TS Profiles

User profiles

Citrix Values 2004 Spain© 2004 Ozona Consulting Diego Berea [email protected]

User profiles design strategies in Terminal Services and Citrix environments

Index of contents

Overview Definition · Components · Functionality · Assigning Profiles

User profile design strategies Local · Roaming · Mandatory · Multiple roaming

Hybrid profile architectures Flex profile kit 3.0 · CCS hybrid profile · Tricerat simplify profiles (regset)

Conclusions User profiles monitoring · Profile feature matrix

User profile

Collection of settings that contain user preferences and configuration settings. These preferences and settings help shape the user desktop, applications and available resources.

• User-specific files and folders.• Registry settings.

User profiles allow customization and configuration of the users’ environment (look and feel, application settings, resource availability, etc.) delivering different environments to users, even if they are connected to the same server at the same time.

Overview

OverviewData stored in the user profile

• Windows desktop configuration• Internet connection settings• Printers and mapped drive connections• Temporary Internet file locations• Application settings

• Per application settings in the registry (stored in each user's profile in a file called ntuser.dat).

· Desktop settings· Application settings· Resource configuration· Security lock downs

REGISTRY SETTINGS

OverviewData stored in the user profile

· Temporary Internet files· Application data· My documents· Cookies· Desktop· Favorites· Start menu· Recent· Templates

PERSONAL FILES AND FOLDERS

OverviewUser profile assignmentThe appropriate location of the user profile can be assigned in either the NT or Active Directory-based domain.

Home directory\\FileServer\homedrive\%username%Profile\\FileServer\Profiles\%username%

OverviewUser profiles on SBC environments

Profile design is critical in SBC environments because of the impact of multiple users making changes that affect performance, funcionality and settings for all users.

NOTE: Every user will have a user profile, even those running exclusively published applications.

The Challenge of profile design on SBC environments• Many users logged in the same server at the same time• The balance between profile versatility and control.

OverviewPolicies and profiles

• Delete cached roaming profiles • Disable slow link detection • Wait for the remote copy of the roaming user profile• Log users off when roaming profile fails• Specify number of attempts to unload/update user profile registry • Redirect user shell folders to default local/roaming specified location• Establish parameters for user profile size• Exclude additional directories from roaming profile

OverviewUser profiles size controlDecreases logon time and network traffic

• Redirect folders to locations outside of the user’s profile My documents, Application data, Start menu, etc. Desktop should not be redirected.

• Exclude folders from being copied to the user’s profile Local settings, temporary internet files, history, temp, etc.

(Just for the logoff process)

• Disk quota for the user profile

OverviewLocal cache of user profilesLocal copy of roaming profiles• Decreases logon time and network traffic• Could cause the server to run out of disk space

Pre-configuration of user profilesMandatory and default profiles might be preconfigured so that they’re ready to go the first time the users logs on.

User profile design strategiesUser profile basic design strategies

• Local• Roaming• Mandatory• Multiple roaming

User profiles design process. Generic process map

Definición estrategia de profiles

PF-1

Prototipado e implantación

PF-2

Migración de usuarios

Usuarios

6Aceptación

Dirección proyecto

7Prototipo

Subconjunto usuarios

5

X+15

Configuración arquitectura

Ingenieros de sistemas

3Diseño estrategia profiles

Consultores

2Definición necesidades

Dir. Proyecto y consultores

1

¿Migración satisfactoria?

Si

No2

X

¿prototipo satisfactorio?

Si

No2

Y+60Y

PF-CL1 Checklist definición de necesidades

Plantilla de definición de necesidadesPF-T1 Documentación de diseño de

la estrategia de profilesPF-T2

Plantilla de informe de resultados del prototipoPF-T3 Plantilla de informe de

resultados de la migraciónPF-T4

PF-IT1 Instrucciones técnicas prototipo profiles PF-IT2 Instrucciones técnicas

migración de usuarios

PF-CL2 Checklist de inspecciones finales y aprobación

Presentación propuesta


4

¿Aceptación propuesta?

