about this release - · pdf fileabout this release jun 05, ... and security group...

© 1999-2017 Citrix Systems, Inc. All rights reserved. p.1https://docs.citrix.com

About This Release

Jun 05, 2015

Updated: 2013-05-07The CloudPortal Services Manager is data-center installed software that enables you to host, sell, and resell hosted

applications and related infrastructure. Managed through a web browser, the control panel is a scalable environment for

service providers and resellers who provision and manage customer solutions.

Service providers can:Create their own Customers and Reseller Customers

Configure, provision, and assign Services to Customers and Resellers

Customers of Service Providers can assign provisioned Services to Users.

Reseller Customers can:Create Customers

Assign provisioned Services to Customers

Manage Users

View reports

Customers of Resellers can:Create and manage Users

Assign provisioned Services to Users

View reports

A Customer is a container that can consist of :

An Administrator who can manage Users, and provision and manage Services

Services that can be made available (that is, provisioned) to Users

Users who consume one or more Services assigned to them

Other Customers (known as Resellers or tenants) who can provision Services to Users

When you create a Customer, you specify the customer location (that is, customer domain) and any advanced properties.

Advanced properties can include password expiry rules, optional Active Directory organizational structure, and service

security roles. You can select one or more security roles to enable the customer to administer available services.

Understanding Services Manager Deployment

A CloudPortal Services Manager deployment includes the following core components (server roles) that you install andconfigure:

The Web Server hosts the control panel’s web interface and API services. The control panel is the primary user interface

for service providers, resellers and end-customer users. The customer administrator can manage the organization’s users

and associated services within the same system. Users can perform administrative and self-service tasks that have been

delegated to them. Provisioning requests are sent from the Web Server to the Provisioning Engine through a Microsoft

Message Queue.

The main system databases are the Microsoft SQL Server repositories for user, customer, and configuration information.

Several system databases are automatically created when you install and configure the server roles. The Services

Manager Reporting Service uses Microsoft SQL Server Reporting Services.


The Provisioning Engine performs all provisioning tasks. It expedites requests from the Web Server and automates

managed services and resources.

The Directory Web Service provides the Web Server with function calls related to Active Directory, such as user

authentication, user account status inquiries, user enabling and disabling, and security group management.

The Data Warehouse performs scheduled storage of historical data from the main system database, and manages the

creation and sending of usage and billing reports.

The Report Mailer gathers anonymous usage data and emails usage reports to the Citrix license monitor. Customer and

user information is not transferred, only the number of customers and users-per-service.

Deployment begins with preparing your environment. Next, install and configure the server roles. Then install, configure, and

provision the Services Manager web services, such as Exchange, SharePoint, Virtual Machine, BlackBerry, and IIS.


Known Issues Concerning CloudPortal ServicesManager 10.0

Jun 05, 2015

Updated: 2013-02-22To enable reseller and customer administrators to create brands:

1. Open Configuration > Security > Page Manager.

2. Change Page Type to Pages.

3. Select /CortexDotNet/Administration/Brands/EditBrand.aspx.

4. On the right pane scroll down to Security Roles.

5. Select Customer Administrator, Reseller Full Administrator, and Reseller Partial Administrator accounts so they have

permissions to create brands.

[#158610]

In an environment where the Exchange location is set to Exchange 2010 /Hosting, creating the first customer might be

unsuccessful if hosting plans have not yet been created. Before creating the first customer in this environment, ensure a

new service plan has been created. Also, ensure the hosting program, hosting offer, and hosting allocation have been

configured. [#259658]

When configuring Services Manager server roles, do not configure the databases and location together. Run the

Configuration Tool separately for the databases and the location. [#259761]

After importing a service package, to apply the changes, restart the Provisioning Engine. [#259782]

When you first configure a location using the graphical interface, you cannot specify a display name for the Customer

OU. Workaround: after the location is created, to specify the domain name, update from the control panel or install

using the command line interface. [#259793]

When you use the Configuration Tool to create the first administrator for a location, the username for that

administrator is cspadmin_TSP. [#260111]

For the Citrix Service, the Terminal services f ile server setting does not appear at the Active Directory level. Workaround:

Expand the setting at the top level and change the Hierarchy Permission from Hidden to Modify. [#260733]

When installing Services Manager, some functions for expiring demo customer accounts might not be installed

successfully. To ensure these functions are present in the Services Manager environment, schedule tasks on the

Provisioning server to run the following f iles:

DemoExpiredCustomersRequest.bat. This f ile deprovisions and deletes demo customer accounts.

DemoExpiryRequest.bat. This f ile sends a notif ication to the demo customer that the account will expire.

Schedule both tasks to run daily during off-peak hours using the Cortex_DirMon_Svc account. [#260825]

After installing the Windows Web Hosting service, you must manually create a user account in Active Directory in the

CortexSystem OU, and add the user to the CortexWSUsers security group. [#263209]

When using the Configuration Tool to enter service provider details for a location, specify only one UPN suffix. You can

configure additional UPN suffixes later from the control panel. [#263735]

After installing the SharePoint 2010 web service, you must manually change the IIS authentication settings for the site

and application levels, enabling both Windows and integrated authentication. [#264802]


Importing a large service package resets the connection to the Services Manager. This occurs with package files that

include DLL files which are copied to the Bin directory during the import process. To continue configuring the service, log

in to the Services Manager. [#267325]

For the Citrix web service to work correctly with supported XenApp versions earlier than XenApp 6, edit the

[INSTALLDIR]ServicesCitrixweb.config f ile and add:

<add key="CitrixInstall" value="MetaFrame"/>

[#270896]

After using the graphical interface to install server roles, the Deploy CloudPortal Services Manager page displays. Click

anywhere on that page to bring it into focus. [#272092]

On some SQL Server installations, the server role Configuration Tool graphical interface will not launch. Workaround:

launch CortexConfig.msi from [INSTALLDIR]Configuration. [#272653]


System Requirements

Jun 05, 2015

Deploying the CloudPortal Systems Manager includes installing the core components (server roles), and then installing the

web services.

For system requirements information, see:System Requirements for Server Roles

System Requirements for Web Services


System Requirements for Server Roles

Jun 05, 2015

Updated: 2012-11-12The sections in this topic describe supported platforms, required software, and other information that will be used when

you install and configure the core components (server roles) that comprise the Services Manager platform. The Services

Manager server role installer (Setup Tool) handles many of the prerequisites, such as installing .NET Framework 4.0, enabling

web server roles, and enabling MSMQ features. (The .NET software is also available in the Support folder of the Services

Manager installation media.) See Installing and Configuring Roles and Locations for additional preparation information.

Active Directory and Exchange

This release of Services Manager supports Active Directory Domain Services on the following platforms:Windows Server 2008 R2

Windows Server 2008

Windows Server 2003

At a minimum, the domain functional level must be Windows Server 2003.

Before the Services Manager platform can be deployed, the Active Directory schema must be extended to include thestandard Exchange attributes. To do this, use one of the following methods:

Use the Schema Prep tool from the Microsoft Exchange installation media. Use this method if you do not plan to deploy

Exchange and you do not intend to deploy the Exchange web service. In general, to deploy the Schema Prep tool, you

execute the following command on the directory where the Exchange installation media resides:

setup /p /on:OrganizationName

Deploy Exchange. Use this method if you plan on installing the Exchange web service in your Services Manager

deployment. Extending the Active Directory schema is part of the Exchange deployment process.

The domain user account used to extend the Active Directory schema or install the Services Manager platformcomponents must belong to the following groups:

Group Name Required for Services Manager platforminstallation

Required for extending Active Directoryschema

Domain Admins Yes Yes

EnterpriseSchema

No Yes

Schema Admins No Yes

If any server (including DNS) is not in the domain, the same user account should be set up as a local user on that server with

the same password, as a member of the local Administrators group.

DNS Server

Services Manager uses DNS aliases to locate and reference the component servers during the platform install andconfiguration process, and during provisioning operations. To ensure successful deployment and operation of Services


Manager, create the following CNAME records for each of these components. Point the CNAME records to each server'sfully qualif ied domain name.

Platform component Alias

Database server CORTEXSQL

Provisioning server CORTEXPROVISIONING

Web server CORTEXWEB

Reporting Services CORTEXREPORTS

Database Server

Hardwareconfiguration

Two or more server-class processors, 2.0 GHz or higher

Minimum 4 GB RAM recommended

Minimum 10 GB free disk space available for f ile growth

Operatingsystem

Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updatesinstalled.

User AccountControl (UAC)

Disabled.

Databaseserver

Microsoft SQL Server 2008 R2, with all recommended updates installed.

Authentication Mixed mode (SQL and Windows Authentication)

SQLconnectiontypes

Local and remote connections enabled.

Installationaccount

Configure the account to be used during installation with the SysAdmin role. If you cannot do this inSQL, you can use an account with SysAdmin rights. You can remove this account after the installationfinishes.

Firewall Allow inbound TCP connections through the database instance port. For a default SQL instance, thisis port 1433.

When you install SQL Server, make note of the instance name and port. You will need this information when you configure

the server for use with Services Manager.

During platform installation, the following databases are installed:OLM - core database for customer and user information


OLMReports - stores legacy reporting data and some system settings

OLMReporting - stores reporting data

ExchangeLogs - stores Exchange information

The following SQL accounts are created for accessing the databases:CortexProp

OLMUser

OLMReportsUser

OLMReportingUser

ExchangeLogsUser

Two SQL jobs are installed on the database server: Gather Daily Stats Data and Gather Monthly Stats Data.

SQL Reporting Services





Operatingsystem

Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updatesinstalled.


Disabled.

Databaseserver

Microsoft SQL Server 2008 R2, with all recommended updates installed.

Serviceaccount

Set the SQL Reporting Services service account to Network Service.

SQLconnectiontypes

Local and remote connections enabled.

Firewall Allow inbound TCP connections through the reporting port. The default port is 80.

Authentication Verify that the Report Server configuration f ile (C:Program FilesMicrosoft SQLServerMSRS10.MSSQLSERVERReporting ServicesReportServerrsreportserver.config) contains theentry "<AuthenticationTypes><RSWindowsNTLM /> <RSWindowsNegotiate /></AuthenticationTypes>".

Administratoraccount

In Reporting Services, create a dedicated user with the System Administrator role; domainadministrator rights are not required. You will need this user information when configuring Reportingin the Services Manager configuration tool.

Provisioning Server






Operatingsystem

Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommendedupdates installed.


Disabled.

.NET Version .NET Framework 4.0 (Full) installed.

Firewall Allow inbound TCP connections through port 8095.

Windows Serverfeatures(installed by theSetup Tool, ifnot enabled)

Enable the following features:Message Queuing > Message Queuing Services > Message Queuing Server

Message Queuing > Message Queuing Services > HTTP Support (only if the server is not in the

domain)

Telnet client

Windows PowerShell

SQL ServerManagementObjects(installed by theSetup Tool, ifnot present)

Install the 64-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This is available in the Support folder of the Services Manager installation media.

SMTP server Required for sending email notif ications through Services Manager. Depending on the notif ication,the Provisioning server also needs a temporary directory for assembling the email. As an SMTP serveris also required for the Report Mailer, the same SMTP server can be used for both the Provisioningserver and the Report Mailer. For both roles, you supply the SMTP server details when you configureeach server role.

Domainmembership andprivileges

Server must be a member of the domain

Service account must have full domain administrator privileges

If you are installing the Provisioning server on a domain controller, give the ProvisioningUsers security group logon locally

permission. However, for security reasons, Citrix recommends installing the Provisioning server on a server other than a

domain controller.

Web Server

The Services Manager uses the DNS alias CortexWeb to refer to the server hosting the Web Server.

Hardware configuration Two or more server-class processors, 2.0 GHz or higher




Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with allrecommended updates installed.

User Account Control (UAC) Disabled.

.NET version .NET Framework 4.0 (Full) installed.

Firewall Allow outbound connections to SQL Reporting Services on port 80.

Report Viewer version Microsoft Report Viewer 2008 SP1

Windows Server roles Enable the following roles:Web Server > Application Development > ASP.NET

Web Server > Security > Basic Authentication

Web Server > Security > Windows Authentication

Management Tools > IIS Management Console

Management Tools > IIS Management Scripts and Tools

SQL Server Management Objects(installed by the Setup Tool, if notpresent)

Install the 32-bit variant of the Microsoft SQL Server 2008 Shared ManagementObjects (SMO). This is available in the Support folder of the Services Managerinstallation media.

Domain membership and privileges Server must be a member of the domain

Service must have full domain administrator privileges

During platform configuration, you will need to know the host header required for the web site. This is the URL used to

access the control panel. The Configuration Tool refers to this as the external address.

When you install the Web Server role, the following items are installed:CortexMgmt Application Pool - used to run the Management Site.

Cortex Management Site - contains the following web applications:

CortexDotNet - main management portal

CortexAPI - XML-based web service used to automate management

The Web Server role supports:Internet Explorer 8 and 9

Firefox 3.x and 4.x

Chrome 12.x

Safari 5.x

The Web Server role supports client operating system access from:Windows XP SP3


Windows 7 SP1

Windows Server 2008

Mac OS X 10.x

The Autologin tool supports Windows XP SP3, Windows 7 SP1, and Windows Server 2008.

Directory Web Service

If you are installing the Directory Web Service on a domain controller, give the CortexWSUsers and the Proxy Users groups

logon locally permission. However, for security reasons, Citrix recommends installing this role on a server other than a domain

controller.

Enable the following roles and features:Web Server > Application Development > ASP.NET

Web Server > Security > Basic Authentication




PowerShell 2.0

Data Warehouse (Reporting)

Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with allrecommended updates installed.

User Account Control (UAC) Disabled.

.NET version .NET Framework 4.0 (Full) installed.

Firewall Allow outbound connections to the database server on port 1433.

Database server SQL Server 2008 R2

Database server authentication Mixed mode (SQL and Windows Authentication)

Reporting SQL Server Reporting Services 2008 R2

SQL Server ManagementObjects (installed by the SetupTool, if not present)

Services Manager installs this component automatically when the Data Warehouserole is deployed. This is available in the Support folder of the Services Managerinstallation media.

Installation account Ensure the account used for installing this role is a SysAdmin on the server.

RSReportServer modif ications In RsReportServer.config, under <RSWindowsNTLM/>, enable<RSWindowsNegotiate/>.


SMTP server Because the Provisioning server also requires a SMTP server, you can specify thesame SMTP server when you deploy each server role. The SMTP server must allowrelays from the Reporting server.

Additional requirements:If you will be using the OCS Monitoring service, install and enable the OCS Monitoring Service on the OCS 2007 server.

If you will be using the SharePoint 3 service, most headers for all sites must be resolvable on the SharePoint 3 server

where the SharePoint service is installed and used by the data collection.

Firewall Configuration

The following table lists the default connectivity configuration between the Services Manager roles. Configure thesebefore installing the roles.

Traff ic/Port From To Purpose

TCP 8095 Web Server Provisioning Engine Authenticate users and read-time ActiveDirectory lookups

MSMQ*, HTTP, orHTTPS

Web Server Provisioning Engine Provisioning request

TCP 1433** ProvisioningEngine

SQL Server Access to provisioning rules, write statistics

TCP 1433** Web Server SQL Server Access to customer and user information

TCP 80 Web Server SQL Reporting Servicesserver

Access to SQL Reporting Services

* MSMQ comprises several ports, as specified by Microsoft.

** The supported SQL versions use TCP 1433 only for the default instance; other named instances use a dynamically

assigned port. If your installation is not the default instance and a firewall separates the SQL server from the other

Services Manager roles, you must override the dynamic behavior by allocating a specific port.


System Requirements for Web Services

Jun 05, 2015

Updated: 2013-03-19This topic lists supported platforms and requirements for the Services Manager web services.

Group Policy requirements

If you are installing a web service on a domain controller, give the CortexWSUsers group logon locally permission.

Additionally, Proxy Users need logon locally permission if you install the Directory Web Service on the domain controller.

BlackBerry

The following table lists the supported BlackBerry and Microsoft Exchange versions. If your environment includes BlackBerry4, complete the following requirements before installing the Services Manager BlackBerry service. If your environmentcomprises only BlackBerry 5, you do not need to install a Services Manager BlackBerry service after completing thefollowing requirements.

Version Exchange 2003 Exchange 2007 Exchange 2010 Exchange 2010 Hosting

BlackBerry 4 X X X

BlackBerry 5 SP1 X X

BlackBerry 5 SP2 X X

Configure your environment according to the BlackBerry installation guidelines. The following requirements assume you

have installed the BlackBerry Enterprise Server software, the latest security updates, and the appropriate service pack for

your deployment.

Requirements for all BlackBerry deployments (all supported versions):The Services Manager requires the credentials that are used to run the BlackBerry service, in order to access the

BlackBerry Server MAPI profile. This account must be a member of the Exchange View Only Administrators group.

Additionally, the BlackBerry service account (or the Exchange View Only Administrators group) must have Open Address

List permission on the Default Global Address List.

Requirements for BlackBerry 4 (in addition to requirements for all deployments):Enable the following IIS 7+ roles:

Web Server > Application Development > ASP.NET



Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility

Install Microsoft .NET Framework 4.0

Install the BlackBerry Enterprise Server Resource Kit. When you install the Services Manager BlackBerry web service, you

will need the credentials created for the resource kit.

Citrix XenApp for Windows


Supported XenApp versions:Citrix Presentation Server 4.5 for Windows Server 2003

Citrix XenApp 5.0 for Windows Server 2008

Citrix XenApp 6.0 for Windows Server 2008 R2

Citrix XenApp 6.5 for Windows Server 2008 R2

Requirements:Operating system: supported platforms for the XenApp version. Install all recommended operating system patches.

Enable Remote Desktop Services.

Install .NET Framework 4.0.

Installation requires that the Cortex Domain Logon account and the DomainCortexWSUsers account have full

administration rights on the XenApp farm.

For Presentation Server 4.5 for Windows Server 2003:

Apply SP2 to the Windows Server 2003.

From Add or Remove Programs, select Add/Remove Windows Components. Then select Application Server and click

Details. Ensure that ASP.NET is enabled and that Internet Information Service (IIS) is enabled and default settings are

accepted.

For XenApp 5 for Windows Server 2008, XenApp 6, and XenApp 6.5:

Disable UAC.

Enable the following roles:





Management Tools > IIS 6 Management Capability > IIS 6 Metabase Compatibility

The Citrix web service uses port 8095 by default.

CRM 2011

Ensure that the CRM 2011 installation is configured with claims-based authentication and an Internet-facing deployment.

For help configuring an Internet Facing Domain (IFD) CRM 2011 environment, see http://www.youtube.com/watch?

v=T9jZIxDTsBw.

For authentication to succeed, give the ADFS service user account (which is usually the Network Service) read access to the

customer's OU.

Exchange

The following table lists the supported platforms and Microsoft Exchange versions.

Version Windows Server 2003R2

Windows Server2008

Windows Server 2008 R2SP1

Exchange 2003 X

Exchange 2007 SP2 X

Exchange 2010 SP1 -Enterprise

X


Exchange 2010 SP1 - /Hosting X

Exchange 2010 SP2 X

Version Windows Server 2003R2

Windows Server2008

Windows Server 2008 R2SP1

Note: Although Exchange 2010 SP1 is included as a supported version in this release of Services Manager, Citrix recommendsservice providers use Exchange 2010 SP2 instead for new Services Manager deployments. Exchange 2010 SP2 includesimprovements that enable service providers to offer a richer feature set to their customers. For more information andguidance about SP2, refer to the article, "Multi-Tenant Support" on the Microsoft TechNet Web site.For environments that already include Exchange 2010 SP1 in a hosting mode (i.e., using the /hosting switch), ensure it is

installed in a separate domain forest from any other Exchange implementation. Exchange 2010 SP1 installed in a hosting

mode sets different permissions on the organization's OUs.

Follow the guidance in the Microsoft documentation for preparing and installing Exchange. The information in this section

assumes you have installed the Exchange software.

Requirements:Install all recommended operating system patches.


Disable UAC.

Enable the following IIS 6 and 7+ roles:




Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility


If you are using Exchange 2010, install Microsoft Exchange 2010 SP1 Management Tools.

Services Manager service installation requires that the Cortex Domain Logon account have full administration rights to

Microsoft Exchange.

Exchange User Level Packages are used as templates for Exchange mailboxes. Packages define which protocols are

enabled, plus mailbox limits and data storage. The installation process creates one package, which is used to test the

installation. This package specif ies the mail databases to use (Server / Storage Group). One or more storage groups are

created when Exchange is installed; select one to use for the installation test.

By default, the Exchange web service uses port 8095 to communicate with the Provisioning and Web servers.

Configuring Permissions for Exchange 2007 and Exchange 2010

Use the following steps to configure permissions in an environment that includes only an Exchange 2007 SP2 or Exchange2010 SP1 deployment. These steps are not required for Exchange 2010 SP2 or mixed Exchange deployments.1. Launch ADSledit.msc on a server in the domain.

2. Right-click ADSI Edit, select Connect to, and then select the Configuration naming context.

3. Expand CN=Configuration,DC=CustomerDomainPrefix,DC=CustomerDomainSuffix.

4. Enable the List Object permission in the directory.

1. Expand CN=Services > CN=Windows NT.

2. Right-click CN=Directory Service and select Properties.

3. Set the dsHeuristics attribute to 001.

5. Disable the Default Email-Address policy. (By default, this policy applies to all users and gives all users the primary email

http://technet.microsoft.com/en-us/library/ff923272.aspx


address alias@exchangedomain.)

1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Recipient Policies.

2. From the middle pane, right-click CN=Default Policy and select Properties.

3. Edit the following properties:

msExchLastAppliedRecipientFilter: Alias -eq 'NoSuchEmail'

msExchPurportedSearchUI: Microsoft.PropertyWell_QueryString=(mailNickname=NoSuchEmail) (replace current

entry)

msExchQueryFilter: Alias -eq 'NoSuchEmail'

purportedSearch : (&(objectclass=PublicFolder)(!(extensionAttribute15=*)))

6. Lock down default global address lists.

1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container > CN=All

Global Address Lists.

2. Right-click CN=Default Global Address List and select Properties.

3. On the Security tab, click Advanced.

4. Clear the Include inheritable permissions from this object's parent check box, and then click Add.

5. Click Apply and then click Yes for each warning that appears.

6. Sort the permissions by name and remove the entries for Authenticated Users except the Deny entry that applies to

msExchAvailabilityAddressSpace objects. Click OK to close the dialog box.

7. On the Security tab, select the Everyone group and click Remove. Click OK to close the dialog box.

7. Lock down address lists.

1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container > All

Address Lists.

2. Right-click CN=All Users and select Properties.

3. On the Security tab, click Advanced. Clear the Include inheritable permissions from this object's parent check box and

then click Add.

4. Click OK and then click Yes for each warning that appears.

5. Remove the Everyone and Authenticated Users groups.

6. Add the Proxy USERS group and deny the Read permission. (If the Services Manager roles have not yet been installed,

or if this group does not exist, create a domain local group in Active Directory called Proxy USERS.)

7. Repeat Steps b-f for the All Contacts, All Groups, All Rooms, and Public Folders containers.

8. Lock down the All Address Lists container.

1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container.

2. Right-click CN=All Address Lists and select Properties.

3. On the Security tab, click Advanced and then add the Proxy USERS group with the following settings:

Apply to: This object only

List Contents: Deny

List Object: Allow

9. Delete the default off line address list.

1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container >

CN=Offline Address Lists.

2. In Offline Address Lists, delete CN=Default Offline Address List.

10. Set permissions at the Exchange organization level.

1. Expand CN=Services > CN=Microsoft Exchange.

2. Right-click CN=ExchangeOrganization and select Properties.

3. On the Security tab, add the group Proxy USERS and allow the Read permission.

4. Click Advanced and select the Proxy USERS group. Click Edit and configure the following settings:


Apply to: This object only

List contents: Allow

List object: Allow

Read all properties: Allow

Read permissions: Allow

Configuring Services Manager for a Mixed Exchange 2010 Environment

When using Exchange 2010 Enterprise with Exchange 2007 or 2003, to ensure correct operations, copy the

globalAddressList attribute into the globalAddressList2 attribute.

The globalAddressList2 attribute was introduced in Windows Server 2008 R2. In an environment that includes Exchange

2010, an address list must be populated into the attribute to ensure correct operation. Exchange 2010 manages the

globalAddressList2 attribute automatically, but Exchange 2007 and 2003 do not.

To populate globalAddressList2 with all entries from globalAddressList, run the following PowerShell script.

$configroot = ([adsi]"LDAP://rootdse").ConfigurationNamingContext$MSEXOU = [adsi]("LDAP://CN=Microsoft Exchange,CN=Services,$configroot")[array]$gal = $nullforeach ($dn in get-GlobalAddressList) { $gal += ($dn.distinguishedname)}$gal = '@("' + ([string]::join('","', $gal)) + '")'$MSEXOU.putEx(2, 'globalAddressList2', (invoke-expression "$gal"))$MSEXOU.setinfo()

After running this script, any systems that interact with globalAddressList must now use globalAddressList2; otherwise,

Exchange will not detect them.

Lync Enterprise and Lync 2010 for Hosting

The following assumes you have deployed the Lync Enterprise 2010 topology.

RequirementsInstall .NET Framework 4.0.

Install Lync Server Management Shell.

Add or enable the following roles and features:

IIS 6.0 (minimum)

Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools

PowerShell 2.0

MySQL

Requirements:Install MySQL version 5.0 or 5.1.

Run MySQL on the default port 3306.

On the MySQL server:

Allow local and remote connections

Open the f irewall to allow connections to the MySQL server on port 3306.

Open port 8095.

The Services Manager requires login access to administer databases and users. If you are using multiple SQL servers, use


the same account for all of them (suggested name: CortexMySQLHosting). This account must have DBA (grant all) global

privileges.

SharePoint

The following table lists the SharePoint and IIS version support.

Version IIS 6 IIS 7 IIS 7.5

SharePoint 3 X X

SharePoint Enterprise 2010 X X

SharePoint Foundation 2010 X X

Follow the guidance in the Microsoft documentation for hosting SharePoint. The following assumes you have installed the

SharePoint software.

Requirements for SharePoint 2010 Services deployments:Operating system: Windows Server 2008 (minimum), with all recommended operating system patches.

Enable Remote Desktop.

Disable UAC.

Add the service account used for the Services Manager SharePoint 2010 web service deployment and configurations to

the farm. Use cmdlet Get-SPShellAdmin to look up the account name.

Set the SharePoint 2010 web service to the same application pool identity as the SharePoint Central Administration site.

Identify the application (front-end) server in the farm where the SharePoint 2010 web service is to be deployed.

Install and configure Services Manager IIS Web Service (used for Windows Web Hosting Services) on the same

SharePoint 2010 server used for managing the site host headers.

Install the Services Manager DNS Service to use the full functionality of SharePoint 2010 site DNS management.

Open ports 8095-8098 and 5985 from the server hosting the SharePoint 2010 and IIS web services to the Services

Manager Web Server and provisioning server.






Make the SharePoint 2010 service account a member of the local administrators group on the server hosting the

SharePoint 2010 web service and the CortexAdmins group in Active Directory.

Configure the following local policies:

Enable the Allow CredSSP Authentication option under Computer ConfigurationAdministrative templateWindows

ComponentsWindows Remote Management (WinRM)WinRM Service.

Enable the Allow CredSSP Authentication option under Computer ConfigurationAdministrative templateWindows

ComponentsWindows Remote Management (WinRM)WinRM Client.

Enable the Allow Fresh Credentials with NTLM-only Server Authentication option under Computer

ConfigurationAdministrative TemplatesSystemCredentials Delegation. Verify that it is enabled and configured with an

SPN appropriate for the target computer (select Show next to Add servers to the list). For example, for a target

computer name "myserver.domain.com" the SPN can be one of the following: WSMAN/myserver.domain.com or


WSMAN/*.domain.com.

Enable the Allow Delegating Fresh Credentials option under Computer ConfigurationAdministrative

TemplatesSystemCredentials DelegationAllow Delegating Fresh Credentials. Verify that it is enabled and configured

with an SPN appropriate for the target computer (click Show next to Add servers to the list). For example, for a target

computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or

WSMAN/*.domain.com.

Disable loopback check:

1. From the Registry Editor, select the following registry key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

2. Right-click Lsa, point to New, and select DWORD Value.

3. Type DisableLoopbackCheck.

4. Right-click DisableLoppbackCheck, then select Modify.

5. In the Value f ield, type 1.

6. Restart the server.

Allow WinRM to listen for requests:

1. Run the following command at the command prompt on the SharePoint 2010 server: winrm e winrm/config/listener

2. If the command prompt does not show anything, running the following command: winrm quickconfig

3. At the prompt “Make these changes?”, type y.

For more information, refer to http://msdn.microsoft.com/en-us/library/aa384372%28VS.85%29.aspx.

Increase the memory allocated for PowerShell by running the command: Set-item

WSMan:localhostShellMaxMemoryPerShellMB 1000.

Requirements for SharePoint 3 Services deployments:Operating system: Windows Server 2003 Service Pack 2 (minimum)

Enable Remote Desktop.

Set the SharePoint 3 web service to the same application pool identity as the SharePoint Central Administration site.

This should be the service account used by Services Manager for SharePoint 3 web service provisioning.

Identify the application (front-end) server in the farm where the SharePoint 3 web service is to be deployed.

Make sure the SharePoint 3 web service farm is installed using Domain Account Mode instead of Active Directory

Account Creation Mode.

Install and configure Services Manager IIS Web Service (used for Windows Web Hosting Services) on the same

SharePoint 3 server used for managing the site host headers.

Open ports 8095-8098 from the server hosting the SharePoint 3 web service and IIS web services to the Services

Manager Web Server and provisioning server.

If the application server is on Windows 2008, enable the following roles:





Make the SharePoint 3 web service account a member of the local administrators group on the server hosting the

SharePoint 3 web service and the CortexAdmins group in Active Directory.

Virtual Machine

Supported:System Center Virtual Machine Manager 2008 R2 SP1

Hyper-V Server 2008 R2

http://msdn.microsoft.com/en-us/library/aa384372%28VS.85%29.aspx


Requirements:Enable the following roles:



Install Microsoft .NET 4.0.

System Center Virtual Machine Manager 2008 R2 Administrator Console

For each Hyper-V host, use SCVMM to set up network access:

Configure network adaptors.

Configure VLAN ranges for VLAN trunking.

Hyper-V hosts can be stand-alone or clustered. Services Manager supports Cluster Shared Volumes for provisioning

highly available VMs.

For each Hyper-V host Services Manager is to manage, refer to Steps Required to Add a New Hyper-V Host.

Open inbound TCP port 8095 in the Windows f irewall.

Open the following f irewall ports, by role:

Role Port Description

SCVMM servers 8100 VMM - Administrator Console to VMM server

As

installed

RDP - self-service portal website port

If using a remote VMM

database

1433 TDS - SQL Server

Virtual server 5900 VMRC - VMRC connection to virtual server host

Hyper-V hosts 80 WinRM - VMM server to VMM agent on Windows Server-based host

(control)

443 BITS - Library server > hosts

445 SMB - VMM server to VMM agent on Windows Server-based host

(data)

2179 RDP - VMConnect to Hyper-V hosts

5900 VMRC - connection to virtual server host

Virtual machines 3389 RDP - Remote desktop to VMs

An Active Directory security group is added to Hyper-V servers to enable remote connections. Your environment must

allow security groups to be added to the host from the domain containing the Services Manager components.

Remove the following folders or executables from real-time scanning by security software:

The default virtual machine configuration folder (for example, C:ProgramDataMicrosoftWindowsHyper-V) and any

http://support.citrix.com/article/CTX129850


custom virtual machine configuration folders

The default virtual machine hard disk drive folder (for example, C:UsersPublicDocumentsHyper-VVirtual Hard Disks) and

any custom virtual machine hard disk drive folders

Snapshot folders

VMMS.EXE - Virtual Machine Management Service

VMWP.EXE - Virtual Machine Worker Process

If you use Hyper-V Live Migration with Cluster Shared Volumes, remove the Cluster Storage folder (for example,

C:Clusterstorage) and all subfolders.

Windows Web Hosting

The following table lists the supported Internet Information Services (IIS) versions and platforms.

Version Windows Server2003 R2

Windows Server2008

Windows Server 2008R2 SP1

Windows Server 2008 R2 SP1Web Edition

IIS 6 X

IIS 7 X

IIS 7.5 X X

RequirementsHardware:

Processors: server class, one or more 2.0 GHz (minimum)

Memory: 2 GB (minimum) recommended

Disk space: 10 GB (minimum) free space

Install all recommended operating system patches.


File Service > File Server

IIS > Application Development > ASP.NET

IIS > Application Development > .NET Extensibility

IIS > Application Development > CGI (required only if PHP support is required)

IIS > Application Development > ISAPI Extensions

IIS > Application Development > ISAPI Filters

IIS > Security > Basic Authentication

IIS > Security > Windows Authentication

IIS > Management Tools > IIS Management Console

IIS > Management Tools > IIS Management Scripts and Tools

IIS > Management Tools > Management Service

Ensure that the IIS FTP Server Role is not enabled.

For IIS 7.0 and higher: Set up the web server with any server certif icates needed for secure site browsing and with a

network f ile share to store site f iles and documents (typically, C:WebHosting).


Configure the Web Management Service (WMSvc) to run automatically at startup. By default, it is set to Manual.



The Network Service account must be able to read the configuration f iles in the directory

C:WindowsSystem32inetsrvconfig.

When provisioning the customer site, the Services Manager sets permissions for the customer's Active Directory groups

on the site/folder. Additionally, the AppPool identity for the site is also a domain account under that customer's OU.

Therefore, the web hosting server must either be a member of the domain or have a trust relationship with that domain,

so that groups and accounts are accessible and have rights on the server.

Other Services

Service Requirement/Supported Version

Domain Name System (DNS) BIND version 9.x DNS Server

File Sharing Manager Supported on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2

Hosted Apps and Desktops Citrix App Studio 1.0

Office Communication Server Microsoft Office Communications Server 2007 R2

For information about the Directory Web Service, see System Requirements for Server Roles .


Install

Jun 05, 2015

Deploying the CloudPortal Services Manager comprises installing and configuring the core components (server roles) and

then installing the Web services.

For details, see:Installing and Configuring Roles and Locations

Installing Web Services


Install Roles and Locations

Jun 05, 2015

Updated: 2014-10-10Deploying the CloudPortal Services Manager (Services Manager) f irst comprises installing and configuring core components(server roles) and locations. The Setup Tool manages prerequisites and installs server roles. The Configuration Toolconfigures server roles and locations. Both tools offer a graphical wizard-driven interface and a command-line interface.

For the graphical interface, see Installing Server Roles from the Graphical Interface and Configuring Server Roles

and Locations from the Graphical Interface .

For the command-line interface, see To install server roles from the command line and Configure server roles and

locations from the command line .

After you install the server roles, and configure the roles and locations, you install and configure the web services. See

Installing Web Services for details.

Role installation and configuration summary

An initial server role deployment includes the following tasks:1. Perform environment readiness checks – You can verify the extended Active Directory schema and DNS aliases. This

procedure is available in the graphical interface; you can also perform the verif ications manually. You can run this task

from anywhere in the domain.

2. Create system databases - Microsoft SQL Server databases serve as repositories for user and service configurations in

a Services Manager deployment. All databases should be backed up and synchronized daily.

In the graphical interface, you specify database information before you install the server roles. In the command line

interface, you specify database information when you configure the server roles and location.

You run this task from the server where Microsoft SQL Server is installed.

3. Install server roles - Web Server, Provisioning Engine, Directory Web Service, Data Warehouse, and Report Mailer.

4. Conf igure server roles and locations – Specif ies configuration settings for the installed roles, and settings for primary

and remote locations.

An XML configuration file is used to maintain context across the Services Manager deployment. As you configure the

server roles, information is read and written to the configuration file. For example, the Provisioning Engine writes its own

configuration information and reads where to reach the database. When you configure the primary location, the

configuration file will already have information needed about the provisioning server.

A location is the main unit of isolation between tenants, and usually corresponds to an Active Directory domain or

forest. Customers are provisioned into a location. Configuring a server role makes that role operational, while configuring

the location ties the components together and makes the system operational.

There is one configuration file per location, although all locations can share a single database server. You configure the

primary location first, then optionally, remote locations. For example, a new customer with an existing infrastructure and

domain might be integrated as a remote location in the control panel. When you configure remote locations, you specify

connection details, which are used to generate a new configuration file. After that, configuring a remote location is

similar to configuring the primary location.

You configure locations from the server hosting the Provisioning Engine or the Web Server.

Preparing to install and configure server roles


See System Requirements for Server Roles for supported platforms, required software, and preparation tasks.

