1. Mikael Lindholm Sr. Systems Engineer – EMEA Tech Readiness
CloudPortal Service Manager 11.0
Introductory Technical Presentation
July 2012
Mikael Lindholm
Sr. Systems Engineer – EMEA Tech Readiness

2. Agenda – Theory - Overview on CPSM
Key functionalities
Provisioning serivces
Multitenant / Delegated administration
Workflows
Importing Users (AD Synch)
Reporting
Positioning: Where it’s strong, where it’s weak
Key concepts
Physical architecture
Server parts
Web Services
API
communication
Logical architecture
Locations
Plans
Resellers / Customers / Users
Rights – functionalities
Services
workflows
Scalability

3. Goals of the training
Goal 1
Goal 2
Goal 3

4. Pre reqs for the training
Windows environment AD
DNS
IIS
Windows based service management

5. Citrix Cloud Solutions
Citrix story looking from the cloud

6. A cloud company that enables mobile workstyles
Through the years, Citrix’s vision has remained consistent – the company has always been about delivering technology solutions that enable users to work anywhere from any device at any time. Citrix is a cloud company that enables these mobile workstyles.

7. Citrix Cloud solutions overview
Explain the whole pic
Expalin what are CloudGateway (XenMobile Enterprise) and CloudBridge
Explain the Cloud Platforms

8. Mobility and Cloud drive consumerization of IT
Mobility and the cloud go hand-in-hand, and these two growing trends reinforce one another. Users are increasingly mobile – recent studies show that most of us access an average of 3.4 devices every day. Each of these devices connect to and access cloud services. These two trends together have accelerated the consumerization of IT.

9. Users now expect… Consumer-like experiences Self-service procurement
Immediate provisioning
Any app/service
24x7 access
Access from mobile, personal devices
And this has changed user’s expectations – as consumers, users are very familiar with going to appstores, subscribing to what they need, getting instantaneous access and provisioning, and interacting with apps or services 24x7 from any device without ever having to call someone or wait for days.
This “consumerization” has led users to expect the same from enterprises – users want the same self-service, 24x7, instant access to corporate services and applications.

10. Leverage Cloud Services
71%
Employees not using IT-sanctioned apps
Early Adopters
Leverage Cloud Services
78%
Plan to increase use of cloud services
Early adopter employees have embraced business and personal cloud services in the workplace through grass roots projects, ad hoc adoption and consumerization.
IT is challenged to maintain security, compliance, audit and support standards in the wake of new cloud services entering the workplace and network.
IT struggles to meet the increased demand from business units for new services that are available on-demand and on any device
IT has to also deliver all the legacy IT services along with next gen cloud services in a consistent, unified manner.
Manual provisioning and management of IT requests for infrastructure and applications impedes business progress.
*”2013 State of Cloud Applications Access Survey” by OneLogin

11. Paradigm shift to IT as a Service (ITaaS)
“Build & Operate”
“Aggregate & Deliver”
Backoffice
Limited apps
Dedicated infra.
Low utilization
Days to weeks
Low visibility
IT role: technology
Self-service storefront
Any app, public/private
Elastic infrastructure
High utilization
Immediate
High visibility
IT role: business
To address these new demands and challenges, a paradigm shift is required. The traditional model of “Build and Operate” – where IT was primarily focused on building and delivering a few mission critical apps, and was seen as more of a “back office” function no longer works. Instead, IT wants to shift to a model where they aggregate and deliver many cloud services rapidly – some of these services may be built in-house, but many may come from 3rd party clouds. This is a fundamental paradigm shift because it moves IT from a predominantly back-office technology function to a front-office business function.

12. Evolve to ITaaS IT Operations Business Impact You are here Automated
Virtualization
Cloud
ITaaS Infrastructure
Apps
Workloads
Services
You are here
Multi-Service Broker
DaaS RaaS
SaaS
PaaS
STaaS
IaaS
IT Operations
Cloud Orchestration
Public & Private IaaS
App and Desktop Virtualization
Server Virtualization
Storage, Compute, Network
Manual
ITaaS is a transformational strategy – many customers are just at the beginning of this journey with setting up their private and hybrid clouds. So, let us now take a look at how to accomplish this with IaaS.
Business Impact
IT Only Departmental All