Si

No1

User profile design strategies

Local profiles. Overview• A local user profile is stored locally on each computer (PC or server)• Local profiles are only applied on to the computer where they are stored.• Settings are not replicated to other computers Each user will have a different local profile in each server


- Speed and stability- No configuration is needed- No network traffic at all- Highly customizable on a per-user basis

ADVANTAGES

- Only applied to the local computer- No consistency across servers- Local disk space consumption

DISADVANTAGES

Local profiles. User logon process

L1L2

User profile design strategiesUSER LOGON

GET USER’S PROFILE PATH FROM A DC

LOCAL PROFILE

DOES THE LOCALPROFILE EXIST?

BEGIN THE USER’SSESSION

LOAD THE LOCALPROFILE

A NEW LOCAL PROFILEMUST BE CREATED

COPY THE DEFAULT PROFILE

Roaming profiles. Overview

• Made up of the same components of a local profile.• Roaming profiles are centrally stored in a file server.• Profiles are downloaded during user logon and uploaded during logoff. Each user will have an unique profile across servers.


- Same profiles applied accross servers- Easy to configure- Consistent working environment- Centrally stored

ADVANTAGES

- Increased network traffic- Increased logon times- Limited size control- Increased risk of corruption

DISADVANTAGES

Roaming profiles. User logon process

NOTE: The same roaming profile is applied to PCs and servers

R1 R1

LOGON DE USUARIO

CONSULTA EN AD TIPO USER PROFILE

ROAMING PROFILE

¿ESTÁ DEFINIDOEL TS PROFILE?

INICIO DE SESIÓN

¿ESTÁ DEFINIDOEL PROFILE? PROFILE LOCAL

¿LA COPIA LOCALES MAS RECIENTE?

¿HAY COPIA LOCALDEL PROFILE?

PREGUNTAR ALUSUARIO

CARGA DE LA COPIAEN CACHÉ

DESCARGA DELROAMING PROFILE

NO

NO

SI

SI

NO NO

SI

SI


Roaming profiles. Terminal services user profile assignment


Roaming profiles. User logon process(Using an specific terminal server user profile definition)

R1 R2

R2


Roaming profiles. Roaming profile creation process

1. Profile path is identified and created2. User logs on the first time3. The profile is created using the standard default profile4. The profile is saved to the user profile path on logoff


Mandatory profiles. Overview• Mandatory profiles are a form of roaming profiles where user’s settings are not saved during logoff. • NTUSER.DAT must be renamed to NTUSER.MAN. Users share a read-only user profile.


- Consistent working environment- Small size- Lowers risk of corruption- Centrally stored (or not)

ADVANTAGES

- No user customization allowed- No personal setting persistence- Completely restrictive

DISADVANTAGES

Mandatory profiles. User logon process

M1 M1


Mandatory profiles. Mandatory profile storage

• On each SBC server Faster loading of profile Faster logon• Central file server Changes can be made easily• SYSVOL share on Active Directory domain controllers Automatically propagated to all other domain controllers


Multiple roaming profiles. Overview• Standard terminal services profile assignment but using environment variables in the profile path: %profileServer%\%username%

• Values are given for the environment variables on each server (or silo). Each users will have several user profiles.

Note: Win2003 allows the definition of user profile overrides via a policy

User profile design strategy

Multiple roaming profiles. User logon process

R1 R2

R3

User profile design strategy

Cons of a simple strategy for user profiles

• Lengthy logon time• Excessive network traffic • Eliminate roaming profiles inconsistency and corruption

• Effective mandatory profiles• Disk space consumption.• Stability issues.

THE SOLUTION IS TO USE A HYBRID ARCHITECTURE THAT COMBINES THE CHARACTERISTICS OF ROAMING AND MANDATORY PROFILES.

Hybrid Profile Architecture

User profile Hybrid Architecture

• Flex Profile Kit 3.0 (FPK)• CCS Hybrid Profile• Tricerat Simplify Profiles (regset)


For each one of them:• Description• How it works• Architectural design• Logon and logoff process

FPK 3.0. Flex Profile Kit 3.0 overview

• Based on a “customized” mandatory profiles.• Created by Jeroen Van Der Kamp

(http://www.loginconsultants.nl).• Uses Microsoft Office 2003 Resource Kit profile wizard

component.• Works Importing and Exporting files and portions of registry to

OPS files.


