Category: Citrix

Run Microsoft Teams in a virtual environment

Run Microsoft Teams in a virtual environment

https://docs.microsoft.com/en-us/microsoftteams/virtual-environment-teams

A Virtual Desktop Infrastructure (VDI) environment is used in some organizations where security and compliance issues are especially sensitive. Their users do their work on a virtual desktop containing all their desktop applications and files using Remote Desktop Services or a similar remote connection. Since Teams on the virtual desktop has not been optimized to access or use the audio or video devices on the user’s local device (without additional software), working in a VDI environment will usually have challenges related to multimedia scenarios such as calling, video calling, screen sharing, app sharing, co-authoring, and more.

Note

Organizations can choose to run Teams fully in VDI (using either the Web App or Desktop Client) but it is recommended that the following policies be turned off, so users don’t have a poor experience in a virtualized environment. Note that it can take some time for these policy changes to propagate. If you don’t see changes for a given account immediately, try again after a few hours.

Calling

The CsTeamsCallingPolicy cmdlets enable administrators to control whether calling and calling options in private and group chats are enabled or not.

Policy name Description Recommended value
AllowPrivateCalling Controls whether the Calling app is available in the left rail of the Teams client or not. Also controls whether users see Calling and Video Call options in private chat. Set this to False to remove the Calling app from the left rail and to remove the Calling and Video Call options in private chat.

PowerShell instructions

  1. Launch PowerShell as an Administrator.
  2. Connect to Skype Online Connector:
    >> # Set Office 365 User Name and Password
    >> $username = “admin email address”
    >> $password = ConvertTo-SecureString “password” -AsPlainText -Force
    >> $LiveCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

    >> # Connect to Skype Online
    >> Import-Module SkypeOnlineConnector
    >> $sfboSession = New-CsOnlineSession -Credential $LiveCred
    >> Import-PSSession $sfboSession

  3. View list of Calling Policy Options:
    >> Get-CsTeamsCallingPolicy
  4. Look for the pre-canned option where all calling policies are disabled:
    Screenshot of meetings option with all meeting policies disabled.
  5. Apply the “DisallowCalling” pre-canned policy option to all users who will be using Teams in a virtualized environment:
    >> Grant-CsTeamsMeetingPolicy -PolicyName AllOff -Identity “user email id”

Meetings

The CsTeamsMeetingPolicy cmdlets enable administrators to control the type of meetings that users can create or the features that they can access while in a meeting. It also helps determine how meetings deal with anonymous or external users.

Policy name Description Recommended value
AllowPrivateMeetingScheduling Determines whether a user would be allowed to schedule private meetings. Set this to False to prohibit the user from being able to schedule private meetings.
AllowChannelMeetingScheduling Determines whether a user would be allowed to schedule channel meetings. Set this to False to prohibit the user from being able to schedule channel meetings.
AllowMeetNow Determines whether a user would be allowed to create or start ad-hoc meetings. Set this to False to prohibit the user from being able to start ad-hoc meetings.
ScreenSharingMode Determines the mode in which a user would be allowed to share screen in calls or meetings. Set this to Disabled to prohibit the user from sharing their screens.
AllowIPVideo Determines whether video is enabled in a user’s meetings or calls. Set this to False to prohibit the user from sharing their video.
AllowAnonymousUsersToDialOut Determines whether anonymous users are allowed to dial out to a PSTN number. Set this to False to prohibit anonymous users from dialing out.
AllowAnonymousUsersToStartMeeting Determines whether anonymous users can initiate a meeting. Set this to False to prohibit them from initiating a meeting.
AllowOutlookAddIn Determines whether a user can schedule Teams Meetings in Outlook desktop client. Set this to False to prohibit a user from scheduling Teams meeting in Outlook client.
AllowParticipantGiveRequestControl Determines whether participants can request or give control of screen sharing. Set this to False to prohibit the user from giving, requesting control in a meeting.
AllowExternalParticipantGiveRequestControl Determines whether external participants can request or give control of screen sharing. Set this to False to prohibit an external user from giving, requesting control in a meeting.
AllowPowerPointSharing Determines whether PowerPoint sharing is allowed in a user’s meetings. Set this to True to allow.
Set this to False to prohibit user from sharing PowerPoint files in a meeting.
AllowWhiteboard Determines whether whiteboard is allowed in a user’s meetings. Set this to False to prohibit whiteboard application in a meeting.
AllowTranscription Determines whether real-time and/or post-meeting captions and transcriptions are allowed in a user’s meetings. Set this to False to prohibit transcription and captioning in a meeting.