13. Automation - CloudPlatform
Private Cloud (Acme Ltd)
Provision User Services
HR Admin
Provision Infrastructure
IT Admin
AppSrv
Database
CloudBridge
Open Source Community
Self-service
Public Cloud (Telco)
CloudPortal Services Manager
CloudPortal Business Manager
Service Connectors
Apache CloudStack
Your Orchestration
CloudPlatform GUI
RESTful/AWS API
Automation - CloudPlatform
Linux Foundation
“The Xen Project” AD XA
Web
Virtualisation - XenServer HA DR LM
SLM
DMC
Etc..
Hardware layer at the bottom
Lee – this is your physical infrastructure. If you’re talking about a private cloud, then it’s sitting in your corporate data center, if you’re a telco or service provider, this is the hardware you use to provide your customer with services.
Virtualisation layer
Lee. – The first thing that most people want to do is put a virtualisation layer on top of that hardware. This decouples the services from the hardware and gives you the ability to offer things such as high availability, maintenance while services are up and running and allows you get the most efficient use out of your server hardware, save power that kind of thing. If you’re going with a fully Citrix solution then this layer will be XenServer, but we can also build a cloud on VMware, KVM or soon, Hyper-V. There’s no lock-in and the choice is yours.
Automation Layer
Lee – Now, a lot of people stop there, but the more enlightened ones out there realize that you can get even more efficiency from automating common tasks and offer the ability for users to do things themselves. Enter, the Cloud automation layer, in our case, CloudPlatform. This is software powered by the Apache CloudStack project, that lets companies scale out their resources without creating a management burden. It also provides a foundation for even more complex automation and self service technology. When you talk to CloudPlatform, you do so via an easy to use Restful API, we even support Amazon EC2 and S3 APIs. CloudPlatform comes with it’s own GUI for management, but if you’ve built your own orchestration system, you can plug it straight in over the top, and CloudPlaform will interact with the virtualisation layer of your choice on your behalf. Some of our customers have literally 10s of thousands of servers managed this way.
Self Service Layer
Lee – So if you have your own orchestration software, or you’re just providing internal test/dev services then you might stop there. But, if you want to enhance the user experience further and maybe create a storefront to vend many different services, then then you’ll want to take a look at our CloudPortal products. Citrix has two of these portal products; CloudPortal Business Manager and CloudPortal Services Manager. Historically, Business Manager has been concerned with provisioning infrastructure (virtual machines), and Services Manager is more about provisioning the services running on that infrastructure. Say an HR administrator wants to add a new hire to the system, or give them a desktop or some remote applications, then they would use Services Manager. That could be deployed at a large enterprise, or at a service provider that wants to host and charge for , desktops that type of thing. CloudPortal Business Manager on the other hand, although traditionally known for Infrastructure as a Service, is now becoming the central point for all types of IT service, not just VMs. Recently we added a plug-in architecture that allows you to vend lots of types of service, such as Storage, Networking services, virtual desktops, Apps and a lot more. It even has a plugin to Services Manager so you can do everything from the same place. If you’re a Service Provider using this as a store front, it will give you things like billing, credit card transactions, fraud control etc, if you’re using this in an Enterprise, it’ll let you keep track of your IT services and possible cross-charge different business units for services.
Warning – this slide is heavily animated – run in presentation mode.
Network
Storage
Servers

14. User Mgr Dev Admin CloudPortal Devices Mobile/Apps (XenMobile)
Multi-tenant
Multi-user
CloudPortal
(CPBM)
Devices
Common Service Connector Framework
User
Self-service Portal
Auth/SSO RBAC
Mobile/Apps
(XenMobile)
Catalog
Collaboration
Mgr
Commerce/
Spend Mgmt
CRM
Desktops / Apps
(thru CPSM)
Service Desk
Dev
Developer
Platform
CloudPlatform PaaS Partner(s)
Community
Storage
CloudPlatform STaaS Partner(s)
Billing/
Chargeback
Admin
Portal
Admin
Infrastructure
ALU
AWS

15. project
Avalon
Deliver Windows apps & desktops as a true cloud service

16. Past Cloud is NOT a Place
It is not an organization. It is no longer the exception. It is the design center
Enabling Desktop & Apps as a Service requires:
On-demand self-service
Cloud-scale orchestration
Global, multi-site management
Multi-tenant isolation
Rapid elasticity
Measured services
Private
Cloud
Public
Past

17. Service Lifecycle for the Cloud Era
Building clouds & delivering services requires new roles.
Service Designer
Infrastructure
Provider
Tenant
Service Operator
Symbiotic lifecycle
Continuous feedback loops enable:
Confidence in IT investments
Measures success and opportunities
Empower users (subscribers) to choose the tools they need to be productive
Browse
Subscribe
Use

18. What is CPSM’s role in Merlin
A lot of this is still under discussion
On-boarding
(Departemental) Self service
Workflows
Delegated administration
Reporting
Services Beyond Hosted Apps and Desktops

19. CloudPortal Business Manager Avalon phase 2 (plan)
CloudPortal Service Manager
Merlin will work on a Cloud Infrastructure as well as Serv virt.
Merlin will include (plan) App Orchestration to build farms on demand
Merlin will work with CPSM to provide all flexcast models (not XenClient, physical not likely)
CloudPortal Business manager will provide workflow, webshop, billing
XA/XD Merlin (includes App Orch 2.0)
CloudPlatform, Amazon EC2
Serv virt.
Storage
Network