FPK 3.0. User logon process


R1 M1

FPK 3.0. Design

• Configure a single mandatory profile. • Define folder redirection police.• Create .INI file to store registry entries.• Copy proflwiz.exe and .INI files to all TS or Citrix servers.• Create a login script that calls proflwiz.exe.• Or edit current login script to call proflwiz.exe.• Configure User Accounts to use the new profile.


PF-1


PF-2


Usuarios

6Aceptación

Dirección proyecto

7Prototipo


5

X+15




Consultores



1


Si

No2

X


Si

No2

Y+60Y











4


Si

No1


FPK 3.0. Login and logoff process

COPY

INICIO

COPIAR .OPSA LOCAL

CARGA DEL SHELL

CARGA DEL MANDATORY PROFILE

EJ ECUCIÓN DELLOGIN SCRIPT

EJ ECUCIÓN DEPOLÍTICAS

FIN

PROFLWIZ.EXE

IMPORTAR .OPS EN EL REGISTRO

Copy /Y Z:\appdata\ozona.ops "%temp%\ozona.ops" proflwiz.exe /r "%temp%\ozona.ops" /q


INICIO

EJ ECUCIÓN DELLOGOFF SCRIPT

ELIMINACIÓNUSER PROFILE

FINALIZACIÓNSHELL

FIN proflwiz.exe /s "%temp%\ozona.ops" /i d:\ozona.ini /qcopy /Y "%temp%\ozona.ops" Z:\appdata\ozona.ops

PROFLWIZ.EXEPROFLWIZ.EXE

LEER .INI DE CONFIGURACIÓN

EXPORTAR RAMAS REGISTRO A .OPS

COPY

COPIAR .OPSA LA RED

FPK 3.0. Examples


FPK 3.0. Profile Architecture

Proflwiz.exe dialog box without “/q” switch:

Dialog box changes using a hexadecimal editor


FPK 3.0. Flex profile optimization

Recommendation

Execute all local components (proflwiz.exe, .ini files, etc…)

Always use the “quite” switch

Import and Export the .OPS file from local units

Import and export the .OPS file from home drive

Use flex profile to store user files in a .OPS file

Use different INI files per published file per silo.


CCS hybrid profile. Overview

• Combines a mandatory profile and user-specific registry settings.• Developed by Citrix Consulting Services (www.citrix.com/consulting).• Not sold as a product but as an CCS service. • 5 days for 2 consultants including knowledge transfer and

documentation (basic project).

• Web based management.• Settings are stored in XML files and user configuration in binary files.


CCS hybrid profile. Hybrid profile web interface (I)The hybrid profile GUI is composed by two main items.

• XML settings web maintenanceDefine categories and configurations.

• XML configuration web maintenanceDefine and maintain the XML configurations.


CCS hybrid profile. Hybrid profile web interface (II)

Category Definitions Sample category: “word”If HKCU/Software/CCS/ServerType = “Office”

Logon: Load “word” and “excel” configurationsLogoff: Store “word” configuration


CCS hybrid profile. Hybrid profile web user interface (III)

Definición de una configuración Example configuration: “word”Hive HKCU/Software/Microsoft/Office/9.0/Word.dat file: Office.dat


CCS hybrid profile. User logon process


R1 M1

CCS hybrid profile. Design (I)

• Based on CCSUtility.dll (COM+ object, holding all main functions of the Hybrid Profile)

• Launches HelperApp.dll (The API used to import/export registry keys)

• Stores comprehensive per-user status and error information in a log file

• Database GUI based on MS access

Hybrid Profile ArchitectureDefinición

estrategia de profiles

PF-1


PF-2


Usuarios

6Aceptación

Dirección proyecto

7Prototipo


5

X+15




Consultores



1


Si

No2

X


Si

No2

Y+60Y











4


Si

No1

CCS hybrid profile. Design (II)

• Install CCSUtility and register the COM+ object.• Install the Web GUI and configure access permissions.• Configure a unique mandatory profile. • Customize logon.vbs and logoff.vbs scripts.• From the Web GUI, define configurations and categories.