Plan where you will install the server roles.Typically, the Directory Web Service is installed on the same server as the Provisioning Engine.

Install Microsoft SQL Server (minimum SQL Server 2008 R2) and SQL Server Reporting Services on the server that you will

configure as the main system (OLM) database. Typically, this is a separate server from the server on which you install

other Services Manager roles. In larger deployments, you can install SQL Server Reporting Services on a separate server

from the SQL Server database.

You can use a separate SQL server to host the reporting database (OLMReporting) and billing, or you can use the main

system database for those functions. Using a separate reporting database avoids taxing the primary database, and is

recommended for larger deployments.

For best practice, install the Web role on a separate server. This server will likely have enhanced security.

Whether you use the graphical interface or the command line to configure installed roles, review the information in the

topic Configuring Server Roles and Locations from the Graphical Interface before you start the configuration. It

describes the information you will need to provide.

Note: During configuration, you must specify license reporting information by configuring the Report Mailer.General conventions:

You can specify server addresses as an IP address, in the form server.domain.local, by environment variables, or by DNS

alias. In the graphical interface, you can check the aliases by selecting the Perform Readiness Checks task. If you use the

command-line interface, verify the aliases before using them when installing Services Manager roles.

Role configuration includes specifying credentials for several Active Directory user accounts. In most cases, you can

either specify the user name and password, or select the option that instructs the Configuration Tool to generate the

credentials. This option is generally disabled by default. Some user account specif ications also provide an option that

instructs the Configuration Tool to create the user account if the account does not already exist. This option is

generally enabled by default.

In the command line interface, enclose option values that contain spaces in quotation marks (for example,

/LocationName:"Southeast Hub").


Installing Server Roles from the Graphical Interface

Jun 05, 2015

Installing Services Manager server roles using the graphical interface comprises three procedures:Perform readiness checks

Create system databases

Deploy (install) server roles

To perform readiness checks

Typically, environment readiness checks are done infrequently.1. From the Autorun folder on the installation media, double-click Autorun.exe.

2. On the Select Deployment Task page, select Perform Readiness Checks.

3. On the Prepare Environment page:

Select Extend Active Directory Schema. This verif ication queries Active Directory to determine if the schema has the

expected custom extension attributes. If you plan to install the Exchange Web Service later, you can perform this

verif ication at that time.

If the verification cannot be completed, a message is provided (such as, the computer is not in a domain, the current

user is not a domain user or does not have permission to query the schema).

Select Create DNS Aliases. The control panel uses DNS aliases to locate the servers where its components will be

deployed. This verif ication ensures the aliases have been configured.

CORTEXSQL - the database server hosting the system databases

CORTEXPROVISIONING - the computer where the Provisioning server role will be installed

CORTEXWEB - the computer where the Web server role will be installed

To create system databases

This procedure assumes you have already installed the Microsoft SQL Server database software (minimum SQL Server 2008R2) and SQL Server Reporting Services.1. Double-click Setup.exe.

2. On the Select Deployment Task page, select Deploy CloudPortal Services Manager.

3. On the Deploy CloudPortal Services Manager page, select Create System Databases.

4. On the Create Deployment Configuration File page, browse to the directory where you want to store the XML

deployment configuration f ile, then enter a f ile name.

5. On the Create Primary Databases page, configure the following information about the SQL Server that will store system

configuration information:

Specify the server address.

Specify the port number. Default = 1433

Select the authentication mode: Windows or SQL. Default = Windows

Specify login credentials. (Optional if using Windows authentication and integrated security)

Select the Auto-create SQL logins checkbox if you want the SQL Server user accounts on the next page to be

created.

You can test the connection to the database.

6. Enter passwords for the SQL Server logins required to ensure cross-domain access to the databases: OLM, OLMReports,

CortexProp, and ExchangeLogs. This is optional if you selected the Auto-create SQL logins checkbox on the previous

page.


7. Review the Summary page. If you want to change anything, return to the appropriate configuration page. When the

summary contains the settings you want, click Commit.

8. The Applying Configuration page displays progress. After the system databases are successfully configured, the Deploy

CloudPortal Services Manager page displays.

To deploy (install) server roles

On the server where you are installing a server role:1. Double-click Setup.exe.


3. On the Deploy CloudPortal Services Manager page, select Deploy Server Roles.

4. Accept the License Agreement.

5. On the Select Server Roles page, select one or more roles to install: Provisioning, Directory Web Service, Web, Reporting,

or Report Mailer.

Note: The Configuration Tool entry should always remain selected.

6. Review the prerequisites.

7. On the Ready to Install page, review the summary. After you click Install, the display indicates the progress of installing

prerequisites and the selected roles, and the result.

8. After the installation result displays and you click Finish, the Deploy CloudPortal Services Manager page displays.

After you complete the role installation, configure the roles and location.


To install server roles from the command line

Jun 05, 2015

Updated: 2014-09-02Perform this task on the server that will be hosting the server role you want to install. For example, install the Provisioning

server role on the server that you have designated as the Provisioning server.

From the CortexSetup directory on the installation media, type the following at a command prompt:

CortexSetupConsole.exe /install:items [/Help]

/install:items

Comma-delimited list of Services Manager roles to install. Valid values are:

ConfigTool

Note: The Configuration Tool is automatically installed when you specify any other server roles to install. You must

specify it if you are not installing any other server roles with this command, but plan to later use a script to configure the

system databases.

Provisioning

DirectoryWebService

Web

Reporting

eCommerce

ReportMailer

/Help

Displays command help.

After you install the server role, run the Configuration Tool to configure the server role. After the Provisioning, Directory

Web Service, and Web server roles are installed and configured, you can configure the primary location. After configuring the

primary location, you can install and configure the Reporting server role.

Example

The following command installs the Provisioning Engine and Directory Web Service.CortexSetupConsole.exe /install:Provisioning,DirectoryWebService


Configuring Server Roles and Locations from theGraphical Interface

Jun 05, 2015

The following procedures assume you have already installed the Services Manager roles.

To configure server roles

1. From the Autorun folder on the installation media, double-click Autorun.exe.


3. On the Deploy CloudPortal Services Manager page, select Configure Server Roles.

4. On the Load Deployment Configuration File page, browse to the XML f ile you previously created (see the— To create system databases

procedure in Installing Server Roles from the Graphical Interface ).

5. On the Select Configuration Task page, select one or more items to configure.

Reporting – creates the reporting database, configures data transfer services, and publishes billing and usage reports

Provisioning – configures the Provisioning Engine server role, including the Queue Monitor and Directory Monitoring

services.

Report Mailer – configures reporting for Citrix licensing and usage.

Web - specif ies an address or host name for accessing the Web Server.

Directory Web Service – configures the server role credentials and IIS settings.

6. The following table describes the pages that display for each of the roles you selected.

Role Page Description

Reporting Configure

Reporting

Database

Either configure a separate secondary database to handle system reporting and billing

or use the main database for those functions.

To configure the reporting database, specify the following:

Server address

Port number (default = 1433)

Authentication mode: Windows or SQL(default = Windows)

Connection username and password (optional for Windows authentication

mode)

You can test the connection to the database.

To use the main system database for system reporting and billing, select the Use

primary database settings checkbox.

Reporting

Database

Credentials

Displays only if you configured a separate secondary database on the Configure

Reporting Database page. A SQL Server login for the reporting database ensures

cross-domain accessibility.

Either specify the user name (default = OLMReportingUser) and password for the user

account or select the Auto-generate credentials checkbox.

Configure The Data Transfer Service is a scheduled task of the Data Warehouse feature that


Data

Transfer

Service

migrates and adapts data from the primary database to facilitate building reports

with Microsoft SQL Server Reporting Services. Either specify the user name (default =

cortex_dataw_svc) and password for the account this service will use, or select the

Auto-generate credentials checkbox. If you select the Create if doesn’t exist

checkbox (default = enabled), the domain account will be created.

Data

Transfer

Notifications

The Data Transfer task sends email notifications with the results of Data Warehouse

operations. This enables administrators to respond quickly to interruptions in reporting

functionality. Specify the source and destination email addresses for sending success

and failure notifications.

Specify

Reporting

Services

Details

Specify the URL of the reporting server instance as it appears in the Microsoft SQL

Server Reporting Services Configuration Manager. Enter the Reporting Services

administrator user name and password for a domain account with administrative

privileges. The password for this user account should never expire, in order to avoid

potential service interruption.

You can test the connection to the URL.

Select

Reports to

Deploy

Select one or more reports to deploy. To deploy all reports, enable the Select All

checkbox. You can skip this page and deploy reports later.

Provisioning Configure

Queue

Monitor

Service

The Queue Monitor service processes administrative requests from the Web Server

and automates other internal services. The user must have full domain administrator

permissions. Either specify the user name (default = cortex_qmon_svc) and password

for the domain user account this service will use, or select the Auto-generate

credentials checkbox. If you select the Create if doesn’t exist checkbox (default =

enabled), the domain account will be created.

Configure

Directory

Monitoring

Services

The Provisioning Engine hosts scheduled tasks that monitor Active Directory, keeping

user account information current, and sending email notifications for events such as

password expiry. Either specify the user name (default = cortex_dirmon_svc) and

password for the user account these tasks will use, or select the Auto-generate

credentials checkbox. If you select the Create if doesn’t exist checkbox (default =

enabled), the account will be created.

Configure

Mail Server

Specify the SMTP server address and port number the Provisioning Engine will use to

send email messages, such as system updates to administrators, account notifications

to end users, plus usage reporting to Citrix.

If you also selected Report Mailer on the Select Configuration Task page, you can

also specify the SMTP server address and port number for email sent by the Report

Mailer on this Configure Mail Server page. (To configure the Report Mailer to use the



same SMTP server as the Provisioning Engine, specify that on the Configure License

Reporting page.)

You can test the connection to the SMTP server.

Report

Mailer

Configure

License

Reporting

Configuring the Report Mailer is required. Licensing data is reported to Citrix through

emailed reports.

Specify your customer ID; a lookup link is provided.

You can share the SMTP mail server that the Provisioning Engine uses or designate

another mail service user account.

To share the SMTP mail server that the Provisioning Engine uses, select the Share

SMTP Mail server with Provisioning Server checkbox.

To designate another account, specify the user name and password, or select the

Auto-generate credentials checkbox. If you select the Create if doesn’t exist

checkbox, the account will be created.

Configure

Mail Server

Specify the address and port number of the SMTP server that the Report Mailer

server will use to send email messages to administrators, end users and Citrix.

If you also selected Provisioning on the Select Configuration Task page, the Configure

Mail Server page allows you to specify the SMTP server address and port number for

email sent by the Provisioning Engine and the Report Mailer.

Web Configure

Web Server

Specify an externally-resolvable host name or address by which the Web Server can be

reached (default = cortexweb). You can skip this step and configure it later.

Directory

Web

Service

Configure

Directory

Web Service

Either specify the user name (default = cortex_dirws_svc) and password for the user

account these tasks will use, or select the Auto-generate credentials checkbox. If you

select the Create if doesn’t exist checkbox (default = enabled), the user account will

be created.

Specify the service port (default = 8095).


7. Review the Summary page, which lists all the information you configured, or the defaults. If you want to change

anything, return to the appropriate configuration page. When the summary contains the settings you want, click

Commit.

To configure locations

The primary location initializes the control panel, specif ies service provider details, and provisions the f irst administrator.Configure the primary location once per deployment.Caution: Configuring the primary location with the Configuration Tool makes irreversible changes to the system database.If an error occurs during this step, it is not possible to retry configuration without f irst recreating the system databases,reconfiguring all server roles, and restarting the process. To minimize the risk of configuration errors, perform the followingactions:


Back up the system databases so that, in the event of configuration errors, you can recover easily and restart this

process.

Run all configuration steps as a domain administrator.

Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.

1. If the Setup and Configuration Tools are not already launched, double-click Autorun.exe from the Autorun folder on the

installation media.


3. On the Deploy CloudPortal Services Manager page, select Configure Location..



5. On the Specify Location Name and Description page, specify the location name (default = Top Location), container

organizational unit (default = CortexCSP), and description (default = Top-level Service Provider Location).

6. On the Enter Service Provider Details page, specify basic information about your company: display name (default = Top

Service Provider), short name, UPN suffixes (default = tsp.local), contact name, and contact email.

7. On the Create First Administrator page, specify the user name (default = cspadmin), full name (default = CSP Admin),

display name (default = CSP Admin), password, and password expiration (default = password never expires). This

information configures the top-level administrator account within the control panel, with the ability to add customers,

assign services, and manage delegated administration.

8. Review the Summary page, which lists the location settings and f irst administrator information you specif ied, or the

defaults. If you want to change anything, return to the appropriate page. When the summary contains the settings you

want, click Commit.

In addition to the primary location, you can configure a remote location. This procedure associates the new location withan existing Services Manager instance. To configure a remote location:1. If the Setup and Configuration Tools are not already launched, double-click Autorun.exe from the Autorun folder on the

installation media.

2. On the Select Deployment Task page, select Manage Existing Deployment.

3. On the Manage Existing Deployment page, select Add Remote Location..

4. On the Configure Remote Location page, select Configure Location.



6. On the Specify Location Name and Description page, specify the location name (default = Top Location), container

organizational unit (default = CortexCSP), and description (default = Top-level Service Provider Location).

7. Review the Summary page, which lists the location settings you specif ied, or the defaults. If you want to change

anything, return to the appropriate page. When the summary contains the settings you want, click Commit.


Configure server roles and locations from the command line

Jun 05, 2015

Updated: 2014-10-09This topic assumes that you have installed the Services Manager Configuration Tool on the platform servers you want to configure and on the server where you want to configure the primary

location or a remote location. When you install a platform server role, the Configuration Tool is installed automatically. To install the Configuration Tool only, see To install server roles from the

command line .

This topic includes the following sections:Command Conventions

Return Codes

Syntax

Databases options

Provisioning options

Directory Web Service options

Web options

Location options

Reporting options for deploying the Reporting service

Reporting options for deploying reports

Reporting (Data Warehouse) options

Report mailer options

Example: Configure the Provisioning and Directory Web Service server roles

Example: Configure the primary location

Example: Configure a remote location

Command Conventions

Several options use Boolean values (true or false).If you omit an option that requires a Boolean value, the default value is used. For example, if you do not include the /UseCortexSql:True | False option in the command, the default value (false) is

used; that is, the reporting database will not use the settings configured for the main system database.

If you specify an option that requires a Boolean value but you omit the value, the option value is true. For example, if you specify only /UseCortexSql (with no True or False value), the option is true;

that is, the reporting database will use the settings configured for the main system database.

You can use environment variables to represent one or more command-line options or option values (for example, /ReportingDBServer:%currentServer%, where currentServer is defined as an

environment variable).

Enclose option values that contain spaces in quotation marks (for example, /LocationName:"Southeast Hub").

Return Codes

The configuration command supports the following return codes:

Value Meaning

1 Another instance is already running.

0 Success.

-1, -2, -3 Command-line error.

-4 General failure during configuration. To debug further, review the log in %WINDIR%Temp.

Syntax

To configure the server roles and create the primary location from the command line, you execute the Services Manager Configuration Tool by typing the following at a command prompt:

CortexConfigConsole.exe /ConfigFile:config-file /Configure:tasks /task-options [/Help]

/Conf igFile:conf ig-f ile

Location of XML configuration f ile with read-write access for the current user. If this f ile already exists, its content will be overwritten during the configuration.

/Conf igure:tasks

Configures specif ied installed Services Manager roles and a location. Valid values are:

Databases – Creates the main Services Manager system databases.

Provisioning – Configures the Provisioning Engine.

DirectoryService - Configures the Directory Web Service.

Web – Configures the Web Server.

Location – Initializes the Services Manager instance. A location is the main unit of isolation between tenants, and usually corresponds to an Active Directory domain or forest.

Reporting – Creates the reporting database and configures the Data Warehouse feature.

ReportMailer – Configures the email environment for sending usage reports to the Citrix license monitor. Configuring the Report Mailer is required.

/Help

Displays command help.

Databases options

/CortexSql:name


Required. Name of the main system database (the previously-installed Microsoft SQL Server 2008 R2 instance).

/CortexSqlAuthMode:SQL|Windows

SQL Server authentication mode: SQL or Windows. Default = Windows

/CortexSqlUsername:username

Username for the main system database user. This is optional if you specify /CortexSqlAuthMode:Windows and are using integrated security.

/CortexSqlPassword:password

Password for the user name specif ied with the /CortexSqlUsername option. This is optional if you specify /CortexSqlAuthMode:Windows and you are using integrated security.

/CortexSqlPort:port

SQL Server port. Default = 1433 if this is the default SQL Server instance.

/GenerateCortexSqlCredentials:True | False

If true, passwords for the CortexProp, ExchangeLogs, OLMReports, and OLMUser system database users are automatically generated.

/CortexPropPassword:password

Password for the CortexProp database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/ExchangeLogsUserPassword:password

Password for the ExchangeLogs database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/OlmReportsUserPassword:password

Password for the OLMReporting database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/OlmUserPassword:password

Password for the main system database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/GenerateConf igFile:f ilename

Path and f ile name for XML configuration f ile.

Provisioning options

/SmtpServer:address

Required. Address of SMTP server from which email messages are sent, including system updates for administrators and account notif ications for end users.

/SmtpServerPort:port

Port on SMTP server to be used for sending email messages about system updates for administrators and account notif ications for end users. Default = 25

/SmtpOutFolder:folder

Folder that serves as an outbox for the control panel when sending emails. Default = %WINDIR%TempCortexEmail

/GenerateQueueMonitorCredentials (or GenQMonCreds):True | False

If true, user credentials are automatically generated for the Queue Monitor service, which processes administrative requests from the Web Server and automates other services. Default = False

/QueueMonitorUserName:username

User name for a domain account to be used by the Queue Monitor service (default = cortex_qmon_svc). The user must have full domain administrator permissions. This is optional if you specify

GenerateQueueMonitorCredentials:True.

/QueueMonitorPassword:password

Password for the user name specif ied with the /QueueMonitorUserName option. This is optional if you specify /GenerateQueueMonitorCredentials:True.

/AutoCreateQueueMonitorCredentials:True | False (or /AutoCreateQMon:True | False)

If true, the domain user account to be used by the Queue Monitor service is created if it does not already exist. Default = True

/GenerateDirectoryMonitoringCredentials:True | False (or GenDirMonCreds:True | False)

If true, user credentials for the Directory Monitoring service are generated automatically. This service monitors Active Directory, keeping account information current and sending email

notif ications for key events such as password expiry. Default = False

/DirectoryMonitoringUserName:username

User name for the account to be used by the Directory Monitoring service (default = cortex_dirmon_svc). This is optional if you specify /GenerateDirectoryMonitorCredentials:True.


/DirectoryMonitoringPassword:password

Password for the user name specif ied with the /DirectoryMonitoringUserName option. This is optional if you specify /GenerateDirectoryMonitorCredentials:True.

/AutoCreateDirectoryMonitoringCredentials:True | False (or /AutoCreateDirMon:True | False)

If True, the user account to be used by the Directory Monitor service is created if it does not already exist. Default = True

Directory Web Service options

/DirectoryServicePort:port

Port used by the Directory Web Service. Default = 8095

/GenerateDirectoryServiceUserCredentials:True | False (or GenDirWSCreds:True | False)

If true, user credentials for the Directory Web Service are generated automatically. Default = False

/DirectoryServiceUserName:username

User name for an account to be used by the Directory Web Service. This is optional if you specify /GenerateDirectoryServiceUserCredentials.

/DirectoryServicePassword:password

Password for the user name specif ied with the /DirectoryServiceUserName option. This is optional if you specify /GenerateDirectoryServiceCredentials.

/AutoCreateDirectoryServiceUser:True | False (or /AutoCreateDirWS:True | False)

If true, the user account to be used by the Directory Web Service is created if it does not already exist. Default = True

Web options

/ExternalAddress:address

Externally-resolvable address by which the Web Server can be reached. Default = cortexweb

/UseSsl:True | False

If true, an SSL binding is created for the management portal. Default = True (recommended)

/SslCertif icate:name

Friendly name of the SSL certif icate to use. This is required if you specify /UseSSsl:True.

/BindingIpip-address

IP address to use for the new site binding. Default = "*" (all unassigned)

Location options

When configuring locations, consider the following items:Run all configuration steps as a domain administrator.

Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.

Ensure the required f irewall ports are configured for each server in the deployment.

/PrimaryLocation:True | False

Required. If True, the /Locationx configuration option values are for the f irst Services Manager administrator. This is the top-level administrative account in the control panel; it can add customers,

assign services, and manage delegated administration.

/LocationName:name

Required. Name of the location. Default = Top Location

/LocationDescription:description

Description of the location. Default = Top-level Service Provider Location

/LocationOU:location

OU of the location.

/LocationOULabel:label

OU label of the location.

/CspAdminFirstName:f irst-name

First name of administrator (Default = CSP). This is optional if you are configuring a secondary location (/PrimaryLocation:False).


/CspAdminLastName:last-name

Last name of administrator (Default = Admin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspAdminUserName:username

User name for the administrator (Default = cspadmin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspAdminPassword:password

Password for the user name specif ied with the /CspAdminUserName option. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspContact:name

Contact name of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspContactEmail:address

Email address of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspName:name

Name of service provider that will appear in displays. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspUPN:suff ixes

UPN suffixes (Default = tsp.local). This is optional if you are configuring a secondary location (/PrimaryLocation:False).

Reporting options for deploying the Reporting service

/UseCortexSql:True | False

If true, the reporting database will use the settings configured for the main system database. Default = False

/ReportingDBCollation:True | False

Determines how string data is sorted when comparing, selecting, or manipulating values from the database.

/ReportingDBServer:address

Address of the reporting database server. This is optional if you specify /UseCortexSql:True.

/ReportingDBServerPort:port

Port to use on the database server (Default = 1433). This is optional if you specify /UserCortexSql:True.

/ReportingDBName:name

Name of reporting database. Default = OLMReporting

/ReportingDBServerAuthMode:SQL | Windows

Authentication mode of the reporting database. This is optional if you specify /UseCortexSql:True.

/ReportingDBGenerateCredentials:True | False

If true, reporting database administrator account credentials are generated automatically. Default = False

/ReportingDBServerUserName:username

User name for an administrator account to be used to create the reporting database, plus create and configure the service account specif ied with the /OlmReporting* options. This is optional if

you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.

/ReportingDBServerPassword:password

Password for the user name specif ied with the /ReportingDBServerUserName option. This is optional if you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.

/OlmReportingUserName:username

Name of service account used by the Data Warehouse process to update the reporting database. This is optional if /ReportingDBGenerateCredentials:True.

/OlmReportingPassword:password

Password for the user name specif ied with the /OlmReportingUserName option. This is optional if /ReportingDBGenerateCredentials:True.

/OlmReportingUserAuthMode:SQL| Windows

Authentication mode: SQL or Windows (Default = SQL). This is optional if /ReportingDBGenerateCredentials:True.

Reporting options for deploying reports

/ReportingServer:url


Required. URL of the report server.

/ReportsUserName:username

Required. User name of the Reporting Service administrator.

/ReportsPassword:password

Required. Password for the user name specif ied with the /ReportsUserName option.

/PublishReports:report[,report]…

Comma-separated list of reports to deploy. Valid values are: AD Sync, Billing, Citrix, Communicator, DNS, Exchange, File Sharing, FTP, Mail Archiving, Microsoft CRM, MySQL, SharePoint, SQL Server,

Windows Web Hosting.

To publish all reports, use the /PublishAllReports option.

/PublishAllReports:True | False

If true, all available reports are published (Default = False). To publish a subset of the available reports, set this option to False, and use the /PublishReports option to specify the reports.

Reporting (Data Warehouse) options

/SuccessEmailFrom:address

Required. Source email address for success notif ications.

/SuccessEmailTo:address

Required. Destination email address for success notif ications.

/FailureEmailFrom:address

Required. Source email address for failure notif ications.

/FailureEmailTo:address

Required. Destination email address for failure notif ications.

/GenerateDataTransferCredentials:True | False

If true, user credentials for the Data Transfer Service are generated automatically. Default = False

/DataTransferUserName:username

User name for the account to use for the Data Transfer Service. This is optional if you specify /GenerateDataTransferCredentials:True.

/DataTransferPassword:password

Password for the user name specif ied with the /DataTransferUserName option. This is optional if you specify /GenerateDataTransferCredentials.

/SmtpServer:address

Address of SMTP server to be used for sending email messages.

/SmtpServerPort:port

Port on the SMTP server to be used for sending email messages.

Report mailer options

/CustomerId

Required. Customer ID.

/ReportMailerEmailServer:name

Name of SMTP mail server.

/GenerateUserCredentials:True | False

If true, credentials for the SMTP mail server user account are generated automatically. Default = False

/ReportMailerTaskUserName:username

User name for the account the Report Mailer task will use. This is optional if you specify /GenerateUserCredentails:True.

/ReportMailerTaskUserPassword:password

Password for the user name specif ied with the /ReportMailerTaskUserName option. This is optional if you specify /GenerateUserCredentails:True.

/ReportMailerEmailServerPort:port


Port number on SMTP server. Default = 25

/ReportMailerEmailUserName:username

User name for the user account that accesses the SMTP email server.

/ReportMailerEmailPassword:password

Password for the user name specif ied with the /ReportMailerEmailUserName option.

Example: Configure the Provisioning and Directory Web Service server roles

The following command configures the Provisioning and Directory Web Service server roles and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-file.xml /Configure:Provisioning,DirectoryWebService /SmtpServer:mail.takahepubs.com /DirectoryServiceUsername:cortex_dirws_svc /DirectoryServicePassword:password

Example: Configure the primary location

The following command configures the primary location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-file.xml /Configure:Location /PrimaryLocation:True /LocationName:My First Location /LocationOU:Organization-Name /LocationOULabel:My Organization /CspAdminPassword:password /CspContact:CSP-Name /CspContactEmail:[email protected] /CspUPN:my-org.com

Example: Configure a remote location

The following command configures a remote location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-file.xml /Configure:Location /PrimaryLocation:False /LocationName:My Second Location /LocationOU:Organization-Name /LocationOULabel:My Organization


Install Web Services

Jun 05, 2015

The topics in this section describe how to install CloudPortal Services Manager Web Services. Before you install any services:Install and configure the server roles and the location; for details, see Installing and Configuring Roles and Locations .

Meet the requirements for the services you will install; see System Requirements for Web Services .

Install a service by running the appropriate MSI with properties.

All services are hosted on a web site called CortexServices.

The following table lists the installation media folders containing the services.

Service Folder

BlackBerry CortexBlackBerryWS

Citrix XenApp for Windows CortexCitrixWS

Exchange CortexExchangeWS

MySQL CortexMySQLWS

SharePoint 2010 CortexSharepoint2010WS

SharePoint 3.0 CortexSharepointWS

Virtual Machine CortexVirtualMachineWS

Windows Web Hosting CortexIISWS

Lync Services

After you install a web service, configure it. See Configuring and Managing Services .


Installing the BlackBerry 4.0 Web Service

Jun 05, 2015

To install the service

Run CortexBlackBerryWS.msi with the following properties.

INSTALLDIR=install-directory

Installation directory. Default = "C:Program Files (x86)CitrixCortex"

BESADMINCLIENT_PATH=path

Full path to the BESAdminClient executable.

BESADMINCLIENT_PASSWORD=password

Password for BESAdminClient.

CORTEXWS_USERNAME=username

Typically the BES enterprise admin account.

CORTEXWS_PASSWORD=password

Typically the BES enterprise admin account.

CORTEXWS_PORT=port

Inbound port to be used/added to the CortexServices web site. Default = 8097

Sample installation command string

msiexec /I CortexBlackBerryWS.msi BESADMINCLIENT_PATH="C:Program FilesCitrixCortexBESUserAdminClientBESUserAdminClient.exe" BESADMINCLIENT_PASSWORD="Password" CORTEXWS_USERNAME="BESENTADMIN" CORTEXWS_PASSWORD="Password"


Installing the Citrix Web Service

Jun 05, 2015


Run CortexCitrixWS.msi with the following properties.




Impersonation account for the Citrix service. Must be a Citrix administrator.


Password for CORTEXWS_USERNAME.

CORTEXWS_PORT=port



msiexec /I CortexCitrixWS.msi CORTEXWS_USERNAME="CITRIXADMIN" CORTEXWS_PASSWORD="Password"


Installing the Exchange 2010 Web Service

Jun 05, 2015


Run CortexExchangeWS.msi with the following properties.



HASLEGACYSERVERS=True | False

Whether or not the environment contains servers running multiple versions of Exchange. For example, servers running Exchange 2010 in the same environment as Exchange 2007 servers.

Alternatively, servers running Exchange 2010 or 2007 in the same environment as Exchange 2003 servers.

PREFERREDDC=dc

Optional. Preferred domain controller.

EXCHWS_USERNAME=username

Impersonation account for the Exchange service (will be created by the install).

EXCHWS_PASSWORD=password

App Pool password.

CORTEXWS_PORT=port

Inbound port to be used and added to the CortexServices web site. Default = 8095

EXCHANGEVERSION=2007 | 2010

Exchange version: 2007 or 2010.


msiexec /I CortexExchangeWS.msi HASLEGACYSERVERS="False" PREFERREDDC="" EXCHWS_USERNAME="CPSM01_EXWS" EXCHWS_PASSWORD="Password" EXCHANGEVERSION="2010"


Installing the Lync Enterprise and Lync 2010 for Hosting Web Services

Jun 05, 2015

Use this procedure to install the Lync Enterprise or the Lync 2010 for Hosting Web services on the Lync Front-End server.


Run LyncEnterpriseWS.msi or LyncHostedWS.msi with the following properties:


Installation directory. Default = "C:Program Files (86)CitrixCortex"

DNSSERVER_DOMAIN=domain

Domain name of DNS server.

LYNCWS_USERNAME=username

Lync service user name. Default = "cortex_LYNCWS_svc"

LYNCWS_PASSWORD=password

Password for LYNCWS_USERNAME. Default = "citrix"

CORTEXWS_PORT=port

Port to be used and added to the CortexServices web site. Default = 8095


msiexec /I LyncEnterpriseWS.msi DNSSERVER_DOMAIN="myDomain.local" LYNCWS_USERNAME="CORTEX_LYNCWS_SVC" LYNCWS_PASSWORD="Password"


Installing the MySQL Web Service

Jun 05, 2015


Run MySQL.msi with the following properties.



CORTEXWS_PORT=port



msiexec /I MySQL.msi

This service does not require additional properties to be passed for installation.


Installing the SharePoint 3 Web Service

Jun 05, 2015


Run CortexSharepointWS.msi with the following properties.




App Pool ID.


App Pool password.

CORTEXWS_PORT=port


PREREQUISITES_PASSED=1

Required to enable installation of the SharePoint 3 Web Service by ignoring pre-requisite checking. Allows service installation without the presence

of .NET 4 on the Windows 2008 server.


msiexec /I CortexSharepointWS.msi CORTEXWS_USERNAME="WSSAdmin" CORTEXWS_PASSWORD="Password" PREREQUISITES_PASSED="1"


Installing the SharePoint 2010 Web Service

Jun 05, 2015


Run CortexSharePoint2010WS.msi with the following properties.



PSREMOTING_USERNAME=username

PowerShell Remoting user name.

PSREMOTING_PASSWORD=password

PowerShell Remoting password.

PSREMOTING_URL=url

PowerShell Remoting URL. Usually, this is http://{0}:5985/.


App Pool ID. Usually, this is SharePoint Admin User.


App Pool password.

CORTEXWS_PORT=port



msiexec /I CortexSharepoint2010WS.msi PSREMOTING_USERNAME="SPFarmAdmin" PSREMOTING_PASSWORD="Password" PSREMOTING_URL="http://{0}:5985/" CORTEXWS_USERNAME="SPFarmAdmin" CORTEXWS_PASSWORD="Password"


Installing the Virtual Machine Web Service

Jun 05, 2015


Run VM.msi with the following properties.



WMIDOMAIN=domain

Domain of the WMIUSER that is used to connect ISOs to virtual machines.

WMUSERID=username

User name of the WMIUSER.

WMIPW=password

Password of the WMIUSER.

SCOMSERVER=server

SCOM server, if advanced virtual machine reporting is required.

APPPOOLUSERID=id

App Pool ID (DOMAINCortexWSUser) of the user to run the application pool for the Web service.

APPPOOLPW=password

App Pool password.

CORTEXWS_PORT=port



msiexec /I VM.msi WMIDOMAIN="myDomain.local" WMUSERID="CORTEXWSUSER" WMPW="Password" SCOMSERVER="SCOM01.mydomain.local" APPPOOLUSERID="myDomain.localCORTEXWSUSER" APPPOOLPW="Password"


Installing the Windows Web Hosting Service

Jun 05, 2015


Run CortexIISWS.msi with the following properties.




Typically, this property and CORTEXWS_PASSWORD use the CortexWSUser credentials. This is the user to run the

application pool for the Web service.


Typically, this property and CORTEXWS_USERNAME use the CortexWSUser credentials.

CORTEXWS_PORT=port



msiexec /I CortexIISWS.msi CORTEXWS_USERNAME="CORTEXWSUSER" CORTEXWS_PASSWORD="Password"


Provision

Jun 05, 2015

The CloudPortal Services Manager provisioning engine is a Microsoft .NET service and is a key part of the Services Manager

system. Each provisioning request is processed by a set of provisioning rules that determine the actions required to fulfill the

request.

The provisioning engine receives requests from the Services Manager web application through Microsoft Message Queue.

This allows lengthy provisioning tasks to be executed out-of-process improving the end-user experience.

As the provisioning engine performs many administrative tasks it runs in the context of the user ServerName_qmon, where

ServerName is the name of the computer running the provisioning engine. This user must have full domain administrator

permissions.

Citrix CloudPortal Services Manager supports a variety of services that service providers can provision to resellers andcustomers. When provisioned, the following services provide administrative interfaces that allow resellers and customers toperform tasks such as managing users and service resources:

Service Tasks

Citrix Manage application groups

Manage network and application resources

Manage hosted applications

DNS Manage DNS zones

Exchange Create, modify, delete public folders

Manage contacts

Manage distribution groups

Create resource mailboxes

Import and export mailboxes

File Sharing Create f ile shares

Manage security groups

MySQL Once provisioned, customers can manage MySQL databases through a separate Web-basedadministration console.

Virtual Machines Add virtual servers

Create server restore checkpoints

Restore servers with checkpoints

Windows WebHosting

Create security groups

Manage Web sites

Install Web applications


Manage subdomainsService Tasks


Citrix Services

Jun 05, 2015

The Citrix service allows service providers to delegate end-user administration of Citrix applications to customers.

Notable features of the Citrix service include:Managing multiple Citrix XenApp farms in a single Active Directory console.

Delivering published applications through application groups to which users are assigned.

Ability to choose pre-defined security account groups or create new security groups for application publishing.

Support for public and private applications, application groups, and resources.

Setting default applications, groups, and resources when provisioning Citrix services to customers and users.

When you provision customers with Citrix services, the following items can be managed:Application groups

Resources, such as printers and f ile shares

Resources that are packaged as applications such as desktops

Hosted applications

Application Groups

Application groups consist of application or resource collections. Service providers can use application groups to provision

several resources or applications to users more efficiently.

Resources

Resources consist of network resources, such as printers or file shares, that others in the organization access.

Applications

Applications consist of network resources that are deployed as applications, such as desktops.

Hosted applications

Hosted applications consist of applications that reside on XenApp servers.


Creating and Removing Application Resources

Jun 05, 2015

To create an application

Before you create applications, ensure there is a server collection configured that hosts the resource.

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.

2. Under Management, click New Application.

3. Type the name and description for the application.

4. In Allocation, select the Default Application check box to include the application in the Citrix services package that is

provisioned to customers.

5. In Access, configure the application's availability by performing one of the following actions:

To make the application available to all customers, select the Public Group check box.

To make the application available to one specif ic customer, clear the Public Group check box and enter the name of

the customer you want to assign.

6. In Directory Resource, choose one of the following options:

Generate creates and names a security group automatically (e.g., CitrixRes 3).

Search enables you to f ind and select an existing security group within the domain.

Custom enables you to create a new security group with a unique name you specify.

7. In Publish, select Enabled to make the application visible to customers.

8. Click Save to create the application.

To delete an application

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.

2. Select the application you want to remove.

3. In Manage Applications, click Delete and then click OK to confirm. The option to delete the corresponding Active

Directory object appears.

4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory

check box selected. To keep the Active Directory object, clear this check box.

