those running exclusively published applications.
The Challenge of profile design on SBC environments• Many users logged in the same server at the same time• The balance between profile versatility and control.
OverviewPolicies and profiles
• Delete cached roaming profiles • Disable slow link detection • Wait for the remote copy of the roaming user profile• Log users off when roaming profile fails• Specify number of attempts to unload/update user profile registry • Redirect user shell folders to default local/roaming specified location• Establish parameters for user profile size• Exclude additional directories from roaming profile
OverviewUser profiles size controlDecreases logon time and network traffic
• Redirect folders to locations outside of the user’s profile My documents, Application data, Start menu, etc. Desktop should not be redirected.
• Exclude folders from being copied to the user’s profile Local settings, temporary internet files, history, temp, etc.
(Just for the logoff process)
• Disk quota for the user profile
OverviewLocal cache of user profilesLocal copy of roaming profiles• Decreases logon time and network traffic• Could cause the server to run out of disk space
Pre-configuration of user profilesMandatory and default profiles might be preconfigured so that they’re ready to go the first time the users logs on.
User profile design strategiesUser profile basic design strategies
• Local• Roaming• Mandatory• Multiple roaming
User profiles design process. Generic process map
Definición estrategia de profiles
PF-1
Prototipado e implantación
PF-2
Migración de usuarios
Usuarios
6Aceptación
Dirección proyecto
7Prototipo
Subconjunto usuarios
5
X+15
Configuración arquitectura
Ingenieros de sistemas
3Diseño estrategia profiles
Consultores
2Definición necesidades
Dir. Proyecto y consultores
1
¿Migración satisfactoria?
Si
No2
X
¿prototipo satisfactorio?
Si
No2
Y+60Y
PF-CL1 Checklist definición de necesidades
Plantilla de definición de necesidadesPF-T1 Documentación de diseño de
la estrategia de profilesPF-T2
Plantilla de informe de resultados del prototipoPF-T3 Plantilla de informe de
resultados de la migraciónPF-T4
PF-IT1 Instrucciones técnicas prototipo profiles PF-IT2 Instrucciones técnicas
migración de usuarios
PF-CL2 Checklist de inspecciones finales y aprobación
Presentación propuesta
Dir. Proyecto y consultores
4
¿Aceptación propuesta?
Si
No1
User profile design strategies
Local profiles. Overview• A local user profile is stored locally on each computer (PC or server)• Local profiles are only applied on to the computer where they are stored.• Settings are not replicated to other computers Each user will have a different local profile in each server
User profile design strategies
- Speed and stability- No configuration is needed- No network traffic at all- Highly customizable on a per-user basis
ADVANTAGES
- Only applied to the local computer- No consistency across servers- Local disk space consumption
DISADVANTAGES
Local profiles. User logon process
L1L2
User profile design strategiesUSER LOGON
GET USER’S PROFILE PATH FROM A DC
LOCAL PROFILE
DOES THE LOCALPROFILE EXIST?
BEGIN THE USER’SSESSION
LOAD THE LOCALPROFILE
A NEW LOCAL PROFILEMUST BE CREATED
COPY THE DEFAULT PROFILE
Roaming profiles. Overview
• Made up of the same components of a local profile.• Roaming profiles are centrally stored in a file server.• Profiles are downloaded during user logon and uploaded during logoff. Each user will have an unique profile across servers.
User profile design strategies
- Same profiles applied accross servers- Easy to configure- Consistent working environment- Centrally stored
ADVANTAGES
- Increased network traffic- Increased logon times- Limited size control- Increased risk of corruption
DISADVANTAGES
Roaming profiles. User logon process
NOTE: The same roaming profile is applied to PCs and servers
R1 R1
LOGON DE USUARIO
CONSULTA EN AD TIPO USER PROFILE
ROAMING PROFILE
¿ESTÁ DEFINIDOEL TS PROFILE?
INICIO DE SESIÓN
¿ESTÁ DEFINIDOEL PROFILE? PROFILE LOCAL
¿LA COPIA LOCALES MAS RECIENTE?
