Assign roles to users and groups

All XenServer users must have an RBAC role. When new users are added, they are automatically assigned the Pool Administrator role. In XenServer Enterprise and higher, when you add new users, XenServer does not assign newly added user accounts roles automatically. You must assign roles to new accounts separately. Before you can assign a role to a user or group, you must add the user or group’s Active Directory account to XenServer after joining the associated domain as described in Join a domain and add RBAC users.

Definitions of RBAC roles and permissions

Permissions available for each role The following table summarizes which permissions are available for each role. For details on the operations available for each permission, see the next section. Permissions Pool Admin Pool Operator VM Power Admin VM Admin VM Operator Read Only Assign/modify roles X Log in to (physical) server consoles (through SSH and XenCenter) X Server backup/restore X Import/export OVF/OVA packages; import disk images X Log out active user connections X X Create and dismiss alerts X X Cancel task of any user X X Pool management X X VM advanced operations X X X VM create/destroy operations X X X X VM change CD media X X X X X VM change power state X X X X X View VM consoles X X X X X XenCenter view mgmt ops X X X X X Cancel own tasks X X X X X X Read audit logs X X X X X X Configure, Initialize, Enable, Disable WLB X X Apply WLB Optimization Recommendations X X Modify WLB Report Subscriptions X X Accept WLB Placement Recommendations X X X Display WLB Configuration X X X X X X Generate WLB Reports X X X X X X Connect to pool and read all pool metadata X X X X X X Definitions of permissions This table provides additional details about permissions:

how does XenServer compute the roles

When I log in, how does XenServer compute the roles for the session? The Active Directory server authenticates the subject. During authentication, Active Directory also determines if the subject belongs to any other containing groups in Active Directory. XenServer then verifies which roles have been assigned to (a) the subject and (b) to any Active Directory groups to which it is a member. XenServer applies the highest level of permissions to the subject.

ISO repository with Local storage

Step 1 – Creating the ISO Library Folder Connect to the XenServer using SSH and then issue the following command: “mkdir -p /var/opt/xen/ISO_Store” Step 2 – Create a ISO Storage Repository Issue the following command within an SSH session: “xe sr-create name-label=LocalISO type=iso device-config:location=/var/opt/xen/ISO_Store device-config:legacy_mode=true content-type=iso“ XenCenter will then update and show the new SR: Now that we have an SR we just need to place the ISO files in the directory and installation can then begin, however trying to find direct links to media download is not always as straight forward as you may think.

Join a domain and add users

Before you can assign a user or group account an RBAC role, you must add the account to XenServer through RBAC. This requires two tasks: Join the pool or server to the domain. The domain can be either the domain in which the user or group belongs or a domain that is in the same Active Directory forest or that has a trust relationship with the user’s domain. Add the user’s Active Directory account or group to XenServer.

Managing Users

When you first install XenServer, a user account is added to XenServer automatically. This account is the local super user (LSU) , or root, which is authenticated locally by the XenServer computer. You can create additional users by adding Active Directory accounts from the Users tab in XenCenter. (Note that the term “user” here refers to anybody with a XenServer account, that is, anyone administering XenServers, regardless of level of their role.

RBAC Overview

XenServer’s Role Based Access Control (RBAC) lets you assign predefined roles, or sets of XenServer permissions, to Active Directory users and groups. These permissions control the level of access XenServer users (that is, people administering XenServer) have to servers and pools: RBAC is configured and deployed at the pool level. Because users acquire permissions through their assigned role, you simply need to assign a role to a user or their group.

XenApp 6 Installation Script

I have designed two powershell based scripts which would install xenapp 6 completely(ie., prerequisites and xenapp6 setup).Yes, prerequisites and xenapp6. Just point the script to your xenapp folder. It will take care of the rest. I have designed two scripts - one for prerequisites and the other for xenapp6 installation. After the first script is completed, create a dsn(file dsn) to connect to your database and change the username, password,dsn file location etc in the script and run it.

Desktop Virtualization

Desktop virtualization, often called client virtualization, is a virtualization technology used to separate a computer desktop environment from the physical computer. Desktop virtualization is considered a type of client-server computing model because the “virtualized” desktop is stored on a centralized, or remote, server and not the physical machine being virtualized. Desktop virtualization “virtualizes desktop computers” and these virtual desktop environments are “served” to users on the network. You interact with a virtual desktop in the same way you would use a physical desktop.

New Features and Changes in XenApp 5

XenApp 5 is designed to bring world-class application delivery to Windows Server 2003 and Windows Server 2008 and optimize and enhance the Microsoft platform. To learn more about XenApp 5 for Windows Server 2003, see CTX113699 and CTX116622. Below are the new features and benefits added in XenApp 5. Performance Improvements XenApp 5 includes these significant overall performance improvements: Farm scalability: Reductions in Independent Management Architecture (IMA) service start time, discovery time, application resolution and enumeration time, and server enumeration time.