5. Click Delete to remove the application. The application entry and Active Directory object, if selected, are removed.


To configure hosted application settings

Jun 05, 2015

To enable Services Manager to discover the hosted applications in your environment, you configure a server collection thatincludes the XenApp servers where the applications reside. After the server collection is created, you can use the CitrixApplications page to configure the global settings for each application.1. From the Services Manager menu bar, click Services > Citrix > Configuration > Citrix Applications.

2. Under Citrix Server Filter, select the location and server collection you want to use. All hosted applications configured for

the server collection appear.

Note: Click Refresh to ensure you are viewing all available hosted applications.

3. Under Configured Applications, select the hosted application whose settings you want to configure.

4. Under Manage Application Settings, select one of the following options to create an Active Directory group:

Generate creates and names a security group automatically (e.g., CitrixApp 3).


5. In Allocation, select the Default Application check box to include the hosted application in the Citrix services package

that is provisioned to customers.

6. In Access, configure the hosted application's availability by performing one of the following actions:

To make the hosted application available to all customers, select the Public Application check box.

To make the resource available to one specif ic customer, clear the Public Application check box and enter the name

of the customer you want to assign.

Note: If you make the hosted application available to one specif ic customer, the application can be added only to

application groups that belong to the same customer.

7. In Publish, select Enabled to make the hosted application visible to customers.

8. Click Save to create the Active Directory group and save your selections.


To provision Citrix services to customers

Jun 05, 2015

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.

2. Select Services. The Customer Services page appears.

3. Click the Citrix service name. The Grant access to Citrix applications page appears.

4. Select the server collection that the customer can use to access resources.

Note: If only one server collection is available, only the collection's resources appear. If multiple server collections are

available, you can configure only one collection for the customer.

5. Select the application groups, applications, and resources that the customer can access.

6. Click Provision to enable the customer to provision Citrix services to users.


To provision applications to multiple users

Jun 05, 2015

With Citrix application access, you can provision an application, resource, or application group to multiple users with a singleprovisioning request.To use application access, the Citrix service must be provisioned to the customer to whom the users belong. Additionally,

resellers who want to provision multiple users of sub-customers must have the Citrix service provisioned.

1. From the Services Manager menu bar, click Customers and select a customer for whom you want to provision

applications.

2. In Customer Functions, click Services. This ensures the customer is selected.

3. From the Services Manager menu bar, click Services > Citrix > Application Access.

4. In Type, select the type of application or resource you want to provision.

5. Select the application or resource you want to provision.

6. Under Citrix Application Management, select the users you want to provision.

7. Click Provision to send provisioning requests for all users selected. The selected users are added to the Active Directory

group for the application or resource.


Provisioning Citrix Services to Resellers

Jun 05, 2015

To provision the Citrix service to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.


3. From the services list, select Reseller.

4. Select the Citrix service check box and then click the Citrix service name. The Reseller Service Setup page appears.

5. Select the server collection that the reseller can use to offer resources to customers.

6. Enable or disable the application groups, applications, and resources the reseller can offer to customers.

Note: If more than one server collection is available, you can select resources from these collections for the reseller.

After you make selections from one collection, select another collection and make additional resource selections.

7. Under User Plan, ensure Full is selected.

8. Click Apply Changes to save your selections.

9. Click Provision to enable the reseller to offer Citrix services to customers.

To enable resellers to offer resources from specified collections

By default, a reseller provisioned with the Citrix service can offer to a customer resources available on all configured Citrix

server collections. However, service providers can limit these offerings by specifying the collections available to resellers

when provisioning the Citrix service.

1. From the Services Manager menu bar, click Customers and select the reseller or customer for whom you want to

provision services.



4. Click the Citrix service name. The Reseller Service Setup page appears.

5. Click Service Settings. The Configure Service Settings page appears.

6. Select the Server Collections check box to enable setting changes.

7. Clear the Use all server collections check box and then select the server collections to make available to the reseller.


9. Click Apply Changes to save your changes to the Citrix service offering.

Note: To verify your changes, click Citrix to view the Reseller Service Setup page. If you specif ied only one server

collection for the reseller, only the collection's resources appear. If you specif ied more than one server collection, only

those you specif ied appear in the Server Collections box.

10. Click Provision to update the Reseller service with your changes.


Creating and Removing Resources

Jun 05, 2015

To create a resource

When creating a resource, you have the option to make the resource available to all customers (public resource) or make

the resource available to a specific customer (private resource). If you choose to make the resource private, the resource is

assigned only to the customer you specify and can be included in application groups only for the same customer. To modify

this assignment, you first deprovision the Citrix service for the customer through the Customer Services page. Then, you can

modify the resource to assign it to a different customer or make the resource public. After you modify the resource, you

can reprovision the Citrix service for the customer.

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.

2. Under Citrix Server Filter, select the location and server collection you want to use for the resource. Any existing

resources configured for the server collection appear.

3. Under Management, click New Resource.

4. Type the name and description of the new resource

5. In Allocation, select the Default Resource check box to include the resource in the Citrix services package that is


6. In Access, configure the resource's availability by performing one of the following actions:

To make the resource available to all customers, select the Public Group check box.

To make the resource available to one specif ic customer, clear the Public Group check box and enter the name of the

customer you want to assign.


Generate creates and names a security group automatically (e.g., CitrixGrp 3).



8. In Publish, select Enabled to make the application group visible to customers.

9. Click Save to create the application group.

To delete a resource

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.

2. Select the resource you want to remove.

3. Under Manage Resources, click Delete and then click OK to confirm. The option to delete the corresponding Active

Directory object appears.

4. To remove the corresponding Active Directory object, leave the Delete the resource group from Active Directory check

box selected. To keep the Active Directory object, clear this check box.

5. Click Delete to remove the resource. The resource entry and Active Directory object, if selected, are removed.


Creating and Removing Application Groups

Jun 05, 2015

An application group is a collection of hosted applications, other application groups, and resources. With application groups,you can provision multiple applications and resources to customers quickly and eff iciently.You can also enable customers to create their own application groups that include the applications and resources that are

available to them. To use this feature, the customer must have a user with Citrix Service Administrator permissions, at a

minimum.

To create an application group

Before you create application groups, ensure there is a server collection configured that hosts the applications and

resources you want to include in the group.

When creating an application group, you have the option to make the group available to all customers (public group) or

make the group available to a specific customer (private group). If you choose to make the group private, be sure to click

Save & Reload. When you click Save & Reload, the group is assigned to the customer and all of the customer's private

applications and resources are available for inclusion. To modify this assignment, you first deprovision the Citrix service for

the customer through the Customer Services page. Then, you can modify the application group to assign it to a different

customer or make the group public. After you modify the application group, you can reprovision the Citrix service for the

customer.

When you assign an application group to a specific customer, you can include the group only in other application groups

that are assigned to the same customer.

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.

2. Under Citrix Server Filter, select the location and server collection you want to use for the application group. Any existing

application groups configured for the server collection appear.

3. Under Group Management, click New Application Group.

4. Type the name and description of the new group.

5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is


6. In Access, configure the application group's availability by performing one of the following actions:

To make the application group available to all customers, select the Public Group check box.

To make the application group available to one specif ic customer, clear the Public Group check box and enter the

name of the customer you want to assign.

Note: If you make the application group private, click Save & Reload to create the group and view the customer's

other private application groups or resources. You can then include these items in the group.


Generate creates and names a security group automatically (e.g., CitrixGrp 3).



8. Under Applications, select the hosted applications you want to include in the group.

9. Under Groups, select other available application groups you want to include.

10. Under Resources, select the network resources you want to include in the group.

11. In Publish, select Enabled to make the application group visible to customers.



To delete an application group

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.

2. Select the application group you want to remove.

3. Under Manage Application Groups, click Delete and then click OK to confirm. The option to delete the corresponding

Active Directory object appears.

4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory

check box selected. To keep the Active Directory object, clear this check box.

5. Click Delete to remove the application group. The application group entry and Active Directory object, if selected, are

removed.

To create a customer-level application group

1. From the Services Manager menu bar, click Services > Citrix > Customer Application Groups.

2. Under Customer Management, search for and select the customer for whom you want to create the application group.

3. Under Group Management, click New Application Group.

4. Type the name and description of the new group.

5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is

provisioned to the customer's users.

6. Under Applications, select the application resources and hosted applications you want to include in the group.

7. Under Groups, select other available application groups you want to include.

8. Under Resources, select the network resources you want to include in the group.



DNS Services

Jun 05, 2015

When the DNS service is provisioned to a customer, the service provider creates the DNS zone(s) that the customer can

then use to create subzones, if necessary. The DNS service is available at the customer level only. The service cannot be

provisioned to a customer's users.

Customers provisioned with DNS services can create and manage DNS records that are attached to zones. DNS Service

Administrators can manage these records for the customer while Full Reseller Administrators can manage these records for

sub-customers.

Different types of records can be attached to a zone. When a record is created, only the Time to Live (TTL) setting can bemodified. Citrix CloudPortal Services Manager supports the following types of records:

Record Type Record Name Parameters

A IPv4 Host Record Host name

IPv4 Address

TTL

AAAA IPv6 Host Record Host name

IPv4 Address

TTL

CNAME Alias Alias

Host name

TTL

MX Mail Exchanger Host name

Target

Priority

TTL

NS Name Server Host name

Target

TTL

SRV Service Record Host name

Target

Service

Protocol

Priority

Weight

Port

TTL


TXT Generic Text Record Host name

Text

TTL

Record Type Record Name Parameters


To create DNS templates

Jun 05, 2015

DNS templates define the DNS records that are created when a customer domain is added or a service is provisioned to the

customer's account.

Templates can be created at any level in the customer hierarchy. Templates can also be overridden. For example, a Service

Provider has five domain templates configured. For Reseller A, two new templates are created at the reseller level. When

Reseller A provisions a customer, the Service Provider templates will be ignored and the two reseller templates will be

configured for the customer.

If you delete a DNS template, the template is not used for new domains or services that are provisioned to a customer.

However, existing customers' DNS records that were generated with the template are not removed. You can remove these

records manually through the DNS Records menu item.

By default, only the Service Provider Administrator role has permission to manage DNS templates. To enable this permission

for other security roles, click Security > Security Roles from the Services Manager menu bar and then select a security role.

Ensure the security role is a member of the DNS Service Administrator role group. The DNS Templates permission is located

on the Menus tab, under Services > DNS

1. From the Services Manager menu bar, click Services > DNS > DNS Templates. The DNS Overview page displays all the

templates that have been created for the selected customer.

2. Under DNS Management, click New DNS Template.

3. In Template Service, select the service for which the template is being configured. When the service is provisioned to the

customer, the DNS template is created. Leave this f ield blank if the template is created when a domain is added to the

customer.

4. In Record Type, select a record type and configure the options that are created when the DNS record is created. A

default {Domain} value is displayed for all DNS templates. This value refers to the customer's domain.

5. Click Save to create the template. The new template appears in the DNS template table.


To provision DNS services to customers

Jun 05, 2015

1. From the Services Manager menu bar, click Customers > Customer Services.

2. In Customer Search, f ind the customer for whom you want to provision DNS services.

3. In the services list, select DNS. The service configuration page appears. Domains that have been entered in the

customer's Domain Management section appear under Available Domains.

4. To add a new domain as a DNS zone, under Add Domain, enter the domain and click Add Domain. The domain appears in

a table under DNS Zones. You can add only one domain in this manner. If you enter another domain, the newly entered

domain replaces the previously entered domain in the DNS Zones table.

5. To add an existing domain as a DNS zone, under Available Domains, select the check box of the domain you want to add

and then click Add Zone. The domain appears in the DNS Zones table.

6. Click Provision. The Forward Lookup Zones folder on the DNS server is updated with the defined zones. Each zone has

the following records attached:

Start of Authority (SOA) record

Name of Server (NS) record


Creating DNS Zones and Records

Jun 05, 2015

To create DNS subzones

DNS zones are created when customers are initially provisioned with DNS services. Additional zones are created when

domains are added to the DNS service. Customers with DNS Service Administrator permissions can create DNS subzones to

which they can also add DNS records.

1. From the Services Manager menu bar, click Services > DNS > DNS Records.

2. Under Zone Management, enter the name of the new subzone and then select the zone to which it belongs.

3. Click New Sub-Zone. When the DSN page refreshes, the new subzone appears under DNS Filter, in the Zone drop-down

box.

To create DNS records

When you create a DNS record, only the Time to Live (TTL) setting can be modified. To change other record settings, you

must first deprovision the record. When you have finished making changes, you provision the record again.

1. From the Services Manager menu bar, click Services > DNS > DNS Records.

2. Under DNS Filter, perform the following actions:

1. In Zone, select the DNS zone to which you want to add the new record.

2. In Type, select the type of DNS record you want to create.

3. Under DNS Management, click New DNS Entry. The DNS Record screen appears.

4. Enter the record details and then click Provision to create the record.


Hosted Apps and Desktops

Jun 05, 2015

The Hosted Apps and Desktops service allows service providers to provision customers, including resellers, with XenAppresources managed by Citrix App Studio. Using Services Manager to provision a customer with the Hosted Apps andDesktops service results in the following operations in Citrix App Studio:

Creates the customer as a tenant in Citrix App Studio.

Creates advertisement subscriptions for the tenant in Citrix App Studio.

Configuration of the Hosted Apps and Desktops service includes creating user plans containing App Studio

advertisements, which are the published apps and desktops available to a tenant. When you enable a user plan for a

customer, Services Manager creates an Active Directory user group for the customer and associates the group to the

subscription in Citrix App Studio.

Creates a Web Interface site for the tenant at the isolation level selected.

The Hosted Apps and Desktops service includes three pre-configured customer plans that correspond to the shared,

private site, and private server isolation levels for Web Interface sites. For information about tenant Web Interface site

isolation, refer to the Citrix App Studio product documentation located in Citrix eDocs.

Provisioning a user with the Hosted Apps and Desktops service results in the following operation in Citrix App Studio:Adds the user to a group that corresponds to the user plans chosen for the user. (The group is a subscription member in

Citrix App Studio, created during customer provisioning.)

Services Manager displays a list of advertisements included in each user plan to help customers choose a user plan for

users.

Deleting a user plan results in the following operations in Citrix App Studio:If the advertisements in the user plan are unique to the plan, the Hosted Apps and Desktops service removes from App

Studio subscriptions that map to the user plan.

If an advertisement in the user plan is provisioned to the customer as part of another user plan, the Hosted Apps and

Desktops service retains the subscription and removes from it the user group that corresponds to the deleted user plan.

To provision the Hosted Apps and Desktops service to resellers




4. Select the Hosted Apps and Desktops service check box and then click the Hosted Apps and Desktops service name. The

Reseller Service Setup page appears.

5. Enable or disable the user plans that define the advertisements the reseller can offer to customers. Expand a user plan

to view its advertisements.

6. Enable or disable the customer plans that define the Web interface site isolation levels the reseller can offer to

customers.

7. Click Apply changes to save your changes to the Hosted Apps and Desktops service.

8. Click Provision to update the Reseller service with your changes.

To provision the Hosted Apps and Desktops service to customers




3. Click the Hosted Apps and Desktops service name. The Service Plan Configuration page appears.

4. Choose a customer plan that defines the Web interface site isolation level for the customer.

5. Select user plans that define the advertisements that the customer can offer to users. Expand a user plan to view its

advertisements.

6. To specify a limit for the number of users that the customer can provision with the Hosted Apps and Desktops service,

select the Enabled check box and enter a value. Use the Citrix App Studio console to manage workload capacity.

7. If you made service changes, click Apply changes.

8. Click Provision to enable the customer to provision the service to users. Provisioning is complete when workflows are

created in App Studio to create or update tenant information and subscriptions. To check the status of the workflows,

use the App Studio console.


Mail Archiving Services

Jun 05, 2015

To provision the Mail Archiving service to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the Mail

Archiving service.

2. Under Customer Functions, select Services. The reseller's Customer Services page appears.


4. Select the Mail Archiving check box and then select the Mail Archiving service name. The Reseller Service Setup page

appears.

5. Select the customer plans that the reseller can offer to customers and then click Apply Changes.

6. Click Provision.

To provision the Mail Archiving service to customers

Before provisioning this service to a customer, ensure the customer has the Hosted Exchange service provisioned. Mail

archiving is supported with Exchange 2007 and 2010.

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the Mail

Archiving service.

2. Under Customer Functions, select Services. The customer's Customer Services page appears.

3. In Customer Plan, select the appropriate package for the customer.

4. Depending on the package you selected, configure the following properties:

PlanTemplateName

Template Property

Internal Mailbox Password: Specify the password for the customer's archive mailbox account.

External External Email Address: Specify the external email address receiving the journal reports.

Global

Relay

Mailbox Password: Specify the password for the customer's archive mailbox account.

Primary Domain: Specify the customer's unique primary domain.

Secondary Domain: If applicable, specify the secondary domains that will be managed by Global Relay.

Under Administrator Contact Details, specify the telephone and mobile numbers and the email address

of the service administrator. These details are forwarded to Global Relay Administration.

5. Click Provision.


Mail Archiving Provisioning Changes in ActiveDirectory and Exchange

Jun 05, 2015

Changes When Provisioning External Archiving

When a customer is provisioned with the External customer plan, the following changes occur:

Changes in Active Directory Changes in Exchange 2007 and 2010

Contact {CustomerShortName} ArchiveMailbox Contact is added.

{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.

Universal Security Group{CustomerShortName} Archive Mailboxesare added.

{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].

Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.

{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).

Journal Reports are sent to {CustomerShortName} Archive MailboxContact.

Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}

When users are provisioned with the Mail Archiving service, they become members of the MARCH {CustomerShortName}

FULL group.

Changes When Provisioning Internal Archiving

When a customer is provisioned with the Internal customer plan, the following changes occur:


User “mailarchive_{CustomerShortName}" isadded.

{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.

Universal Security Group{CustomerShortName} Archive Mailboxes isadded.

{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].

Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.

{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).

Journal Reports are sent to {CustomerShortName} Archive MailboxContact.


Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}


When users are provisioned with the Mail Archiving service, they become members of the MARCH {CustomerShortName}

FULL group.


Provisioning Services and Customers in Bulk

Jun 05, 2015

CloudPortal Services Manager enables service providers to create bulk provisioning requests for existing customers andusers. Service providers can use this feature to apply service updates to existing customers in one operation. Serviceproviders can use the following options:

Bulk Reprovisioning creates requests for users and services of a single customer.

Bulk System Provisioning creates requests for all users and all customers

When a provisioning request is created, it is sent to the provisioning engine and a confirmation message is displayed. Any

errors in the actual provisioning transaction appear on the Customer Services page of Services Manager.

To create requests for users and services of a single customer

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk Reprovisioning.

2. Under Customer Search, enter the name of the customer whose users you want to reprovision and click Search.

3. Select one of the following options:

Re-provision all users creates a request to reprovision all users of the specif ied customer.

Re-provision all customer services creates a request to reprovision all the services originally provisioned to the specif ied

customer.

Re-provision all user services creates a request to reprovision all the services originally provisioned to the specif ied

customer's users.

Re-provision a specif ic service to all users creates a request to reprovision a selected service to all users of the

specif ied customer, regardless of whether or not the service was originally provisioned to all users.

4. Click Provision. The provisioning request is created and sent to the provisioning engine. To view the status of the request,

click Configuration > Provisioning & Debug Tools > Provisioning Requests.

To create requests for all users and services of all customers

Use the Bulk System Reprovisioning feature to issue provisioning requests that affect all customers or users in the Services

Manager system. For example, you can create a request for all customers or users to be reprovisioned with services based

on whether or not the services were provisioned successfully on a previous attempt.

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk System Provisioning.

2. Under Entity, select one of the following options:

Customers creates a provisioning request for all customers in the Services Manager system.

Customer Services creates a request for a selected service to be reprovisioned to all customers in the Services

Manager system.

Users creates a provisioning request for all users in the Services Manager system.

User Services creates a request for a selected service to be reprovisioned to all users in the Service Manager system.

3. Under Current Status, select one of the following options:

Provisioned specif ies requests that have been successfully provisioned for the selected entity.

Provisioning failed specif ies requests that have been unsuccessfully provisioned for the selected entity.

Provisioning and Provisioning failed specif ies all requests submitted for the selected entity.

4. Click Provision. The request is sent to the provisioning engine. To view the status of the request, click Configuration >

Provisioning & Debug Tools > Provisioning Requests. Any resulting errors appear on the Customers or Users pages of

CloudPortal Services Manager.


To create security groups and add users

Jun 05, 2015

Customers who are Full Customer Service Administrators can create security groups and add users. After the security groupis created, customers can use the group to assign resource permissions to all members of the group.Security groups are available for customers who are provisioned with File Sharing and Web Hosting services.

1. From the Services Manager menu bar, click Customers > Configuration > Security > Security Groups.

2. Under Management, perform the following actions:

1. In Name, enter the name of the group you want to create.

2. In Type, ensure Security is selected.

3. Click New Group to create the security group. Services Manager creates the security group and displays the group

configuration screen.

3. To add users to the security group, click the Members tab.

4. In Member Search, enter the name of the user you want to add and click Find.

5. In the results table, select the check box for the user you want to add and click Add.

6. Click Save to save your selections.


Office Communicator 2007 Services

Jun 05, 2015

To provision Office Communicator services to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the Office

Communicator service.



4. Select the Office Communication Server 2007 check box and then select the Office Communication Server 2007 service

name. The Reseller Service Setup page appears.

5. In the User Plan table, select the check boxes for each level the reseller can offer to customers.

Note: The user plan defines the Communicator features that are available to provisioned users.

6. In the Customer Plan table, select the check boxes for each template the reseller can offer.

Note: The customer plan defines the home server to which users are assigned.


8. Click Provision to enable the reseller to offer the Office Communicator service.

To provision Office Communicator services to customers


2. In Customer Search, f ind the customer for whom you want to provision Office Communicator services.

3. In the services list, select Office Communication Server 2007. The Service Plan Configuration page appears.

4. In Customer Plan, select the template to assign to the customer.

Note: The customer plan defines the home server to which users are assigned.

5. Under Internal SIP Domains, select the check boxes for each domain you want to enable for handling voice and video

communication.

6. Click Advanced Settings and perform the following actions:

1. Under User Plans, select the check boxes for each user plan the customer can offer users.

Note: The user plan defines the Communicator features that are available to provisioned users.

2. In Maximum Users, select the Enabled check box and then enter the total number of users the customer can

provision.

3. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.

7. Click Provision to enable the customer to provision users with the Office Communicator service.


Viewing and Filtering Provisioning Requests

Jun 05, 2015

Citrix CloudPortal Services Manager enables administrators to review the current status of provisioning requests after they

have been submitted to the provisioning engine.

Administrators can view these requests through the Services Manager system or with an RSS feed. Administrators can also

search for a specific request.

Using the Services Manager Web-based interface, administrators can view the following information:The type of provisioning request (e.g., Bulk Request, Object Provision, Object Deprovision, etc.)

The service and customer for whom the request is created

The date on which the request is executed

The subrequests that are executed as part of the provisioning request and their transaction logs

If all subrequests in a provisioning request execute successfully, the request displays a green status indicator. If some

subrequests do not execute successfully, the request displays a yellow triangle status indicator which, later, changes to a

red status indicator.

To view provisioning information through the Services Manager system

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.

2. To view the transaction logs and subtasks executed in a provisioning request, click the Request Type entry and then

expand the Request Logs or Sub-Requests nodes.

To view provisioning errors with RSS

The CloudPortal Services Manager RSS feed enables administrators to receive notifications whenever a provisioning error

occurs. Because the RSS feed is secured using Windows authentication, an RSS reader that supports digest authentication

is required. You can change the authentication method through IIS, if necessary.

The URL for the RSS feed is http://YourHostHeaderName/cortexdotnet/Rss/CortexProvisioningErrorsRss.aspx.

To search for a specific provisioning request

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.

2. Under Request Filter, use the following f ilters to refine the list of provisioning requests:

Type displays requests of a specif ic type such as Object Provision.

My Requests and All Requests displays requests that you have created or all requests in the system.

Request Status displays requests of a particular status that have been recorded during the life of the system. For

example, using this f ilter to f ind requests with the Provisioned status displays requests with a green status indicator in

the Status column.

Object Status displays requests where the current status of subrequests matches the status selected.

Note: Using this f ilter to f ind subrequests with the Provisioned status might display some failed provisioning requests

in f iltered results. However, the subrequest itself is not necessarily in a failed state. For example, a provisioning request

to move a customer's user from one Hosted Exchange package to another might fail because the Services Manager

system cannot f ind the mail store for the new package. Although the provisioning request failed, the user is still

attached to the current package.


To migrate users to different user plans in bulk withthe Package Migration Wizard

Jun 05, 2015

Use the Package Migration Wizard to move multiple users from one user plan to another user plan. When you specify theservice and user plan from which to migrate, Services Manager can automatically select the customers and users whomatch the criteria. If the users you are migrating belong to customers that have not been provisioned with the target userplan, Services Manager can create the required package and complete the migration.This process creates a bulk provisioning request that you can track on the Provisioning Requests page. To make tracking

easier, you can specify a unique name and description for the request.

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Package Migration Wizard.

2. Under Wizard Setup, select any of the following wizard options and then click Next:

Select all customers selects for migration all customers with the specif ied source plan.

Select all users selects for migration all users in the Services Manager system with the specif ied source plan.

Generate missing destination packages enables Services Manager to create the target user plan for users belonging

to customers who are not provisioned with the target user plan.

3. Under Service Selection, in Service, select the service containing the user plan from which you want to migrate and then

click Next.

4. Select the user plan from which you want to migrate and click Add selected packages. The selected user plan appears in

a table, in the Source column.

5. From the package table, in the Destination column, select the plan to which you want to migrate and then click Next. A

table displays the customers that match the selected service and source user plans.

6. Ensure the customers you want to migrate are selected and then click Next. The source and destination user plans are

displayed.

7. To verify the appropriate users are selected, perform the following actions:

1. Click the source user plan and then click the customer name.

2. On the Users screen, select or clear the Selected check box as required for any users that you do or do not want

migrated.

3. Click Save and then click Save again to save your changes.

8. Under Request Details, enter a name and description for the provisioning request so it can be easily tracked on the

Provisioning Requests page.

9. Click Finish. Services Manager creates the provisioning request and sends it to the provisioning engine. To view the status

of the request, click Configuration > Provisioning & Debug Tools > Provisioning Requests.


BlackBerry Services

Jun 05, 2015

The Citrix CloudPortal Services Manager offers a BlackBerry service that simplifies the BlackBerry user management

processes. Services Manager integrates with BlackBerry® Enterprise Servers to manage, add, modify, and delete user

accounts.

To ensure that the BlackBerry service works successfully, the customer and user must be provisioned with the Hosted

Exchange service before they are provisioned with the BlackBerry service.

The BlackBerry service includes the following features:All of BlackBerry's standard management tasks can be performed within the Services Manager control panel.

BlackBerry user provisioning can be delegated to the end-customer.

The BlackBerry service is compatible with Exchange 2003, 2007, and 2010 Enterprise.

Multiple BlackBerry Enterprise servers can be supported.

The movement of provisioned users from one BlackBerry Enterprise server to another is supported.

To provision BlackBerry services to resellers




4. Select the BlackBerry service and then select the BlackBerry service name with which to configure the service.

5. Enable the customer plans (BlackBerry 5) and user plans (BlackBerry 4) that the reseller can sell to its customers.

Note: The plans determine the BlackBerry server that is used to store users' BlackBerry accounts.

6. Click the plan to display the Configure Service Settings page.

7. For user plans, under User Package Limit, enter the maximum number of users that can be provisioned with the selected

user plan.

8. Click Apply Changes to save your changes to the selected plan.

9. Click Apply Changes to save your changes to the BlackBerry service.

10. Click Provision to provision the BlackBerry service to the reseller.

To provision BlackBerry services to customers

Before provisioning the BlackBerry service, customers must first be provisioned with Hosted Exchange services.



3. Select the BlackBerry service. The Service Package Configuration page appears.

4. Under Advanced Settings, enable the user plans that the customer can use to provision the service to its users.

5. Click the service access level to display the Configure Service Settings page.

6. Under User Package Limit, enter the maximum number of users that can be provisioned at the selected user plan.

7. Click Apply Changes to save your changes.

8. In Maximum Users, if required, click Enabled and then specify the maximum total number of users that can be provisioned

with the service.

9. In Billing, click Enabled to indicate the service generates charges to the customer.

10. Click Apply Changes to save your changes to the BlackBerry service.

11. Click Provision to provision the BlackBerry service to the customer.


Virtual Machines Services

Jun 05, 2015

Customers provisioned with Virtual Machine services can create and manage the virtual servers in their organizations.

Customers can add and configure new virtual servers, create checkpoints that enable restoring virtual servers to a previous

state, and add or remove servers from available networks.

Resource Pools

Customers can be assigned resource pools which include limits on total disk storage, memory, processors, and number of

virtual machines. When a resource pool is assigned, the customer can create, manage, stop, start, upgrade, and downgrade

their virtual servers through the Services Manager control panel. If more resources are needed, the customer's reseller can

add the required resources.

Virtual Networks

Customers can be assigned one or more virtual networks and Services Manager can automatically assign a VLAN tag or

allow the customer to assign the tag manually.

After the network is set up, the customer can add or remove virtual servers from the virtual network. Virtual networks can

span across multiple physical hosts managed by the same SCVMM server. This means that customers' virtual servers can be

distributed across hosts.


To provision Virtual Machine services to customers

Jun 05, 2015


2. In Customer Search, f ind the customer for whom you want to provision the Virtual Machine service.

3. In the services list, click Virtual Machine. The Service Package Configuration page appears.

4. In Package Template, select the template you want to assign to the customer.

Note: The package template defines the properties of all virtual machines that are created, including CPU, memory, and

the total number of virtual machines that can be created.

5. In Management Server, select the SCVMM server to use for handling customer requests generated through CloudPortal

Services Manager.

Note: When the service is provisioned to the customer, this setting cannot be changed. To update the server, deprovision

the service for the customer and ensure the virtual machines are recreated on the new SCVMM server.

6. Under Virtual Resources, perform the following actions:

1. Expand the Hosts & Networks node and select the server you want to host the virtual machines and the network

under each host.

2. Expand the Machine Templates node and select the templates the Customer Administrator can use to create virtual

machines.

3. Expand the Guest OS Profiles node and select the operating systems the Customer Administrator can assign to the

machine templates.

4. Expand the DVD Images node and select the images the Customer Administrator can mount on virtual machines.

5. Expand the CPU Types node and select the CPUs the Customer Administrator can use for virtual machines.

7. Under Networking, expand the node for the type of VLAN you want to assign and select the VLAN to assign as the

customer's virtual environment.

8. Under Resource Configuration, to customize the settings assigned by the package template you selected in Step 4, clear

the Auto select package resource limits check box and make the appropriate changes.


1. In Maximum Users, select the Enable check box and enter the total number of users the customer can provision.


10. Click Provision to enable the customer to create virtual machines.


To add virtual servers

Jun 05, 2015

1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.

2. Under Machine Management, click New Virtual Machine. The Virtual Server Manager appears.

3. Under Virtual Machine Identity, enter a computer name and description for the new virtual machine.

4. Under Source Templates, perform one of the following actions:

Select Create a new virtual machine with a blank disk to create a virtual machine without using a source image.

Select Use an existing virtual machine template to create a virtual machine using a source image that you select from

the Machine Template drop-down box.

5. Under Guest Operating System, perform the following actions:

1. In Template, select the operating system you want to install.

2. In T ime Zone, select the time zone for the server.

3. In Product Key, enter the software product key for the selected operating system. If the product key has been

included in the operating system template, a note appears to this effect.

4. In Administrator Password, specify the password for the machine's local administrator account. If the password has

been included in the operating system template, a note appears to this effect.

6. Under Hardware, perform the following actions:

1. In CPU, specify the number and type of cores for the new virtual machine.

2. In Memory, specify the amount of available memory for the new virtual machine.

3. Configure the virtual devices associated with the machine. For example, to add a disk drive to the machine, click New

Disk. When you add devices, a configuration box appears where you can define the device's properties such as device

channel, media (for DVD devices), type, and size.

Note: After the virtual machine is provisioned, you can only increase the disk size. You cannot decrease it. To modify

the virtual machine's hardware, you must f irst stop the machine.

7. Under Network Adapters, perform the following actions:

1. Choose the network adapter to use for the virtual machine and click Add network adapter.

2. Configure the network adapter, if necessary, to connect to a specif ic network and configure the machine's MAC

address.

8. To start the virtual machine immediately after it is provisioned, select the Start the virtual machine check box.

9. Click Provision to save your selections.


Recording Server States with Checkpoints

Jun 05, 2015

Checkpoints capture the state of a virtual machine at a certain moment in time. You can then use the checkpoint torestore the virtual machine to the state it was in when the checkpoint was created.

To create a checkpoint


2. Select the virtual machine for which you want to create a checkpoint.

3. On the Checkpoints tab, in the Checkpoint Management table, click Add. A blank text box appears in the Name column.

4. Type the name of the checkpoint and then click Update.

To restore a virtual machine to a previous state


2. Select the virtual machine whose state you want to restore.

3. On the Checkpoints tab, select the checkpoint you want to use.

4. Click Restore. The restore request is sent to the host machine. To view the progress of the restore, click the Status tab.

The Most Recent Task section displays the progress of each task the host machine processes.


MySQL Services

Jun 05, 2015

CloudPortal Services Manager enables customers with Customer Administrator permissions to create and remove new

MySQL databases. The number of databases that customers can create is configured when the MySQL service is

provisioned.

MySQL User Roles and Permissions

User roles are comprised of MySQL permissions. The following table describes the permissions that are included in each role.

MySQL Permissions ReadOnly Role DBA Role User Role Full Role

SELECT X X X X

INSERT X X X

UPDATE X X X

DELETE X X X

EXECUTE X X X X

SHOW VIEW X X

CREATE X X

ALTER X X

REFERENCES X

INDEX X X

CREATE VIEW X X

CREATE ROUTINE X X

ALTER ROUTINE X X

DROP X X


CREATE TEMPORARY TABLES X X X

LOCK TABLES X X X

MySQL Permissions ReadOnly Role DBA Role User Role Full Role


Creating MySQL Databases and Users

Jun 05, 2015

To create a new MySQL database

1. From the Services Manager menu bar, click Services > MySQL > Databases.

2. Under Database Management, click New MySQL Database. The Database Details box appears.

3. Enter the name of the new database.

Note: The database name consists of a default prefix (customer code) and the name you specify. The entire database

name, including prefix, cannot exceed 16 characters.

4. Click Provision to create the database.

To add new MySQL users

1. From the Services Manager menu bar, click Services > MySQL > Users.

2. Under MySQL User Management, click New MySQL User.

3. Enter the user name and password for the new user.

4. Ensure the Is Enabled check box is selected. Clearing this check box disables the user account.

5. Under Databases, select the databases to which you want to assign access.

6. To configure permissions for each database, click Edit and then select one of the following roles:

ReadOnly allows users to execute queries and view records.

DBA allows users to perform most database functions, with the exception of referencing table columns as part of

foreign key constraints.

User allows users to run queries as well as create, modify, and remove records.

Full allows users to perform all database functions.

7. Click Update to save your selection.

8. Click Provision to create the user account.


Provisioning MySQL Services

Jun 05, 2015

To provision MySQL services to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the MySQL

service.



4. Select the MySQL check box and then select the MySQL service name. The Reseller Service Setup page appears.

5. Under Servers, select the MySQL database server that the reseller can use for provisioning customers.

6. In the Customer Plan table, select the check boxes for each template the reseller can offer to customers.


8. Click Provision to enable the reseller to offer the MySQL service to customers.

To provision MySQL services to customers

Before provisioning the MySQL service, database resources must be configured for the customer.


2. In Customer Search, f ind the customer for whom you want to provision MySQL services.

3. In the services list, select MySQL configure resources. The Service Setup page appears.

4. Expand the server tree, select the server to use for provisioning the customer, and then click Save.

5. In the services list, select MySQL. The Service Plan Configuration page appears.


Note: The customer plan defines the number of databases and users that the Customer Administrator can create after

the service is provisioned.

7. In MySQL Server, select the server the customer can use to host databases and users.

8. To customize the database and user limits, under Resource Configuration, perform the following actions:

1. Clear the Auto select package resource limits check box.

2. In Database Limit, enter the maximum number of databases the customer can create.

3. In User Limit, enter the maximum number of database users the customer can provision.

9. Click Provision to provision the MySQL service to the customer.


File Sharing Services

Jun 05, 2015

Citrix CloudPortal Services Manager enables customers to provide f ile sharing services to their users. Once provisioned, userscan access the customer's f ile share directory through another mechanism. For example, the f ile share can be configured asa Citrix resource and accessed in a Citrix XenApp session. Customers can use the directory to store and transfer f iles toothers in the organization as well as manage the directory subfolders. Customers can also assign folder permissions tousers.