¿HAY COPIA LOCALDEL PROFILE?
PREGUNTAR ALUSUARIO
CARGA DE LA COPIAEN CACHÉ
DESCARGA DELROAMING PROFILE
NO
NO
SI
SI
NO NO
SI
SI
User profile design strategies
Roaming profiles. Terminal services user profile assignment
User profile design strategies
Roaming profiles. User logon process(Using an specific terminal server user profile definition)
R1 R2
R2
User profile design strategies
Roaming profiles. Roaming profile creation process
1. Profile path is identified and created2. User logs on the first time3. The profile is created using the standard default profile4. The profile is saved to the user profile path on logoff
User profile design strategies
Mandatory profiles. Overview• Mandatory profiles are a form of roaming profiles where user’s settings are not saved during logoff. • NTUSER.DAT must be renamed to NTUSER.MAN. Users share a read-only user profile.
User profile design strategies
- Consistent working environment- Small size- Lowers risk of corruption- Centrally stored (or not)
ADVANTAGES
- No user customization allowed- No personal setting persistence- Completely restrictive
DISADVANTAGES
Mandatory profiles. User logon process
M1 M1
User profile design strategies
Mandatory profiles. Mandatory profile storage
• On each SBC server Faster loading of profile Faster logon• Central file server Changes can be made easily• SYSVOL share on Active Directory domain controllers Automatically propagated to all other domain controllers
User profile design strategies
Multiple roaming profiles. Overview• Standard terminal services profile assignment but using environment variables in the profile path: %profileServer%\%username%
• Values are given for the environment variables on each server (or silo). Each users will have several user profiles.
Note: Win2003 allows the definition of user profile overrides via a policy
User profile design strategy
Multiple roaming profiles. User logon process
R1 R2
R3
User profile design strategy
Cons of a simple strategy for user profiles
• Lengthy logon time• Excessive network traffic • Eliminate roaming profiles inconsistency and corruption
• Effective mandatory profiles• Disk space consumption.• Stability issues.
THE SOLUTION IS TO USE A HYBRID ARCHITECTURE THAT COMBINES THE CHARACTERISTICS OF ROAMING AND MANDATORY PROFILES.
Hybrid Profile Architecture
User profile Hybrid Architecture
• Flex Profile Kit 3.0 (FPK)• CCS Hybrid Profile• Tricerat Simplify Profiles (regset)
Hybrid Profile Architecture
For each one of them:• Description• How it works• Architectural design• Logon and logoff process
FPK 3.0. Flex Profile Kit 3.0 overview
• Based on a “customized” mandatory profiles.• Created by Jeroen Van Der Kamp
(http://www.loginconsultants.nl).• Uses Microsoft Office 2003 Resource Kit profile wizard
component.• Works Importing and Exporting files and portions of registry to
OPS files.
Hybrid Profile Architecture
FPK 3.0. User logon process
Hybrid Profile Architecture
R1 M1
FPK 3.0. Design
• Configure a single mandatory profile. • Define folder redirection police.• Create .INI file to store registry entries.• Copy proflwiz.exe and .INI files to all TS or Citrix servers.• Create a login script that calls proflwiz.exe.• Or edit current login script to call proflwiz.exe.• Configure User Accounts to use the new profile.
Definición estrategia de profiles
PF-1
Prototipado e implantación
PF-2
Migración de usuarios
Usuarios
6Aceptación
Dirección proyecto
7Prototipo
Subconjunto usuarios
5
X+15
Configuración arquitectura
Ingenieros de sistemas
3Diseño estrategia profiles
Consultores
2Definición necesidades
Dir. Proyecto y consultores
1
¿Migración satisfactoria?
Si
No2
X
¿prototipo satisfactorio?