20. Product Overview
CloudPortal Services Manager

21. Messaging & Collaboration App and Desktop Delivery
Citrix CloudPortal Services Manager
Simplify cloud services management
Automation
Delegation
User Account
Management
Single, self-service interface for provisioning apps, desktops and services from the cloud
Exchange, SharePoint, OCS/Lync, SQL Server, Dynamics CRM
Web Data Hosting
RDS and
Citrix XenApp
Hyper-V
Custom Services
Messaging & Collaboration
Web & Data Hosting
App and Desktop Delivery
Virtualization
SDK APIs
CloudPortal Services Manager simplifies cloud services management with self-service and automated app, desktop and services provisioning. CloudPortal Services Manager enables service providers to use one tool for onboarding new subscribers; provisioning apps and services; and creating usage reports. Subscribers are empowered with the ability to do their own day-to-day administration such as creating users, resetting passwords and provisioning apps through an intuitive, easy to use web-based interface.
Top benefits:
Simplify Cloud Services with a single interface for provisioning apps, desktops and services from the cloud
Reduce operating costs through automation, delegation and self-service
Scale efficiently with automated multi-tenant workflows
increase subscriber loyalty with simple, self-service control for subscribers and resellers

22. CPSM key functions Simple provisioning of services to users
Multitenant and Delegated administration
Easy onboarding
(Usage) Reporting
Workflows

23. Provisioning Services to Users

24. Multitenant
Cloud admin, reseller, customer, user

25. Delegated Administration

26. Easy onboarding
Manual
CSV
AD Sync

27. Reporting

28. NEW: Workflows

29. What services

30. Services managed by CPSM 11
Citrix XenApp – Hosted Apps and Desktops
Microsoft Exchange
Microsoft Lync
Microsoft Office Communication Server
Microsoft SharePoint Services
Microsoft Dynamics CRM
Microsoft Dynamic Data Center
Black Berry Enterprise Server
Microsoft Active Directory and Synchronization
Windows File Shares
Microsoft IIS – Web hosting
Microsoft SQL – Data hosting
DNS

31. Enhanced Services SDK Simplify adding new services
Introduced service isolation to simplify adding and updating a service
Simplify services page to only handle plan administration, property configuration and enablement
Introduced a new services schema page focused on adding new services
Enhanced usability of service creation web pages

32. SDK Partners
Surgically control user rights and application execution with AppSense user virtualization
White labelled desktop and server backup -become an online backup provider with BackupAgent
Enable the right application and personalization to be presented based on user’s run-time context
Profile Migrator migrates user and app personalization when moving from on premise desktop/apps to a Cloud hosted desktop/apps
RES
Enable the right application and personalization to be presented based on user’s run-time context
AppSense
Surgically control user rights and application execution with AppSense user virtualization
BackupAgent
White labelled desktop and server backup -become an online backup provider with BackupAgent
Sepago
Profile Migrator migrates user and app personalization when moving from on premise desktop/apps to a Cloud hosted desktop/apps

33. Citrix Confidential - Do Not Distribute - May 2013
CPSMv11 New Features
Improved Installation Experience
Improved Upgrading Experience
Server Platform Support
Workflow Approval
AD Sync Enhancements
Hosted Exchange enhancements
Data Warehouse and Reporting Enhancements
Notes:
Improved installation experience:
Services Manager simplifies web service deployment with wizard driven installation and configuration. The Setup and Configuration Tools detect service prerequisites, perform post-install configuration, and automate tasks such as Group Policy and PowerShell remoting configuration. After deploying a service, use the control panel to create user and customer plans, define server resources, and provision customers.
Improved upgrading experience:
Upgrading from Cloud Portal Services Manager 10 is simplified with support for in-place upgrades for system databases, platform server roles, web services, and the Reporting service. Migration of the data warehouse is also included in the upgrade process. The Configuration Tool backs up required files and sites, stops and starts services as required, upgrades components, and applies updates as appropriate.
Server platform support:
Services Manager platform components can be deployed on servers running Windows Server 2012.
Workflow approval:
Workflow Approval helps you manage provisioning changes that impact service consumption and billing. New security roles allow users to self-provision services and monitor their own provisioning requests. Approval chains route provisioning requests based on your organizational structure or approval process. Customizable templates allow you to send timely notifications at each step in the approval process for every service.
AD Sync enhancements:
The AD Sync service includes support for synchronizing Exchange contacts and distribution groups.
Hosted Exchange enhancements:
The Hosted Exchange service includes support for Exchange 2010 and Exchange 2013, and supports the native mail archiving feature in these versions.
Data warehouse and Reporting enhancements:
Services Manager includes the following Reporting enhancements: Include reports when importing or exporting services
Run and view Distributor Summary reports from the control panel
Define billing units for services and associate them with plan types
Include Prepay criteria when generating reports
Include aggregate and non-aggregate properties and counters in reporting views for customers and resellers
Citrix Confidential - Do Not Distribute - May 2013

34. AD Sync – Simple Synchronization
Local Active Directory
Central, shared
Active Directory
Password change
User delete
Automation API
Selected User accounts
Synchronization
Replicated AD Account
User
create
User Update
Easy deployment
Configurable
Account expiry
Transform
Service Provisioning
Reliable
Secure
Near real-time
Queued