To provision file sharing to resellers




4. Select the File Sharing service check box and then click the File Sharing service name. The Reseller Service Setup page

appears.

5. In the User Plan table, enable any of the following service access levels:

Full allows users to read, modify, and delete f iles.

Read includes List permissions and allows users to traverse folders and run program files.

List allows users to view file and subfolder names, read data in the f iles, and to view file and folder attributes, including

extended attributes.

6. In the Customer Plan table, enable the package templates that the reseller can offer to customers.

7. Under Resource Configuration, in Disk Limit, enter the maximum amount of storage in megabytes (MB) to allocate to the

reseller.


9. Click Provision to enable the reseller to offer the service to customers.

To provision file sharing to customers


2. In Customer Search, f ind the customer for whom you want to provision File Sharing services.

3. In the services list, select File Sharing. The Service Plan Configuration page appears.

4. In Customer Plan, select the package template with which to provision the customer. To customize the package, click

Edit.

5. In File Share Server, select the server hosting the customer's f ile share directory.

Note: This f ield appears when the selected customer plan does not have the Automatic Server Selection property

enabled and has more than one server configured. If the selected package has this property enabled, this f ield does not

appear and a f ile server is chosen automatically when the File Sharing service is provisioned to the customer.

6. To customize the storage limit for the customer, under Resource Configuration, clear the Auto select package resource

limits check box and, in Disk Limit, enter a new value.


1. Under User Plans, select the check box for each service access level to which the customer can assign users.

2. To limit the number of users the customer can provision, under Maximum Users, select the Enabled check box and

enter the number of users allowed.

3. To ensure the service generates charges to the customer when provisioned, under Billing, ensure the Enabled check

box is selected.

8. Click Provision to save your selections and provision the service to the customer.


File Sharing Provisioning Changes in Active Directory

Jun 05, 2015

Changes When Provisioning Customers

When a customer is provisioned with the File Sharing service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> FSS is created and all Full Service Administrator users

are added as members.

The global security group FSS <CustomerShortName> FULL is created. No members are added to this group until users

are provisioned.

The global security group FSS <CustomerShortName> NONE is created. Users that are not provisioned with the File

Sharing service are members of this group.

Changes When Provisioning Users

When a user is provisioned with the File Sharing service, the user becomes a member of the global security group FSS

<CustomerShortName> FULL.


Managing File Sharing Services

Jun 05, 2015

To create a subfolder in the file sharing directory

1. From the Services Manager menu bar, click Services > File Sharing Manager.

2. In the Folders pane, select the folder under which you want to create the subfolder.

3. On the Folders tab, in New Directory, enter the name of the subfolder you want to create.

4. Click Create. The new subfolder appears in the Folders pane.

To assign folder permissions to users

1. From the Services Manager menu bar, click Services > File Sharing Manager.

2. In the Folders pane, select the folder for which you want to assign permissions.

3. On the Permissions tab, search for the user or security group to whom you want to assign folder permissions. After

locating the user, click Add. The user appears in the Members table.

4. From the Members table, select the users to whom you want to assign folder permissions and click Manage Permissions.

5. Under Permissions, select the permission level you want to assign and click Save.

6. To apply the permissions only to the selected folder, clear the Apply the permissions to subfolders and f iles check box.


CRM 4 and CRM 2011 Services

Jun 05, 2015

To provision CRM 4.0 and CRM 2011 services to resellers




4. Depending on the CRM version you are provisioning, select the Customer Relationship Management 4 or the Customer

Relationship Management 2011 check box and then click the service name. The Reseller Service Setup page appears.

5. Select the customer plans that the reseller can offer to customers.

Note: The customer plans selected determine the CRM servers that are allocated to the reseller for provisioning

customers.

6. To customize the customer plan, click the plan name to display the Configure Service Settings page.

Note: Changes you make to the customer plan are applied to all customers subsequently provisioned with the plan.

7. Click Apply Changes to save your changes to the customer plan.

8. Click Apply Changes to save your changes to the service.

9. Click Provision to enable the reseller to offer the CRM service to customers.

To provision CRM 4.0 services to customers

When provisioning a customer with the CRM 4.0 service, additional configuration might be required, depending on whether

or not the customer plan is configured to allow organizations. The Organizations feature in CRM 4.0 allows service

providers to host multiple customer databases on a single CRM server. To maintain data integrity, only one customer is

assigned to an organization. If multiple customers are assigned to a single organization, the data is shared among the

assigned customers.

Service providers configure CRM customer plans to automatically enable or disable the Organizations feature. When

enabled, Services Manager creates a CRM organization for the customer when the service is provisioned. The organization's

name appears in the format {CustomerLongName} {InstanceName}. When disabled, the reseller can assign an organization

to the customer when the service is provisioned.



3. Click Customer Relationship Management 4 create an instance. Enter an instance name and a display name and then

click Create. The Instance Setup page appears.

4. Under Service Configuration, select the customer plan to provision to the customer.

Note: The customer plan determines the servers on which the customer's user data is stored and how Services Manager

sets up the database. The plan selection also determines any additional service options that require configuration before

the service can be provisioned to customers.

5. If the selected plan includes the ability to create an organization for the customer, perform the following actions:

1. Under CRM Configuration, in CRM Server, select the CRM server that hosts the customer's instance.

2. Click Service Settings to view the Configure Service Settings page and then select the Customer category.

3. Ensure the following settings are selected and that the correct values have been entered:

SQL Collation

Currency Code

Currency Name


Currency Symbol

The Currency Code setting cannot be changed after the CRM service is provisioned to the customer.

4. Click Apply Changes to save any changes you made.

6. If the selected plan does not include the ability to create an organization for the customer, perform the following

actions:

1. Under CRM Configuration, in CRM Server, select the CRM server that hosts the customer's instance.

2. In Organization, select the organization to which the customer is assigned.

Note: This selection cannot be changed after the customer is provisioned.

7. Click Provision to provision the customer with the CRM service.

To provision CRM 2011 services to customers



3. Click Customer Relationship Management 2011 create an instance. Enter an instance name and a display name and then

click Create. The Instance Setup page appears.

4. Under Service Configuration, select the customer plan to provision to the customer.

Note: The customer plan determines the servers on which the customer's user data is stored and how Services Manager

sets up the database. The plan selection also determines any additional service options that require configuration before

the service can be provisioned to customers.

5. Under CRM Configuration, perform the following actions:

1. In CRM Server, select the CRM server that hosts the customer's instance.

2. Ensure the following settings are selected and that the correct values have been entered:

SQL Collation

Currency Code

Currency Name

Currency Symbol

Currency Precision

The Currency Code setting cannot be changed after the CRM service is provisioned to the customer.

6. Click Provision to provision the customer with the CRM service.

To import CRM organizations created outside Services Manager

The CRM Import Tool for CRM 4.0 and CRM 2011 enables service providers to import CRM organizations that were not

initially created through Services Manager. Service providers can link the organization to a customer in Services Manager

and, where possible, match the organization's users to the domain user ID of the customer's users in Services Manager.

1. From the Services Manager menu bar, click Services > CRM 4 > CRM Import. The CRM Customer Allocation page displays

a list of the organizations configured on the CRM server. If an organization is allocated to a customer, the customer's

name appears in the list.

2. Select the CRM organization you want to import. The Customer Import Manager page displays.

3. Under Customer Details, perform the following actions:

1. In CRM Description, enter the name of the CRM site.

2. In Customer Search, enter the name of the CRM customer you want to import and select the customer name.

4. Click Provision. The Customer Import Manager page displays a table of the users that match the domain user IDs of the

customer's CRM users. By default, these users are selected for provisioning.

5. Click Provision Users to provision the selected users with the CRM service. Services Manager updates the selected users'


services with the provisioned CRM organization.


Exchange Services

Jun 05, 2015

The Exchange service allows customers to provide a suite of robust communication tools to users. The Exchange service

supports Microsoft Exchange 2003, 2007, and 2010.

When customers are provisioned with the Exchange service, they can manage the following items:Contacts

Distribution Groups

Mailbox Import/Export

Outlook Mail Disclaimer

Public Folders

Resource Mailboxes

Contacts

Customers can add external contacts to their company's Global Address Lists as well as amend contact details and assign

contacts to distribution groups. Customers can use Microsoft Outlook to view the contacts in the Global Address List and

send email to them.

Distribution Groups

Distribution groups enable a collection of users, contacts, and other distribution groups to be represented with one email

address. Users can send email to the group email address and all users included in the group receive the email.

Users can access distribution groups through the Global Address List in Outlook. Global Address Lists can include multiple

distribution groups and users can be assigned to multiple groups.

When distribution groups are created, owners are assigned. The owner of a distribution group can be another user or a

security group. The group owner can add or remove group members through Outlook.

Mailbox Import/Export

Mailbox Import/Export enables Exchange Service Administrators to export the contents of individual Exchange mailboxes

to a format suitable for offline use in Outlook. Importing and exporting mailboxes involves saving the mailbox as a PST file

and saving it on an FTP server.

Outlook Mail Disclaimer

Mail disclaimers are legal notices, disclaimers, warnings that are automatically appended to all outgoing email. The Exchange

Service Administrator can create and manage these disclaimers.

Public Folders

When Exchange services are enabled, a root public folder is created for the customer. Although the naming format of the

folder is subject to the Service Provider's configuration settings, the format typically includes the primary domain name or

the short name of the customer's organization.

Full Customer Service Administrators can create, manage, and delete public folders, as well as enable them to receive email

from users.


Resource Mailboxes

Resources are items that are reserved for use in meetings, such as meeting rooms and projectors. By allocating mailboxes to

these resources, users can include them in meeting requests so they can be reserved. When a meeting is booked, the

meeting organizer receives an acceptance notice from the resource.

Exchange Service Administrators can create, modify, and remove resources from the customer's organizational unit.


Managing Public Folders

Jun 05, 2015

When Exchange services are provisioned to customers, a root public folder is automatically created. New public folders are

created as subfolders under the root folder.

To create a public folder

1. From the Services Manager menu bar, click Services > Exchange > Public Folders.

2. In the left pane of the Public Folders Overview page, select the root public folder. In general, the root public folder is

represented with the customer's short name.

3. On the Folders tab, in New Public Folder, type the name of the subfolder you want to create.

4. Click Create. The new public folder appears under the root folder.

To rename a public folder


2. In the left pane of the Public Folders Overview page, select the public folder you want to rename.

Note: You can rename subfolders only. You cannot rename root public folders.

3. On the Folders tab, in Existing Public Folder, type the new name for the public folder.

4. Click Rename. The renamed folder appears after the public folder tree refreshes.

To enable a public folder to receive email


2. In the left pane of the Public Folders Overview page, select the public folder you want to enable for email.

3. On the Mail tab, click Enable Mail. The Public Folder Emails table appears and a primary email address for the folder is

automatically generated.

4. To add an email to the Public Folder Emails table, click Add.

5. Type the email alias for the folder and select the appropriate domain.

6. Click Update. The new email address appears in the Public Folder Emails table.

7. Click Save Emails to save your entries.

To remove a public folder from the Global Address List

When a public folder is removed from the Global Address List, users can still send email to the folder even though it no

longer appears in the list. Public folder permissions are available with Exchange 2007 or Exchange 2010 only.


2. In the left pane of the Public Folders Overview page, select the public folder you want to remove.

3. On the Permissions tab, select the Hide from Address List checkbox.

4. Click Save Permissions to save your changes. The public folder is no longer visible to users through the Global Address List.

To restrict incoming email to public folders

To prevent external "spam" emails from flooding the customer's environment, you can configure public folders to accept

email only from users within the customer's organization. This task is available for customers with Exchange 2007 or

Exchange 2010 only.



2. In the left pane of the Public Folders Overview page, select the public folder to which you want to restrict email.

3. On the Permissions tab, select the Senders require authentication checkbox.

4. Click Save Permissions to save your changes.

To enable users to send email through public folders

You can assign certain users permission to send email using a public folder alias. To recipients, the sender appears as the

name of the public folder instead of the individual user. Public folder permissions are available with Exchange 2007 or

Exchange 2010 only.


2. In the left pane of the Public Folders Overview page, select the public folder to which you want to enable users to send

email.

3. On the Permissions tab, under Send As Permissions, search for the users you want to add. Search results appear in a

table under the Member Search box.

4. Select the checkbox for each user you want to enable to send email.

5. Click Add. The selected users appear in the Existing Send As Permissions table.

6. Click Save Permissions to save your changes.


Managing Distribution Groups

Jun 05, 2015

Exchange distribution groups are collections of users, contacts, and other distribution groups that are represented with asingle email address in the Global Address List. When a user sends an email to the group email address, all members of thegroup receive the email.When Exchange services are provisioned to customers, users can view distribution groups through the Global Address List

using Outlook, as well as create and manage distribution groups.

Users who create distribution groups are known as owners. Additionally, group ownership can be assigned to a group of

Exchange users or a security group. Group owners can add and remove members through Outlook.

Full Customer Service Administrators can create and delete groups, manage group members, and configure group email alias

permissions and member email restrictions.

To create distribution groups

1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.

2. Under Group Management, type a name for the group you want to create and ensure the Distribution option is

selected.

3. Click New Group. The distribution group is created and the group properties screen appears.

4. Click Save.

To add members to a distribution group


2. Select the group to which you want to add members.

3. Click the Members tab.

4. In Member Search, type the name of the contact you want to add and click Find.

5. Select the contact's checkbox and click Add.

6. Click Save.

To create an email alias for a distribution group


2. Select the group for which you want to create an email alias.

3. Click the Email tab.

4. In the Group Email Addresses table, click Add. A blank alias table entry appears.

5. Under Name, type the email alias you want users to specify when sending emails to the group.

6. Click Update to save your entries.

7. Click Save.

To restrict incoming email to distribution groups

To prevent external "spam" emails from flooding the group, you can configure distribution groups to accept email only from

users within the customer's organization.


2. Select the group to which you want to restrict email.

3. Click the Email tab.


4. Select the Senders require authentication checkbox.

5. Click Save.

To designate group owners


2. Select the group for which you want to assign an owner.

3. Click the Management tab.

4. In Owner Search, type the name of the contact to whom you want to assign group ownership and click Find.

5. Select the contact's checkbox and click Add.

6. Under Membership Approval, choose whether owner approval is required for joining or leaving the group.

7. Click Save.

To enable users to send email through distribution groups

You can assign certain users to send email using the distribution group alias. To recipients, the sender appears as the name

of the distribution group instead of the individual user.


2. Select the group through which you want users to send email.

3. Click the Permissions tab.

4. Under Send-As Permissions, search for the users you want to add.

5. Select the checkbox for each user you want to add and click Add.

6. Click Save.

To restrict group access to specific users


2. Select the group to which you want to restrict access.


4. Under Accepted Senders, select the Only users in the following list option.

5. Search for the users you want to add and select the checkbox for each user.

6. Click Add.

7. Click Save.

To block group emails from specific users


2. Select the group to which you want block users.


4. Under Rejected Senders, select the Only users in the following list option.

5. Search for the users you want to add and select the checkbox for each user.

6. Click Add.

7. Click Save.


Importing and Exporting Mailbox Files

Jun 05, 2015

Importing and exporting mailboxes are important tasks for managing Exchange services. Exporting mailboxes facilitatesdisaster recovery and compliance efforts. Importing mailboxes helps with migrating users from old versions of Exchange andenabling users to add off line mail archives to their Exchange mailbox.

To export a mailbox

1. From the Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.

2. Click Export Mailboxes. A table of available mailbox f iles appears.

3. Select the Export checkbox for each user's mailbox you want to export.

4. Click Export Mailboxes. The export process begins. To view the status of the export, click Refresh Status.

The exporting process creates .PST files and places them on the customer's FTP server, in a folder called MailboxExport. To

view these files, log on to the FTP server using the information that appears under FTP Login Details on the Mailbox Import

and Export Overview screen and navigate to the MailboxExport folder. Depending on the customer's configuration, mailbox

files might appear as zipped archives.

To import a mailbox

1. From the Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.

2. Click Import Mailboxes. A table of users that are provisioned with an Exchange mailbox appears.

3. Click Edit for the user whose mailbox you want to update with the imported mailbox f ile.

4. Select the mailbox f ile you want to import and then click Update.

5. Click Import Mailboxes. The import process begins. To view the status of the import, click Refresh Status.


To create mailboxes for managing meeting resources

Jun 05, 2015

Resources consist of spaces or equipment that are used for holding meetings and need to be reserved when a meeting isorganized. Exchange provides mailboxes for these resources so that users can include them in meeting requests madethrough Outlook.Exchange Service Administrators can create, modify, and remove resources from the customer's organizational unit.

1. From the Services Manager menu bar, click Services > Exchange > Resource Mailboxes.

2. Under Resource Management, click New resource mailbox.

3. Type a name for the resource and select whether it is a meeting room or equipment (e.g., projector, f lip chart, etc.).

Note: Resource types cannot be amended after the resource mailbox has been provisioned. To change the resource

type, the mailbox must be deprovisioned f irst.

4. Click Provision to create the mailbox.


Provisioning Exchange Services

Jun 05, 2015

To provision Exchange services to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the

Exchange service.



4. Select the Hosted Exchange check box and then select the Hosted Exchange service name. The Reseller Service Setup

page appears.

5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.

6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.

7. Under Resource Configuration, enter the maximum amount of space allotted for mailbox and public folder storage.

Note: When this limit is reached, the reseller cannot provision Exchange services to new customers.


9. Click Provision to enable the reseller to offer Exchange services to its customers.

To provision Exchange services to customers


2. In Customer Search, f ind the customer for whom you want to provision Exchange services.

3. In the services list, select Hosted Exchange. The Service Package Configuration page appears.

4. In Customer Plan, select the package you want to provision to the customer.

Note: The package you select determines whether or not public folders are enabled and the available disk space for the

customer's mailboxes.

5. Under Exchange Domains, select the domain type to be used for inbound email routing.

Note: By default, domains are set to Authoritative when the Exchange service is f irst provisioned to a customer. Domains

that are added after Exchange has been provisioned default to External Relay. To change this, the Customer

Administrator can modify the type and reprovision the Exchange service.

6. Under Email Patterns, select one of the following options:

Select Force customer wide primary address to ensure all users' email addresses adhere to a specif ied format. In the

email format table, select the formats you want to use. Select the Primary Email option to designate one format as

the primary format. When the service is provisioned, any manually configured addresses are overwritten with

addresses in the specif ied format.

Select Manage individual user primary e-mail addresses to allow different formats for users' email addresses.

Note: If the address format is changed after provisioning the Exchange service, select the Apply email policy check box

to ensure the email format selected in the format table is applied to all provisioned users. To ensure the change is

applied only to newly provisioned users, leave this box unselected.

7. If the location is configured to host Exchange 2007, and the customer is being hosted on Exchange 2007, ensure the

Exchange 2007 Customer option is selected.

8. Under Public Folders, perform the following actions if the selected customer plan includes public folders and you want to

customize storage limits:

1. Clear the Auto select a public folder package check box.

2. Select the Create Public Folders check box.

3. To specify unlimited storage, leave the Public Folder Storage Limit box blank.


When the Exchange service is provisioned, a root public folder is created for the customer. Exchange Service

Administrators become owners of the root folder and the customer's users are granted Author permissions.

9. Under Resource Configuration, to customize the total amount of mailbox storage for all users provisioned with the

Exchange service, perform the following actions:

1. Clear the Auto select package resource limits check box.

2. In Mailbox Storage (MB), enter the total amount of storage allocated to user mailboxes. To specify unlimited storage,

leave this f ield blank.

10. To restrict the number of users assigned to a user plan, perform the following actions:

1. Click Advanced Settings and then select the user plan you want to configure.

2. In User Limit, enter the total number of users that can be assigned to the selected user plan.


11. In Billing, ensure the Enabled check box is selected so the appropriate charges are generated for the customer.

12. Click Provision.


Exchange Provisioning Changes in Active Directory

Jun 05, 2015


When a customer is provisioned with the Exchange service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> HE is created and all Full Service Administrator users

are added as members.

The global security group HE <CustomerShortName> <ServiceAccessLevelName> is created for each user plan selected

for the customer. No members are added to these groups until users are provisioned with the Exchange service at the

corresponding level.

The global security group HE <CustomerShortName> NONE is created. No members are added to this group until users

are deprovisioned.

If public folders are enabled, the public folder is saved in Exchange Management Shell. To view folder details, use the

Get-PublicFolder cmdlet.


When a user is provisioned with the Exchange service, the following changes occur:The user becomes a member of the HE <CustomerShortName> <ServiceAccessLevelName>.

For customers provisioned with Exchange 2007 services, user mailboxes are created and saved in the Exchange

Management Console under Recipient Configuration > Mailbox.

Changes When Adding Contacts

When contacts are added for a customer, the following changes occur:A Contact Type object is created under the customer organizational unit (OU) using the format

<ContactName>_<CustomerShortName>.

For customers provisioned with Exchange 2007 services, a contact record is created and saved in the Exchange

Management Console under Recipient Configuration > Mail Contact.

Changes When Creating Distribution Groups

When distribution groups are created for a customer, the following changes occur:A universal distribution group is created under the customer OU using the format Distribution <CustomerShortName>

<DistributionGroupName>

For customers provisioned with Exchange 2007 services, a distribution group record is created and saved in the Exchange

Management Console under Recipient Configuration > Distribution Group.


Managing Exchange Contacts

Jun 05, 2015

When Exchange services are provisioned to customers, users can view their company's Global Address Lists, send email tocontacts in the list from Microsoft Outlook, add and modify contacts, and assign contacts to distribution groups.Full Customer Service Administrators can add, modify, and delete contacts as well as prevent contacts from displaying in the

Global Address List.

To add new contacts

1. From the Services Manager menu bar, click Services > Exchange > Contacts.

2. Under Contact Management, click New Contact. A blank Contact Details form appears.

3. Enter the details of the contact. Fields marked with an asterisk (*) are required.

4. Click Save.

To prevent contacts from appearing in the Global Address List

1. From the Services Manager menu bar, click Services > Exchange > Contacts.

2. Select the contact you want to hide.

3. On the Contact Details form, select the Hide From Address List checkbox.

4. Click Save.


To create mail disclaimers

Jun 05, 2015

Mail disclaimers are legal notices or warnings that are automatically attached to all outgoing email. The Exchange ServiceAdministrator can create, modify, and remove the company's mail disclaimer.Note: Mail disclaimers are available to customers with Exchange 2007 or 2010 only.1. From the Services Manager menu bar, click Services > Exchange > Configuration > Mail Disclaimer.

2. Type a name for the mail disclaimer and then type the body of the message.

3. Choose whether to append or prepend the disclaimer to outgoing email messages.

4. Choose whether email to which the disclaimer cannot be directly attached is ignored, rejected, or wrapped in an

Exchange envelope before sending.

5. Choose whether the disclaimer is attached to email sent to external contacts only.

6. Click Save.


AD Sync Services

Jun 05, 2015

The AD Sync service enables customers to synchronize their own localized domain controller to the hosted domain

controller. The customer's organizational unit (OU) in the hosted domain controller is regularly updated with any user

changes that have been saved in the customer's domain controller. All hosted services that are provisioned to the users are

configured directly to the user objects that are saved in the hosted domain controller.

The AD Sync service is a customer-only service. Once provisioned to a customer, the customer's administrator has access to

download and configure the AD Sync tool to their existing domain controller. To download the tool, the customer must be

configured with the Allow passwords to Never Expire option set to Yes. If this option is set to No, errors are recorded in the

customer's event log and no users appear in CloudPortal Services Manager.


2. In Customer Search, f ind the customer for whom you want to provision the AD Sync service.

3. In the services list, click AD Sync. The Advanced Settings page appears.

4. Click Provision to enable the customer to download the AD Sync tool.


SharePoint 3 and SharePoint 2010 Services

Jun 05, 2015

CloudPortal Services Manager supports SharePoint Services 3.0 and SharePoint 2010 environments.

SharePoint 3.0

IIS virtual servers are created through SharePoint Manager. These virtual servers are available for selection when setting up

the SharePoint packages. All customer sites provisioned with a particular package and virtual server are child sites of the

same virtual server. CloudPortal Services Manager configures the appropriate host header on the virtual server for each

customer and SharePoint's authentication and authorization handles the segmentation of the sites so that customers see

only appropriate content.

SharePoint 2010

Customers are configured with SharePoint Feature Packs that determine the functionality that is available to provisioned

users.

A standard SharePoint installation includes 12 preconfigured customer plans. These plans determine how the site isconfigured and saved on the SharePoint 2010 server. Service providers configure the availability of the following templateswhen they provision the service to customers. All templates support SSL authentication.Customer Site

This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured

with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.

Additionally, a separate Customer site template is available that includes anonymous authentication.

Shared Site

This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated

content database. Additionally, a separate Shared site template is available that includes anonymous authentication.

Dedicated Site

This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool

unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content

database. Additionally, a separate Dedicated site template is available that includes anonymous authentication.


Configuring SharePoint 2010 Resources andProvisioning to Customers

Jun 05, 2015

Before provisioning the SharePoint 2010 service to a customer, at least one SharePoint Farm and Feature Pack must be

configured and assigned to the customer. When provisioning a customer, you can specify multiple, different farms with

companion feature packs. However, you cannot specify multiple instances of the same farm.


2. In Customer Search, f ind the customer for whom you want to provision SharePoint 2010.

3. In the services list, click SharePoint 2010 configure resources. The Service Setup page appears.

4. In the SharePoint Farm table, click Add and select the farms and companion feature packs to allocate to the customer.

5. Click Update to save your selections.

6. Click Save to save the resource configuration.

7. In the services list, click SharePoint 2010 create an instance. The SharePoint 2010 Service Instance page appears.

8. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.

9. Under Service Plan Configuration, in Customer Plan, select the settings package to use for the site. To customize the

template, click Edit and make the appropriate changes. When you are f inished, click Apply Changes.

10. Under Site Administrators, enter the user names for the users granted full administration rights to the site. These users

must be members of the customer's organizational unit in Active Directory.

11. In Site Template, select the SharePoint site template with which to create the site.

Note: If no template is selected, no template is configured when the site is provisioned. The Site Administrator must

access the SharePoint site directly to configure the site template and security groups manually before users can access

the site.

12. In Site Name, enter the host header for the site.


1. In Maximum Users, select the Enabled check box and enter the total number of users the customer can provision to

the site.



14. Click Provision to provision the site to the customer.


Configuring SharePoint Instances and Provisioning toCustomers

Jun 05, 2015

To provision SharePoint Services (version 3.0) to a customer, you f irst create an instance. You can provision the followingtypes of sites:

A root site

A child site of the root site

The type of instance is determined by the SharePoint customer plan you select. You can provision multiple instances to a

customer. For a SQL-authenticated SharePoint site, a Site Administrator is created. This user has permissions to add users

to the site who are not authentication through Active Directory and do not have access to CloudPortal Services Manager.


2. In Customer Search, f ind the customer for whom you want to provision SharePoint Services.

3. In the services list, select SharePoint Services create an instance. The Instance Setup page appears.

4. In Customer Plan, select the template you want to assign to the customer. To customize the template's configuration

settings, click Edit. When you are f inished, click Apply Changes to save your selections.

5. Depending on the customer plan selected in Step 4, configure the following options:

In Site Language, select the language for the site.

In Site Name, enter a host header for the site. This comprises the URL for accessing the site.

In Quota Template, to override the default values in the SharePoint quota template, select the Override the default

package value check box and select a different template.

In Site Owner, enter the name, email address, and credentials for the user account granted Full Control rights to the

site. This user can add users to the site who do not have access to CloudPortal Services Manager. These f ields apply

to SQL-authenticated sites only.


1. In Maximum Users, select the Enabled check box and enter the total amount of users the customer can add to the

site.


To override the default settings for the site, click Service Settings and make the appropriate changes. When you are

finished, click Apply Changes.

7. Click Provision to enable the customer to provide access to the SharePoint site.


SharePoint 3.0 Provisioning Changes in ActiveDirectory

Jun 05, 2015


When a customer is provisioned with a SharePoint instance, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> WSS is created and all Full Service Administrators are

added as members. This group is created when the f irst instance is provisioned.

The global security groups WSS_<InstanceName> <CustomerShortName> USERS and WSS_<InstanceName>

<CustomerShortName> ADMINS are created. No members are added to these groups until users are added to the

SharePoint instance. If the USERS user plan is selected when a user is provisioned with the instance, the user becomes a

member of this group.

The global security group WSS_<InstanceName> <CustomerShortName> NONE is created. No members are added to

this group until users are deprovisioned from the SharePoint instance.

On the front-end Web server, a new host header (InstanceName) is added to the selected Web application.


When a user is provisioned with a SharePoint instance, the user becomes a member of one of the following global securitygroups:

WSS_<InstanceName> <CustomerShortName> ADMINS

WSS_<InstanceName> <CustomerShortName> USERS


Lync 2010 for Hosting Services

Jun 05, 2015

Before provisioning customers and users, ensure your Lync 2010 deployment includes the following items:The Active Directory computer accounts for the Lync Front-End and Director servers have been added to the

CortexAdmins group. After performing this task, reboot the servers to ensure the membership changes take effect.

The domain for the customer you are provisioning is included on the certif icates that exist on the Lync Front-End and

Director servers.

A forward lookup zone has been created for the domain to which you are provisioning the customer.

The following DNS records exist on the domain controller for the customer you are provisioning:

SRV records, _sipinternal and _sipinternaltls

Host (A) record for SIP, specifying the Lync Director server's IP address

When provisioning multiple users or moving or copying users provisioned with the Lync 2010 for Hosting service, consider thefollowing:

When a user is moved to another customer, the service does not transfer with the user. Before moving the user, you

must deprovision the service.

When provisioning multiple users simultaneously or copying a user, and you select a user plan configured with the

Enterprise Voice, PC-to-PC communication, or Audio/Video Disabled option, the service's Line URI f ield remains blank.

After provisioning, you will need to supply this information for each provisioned user. However, if you select a user plan

configured with the Remote Call Control option, the provision operation might fail because the service's Line URI value is

incorrect. If this happens, you will need to re-provision the service to the user with the correct Line URI value.

To provision Lync 2010 for Hosting services to resellers




4. Select the Lync 2010 for Hosting service check box and then click the Lync 2010 for Hosting service name. The Reseller

Service Setup page appears.

5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.

6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.


8. Click Provision to enable the reseller to offer Hosted Lync services to its customers.

To provision Lync 2010 for Hosting services to customers



3. Click the Lync 2010 for Hosting service name. The Service Plan Configuration page appears.

4. In Customer Plan, select the appropriate plan, if applicable.

5. Under Internal SIP Domains, select the appropriate domain.

6. Click Provision to enable the customer to provision the service to users.

To provision Lync 2010 for Hosting services to users


2. Under Customer Functions, click Users.


3. On the Users page, select the user you want to provision and then click Services.

4. Expand Lync 2010 for Hosting and select the user plan you want to enable for the user.

5. In Line URI, enter the user's telephone extension using the "tel: 12345" format, if applicable.

6. Click Provision to allow the user to access the Lync service.


Microsoft SQL Services

Jun 05, 2015

Citrix CloudPortal Services Manager supports hosting Microsoft SQL Server 2005 and 2008. Multiple SQL databases can beprovisioned to a customer and the customer can then assign users to the databases.The customer's databases can be provisioned to different SQL servers or instances, depending on the resource

configuration. Additionally, the SQL servers and instances that form resellers' SQL service offerings can be configured.

To provision the SQL service to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the

Microsoft SQL Server Hosting service.



4. Select the Microsoft SQL Server Hosting check box and then select the Microsoft SQL Server Hosting service name. The


5. Under Servers and Resources, expand the server collection tree and select the database servers and instances that the

Reseller can offer its customers.

Note: When you expand the database server node, the available instances appear. If an instance has been provisioned

already to a customer, the instance cannot be selected for provisioning.

6. In the Customer Plan table, select the check box for each customer plan the reseller can offer its customers.

7. Under Resource Configuration, configure the following resource limits for the reseller:

In Instance Limit, enter the number of SQL databases the reseller can offer.

In Database Disk Limit (MB), enter the total amount of database storage allotted to the reseller.


9. Click Provision to enable the reseller to offer Microsoft SQL Server hosting services.

To provision the SQL service to customers

Before provisioning the Microsoft SQL Server Hosting service, database resources must be configured for the customer. If

you attempt to provision the service without configuring resources, the following error appears:

"No SQL server instances are available for the selected customer plan. Please select a different package or contact your

service provider for server access."


2. In Customer Search, f ind the customer for whom you want to provision the Microsoft SQL Server Hosting service.

3. In the services list, select Microsoft SQL Server Hosting configure resources and perform the following actions:

1. On the Service Setup page, under Servers and Resources, expand the server collection tree and select the check boxes

for the servers and instances that can be allocated to the customer.


4. In the services list, select Microsoft SQL Server Hosting create an instance The Microsoft SQL Server Hosting Service

Instance page appears.

5. In Instance Name, enter a name that does not contain spaces or special characters and then click Create. The Instance

Setup page appears.

6. Under Service Package Configuration, in Customer Plan, select the template to assign to the customer.

Note: The customer plan defines the initial size of the database, the database's maximum size, and the grow sizes of the

database and log f iles. The plan also specif ies the servers hosting the database.


7. Under SQL Server Hosting Configuration, in Database Server Instance, select the instance to assign to the customer. If

only one instance is enabled, this f ield appears dimmed.


1. Under User Plans, enable or disable the levels at which the customer can provision users.

2. Under Maximum Users, select the Enabled check box and enter the maximum number of users the customer can

provision.

3. Under Billing, ensure the Enabled check box is selected so the service generates charges to the customer.

9. Click Provision to enable the customer to provision users.


Windows Web Hosting Services

Jun 05, 2015

Citrix CloudPortal Services Manager enables customers provisioned with Windows Web Hosting services to manage Websites and applications. When you provision customers with Windows Web Hosting services, the following items can bemanaged:Security groups and users

Customers can assign users to security groups and apply Web site security permissions that affect all members of the

group.

Web site content and structure

Customers can use the virtual IIS Site Manager to perform common Web site administration tasks. Customers can manage

multiple Web sites through a single interface and live Web sites are updated in real-time as changes are made. Customers

can also recycle application pools to optimize performance.

Web applications

Customers can install and configure subdirectories and publish them as Web applications.


To import existing Web sites for a customer

Jun 05, 2015

The Web Site Import tool enables service providers to import and configure IIS 6 and IIS 7 Web sites for CloudPortal

Services Manager customers. After provisioning, the customer's Administrator can manage the site using the IIS Manager.

Before importing Web sites, the following prerequisites must be met:The user performing the import must have Service Provider Administrator privileges.

The Web server currently hosting the sites is configured with the Windows Web-Hosting server role (Configuration >

System Manager > Server Roles).

The Web server currently hosting the sites is included in an applicable server collection (Configuration > System Manager

> Server Collections).

A server connection has been set up for the Web server currently hosting the sites (Configuration > System Manager >

Server Connections).

The customer for whom the Web sites are imported has a CloudPortal Services Manager account. However, the

Windows Web-Hosting service does not need to be provisioned to the customer. When the f irst Web site is migrated,

CloudPortal Services Manager provisions the Windows Web-Hosting service and enables the server hosting the site.

1. From the Services Manager menu bar, click Services > Windows Web Hosting > Web Site Import.

2. Under Server Connection, perform the following actions:

1. In Location, select the location where the server resides.

2. In Web Service, select the server that is configured with the Windows Web-Hosting service. In Server, select the server

that is hosting the Web site you want to import.

3. Click Load. A list of all the Web sites that are present on the server appears.

4. From the site list, select the Web site you want to import. The Site Import Manager page appears.

5. In Customer Search, type the name of the customer for whom you want to import the site.

6. Click Load. The page refreshes and displays the customer's name and primary domain.

7. Under Service Setup, in Instance Name, type the name of the instance that does not contain spaces. This name appears

as an instance in the customer's services list.

8. In Customer Plan, select the package template to which the server is assigned.

9. Click Provision to import the Web site.


To add default documents to a Web site

Jun 05, 2015

In IIS, default documents are files that are automatically served when a user accesses the customer's Web site but does

not request a specific file. A default document might be the customer's home page or a file list (if directory browsing is

enabled).

When a customer is provisioned with an instance of Windows Web Hosting, the following default documents are createdin the Web site's root directory:

Index.htm

Index.html (IIS 7 only)

Index.cfm (IIS7 only)

Default.asp

Default.aspx (IIS 7 only)

Default.htm

iisstart.htm (IIS 7 only)

Note: Index.php is created only when the Web Hosting instance is configured with PHP Framework settings.The default documents that are created in the Web site root directory are automatically passed to any subdirectories that

are created.

