Citrix User Profile Manager Versus Appsense User Personalisation Server
Author: Lee Wynne
1 INTRODUCTION
Windows profile management is gaining momentum due to a refresh in the Windows operating systems (Windows 7, Vista and Server 2008), the ‘Cloud’ computing model and the increase in VDI projects based on technology such as XenDesktop, VMware View, and Microsoft Med-V. This article will provide a high level analysis of the differences between these two products and how they may assist in the implementation of the above technologies. If there are any errors within this article then please feel free to comment and I will correct them.
2 USER PROFILE MANAGEMENT
2.1 A Quick Refresh on ‘Windows Profile Management’.
In any organisation, whichever Windows machine you log onto, you will have a windows profile whether it is your desktop / laptop or a server.
User profiles are used to store persistent information about how you like your Windows desktop and applications setup, if you change a default calendar view in Outlook the settings are stored in your profile, if you add a mailbox to Outlook that is also stored in your profile. Other examples are settings that you might set up in Microsoft Word such as the default view (print view, outline or normal) or where you want your toolboxes setup on the screen.
If you save documents in the ‘My Documents’ folder or an image in the ‘My Pictures’ folder, those files are stored in the your profile too.
A Windows profile is split up into two separate sections, the first is a folder which is usually named after your logon ID, this folder is stored on your local hard drive in a directory called ‘documents and settings’. The second is a ‘registry’ file that contains a lot of information about your personal environment and how it is setup, this file is called NTUSER.dat.
If you are using a desktop machine or a laptop all day long then you would never know that you have a ‘Windows Profile’ because you never really log on to anything else, but if you were to walk across the office and log onto someone else’s laptop that you have never used before then surely you wouldn’t expect to see all your personal items in the ‘My Documents’ folder and the applications wouldn’t be personalised in the way that you like them. This is simple because Windows has treated you as a new user and has created a brand new profile for you ready for you to setup all over again.
Taking the scenario into account above, the same situation would occur if you received your applications and desktop session from a Citrix XenApp server. You would initially log onto a server for the very first time (as a new employee maybe) and then you would go about personalising your applications the way that you like them however if you were to log off one day and then log onto completely different Citrix XenApp server the same scenario would occur, Windows will treat you as a new user and will create a new profile for you.
Normally in a large Citrix XenApp deployment there could be over 100 servers, if a user had to personalise their applications 100 times for all 100 servers it would be a totally nightmare and to add to this, the on-going personalisation of the applications would not be consistent or synchronised across all the Citrix XenApp servers in use.
This is why we used roaming profiles.
2.2 Why Use Windows Roaming Profiles?
In order to provide users with a more consistent user experience we use ‘Windows Roaming Profiles’. A Windows roaming profile is essentially the same as a normal Windows profile but rather than it being stored directly on a machine (in the ‘documents and settings’ directory as mentioned above) it is actually stored on a file server within a network share that multiple machines have access to.
This means that when you log onto a Citrix XenApp server or desktop machine for the very first time, a new profile is created for you and any user personalisation is stored within the profile as normal (within the directory and the registry file). However, when you log off the Citrix XenApp server or desktop machine the whole profile is copied across the network and placed on the centralised file share.
Now when you logon to any other Citrix XenApp or desktop machines your ‘roaming profile’ is copied back down the network into the ‘documents and settings’ folder and loaded ready for you to use, all application personalisation is already there and the experience is consistent from when you last logged off a different Citrix XenApp server or desktop.
So problem solved then? No, definitely not.
2.3 Windows Roaming Profile ‘Intelligence’.
Roaming profiles are not intelligent enough to know which roaming profile is the most ‘up-to date’. We call this the ‘last write wins’ issue.
Let's take another example, in most large scale Citrix XenApp or XenDesktop environments a user will be logged into more than one Citrix XenApp server or desktop at anyone time. This means that their roaming profile has been copied down from the central network share and placed in the ‘documents and settings’ directory on more than one Citrix XenApp server or desktop.
Now let's imagine that this user is using Outlook on XenApp server 1 and SAP on XenApp server 2 both at the same time (the user doesn’t know or care that they are logged on more that one server). So the user produces some reports on SAP and changes the default layout of the report viewer, personalises a few other things before closing SAP down for the day. At this point the users roaming profile is copied across the network and back to the centralised network share.