Si
No2
Y+60Y
PF-CL1 Checklist definición de necesidades
Plantilla de definición de necesidadesPF-T1 Documentación de diseño de
la estrategia de profilesPF-T2
Plantilla de informe de resultados del prototipoPF-T3 Plantilla de informe de
resultados de la migraciónPF-T4
PF-IT1 Instrucciones técnicas prototipo profiles PF-IT2 Instrucciones técnicas
migración de usuarios
PF-CL2 Checklist de inspecciones finales y aprobación
Presentación propuesta
Dir. Proyecto y consultores
4
¿Aceptación propuesta?
Si
No1
Hybrid Profile Architecture
FPK 3.0. Login and logoff process
COPY
INICIO
COPIAR .OPSA LOCAL
CARGA DEL SHELL
CARGA DEL MANDATORY PROFILE
EJ ECUCIÓN DELLOGIN SCRIPT
EJ ECUCIÓN DEPOLÍTICAS
FIN
PROFLWIZ.EXE
IMPORTAR .OPS EN EL REGISTRO
Copy /Y Z:\appdata\ozona.ops "%temp%\ozona.ops" proflwiz.exe /r "%temp%\ozona.ops" /q
Hybrid Profile Architecture
INICIO
EJ ECUCIÓN DELLOGOFF SCRIPT
ELIMINACIÓNUSER PROFILE
FINALIZACIÓNSHELL
FIN proflwiz.exe /s "%temp%\ozona.ops" /i d:\ozona.ini /qcopy /Y "%temp%\ozona.ops" Z:\appdata\ozona.ops
PROFLWIZ.EXEPROFLWIZ.EXE
LEER .INI DE CONFIGURACIÓN
EXPORTAR RAMAS REGISTRO A .OPS
COPY
COPIAR .OPSA LA RED
FPK 3.0. Examples
Hybrid Profile Architecture
FPK 3.0. Profile Architecture
Proflwiz.exe dialog box without “/q” switch:
Dialog box changes using a hexadecimal editor
Hybrid Profile Architecture
FPK 3.0. Flex profile optimization
Recommendation
Execute all local components (proflwiz.exe, .ini files, etc…)
Always use the “quite” switch
Import and Export the .OPS file from local units
Import and export the .OPS file from home drive
Use flex profile to store user files in a .OPS file
Use different INI files per published file per silo.
Hybrid Profile Architecture
CCS hybrid profile. Overview
• Combines a mandatory profile and user-specific registry settings.• Developed by Citrix Consulting Services (www.citrix.com/consulting).• Not sold as a product but as an CCS service. • 5 days for 2 consultants including knowledge transfer and
documentation (basic project).
• Web based management.• Settings are stored in XML files and user configuration in binary files.
Hybrid Profile Architecture
CCS hybrid profile. Hybrid profile web interface (I)The hybrid profile GUI is composed by two main items.
• XML settings web maintenanceDefine categories and configurations.
• XML configuration web maintenanceDefine and maintain the XML configurations.
Hybrid Profile Architecture
CCS hybrid profile. Hybrid profile web interface (II)
Category Definitions Sample category: “word”If HKCU/Software/CCS/ServerType = “Office”
Logon: Load “word” and “excel” configurationsLogoff: Store “word” configuration
Hybrid Profile Architecture
CCS hybrid profile. Hybrid profile web user interface (III)
Definición de una configuración Example configuration: “word”Hive HKCU/Software/Microsoft/Office/9.0/Word.dat file: Office.dat
Hybrid Profile Architecture
CCS hybrid profile. User logon process
Hybrid Profile Architecture
R1 M1
CCS hybrid profile. Design (I)
• Based on CCSUtility.dll (COM+ object, holding all main functions of the Hybrid Profile)
• Launches HelperApp.dll (The API used to import/export registry keys)
• Stores comprehensive per-user status and error information in a log file
• Database GUI based on MS access
Hybrid Profile ArchitectureDefinición
estrategia de profiles
PF-1
Prototipado e implantación
PF-2
Migración de usuarios
Usuarios
6Aceptación
Dirección proyecto
7Prototipo
Subconjunto usuarios
5
X+15
Configuración arquitectura
Ingenieros de sistemas
3Diseño estrategia profiles
Consultores
2Definición necesidades
Dir. Proyecto y consultores
1
¿Migración satisfactoria?