Default documents can be modified at the root Web site level or at the subdirectory level. If a document is added at the

root level, it is applied to all subdirectories.

1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager

displays the customer's available Web sites.

2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder

structure appears in the Web Site pane.

3. In the Web Site pane, click the folder where you want to add the new default document.

4. On the Settings tab, under Default Documents, enter the new document name in the text box.

Note: The document names in this box appear in ranked order. If you want the new document to be the f irst one IIS

serves to users, place it at the top of the list.


Provisioning Windows Web Hosting Services toCustomers

Jun 05, 2015

To configure IIS servers and resources


2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.

3. In the services list, click Windows Web-Hosting configure resources.

4. Under Servers and Resources, in Resource View, select one of the following views to display available resources:

None displays no resources.

Customer displays the total resources currently provisioned to the customer.

Reseller displays the total resources for Web sites and customers that have been provisioned by the reseller.

All displays the total resources for Web sites that have been provisioned to the reseller's customers as well as to the

reseller itself .

5. In the resource tree, expand a server collection node. The tree displays the servers configured to host the Web Hosting

service.

6. Select the servers and resources to use when provisioning Web hosting instances for the customer.


To provision a Web hosting instance to a customer


2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.

3. In the services list, click Windows Web-Hosting create an instance.

4. In Instance Name, type the name of the Web hosting instance and click Create.


6. In Web Host Server, select the server to host the customer's Web site.

7. Under Site Bindings, click Add and enter the site binding details for the customer's Web site.

Note: For Web sites hosted on IIS 6, only HTTP and FTP binding types are available. For Web sites hosted in IIS 7, the

HTTPS binding type is available in addition to HTTP and FTP types.

8. Click Update to save your entry.

9. Under Resource Configuration, to customize the default service settings, clear the Auto select package resource limits

check box and make the appropriate changes.


1. In Maximum Users, select the Enabled check box and enter the total number of users that can be provisioned.


11. Click Provision to create the customer's Web site.


To provision Windows Web Hosting services toresellers

Jun 05, 2015




4. Select the Windows Web-Hosting service check box and then click the Windows Web-Hosting service name. The


5. Enable the Web servers and resources the reseller can offer to customers.

6. From the Customer Plans table, select the plans the reseller can offer to customers.

7. Under Resource Configuration, to customize the resource limits for the Web site storage, clear the Auto select package

resource limits check box and make the appropriate changes.


9. Click Provision to enable the reseller to offer Web hosting services to customers.


To add or remove subdomains

Jun 05, 2015

Customers can add or remove subdomains, or host headers, that are bound to their Web site. This allows the customer toconfigure multiple Web sites using a single Windows Web Hosting instance.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.

2. From the Site drop-down box, select the Web site for which you want to create the subdomain. The site's folder


3. On the Domains tab, under Add Site Bindings, enter the new subdomain name and then click Add. The subdomain is

added to the list of identities for the root Web site.

4. To delete a subdomain, under Remove Site Bindings, select the subdomain from the drop-down box and then click

Remove.


To install Web applications

Jun 05, 2015

If a customer's Web site involves serving dynamically-generated content, the subdirectories containing that content can bepublished as Web applications.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.

2. In the Web Site pane, select the folder you want to publish as a Web application.

3. On the Settings tab, under Install Application, click Install. The IIS Site Manager page refreshes and the selected folder is

displayed as a Web application.


Managing Web Site Directories

Jun 05, 2015

To create subdirectories

Customers can create and manage subdirectories under their root Web site directory folder.





3. In the Web Site pane, click the folder under which you want to create the subdirectory.

4. On the Folders tab, in New Directory, enter the name of the subdirectory you want to create.

5. Click Create. The new subdirectory appears beneath the site root directory in the Web Site pane.

To rename or remove subdirectories





3. In the Web Site pane, click the folder you want to rename or remove.

4. On the Folders tab, in Current Directory, perform one of the following actions:

To rename the subdirectory, enter a new name and click Rename.

To remove the subdirectory, click Delete.

To configure directory browsing for subdirectories

Customers can enable directory browsing for certain subdirectories in their Web sites. This allows the subdirectory to display

a list of the files it contains when users access it with a Web browser. Customers can enable directory browsing at the site

root level or at the subdirectory level. If configured at the site root level, directory browsing applies to all subdirectories in

the Web site.

1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.

2. In the Web Site pane, select the Web application you want to configure.

3. On the Settings tab, under Application Settings, select the Directory Browsing check box.

4. Click Update to save your selection.


Manage

Jun 05, 2015

Managing the CloudPortal Services Manager comprises administering customers, users, roles, and services .

For details, see:Creating and Managing Customers

Creating and Managing Users

Managing Security Roles

Configuring and Managing Services


Manage Roles

Jun 05, 2015

A security role is a set of permissions that defines customer, administrator, and user access to specific tasks in the services

manager. For example, the first or default user created for a customer is a customer administrator. The customer

administrator is automatically assigned the Customer Administrator security role (and can also be assigned other security

roles). The customer administrator can then assign one or more security roles to users in the customer hierarchy. A security

role can also consist of multiple security roles; for example, the My Account and Services Management role consists of the

My Account Management and My Services Management roles.

The services manager is installed with a default set of security roles. A service provider can manage security roles associatedwith:

Customer, user, and service tasks

User services

Reports and reporting

Dialogs, menus, or pages in the services manager

This topic lists the default security roles available and describes how to:Create a new role

Copy an existing role to use as a template to create a new custom role

Export and import a role , enabling you to design, test, and configure a customized role before implementing it in a

production environment


Role Permissions: Customers, Services, User Services,Users

Jun 05, 2015

The Role Permissions area of the Role Management dialog box enables you to set the access permissions for the role. This

topic describes permissions for Customers, Services, User Services, and Users. See also Role Permissions: Menus, Pages,

Reports .

Available from the Services and User Services tabs only, the Filter drop-down list enables you to permit access to a specific

selected service or all services for a security role. The drop-down list shows all available services. The Read and Update

settings in the Services tab enable you to apply more detailed security permissions to the selected service.

You set permissions for each function by clicking the radio button next to the function:None

No access to the function.

Customer

The function is permitted for the specif ic customer. For example, the User Services permissions of Read, Update, and

Provision for the My Services Management security role are set as Customer. This setting indicates that the administrator

user with the My Services Management role can perform that function on its customer only.

Sub Customer

The function is permitted for the subcustomer of the customer. For example, if the User Services permissions of Read,

Update, and Provision for a security role are set as Sub Customer, the administrator user with this role can perform that

function on the customer's subcustomer (but not on the customer).

Customer and Sub Customer

The function is permitted for the customer and its specif ic subcustomer(s). For example, if the User Services permissions of

Read, Update, and Provision for a security role are set as Customer and Sub Customer, the administrator user with this role

can perform that function on the customer and its subcustomer(s).

If you have finished modifying the security role, click Save.

Available Function Customers Services User Services Users

Filter X X

Create X X

Read X X X X

Update X X X X

Delete X X

Enable/Disable X X


Provision X X X X

Deprovision X X X X

Reset X X X X

Reports X X X

Email Content X

API Access X

System Content X

Full Logging X

Change Domain Ownership X

Manage Brands X

Manage System Brands X

Copy X

Impersonate X

Account Management X

Credential Management X

Password Management X

Manage Security Questions X

Email Management X

Role Management X



Administrator Management X

Service Provider X X X



Default Security Roles

Jun 05, 2015

Updated: 2014-01-06The services manager includes a default set of security roles. The default roles cannot be deleted or modified but can be

copied and used as a template for a new role. A role can consist of one or more roles. In the case of a role consisting of

multiple roles, the role inherits the permission levels of the component roles.

Security Roles Installed by Default

Role Description ComponentRoles

AD SyncAdministrator

All ServicesSchemaAdministrator

Manage the schema and configuration for all services Service SchemaAdministrator

AuthenticatedUsers

Permission to perform generic user functions and view related dialogs. Access anyservice-related user dialog when the user is provisioned with that specif ic service.Mandatory role assigned to all authenticated users.

Exchange User

Office

Communication

Server (OCS)

User

SharePoint

User

SQL Users

BlackBerryServiceAdministrator

Administer the BlackBerry mobile device service.

Citrix ServiceAdministrator

Create customized Citrix Application Groups for the administrator's customer.

ContentManagementServiceAdministrator

Update or modify the services manager interface.

CRM 4 ServiceAdministrator

Manage the service, including all pages.

CRM 4 User Allowed access to the service as a user.


CRM 2011Administrator


CRM 2011User

Allowed access to the service as a user.

CRM ServiceAdministrator


CustomerAdministrator

The f irst user created by default after creating a customer inherits this role. Thecustomer administrator can create, provision, and edit users, then provision users toservices. This role can also manage services provisioned to the customer. This roleincludes all permissions of the user and service administrator.

UserAdministratorService

Administrator

DNS ServiceAdministrator

Allowed access to the Domain Name Service (DNS) Records and DNS Templatesdialogs. Can manage DNS zones and create DNS entries.

Everyone Permission for authenticated and non-authenticated users to view generic pages inthe services manager.

ExchangeMulti-tenantedServiceAdministrator

Create and manage Microsoft Exchange 2010 SP1 Hosting service DistributionGroups, Contacts, and Public Folders.

ExchangeMulti-tenantedUsers

Access to Exchange Summary dialog and can download Outlook Account settings.

ExchangeServiceAdministrator

Create and manage Microsoft Exchange Distribution Groups, Contacts, and PublicFolders.

ExchangeUsers

Access to Exchange Summary dialog and can download Outlook Account settings.

File SharingServiceAdministrator

Create folders and add specif ic user permissions to folders. Create user securitygroups.

My Accountand ServicesManagement

Combines My Account Management and My Services Management roles. Enablesend users to manage their own accounts, edit services provisioned to them, andselect new available services.

My AccountManagementMy Services

Management

My Account Enables the end user to change the user information details, account password,



Management and manage email addresses associated with the user account.

My ServicesManagement

Enables the end user to select, edit, and re-provision the services provisioned to theend user account.

MySQLAdministrator


OCS ServiceAdministrator


OCS User Allowed access to the service as a user.

Partial UserAdministrator

Reset passwords for a customer's user. Cannot create or delete users.

ReportingUsers

Access to the front-end reporting system.

Reseller FullAdministrator

Create, provision, and edit its own customers, then provision services to itscustomers. Create, provision, and edit users, then provision users to services.

Reseller PartialAdministrator

Manage reseller customer services and users.

ServiceAdministrator

Manage administration tasks for services. Access any editable service-relatedadministration dialog when the customer is provisioned with that specif ic service.

BlackBerry

Service

Administrator

Citrix Service

Administrator

Content

Management

Service

Administrator

CRM Service

Administrator

CRM 4.0

Service

Administrator

CRM 2011

Service

Administrator

DNS Service

Administrator



Exchange

Service

Administrator

File Sharing

Service

Administrator

OCS Service

Administrator

SharePoint

Portal Service

Administrator

SQL 2000

Service

Administrator

SQL 2005

Service

Administrator

User Sync

Administrator

Virtual Machine

Administrator

Windows Web-

Hosting Service

Administrator

ServiceProviderAdministrator

Allowed full services manager access, all security role permissions, and service accesslevels.

Citrix Service

Administrator

Content

Management

Service

Administrator

DNS Service

Administrator

Exchange

Service

Administrator

File Sharing

Service



Administrator

SharePoint

Portal Service

Administrator

Windows Web-

Hosting Service

Administrator

Reseller Full

Administrator

Store Manager

ServiceSchemaAdministrator

Allowed access to common service schema page and menu permissions.

SQL ServiceAdministrator


SQL User Allowed access to the summary details dialog.

StoreManager

Manage the web store dialogs, products, and bundles.

Store User Allowed online access to the web store and able to purchase services.

Template Userand ServiceAdministrator

Create user templates and configure services to them. This administrator cancreate a new user by using a default template.

UserAdministrator

Create, provision, and edit users for a customer.

User SyncAdministrator

Download and configure the AD Sync Tool to a domain controller.

User andServiceAdministrator

Enable the user to create and administer users and provision services for acustomer.This role is identical to the customer administrator. Assign this role to a user when

you require more than one customer administrator user in your organization or

hierarchy.

UserAdministratorService

Administrator

VirtualMachineAdministrator

Access the Virtual Machine Management pages.



Windows WebHostingServiceAdministrator

Create and configure web sites, add user permissions to web sites, and create usersecurity groups.



Copying or Creating a Security Role

Jun 05, 2015

The default roles in services manager cannot be deleted or modified but can be copied and used as a template for a new

role. You can also create a completely new role through the New Role dialog.

A security role consists of Role Setup and Role Permissions information and settings.

See:Role Setup

Role Permissions: Customers, Services, User Services, Users

Role Permissions: Menus, Pages, Reports

Copying a Security Role

When you copy an existing security role:The Role Setup area is blank.

The Role Permissions area contains the access settings of the copied security role.

1. Select Configuration > Security > Security Roles to display the list of security roles.

2. Click a role from the list to expand the role properties.

3. Click Copy at the bottom of the Role Management dialog.

A new Role Management dialog is displayed.

4. Complete the f ields and selections in the Role Setup area and modify the Role Permissions area as required, then click

Save.

Creating a Security Role

When you create a new security role:The Role Setup area is blank.

The Role Permissions access settings are set to a default value of None and all Menus, Pages, and Reports selections are

cleared.

1. Select Configuration > Security > Security Roles.

2. Click New Role.

A new Role Management dialog is displayed.

3. Complete the f ields and selections in the Role Setup area and modify the Role Permissions area as required, then click

Save.


Role Setup

Jun 05, 2015

The Role Setup area of the Role Management dialog enables you to specify the service to which the role is applied, any

associated role groups (such as Exchange Users), administrator type, and other settings and information.

Name

Provide a descriptive name for the security role, using alphanumeric characters, including spaces.

Directory Name

Specify the name of an Active Directory security group to associate with the security role. Leave this value blank if you do

not want to create a group. Specify the name in the form of a pattern. For example, specify "HE [CustomerShortName}

USERS" for Hosted Exchange Users of a particular customer.

Description

Optionally describe the new security role.

Filter on Service

Select an existing service from the drop-down list. If a service f ilter is selected and the customer has been provisioned with

that service, the security role is available in the user or customer Account Settings dialog. Selecting this option enables the

Service Filter Scope setting.

Service Filter Scope

This setting is enabled if you selected a service from the Filter on Service drop-down list.

Select Customer to make the security role available if the customer is provisioned with the service. For example, an

administrator can view service administration dialogs when the service is provisioned to a customer.

Select User to activate the role to users provisioned with the associated service.

Mandatory

Select Enabled to automatically assign the security role to all users. The security role is not displayed on the user

Account Settings dialog.

Clear Enabled to make the security role selectable on the user Account Settings dialog.

Hidden

Select Enabled to hide the security role; that is, the security role is not visible to users other than the service

administrator. Use this option until the security role is ready to be applied to users or customers.

Clear Enabled to make the security role visible in the services manager.

Role Groups

Attach existing security roles to the new or edited security role. When assigned, the user or customer inherits the

permissions of the new or edited security role and the selected security roles.

Administration Role

Select Enabled to include this security role as common role to all users. The security role is displayed on the user Account

Settings dialog.

Select Clear to make this security role available to users through the Configure a custom role collection option displayed

on the user Account Settings dialog.

User role type

Select one of the following user role types. A related icon will appear next to the user when the security role is assigned:


None

Service Administrator

User Administrator

User and Service Administrator

Available to all customers

Select Enabled to make the security role available to all customers. The role can be assigned to any user unless explicitly

denied to a customer when creating or editing the customer properties.

Clear Enabled to enable you to explicitly assign the role to a customer or reseller customer (which can then be assigned

to a user) from the Allowed Roles list available from the customer's Advanced Properties.


Role Permissions: Menus, Pages, Reports

Jun 05, 2015

Note: This topic describes how to permit access to menus, pages, and reports for an individual security role as part of therole's definition. The topic PAGE MGT conf ig>security>page manager describes how to permit access to menus andpages for one or more security roles.The Role Permissions area of the Role Management dialog enables you to set the access permissions for the role. This

topic describes access permissions for Menus, Pages, and Reports. See also Role Permissions: Customers, Services, User

Services, Users .

You permit access to menus, pages, and reports by selecting the relevant item. Access to items not selected or cleared are

denied for the security role.

Managing Menus

Clicking the Menus tab enables you to view the top-level menus and other level submenus for the services manager.Submenus might have additional menus in their hierarchy and are not listed here.

Select a menu or submenu checkbox to permit access to the functions available from the menu.

Clear a menu or submenu checkbox to deny access to the functions available from the menu.

If you have f inished modifying the security role, click Save.

Top-level Menu Second-level Submenu

Customer CustomersNew Customers

Customer Services

Customer Hierarchy

Configuration

Users New UserUsers

Bulk User Import

Configuration

Services Any installed or provisioned services are listed here

Configuration Content ManagementProvisioning & Debug Tools

Security

System Manage

Shop


Reports License ReporterConfiguration

View Reports

My Account Personal DetailsSummary for any provisioned service, if configured

Password Change PasswordSecurity Questions

Logout None

Top-level Menu Second-level Submenu

Managing Pages

Clicking the Pages tab enables you to control the page view for the users associated with the security role.

Managing Reports

Clicking the Reports tab enables you to control the page view for the users associated with the security role.


Exporting and Importing a Security Role

Jun 05, 2015

The services manager enables you to import and export roles between services manager environments. For example, you

can design and test security roles in a test or staging environment, then import the roles into one or more of your

production environments through an XML formatted file.

Before you begin

Before you import or export a role, consider the following:You cannot import a security role that already exists in the services manager.

Make any changes to security roles through the services manager, not by editing the XML f ile created by exporting a

security role. Importing an edited security role XML f ile guarantees that the import operation will fail.

To export a security role

1. Click Configuration > Security > Security Roles.

2. Expand the security role to export and click Export.

3. In the File Download dialog, save the XML f ile.

To import a security role

1. Click Configuration > Security > Security Roles.

2. In the Role Import area, click Browse to navigate to the exported security role XML f ile.

3. Click Import Role.

The security role is imported, as indicated by the message Role import completed. If any errors occur, try exporting the role,

then import it again.


Exporting and Importing Services

Jun 05, 2015

Export and import customer services to transfer them between different CloudPortal Services Manager environments. For

example, service developers can create custom services and provide them to customers to import into their environments.

Customers can customize service settings and user plans in a test environment and then migrate the settings to a

production environment by exporting and importing services.

Service export and import is available for the services provided with CloudPortal Services Manager as well as for customized

services. A customized service is created through the CloudPortal Services Manager from Configuration > System Manager

> Service Schema.

To transfer a service between environments, export a service to a file and then import that file into a different CloudPortal

environment, as described in this topic. The import deploys and enables the service at the Top Environment Services level.

The export package file includes service properties, customer and user plans, roles and permissions, validation controls, web

server controls and assemblies, and provisioning engine assemblies, actions, and rules. A custom service created from the

Service Schema page includes only the database records for the service settings and plan properties. Before exporting a

custom service, add to it any provisioning engine or web server assembly (.dll) files that contain the code needed to run

actions on the provisioning server or to display custom user controls when provisioning the service on the web page. On the

Service Deployment page and at the Top Environment Services level, create default plans for the base service offering and

update default service properties such as patterns for file locations.

Prerequisites

Verify that the source and destination environments for the service have the same version of CloudPortal Services

Manager installed.

Verify that a user is configured with the two schema administrator roles (All Services Schema Administrator and Service

Schema Administrator), required to create a custom service or import or export a service.

Create the service (Configuration > System Manager > Service Deployment) or configure the property, customer plan,

and/or user plans to be transferred.

Test and validate the service to be exported. A service that contains errors will not appear in the CloudPortal Services

Manager interface.

To export a service

1. Log on to CloudPortal Services Manager.

2. From the main menu, choose Configuration > System Manager > Service Schema.

3. Expand the service to be exported.

4. Click Export to view the Export service to f ile area.

5. (Optional best practice) Specify the Creator, URL, and Version for the service. The URL should be the full path to the

developer’s site.

6. In the Preview area, review the items to be included in the export f ile and update as needed.

7. To add an assembly f ile (.dll) to the export package for a custom service:

1. In the Add f ile area, click Browse, navigate to the .dll f ile, and click Open.

2. Choose the folder for the dll f ile and then click Add.

8. Click Export.

9. Save the exported f ile.


To import a service

1. Log on to CloudPortal Services Manager. This operation requires these user roles: All Services Schema Administrator and

Service Schema Administrator.

2. From the main menu, choose Configuration > System Manager > Service Schema.

3. Under Service Management, click Import a service.

4. Click Browse to navigate to and select the service and then click Open.

5. To review the items included in the package f ile, click Preview and update the selections as needed. Components that

already exist on the system are highlighted.

6. Click Import. An “Import Complete” message displays, followed by a list of the actions performed during the import.

When web components are imported, the CloudPortal Services Manager restarts and automatically logs out all users

from Services Manager.

7. Restart all provisioning servers across all locations. The provisioning servers are updated with any new rules and f iles.

8. Use the Services Manager interface to update customer and user plans and service settings as needed.


Configuring and Managing Services

Jun 05, 2015

Updated: 2012-11-06CloudPortal Services Manager supports a variety of services that service providers can provision to resellers and customers.Service configuration typically involves the following tasks:

Enable the service

Add credentials for accessing the servers and management tools

Add the servers associated with the service

Assign service roles to the servers

Add service connections to integrate the servers into the CloudPortal Services Manager

Assign servers to a collection (does not apply to many services)

Configure the service settings

The configuration steps differ for each service and are described in detail in the topics dedicated to each service.

About Service Configuration

Service property settings:

All services are enabled at both the Top Environment Services level and the Active Directory Location Services level.

The service settings at the Top Environment Services level are inherited by all locations configured in the Services

Manager. Typically the top level service setting defaults are suff icient and do not require modif ication.

For some services, a customer plan and/or user plan must be configured before the service is enabled at the Active

Directory Location Services level.

To reset a service setting to the default value, clear the check box for the property and apply the change. The next

time the service settings are opened, the default value for the property appears.

Control access to a property setting by expanding it and setting the Hierarchy Permission.

Credentials: You cannot remove a credential after it is assigned to a Web Service connection.

Servers: In most cases, server information is retrieved without any action from the service provider. A server that is

outside of the hosting domain must be manually added to the servers list (Configuration > System Manager > Servers).

Note: When servers that are not joined to the hosting domain are added to the servers list, the server appears in the list

with a yellow indicator to denote the Directory web service cannot retrieve the server. The server can still be used for

managing server roles and creating new server connections. When the server is joined to the hosting domain, this

indicator changes to green. When adding a server that is not joined to the hosting domain to the server list, ensure the

Alias f ield, under Server Setup, points to the server's IP address, FQDN, or DNS alias, as appropriate.

Server Connections: Server connections configure Services Manager with a web service that is installed on the server. If

multiple web services are configured for a Web Service component, Services Manager assigns a primary and secondary

web service for failover.

Server Collections: Server collections group multiple servers for some services, including Citrix Services, Microsoft SQL

Services, MySQL Services, and Windows Web Hosting Services. If a server collection and its servers should be available to

all resellers, enable Automatic reseller selection. If a server collection should be enabled by default to all customers,

enable Automatic customer selection.

Services and Customer Provisioning

Enable customer and user plans on the root Service Provider customer's reseller service after enabling them at the Top

Environment Services level and the Active Directory Location Services level. After that, the customer and user plans can


be provisioned to a customer.

Re-provision customers after changing customer plans.

A service that is provisioned to customers cannot be disabled at the Top Environment Services level until it has been de-

provisioned from all customers/resellers and deleted from the Active Directory Location Services level.

Applying Cost Values to Service Properties

Service providers can apply a cost value to service properties at various levels (service level, customer plan, and user plan)

depending on the type of service. The values are used in monthly billing reports. Pricing values are inherited from the Top

Environment Services level and overridden at the reseller and customer levels.

The Prices properties typically appear at the end of the service, customer plan, and user plan settings. The properties include

a cost price and sales price. Cost price is the minimum price for a user plan. Sales price is the recommended purchase price,

with a recommended value that is equal or greater than the cost price. The Prices properties for Exchange Services also

include a price per mailbox value that is the unit price for mailbox usage that exceeds the agreed limit for public folders.


Virtual Machine Services

Jun 05, 2015

Updated: 2014-01-06CloudPortal Services Manager Virtual Machine Services deliver virtual datacenters from the cloud. Virtual Machine Servicesintegrate with Microsoft System Center Virtual Machine Manager (SCVMM) for VM management and support MicrosoftHyper-V Server.

Prerequisites

Install CloudPortal Services Manager Virtual Machine Web Services.

Create a self-service user role in SCVMM, with the following settings:

User role name: SelfService

User role profile: Self-Service User

Role member: CortexWSUser

Select the VM host groups that Services Manager will manage

Grant permissions: All actions

Allow users to create new VMs

Do not allow users to store VMs in a library

To configure Virtual Machine Services

1. Enable the service (top level): From the main menu, choose Configuration > System Manager > Service Deployment,

expand Virtual Machine, and click Save.

2. Expand Virtual Machine, click Customer Plans, create a customer plan if one is not already created, and then verify and

save the settings. Customer plan settings include per-customer machine limits and whether dynamic disks are used.

Typically, dynamic disks are disabled to avoid over-subscription of disk storage. However, some Service Providers enable

dynamic disks to increase provisioning speed.

3. Enable and configure the service (location level): Under Service Filter, select Active Directory Location Services, choose a

Location Filter if applicable, expand Virtual Machine, and click Service Settings. Verify the settings, making sure that the

following settings are configured, and then save the service:

RDP Console URL

Defaults to VMConnection.aspx.

Self Service Role

Set to SelfService, the name of the self-service user group configured in SCVMM.

Virtual Machine Path

If the customer will use clustered Hyper-V hosts, change the path from

{PreferredDrive}Images{CustomerShortName} to {PreferredDrive}{CustomerShortName}. That change helps

prevent folder creation errors in the cluster shared volume.

4. Add the credentials for the service account: From the main menu, choose Configuration > System Manager > Credentials

and create the account, using the fully-qualif ied domain name.

5. Enable the server:


1. From the main menu, choose Configuration > System Manager > Servers.

2. If the SCVMM server is not listed, click Refresh Server List.

3. Expand the entry for the server and verify that Server Enabled is selected.

6. Assign server roles:

1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the

SCVMM server.

2. Under Server Connection Components, select Virtual Machine. Virtual Machine refers to the VirtualMachineWS.

3. Under Server Roles, select Virtual Machine Manager and then click Save. Virtual Machine Manager indicates that

SCVMM is installed on the server.

7. Add a server connection:

1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then

select or type the following information for the SCVMM server.

Server Role

Choose Virtual Machine.

Server

Choose the server where the VM web service is running.

Credentials

Choose the credentials for the service.

URL Base

Defaults to /VirtualMachine/VirtualMachine.asmx.

Protocol

Defaults to http.

Port

Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.

Timeout

Citrix recommends that you change the setting from 200000 to 2000000 milliseconds. This increases the timeout

to about 35 minutes, needed for disk creation operations.

2. Click Save.

3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test

column for the SharePoint server. The icon turns green for a successful connection. A red icon indicates an

unsuccessful connection. Mouse over it for information about the failed connection.

To synchronize resources

This procedure verifies the server role and connection configuration and retrieves information from the SCVMM server.


1. From the main menu, choose Services > Virtual Machine > Configuration > Virtual Resource Manager.

2. Under Environment, choose the Location and SCVMM server. Incorrect entries in those lists indicate incorrect

configuration of server roles or server connections.

3. Click Refresh. The message "The Resources were updated successfully" appears. If it does not, verify the configuration.

4. Expand the resource folders and verify their contents:

1. Provide user-friendly labels and group names. For example, you might rename "Server03x64WE-DE” to “64-bit

Windows Server 2003 – German".

2. Review assignments.

3. Assign sets of items to groups, such as "SQL Server DVDs", to speed selection of resources during provisioning.

5. (Optional) Import existing Hyper-V VMs into CloudPortal tenants: Before moving a VM to a tenant, verify that it resides

on a host assigned to that tenant, along with the relevant VLANs.

1. Expand Virtual Machines and locate a VM not yet managed by CloudPortal (their names appear dimmed).

2. Select the VM and use the right pane to search for a tenant.

3. Click Provision to put the VM under CloudPortal management.

To configure virtual networks

You can create the following types of VLANs using CloudPortal Services Manager:Dedicated – Can be assigned to one tenant only (most commonly used).

Shared – Can be assigned to one or more tenants.

Reserved – Not usable for tenants. For instance, you might add an out-of-band management VLAN to ensure a tenant

is not accidently placed into the same network.

Mandatory – Available to all tenants.

You can assign multiple subnets to a VLAN and use CloudPortal Services Manager to define a default gateway, DNS servers,

and range for the subnet.

To configure virtual networks, choose Services > Virtual Machine > Configuration > Virtual Network Manager.


CRM 4 Services

Jun 05, 2015

The Services Manager CRM service enables you to deliver Microsoft Dynamics CRM 4.0. This service supports Internet-

Facing Deployments (IFDs), which makes CRM 4.0 organizations available from the Internet. To configure IFD support, use

the procedure "To configure support for Internet-facing deployments" included in this topic.

PrerequisitesA CRM administrator account (used for CRM administration only):

Add to the PrivUserGroup in Active Directory Users and Computers.

If there is a GUID after the group name, choose the correct group for the CRM instance.

Add to the local Administrator group in Computer Management for the SQL server(s).

Add to the local Administrator group in Computer Management for the CRM server(s) to be managed through Services

Manager.

Grant full control permissions to the CRM security groups and that OU that contains those groups.

Add the CRM service account to the CortexAdmins group.

Add as a Deployment Administrator in CRM Deployment Manager.

Add as a System Administrator in the CRM 4.0 default organization under User Settings.

Grant Content Manager permissions in SQL Server Reporting Services used by CRM.

Configure the Service Principal Name (SPN) of the CRM administrator account with the name of the CRM server.

On a domain controller, run the following command:

setspn -A http/CRM_SERVER_FQDN "LAB1CRMAdmin"

where CRM_SERVER_FQDN is the fully-qualified domain name of the CRM server and CRMAdmin is the CRM

Administrator account.

Change the CRM Application Pool identity to use the CRM administrator account. For IIS 7:

1. Open IIS Manager on the CRM server.

2. Navigate to CRMAppPool, select it, and in the Actions pane click Advanced Settings.

3. In the Process Model section, select Identity, click Browse, click Custom account, and then click Set.

4. Enter the credentials for the CRM administrator account.

In crmlocationMSCRMServicesweb.config, set the impersonate value to true: <identity impersonate="true"/>

Configure Windows Authentication on the CRM site:

This requirement does not apply to IIS 6 or IIS 7 if Forms Authentication is used.

Disable Ensure Anonymous authentication.

Enable Windows Authentication.

Disable user creation in CRM 4. Use the procedure "To disable user creation" included in this topic.

To disable user creation

Perform this procedure on each CRM 4 server to be managed by Services Manager.

1. Download and install the Microsoft Dynamics CRM 4 deployment configuration tool for your 32-bit or 64-bit operating

system. This tool is available to download from the Microsoft Download Center Web site.

2. Extract the deployment f iles to a directory of your choosing. For example, C:crmdeploy.

3. Copy the folder and contents of the Services Manager CRM 4 Web service and paste it to the default CRM 4 Web site


location. For example, C:Program FilesMicrosoft Dynamics CRMCRMWebMSCRMServices.

The CRM Web service folder contains the following f iles:

Web service f ile: crmdeploy.asmx

Config f ile: web.config

4. Edit the web.config f ile and configure the DeploymentPath setting to use the full path to the deployment tool

executable you extracted in Step 2. For example, C:crmdeploymicrosoft.crm.deploymentconfigtool.exe.

To configure the CRM 4 service

1. Enable the service (top level) and create a customer plan:

1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.

2. Under Service Filter, select Top Environment Services.

3. Expand Customer Relationship Management 4, click Customer Plans, and create a customer plan.

4. Click Apply Service, and then click Save.

2. Enable the service (location level):

1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter if applicable.

2. Expand Customer Relationship Management 4, and click Save.


1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.

2. If the CRM server is not listed, click Refresh Server List.



1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the

entry for the CRM server where both the Microsoft Dynamics CRM Web service and the Services Manager CRM Web

service are installed.

2. Under Server Connection Components, select CRM 4 and then click Save.

3. Under Server Roles, select CRM 4 Application Server and then click Save.

4. Expand the entry for the SQL server hosting the CRM instances.

5. Under Server Roles, select CRM 4 SQL Server, and then click Save.


1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New

Connection, and then select or type the following information for the web service.

Server Role

Choose CRM 4.

Server

Choose the server where CRM is installed.

Credentials

Choose the credentials for CRM. This should match the credentials of the CRM service account.

URL Base

Defaults to /MSCRMServices/2007/CRMService.asmx.


Protocol

Defaults to http.

Port

Specify the port used by the CRM web service.

Timeout

Set this value to -1 (unlimited).

2. Click Save.

3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the

icon in the Test column for the CRM server. The icon turns green for a successful connection. A red icon indicates an


6. Configure the customer plan at the Active Directory level:

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment, select Active

Directory Location Services, choose a Location Filter if applicable, expand Customer Relationship Management 4 , and

then click Customer Plans.

2. For CRM Servers and SQL Server, select the check box to enable the servers, click Reload, and then select the check

box for the applicable servers.

3. If you are not using the default SQL instance, select the check box for Report Server SRS URL and enter the URL.

4. Click Apply changes and then click Save.

To configure support for Internet-facing deployments

Before configuring IFD support in Services Manager, ensure the CRM 4 server is configured as an IFD. For additional details

and guidance, refer to the guide "Microsoft Dynamics 4.0 Internet Facing Deployment Scenarios," available for download

from the Microsoft Web site.

Use this procedure to enable the Services Manager CRM service to support IFDs.


2. Under Service Filter, select Top Environment Services.

3. Expand Customer Relationship Management 4, click Customer Plans, and then create a new customer plan or modify an

existing one.

4. Click Apply Service and then click Save.

5. Under Service Filter, select Active Directory Location Services, and choose a Location Filter if applicable.

6. Expand Customer Relationship Management 4 and expand the customer plan you created or modif ied at the top

environment level.

7. Configure the following settings:

Add Host Header: Select this option to add a host header to the "Microsoft Dynamics CRM" IIS site hosted on the

CRM 4 server.

Create Customer Organizations: Select this option.

IFD domain pattern: To specify a domain pattern, use the default prefix value {ServiceProperties}("UniqueOrgName).

For example, "{ServiceProperties}(UniqueOrgName).crm.domain.com, where crm.domain.com is the value configured

for the server's "IFD App Root Domain" using the IFD configuration tool.

Report server SRS URL: This is the same URL that is required when a new CRM 4 site is created manually using the


Deployment Manager.

SQL Server: Select a SQL Server to be used for hosting the CRM 4 organization database.

User login URL: Specify the URL to the organization Web site. This property can be used for email notif ications to

provisioned users, instructing them how to access the CRM 4 site. This property is not used during the provisioning

process.



Microsoft Lync 2010 for Hosting Services

Jun 05, 2015

Before configuring the Lync 2010 for Hosting service, ensure you have the following items:Your Lync 2010 topology is configured.

You have added the computer accounts for the Lync 2010 servers to the CortexAdmins security group.

The Lync 2010 for Hosting Web service is installed on the Lync Front-End server.

You have obtained the Lync 2010 for Hosting service package (/Services/LyncHosted/LyncHosted.package).

CloudPortal Services Manager Lync Services deliver unified communication services from the cloud. Installation of Lync

Services creates a Web site on the Lync Front-End server. Both the CloudPortal Web Server and CloudPortal Provisioning

Server issue commands on the Lync Front-End Server using a Web service.

When configuring the Lync 2010 for Hosting service, you create user and customer plans for resellers to offer their

customers. The user plans consist of Lync features (specified at the top level) and Lync user policies (added at the location

level). Lync user policies are initially defined for the location in which the Lync server resides. When you select policies for a

user plan, Services Manager displays the individual policies from the Lync server in the Configure User Plans dialog box.

To import the Lync 2010 for Hosting service package

The Lync 2010 for Hosting service needs additional properties, rules, and actions to support billing features. Import the Lync

2010 for Hosting service package to update the Lync service with those required items before configuring the Lync service.

To perform this task, ensure your security role includes the All Services Schema Administrator and Service Schema

Administrator roles.