Now around 4 hours later after using Outlook on the other server, the user also closes Outlook down, again the roaming profile is copied across the network back to the centralised file share but unfortunately Windows is not intelligent enough to:
1. Figure out if there is a profile there already with changes that were made earlier (whilst using SAP)
2. Only copy over the changes and not the whole profile, overwriting everything that existed previously.
So two problems, one being that which ever Citrix XenApp server the user logs of last (even if they have been connected to it for 5 days) that profile will be treated as the most up-to date roaming profile and will overwrite anything else that already exists (really frustrating for the user when all of a sudden all their personalisation is reverted back to 5 days ago).
The second issue being that everything is copied over time after time which isn’t efficient for the network. When users decided to log off all their applications at the same time at 5.30 pm then all the roaming profiles are fighting to be written back to the central file share which is one of the main causes of profile corruption.
2.4 Platform Agnostic Issues
Another common issue with roaming profiles is crossing the boundaries of multiple operating systems. Profiles can become corrupt, unusable or incompatible when users are logging onto servers and desktops with are hosted on various different versions of Windows such as:
• Windows 2000, desktop and server
• Windows XP desktop
• Windows Vista
• Windows 7 (coming very soon)
• Windows 2003 server
• Windows 2008 server
As you can see from the list above, maintaining a single profile for access to a number of the above operating systems would be difficult, the most common solution is to use multiple profiles for each operating system that caused compatibility issues.
A user who had a roaming profile for their desktop or laptop might use one profile for Windows 7, then they might utilise a different profile when they log onto a Windows 2003 server (hosting XenApp) and again may use a different profile for a Windows 2008 server (hosting XenApp 5). Then end result is 3 roaming profiles which isn’t ideal.
2.5 Windows Profile ‘Swelling’.
Another major issue with managing Windows roaming profiles is that the size of a profile (in MB and sometimes in GB) can significantly increase the time it takes for a user to logon to a server and can put a huge overhead on system resources when trying to load the profile. On many occasions Point to Point consultants have visited client sites to resolve ‘slow’ logon problems only to find that some of the user profiles are over 200MB is size which is about a quarter of the size of a DVD movie.
This happens because users are allowed to save files within their profile area. A good example of this which everyone should be familiar with is the ‘My Documents’ folder. This folder is actually location within the following directory ‘c:\documents and settings\yourusername\my documents and is included within the windows roaming profile, so anything that is saved to this folder is copied up and down the network into the centralised network share. If a user saves their Outlook offline PST file in ‘My Documents’ and it is a large file then this is going to cause significant performance issues, especially of all the users are saving data in their own My Document folder.
Other folders included within a Windows profile are the desktop area, my pictures, my music, and application data. Data which is saved to all these locations can have a significant performance impact on logon times and system performance.
3 WHAT DOES CITRIX USER PROFILE MANAGER HAVE TO OFFER?
3.1 History
The scenario that I have described above has been plaguing Citrix administrators for years as they have been battling with user profile corruption, profile swelling and outdated profiles being written back to the users profile network share. I believe a company called ‘Login Consultants’ came up with the first alternative to windows roaming profiles, this was called the ‘Flex Profile Kit’ and at the time it was a free download.
Essentially the Flex Profile Kit allowed an administrator to actually redirect most of the user personalisation settings so that they were compressed and stored in the users home drive location, administrators were allowed to exclude the synchronisation of some of the user data if needed and to also ensure that the latest user profile was always available and not overwritten.
Subsequently a new product was launched by a company called ‘Sepago’ which was then named ‘sepagoPROFILE’. sepagoPROFILE introduced another alternative to normal windows profiles however this product was easy to install and administer.
In 2008 Citrix acquired the sepagoPROFILE product renamed it to Citrix Profile Manager and went to work on its integration into both XenApp and XenDesktop solutions.
3.2 Today
Citrix Profile Manager is now bundled in with the Enterprise version of XenApp as well as XenDesktop. It is an essential ‘default’ component to any Enterprise level Citrix XenApp or XenDesktop deployment and should be included as a base level in all deployments.
3.3 How easy is it to install and setup?
Citrix User Profile Manager has been designed to work ‘out of the box’. It is a simple installation and is geared towards simplicity in an already complicated environment, as such it can be seamlessly integrated into an existing environment.
Citrix Profile Manager is installed on every Citrix server within a farm and requires a reboot post installation (important note there..) Once installed it works in a ‘passive’ mode awaiting configuration of which profiles it should process and when. As far as I am aware there is no limitation on how many Citrix servers or profiles can be processed.