PowerShell instructions

  1. Launch PowerShell as an Administrator.
  2. Connect to Skype Online Connector:
    >> # Set Office 365 User Name and Password
    >> $username = “admin email address”
    >> $password = ConvertTo-SecureString “password” -AsPlainText -Force
    >> $LiveCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

    >> # Connect to Skype Online
    >> Import-Module SkypeOnlineConnector
    >> $sfboSession = New-CsOnlineSession -Credential $LiveCred
    >> Import-PSSession $sfboSession

  3. View list of Meeting Policy Options:
    >> Get-CsTeamsMeetingPolicy
  4. Look for the pre-canned option where all meeting policies are disabled:
    Screenshot of calling option with all meeting policies disabled.
  5. Apply the “AllOff” pre-canned policy option to all users who will be using Teams in a virtualized environment:
    >> Grant-CsTeamsMeetingPolicy -PolicyName AllOff -Identity “user email id”

Known limitations

Besides the audio and video limitations previosly mentioned, there are some additional limitations users on virtualized environments might face:

  • Joining meetings created by others. Even though the above policies restrict users from creating meetings, they will still be able to join meetings sent out by other users. Within these meetings, their ability to share video, use WhiteBoard and other features will depend on whether the admin disabled them or not.
  • Issues related to cached content. If the virtual environment that Teams is running in is not persisted (data is cleaned up at the end of each user session), users might notice performance degradation due to the client having to re-download all content again, regardless of whether the given user accessed the same content in a previous session. This performance impact can be mitigated by using roaming cache solutions, such as those provided by FSLogix.

Once Teams has been optimized for use within Virtual Desktop environments, admins can revert these policies and

Citrix Profile Management and Folder re-direction Configuration

Citrix Profile Management and Folder re-direction Configuration

  1. Folder Re-Direction Group Policy
  2. Exclude Policy
  3. Citrix UPM Install and Configuration
    1. Sync “AppData\Local\Microsoft\Windows\UsrClass.dat”

Reference

 

XenDesktop 7.6 Platinum and CloudBridge VPX for WAN optimization FALSE Advertising

XenDesktop 7.6 Platinum and CloudBridge VPX for WAN optimization FALSE Advertising

 [UPDATE] After escalation this to Citrix, they are going update EULA. 

To summaries the issues, According to the XenDesktop Platinum Feature matrix, it clearly lists CloudBridge VPX as a included features, but if you read the FAQ for XenDesktop Licenses, it states that you can only deploy this in your Branch office for free and not in your Datacenter.. This is in my belief is false advertising, as the product brochure states that a features is including in the purchase of the software, but the FAQ states different. Also, how is Datacenter defined. Also, there is NOTHING in the EULA for either XenDesktop or CloudBridge. There is a Official Citrix Blog advertising discussing Branch Repeater which is the old marketing term states it’s all free and included.

All the info below :-

I am just documenting this so that it saves someone else wasting time.. I personally believe, if you purchase XenDesktop Platinum you are entitled to deploy the CloudBridge VPX anywhere you like as the EULA does not state anything and does not define a Datacenter.. That is a generic term, it won’t hold up in Court. This is just false advertising.

According to the Citrix XenDesktop Feature Matrix: – https://www.citrix.com/go/products/xendesktop/feature-matrix.html.