PF-1


PF-2


Usuarios

6Aceptación

Dirección proyecto

7Prototipo


5

X+15




Consultores



1


Si

No2

X


Si

No2

Y+60Y











4


Si

No1


CCS hybrid profile. Session Login and logoff

CCSUTILITY.DLL

INICIO

LECTURA DE LACONFIGURACIÓN

CARGA DEL SHELL




FIN

CCSUTILITY.DLL

MAPEO DE UNIDADES E IMPRESORAS

CCSUTILITY.DLL

COPIA DE FICHEROSY DIRECTORIOS

HELPERAPP.DLL

IMPORTAR RAMASEN EL REGISTRO


INICIO



FINALIZACIÓNSHELL

FIN

HELPERAPP.DLLCCSUTILITY.DLL


EXPORTAR RAMASDE REGISTRO

Tricerat simplify profiles. OverviewBased on mandatory profiles with customizations.• A Tricerat Corp product (http://www.tricerat.com).• Graphical Interface to import/export registry keys for:

• Users, User groups or machine.sorting configurations by priority.

• Configurations are stored in a database (Borland database engine) and replicated to other servers.

• PPS: 499 € per server + 99 € Support Price per server up to 4 processors. Support contract is mandatory for the first year.


Tricerat simplify profiles. RegSet Administrator (I)

Available definitions There are three different ones:• Set or Write only (RSRun.exe)• Delete (RSRun.exe)• Save/restore

Definitions applied to “dbc”


Tricerat simplify profiles. RegSet administrator (II)


Store application settings(save/restore example)

Profile folder redirection (Set/delete example)

Tricerat simplify profiles. User logon process


R1 M1

Tricerat simplify profiles. Design

• Create a shared folder \\server\regset$ • From RegSet Administrator console:

- Configure the default path to share folder- Define all servers on the replication list.- Create configurations and assign them to users, groups or machine.

REPLACE USERINIT.EXE WITH RSSTART.EXE

Hybrid Profile ArchitectureDefinición

estrategia de profiles

PF-1


PF-2


Usuarios

6Aceptación

Dirección proyecto

7Prototipo


5

X+15




Consultores



1


Si

No2

X


Si

No2

Y+60Y











4


Si

No1

Tricerat simplify profiles. Session Login and logoff

INICIO



FINALIZACIÓNSHELL

FIN

RSSTART.EXERSSTART.EXE


EXPORTAR RAMASDE REGISTRO


RSTART.EXE

INICIO


CARGA DEL SHELL




FIN

RSTART.EXE

IMPORTAR RAMASEN EL REGISTRO

Profile feature matrix

Conclusions

LOCAL

ROAMING

MANDATORY

HYBRID

Custo

miza

ble on

a per

-use

r bas

is

Acce

ssible fro

m any

server

Cons

isten

t wor

king e

nviro

nmen

t

User

pro

file siz

e co

ntro

l

Optim

izes n

etwor

k tra

ffic

Decrea

ses l

ogon

times

Lower

s risk

of c

orru

ption

Final Considerations• Local, roaming and mandatory sometimes don't fit every need.

• The Hybrid Architecture may require some adjustments. Incorrectly used, may present the same problems as the basic ones.

• Proactive monitoring of user profiles is recommended.

• Progressive migration if multiple roaming profiles.

Conclusions

How to elect one user profile strategy

• Administrative effortImpact of adding an user, a server or a zone.

• Need for manual configurationUser account configuration. Pre-configured options.

• Flexibility vs. controlBalance between profile personalization and disk space consumption.

Conclusions

Ozona ConsultingI SANTIAGO DE COMPOSTELARaxoeira 2, 4º - O Milladoiro - 15895 - A

CoruñaSebastián Santiago

([email protected])Teléfono: 981 53 63 03

I MADRIDSerrano 41, 3º - 28001 – MadridRaúl Nogales ([email protected])Teléfono: 91 297 33 68

I LISBOAAvda. João Crisóstomo, 31, 2º - 1050-125 –

LisboaCristina Sousa ([email protected])Teléfono: 21 319 16 30

I BARCELONAComing soon...

TS Profiles

Documents

Transcript of TS Profiles