When publishing an application across multiple servers in a XenApp farm one of the key elements to a trouble free environment is having consistency across the farm. RES Automation manager can help with getting this right.
So, you have your software package imported into Automation Manager and you deploy to each XenApp server in turn. Here I will go through a method of updating that software and running maintenance automatically with no outage and (most importantly) an easy life for everyone.
First we should set out exactly what we need to do. There are several stages to this process:
- Disable access to the XenApp server
- Ensure users are not logged on.
- Switching to install mode.
- Check version and run Installation.
- Switching to execute mode.
- Enable logon to the server.
These stages can easily be broken down into 3 Automation Manager Modules; let’s take a look at how to get them setup.
Disable logons, wait for the server to be free from users and switch to install mode.
We have three tasks to run here:
Task 1 – Disable logons
Click Add to create the first task of the module. Select Remote terminal server logins (Change) from the configuration folder and select :
Disable remote logins
Make sure you name the task appropriately and you’re done.
Task 2 – Wait for the server to be free from users
Best practice when installing software on a XenApp server suggests that you should not have any user sessions on that server. Therefore we need to wait for users to leave. Now I’m not all that interested in sitting in front of the Access Management Console hitting refresh every 5 minutes until everyone is off, so let’s get AM to do that for us!
We need to make use of the PowerShell capabilities for this, so click Add and select Windows PowerShell Script (Execute) from the advanced folder. One of the recent improvements to AM is the ability to input a script directly into the task, this helps keep the whole process in a single place. You can also easily save the script as a resource and point the task to it (good if you have a single script being reused in multiple tasks).
On the settings tab select “Use Windows PowerShell script from “Script” tab” to enable the Script tab, or point the task to the .ps1 file if you have already saved it as a resource.
By default, the PowerShell scripts that you run using this Task need to be digitally signed. Select Override execution policy for this Task to temporarily lower the PowerShell execution policy to “Unrestricted” and use an unsigned PowerShell script. After execution of the Task, the PowerShell security will be reverted to the previous security level.
Next you will need to set the timeout. Since you want the script to run until all users are logged off you need to set this to the maximum allowed, this being 300 minutes. It would be nice if there was the option to disable the timeout if required, but there isn’t at the moment so 5 hours will have to do for now.
Once you’re done here you’ll need to click the script tab and add the script.
The script checks the session count on the XenApp server every 5 minutes. If any user accounts are disconnected, it will log them off. The script will loop until there are zero sessions or the timeout is reached. This is key to allowing a RES AM job that waits for a condition to occur before moving on, since the AM native conditions will only be evaluated once at the start of the job.
Although you will not be able to view the output of the script while it is running, it is kept in the job history to help with diagnosis.
Script File (Zip)
Task 3 – Switch to install mode
The final Task in this Module will switch the XenApp server to install mode. Using the Command (Execute) task from the advanced folder we will use the following command:
Change user /install
Make sure you tick Use Windows command interpreter.
This command is not strictly required anymore, XenApp is intelligent enough to recognise an install process and switch to install mode automatically, but since AM uses the system account and since you won’t always want to just run an msi or an exe it’s better to set it and be sure.
At this point your XenApp server is ready to accept whatever installs and modifications you need to apply. You could use this set of tasks and finish with an email notification telling you the server is ready to manually have other modules run against it. However, we are looking for a fully automated process.
Check version and run Installation, configuration etc.
Module 2 is the set of tasks you want to run against the box. Here I am going to use an MSI that I built using a combination of VSS and WixBuild to demonstrate a fully automated software update process.
To start with, I save the MSI as a resource. The resource type should be “stored in datastore”, this way AM assigns a GUID to the resource, and I will explain why you need this GUID later.
Next I need to add a new Module and create the task, in my case this was a Windows Installer package task from the Provisioning folder. On the settings tab click the Browse button next to the Filename field and select the resource, configure any other settings (such as Properties or Transforms on the Parameters tab) and click OK.
Note: With MSI Installs I would always recommend using the Log tab to set the required level of logging and click “Remember as Default”. This way you will have the installer log files available in the job history should you ever need to diagnose an issue.
Once you have added all the required tasks (including any reboots needed) you are almost ready, just one final module to create.
Switch to execute mode and enable logon to the server
This is the final module. All you need now is for the XenApp server to be made available. For this you will need a module with 2 tasks (as in Module 1) with the following:
Task 1 – Command (Execute), but this time we will run “change user /execute”
Task 2 – Remote terminal server logins (Change). This time we are going to Enable remote logins.
Run Books are used to create a chain of jobs; each job can be run on a different agent in the same run book.
Add a Run Book, then on the Jobs tab add Module 1 (Disable logons, wait for the server to be free from users and switch to install mode), select the XenApp server as the agent and Click OK. Repeat this for Module 2 (Check version and run Installation) and 3 (Switch to execute mode and enable logon to the server).
Once these are added the jobs can be cloned and the Agent name changed so that you have Modules 1, 2 and 3 running on each XenApp server in turn or use Teams and split the job to schedule the upgrades/updates in batches.
Schedule and New versions
This Run book can then be scheduled to run at an appropriate time using Job scheduling.
Once the schedule is in place all you need to do to update the Citrix farm is open up the resource files that Module 2 points to and update them. Since AM has assigned a GUID to the resources the new files will automatically be associated with the task. Next time the Job runs each Citrix server will disable logins, wait for each user to log off (or log off disconnected sessions) run the new MSI to update the software and re-enable itself.
You meanwhile, can sit back and relax.
If you want to avoid running the Modules during every schedule (as there may not have been an update to the software) then you can use a combination of evaluators and conditions to ensure that the specified tasks/modules do or do not run as required. Make sure the first task is an Installed programs query (found in the System state folder), configure an evaluator that checks for the latest version number and sets a parameter to “True” or “False”. Once this is in you then set a condition on each individual task to run dependant on the evaluator. Using this method you can quickly build up a single Run book that runs all your regular Citrix maintenance.