Si
No2
X
¿prototipo satisfactorio?
Si
No2
Y+60Y
PF-CL1 Checklist definición de necesidades
Plantilla de definición de necesidadesPF-T1 Documentación de diseño de
la estrategia de profilesPF-T2
Plantilla de informe de resultados del prototipoPF-T3 Plantilla de informe de
resultados de la migraciónPF-T4
PF-IT1 Instrucciones técnicas prototipo profiles PF-IT2 Instrucciones técnicas
migración de usuarios
PF-CL2 Checklist de inspecciones finales y aprobación
Presentación propuesta
Dir. Proyecto y consultores
4
¿Aceptación propuesta?
Si
No1
CCS hybrid profile. Design (II)
• Install CCSUtility and register the COM+ object.• Install the Web GUI and configure access permissions.• Configure a unique mandatory profile. • Customize logon.vbs and logoff.vbs scripts.• From the Web GUI, define configurations and categories.
Definición estrategia de profiles
PF-1
Prototipado e implantación
PF-2
Migración de usuarios
Usuarios
6Aceptación
Dirección proyecto
7Prototipo
Subconjunto usuarios
5
X+15
Configuración arquitectura
Ingenieros de sistemas
3Diseño estrategia profiles
Consultores
2Definición necesidades
Dir. Proyecto y consultores
1
¿Migración satisfactoria?
Si
No2
X
¿prototipo satisfactorio?
Si
No2
Y+60Y
PF-CL1 Checklist definición de necesidades
Plantilla de definición de necesidadesPF-T1 Documentación de diseño de
la estrategia de profilesPF-T2
Plantilla de informe de resultados del prototipoPF-T3 Plantilla de informe de
resultados de la migraciónPF-T4
PF-IT1 Instrucciones técnicas prototipo profiles PF-IT2 Instrucciones técnicas
migración de usuarios
PF-CL2 Checklist de inspecciones finales y aprobación
Presentación propuesta
Dir. Proyecto y consultores
4
¿Aceptación propuesta?
Si
No1
Hybrid Profile Architecture
CCS hybrid profile. Session Login and logoff
CCSUTILITY.DLL
INICIO
LECTURA DE LACONFIGURACIÓN
CARGA DEL SHELL
CARGA DEL MANDATORY PROFILE
EJ ECUCIÓN DELLOGIN SCRIPT
EJ ECUCIÓN DEPOLÍTICAS
FIN
CCSUTILITY.DLL
MAPEO DE UNIDADES E IMPRESORAS
CCSUTILITY.DLL
COPIA DE FICHEROSY DIRECTORIOS
HELPERAPP.DLL
IMPORTAR RAMASEN EL REGISTRO
Hybrid Profile Architecture
INICIO
EJ ECUCIÓN DELLOGOFF SCRIPT
ELIMINACIÓNUSER PROFILE
FINALIZACIÓNSHELL
FIN
HELPERAPP.DLLCCSUTILITY.DLL
LECTURA DE LACONFIGURACIÓN
EXPORTAR RAMASDE REGISTRO
Tricerat simplify profiles. OverviewBased on mandatory profiles with customizations.• A Tricerat Corp product (http://www.tricerat.com).• Graphical Interface to import/export registry keys for:
• Users, User groups or machine.sorting configurations by priority.
• Configurations are stored in a database (Borland database engine) and replicated to other servers.
• PPS: 499 € per server + 99 € Support Price per server up to 4 processors. Support contract is mandatory for the first year.