35. CloudPortal Services Manager Reporting SKUs
Default: 2$ / registered user / month
Perpetual pricing by request (hidden SKUs)
Complete Cloud Desktop Services for CSPs $2
Does NOT include BASE or PREMIUM functionality
Official Description: Usage Reporting - Citrix Complete Cloud Desktop Services for Service Providers

36. Strong / weak (Internal slide only)
CSPs or where one team can control the back end
CPSM needs to control what it manages
Standard Windows like services
Citrix integration
Weak
Enterprises, where CPSM cannot fully control resources
Web hosting services
E.g. Wordpress, PHP
Billing

37. Competition
Parallels
Desktone
Microsoft

38. CloudPortal Service Manager
Tech overview

39. Citrix Confidential - Do Not Distribute - May 2013
CPSM Basic Architecture
Citrix Confidential - Do Not Distribute - May 2013

40. CPSM Basic Software Architecture
System Users
Admin | Help Desk | Reseller | Customer
Billing
System
Reseller HR
Systems
Self
Sign-up
Presentation – ASP.NET UI
XML API
Integration / Aggregation
Cortex Hosted Services Framework
Security – Service Infrastructure - Configuration
Shared AD Forest
Provisioning
Engine
Application
Servers
ASP.NET
Web Services
Corporate AD Forest
Provisioning
Engine
Application
Servers
ASP.NET
Web Services

41. CPSM Detail Architecture
Identity & AD
Provisioning
XenApp Farm
Directory WS
Authentication
TCP: 8095
Citrix WS
TCP: 8095
Customer
Administrator / User
Provisioning
MSMQ*
Request
Queue
Provisioning
Engine
Internet
SharePoint
Services
Cortex Databases
SharePoint WS
TCP: 8095
Cortex
Web
Configuration / Storage
TCP: 1433
Reporting
Services
Exchange WS
TCP: 8095
Reporting
TCP: 80
Exchange Services
Notes:
Cloud Portal Services Manager Architecture in Detail,
The first box shows the core components of the CloudPortal Services Manager
The next box, highlights some of the web services that CloudPortal Services manager includes.
The following ports are used for Microsoft Message Queuing operations: MSMQ
TCP: 1801
RPC: 135, 2101*, 2103*, 2105*
UDP: 3527, 1801
* These port numbers may be incremented by 11 if the initial choice of RPC port is being used when Message Queuing initializes. Port 135 is queried to discover the 2xxx ports.
Reporting TCP: 80
end-user web-site provisioning application servers

42. Citrix Confidential - Do Not Distribute
Firewall Open Ports Requirements for Services Manager
Citrix Confidential - Do Not Distribute

43. CPSM Communication Architecture
Domain
Controllers
The Provisioning Engine Server contacts the Web Services to provided Hosted services
XenApp Farm
Customer Admin is authenticated against AD Domain Controllers
Citrix WS 5 3
Customer
Administrator 4
CortexWeb
Server
Provisioning
Engine 5
Browser 5
SharePoint
Services 1 2
SharePoint WS
Customer Admin Provisioning request to the Provisioning Engine Server
Cortex System
Databases
Customer Admin enters URL of CortexWeb Server in Web Browser
Customer Admin enters log in credentials in the CloudPortal Control Panel
Exchange WS
Billing and usage report information is supplied to SQL Database Servers
Features:
Simplify Cloud Services - with a single interface for provisioning apps, desktops and services from the cloud
Reduce operating costs - through automation, delegation and self-service
Scale efficiently - with automated multi-tenant workflows
increase subscriber loyalty - with simple, self-service control for subscribers and resellers 6
Exchange
Citrix Confidential - Do Not Distribute - May 2013

44. Scalability: General guidelines
users, Basic Setup for Hosted Exchange - Single Server Setup
CPU: One 2.0GHz Xeon processor (Dual Core) or equivalent
Memory: 2 GB RAM, preferably 4 GB RAM
Disk: 36 GB disk space
users, Basic Setup for Hosted Exchange - Dual Server Setup
Database Server
CPU: One 2.0 GHz Xeon processor (Dual Core) or equivalent
Web Server
CPU: One 2.0 GHz processor.
Memory: 1Gb RAM minimum, 2Gb Recommended

45. Scalability: General guidelines
5000+ users, Basic Setup for Hosted Exchange - Triple Server Setup
Database Server
CPU: Two 2.0 GHz Xeon processor (Dual Core) or equivalent
Memory:4 GB RAM minimum
Disk:36 GB disk space
Web Server
CPU: Two 2.0 GHz processors
Memory: 2Gb RAM minimum
Provisioning Engine Server
Disk: 36 GB disk space

