xentraveller

XenApp and other things Xen

Monthly Archives: December 2011

Citrix antivirus recommendations for XenApp

http://support.citrix.com/article/CTX127030  (it also contains links to provisioning services and edgesight)

Of note:

  • Scan on write events or only when files are modified. It should be noted that this configuration is typically regarded as a high security risk by most antivirus vendors. In high-security environments, organizations should consider scanning on both read and write events to protect against threats that target memory, such as Conficker variants.
  • Scan local drives or disable network scanning. This assumes all remote locations, which might include file servers that host user profiles and redirected folders, are being monitored by antivirus and data integrity solutions.
  • Exclude the pagefile(s) from being scanned.
  • Exclude the Print Spooler directory from being scanned.
  • Exclude specific files and folders within the \Program Files\Citrix directory that are accessed heavily or modified frequently. For example, the Local Host Cache (imalhc.mdb) and Application Streaming offline database (RadeOffline.mdb) files might need to be excluded from the \Independent Management Architecture sub-directory. The local Resource Manager Summary Database file (RMLocalDatabase.mdb) might also need to be excluded from the \Citrix Resource Manager\LocalDB sub-directory. If Application Streaming is used, the \RadeCache and \Deploy folders might need to be excluded as well. While entire directories can be excluded, it should be noted that this is not considered a best practice by most antivirus vendors. In high-security environments, organizations should consider excluding specific files using exact names, such as ‘imalhc.mdb’. If exact file names cannot be used, Citrix recommends using wildcard exclusions to limit the attack surface area.
  • Remove any unnecessary antivirus related entries from the Run key (HKLM\Software\Microsoft\Windows\Current Version\Run).
  • If pass-through authentication is being used, for example in a XenDesktop or Shared Hosted desktop scenario, exclude the XenApp Online Plug-in bitmap cache directory (typically %AppData%\ICAClient\Cache).

Citrix optimisations for Windows 2008 R2 server with XenApp 6/6.5

Citrix consulting have put together a large list of tweaks to help speed up and remove some hassles from Windows 2008 R2 with XenApp

http://blogs.citrix.com/2011/12/06/optimization-guide-for-windows-server-2008r2-with-xenapp-66-5-%E2%80%93-available-now/

Complete list of Microsoft hotfixes for Windows 2008 R2 Remote desktop

Located here:

http://support.microsoft.com/kb/2601888

Note they don’t recommend you proactively apply the patches, rather, apply on a case by case basis.