1. From the Services Manager menu bar, select Configuration > System Manager > Service Schema.


3. Click Browse to navigate to and select LyncHosted.package, click Open, and click Import. An “Import Complete” message

displays, followed by a list of the actions performed during the import. The connection to CloudPortal Services Manager

might reset.


5. Log on to Services Manager.

To configure the Lync 2010 for Hosting service



2. Click Refresh Server List.

3. Expand the entry for the Lync server and, in Server Enabled, verify that the Enabled check box is selected.



entry for the Lync server.

2. Under Server Connection Components, select LyncHosted and then click Save.



Connection, and then select or type the following information for the Web service.

Server Role


Choose LyncHosted.

Server

Defaults to the Lync server.

Credentials

Choose the credentials for the Lync server.

URL Base

Defaults to /LyncHostedWS/Lync.asmx.

Protocol

Select http.

Port

Defaults to 8095. If you change the port here, change it also in the Services Manager Web service.

Timeout

Defaults to 200000 milliseconds.

2. Click Save.

4. Create user and customer plans at the top level:


2. Under Service Filter, ensure Top Environment Services is selected.

3. Under Services Overview, expand Lync 2010 for Hosting.

4. Click User Plans, enter a Name such as Default for the user plan, and then click Create.

5. In the Configure User Plans dialog box, in Telephony Options, select one of the following Lync features and click Apply

Changes:

PC-to-PC communication only

Remote call control

Enable Enterprise Voice

Audio/video disabled

6. Click Customer Plans, enter a Name such as Default for the customer plan and click Create.

7. Click Apply Changes and then click Save.

5. Enable user and customer plans and assign policies at the location level:


2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.

3. Expand Lync 2010 for Hosting.

4. Click User Plans, select Enabled for the user plan, and then expand the user plan.

5. Expand Lync User Policies and select the policies you want to enable for provisioned users. To specify a configured

policy from the Lync topology, click Reload and then select the appropriate policy. Click Apply Changes.

6. Click Customer Plans and select Enabled for the customer plan.


7. In Registrar Pool, type the pool to which provisioned users will be assigned.

8. Click Save.


MySQL Services

Jun 05, 2015

CloudPortal Services Manager MySQL Services host MySQL databases from the cloud.

Prerequisites

Install the MySQL ODBC connector (http://www.mysql.com/downloads/connector/odbc/5.1.html) on the server that will

be installed with the MySQL Web Service.

Install CloudPortal Services Manager MySQL Web Service.

To configure MySQL Services

1. Enable the service (top level) and create a default customer plan:

1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand MySQL.

2. Click Customer Plans, enter a Name such as Full, click Create, and then click Save.

2. Add MySQL credentials: From the main menu, choose Configuration > System Manager > Credentials, click Add, and

specify the credentials (using MySQL as the Domain), and then click Add. The MySQL user must have all rights that are

listed in the MySQL users table, including References_priv.

3. Enable and configure the service (location level):

1. From the main menu, choose Configuration > System Manager > Service Deployment, under Service Filter select Active

Directory Location Services, and choose a Location Filter if applicable.

2. Expand MySQL and then click Service Settings.

3. Select the MySQL Credentials check box, choose the credentials you created in Step 3, click Apply changes, and then

click Save.



server hosting MySQL.

2. Under Server Connection Components, select My SQL.

3. Under Server Roles, select MySQL Hosting and then click Save.

5. Create a server collection:

1. From the main menu, choose Configuration > System Manager > Server Collections.

2. If the Location Filter appears, select the relevant location from the list.

3. Click New Server Collection.

4. Enter a Name for the collection, such as MySQLWindows. The name cannot contain spaces.

5. From the Service list, choose MySQL.

6. In the Servers list, select each server hosting MySQL to be managed under this server collection and then click Save.

6. Create a server connection:


select or type the following information for the server hosting MySQL.

Server Role

Choose MySQL.

Server

Choose the server where the MySQL service is running.

http://www.mysql.com/downloads/connector/odbc/5.1.html


Credentials

Choose the credentials for the MySQL service.

URL Base

If needed, change the default value for the service.

Protocol

Defaults to http.

Port


Timeout


2. Click Save.





Microsoft Lync Enterprise Services

Jun 05, 2015

Updated: 2013-02-22CloudPortal Services Manager Lync Services deliver unif ied communication services from the cloud. Installation of LyncServices creates a web site on the Lync Front-End server. Both the Services Manager Web server and Provisioning serverissue commands on the Lync Front-End Server using a web service.

Prerequisites

Install CloudPortal Services Manager Lync Enterprise web service on the Lync Front End server.

Obtain the Lync Enterprise (/Services/LyncEnterprise/LyncEnterprise.package) service package from the CloudPortal

Services Manager 10.0 installation media.

To import the Lync Enterprise service package

The Lync Enterprise service provided with CloudPortal Services Manager needs additional properties, rules, and actions to

support billing features. Import the Lync Enterprise service package to update the Lync Enterprise service with those

required items before configuration.

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Schema.


3. Click Browse to navigate to and select LyncEnterprise.package, click Open, and then click Import. An “Import Complete”

message displays, followed by a list of the actions performed during the import. The connection to CloudPortal Services

Manager might reset.


5. Log on to Services Manager.

To configure the Lync Enterprise service

1. Enable the service (top level) and create user and customer plans:

1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand Lync

Enterprise.

2. Click User Plans, enter a Name such as Default for the user plan, and then click Create.

3. Click Customer Plans, enter a Name such as Default for the customer plan, click Create, and then click Save.


1. Under Service Filter, select Active Directory Location Services.

2. Choose a Location Filter, if applicable.

3. Expand Lync Enterprise and click Save.



2. Click Refresh Server List.

3. Expand the entry for the Lync server and verify that Server Enabled is selected.


1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the Lync

server.

2. Under Server Connection Components, select Lync and then click Save.




select or type the following information for the web service.

Server Role

Choose Lync.

Server

Defaults to the Lync server.

Credentials

Choose the credentials for the Lync server.

URL Base

For Lync Enterprise, this entry defaults to /LyncWS/Lync.asmx.

Protocol

Defaults to http.

Port


Timeout


2. Click Save.


BlackBerry 5 Services

Jun 05, 2015

CloudPortal Services Manager BlackBerry 5 Services host BlackBerry Enterprise Server (BES) 5 from the cloud, providing push-based access to Exchange, Office Communications Server, Customer Relationship Management, and other applicationsfrom BlackBerry devices.BlackBerry Services can be provisioned with Services Manager Hosted Exchange services and support Exchange 2010

Enterprise and Exchange 2007. Services Manager can manage multiple BESs.

Prerequisites

Provision customers and users with CloudPortal Services Manager Hosted Exchange Services.

To configure BlackBerry 5 Services


1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand BlackBerry 5.

2. Click Customer Plans, create a customer plan named Default, click Apply Service, and then click Save.

2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter

if applicable, expand BlackBerry 5, and click Save.


1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the BES

5.

2. Under Server Connection Components, select BlackBerry 5 API and then click Save.

4. Add credentials: From the main menu, choose Configuration > System Manager > Credentials and add the BES5 service

account. If the account is not an AD account (that is, it is an internal BES account), set Domain to CortexBESInternal.



select or type the following information for the connection.

Server Role

Choose BlackBerry 5 API.

Server

Choose the BES 5 server.

Credentials

Choose the credentials for the BES.

URL Bases

Defaults to /.

Protocol

Defaults to http.


Port

Defaults to 443. If you change the port here, change it also in the BES.

Timeout


2. Click Save.


column for the server with the BlackBerry 5 API installed. The icon turns green for a successful connection. A red icon

indicates an unsuccessful connection. Mouse over it for information about the failed connection.

6. Configure service settings:

1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand

BlackBerry 5.

2. Click Service Settings, update the settings as needed, click Apply changes and then click Save.

7. Configure the customer plan:

1. From the main menu, choose Configuration > System Manager > Service Deployment, select Active Directory Location

Services, choose a Location Filter if applicable, expand BlackBerry 5, click Customer Plans, and then expand the

Default customer plan.

2. Select the Instance check box, click Reload if needed to load the BlackBerry instance data, and then select the check

boxes for all applicable instances.

3. Select the IT Policies check box, click Reload if needed to load the BlackBerry policies data, and then select the check

boxes for all applicable policies.



BlackBerry 4 Services

Jun 05, 2015

CloudPortal Services Manager BlackBerry 4 Services host BlackBerry Enterprise Server (BES) 4 from the cloud, providingpush-based access to Exchange, Office Communications Server, Customer Relationship Management, and otherapplications from BlackBerry devices.BlackBerry 4 Services support Exchange 2007 and 2003. Services Manager can manage multiple BESs.

Prerequisites

Provision customers and users with CloudPortal Services Manager Exchange Services.

Install CloudPortal Services Manager BlackBerry Web Service.

Install BESUserAdminService on the BES 4 server (and start the service) and install BESUserAdminClient on the server

where the Services Manager BlackBerry Web Service is installed.

Those components are included in the BES User Administration Tool that is available for download from the BES

Resource Kit site.

Configure BESAdmin user (the user that runs the BlackBerry 4 Web Service) as an Enterprise Admin in BlackBerry Manager

and add BESAdmin to the CortexAdmins group in Active Directory.

To customize BES to look up user addresses using LDAP

If you host a BES for multiple subscribers, you must customize address lookup to restrict users from accessing contact

information from another organization.

1. Log on to a BES 4 server, start the registry editor, and browse to HKEY_LOCAL_MACHINESoftwareResearch In

MotionBlackBerry Enterprise ServerAgents.

2. Create the following keys:

Key type Name Value

DWORD Value AllowAddressLookup 1

DWORD Value HostedServer 1

DWORD Value LDAPSearch 1

DWORD Value LDAPALPSearch 1

String Value LDAPCompanyField ExtensionAttribute15

3. From the Services window (on the BES server), restart the BlackBerry Controller service.

4. Repeat this procedure for each BES.

To configure BlackBerry 4 Services

1. Enable the service (top level) and create a user plan:

https://swdownloads.blackberry.com/Downloads/entry.do?code=D736BB10D83A904AEFC1D6CE93DC54B8


1. From the main menu, choose Configuration > System Manager > Service Deployment, and expand BlackBerry.

2. Click User Plans, enter a name such as Default, click Create, click Apply Changes, and then click Save.


if applicable, expand BlackBerry, and click Save.

3. Add credentials: From the main menu, choose Configuration > System Manager > Credentials and add the Services

Manager Web Services credentials.



2. If the BES servers are not listed, click Refresh Server List.

3. Expand the entry for each BES and verify that Server Enabled is selected.


1. From the main menu, choose Configuration > System Manager > Server Roles and then expand an entry for BES 4.

2. Under Server Roles, select BlackBerry Enterprise Server, and click Save.

3. Expand the server where the BlackBerry Web Service is installed and under Server Connection Components, select

BlackBerry, and then click Save.



select or type the following information for the connection.

Server Role

Choose BlackBerry.

Server

Choose the server where the BlackBerry Web Service is installed.

Credentials

Choose the credentials for the BlackBerry Web Service.

URL Base

Enter /BlackBerryWS/BlackBerry.asmx.

Protocol

Select http.

Port

Defaults to 8097. If you change the port here, change it also in the web service.

Timeout


2. Click Save.



column for the server where the BlackBerry Web Service is installed. The icon turns green for a successful connection.

A red icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.



BlackBerry.

2. Click Service Settings, update the settings as needed, click Apply changes and then click Save.

8. Configure user plans:


BlackBerry.

2. Click User Plans, expand a user plan, and specify the BESAdminClient Password, BESAdminClient Path, and BlackBerry

Servers. The BESAdminClient Path must match the path set in the BlackBerry web.config f ile (AppSettings tab).


To complete the configuration

1. Log on to the server running the Services Manager BlackBerry Web Service.

2. Open the BlackBerry web.config f ile, typically in C:Program

FilesCitrixCortexCortexBlackBerryWSCortexBlackBerryWSRoot, and verify the BESAdminClient path and password under

AppSettings:

<add key="BESAdminClientPath" value="C:Program FilesCitrixCortexBESUserAdminClientBESUserAdminClient.exe"/>

<add key="BESAdminClientPassword" value="password"/>

The BESAdminClientPath is the path where BESAdminClient.exe and CE.dll are installed.

3. Restart the BES 4 servers.


DNS Services

Jun 05, 2015

CloudPortal Services Manager DNS Services provide Domain Name Service (DNS) hosting from the cloud. DNS Servicesrequire no installation and use a WMI connection to the DNS server. DNS Services support Windows (WMI) and BIND(UNIX) DNS.

Prerequisites

Firewalls: Open DNS port (53) and RPC ports (various) bi-directionally between the DNS server(s) and both the

CortexWeb and Provisioning servers.

RPC uses random ports above port 1056, therefore non-stateful inspection firewalls might require open ports above

1056.

DNS service account used for provisioning: Add to the local administrators group.

DNS environment:

Computer name must have a DNS suff ix.

If the DNS server is outside of the CloudPortal domain, the DNS suffix for the CloudPortal domain must be on the

DNS server.

DNS application must have a zone for the DNS suff ix.

DNS zone must have an "A" DNS record.

If the DNS server is outside of the CloudPortal domain, the DNS "A" record must be in the format

dnsServerName.CloudPortalDomain.

Example: Suppose an external DNS (DNS01) is in a workgroup and the CloudPortal Services Manager is in the domain

cloudportal.com. In that case, a DNS record DNS01.cloudportal.com must be on the external DNS.

User Access Control (UAC) must be removed from each DNS server.

To configure DNS Services


expand DNS, and click Save.


if applicable, expand DNS, and click Save.

3. Add the credentials for the DNS service account: From the main menu, choose Configuration > System Manager >

Credentials and create the account, using the fully-qualif ied domain name.



2. If the DNS server is not listed, click Refresh Server List.


5. Assign server roles to each DNS server:

1. From the main menu, choose Configuration > System Manager > Server Roles, choose a Location Filter if applicable,

and then expand the entry for a server that will host the DNS zones.

2. Under Server Roles, select DNS, and then click Save. The DNS role is used for both Windows DNS and BIND DNS.

6. Update service settings as needed: From the main menu, choose Configuration > System Manager > Service Deployment,

select Active Directory Location Services, choose a Location Filter if applicable, expand DNS, and then click Service

Settings. Required settings:


DNS Credentials

Required credentials that have read and write access to the DNS server.

Is Server 2008 Provisioning

Select the check box if you use Microsoft Server 2008 for provisioning.

Primary DNS Server

Choose the server that hosts the DNS service.

(Optional) Secondary DNS Server

Select the check box for each secondary DNS server to be used. All secondary servers regularly perform zone

transfers from the primary server to provide redundancy and load balancing.

SOA Responsible Person

Enter the email address of the person responsible for administering the domain's Start of Authority (SOA) record.

Update Method

Choose WMI (Windows) or UNIX (BIND).

Zone Credentials

Choose the credentials for managing DNS zones.

7. To verify the configuration: Provision the DNS service to a customer and then go to Services > DNS > DNS Records to

create test records. The service is working correctly if no errors occur during record creation.


Mail Archiving

Jun 05, 2015

The Mail Archiving service enables CSPs and resellers to set up Exchange 2007 and 2010 journaling rules for their customers.

Incoming and outgoing email are included in a journal report which is sent to the customer's journaling inbox. The journal

report contains the transport envelope data of the archived message and the original message is included as an

attachment.

Services Manager supports the following journaling types:Internal journaling

External journaling

Global Relay, where mail is archived offsite through the Global Relay Message Archive service

The Mail Archiving service's customer plan defines the journaling type that is provisioned to customers.

1. Enable the service at the top level:

1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and then expand

Mail Archiving.

2. Click Save.

2. Enable the service at the location level:

1. Under Service Filter, select Active Directory Location Services.

2. Choose a location f ilter, if applicable.

3. Expand the Mail Archiving service, click Service Settings, and perform either of the following actions:

If you are using internal or external archiving, leave the setting defaults.

If you are using Global Relay, enter the service URL (typically

https://controlcenter.globalrelay.com/hxapi/Service.asmx) and the customer's Global Relay email and password

information. Click Validate to confirm the settings are valid.

4. Click Apply Changes.

3. At the location level, expand the Mail Archiving service and then expand the customer plan you want to enable. Use the

following table to configure the appropriate settings.

PlanTemplate

Template Property

Internal

Relay

Archive Type: Generic Internal

Mail Databases: Specify the location of the internal journal mailbox

External

Relay

Archive Type: Generic External

Global Relay Archive Type: Global Relay

Global Relay IMAP Port: 993

Global Relay IMAP Server: Specify the external address configured to allow Global Relay to download


the customer's mail

Mail Databases: Specify the location where the Global Relay archiving mailboxes are stored

PlanTemplate

Template Property



SharePoint 2010 Services

Jun 05, 2015

Updated: 2013-05-03The SharePoint 2010 service for Services Manager delivers a SharePoint web site to share documents and information fromthe cloud. CloudPortal Service Manager integrates with SharePoint servers through a Windows Communication Foundation(WCF) service.The SharePoint 2010 service has one standard user plan (named Full) applied to all users. The standard user plan assigns

users to a specific Active Directory (AD) security group which does not affect user access within the SharePoint site. You do

not need to manage the individual users in the SharePoint application. AD Domain Services (ADDS) manages the users for

you.

The SharePoint 2010 service includes twelve customer plans that support common configurations. You can disable the

default plans and create new ones. However, you cannot switch to a different customer plan after provisioning. For details

about the default customer plan properties and patterns, see SharePoint 2010 Default Customer Plans .

Prerequisites

Install the SharePoint 2010 web service on SharePoint servers in your environment.

Enable the DNS service and enable DNS records for SharePoint 2010 Services.

Install and configure the Windows Web Hosting service on the SharePoint 2010 server.

To configure the SharePoint 2010 service

1. Enable the service (top level): From the Services Manager menu bar, choose Configuration > System Manager > Service

Deployment, expand SharePoint 2010, and click Save.



SharePoint 2010.

2. Click Service Settings, expand Configuration, and specify an Application Pool Account. The account must be an

administrator in SharePoint and entered using the exact form as the value returned by the PowerShell cmdlet Get-

SPProcessAccount.

3. Click Apply changes and then click Save to enable the service.

3. Add the credentials for the SharePoint service account: From the Services Manager menu bar, choose Configuration >

System Manager > Credentials and create the account, using the fully-qualif ied domain name.



2. If the server where the SharePoint WCF service is running is not listed, click Refresh Server List.


5. Assign server roles for each server to be added to a SharePoint farm:


entry for the server.

2. Under Server Connection Components, select SharePoint 2010.

3. Under Server Roles, select SharePoint 2010 Farm and then click Save.



Connection, and then select or type the following information for the SharePoint WCF service running on the


SharePoint 2010 server.

Server Role

Choose SharePoint 2010.

Server

Choose the server where the SharePoint WCF service is running.

Credentials

Choose the credentials for the SharePoint WCF service.

URL Base

Enter /sharepoint2010/sharepoint.svc.

Protocol

Defaults to http.

Port


Timeout


2. Click Save.

3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the

icon in the Test column for the SharePoint server. The icon turns green for a successful connection. A red icon

indicates an unsuccessful connection. Mouse over it for information about the failed connection.

To add and configure SharePoint farms

1. Add SharePoint farms:

1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farms and then choose a Location.

2. Click Add, enter a user-friendly Farm name, choose a Server for the farm, and then click Update. The farm name is

visible to customers during resource and site configuration. After a server is allocated to a farm, you cannot allocate it

to another farm.

2. Configure multi-tenancy features on SharePoint farms:

1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farm Configuration and then choose a

Location and Farm.

2. Under Managed Accounts, either choose a domain account or specify the credentials to apply the SharePoint 2010

service account to an existing user. The account specif ied is used in the next two steps.

3. If a default web application is not already created, create one. Use IIS to determine if a default web application was

created during the SharePoint 2010 installation.

4. Under Proxy Group, enter a Proxy Group Name, and then click Create. The default web application is associated with


this proxy group. This step can take several minutes to complete.

5. Under Site Subscription, complete the settings, and then click Create. The site subscription tenant service starts. This

step can take several minutes to complete.

3. To import web templates from a farm: From the SharePoint 2010 Farm Configuration page, click Retrieve Web

Templates. After web templates are stored in the CloudPortal database, they can be assigned to a SharePoint site

during customer provisioning.

To add and configure SharePoint feature packs

A SharePoint feature pack is a collection of SharePoint features. The Services Manager displays the feature packs

configured on a SharePoint farm and enables you to create new feature packs from a list of the features installed on the

SharePoint server.

1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Feature Packs, choose a Location and Farm,

and then click Retrieve Feature Packs.

2. To add a feature pack, click New Feature Pack, enter a user-friendly Name, and add the features for the feature pack.

You can add the features individually or click a default feature pack (such as foundation or enterprise). The Name is

visible to customers during resource configuration. After a feature pack is added, it can be configured for a customer

account.

To enable DNS for SharePoint 2010

DNS records for SharePoint 2010 can be types "A" or "CNAME."


2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.

3. Expand SharePoint 2010 and then click Service Settings.

4. Expand DNS and then select the Managed DNS check box.

5. Select the Internal DNS Server checkbox and specify the fully-qualif ied domain name (FQDN).

6. Optional: Select the External DNS Server checkbox and specify the FQDN.


SharePoint 2010 Default Customer Plans

Jun 05, 2015

Default Customer Plans

The following authenticated and anonymous customer plans are installed with SharePoint 2010 Services:

Customer Site

Customer Site (Anonymous)

Customer SSL Site

Customer SSL Site (Anonymous)

Shared Site

Shared Site (Anonymous)

Shared SSL Site

Shared SSL Site (Anonymous)

Dedicated Site

Dedicated Site (Anonymous)

Dedicated SSL Site

Dedicated SSL Site (Anonymous)

Patterns

Content Database

Pattern used to create content databases for the site.

Default: SP_{CustomerShortName}_{ServiceID}

Web App Host Header

Pattern used to create the host header for web applications.

Defaults:

For Customer Site: SPWebApp{CustomerShortName}

For Shared Site: SPSharedWebApp{NextID}

For Dedicated Site: {HostHeader}

Web App Path

Pattern used to create the local IIS path for web applications.

Defaults:

For Customer Site: C:SharePoint{CustomerShortName}

For Shared Site: C:SharePoint{WebAppName}

For Dedicated Site: C:SharePoint{CustomerShortName}{ServiceID}

Web App Share Path

Pattern used to create the shared IIS path for web applications.

Defaults:

For Customer Site: \{SPServer}C$SharePoint{CustomerShortName}

For Shared Site: \{SPServer}C$SharePoint{WebAppName}

For Dedicated Site: \{SPServer}C$SharePoint{CustomerShortName}{ServiceID}


Web Application

Pattern used to create web applications.

Defaults:

For Customer Site: SPWebApp{CustomerShortName}

For Shared Site: SPSharedWebApp{NextID}

For Dedicated Site: SPWebApp{CustomerShortName}{ServiceID}


Hosted Apps and Desktops

Jun 05, 2015

Updated: 2014-10-09For more information about App Studio concepts such as advertisements and isolation levels, refer to the Citrix App Studio

product documentation located in the Archive section of Citrix eDocs.

1. Enable the service (top level) and create user plans: The user plans you create are required placeholders that you will

configure at the location level. A user plan is required for each unique advertisement listing.

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then

expand Hosted Apps and Desktops.

2. Click User Plans, enter a Name for the user plan (such as Default, Common Apps, Health Care Apps), click Create, and

then click Apply changes.

3. Create additional user plans as needed and then click Save.


1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.

2. Expand Hosted Apps and Desktops and then click Save.



2. If the App Studio configuration server is not listed, click Refresh Server List.


4. Add credentials: From the Services Manager menu bar, choose Configuration > System Manager > Credentials and add

the credentials for the App Studio Global Domain Administrator account.

Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services

Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.



entry for the App Studio configuration server.

2. Under Server Connection Components, select Hosted Apps and Desktops and then click Save.


1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, select a

Location Filter if applicable, click New Connection, and then specify the following information for the App Studio

configuration server.

Server Role

Choose Hosted Apps and Desktops.

Server

Choose the App Studio configuration server.

Credentials

Choose the credentials for the connection to the App Studio configuration server.

URL Base


Defaults to /cam/v1.

Protocol

Defaults to http.

Port

Defaults to 80.

Timeout

Defaults to 200000 milliseconds. If a large number of applications are published in the XenApp farm, set this value

to -1 (unlimited).

2. Click Save.

7. Enable the service provider to manage advertisements:

1. From the Services Manager menu bar, choose Configuration > Security > Page Manager and set Page Type to Menu.

2. Under Menu, expand Services and then select Hosted Apps and Desktops.

3. In the Management Panel under Security Roles, select Service Provider Administrator.

4. Under Menu, expand Services, expand Hosted Apps and Desktops, and then select Advertisement Management.

5. In the Management Panel under Security Roles, select Service Provider Administrator.

6. Log off and then log on to apply the permission changes.

8. Specify advertisements for each user plan:

1. From the Services Manager menu bar, choose Services > Hosted Apps and Desktops > Advertisement Management.

2. From Location, choose a location and then select the check box for each user plan to be enabled for that location.

3. For each user plan enabled, expand the user plan and select the advertisements for the plan. To f ilter the

advertisement list, select an Advertisement Isolation Mode, which refers to whether (in the App Studio deployment)

the farm and workload machines used for the advertisement are shared with other tenants or allocated only to the

subscribing tenant.

Select Shared workload machines to use farm and workload machines that are allocated as shared among other

tenants.

Select Shared farm & isolated workload machine to use farm machines that are shared with other tenants and

workload machines that are allocated only to the subscribing tenant.

Select Isolated farm & isolated workload machine to use farm and workload machines that are allocated only to

the subscribing tenant.

The user plans are enabled at the location level.



AD Sync Services

Jun 05, 2015

CloudPortal Services Manager AD Sync Services synchronize customer OUs in the hosted domain controller with userchanges in the external domain controllers. The service enables users to connect to hosted services with the samecredentials they use for their local domain.The AD Sync service requires no installation on the hosted environment and uses the CloudPortal Services Manager API to

perform the synchronization. An AD Sync client installed on each external domain controller communicates with the API.

This interface is a one-way connection that can be customized to synchronize specific Active Directory information.

API requests are encrypted using a combination of a public/private key and a symmetric key (RSA and AES) to securely

transfer data and credentials. The data in the request is also hashed (SHA1) to prevent unauthorized changes.

The following diagram shows a typical installation scenario.

Prerequisites

For each domain controller in the external domain:

If SSL is enabled for Services Manager, edit the CortexDotnetweb.config f ile to set the UserSyncAPISSL value to

True.

Disable User Account Control (UAC) on each external domain controller that will run the AD Sync client.

Obtain a list of the user groups to include in AD Sync operations.

If applicable, obtain proxy server information.

Firewalls: Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server where the Services Manager API

is installed and each domain controller in the external domain.

Alternative: Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server where the Services Manager

API is installed and the proxy server used in the external domain.

To configure AD Sync Services


expand AD Sync, and click Save.


if applicable, expand AD Sync, and click Save.

3. Enable the service (top reseller level): From the main menu, choose Customers > Customer Hierarchy, expand Services,

expand the Reseller, select the AD Sync check box, and then click Provision.

4. Configure and provision the service to the customer: From the main menu, choose Customers > Customers, expand the

customer, click Services, expand AD Sync, and click Provision.

To customize the AD Sync client installer

You can customize the following characteristics of the AD Sync client installer for a CloudPortal Services Manager site:

Product settings shown in the Windows Add or Remove Programs or Programs and Features panel. Settings include

name, manufacturer, and links to help and support.

Product name used as the default installation folder, service name, and source name of errors in the Event Log.


Banner and dialog images (.bmp or .jpg) used in the installer. The default sizes of those images are:

Banner (493 x 58 pixels)

Dialog (493 x 312 pixels)

1. Log on to the CloudPortal Web Server and navigate to the [INSTALLDIR]CortexDotNetServicesSync directory.

2. Open sync.config in a text editor and customize the settings as needed. If you change a commented item, remove the

comment markup.

3. After completing the changes, direct your customers to download the AD Sync installer from the CloudPortal Services

Manager web site.

To install the AD Sync client on external domain controllers

Install the AD Sync client on every domain controller in the external domain.

1. Log on to an external domain controller and then log on to the Services Manager web console using the administrator

credentials of the customer just provisioned.

2. Download the AD Sync client installer:

1. From the main menu, choose Services > AD Sync Download and then click Download.

2. Click Save to save the AD Sync client installer to a drive location so you can copy it to the other external domain

controllers.

3. Install the client:

1. Run the AD Sync Setup installer, enter the password, and then click Next.

2. Select the Watch for changes to users check box, specify the User watch frequency, and then click Next.

Important: Perform this step for only one AD Sync client to ensure that duplicate requests are not sent to the

Services Manager API. The domain controller configured to “Watch for user changes” synchronizes user and password

changes. The other domain controllers synchronize only password changes.

3. Choose the Active Directory user groups to include in AD Sync operations and then click Next twice. When the AD

Sync service detects a USN change, it performs the synchronization only if the user is in an included group. The last

USN value is stored in [INSTALLDIR]QueueSyncActiveDirectory.config.

4. If a proxy server is used in the external domain, enter the information for it. Using a proxy server ensures that domain

controllers are not exposed to the internet.

5. Click Next, choose a location to install the AD Sync client, click Next, and then click Install.

6. Restart the domain controller. The AD Sync service starts.

7. Copy the AD Sync client installer to all other external domain controllers and then repeat Steps 3a - 3g for each

domain controller.

4. Test the AD Sync client:

1. After a domain controller restarts, log on to Services Manager and then click Users to view the user list. The

synchronized users have a small green arrow next to the user icon.

2. To test that the synchronization works for new accounts, create a new user account in the external domain, add it

to a user group that is included in AD Sync operations, change an attribute on the account, and then verify that the

account appears on the Users screen.

To synchronize additional Active Directory attributes

To change the Active Directory attributes included in API requests, edit the request format in [INSTALLDIR]Requests.


Re-configuring for Customer Changes

Jun 05, 2015

The following events at a customer site require changes to AD Sync Services configuration:A change to the administrator account for the external domain controllers

A new user added to a group that is included in AD Sync operations

To re-configure for a new administrator

If the administrator who installed the AD Sync client is no longer available, the new administrator must uninstall the AD

Sync client from all external domain controllers, re-install the client (which will be associated with the new administrator's

account), and restart the domain controllers. The AD Sync service then restarts using the new administrator's account and

synchronize all users on the remote Active Directories to Services Manager.

To handle Active Directory group changes

When a user is added to an Active Directory group, the change is not automatically synchronized with the AD Sync client.

To force a synchronization, change a property in the user account, such as the password. AD Sync then detects the

change, prompts the user to log on, and updates the include group in Services Manager.

Note: A user that belongs to both included and excluded groups is not listed in Services Manager.


CRM 2011 Services

Jun 05, 2015

This topic describes configuring the CRM 2011 service with Active Directory Federation Services (ADFS).

Prerequisites

Before configuring the CRM 2011 service, ensure the following items are present:CRM 2011 is deployed in your environment. For more information, refer to the CRM product documentation.

The Internet-facing Deployment (IFD) feature of CRM 2011 has been configured. This enables integration of ADFS with

CRM 2011.

User connections to CRM 2011 are successful. Verify there are no certif icate errors. Test the environment by creating an

organization using CRM 2011 Deployment Manager and, afterward, browsing to the site.

Ensure the CortexAdmins group has been added to the CRM Deployment Administrators group.

Ensure all CRM service accounts have been added to the CortexAdmins group.

Ensure a service account called CRMadfsSVC has been created. This account must have Read permissions to all user objects

in AD. Ensure the account has been added to the Local Administrators group on the ADFS server.

To deploy the ADFS Web service

Use this procedure to install the ADFS Web service on the ADFS server in your environment and enable the server to execute

PowerShell commands.

1. Copy the ADFS Web service to the ADFS server:

1. From the CloudPortal Services Manager 10 installation media, navigate to SupportCRM2011 and copy the

ADFSWebService.asmx f ile.

2. On the ADFS server, open IIS Manager (Start > Administrative Tools > Internet Information Services (IIS) Manager and

navigate to the Default Web Site.

3. Expand the Default Web Site node, right-click ADFS, and then select Explore.

4. Double-click the LS directory and paste the ADFSWebService.asmx f ile.

2. Install the System.Management.Automation.dll on the ADFS server:

1. Locate and copy the System.Management.Automation.dll f ile. Typically, this f ile is located at

C:Windowswinsxsmsil_system.management.automation_31bf3856ad364e35_6.1.7601.17514_none_236c706c3e93d144.

2. On the ADFS server, in IIS Manager, navigate to the ADFSLSbin directory and paste the

System.Management.Automation.dll f ile.

Note: Create the bin directory if it does not exist on the server.

3. To verify the Web service is installed correctly, launch a Web browser and enter the URL of the ADFSWebService.asmx f ile in

the address bar. For example, https://fqdn.cpsm.citrix.com/adfs/ls/ADFSWebService.asmx. The URL returns the ADFSService

definition page.

To configure the CRM 2011 service


Windows Web Hosting Services

Jun 05, 2015

CloudPortal Services Manager Windows Web Hosting Services provide Windows-based web hosting from the cloud, with IISsupport and DNS management.

Prerequisites

IIS 7 server:

Enable CloudPortal Services Manager DNS Services and enable DNS records for the Services Manager Windows Web

Hosting Service.

Install CloudPortal Services Manager Windows Web Hosting Service.

Create Web hosting root directory and shares with appropriate permissions

Create AD user and groups for FTP access and grant them appropriate permissions to the Web hosting root directory

Create an FTP site in IIS Manager with the following settings:

Site name: Any name

Physical path: Path to the Web hosting root directory

IP address: Must be unique to this FTP site

Enable Virtual Host Names: Do not select

Start FTP site automatically

Allow SSL

Basic authentication:

Set authorization access to specif ied roles or user groups.

Set the user to domainCortexIISUser.

Set read and write permissions.

FTP user isolation:

Restrict users to the FTP home directory configured in Active Directory.

Set the user to domainCortexIISUser.

FTP authentication: Configure Basic authentication with the fully-qualif ied domain name for the user's default logon

domain.

To configure Windows Web Hosting Services


1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand Windows

Web-Hosting.

2. Click Customer Plans, create a default customer plan, click Apply changes, and then click Save.


if applicable, expand Windows Web-Hosting, and click Save.

3. Add the credentials for the web hosting service account: From the main menu, choose Configuration > System Manager

> Credentials and create the account, using the fully-qualif ied domain name.



server where the Windows Web Hosting Services are installed.

2. Under Server Connection Components, select IIS.

3. Under Server Roles, select Windows Web-Hosting, and then click Save.





Server Role

Choose IIS.

Server

Choose the server where the Windows Web Hosting Services are installed.

Credentials

Choose the credentials for the Windows Web Hosting Services.

URL Base

Defaults to /IISWS/IIS.asmx. For IIS 7, change the value to /IISWS/IIS7.asmx.

Protocol

Select http.

Port

The port for the IIS service. Defaults to 8095. If you change this port, it must match the port for the web hosting

service.

Timeout


Version

Select IIS7.

2. Click Save.


column for the web server. The icon turns green for a successful connection. A red icon indicates an unsuccessful

connection. Mouse over it for information about the failed connection.





4. Enter a Name for the collection, such as WindowsWebHosting. The name cannot contain spaces.

5. From the Service list, choose Windows Web-Hosting.

6. In the Servers list, select the server and then click Save.

7. Configure the service (location level):


Services, choose a Location Filter if applicable, and expand Windows Web-Hosting.

2. Click Customer Plans, expand the default plan, and enable Server Collection.


3. Expand IIS Version, select the version, click Apply changes, and then click Save.

To manage certificates for web servers (IIS 7 only)

You can use the Services Manager to retrieve a certificate list from the web server and manage the certificates for

customers.

1. From the main menu, choose Configuration > System Manager > Server Resources > Web Servers, expand the web

server, and then click Retrieve.

2. Click Edit and then configure the applicable settings. The Public setting makes the certif icate available to all resellers and

customers. To make a certif icate available only to some nodes in the hierarchy, enable it only for those nodes.

To manage IP addresses for web servers

You can add, change, and remove IP addresses from web servers as described in the following steps. Then, when you

provision the service, you can enable the addresses.


2. Expand the server and scroll to IP Address Management.

3. Click Retrieve and then add, edit, and delete IP addresses as needed.

4. Click Save.


Citrix Services

Jun 05, 2015

CloudPortal Services Manager Citrix Services deliver on-demand apps and hosted desktops from the cloud.

Prerequisites

Install CloudPortal Services Manager Citrix Web Service on a server in a Citrix XenApp farm.