46. Scalability: General guidelines
User, Advanced Setup
SQL Server Cluster
2 or more SQL Servers.
Load balanced Web Servers
2 or more Windows 2003/2008 Web servers.
Provisioning Server Cluster
2 or more Clustered Windows Servers, or
Redundant Provisioning Server (Warm standby)

47. Installing

48. Key concepts
Locations
Key users accounts
Web Services

49. Locations Top Location AD Location Location Top Location
Corresponds with an Active Directory domain hosting the services
CPSM supports multiple locations
Top Location
Aka Top Environment Services, Top Environment level
A logical location, not bound to an AD
Stores the default settings for all AD Location Services
AD Location Services
Aka Location Level
Stores the settings for hosted services for a specific location
AD Location AD
Domain Controller
XenApp Farm
SharePoint
Services
Exchange

50. Others Service provider administrator Web service
The first administrator user created when the first location is created for a Services Manager deployment.
Can also be viewed as the top Reseller
Web service
An MSI file that integrates service-specific functions into the Services Manager control panel.

51. Customers and Users Top customer Reseller Customer
Top admin
Reseller
Special customer
Customer
Customer admin
Users
”Limited admins”, customized privileges

52. Installing Pre requisites Installation flow
AD extended with the Exchange attributes
DNS aliases pointing to the different CPSM functions
File share for configuration file
Installation flow
Create configuration file and system databases
Install key server roles
Configure key server roles
Configure the
Primary Location and OU
Customer OU
Service Provider adminsitrator

53. Lab environment presentation

54. Installation lab
Install CPSM 11

55. Configuring and Provisioning Services

56. Services Services architecture Services Conncecting to a service
Customer Plans
User Plans
Conncecting to a service
Customer and User management
Top customer – top admin
Reseller
Customer
Customer admin, different rigths,users
Exchange lab
Provisioning Service

57. Services Architecture
Most services are connected to CPSM through a web service
Config file
Asmx file

58. Service plans
A plan is a predefined collection of settings and parameters for a service
Comparable to ”offering” in CloudPlatform or ”product / bundle” in CloudPortal Business Manager
A Customer Plan is a collection of settings affecting all users within the customer
E.g. XenApp application access model, max allowed total mailbox size...

59. Enabling services at the portal
First at top location
Then at AD Location
Then create customer- and user-plans
Then assign reseller rights to the CSP admin
Optional: Assign resell rights to the additional resellers
Provision a Customer Plan to a customer
Provision User Plans to users

60. Closer look at the Provisioning Service
If I find material on this

61. Labs
Exchange
Provisioning a customers and a few users

62. Hosted apps and dekstops
Adding services:
Hosted apps and dekstops
App Orchestration

63. App Orchestration overview
One two slides on AppOrch

64. CSP Reference Architecture
DMZ
Tenant Network
CSP Network
Resource Pools
Storage
Provisioning
Authentication
Active Directory (Shared)
Merchandising Server
Netscaler /
Access Gateway HA Pair
CSP XenApp Farm
Authentication vLAN
Tenant1 XenApp Workers
Tenant2 XenApp Workers
Tenant3 XenApp Workers
Tenant4 XenApp Workers
Tenant 3 vLAN
Provisioning vLAN
Tenant vLAN
Shared vLAN
Management Network
Tenant4 vLAN
F i r e w a l l
F i r e w a l l
F i r e w a l l
XenApp Data Collectors
Licensing
EdgeSight
Power & Capacity Management
Database
Management vLAN
Web Interface
Application Servers
File Services
DNS & DHCP
Application vLAN
Now, let’s take a look at the simplicity and cloud-scale administration part.
This is our prescribed reference architecture created by our Solutions team. This was created to provide clear guidance to you guys on how to deploy and configure our components – to deliver apps and desktops as a service. Though providing this is absolutely necessary, we believe that it is not sufficient to provide just this and that’s because there are quite a few components that need to be deployed and configured the right way for delivering apps and desktops as a service.

65. Isolation in a Multi-Tenant Environment
Apps & Desktops as a Service
Blog
Tenant A
Shared Brokers and
Management Servers
Brokers and
Management Servers
Tenant A
Isolation : Best
Session Hosts
Cost: Higher
Farm Isolation
Tenant B
Shared Session Hosts
Tenant B
Session Isolation
Isolation : Basic
Cost: Low
Shared Brokers and
Management Servers
Tenant A
Isolation : Better
Session Hosts
Cost: Low-Med
Tenant B
Server Isolation
In a typical deployment, we have 2 logical blocks - the servers that perform brokering and management tasks and the servers where the user-sessions exist.
The simplest type of isolation is session-based, in which both the blocks are shared between tenants. There is some level of isolation provided by the session-level isolation – and the economics of this model are great – because all the components are shared. Quite a few CSPs do this in order to be able to deliver the cheapest possible desktop.
The second isolation model is server-based, where every tenant gets their dedicated pool of session hosts. Isolation is higher, costs are low-to-medium depending upon number of users.
The third isolation model is farm-based, where every tenant has their own dedicated deployment with none of the components being shared – and hence the isolation is highest, the costs are higher as well.
All three of these isolation models are available for hosted shared desktops, whereas for hosted VDI desktops, you can use either the server (i.e., desktop) isolation or the farm isolation model.
Different tenants have different isolation requirements and they can choose one of these and in some cases even a combination of these. For e.g., a tenant may want to get their financial app from a dedicated environment, but they may be OK getting training videos from a shared environment. App orchestration technology allows you to configure any of these MT models on a per app basis by simply clicking on a radio-button (as Jimmy will show later).
On the top right corner, there is a link to a blog that explains all of these isolation modes in much more detail.