Citrix Profile Manager would also be installed on any Windows desktop that is part of a VDI group, again it would install and process user profiles in an identical manner to that of a server. There are no extra components required in order to setup Citrix User Profile Manager, no extra databases or servers needed. User profiles are copied to a central file server or to the users home-drive area (as with normal windows profiles).
3.4 How does it work?
During the installation Citrix Profile Manager creates a new windows service. This service is responsible for interrupting the standard windows logon process and taking over to provide a much more advanced process which ensures that the user receives a consistent experience and that all the most of the issues mentioned earlier in this document are resolved. In a nutshell, this is how it works:
1. A user opens a Citrix published application or logs onto a XenDesktop instance
2. The user is then directed to an available Citrix XenApp server or XenDesktop pooled VDI image
3. The standard windows logon process begins (the ‘default windows’ one)
4. The Citrix User Profile Manager service interrupts the windows logon process and takes over
5. The service then check to see if Citrix User Profile Manager is actually enabled by the administrator
6. The service checks to see of the incoming user is to be processed by Citrix User Profile Manager
7. A check is performed to see if the user already has a profile in the network share that Citrix Profile Manager uses
8. If there is a profile in the network share then it is loaded
9. If there is not a profile in the network share then one is created based on some administrative options and then loaded
10. When the user logs off, only the changes made to the profile are synchronised back to the network share
11. If the user logs off multiple Citrix XenApp servers then only the most up-to date changes are copied back to the network file share.
Essentially, Citrix Profile Manager can ensure that only what an administrator defines is actually synchronised back to the centralised network file share, this reduces the load on the network and increases logon times by keeping profiles neat and small (under 4MB if possible).
Citrix Profile Manager also ensures that only what the user changes during their Windows session is copied back to the central network file share, again ensuring that the logon and logoff process is streamlined as much as possible. These changes to the profile are time stamped, this ensures that the most up-to date changes are not overwritten on the network file share when users log off from their Windows session.
3.6 Limitations
3.6.1 Platform Agnostic
As discussed previously, profile corruption can occur when a user logs onto one or more different operating systems. For instance, Windows 7 profiles are not going to be compatible with Windows XP or Windows Server 2003 profiles. Citrix User Profile Manager can detect which operating system you are logging onto but then end result is a different profile for every operating system you log onto to avoid obvious corruption. If an environment is very complex with multiple different operating systems and desktops then Citrix themselves will advise you to move onto a more ‘Enterprise’ class solution for user profile management, a product which does allow for a single profile regardless of the operating system version, in this case Appsense.
4 WHAT DOES THE APPSENSE MANAGEMENT SUITE OFFER?
The equivalent to Citrix Profile Manager is included within Appsense Environment Manager, the technology is called ‘Appsense Personalisation Server’. ‘User profile virtualisation’ is the key message with this technology, it fits in with the same message that application, server and desktop virtualisation offers. With Appsense Personalisation Server it really does add value to the overall virtualisation strategy, especially when considering VDI hosted solutions from any of the major vendors.
4.1 History
Appsense User Personalisation was written in-house by Appsense and was launched to the enterprise Terminal Services, Citrix XenApp, Citrix XenDesktop, VMware View, Microsoft Med-V and traditional desktop market to essentially completely eliminate all the challenges of managing roaming profiles which include the following.
• Last write wins (most up-to date profile being overwritten by an old profile)
• Profile corruption due to multiple operating systems
• Profile swell
• Multiple Profiles required for different operating systems
• User profile virtualisation (detaching the profile from the operating system, making it independent of the underlying version).
4.2 How easy is it to set up?
Appsense Personalisation Server installation and setup would be completed by a consultant, it is not as easy as Citrix User Profile Manager to set-up.
There are a number of components required mainly in the form of a database which stores all the user profile data and standby servers that have replica copies of the database for redundancy purposes. Any design and implementation of Personalisation Server has to take this into consideration.
Design work would need to be completed prior to an implementation which would assess which scenarios Personalisation Server would be used (remember it works for all scenarios), the network topology of the client infrastructure and where the standby Personalisation Servers would be placed.
Once planning has taken place, installation would require a number of new servers (probably virtual) and a database. Installation of the Appsense clients would need to take place on all end points which Personalisation Server would manage when the user is logging on and off.
As with the Citrix product, once installed Personalisation Server allows you to activate and migrate existing user profiles.
4.3 How does it work?
When you are thinking about Personalisation Server you need to be thinking virtual, in the same way that a virtual application is sandboxed and isolated from the underlying operating system, personalisation server virtualises user profiles.