Hybrid Profile Architecture
Tricerat simplify profiles. RegSet Administrator (I)
Available definitions There are three different ones:• Set or Write only (RSRun.exe)• Delete (RSRun.exe)• Save/restore
Definitions applied to “dbc”
Hybrid Profile Architecture
Tricerat simplify profiles. RegSet administrator (II)
Hybrid Profile Architecture
Store application settings(save/restore example)
Profile folder redirection (Set/delete example)
Tricerat simplify profiles. User logon process
Hybrid Profile Architecture
R1 M1
Tricerat simplify profiles. Design
• Create a shared folder \\server\regset$ • From RegSet Administrator console:
- Configure the default path to share folder- Define all servers on the replication list.- Create configurations and assign them to users, groups or machine.
REPLACE USERINIT.EXE WITH RSSTART.EXE
Hybrid Profile ArchitectureDefinición
estrategia de profiles
PF-1
Prototipado e implantación
PF-2
Migración de usuarios
Usuarios
6Aceptación
Dirección proyecto
7Prototipo
Subconjunto usuarios
5
X+15
Configuración arquitectura
Ingenieros de sistemas
3Diseño estrategia profiles
Consultores
2Definición necesidades
Dir. Proyecto y consultores
1
¿Migración satisfactoria?
Si
No2
X
¿prototipo satisfactorio?
Si
No2
Y+60Y
PF-CL1 Checklist definición de necesidades
Plantilla de definición de necesidadesPF-T1 Documentación de diseño de
la estrategia de profilesPF-T2
Plantilla de informe de resultados del prototipoPF-T3 Plantilla de informe de
resultados de la migraciónPF-T4
PF-IT1 Instrucciones técnicas prototipo profiles PF-IT2 Instrucciones técnicas
migración de usuarios
PF-CL2 Checklist de inspecciones finales y aprobación
Presentación propuesta
Dir. Proyecto y consultores
4
¿Aceptación propuesta?
Si
No1
Tricerat simplify profiles. Session Login and logoff
INICIO
EJ ECUCIÓN DELLOGOFF SCRIPT
ELIMINACIÓNUSER PROFILE
FINALIZACIÓNSHELL
FIN
RSSTART.EXERSSTART.EXE
LECTURA DE LACONFIGURACIÓN
EXPORTAR RAMASDE REGISTRO
Hybrid Profile Architecture
RSTART.EXE
INICIO
LECTURA DE LACONFIGURACIÓN
CARGA DEL SHELL
CARGA DEL MANDATORY PROFILE
EJ ECUCIÓN DELLOGIN SCRIPT
EJ ECUCIÓN DEPOLÍTICAS
FIN
RSTART.EXE
IMPORTAR RAMASEN EL REGISTRO
Profile feature matrix
Conclusions
LOCAL
ROAMING
MANDATORY
HYBRID
Custo
miza
ble on
a per
-use
r bas
is
Acce
ssible fro
m any
server
Cons
isten
t wor
king e
nviro
nmen
t
User
pro
file siz
e co
ntro
l
Optim
izes n
etwor
k tra
ffic
Decrea
ses l
ogon
times
Lower
s risk
of c
orru
ption
Final Considerations• Local, roaming and mandatory sometimes don't fit every need.
• The Hybrid Architecture may require some adjustments. Incorrectly used, may present the same problems as the basic ones.
• Proactive monitoring of user profiles is recommended.
• Progressive migration if multiple roaming profiles.
Conclusions
How to elect one user profile strategy
• Administrative effortImpact of adding an user, a server or a zone.
• Need for manual configurationUser account configuration. Pre-configured options.
• Flexibility vs. controlBalance between profile personalization and disk space consumption.
Conclusions
Ozona ConsultingI SANTIAGO DE COMPOSTELARaxoeira 2, 4º - O Milladoiro - 15895 - A
CoruñaSebastián Santiago
([email protected])Teléfono: 981 53 63 03
I MADRIDSerrano 41, 3º - 28001 – MadridRaúl Nogales ([email protected])Teléfono: 91 297 33 68
I LISBOAAvda. João Crisóstomo, 31, 2º - 1050-125 –
LisboaCristina Sousa ([email protected])Teléfono: 21 319 16 30
I BARCELONAComing soon...