66. Administration – The Legacy Way
Windows Servers
XenApp Farm
For e.g. if you take a very simple hypothetical deployment, you need to start with Windows servers, install XenApp on each of them, run the Server Role Manager to join them to the right farm.
Once you have your farms, then you need to use the App Center console to configure the farm. Then you need to use the Delivery Services Console, to create WI sites and point them to the right farm. And if you have multiple farms and Web Interface servers, then you need to manage each of them independently using their own consoles.
And once you are done with all of this, you need a way to track what you have done. So, how do you do that today?
Web Interface

67. Administration - With App Orchestration
Windows Servers
XenApp Farm
App Studio
(HTML5)
Web Interface
To solve these problems, with the app orchestration technology, you don’t have to configure each of these components individually using their respective consoles. Instead, we have built a service-provider focused data-model that is exposed by our App Studio console – such that the service provider has to only work with this console.

68. Administration - With App Orchestration
Windows Servers
Config
App
Orchestration
Engine
Access Control
Connector Agents
Multi-tenancy
XenApp Farm
App Studio
(HTML5)
Web Interface
Database
This console talks to the app orchestration service on the backend that has all of the business logic for configuration, multi-tenancy and access control for all of these components. Also, app orchestration works on the principles of “Desired-State”, where the admin can specify complex configuration with a few clicks and this is saved as desired configuration in the db. And then periodically the connectors wake up, they read the desired configuration and configure the products appropriately. This frees up the admin from having to find the right sequence of configuring products and then performing those tasks sequentially which might take a few hours some times.
And the system automatically tracks what configuration has been done for what tenants.

69. Hosted Apps and Desktops
Connects to App Orch v1
Requires to run a script to add rights on the Customer OU
Direct connection to the App Orch Engine, no web service install
Customer plan
Web server isolation
User plan
Applications and their isolation level

70. Lab
Hosted apps and desktop lab

71. Workflows

72. Worklow approval overview
Two scenarios
Customer workflows
SelfService
Reseller workflows
Can enable self service

73. Customer workflows All customer internal Can be for
User Service provisioning / de-provisioning
User account provisioning / de-provisioning
Two different approvals
Approval by managers
Need to define a manager
Approval by groups
Need to define groups
Approvals can combined

74. Manager Approval Process

75. Manager Approval Process

76. Manager Approval Process

77. Group Approval Process

78. Group Approval Process=
Accepted

79. Manager and Group Approval Process

80. Manager and Group Approval Process

81. Manager and Group Approval Process

82. Manager and Group Approval Process

83. Manager and Group Approval Process
Accepted

84. Service Provider workflows
Uses cases
Actions that need to approved by the service provider (Resellers?)
Can be used to approve
Customer creation
Service sign up withing customer
What else?

85. Service Provider workflow example

86. Approval process
Through portal

87. Modifying and extending worklows
Changing the message
Extending the functionality

88. Workflow lab wire frame
Enable workflows + self servie
Test Manager approval
Configure manager approval (one level), disable group
Set Manager as a default field
Define a manager for a user
User to subscribe to a service, manager to approve, user to test
Test Group approval
Configure group approval (disable manager), all has to apprive
Define group of two users
User to subsicrie to a service, group to approve,
If time permits, test a combination

89. Workflow lab wireframe cont’d
Service provider approval
Enable for customer creation, explore what else is there
Have reseller test signing up a customer, and signing up to a service
Approve
Repeat step 2 but, then reject and see what happens

90. Reseller and on boarding

91. Key concepts on reseller and on boarding
Reseller right / Service
Onborarding options
Csv file
AD sync

92. AD Sync – Simple Synchronization
Local Active Directory
Central, shared
Active Directory
Password change
User delete
Automation API
Selected User accounts
Synchronization
Replicated AD Account
User
create
User Update
Easy deployment
Configurable
Account expiry
Transform
Service Provisioning
Reliable
Secure
Near real-time
Queued

93. Reporting

94. Citrix Confidential - Do Not Distribute – May 2013
Upgrading CPSMv10 to CPSMv11
Citrix Confidential - Do Not Distribute – May 2013

95. Citrix Confidential - Do Not Distribute – May 2013
Upgrade Overview
Upgrade Process for System Databases
Upgrade Process for Platform Server Roles
Upgrade Process for Web Components
Upgrade and Migration Process for the Reporting Service and Data Warehouse
Citrix Confidential - Do Not Distribute – May 2013