Create and configure a new security group:

Create the security group "Cortex Service Computers" on the domain. You can create this group within the

CortexSystem OU.

Add all XenApp controllers to the security group.

Assign the security group to any Services Manager root customer OUs and any existing customers created in the

location.

Assign read permissions to the security group on the OU.

In the Advanced Security Settings for the OU, f ind the security group "Cortex Service Computers" and edit the

permissions to apply to "this object and all descendant objects."

Restart all computers added to the security group.

Set up a f ile server to be used by the Citrix Service to create f ile shares with permissions, store profiles, and so on. You

can use the same server for Citrix Services and File Sharing Services.

To configure Citrix Services


expand Citrix, and click Save.


if applicable, expand Citrix, and click Save.

3. Verify credentials: From the main menu, choose Configuration > System Manager > Credentials and verify that the

administrative impersonation account for the Citrix service exists. If it does not, create the account.



2. If the XenApp server is not listed, click Refresh Server List.




server.

2. Under Server Connection Components, select Citrix App and then click Save.




Server Role

Choose Citrix App.

Server

Choose the XenApp server where the Services Manager Web Service is installed.


Credentials

Choose the credentials for the XenApp server.

Protocol

Defaults to http.

Port


Timeout

Defaults to 200000 milliseconds. If a large number of applications are published on the Citrix farm, set this value to

-1 (unlimited).

2. Click Save.


column for the XenApp server. The icon turns green for a successful connection. A red icon indicates an unsuccessful

connection. Mouse over it for information about the failed connection.

7. Create a server collection: A server collection can be assigned to a customer before applications are installed on the

servers.




4. Enter a Name for the collection, such as CitrixFarm01. You cannot change or delete a collection name after

provisioning the server collection to a customer or after saving applications, application groups, or resources on the

server collection.

5. From the Service list, choose Citrix.

6. In the Servers list, select each XenApp server to be managed under this server collection and then click Save.

8. Update service properties as needed: From the main menu, choose Configuration > System Manager > Service

Deployment, select Active Directory Location Services, choose a Location Filter if applicable, expand Citrix, and then click

Service Settings.

To import applications from a XenApp farm to a server collection

1. From the main menu, choose Services > Citrix > Configuration > Citrix Applications, choose a Location (if applicable), and

choose a Server Collection.

2. Change the New Application Settings as needed for the server collection.

Set new applications to 'default' for customer selection – Select this option to automatically select it for provisioning

to customers and users. You can override this setting at the reseller level.

Make new applications public to all customers – Select this option to provision all new applications for public access.

Generate missing application groups – Select this option to automatically create a security group in Active Directory

for applications. The application group name is in the form of CitrixApp {DatabaseID} or CitrixApp {Name}, based on

the Application Group Name service setting.

3. Click Refresh to start the import operation.

4. If a timeout occurs during the import operation, change the Timeout value on the connection (Configuration > System


Manager > Server Connections).

5. Repeat steps 1 - 3 for each server collection.


SharePoint 3 Services

Jun 05, 2015

CloudPortal Services Manager SharePoint 3 Services deliver a Windows SharePoint 3 web site to share documents and

information from the cloud.

Prerequisites

Windows SharePoint Services 3:

Create SharePoint 3.0 quota templates.

Create SharePoint 3.0 application pool and add web applications.

For SQL-authenticated web applications:

Configure to the SQL database (Membership Provider Name).

Update the Membership Provider Name in the application's web.config f ile.

Update the Membership Provider Name under the application's security settings on the SharePoint Central

Administration site.

Install CloudPortal Services Manager SharePoint 3 Web Service on each SharePoint Services 3.0 Server.

Install and configure CloudPortal Services Manager Windows Web Hosting Services on each SharePoint Services 3 Server.

(Windows Web Hosting Services require configuration only at the top and location levels. You do not need to enable

Windows Web Hosting Services at the customer level for selling.)

To configure SharePoint 3 Services


expand SharePoint Service, and click Save.

2. Expand SharePoint Service, click Service Settings, and clear the check box for Manage DNS Records.


if applicable, expand SharePoint Service, and click Save.

4. With Active Directory Location Services selected, expand SharePoint Service, click Service Settings, specify the Site

Owner and Site Owner Email, click Apply changes, and then click Save. The site owner of a provisioned SharePoint site is

a Full Administrator of the site irrespective of the administrator's SharePoint provisioned status in CloudPortal Service

Manager. Services Manager assumes that the site owner is a Services Manager user with an active account. You can

configure the SharePoint site owner at the location level, reseller, or customer hierarchies. Multiple locations require for

each location a site owner who exists within the location's domain.

5. Add the credentials for the SharePoint 3 service account: From the main menu, choose Configuration > System Manager

> Credentials and create the account, using the fully-qualif ied domain name.

6. Enable the servers:


2. If the servers where the SharePoint 3 service is running are not listed, click Refresh Server List.

3. Expand the entry for each server running SharePoint 3 and verify that Server Enabled is selected.

7. Assign server roles for each server where the SharePoint 3 Web Service is installed:

1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for a

SharePoint server.

2. Under Server Connection Components, select WSS and then click Save.

8. Add a server connection for each SharePoint 3 server:


select or type the following information.


Server Role

Choose WSS.

Server

Choose the server where the SharePoint 3 Web Service is running.

Credentials

Choose the credentials for the SharePoint 3 Web Service.

URL Base

Enter /.

Protocol

Defaults to http.

Port

Defaults to 8095. If you change the port here, change it also in the SharePoint Web Service.

Timeout


2. Click Save.




4. Repeat these steps for each SharePoint 3 server.

9. Configure the IIS web service:

1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for a

SharePoint server.

2. Under Server Connection Components, select IIS and then click Save.


select or type the following information.

Server Role

Choose IIS.

Server

Choose the server where the SharePoint 3 Web Service is running.

Credentials

Choose the credentials for the SharePoint 3 Web Service.


URL Base

Enter /IIS.asmx (for IIS 6) or IIS7.asmx (for IIS 7).

Protocol

Defaults to http.

Port

Defaults to 8095. If you change the port here, change it also in the IIS Web Service.

Timeout


Version

Select the IIS version.

To create and configure customer plans

You can configure a customer plan to only one SharePoint web application pool.

1. Top level:

1. From the main menu, choose Configuration > System Manager > Service Deployment, select Top Environment

Services, and expand SharePoint Service.

2. Click Customer Plans, enter a plan name such as Default, click Create, and then click Save. For information about

configuring a customer plan to support the provisioning of sub-sites to customers, see "To configure sub-sites" later

in this topic.

2. Location level:


SharePoint Service.

2. Click Customer Plans and then expand the customer plan.

3. For Server Configuration: Enable the setting and, if the farm has multiple front end servers, select the Load Balanced

Server check box, and select additional servers from the list.

4. Select a Quota Template.

5. Select the WSS 3 Service check box. After the available web applications for the selected SharePoint server display,

select the web application for the customer plan.


To configure sub-sites

CloudPortal Services Manager allows customers to be provisioned to either a single top level site or to a SharePoint sub-site

that is located under a top level site. Provisioning customers to SharePoint sub-sites reduces the need of creating a DNS

per customer, as the site will share the Root Site Domain. Users provisioned to a sub-site can access only that site.

Sub-sites are defined in customer plans. Before configuring sub-sites in Services Manager, the following SharePoint 3.0Central Administration setup is required:


Create a web application for the root site.

Delete the default root path for the root site (under Define Managed Paths).

Add a new root path (/) and select Type - Wildcard inclusion.

To configure sub-sites in Services Manager:


Services, choose a Location Filter if applicable, and expand SharePoint Service.

2. Click Customer Plans, expand a customer plan, select Create a sub-site to retrieve all available root sites for the web

application, and then select the Root Site to host the customer's sub-sites.

To handle post-configuration SharePoint changes

If you add web applications to SharePoint 3 after configuring and provisioning SharePoint 3 Services in CloudPortal Services

Manager, you must reset IIS. Doing so will impact customer web sites, so let all hosted sites know about the temporary

disruption to their web sites. After you reset IIS, Services Manager detects the added web applications.

If you update a quota template, you must re-provision the SharePoint instance. You can also specify individual quotas for a

site, using SharePoint Central Administration. These values override the quota template settings used to create the web

site. Alternatively, base the quotas for individual sites on the number of users who can access the site.

To add quota templates, you create them on any SharePoint 3 server within a server farm (the same configuration

database is used for all servers in the farm) and then configure customer plans with the new quota templates.


File Sharing Services

Jun 05, 2015

Updated: 2013-05-07CloudPortal Services Manager File Sharing Services provide file sharing services from the cloud. A service provider can host a

file server with multiple customer file shares on the system directory. Security permissions limit customer access to shared

folders. File Sharing Services work with the Services Manager Citrix Service, enabling file shares to be configured as Citrix

resources and accessed in a Citrix XenApp session.

Prerequisites

Firewalls: Open SMB (445) and RPC (various) ports bi-directionally between the DNS server(s) and both the CortexWeb

and Provisioning servers.

RPC uses random ports above port 1056, therefore non-stateful inspection firewalls might require open ports above

1056.

When configuring the File Sharing customer plan, Services Manager can create the f ile share path you specify, if it does

not exist already, provided Services Manager has permissions on the server. If not, be sure to create the f ile share you

wish to use with Services Manager prior to configuring the customer plan.

To configure the File Sharing service

1. Enable the service at the top environment level and create a default customer plan:


2. Expand File Sharing and then click Customer Plans.

3. Under New Customer Plan, in Name, type Default.

4. Click Create.

5. In File Share Path, enter the path of the f ile share you wish to use.

Note: If the specif ied path does not exist, Services Manager can create it, provided it has permissions on the specif ied

server. Otherwise, be sure the path exists before configuring the customer plan.


7. Click Save.

2. Enable the service at the location level:

1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment, under Service

Filter select Active Directory Location Services, and then choose a Location Filter if applicable.

2. Expand File Sharing and then click Save.


1. From the Services Manager menu bar, select Configuration > System Manager > Server Roles and then expand the

entry for the server hosting f ile sharing.

2. Under Server Roles, select File Sharing and then click Save.


1. From the Services Manager menu bar, select Configuration > System Manager > Server Collections.

2. Click New Server Collection and complete the following f ields:

In Name, enter a unique name for the server collection.

In Display Label, enter a friendly name for the server collection.

In Service, select File Sharing.

In Servers, select the servers you want to add to the collection.


Select Automatic reseller selection to make this collection the default for resellers that are provisioned with the

service.

Select Automatic customer selection to make this collection the default for customers that are provisioned with

the service.

3. Click Save.

5. Select f ile share servers for the default customer plan:


2. Under Service Filter, select Active Directory Location Services and then choose a Location Filter, if applicable.

3. Expand the File Sharing service, click Customer Plans, and then expand the Default plan.

4. Under Configure Service Settings, select the File Share Servers check box and then select the servers you want

customers to use when they are provisioned with the Default plan.


6. Click Save.


Reporting Services

Jun 05, 2015

Reporting for CloudPortal Services Manager delivers usage and billing reports to your customers and application vendors. It

includes standard reports to support standard provisioned services and a data warehouse.

CloudPortal Reporting communicates directly with the SQL Server Reporting Services web service.

Installation of the CloudPortal Services Manager Data Warehouse configures the CloudPortal Reporting service and the

data warehouse connection. To complete the setup, configure the CloudPortal Reports Manager and security roles, as

described in this section.

Prerequisites

Install Microsoft SQL Server 2008 R2 with the following:

CloudPortal Services Manager Data Warehouse

The data warehouse installation creates the OLMReporting database, data transfer application, and scheduled tasks

that collect usage data and transfer the online transaction processing (OLTP) data to the warehouse.

SQL Server Reporting Services 2008 R2, with data warehouse reports deployed.

Install CloudPortal Services Manager Data Warehouse.

To configure the CloudPortal Reports Manager

For each report type, such as customer, package, and reseller, you can override the following configurations:

The report type, to enable permissions to be assigned in security roles

The default report types for standard reports are as follows:

Billing Reports: Customer Detail (report type is Customer)

Billing Reports: Reseller Detail (report type is Reseller)

Service Reports: Customer (report type is Customer)

Service Reports: Reseller (report type is Reseller)

Service Reports: Package (report type is Reseller)

Report names and descriptions displayed and the parameter names that appear on the reports display for end users

1. Refresh the reports from a SQL server: From the main menu, choose Reports > Configuration > Reports Manager,

choose the Server, and then click Refresh.

2. Expand a service and click a report type.

3. In the Settings tab, change the Report Type as needed.

4. Before changing report names, descriptions, and parameter names, plan any translations needed in Configuration >

Content Management > Content Translation (content space is Reports/ReportsViewer). Be aware that the parameter

label is used as the content message code in content management, therefore a change to the translation for one

report on the Content Translation page impacts the translation for all reports. To translate a parameter label for an

individual report, edit the label in Reports > Configuration > Reports Manager and then use the Content Translation page

to translate the label.

The Test, Active, Enabled, and Billable parameters have default translations that convert non-active to inactive and so

on.

Use the content space report path/name to translate report content.


To generate reporting views

Reporting views are used as a source for data transferred to the data warehouse. When you generate reporting views,

issues related to missing source views during data transfer are described in error messages to help you with troubleshooting.

1. Refresh the ports from SQL: From the main menu, choose Reports > Configuration > Reports Manager, choose a Server,

and click Refresh. All reports from the defined SQL Server Reporting Services are imported into the services manager.

Note: If a "401 Unauthorized" error appears, verify which service account is configured for SQL Server Reporting Services.

If it is not Network Service or Local System, try adding http/{SQLReportingServiceFQND} to the servicePrincipalName of

the service account.

2. Near the bottom of the page, click Generate Reporting Views.

To set permissions in Security Roles

Security role permissions control which reports are visible in the Reports menu. The default roles for standard reports are asfollows.

Billing Reports: Customer Detail

Service Provider Administrator

Reseller Full Administrator

Reseller Partial Administrator

Customer Administrator

Billing Reports: Reseller Detail


Reseller Full Administrator

Reseller Partial Administrator

Service Reports


Service Administrator (such as AD Sync administrator)

1. From the main menu, choose Configuration > Security > Security Roles and then expand a role.

2. Under Role Permissions, click the Reports tab. For information about working with security roles, refer to Managing

Security Roles .

To verify the reports

After the scheduled data transfer job runs, verify the data populated in the reports as follows.

1. Log out of Services Manager, log on again, choose Reports > Configuration > Reports Manager, and choose the Server.

2. Click Generate Reporting Views and then choose Reports > View Reports to verify the reports.


Exchange Services

Jun 05, 2015

CloudPortal Services Manager Exchange Services provide single or multi-tenanted Microsoft Exchange from the cloud.

Hosted Exchange Services support Microsoft Exchange 2003, 2007, and 2010

Hosted Exchange Multi-tenanted Services support Microsoft Exchange 2010 Service Pack 1

Note: If you installed Exchange using the /hosting option, configure Hosted Exchange Multi-tenanted Services for

Services Manager. If you did not install Exchange using the /hosting option, configure Hosted Exchange Services for

Service Manager.

CloudPortal Services Manager concurrently supports Exchange 2007 and 2010 or Exchange 2003 and 2007.

Prerequisites

Install CloudPortal Services Manager Exchange Web Service.

To configure Hosted Exchange Services

1. Enable the service (top level) and create user and customer plans:

1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand Hosted

Exchange.

2. Click User Plans, enter a Name for the user plan, and then click Create.

3. Click Customer Plans, create a customer plan, click Create, and then click Save.


if applicable, expand Hosted Exchange, and click Save.


impersonation account (EXCHWS_USERNAME) for the Exchange service exists. If it does not, create the account.



2. If the server where the Exchange web service is installed is not listed, click Refresh Server List.




server.

2. Under Server Connection Components, select Hosted Exchange and then click Save.


1. From the main menu, choose Configuration > System Manager > Server Connections, select a Location Filter if

applicable, click New Connection, and then specify the following information for the Exchange Web Service.

Server Role

Choose Hosted Exchange.

Server

Choose the server where the Exchange Web Service is installed.

Credentials


Choose the credentials for the Exchange Web Service.

URL Base

Defaults to /ExchangeWS/HostedExchange.asmx.

Protocol

Defaults to http.

Port


Timeout


Version

Select the Exchange version that you are configuring.

2. Click Save.

3. From the main menu, choose Configuration > System Manager > Server Connections and then click the icon in the

Test column for the Exchange server. The icon turns green for a successful connection. A red icon indicates an


7. Update service settings as needed: From the main menu, choose Configuration > System Manager > Service Deployment,

select Active Directory Location Services, choose a Location Filter if applicable, expand Hosted Exchange, and then click

Service Settings. The following settings are required:

Any setting that includes the value [ExchangeServer]

Replace with the Exchange server's name.

System Domain

If this is not set to the correct domain, provisioning will fail.

Preferred Mail Stores

Select this check box, select the tab for your version of Exchange, click Reload, and then select the checkbox for at

least one mail database.

Public Folders > Public Folders Enabled

Select the check box to provision Public Folders.

Public Folders > Public Folder Server

Select this check box, click Reload to replace the default public folder server, and then select the check box for the

public folder server.


Off line Address Book (OAB)

OABs can be distributed using public folders (for Exchange 2003, 2007, or 2010) or web-based virtual directories

(Exchange 2007 or 2010).

To distribute OABs using public folders:

1. Expand Offline Address Book (OAB) and then select the Public Folder Distribution check box.

2. Select the Public Folder Servers check box and the check box for the server (if the correct server is not listed, click

Reload).

3. Click the Server check box and the check box for the server (click Reload if needed).

To distribute OABs using virtual directories:

1. Expand Offline Address Book (OAB) and verify that the Public Folder Distribution and Public Folder Servers check

boxes are cleared.

2. Click the Server check box and the check box for the server (click Reload if needed).

3. Select the Virtual Directory check box, click Reload, select the check box for the server, and then click Enable web-

based distribution.

For more information about advanced properties, refer to Exchange Services Advanced Properties.

8. Enable mailbox creation during user provisioning:

1. With Active Directory Location Services still selected, expand Hosted Exchange, click User Plans, and then expand a

plan.

2. Select the Mail Databases check box, click Reload, and then select the check box for at least one mail database.

3. Select the Mailbox storage limit check box and enter the maximum amount of storage allocated to each provisioned

user.

Important: Configure this setting before provisioning users with the Hosted Exchange service. After the Hosted

Exchange service has been provisioned, you cannot modify this setting.


To configure Hosted Exchange Multi-tenanted Services

1. Enable the service (top level) and create a default user plan:

1. From the main menu, choose Configuration > System Manager > Service Deployment and expand Hosted Exchange

Multi-tenanted.

2. Click User Plans, enter a Name such as Default for the user plan, and then click Create. This plan is a required

placeholder that will not be used.

3. Click User Plans, expand the Default plan, click Apply changes, and then click Save. The user plan is saved at the top

level.


if applicable, expand Hosted Exchange Multi-tenanted, and click Save.


impersonation account for the Exchange service exists. If it does not, create the account.



2. If the server where the Exchange web service is installed is not listed, click Refresh Server List.



http://support.citrix.com/article/CTX132479



server.

2. Under Server Connection Components, select Exchange Multi-tenanted, and then click Save.



applicable, click New Connection, and then specify the following information for the Exchange web service.

Server Role

Choose Exchange Multi-tenanted.

Server


Credentials

Choose the credentials for the Exchange Web Service.

URL Base


Protocol

Defaults to http.

Port


Timeout


2. Click Save.




7. Configure service plans:

1. From the main menu, choose Services > Exchange > Configuration > Exchange 2010 Multi-Tenant and then click New

service plan.

2. Specify the System Name (service plan name), Description, and select the Default Plan check box if applicable.

3. Under Organizational Configuration, expand each container and change the options for the service plan if needed.

Click Apply changes for each container, even if you do not change the settings.

4. Under Mailbox Plans, click New mailbox plan and create at least one mailbox plan.

Important: You must create all of the mailbox plans that will be needed before you perform the hosting plan

allocation. After you allocate a hosting plan, you cannot create more mailbox plans.

5. Under Mailbox Configuration, expand each container and choose the options for the service plan. Click Apply Changes


for each container, even if you do not change the settings, and then click Save.

8. Add hosting programs: Under Related Pages, click Hosting Programs. Use the default programs or create your own.

9. Add hosting offers: Under Related Pages, click Hosting Offers. Use the default offer or create your own.

10. Add hosting plan allocations:

1. Under Related Pages, click Hosting Plan Allocation.

2. After you create a hosting plan, click the icon under the Validate column. If the plan fails validation, f ix it before

proceeding. Hosting plan allocation links the hosting programs, hosting offers, and service plans.

11. Update service settings:


Services, choose a Location Filter if applicable, expand Hosted Exchange Multi-tenanted, and then click Service

Settings and update settings as needed.

2. Click Apply changes, expand User Plans, and then expand the plan.

3. Select the Mail Databases check box, click Reload if needed, select the server check box, and then click Apply changes

and Save.


Configuring Unified Messaging

Jun 05, 2015

1. From the main menu, choose Configuration > System Manager > Service Deployment, expand Hosted Exchange or

Hosted Exchange Multi-tenanted, and then click Service Settings.

2. Expand Unif ied Messaging and complete the settings. Use the Exchange Management Console to look up the Mailbox

Policy name under Organizational Configuration > Unif ied Messaging > UM Mailbox Policies.

3. From Category Filter, choose User and then expand Unif ied Messaging.

4. In Extensions, enter the starting point for the auto-generated extensions. Use the same number of digits configured in

Exchange for extensions.

5. Click Apply Changes and then click User Plans.

6. Expand the user, expand Unif ied Messaging, and then complete the applicable settings. Required: Select the Unif ied

Messaging check box to enable the feature for a mailbox.


Configuring PST File Import and Export for Exchange2007

Jun 05, 2015

Updated: 2012-11-27Configure PST file import and export to enable Services Manager to import and export Exchange 2007 personal store

mailboxes using an FTP server.

Prerequisites

Install the Services Manager Exchange service.

FTP server:

Running 32-bit Windows Server 2008, with current service packs.

Member of a Services Manager domain.

Open Exchange ports to the rest of the Exchange organization.

Install these components:

Exchange Management Tools

Microsoft Outlook

.NET Framework

FTP components and roles of IIS

To configure the FTP server for PST import and export

Important: This procedure applies only to Exchange 2007. The Exchange 2010 server connection that you configure inServices Manager has built-in support for mailbox import and export. Services Manager does not support PST f ile importand export for Exchange 2003.1. In Active Directory, perform the following actions:

1. Create a new AD user account in the Services Manager system OU called servername_pst.

2. Grant Full Control permissions of the servername_pst account to the Customers OU.

3. Add the servername_pst account to the CortexAdmins group.

2. For the FTP server, perform the following actions:

1. On the FTP server, create a new folder for use by Services Manager. The default path is C:CortexFTP.

2. Share the folder as Webhosting and grant Full Control of the share to Everyone.

3. In the folder properties, on the Security tab, verify that inheritance is disabled and, when prompted, click Add to copy

the current permissions to the folder.

4. Add the domain security group ServiceAdmins HE to the ACL of the folder and grant List Folder Contents permissions.

5. Add the servername_pst account to the ACL of the folder and grant it Full Control.

3. Add and configure the FTP site in IIS:

1. On the FTP server, open the IIS Management Console and then navigate to the Sites container.

2. Right-click the Sites container, choose Add FTP Site, and configure it.

FTP site name: A name such as "CloudPortal Services Manager PST FTP Site"

Physical path: The path configured in step 2a above

Binding IP Address: An IP address and port or All Available

SSL: Allow SSL

Authentication: Basic

Authorization: Allow access to: Specif ied roles or user groups


Authorization (credentials):domainServiceAdmins HE

Authorization: Permissions: Read and Write

3. Under the Features view, double-click FTP User Isolation, choose FTP home directory configured in Active Directory,

and then click Set to specify the credentials for the new AD user account set up in Step 1a. Include the domain with

the user name: domainservername_pst

4. Under the Features view, double-click FTP Authentication, enable Basic Authentication, disable Anonymous

Authentication, and then click Edit and set Default domain to the fully-qualif ied domain name.

4. Restart the FTP site.

To configure PST file import and export


1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the server to be used

for PST import and export. If the server is not listed, go to Configuration > System Manager > Servers and refresh the

list.

2. Under Server Connection Components select Hosted Exchange.



applicable, click New Connection, and then specify the following information for the Exchange web service.

Server Role

Choose Hosted Exchange or Exchange Multi-tenanted.

Server


Credentials

Choose the impersonation account for the Exchange service.

URL Base


Protocol

Select http.

Port


Timeout


Version

Select Mailbox Import/Export.


2. Click Save.





1. From the main menu, choose Configuration > System Manager > Service Deployment.

2. Under Service Filter, select Top Environment Services, and expand Hosted Exchange or Hosted Exchange Multi-

tenanted.

3. Click Service Settings, expand Mailbox Import/Export, and then select the Enabled check box. You can use the default

settings for the other properties.

4. Click Save.

4. Create a task on the FTP server to start PowerShell for use with PST import and export:

1. In Windows Server Task Scheduler on the FTP server, create a task with the following settings.

Name: CloudPortal PST Import Export PowerShell Start

Description: This task automatically starts PowerShell for use with CloudPortal PST Import Export.

Security options: Use an account with appropriate privileges, such as an Exchange administrator account who is

also a local admin on the PST import/export server. Select Run whether user is logged on or not.

2. On the Triggers tab, click New and use the default settings.

3. On the Actions tab, create a new action with the following settings.

Action: Start Program

Program/script: C:WindowsSystem32WindowsPowerShellversionpowershell.exe

Add arguments: -PSConsoleFile "C:Program FilesMicrosoftExchange Serverbinexshell.psc1" -noexit -command ".

'C:Program FilesMicrosoftExchange ServerbinExchange.ps1'"

4. On the Settings tab, select Allow task to be run on demand, select If the task fails, restart every, and choose 1 minute.

Clear any other check boxes and set If the task is already running to Do not start a new instance.

5. Verify in Task Manager that the PowerShell process started.


Microsoft SQL Services

Jun 05, 2015

Updated: 2012-11-07CloudPortal Services Manager Microsoft SQL Services host SQL servers from the cloud. Microsoft SQL Services require noinstallation and use a remote connection (typically TCP/IP) to Microsoft SQL Server 2005 and 2008.

Prerequisites

Microsoft SQL Server 2008 SP2, Microsoft SQL Server 2008, or Microsoft SQL Server 2005:

Member of a CloudPortal-managed domain.

Set Authentication mode to SQL Server and Windows Authentication.

Enable remote connection.

Enable protocols for remote connection (for example, TCP/IP).

Ensure the SQL Server Browser service is running and set to start automatically. This ensures Services Manager can

locate the SQL Server and enumerate the instances installed when you configure the SQL service in the control panel.

Install the SQL Native Client component on the CloudPortal Services Manager Provisioning server.

The 32- and 64-bit clients for each supported version of Microsoft SQL Server are available from the Microsoft

downloads site.

To configure Microsoft SQL Services


1. From the main menu, choose Configuration > System Manager > Service Deployment and expand Microsoft SQL

Server Hosting.

2. Click Customer Plans, enter a Name such as Default, click Create, and then click Save.


1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Microsoft

SQL Server Hosting, and click Service Settings.

2. In Connection String Pattern, specify the connection string used to connect to SQL Server instances. If you are using

SQL authentication, use the string from the Connection String Pattern for SQL Authentication setting in this f ield. If

you are using Windows authentication, use the string from the Connection String Pattern for Windows

Authentication setting in this f ield. When editing the strings, specify the values for DatabaseName and, if using SQL

authentication, the SQL user name and password.

For example:

SQL authentication: Data Source={ServerInstanceName};Initial Catalog=Master;User ID=sa;Password=secret

Windows authentication: Data Source={ServerInstanceName};Initial Catalog=Master;Integrated Security=SSPI

Note: Services Manager automatically supplies the value for {ServerInstanceName} when the database is provisioned.

Therefore, this value does not require editing.

3. Specify the Database File Path and the Database Log File Path. Example: C:SQLhosting

4. Specify the User Domain Name such as lab4, click Apply changes, and then click Save.


1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the SQL

hosting server.

2. Under Server Roles, select Microsoft SQL Server 2005 Hosting and then click Save.






4. Enter a Name for the collection, such as SQLHosting.

5. From the Service list, choose Microsoft SQL Server Hosting.

6. In the Servers list, select each SQL hosting server to be managed under this server collection and then click Save.

5. Verify server settings for the default customer plan:


Services, choose a Location Filter if applicable, expand Microsoft SQL Server Hosting, and click Customer Plans.

2. Expand the default customer plan and verify that the correct Server Collection is selected, specify the database and

log f ile size settings, click Apply changes, and click Save.

6. Retrieve SQL server instances:

1. From the main menu, choose Configuration > System Manager > Server Resources > SQL Servers, expand a SQL server

entry, and click Retrieve. Repeat this step for each SQL server.

2. Verify that all required SQL server instances appear in the list. To manually add a server instance that already exists on

the SQL server, click Add. To specify the default instance, enter only the server name. To specify a nonstandard

instance and port, use the following form: servernameinstance,port. Example: lab4-SQL01INST01,1450

At least one server instance must be configured per server.

3. To restrict an instance so that it is not available in the Services Manager, click Edit and then select the Reserved check

box.


Office Communication Server 2007 Services

Jun 05, 2015

CloudPortal Services Manager Office Communication Server 2007 Services deliver communication services from the cloud.Office Communication Server 2007 Services require no installation and use a WMI connection to the OfficeCommunications Server (OCS).

Prerequisites

Install Microsoft Office Communications Server 2007 R2.

Update user access permissions to allow users to connect to Communicator:

If needed, change the CortexAdmins group from global to universal scope.

Include the RTCUniversalAdmins and RTCUniversalReadOnlyAdmins groups in the CortexAdmins group.

On the OCS server restart all services that use RTC credentials.

For OCS reports: Configure and enable the OCS Monitoring Service on the OCS server. On that server:

Use both TCP/IP and named pipes for local and remote connections.

Allow SQL Server mode and Windows Authentication mode.

Add a SQL Server Login that has been granted db_datareader and db_owner permissions to the following OCS

databases: RTC, RTCDYN, and LCSCDR (this database is present only when OCS Monitoring is enabled).

To configure Office Communication Server Services


1. From the main menu, choose Configuration > System Manager > Service Deployment, and expand Office

Communication Server 2007.

2. Click Customer Plans, enter a Name for the plan such as Pool1, click Create, and click Save. Repeat this step to create

a customer plan for each OCS pool.

3. Expand Office Communication Server 2007, click Customer Plans, expand a plan name, enter the distinguished name

for RTC Home Server, and click Apply changes. Repeat this step for each customer plan.

To look up the RTC Home Server name, open the Active Directory file AdsiEdut.msc and locate the distinguishedName

attribute of the OCS pool. Example: CN=LC Services,CN=Microsoft,CN=Lab1OCSPool,CN=Pools,CN=RTC

Service,CN=Microsoft,CN=configuration,DC=lab1,DC=test,DC=com

4. Click Service Settings, expand SIP Address, specify the RTC Server Name, click Apply changes, and click Save. The RTC

Server Name is used for OCS reporting.

2. From the main menu, choose Configuration > System Manager > Credentials and add credentials for the SQL Server

Login account.

3. Enable the service (location level) and configure OCS reporting:

1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office

Communication Server 2007, and click Service Settings.

2. Expand Usage Reporting and then choose the SQL Server Login account credentials for RTC Database Credentials.

3. Enter the full RTC Server Name for the server that contains the OCS databases, click Apply Changes, and then click

Save.

4. Create and configure a user plan:

1. Under Service Filter, select Top Environment Services, expand Office Communication Server 2007, click User Plans,

enter a Name for the user plan such as Full, and click Create.

2. Click User Plans, expand the plan, and update the settings if needed.



4. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office

Communication Server 2007, click User Plans, and expand the user plan.

5. Select the Meetings Policy check box and then select the applicable policy.

6. Select the Unif ied Communications Policy check box, select the applicable policy, click Apply changes, and click Save.

To partition the address book by OU for a multi-tenant environment

In a hosted multi-tenant environment, user address book searches should return only the users and groups that are in the

same OU (customer) as the user.

To limit user search results, use the Address Book Service Configuration Tool (ABSConfig.exe) to partition the address book

by OU. That tool is in the Microsoft Office Communications Server 2007 R2 Resource Kit, available from the Microsoft

download site.

Note: Partitioning the address book by OU does not impact a user's ability to send an instant message to other customers'users.

To update OCSSettingsLocation values in Web Services web.config files

By default, the CloudPortal Services Manager Provisioning Engine Web Services and Directory Web Services are installed

with the OCSSettingsLocation set to System (for example, CN=System,DC=lab1,DC=local).

Microsoft Office Communications Server 2007 R2 allows the Service Provider to install the OCS directory at either

Configuration (for example, CN=configuration,DC=server,DC=local) or System. If the OCS directory is installed at

Configuration, the OCSSettingsLocation value in the web.config files for the Provisioning Engine and Directory Web Services

must be updated. If the container settings for OCS and the web services do not match, Service Manager displays errors

such as the following during user plan updates or user provisioning:

Server was unable to process request. ---> Failed to load the LCS/OCS policies from path 'LDAP://CN=Policies,CN=RTC

Service,CN=Microsoft,CN=System,DC=lab1,DC=local'. Error: There is no such object on the server.

This procedure describes how to change the configuration files for the Services Manager Provisioning Engine Web Services

and Directory Web Services.

1. Stop the Services Manager Queue Monitor service.

2. Log on to the Provisioning server and then open the appSettings.config f ile. That f ile is typically located in: C:Program

Files (x86)CitrixCortexProvisioning Engine.

3. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.

4. Restart the Queue Monitor service.

5. Log on to the server, usually the Provisioning server, where the Services Manager Directory Web Service is saved and then

open the web.config f ile. That f ile is typically located in: C:Program Files (x86)CitrixCortexServicesDirectory.

6. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.


Creating and Provisioning Additional User andCustomer Plans

Jun 05, 2015

When you configure a service for the f irst time, you create the initial user and customer plans that are eventually sold toResellers and customers. However, adding more plans later does not require the same level of configuration that wasrequired during service configuration. After the service is fully configured, you can create additional user or customer plansand:

Enable Resellers to offer additional levels of service to their customers.

Migrate customers’ users to a new user plan using the Package Migration Wizard. For more information about

performing this task, refer to the topic To migrate users to different user plans in bulk with the Package Migration

Wizard in Citrix eDocs.

This topic assumes the following conditions:You have fully configured the services for which you are creating more plans.

You have at least one user plan and one customer plan enabled and available for provisioning.

Use this topic as a guide for creating more plans and making them available to Resellers and customers. For more

information about configuring service-specific settings, consult the service’s configuration instructions in the Configuring

and Managing Services section of the Services Manager product documentation in Citrix eDocs.

To create additional user plans

1. Create and configure a user plan for the desired service at the Top level:

1. From the Services Manager menu bar, click Configuration > System Manager > Service Deployment.

2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.

3. Click User Plans, enter a Name for the user plan, and then click Create.

4. Perform any additional configuration required.

5. Click Apply Changes, and then click Save.

2. Enable and configure the user plan at the Location level:


2. Expand the desired service, click User Plans, and then select the Enabled check box for the new user plan.

3. Expand the new user plan and update applicable settings.


3. Provision the user plan to the top Reseller:

1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name

of the Reseller and click Search. The specif ied customer is selected.

2. Expand the Reseller service and then expand the service for which you added the new user plan.

3. Select the Enabled check box for the new user plan.

4. Click Apply Changes and then click Provision.

4. Repeat Step 3 for any other Resellers in the hierarchy.

5. Provision the user plan to the customer:


of the customer and click Search.

2. Expand the desired service and click Advanced Settings.

3. Under User Plans, select the Enabled check box for the new user plan.


4. Click Provision.

To create additional customer plans

1. Create a customer plan for the desired service at the Top level:

1. From the main menu, choose Configuration > System Manager > Service Deployment.

2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.

3. Click Customer Plans, enter a Name for the customer plan, and then click Create.

4. Perform any additional configuration required.

5. Click Apply Changes, and then click Save.

2. Enable and configure the customer plan at the Location level:


2. Expand the desired service, click Customer Plans, and then select the Enabled check box for the new customer plan.

3. Expand the new customer plan and update applicable settings.


3. Provision the customer plan to the top Reseller:


of the Reseller and click Search. The specif ied customer is selected.

