Automating App and OS Layers

Back in May I attended my local CUGC where Ron Oglesby presented a master class on Citrix App Layering (ELM) and after the presentation, it was asked if there was any sort an SDK. Ron explained that there is no public API or SDK (yet), but some of the newer ELM components were built with this in mind. This statement resonated with me and when I got home that afternoon, I fired up Fiddler to see how the API worked. After a rather lengthy process of reverse engineering the API with Fiddler, Postman and documenting the processes I was able to write my SDK. When I completed the SDK I wasn’t really sure how it could be utilized in an environment or if there would be a need. Figured it would be more useful around documenting an ELM environment vs actually automating the creation or updating layers. I was under the impression that if an organization could automate layer creation, chances are they could automate the entire image making ELM redundant. However, after thinking about it for some time I now see ELM in combination with automation potentially being the stopgap between manual installs\updates and a fully automated build. By automating certain aspects of ELM it could allow organizations to tiptoe into automation and create a comfort level and free up time otherwise spent on updating common layers. This allows administrators to continue manually installing the difficult applications or even controlled by other teams but allowing automation to keep the common apps (e.g. Firefox, Chrome, Notepad Plus Plus…) and OS layers fully updated on regular intervals.


The intent of this series of posts is how to approach automating some common apps and keeping the operating system layers fully updated.

  1. The first section will detail the steps needed for the script host and the base operating system layer allowing for automation.
  2. The second section will cover automatically building and updating app layers utilizing Choclatey packages.
  3. The third will cover continually keeping an operating system layer updated with Windows updates


Just some notes before getting started.

  • The SDK in these posts isn’t supported by Citrix so please TEST fully and make sure you understand what's taking place.
  • These guides are by no means the only way to approach automating ELM but a proof a concept to show it can be done and others can hopefully use as a base.
  • The process isn’t necessarily the most secure but again this is to show the possibilities so please run with care.
  • I really hope Citrix sees the value in having a supported SDK and the possibilities it can create to further the adoption of ELM.
Add a comment

Read more: Automating App and OS Layers

  • Category: Netscaler

Use Netscaler CPX for MAS Testing

After Synergy this year I watched a great presentation by Esther Barthel and Carsten Bruns (SYN220) where they covered MAS Stylebooks and Configuration Jobs.  After getting more and more comfortable with the playbooks they graciously provided, I wanted to create my own and needed a good test environment but didn't want to impact my VPX.  I could have deployed an additional VPX but figured CPX would be a good candidate since it can quickly be reset for testing.  While testing with Docker, I noticed each time my CPX container was shut down it was removed from MAS since it went unreachable.  I did some research and found that a CPX container could be registered with MAS saving a lot of time not having to re-register each time.  In this post, I'll cover how to use Docker with Docker-compose to deploy a CPX container and automatically register with MAS.



Add a comment

Read more: Use Netscaler CPX for MAS Testing

  • Category: Netscaler

Dynamically Load Balance Services with Netscaler CPX

This guide covers how a Netscaler CPX can be quickly deployed to automatically load balance web containers from a Docker-Compose file based on the number of web containers deployed.  The setup uses a PowerShell based script contained in a sidecar image that will add or remove servers from the Netscaler service group based upon the services registered in Consul. This guide is roughly based off of Chiradeep Vittal's demo found here.  For this guide I use Ubuntu 16.04 along with Docker 1.13 and Docker Compose 1.17.1.



Add a comment

Read more: Dynamically Load Balance Services with Netscaler...

  • Category: Netscaler

Running Pester Tests Against Citrix NetScaler

Pester is a testing framework that runs from Microsoft PowerShell allowing for quick test creation for a variety of usecases.  During a recent customer network upgrade I found Pester to be a great tool to validate Netscaler funtionality post-upgrade and thought I would create a simple healthcheck to share with the community.  In this post i'll cover getting started with a handful of simple Pester tests that you can use or modify for your environment.



Add a comment

Read more: Running Pester Tests Against Citrix NetScaler

  • Category: Citrix

Scripts Now Available on PSGallery

PowerShell Gallery

Github is an awesome resource to share and collaborate code but sometimes not the easiest if GIT isn't installed on a Windows Server.  Lately, I have been adding some of my more popular scripts to PSGALLERY which allows quick downloads and updates right from PowerShell.  In order to use PSgallery you will need to have PowerShell 5.0 installed or above and the first time you run the commands you will get prompted to install and configure the provider and modules.


To install the script simply run the install-script command and agree to the prompts.  For example to install the XDReplicate script run

install-script -name xdreplicate -Scope currentuser
NOTE: The currentuser scope installs under the current profile.  Otherwise the command will need to be run as administrator

To see what scripts are installed run



Now the cool thing is that you can simply update the script by running

update-script xdreplicate

To check what versions exist on the repository run

find-script xdreplicate

Or use tags

find-script -tag xendesktop

What scripts are available?

The following scripts have been added to PSGallery

 PSGallery Name Github Repo Description
 get-nslicexp  Grabs Netscaler license expiration information via REST.
 set-nsssl  A PowerShell script that enables TLS 1.2, disables SSLv2 and SSLv...
 PVSReplicate  Checks for vDisks and versioning and will export XML if required...
 XDReplicate  Exports XenDesktop site information such as administrators, deliv...
 get-ICAfile_v3  A Powershell v3 Script that utilizes invoke-webrequest to create,...
 get-ICAfile_v3_auth  A Powershell v3 Script that utilizes invoke-webrequest to create...