96. Citrix Confidential - Do Not Distribute - May 2013
Upgrade Overview
Cloud Portal Services Manager 11.0 supports in-place upgrading from Cloud Portal Services Manager 10
The following steps outline the recommended upgrade process:
Disable all locations in your deployment by stopping the Directory Web Service, Provisioning Engine, and Web platform components.
2. Back up all Services Manager databases (OLM, OLM Reports, OLM Reporting).
3. Upgrade the system databases.
4. Upgrade and reconfigure platform server roles and web services in use.
5. Upgrade the Reporting service and migrate the data warehouse.
Enable all locations by starting the Directory Web Service, Provisioning Engine, and Web
platform components.
Citrix Confidential - Do Not Distribute - May 2013

97. Citrix Confidential - Do Not Distribute - May 2013
Upgrade Process For System Databases
From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade System N
Databases and then click Install.
4. When prompted, accept the End User Licensing Agreement and then click
Next.
5. Click Install. The Setup Tool installs the Configuration Tool and displays
progress. Click Finish to continue with the upgrade process.
7. On the Specify Primary Database Settings page, perform the following
actions and then click Next:
Notes:
To upgrade the Services Manager system databases, the Configuration Tool deploys a set of SQL scripts that are included on the Services Manager installation media. Upgrading the system databases occurs before any other component is upgraded.
Before performing this task, ensure you have backed up all databases in your Services Manager deployment: OLM, OLMReports, and OLMReporting
Important: The upgrade process makes irreversible changes to these databases. Creating backups ensures you can recover and restart the upgrade process in the event of a
failure. Use this task to upgrade system databases from Cloud Portal Services Manager 10 to system databases compatible with Services Manager 11. You can perform this task on the database server for the primary location or on a server that can connect to the database server. This task must be completed before any other upgrade activity occurs.
Citrix Confidential - Do Not Distribute - May 2013

98. Citrix Confidential - Do Not Distribute - May 2013
Enter the following database details for the primary location:
• In Server address, specify the database server for the primary location using
the DNS alias, IP address, or FQDN.
• In Server Port, select Use specific port and enter the port number used by the
SQL Server. The port for the default instance of SQL Server is 1433.
• In Authentication Mode, select whether to use Integrated (Windows) or SQL
authentication. By default, Integrated is selected.
• In Connect as, specify the username and password of the SQL administrator
user. These fields are available when select the SQL authentication mode.
Citrix Confidential - Do Not Distribute - May 2013

99. Citrix Confidential - Do Not Distribute - May 2013
Click Test Connection to ensure the Configuration Tool can contact the SQL Server:
8. On the Confirm Databases Are Backed Up page, select This step has been
completed and then click Next.
9. On the Summary page, review the database configuration information. If you
want to change anything, click Back to return to the appropriate configuration
page.
10. Click Commit. The Configuration Tool launches the database upgrade scripts
and displays the upgrade progress.
11. When the upgrade is completed, click Finish. The Configuration Tool returns
you to the Upgrade Existing Deployment page.
Citrix Confidential - Do Not Distribute - May 2013

100. Upgrade Process For Platform Server Roles
This upgrade process applies to the Directory Web Service, Provisioning, and Web roles only.
The Configuration Tool performs the following tasks when upgrading the Provisioning role:
Back up the configuration files.
2. Stop the Queue Monitor service.
3. Disable all scheduled tasks.
4. Upgrade product files and applicable registry settings.
5. Restore configuration files and apply any XML updates.
6. Restart the Queue Monitor service.
7. Re-enable all scheduled tasks.
Notes:
When upgrading the Web server role, the Configuration Tool imports service package components such as service schema and properties. For components that will be updated with newer versions, the Configuration Tool gives you the option of overwriting the current version or ignoring the component.
The following customer data files are preserved during the upgrade process:
Upgraded Server
Role
Provisioning
File Location:
• INSTALLDIR\Provisioning Engine\appSettings.config
• INSTALLDIR\Provisioning Engine\CortexCommand.exe.config
• INSTALLDIR\Provisioning Engine\CortexEventLogMonitor.exe.config
• INSTALLDIR\Provisioning Engine\CortexQueueMonitor.exe.config
• INSTALLDIR\Provisioning Engine\ProvisioningManager.exe.config
• INSTALLDIR\Provisioning Engine\RequestGenerator.exe.config
• INSTALLDIR\Provisioning Engine\RulesEditor.exe.config
Web
• INSTALLDIR\CortexWeb\Web.config
• INSTALLDIR\CortexWeb\CortexDotNet\Web.config
• INSTALLDIR\CortexWeb\CortexDotNet\Downloads\*
• INSTALLDIR\CortexWeb\CortexDotNet\pics\*
• INSTALLDIR\CortexWeb\CortexDotNet\Stylesheets\*
• INSTALLDIR\CortexWeb\CortexAPI\Web.config
When upgrading to this version of Services Manager, be aware that you might need to update some customizations manually to accommodate certain product changes. For example, you might need to update custom style sheets to accommodate changes in the site structure.
Citrix Confidential - Do Not Distribute – May 2013