XenDesktop 7.6  includes CloudBridge VPX for WAN optimization significantly improves XenDesktop and XenApp capacity and performance over the WAN while providing a unified platform that accelerates applications across public and private networks, resulting in superior application performance and end user experience.

Also, in this official Citrix Blog :- http://blogs.citrix.com/2011/02/13/citrix-xendesktop-gets-wan-tastic/

Effective February 14, 2011, XenDesktop Platinum will include the new HDX WAN optimization feature, powered by Branch Repeater VPX – at no additional charge. You can deploy the new HDX WAN Optimization virtual appliances in unlimited number of branch offices with WAN links up to 45Mbps,

Does this include a license to run the Branch Repeater VPX in the central data center? As long as you are delivering XenDesktop Platinum (virtual desktops) over WAN links optimized by Branch Repeater VPX instances, you can run the included Branch Repeater VPX at any location, including your data centers. You may also chose to use the included virtual appliances with a mix of separately purchased physical appliances depending on your bandwidth at the datacenter and branch offices, and scalability and availability requirements.

But, the FAQ: XenApp and XenDesktop 7.x Licensing:- http://support.citrix.com/article/CTX128013 states the following:-

Can the CloudBridge VPX appliances obtained as part of the XenDesktop Platinum entitlement
be used in the data center?

No. The CloudBridge VPX entitlement is intended for use at the branch as noted in the CloudBridge End-
User License Agreement (EULA)

But, the EULA for XenDesktop and CloudBridge VPX – http://www.citrix.com/buy/licensing/agreements.html Does not state anything about this clause..

So this is false advertising, either Citrix should update the EULA and deleted the blog or provide the ability to deploy in the Primary data center as per the original advertising.

Citrix FlexCast Models

Citrix FlexCast Models

Hosted shared – With the hosted shared FlexCast model, multiple user desktops are hosted on a single server-based operating system and provisioned using Machine Creation Services or Provisioning Services. The hosted shared desktop model provides a low-cost, high-density solution, however applications must be compatible with a multi-user server based operating system. In addition, because multiple users are sharing a single operating system, users are restricted from
performing actions that negatively affect other users, for example installing applications, changing system settings and restarting the operating system. There is also the potential that a single user could consume an unfair share of resources, which may negatively affect other users. The hosted shared FlexCast model is provided by Citrix XenDesktop in combination with MicrosoftRemote Desktop Services (RDS).

• Hosted VDI – The hosted VDI FlexCast model provides each user with a desktop operating system. Hosted VDI desktops
are less scalable than hosted shared desktops because each user requires their own operating system. However, hosted VDI
desktops remove the requirement that applications must be multi-user aware and support server based operating systems.
In addition, the hosted VDI model provides administrators with a granular level of control over the number of virtual processorsand memory assigned to each desktop. The hosted VDI model is provided by Citrix XenDesktop, and offers the following subcategories:
Random / Non-Persistent – Desktops are based on a single master image and provisioned using Machine Creation
Services or Provisioning Services. Users are dynamically connected to one of the desktops in the pool each time they
logon. Changes to the desktop image are lost upon reboot.
Static / Non-Persistent – Desktops are based on a single master image and provisioned using Machine Creation
Services or Provisioning Services. Users are allocated a virtual
desktop on first access. Once assigned, users will always
be connected to the same virtual desktop. Changes to the
desktop image are lost upon reboot.
Static Persistent – Desktops are based on a single master
image and provisioned using Machine Creation Services or
Provisioning Services. Users are allocated a virtual desktop on
first access. Once assigned, users will always be connected
to the same virtual desktop. Changes to the desktop are
stored in a personal vDisk and retained between reboots.
Desktops with a personal vDisk cannot be shared between
multiple users; each user requires their own desktop. If high
availability is required, the personal vDisk must be stored on
shared storage.
• Remote PC – Physical desktops that have already been
deployed. These desktops must be managed manually or with
3rd party desktop management tools.
• Streamed VHD – Desktops are based on a single master image
15 Overview Assess Design Monitor Appendix Click here to provide feedback
and provisioned using Provisioning Services. The streamed VHD
FlexCast model allows Windows XP, 7 and 8 desktops to be
run locally on the user’s desktop computer. Streamed VHD is a
great solution for high-end workstations because it allows them
to leverage local processing power. Streamed VHD requires a
LAN connection to be in place between the desktop and the
provisioning servers and changes to the desktops are lost upon
reboot.
• Local VM – Windows XP, 7, and 8 desktops running locally within
a hypervisor. The virtual desktop image is completely delivered
to the hypervisor to allow for offline connectivity. Citrix XenClient
is used to provide the Local VM FlexCast model.
• On demand apps – The On-Demand Apps FlexCast model
does not provide users with a virtual desktop; instead Windows
applications are centralized in the datacenter, and instantly
delivered via a high-speed protocol (requires connection) or
streamed (offline support) via Microsoft App-V.