Think back to my previous explanation on standard windows profiles and Citrix User Profile Manager profiles, in both cases files are copied to and from a network file share and written to the user profile area on either a Citrix server or desktop machine.
4.3.1 Streaming
Once a user logs onto a server or desktop managed by Personalisation Server then the normal Windows profile service is intercepted and the Appsense agent kicks in and establishes a session with the Personalisation Server database. The database is the searched for the relevant user, when the user is located the profile is streamed down to a cached sandboxed area on the local device. here is what is different, first of all only the required portion of the profile is streamed down (like application streaming does) in order to get the user logged into the system, then when a user opens an application like Excel, only the portion of the user profile required for Excel is streamed down, the same then happens for any other application, so this works on an application by application basis which makes it very efficient.
4.3.2 Updates and Changes
Also, rather than updates and changes to the profile being copied back centrally when a user actually logs of a server or desktop (like Citrix Profile Manager) Appsense Personalisation server is intelligent enough to stream the changes back to the central database when a user actually closes an application rather than logging off the entire system, again this is a significant difference from Citrix profile manager which means that the user profile changes happen in real-time no matter where the user is logged in.
4.3.3 Operating System Independence
User profile virtualisation is incredibly important because it detaches the profile from the underlying operating system, it is this technology that allows Appsense personalisation server to build, maintain and stream down a user profile to any operating system which essentials allows for a ‘single’ profile for users no matter how complex the environment is.
4.3.4 Profile Roll Back
As with any virtualisation technology, snapshots are available within Appsense personalisation server this allows for administrators to take regular snapshots of profiles which can easily be rolled back when needed. Think snapshots with VMware and XenServer here, virtual machines can be put into snapshot mode and then any changes to that virtual machine are discarded when the snapshot deleted. Appsense provide the same technology with their profiles, if a user is having issues with their profile then it can be ‘rolled back’ to a known working snapshot rather than deleted the whole profile and starting again.
4.3.5 Reporting
Appsense personalisation server also provides some great reporting capabilities. Administrators can generate reports on and application by application basis or user by user basis. These reports provide user profile data activity mainly in the form of the amount of data being transferred on log on and log off as well as the size of the current profiles, this allows and administrator to remove certain files and folders from being streamed up and down the network.
5 WHAT ARE THE KEY DIFFERENCES BETWEEN THE CITRIX AND APPSENSE PRODUCTS?
On the face of it, at least from a potential clients point of view both these technologies seem to do the same thing however they are dramatically different in terms of the class of solution they offer.
5.1 Virtualisation
The key difference here is that familiar word ‘virtualisation’ again. Appsense User Personalisation offers complete virtualisation of the user profile which totally removes the boundaries of users crossing Windows operating system platforms. In essence Personalisation Server will ‘virtualise’ the users profile and ensure that it is never written to a file share or to the local file system of the server being utilised.
By doing this Personalisation Server provides a method to simplify user profiles in the most complex environments by detaching the profile from the underlying operating system that supports it. Once a profile is virtualised within the User Personalisation database it will work on any operating system. Users only need one profile.
5.2 Streaming
Another familiar technology, we know XenApp provides application streaming, Provisioning Server provides operating system streaming and now we have a technology in Appsense which provides user profile streaming. Only data required on an application by application basis is streamed down to the local profile cache, again this happens when the user launches an application and not when the user logs on making the whole process completely dynamic and fast.
5.3 Platform Agnostic
If you were looking to deploy both VDI, traditional desktops and hosted desktops plus applications via Citrix XenApp or just plain Terminal Service plus offline application streaming through a variety of different technologies then designing a scalable and compatible windows profile strategy would be damn near impossible to get right, at some point users would need more that one windows profile to access different operating systems.
If we deployed Citrix User Profile Manager in this scenario then yes it would eliminate some of the issues discuss at the beginning of this document but it would not solve the need for more than one profile for cross boundaries when logged into a Windows 7 desktop and then Windows 2003 and then Windows XP which in a complex environment is completely possible. At this stage in any deployment, it is reported that Citrix themselves might recommend a more enterprise product in the form of Appsense User Personalisation.
6. Summary
Try not to think of Appsense Personalisation Server as a Citrix ‘add-on’ it should be considered as a profile management product within its own right under the ‘user profile virtualisation’ message and given as much exposure as application virtualisation as it allows administrators to finally get a grip on managing a single user profile for multiple operating systems, vendor agnostic VDI and application delivery solutions, regardless of whether the client has Citrix or not. I hope that you find this article useful.
Best Regards Lee