101. Upgrade Process For Web Components
1. Stop the site and applicable web services in IIS.
2. Back up the site. The default file path for this backup is %Program Data%\Citrix\CloudPortal
Services Manager Setup\Backups\Legacy\component-name.
3. Update physical paths in IIS to point to the site backup.
4. Update the site files in the %Program Files% directory.
5. Copy updated site files from %Program Files% to C:\Inetpub\site-name.
6. Restore customer content from site backup (for example, downloads, images, style sheets, or
scripts).
7. Restore web.config file from site backup and apply updates.
8. Update physical paths in IIS.
9. Restart site in IIS.
Notes:
Web components include the control panel web site, the API service, and all supported web services. In Services Manager 10, sites and services are hosted from the Program Files directory. When upgrading web components, the Configuration Tool performs the following tasks:
Important: In addition to this section, review the topic Upgrade Deprecated Services, which contains information about services that are not supported in Services Manager 11. If your Services Manager 10 deployment includes any deprecated services, you must prepare your deployment accordingly prior to upgrading any web components.
Before upgrading, the Setup Tool updates all sites to run from the backup and puts all associated sites and application pools in a stopped state. If the names of any of the sites or application pools have been changed, the changes must be specified in an XML file. To create this file, use the following format:
<Configuration>
<Property Name="<service-id>.ApplicationPool" Value="MyAppPool" />
<Property Name="<service-id>.Application" Value="MyAppName" />
<Property Name="<service-id>.Site" Value="MySite" />
</Configuration>
The service-id property is the web service's deployment identifier used in the Configuration Tool. After creating the XML file, you can initiate the upgrade using the following command:
CortexSetup.exe /ConfigFile:path-to-XML-file /Upgrade
In the event a conflict arises, the sites remain in a stopped state and reference the backup created earlier. Site files in the %ProgramFiles% directory are updated and site content in C:\Inetpub\component-name are reverted to the previous version. You can then review the configuration update file located in %ProgramFiles% and make any necessary changes to the deployed web.config file.
Citrix Confidential - Do Not Distribute – May 2013

102. Citrix Confidential - Do Not Distribute
Upgrade and Migration Process For The Reporting Service and Data Warehouse
1. Back up Services Manager 10 config.xml file, report definitions, and data sources.
2. Upgrade product files for the Reporting service.
3. Finalize the upgrade and start the new Data Warehouse service.
After these tasks are completed, you can migrate the data warehouse. This process launches the DataWarehouseMigrator.exe command- line utility which performs the following tasks:
1. Import new reporting configuration and report definitions for enabled services.
2. Migrate the OLMReporting database and generate the required configuration files.
After the utility is finished running, you manually restore any reporting customizations. For example:
1. Redeploy any custom views or stored procedures to accommodate schema changes.
2. Migrate any custom commands in the Version 10 config.xml file to the Version 11 config.xml file to
accommodate schema changes.
3. Redeploy any report definition customizations.
Notes:
Migrating the data warehouse uses the public API of the Data Warehouse service and a Data Transfer configuration file to update the required schema in the OLMReporting database and reprocess historical data..
This process might run for an extended period of time due to data reprocessing. You can monitor this process through the Data Warehouse logs located at %PROGRAMDATA%\Citrix\CloudPortal Services Manager Setup\Logs\Data Warehouse Migration\timestamp.log.
Additionally, the %PROGRAMFILES%\Citrix\Cortex\Data Warehouse Service\log folder contains logs of errors that occur while upgrading the OLMReporting database schema and data to the Version 11 format.
Citrix Confidential - Do Not Distribute

103. Modifying and customization

104. Ways to change CPSM Adding provisioning steps Language files
Translating
Extra rigths

105. Troubleshooting

106. Troubleshooting Looking at the provisioning workflow
On the Provisioning Server go to the CloudPortal Configuration Menu > Provisioning and Debug Tools > Provisioning Requests
Try out different queries through the web services
Enabling tracing
Open up C:\Program Files(x86)\Citrix\Cortex\Services\Service Name\web.config
Change <trace enabled="true" requestLimit="40” … and save
Look at the trace by browsing to Name/trace.axd
Common pitfalls
Restarting the provisioning engine
Wait until the process (CortexQueueMonitor) is stopped before starting the provisioning engine

107. Other common tips
Before changing configuration, especially adding location, backup databases, and snapshot the VMs

108. Jona troubleshooting the provisioning process
Need to get that documented at some point

109. References

110. Demo environment from VTC
CSP toolkit
E-docs
CaaS.citrite.net

111. Credits

112. Credits Madhu Sudan, WWTSR Jared Engskow Virtual Training Team
Jay Strydom
Darren Harding & Jona Appelbaum