FlexCast Model Comparison

2014-10-03 15_04_07-Citrix Virtual Desktop Handbook (7x).pdf - Adobe Reader

FlexCast Model Capability Comparison

2014-10-03 15_03_14-Citrix Virtual Desktop Handbook (7x).pdf - Adobe Reader

VDI Articles

VDI Articles

 

 

>> goal is to explain the 3D Graphics for Virtual Desktop solutions, qualifying questions, remoting protocols, notes from the field, benchmark applications etc.

 

  • EMM Smackdown here

>> goal is to explain the Enterprise Mobility Management solutions

  • Application Virtualization Smackdown here

>> A ‘ smackdown’ around “Application Virtualization solutions” such as Microsoft App-V, VMware ThinApp, Spoon etc.

 

  • VDI Smackdown here

>> A ‘smackdown’ around “Desktop Virtualization solutions” such as Microsoft RDVH/VDI, Citrix XenDesktop, Quest/Dell vWorkspace and VMware View

 

  • User Environment Management Smackdown here

>> A ‘smackdown’ around “User Environment Management solutions”  such as Appsense, RES, Immidio, Microsoft;

 

  • Application and Desktop Delivery Solutions overview here

>> goal is to show and explain from a functional perspective the different concepts of Application and Desktop  Delivery solutions; ADD is all about Users, Applications, Access, Devices

 

  • Secure Access and Secure Networking Solutions overview here

>> goal is to show and explain from a functional perspective the different concepts of Secure Access and Secure Networkingsolutions; SASN is all about Security, Access, Networking, Connecting to DataCenter

 

  • Cloud Management Solutions overview here

>> goal is to show and explain from a functional perspective the different concepts of Cloud Management solutions

 

  • Data and Systems Availability Solutions overview here

>> goal is to show and explain from a functional perspective the different concepts of Data and System Availability solutions

  • Session recording ‘VDI Smackdown 2013 edition’ recorded at Microsoft TechEd USA here:

 

  • VDI and Storage is (Ultra) Deep Impact here

>> technical deep dive about VDI and Storage 1/2

 

  • Storage design and sizing guidelines for VDI here

>> technical deep dive about VDI and Storage 2/2

 

  • Caching, tiering and hybrids; where and how SSD can fit in your environment here

>> technical overview of different storage technologies and how SSD solutions can help in (VDI) workloads

 

  • Local storage for VDI done right here

>> What are guidelines for using local storage and VDI

 

  • Project Virtual Reality Check here

>> VRC: unbiased and independent research around bestpractices and performance impact of various solutions in Server Hosted Desktops.  Impact AntiVirus solutions in VDI, Impact Application Virtualization in VDI, Windows XP/Windows7/8, RDSH/RDVH, HyperV/XenServer/vSphere, Virtualization of RDSH roles. Total more than 2500 tests have been executed and results are written in multiple whitepapers.

>> The ProjectVRC survey ‘Direct from customers: “The VDI and SBC State of the Union’ can be found atwww.projectvrc.com