Add a comment
  • Category: Citrix

XenDesktop 7.x Site Replication Script

Sync You Very Much


If you have ever designed or implemented a mutli-site environment with Citrix XenDesktop 7.6 LTSR or greater chances are you deployed separate dedicated sites. Yes, there is the possibility of stretching the XenDesktop database across physical locations, utilizing connection leasing or even the newly introduced local host cache in 7.12. But, the problem with this architecture is it brings in strict latency and or environment size requirements that isn't always possible or cost effective.  Most of the time organizations end up with multiple XenDesktop sites and tasked with managing multiple sites totally independent from each other, which would include the separate management of user access, delivery groups, published applications and published desktops.  This can create major consistency issues from one site to the next and a huge headache with very dynamic environments for any Citrix admin.  To hopefully help with the problems encountered with this design I created a PowerShell script utilizing the Citrix XenDesktop PowerShell SDK that will export XenDesktop site data including published applications, desktops and a variety of other settings (see link below for full listing) from one site and import to another.  The script was designed so data will be exported from a main site and replicated to one or many secondary sites (think of robocopy for XD).  The script could easily be tied to a Windows Task Schedule or added to any workflow.


Please let me know of any comments or questions!

Add a comment
  • Category: Citrix

Reset XenMobile admin CLI password

This guide will go through the steps in resetting the local CLI admin account on a XenMobile 10.x virtual appliance.  Please be warned this is not approved by Citrix and i'm not responsible for any issues this causes!

What's needed

  • Linux bootable media (I used an Ubuntu desktop ISO)
  • Access to VM console of XenMobile appliance
  • You will need to reboot each node to complete
Add a comment

Read more: Reset XenMobile admin CLI password

  • Category: Octoblu

Send Citrix Director alerts to Slack via Octoblu

Getting Hooked

Citrix released XenDesktop 7.11 this week which brings a fantastic feature where alerts can be sent to webhooks.  Director now allows you to create alerts based on a variety of metrics and then send those alerts to a specific webhook when the threshold is met.  (Who needs email alerts??)  The main use documented by Citrix is for Octoblu, but I don't see why it wouldn't work for anything that has some REST capability like VMware Orchestrator, AWS Lambda, RES Automation...  This post will go over a simple alert based on CPU and then send that alert to a Slack channel with information on the alert.


What you'll need.

  • Octoblu account
  • Slack account and access to integrations
  • Access to Citrix director and DDC with XenDesktop 7.11 installed

  • Octoblu

  • Let's start with the basic configuration of the Octoblu workflow and grabbing the needed webhook URL used with director.  Lay out the workflow in a similar manner to the screenshot below.  I usually throw the debug switch on everything for troubleshooting.
  • title2
Add a comment

Read more: Send Citrix Director alerts to Slack via Octoblu

  • Category: Netscaler

Check Netscaler License Expiration Information Quickly via Powershell

All I did was reboot the thing!

If you have been dealing with Netscaler for awhile chances are you have rebooted an instance only to find no one can connect but everything is pingable.  After trying to refresh your browser multiple times, you frantically login to the Netscaler management IP and discover all your VIPs down, features disabled and SSL certificates no longer listed. WTF!

Add a comment

Read more: Check Netscaler License Expiration Information...

Create an ICA File from Storefront using PowerShell or JavaScript

Good ol' ICA File

Update 7-26-16: I created an additional PowerShell script that can utilize explict authentication vs anonymous only.  Available on Github.

Stand alone ICA files used to allow organizations a multitude of access options, such as single click web shortcuts, login scripts or simple desktop shortcuts for XenApp access as recent as 6.5. When XenApp moved to the FMA architecture the good ol' days of the stand alone ICA files were gone  Administrators can attempt to come close to the same behavior by utilizing Receiver SSO with shortcut publishing or web shortcuts created from Storefront.  While the ease of access is still "kind of" there, it's not nearly as easy and convenient as running a simple ICA file.  This situation adds complexity for both administrators and users by additional configuration challenges for administrators and additional steps for users to access the published resource.  To complicate things even further for administrators, add in some Windows XP clients with an older version of Internet Explorer 8(see notification below when launching Storefont web shortcut) or stand alone Citrix Receiver Web client without SSO or pnagent functionality and it's a difficult scenario to solve.  This post covers scripts I created for both JavaScript and PowerShell that can generate ICA files to be launched a variety of different ways.


TL;DR: Click here to go to GitHub to download.

Add a comment

Read more: Create an ICA File from Storefront using...

  • Category: Netscaler

Upgrade Netscaler via REST API Install Command

With the recent release of Netscaler firmware 11.1 from Citrix brings a new NITRO API command called "install" which allows firmware upgrades from the API.  I got pretty excited when I saw this and decided to take a look since I always felt this would be a great feature to have.  This post goes through how it functions and includes a powershell script that uses the new functionality for future firmware releases.


Add a comment

Read more: Upgrade Netscaler via REST API Install Command