2. Expand the Reseller service and then expand the service for which you added the new customer plan.

3. Select the Enabled check box for the new customer plan.

4. Click Apply Changes and then click Provision.

4. Repeat Step 3 for any other Resellers in the hierarchy.

5. Verify the new customer plan is available for provisioning:

1. From the Customer Services page, expand the desired service.

2. In Customer Plan, click the drop-down box to view the available plans. The newly added customer plan is displayed and

is available for selection.


Manage Customers

Jun 05, 2015

A common task for a service provider or reseller to perform after logging on to the CloudPortal Services Manager is tocreate a customer. A customer is a container that can consist of :

Hosted services that can be configured and made available (that is, provisioned) to the customer's users

A customer administrator who can create and manage users, and provision services to them

Users who access one or more services with which they have been provisioned

Additional customers (known as resellers or tenants) who, in turn, can create and manage customers and users of their

own, and provision services to them

To create a reseller, the service provider provisions a customer with the reseller service. Reseller-customers can, in turn,

create their own customers and enable them to be resellers as well. Service providers have access to advanced system

configuration functions, such as service configuration, which resellers do not.

As you create a customer through the Services Manager, you specify the customer location (that is, the hosted domain), its

Active Directory organizational structure (optionally), and any advanced properties. Advanced properties can include

password expiry rules, additional organizational structure, and service security roles. You can select one or more security

roles to enable the customer to administer available services. As a final step, the provisioning engine creates an organization

structure and security groups in Active Directory for the defined customer.

Getting Started

Creating a customer consists of these initial steps:1. Create a new customer by selecting Customers > New Customer from the main menu.

You can quickly create a customer with minimal details: name, email contact information, and a domain name. The

Services Manager assigns a default set of restricted and allowed security roles in this case. Alternately, you can add more

detailed information and choose roles for the customer and any inherited customers and users.

2. Create a customer administrator user to manage users and administer services in the customer's organization.

After creating a customer, the Services Manager automatically prompts you to create an administrator user. You can

cancel this operation, but this first user created for a customer is always an administrator user.

3. Provision available services to a customer, an action performed by a service provider or reseller.

4. Create users to whom services are later provisioned, an action performed by a customer administrator.

5. Provision services to users, an action performed by the customer administrator.


Creating Customer Administrators

Jun 05, 2015

After you create and initially provision a customer, the Services Manager will automatically prompt you to create the f irstuser for the customer: the customer administrator. If you do not create an administrator at this time, when you attempt tocreate the f irst user for the customer, it is created as an administrator.

Before you create a customer administrator, gather all contact information and determine a password for this user. You

can choose to provide more detailed contact information when you create the user.

After you create (that is, provision) this user, the Services Manager will automatically prompt you to provision services.

To find and select customers

1. From the main menu, click Home.

2. Expand Customer Management.

3. In Customer Search, perform one of the following steps. You can use the percent sign (%) as a wildcard prefix for text

searches:

Select Name/Billing ID and type the customer name or customer billing ID code in the search text f ield.

Select Domain and type the customer's domain name.

4. Press Enter or click Search.

5. In the search results table, click the customer name to expand the Customer Functions menu.

The customer is now selected. Perform the following procedures to create an administrator user for a customer.

To create an administrator user

1. After the customer is selected, from the Services Manager menu bar, click Users > New Users.

2. If not expanded, expand User Details, then select or type the following information:

In UPN, type a user name that will be added to the appended domain name that you select from the drop-down list.

This entry is automatically populated in the Username field. You can edit this f ield.

In First Names and Last Name, type the user's f irst and last name. These entries are automatically populated in the

Display Name field. You can edit this f ield.

3. Click Additional User Properties to add more details about the user.

4. Under Address, General, Organization, and Telephones, add information as appropriate.

5. Under Password Configuration, add a password for the user.

6. Click Account Settings and configure the following options:

Change Password at Logon

Account Disabled

Account Locked

Account Expires

7. Click Advanced Options to select security roles for the customer administrator.

8. Ensure the Configure a custom role collection check box is cleared and then select one of the following administrator

roles from the drop-down list:

Customer Administrator

Partial User Administrator (Reset Passwords)

Service Administrator

User Administrator

User and Service Administrator


9. (Optional) Expand Email Addresses to configure one or more email addresses for the customer administrator.

Note: If no email address is specif ied, the Services Manager automatically assigns an email address constructed from the

UPN.

10. Click Provision to create the user. The Services Manager automatically prompts you to provision services.


To modify customers

Jun 05, 2015

1. Find a customer by using one of the methods described in Finding Customers .

2. Click the customer name to expand the customer to display the Customer Functions dialog box.

3. Select any of the following options:

Option Description

EditCustomer

Modify contact and domain information and email addresses, change password requirements, and

other details.

Users View and manage user accounts within the selected customer hierarchy.

Delete Permanently delete the deprovisioned customer from the Services Manager and Active Directory. This

function is only available after you deprovision the customer.

Deprovision Deactivate the customer and its users in Active Directory but keep the account information in the

Services Manager database. Users cannot log on or use services.

Disable Disable the customer and all its user accounts in the Services Manager database and Active Directory.

To reinstate the customer, click Enable and then Provision.

To delete the customer, click Delete. This action deletes the customer from the Services Manager

and Active Directory and also deletes any data associated with the customer.

Note: You can modify customer settings by using Edit Customer while the customer is disabled. Click

Provision in the Edit Customer dialog box to apply the changes to the customer.

Enable Reinstates the customer and its user accounts in the Services Manager and Active Directory. Next,

click Provision to provide the customer with full access to its provisioned services.

Provision Activate the customer after updating or modifying settings. If the customer had been disabled,

Enable the customer before performing a Provision operation.

Services Manage services associated with the customer.

ResetStatus

Reset the provisioning status if the request appears to have timed out.


To move a customer to a different reseller customer

Jun 05, 2015

You can move an existing customer to a different reseller customer with the following conditions:A reseller customer cannot be moved.

The customer can be moved to a reseller customer in the same location only.

The reseller must be able to provision all services that the moved customer has provisioned. That is, the reseller must

already have the same services provisioned to it as the customer to be moved.

As part of the customer move process, the Services Manager detects matching access levels for each service (known as the

service access level or SAL). Any SAL that cannot be matched is displayed as an editable or selectable field. If the SAL

changes as a result of this selection and no service properties are overridden, the moved customer's users inherit the new

SAL properties. If service properties are changed or overridden, the moved customer's users inherit the new, changed service

properties.

1. Click Customers > Configuration > Customer Move.

2. From the Customer Move page, perform the following actions:

1. In Customer Search, type the name of the customer to be moved and select the customer.

2. In Reseller Search, type the name of the destination reseller that will receive the customer and select the reseller.

3. Click Load Customers.

4. From the drop-down list, ensure the correct location is selected. The destination reseller's location must match the

customer's current location.

Important: If multiple locations are available from the drop-down list and you select a location that is different from the

customer's current location, the move operation will fail. Moving customers to resellers in other locations is not

supported.

5. Under Package Selection, if available, select the source and destination customer service plan and service access level.

6. Click Move.

The Services Manager displays a message that changes are complete and the customer is being provisioned. You can checkthe status of move by clicking Configuration > Provisioning & Debug Tools > Provisioning Requests.


Creating Reseller Customers

Jun 05, 2015

By default, the Service Provider Administrator and Reseller Full Administrator roles can create customers. However, only the

Service Provider can create a Reseller customer (known as the reseller). In this case, the reseller resides in the Service

Provider's customer hierarchy and the reseller can then create one or more customers within its own hierarchy.

The general steps to create a reseller are as follows:1. Create a customer; see Creating Customers .

2. Create a Customer Administrator; see Creating Customer Administrators .

3. Select the Reseller service (and other desired services) and provision the selected services to the customer.

4. Add the Reseller Administrator role to a user.

To create a new reseller customer

1. From the Services Manager menu bar, click Customers > New Customer.

2. Follow all steps described in Creating Customers and Creating Customer Administrators . The Services Manager

automatically prompts you to provision services to the customer after you create the customer administrator.

3. Select Services and expand Reseller.

Note: If more than one location is configured, multiple Reseller services are listed, one per location. Select the Reseller

service instance for the desired location.

4. Select the check box for each service that the reseller can provision.

5. (Optional) Click the service name and then click Service Settings to configure additional settings for the reseller.

6. If you have configured service settings, click Apply Changes.

7. When you are f inished, click Provision to create the reseller customer.

When you create a reseller customer, the Reseller administrator roles are added automatically to the list of available usersecurity roles.

To add the Reseller administrator role to a user

1. From the Services Manager menu bar, click Customers and select a customer from Customer Hierarchy or search for a

customer from the Advanced Customer Search dialog box.

2. Click the customer name, click Users, and then select the user to whom you want to assign the Reseller administrator

role.

3. Click Edit User, click Account Settings, and then click Advanced Options.

4. Select the Configure a custom role collection check box, expand the Service - Administration node, and then select one

of the following roles:

Select Reseller - Reseller Full Administrator if you want to grant to the user full rights to create, modify, and delete

sub-customers.

Note: Before the reseller customer can create sub-customers, a user must be assigned the Reseller Full Administrator

role.

Select Reseller - Reseller Partial Administrator if you want to designate a user with the ability to update sub-customer

details and to reset passwords.


Finding Customers

Jun 05, 2015

You can f ind a customer by using one of the following search methods:The Customer Search feature available from the services manager Home page, located under the Customer

Management dialog.

The search features available from the Customers page.

To search for a customer from the Services Manager Home page

1. Click Home and expand Customer Management.

2. Select a f ilter of Name/Billing ID or Domain.

3. Type a customer or domain name, then click Search.

Note: You can use the percent (%) character as a leading wildcard to perform partial searches. For example, type %citrix

to f ind all customers with citrix as part of their customer name.

To search for a customer from the Services Manager Customer page

1. From the Services Manager menu bar, click Customers. The Customers page appears, listing all customers in the current

location.

2. Select a customer from the list or use the following criteria to search for customers:

Under Filter Fields, select a search criteria item from the drop-down list and then click the letter with which the criteria

item should begin. For example, select Domain and F to f ind all customers with domain names beginning with F.

Under Advanced Search, enter any of the following information:

In Full Name, enter the complete customer name.

In Code, enter the administrative code that was assigned when the customer was originally created.

In Domain, enter the domain name for the customer you want to f ind.

In Service, select a service to f ind all customers provisioned with that service.

Under Additional Options, use any of the following options:

In No. of users less than, enter a value to f ind customers with fewer users than that value.

In No. of users greater than, enter a value to f ind customers with more users than that value.

In Location, select a location to f ind all customers hosted in that location.

3. Click Search.


Creating Customers

Jun 05, 2015

Updated: 2013-02-22By default, the Service Provider Administrator and Reseller Full Administrator roles can create a Customer, the first step in

using the Services Manager. Perform the following procedures by selecting New Customer from the main menu.

To create a basic Customer with default settings, gather the customer name, email contact information, and primarydomain name. You can choose to provide more detail when you create a customer, specifying additional information suchas:

Detailed customer contact information

Language (locale) for users

Password and email management specif ications

Security roles to assign or disable for the customer

After you create and initially provision a customer, the Services Manager will automatically prompt you to create the initialadministrator for the customer as described in Creating Customer Administrators . If you do not create an administratorat this time, the f irst user created for the customer is an administrator.Note: After you create a Customer, you can edit the customer properties as described in To modify customers .

To create customers with all restricted security roles

1. From the main menu, click Customers > New Customer.

2. If not expanded, expand Customer Details, then select or type the following information:

Location

Synonymous with an Active Directory forest. Standard Services Manager installations consist of one location. This

selection is displayed if more than one location has been configured. Select the location where this customer and

related users will reside. The location cannot be changed after this customer is created and saved.

Full name

Full name of the customer.

Code

Customer code automatically generated from the customer Full Name. You can optionally edit this f ield to replace the

generated code.

Contact Name

Name of the person or entity to contact and associated with the customer.

Email Address

Contact email address in the format of username@domain-name.

3. If not expanded, expand Domain Management and type the new customer's domain name.

4. Select Primary to select this domain as the primary domain for this customer.

Note: The customer is limited to a single primary domain. If you add another domain and select Primary, the added

domain becomes the primary domain.

5. Select the DNS Zone check box to create a DNS zone for each domain entered and click Update.

Note: This option is displayed if the DNS service is installed and configured in the Services Manager, with the Manage

DNS customer setting enabled. Only domains owned by the customer can become a DNS zone. When the customer is

provisioned, this domain will be added to the DNS service.

6. Click Add to add more domains.


7. When you are f inished, click Provision to create the customer. Otherwise, click Additional Options or expand Advanced

Properties to add more detail about the customer.

To add more customer details (Additional Options)

1. On the Customer Details page, click Additional Options.

2. Under Address, add complete address information. Services Manager will automatically populate the required Country

property f ields in Active Directory (co, c, and countryCode) from the country you select from the Country drop-down list.

3. Under Phone, add the following information:

In Phone Number and Fax Number, add complete telephone and fax information.

In Billing Identif ier, type a unique identif ier that is used to link the customer to a billing system.

In Language Code, if multiple languages have been configured or installed, select a language for the Services Manager

interface, email messages, and so on.

In Minimum Password Length, the value is automatically populated with the Active Directory Group Security Policy

setting. This setting defines the minimum password length for this customer or user. You can manually update this

f ield with a length greater than that defined by the Active Directory policy.

In Password Banner Display Days, define the number of days before a password expiration notif ication is displayed to

the user. For example, if this f ield's value is 89, the password expiration notice is displayed on day 90. The length of

time that a password is valid is defined by an Active Directory policy.

In Prepay Customer, select whether the customer has pre-pay or post-pay billing. Select Yes to indicate that the

customer will pre-pay for service. Select No to indicate that the customer will be billed later in the month for services

rendered (post-pay). After you select post-pay billing, it cannot be changed later to pre-pay.

4. When you are f inished, click Provision to create the customer. Otherwise, expand Advanced Properties to add more

detail about the customer.

To specify advanced properties for a customer (Password, Roles, Email Management)

1. On the Customer Details page, click Advanced Properties to manage basic password policy, assign or disable roles,

manage email address patterns.

2. Configure the following options:

In Change password at next logon, select Yes to require the customer's users to create a password the f irst time they

log on. Select No to disable the change password feature. Default setting for new users. When you create a new

user, you can still specify whether the user needs to change their password when they f irst log on.

In Allow passwords to Never Expire, select Yes to give the User Administrator the ability to set user passwords to

Never Expire. You must select Yes if you want to use the AD Sync tool. Select No to allow user passwords to expire at

regular intervals.

Note: You must select Yes if you want to enable AD Sync services for the customer. This ensures the remote domain,

not the hosting domain, controls the interval at which passwords are reset. If this setting is not configured when

provisioning the AD Sync service to the customer, Services Manager automatically configures this setting to Yes.

In Organizational Structure, select from the drop-down list how users are grouped in an Active Directory User OU

(organizational unit). You can choose to leave users ungrouped, group by department or location, or place them in a

user specif ied group.

3. In Brand, choose one of the following options to specify the branding applied to the customer and that users see when

logging on to the Services Manager:

Select URL (selected by default) to use the branding associated with the customer's URL. Customers of the service

provider or reseller customers log on to the Services Manager using the URL provided by the service provider or reseller.

Select Default to use the branding associated with the reseller. That is, the sub-customer of a reseller inherits the

reseller branding and all users see that branding when logged on.


Select Custom to use the custom branding selected from the drop-down list. This setting overrides the URL setting

after users log on to the Services Manager.

4. In Restricted Roles, select a role to deny that role to the customer's sub customers and users. In general, all user or

administrator security roles are enabled for the customer by default. For more information about security roles, see

Managing Security Roles .

5. In Allowed Roles, select one or more security roles in the list to assign to the customer. Afterward, the customer can

assign that role to its customers and users.

6. In Patterns, specify how the user display name and email address are displayed to new users. Patterns updated here are

for new users, not existing users.

7. When you are f inished, click Provision to create the customer with advanced properties.


Manage Users

Jun 05, 2015

As a customer administrator user, you can create one or more users associated with that customer (that is, residing in thecustomer's hierarchy). You can create a user by choosing any one of the following ways:

Create a new user with the New User Wizard

Import many users by using the Bulk Import User feature, with user information defined in a Microsoft Excel

spreadsheet

Move users from one customer to another customer

Getting Started

Creating a user from the Services Manager consists of these initial steps:1. Create a new user by clicking Users > New User from the Services Manager menu bar. You can quickly create a user with a

minimum of information: name, user name and password, and display name.

2. Provision available services to the user.


Bulk User Import Template Settings

Jun 05, 2015

The Bulk User Import Template workbook is a Microsoft Excel 97-2003 compatible .xls format file that can be blank or

contain information about one or more users in a customer hierarchy. It contains a header row that indicates all possible

fields associated with a user.

First Name

First name of the user

Surname

Surname or last name of the user

Display Name

First name and last name of the user. If left blank, the Display Name is automatically created from the First Name and

Surname fields.

UPN

User principal name in the format of username@domain. The domain is the customer's domain. A user can log on using the

UPN. If you specify an email pattern such as %g.%s@domain, the resulting email address is in the form of

firstname.lastname@domain.

Username

If blank, the software automatically creates a username for the user, using the UPN username appended with a

_CustomerShortName. The _CustomerShortName is derived from the customer's ShortName. You can edit this f ield in the

template or Edit User dialog.

Password

An alphanumeric user password. If blank for an existing user, the user's password is preserved. A password is required for a

new user. Passwords must be at least eight characters long and contain at least three of the following four character

types:

Lower case alpha character

Upper case alpha character

Numeric character

Symbol character, such as !, @, #, $, %

Location

The Active Directory Location of the user's customer. If blank, the default location is Unassigned.

Department

The user's assigned department. If blank, the default department is Unassigned.

Phone Number

Telephone number associated with the user.

Custom Field

One or more for customized information associated with the user.

Roles

Specify one or more comma-separated security roles for the user. For example: Customer Administrator, Exchange Service

Administrator. Each column is limited to 250 characters. Use the Roles 2 through Roles 4 f ields for additional roles.

Account Disabled

This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user account is disabled


and the user cannot log on to access services. FALSE specif ies that the account is enabled upon import.

Change Password at Logon

This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user must change its

password when f irst logging on. FALSE specif ies that the user does not need to change the user account password at f irst

logon.

Password Never Expires

Select TRUE to set the user password to Never Expire. You must select TRUE if you want to use the AD Sync tool. Select

FALSE to allow the user password to expire at regular intervals.

Email Addresses

Specify one or more email addresses for the user. If blank, the software automatically assigns an email address constructed

from the UPN.

City/ZipPostal/Title/Street

Specify physical address information for the user. You can specify a user's organizational title; for example, Manager of

Engineering Services


Managing User Password Expiration EmailNotifications and Reports

Jun 05, 2015

The Services Manager enables a customer administrator to configure, enable, and report on user password expiry andnotif ication. As described in Creating Users , you can allow passwords in user accounts to expire. Creating and configuringpassword expiration email notif ication is the f irst step of a two-step process: f irst create a message, then enable themessage to be sent. To do this, you perform the following tasks:

Create and configure a password expiration email notif ication to all users within a customer hierarchy.

Enable the password expiration notif ication email.

Generate a user email expiry report to be sent to a customer administrator.

Note: The Password Expiry date is set by the service provider or domain administrator for the Active Directory domain's

Group Policy.

To create and configure a password expiration email notification to users

If you intend to include a file attachment with the notification, upload the file before creating the new notification

message.

1. From the Services Manager menu bar, click Customers > Configuration > Email Notif ication.

2. (Optional) If you intend to include a f ile attachment with the notif ication, click Attachments and then select and upload

the f ile you want to include. To return to the email notif ication page, click Notif ication.

3. Under Create Messages, select the following options:

In Event, select User Password Expiry.

In Recipient, User.

In Customer Type, select Full Customer.

4. Click New Message. The Email Content dialog box appears.

5. Configure the following email notif ication settings and then click Save:

Under Settings, select the status, frequency, modif ication settings for the notif ication. By default, notif ications have

an Enabled status and are sent once.

Under Recipients, select one of the following f ilters by which to search for or select recipients and then click Add:

Select Custom and, in E-mail, type a common email pattern or customized email address. For example, the common

email pattern {UserExternalEmail} sends email to the address specif ied in the user's External Email Address property.

Select User or Customer and, in Search, type a name or search by specifying a partial name prepended with the

percent (%) character.

Select Role and choose a role from the drop-down list. All users provisioned with that role will receive a notif ication

email.

Select Reseller Role and choose a role from the drop-down list. All users provisioned with that role will receive a

notif ication email.

In From Address and From Display, type the reply-to address and a display name of the email sender.

Under Message, perform the following actions:

In Language, select a language from the drop-down list.

In Subject, type a subject for the notif ication.

(Optional) In Attachments, select a f ile that you uploaded using the Attachments feature.

In the message box, type the text of your message.

In Message Type, select Html or Text.


To enable the password expiration notification email and email expiry report

1. From the Services Manager menu bar, click Users > Configuration > Email Configuration.

2. Configure the following email notif ication and report settings and then click Save:

In Email Expiry Report, select Yes to generate a daily report about user accounts to be sent to the specif ied customer

administrator, based on the conditions selected on this page. Selecting No disables all selections except Email

Notif ication Report.

In Email Notif ication Report, select Yes to send an email to user accounts where the password is due to expire in the

time specif ied on this page. The Services Manager also sends a summary report to the customer administrator email

specif ied in this dialog. The report includes all users to whom the notif ication email was sent successfully and any

users to whom the notif ication was not sent because an email address was not configured for their account.

Selecting No disables all selections except Email Expiry Report.

In Include users with passwords that expire in blank days, Select Yes and type the number of days in which user

passwords expire. Selecting No disables the remaining choices labeled with "Filter."

In Filter never expire, select Yes to report users whose passwords are set to Never Expire.

In Filter expired passwords, select Yes to report users whose passwords have expired.

In Filter accounts locked, select Yes to report users whose accounts are locked.

In Filter accounts disabled, select Yes to report users whose accounts are disabled.

In Email Address, specify the customer administrator email address and select the location from the drop-down list. To

send the report to more than one customer administrator, create a Microsoft Exchange Distribution Group and type

the Distribution Group's email address.

In Language, select a language from the drop-down list.


Creating users with templates

Jun 05, 2015

Updated: 2013-05-07If you need to create users that have similar settings, you can use a template to create these users quickly. When you

create the template, you specify the user settings, including security roles, and the services to be provisioned when the

template is used. To create a new user, you select the template you want to use and then click New User from the User

Functions dialog box. The user details from the template are copied to the new user.

Templates are customer-specific; that is, they are accessible only to the administrator of a particular customer's account.

For example, a customer administrator cannot view or use the templates of a parent reseller, and the reseller cannot view

or use the templates of any of their customers.

Templates are stored in the system database as users. You can access existing templates from the Users page of the

control panel. Under Advanced Search, enter search criteria and select the Template user type.

To create a new template

1. From the Services Manager menu bar, click Users.

2. Under Management, click New Template User. The Create User page appears.

3. In Display Name, enter a name for the template user.

4. Click Additional Properties to add address and organizational details.

5. Click Account Settings to configure password change and expiration settings.

6. Click Advanced Options to select a security role for the template user. To customize the security role, select Configure a

custom role collection.

7. Click Save. The Provision Services page appears.

8. Select the services you want to provision when the template is used to create a new user.

9. Click Save.

To create a new user based on a template

1. From the Services Manager menu bar, click Users.

2. Find and select the template you want to use:

1. Under Advanced Search, in User Types, select Template.

2. Click Search. A list of all existing templates appears.

3. Select the template you want to use. The Create User page appears.

3. Under User Details, perform the following actions:

1. Enter the user's UPN and name information.

2. (Optional) Click Additional Properties and enter any additional location or organization details for the user.

4. Under Password Configuration, enter the user's password and confirm the entry.

5. (Optional) Under Account Settings, review the password settings and security role, and make any required changes.

6. Under Email Addresses, add email addresses as required.

7. Under Copy Services, select the services you want to provision to the new user.

8. Click Provision.

After the new user is provisioned, ensure the user's provisioning status appears with a green indicator for all services.

Services that appear with a blue indicator require additional configuration.


Modifying Users

Jun 05, 2015

To modify an individual user

The User Functions dialog box enables you, as the administrator, to manage an individual user in your organization. To

manage multiple users with User Functions, use the Multi User Selection dialog box.

1. Find a user by using one of the following methods in Finding Users .

2. Click the user name to display the User Functions dialog box.

3. Select any of the following options:

Option Description

Edit User Modify user contact information and email addresses, change the user password, add or remove

security roles, and modify account settings.

Copy User Make a copy of an existing user within a customer hierarchy. The copied user resides in the original

customer hierarchy and possesses the original user's provisioned services. See Moving and Copying

Users .

Delete Permanently delete a deprovisioned user account from the Services Manager and Active Directory.

This function is only available after you deprovision a user.

Deprovision Deactivate the user account in Active Directory but keep the account information in the Services

Manager database.

Disable Disable the user account in the Services Manager database and Active Directory. The user cannot log

in to the Services Manager while disabled and the administrator cannot modify any services previously

provisioned to the user.

To reinstate the user, click Enable and then Provision.

To delete the user, click Delete. This action deletes the user account from the Services Manager

and Active Directory and also deletes any data associated with the user (such as Exchange

mailboxes).

Note: You can modify user settings by using Edit User while the user is disabled. Click Provision in

the Edit User dialog box to apply the changes to the user.

Enable Reinstates the user account in the Services Manager and Active Directory. Next, click Provision to

provide the user with full access to its provisioned services.

Provision Activate the user account after updating or modifying account settings. If a user had been disabled,

Enable the user before performing a Provision operation.

Services Select and configure service settings and provision one or more services to the user.

To modify multiple users

1. Perform one of the following steps:


If you are a Service Provider administrator, search for and select a customer, then click Users to display that

customer's users.

If you are a customer administrator, click Users from the Services Manager menu bar to display your users.

2. Under Multi User Selection, click Select All Users to select every user in the customer hierarchy. Otherwise, select the

users on which to perform the operation.

3. Click one of the following options:

Services

Disable

Enable

Provision

Deprovision

Delete


Moving and Copying Users

Jun 05, 2015

You can move a user from one customer to another customer, migrating the user information and provisioned services tothe new customer, with the following conditions:

Both customers must belong to the same Services Manager location (that is, Active Directory domain).

Provisioned services that will transfer with the user are limited to Blackberry, Hosted Exchange, and Office

Communications Server (OCS). If the user is provisioned with any other service, deprovision that service before

attempting the migration.

You can also make a copy of an existing user within a customer hierarchy. The copied user resides in the original user's

customer hierarchy and possesses the original user's provisioned services.

To move a user to a different customer

Ensure that you perform the following procedure as a Service Provider or Reseller administrator.

1. From the Service Manager menu bar, select Users > Configuration > User Move.

2. In Customer Search, type a source customer name and click Next. Services Manager returns the source customer name,

if found.

3. In User Search, type a user name and click Next. Services Manager returns the user name, if found.

4. In Customer Search, type a destination customer name and click Next. Services Manager returns the customer name, if

found, and displays the User Mapping table to enable you to change the moving user's new UPN and email address.

5. Accept or edit the defaults and click Next.

6. Click Finish to move the user.

When complete, Services Manager prompts you to review the customer and user. Citrix recommends that you review both

and edit each as required. To move another user, click Move another user to a new customer.

To copy a user in the same customer hierarchy

Ensure that you perform the following procedure as a user administrator, at a minimum.

When performing this procedure, consider the following items:Some services might appear in the User Services dialog with a provisioning status of blue. Blue indicates that the user's

services require additional configuration. After configuring the service, manually provision it.

When the Hosted Exchange service is provisioned to the copied user, the default primary email address is the new copied

user's address.

If populated, the Title and Web Page f ields in Additional User Properties are copied to the new user.

1. Click Users to display all users for a customer, then click a user to access the User Functions dialog box.

2. Click Copy User. The Create User page appears.

3. Enter user details and password for the new user and configure account settings as described in Creating Users .

4. Click Copy Services and clear the check boxes for any provisioned services you do not want to be copied to the new user.

5. Click Provision. The Provision Services page displays all provisioned and unprovisioned services.

6. Provision any additional services from the list to the copied user.

7. Click Provision for each service you want to provision to the user. The copied user is now created and provisioned in the

customer hierarchy.


Creating Multiple Users with Bulk User Import

Jun 05, 2015

You can import new or edit existing users in a customer hierarchy by using the Bulk User Import feature. This featureenables you to create new or modify existing multiple users as specif ied in a Microsoft Excel 97-2003 format workbook(.xls). You can download a new blank template or a workbook populated with existing user information from the portal. Ineither scenario, you:

Download the appropriate template

Create new or edit existing users

Upload the template to the portal

Select users to add or update

Provision services to the users and then provision the users

After uploading the template, Services Manager gives you the opportunity to perform the following actions:Resend the f ile process request to upload the template again

Import the users from the template you uploaded

Download the template you uploaded

Cancel the bulk user import process

Delete the f ile from the imported f ile list

Bulk User Import Template Settings describes the template's workbook headings and settings.

Consider the following when you create or edit a Bulk User Import template:Do not rename the column headings in the templates.

Do not leave blank rows between users.

The templates do not support provisioning new services to users. You must provision services to users through the

Services Manager by using the User Functions or Multi User Selection features.

To download a template

1. Click Users > Bulk User Import.

2. Click one of the following options, then click Save when prompted to save a copy of the template on your PC:

Click New Users Template to download a blank workbook template with column headings.

Click Existing Users Template to download a workbook with column headings and cells populated with user data.

Click Generate Template to create a new template with column headings and cells populated with current user data.

When the workbook template is ready, click Existing Users Template to download it.

Note: This selection exists depending on how the CloudPortal software was installed. The workbook is not generated

immediately. The speed at which the workbook is generated depends on how many users exist in the customer

hierarchy.

To import users

1. Click Users > Bulk User Import.

2. Click Browse in the Upload User Import File dialog, navigate to your new or edited workbook, and select it.

3. Add a description for the workbook and click Upload. The Bulk Import File List displays the f ile details as the f ile is verif ied.

4. From the f ile list, click the upload date of the f ile you uploaded and, under Import File Management, click Import. The

User Import page appears.

5. Click New Users or Existing Users to view the uploaded users. The list of users is shown, including any users who might


have errors in their entries. You can select verif ied users to import at this time, and f ix invalid users to upload at a later

date.

6. (Optional) Expand a user to view account properties associated with the user.

7. Click Save to import the selected users.

Note: You cannot import users that have errors in their entries. With your mouse pointer, hover over any error to reveal

the source.

8. Provision one or more services to the users and provision the users to activate them in the customer hierarchy.


Finding Users

Jun 05, 2015

You can f ind a user by using one of the following methods:The User Search feature available from the Services Manager Home page, located under User Management

The search features available from the Users page

To search for users from the Services Manager Home page

1. From the Services Manager menu bar, click Home and expand User Management.

2. Select a f ilter of Name, UPN, or Email.

3. In User Search, type a user name, email, or User Principal Name (UPN) and click Search.

You can use the percent (%) character as a leading wildcard to perform partial searches. For example, type %citrix to find

all users with "citrix" as part of the user name.

To search for users from the Services Manager Users page

1. From the Services Manager menu bar, click Users. The Users page appears, listing all the users in the customer hierarchy.

2. Select a customer from the list or use the following criteria to search for users:

Under Filter Fields, select a search criteria item from the drop-down list and then click the letter with which the criteria

item begins. For example, select User ID and then click F to f ind all users with user IDs beginning with F.

Under Advanced Search, enter any of the following information:

In User ID, UPN, First Name, Surname, or Email, type at least one letter in any of these f ields to f ind users whose

information begins with the letter or letters.

In Role, select a security role from the drop-down list. For example, select User Administrator to f ind users assigned

the User Administrator role.

Under User Types, select Standard to f ind a customer's user. Select Template to f ind any user templates in the

Services Manager. Typically, a template user is the defined user template you can download for Creating

Multiple Users with Bulk User Import .

Under Service Filter, enter any of the following information:

In Service, select an installed service from the drop-down list.

In Access Level, if available, select a service access level security group.

In Status, select the status of the service associated with the users.

Under Account Status, select Yes for each status option to f ind users according to the associated account status.

Select No to f ind users with accounts that are not locked, disabled, or expired. Select Ignore to remove the account

status option from consideration in searching.

Under Password Status, select Yes for each status option to f ind users according to the associated password

expiration status. Select No to f ind users whose passwords are not expired or are not set to Never Expire. Select

Ignore to remove the password status option from considering in searching.

Under Additional Options, f ind users according to custom fields, location, or department specif ied in the user

properties.

3. Click Search.


Creating Users

Jun 05, 2015

To create a user

As a customer administrator user, you can create users for the services provisioned to your customer. When creating a user,consider the following:

Users with the User Administrator role, at a minimum, can create users.

A user can be created with a one or more permissions in the Services Manager; each permission is known as a security

role. See Assigning User Security Roles .

1. Click Users > New Users.

2. If not expanded, expand User Details , then select or type the following information:

In UPN, type a user name that will be added to the appended domain name that you select from the drop-down list.

The user name is automatically populated in the Username field. You can edit the Username field.

3. In First Names and Last Name, type the f irst and last name of the user. The Display Name field is automatically

populated with the f irst and last name of the user. You can edit the Display Name field.

4. Click Additional User Properties to add more information about the user.

5. To designate the user a test user, select the Test User check box.

Note: Test users are user accounts that are not added to billing reports. You can later edit this user and clear this check

box.

6. If you do not want to add more details, under Password Configuration, add a password for the user.

7. Click Provision to create the user.

To configure account settings for a new user

1. Click Additional User Properties to add more information about the user.

2. Expand Account Settings to configure the following options:

In Change password at next logon, select Yes to require the user to create a password when f irst logging on. Select

No to disable the change password feature.

In Set passwords to Never Expire, select Yes to prevent user passwords from expiring. Select No to allow the user

password to expire at regular intervals.

In Account Disabled, select Yes or No to enable or disable the user account. If you provision a user with its account

disabled, that user cannot log on to use services until you enable them by clicking Enable in User Functions.

In Account Locked, No is the only option and is selected by default.

In Account Expires, select Never to prevent account expiration. Select End of to choose the date when the account

expires.

Note: If an end date is selected, the Services Manager will automatically disable the user's account on the next

calendar day and they will not be able to access the Services Manager or any related services. Leave this setting as

Never if the user's account does not need to expire. This setting does not define the Password Expiry date as

configured by the Service Provider for the Active Directory domain's Group Policy.

3. Click Advanced Options to select security roles for the user. The Configure a custom role collection check box and all

security roles are selected by default. You can clear or select one or more roles for the user.

4. Clear Configure a custom role collection to select and assign one pre-configured role from the drop-down list.

5. (Optional) Expand Email Addresses to configure one or email addresses for the user. Otherwise, the Services Manager

automatically assigns an email address constructed from the UPN.

6. When you are f inished, click Provision to create the user.


Assigning User Security Roles

Jun 05, 2015

Each user can be assigned a specif ic security role in the Services Manager. A security role provides a user with selectedaccess permissions in the Services Manager. The following roles are the standard or default administrator roles availablewhen creating or editing a user.

SecurityRole

Description

Customeradministrator

The f irst user created by default after creating a customer inherits this role. The customeradministrator can create, provision, and edit users, then provision users to services. This role can alsomanage services provisioned to the customer. This role includes all permissions of the user and serviceadministrator.

Partial useradministrator

This role can reset passwords for a customer's user.

Useradministrator

This role can create, provision, and edit users for a customer.

Serviceadministrator

This role can manage services provisioned to the customer. It can access any editable administrationinterface associated with a service.

User andserviceadministrator

This role is identical to the customer administrator. Assign this role to a user when you require morethan one customer administrator user in your organization or hierarchy.

The Services Manager also includes three security roles to enable end-users (that is, consumers of customer services) tomanage their accounts and provisioned services. These roles are disabled by default and need to be enabled and provisionedto the top-level customer by a Service Provider or Reseller Full Administrator before they can be provisioned to a useraccount. Once provisioned, users can manage their accounts through My Account, available from the Services Managermenu bar after logon.

Security Role Description

My AccountManagement

Enables the end user to change the user information details, account password, and manageemail addresses associated with the user account.

My ServicesManagement

Enables the end user to select, edit, and re-provision the services provisioned to the end useraccount.

My Account & ServicesManagement

Combines the above management capabilities in a single role.

To enable and provision user security roles

Ensure that you are logged on to the Services Manager as a customer administrator user to perform these steps.

1. Select a user by performing one of the following steps:


Create a user as described in Creating and Managing Users .

From the Services Manager menu bar, click Users to display all users, then expand a user to access User Functions. Click

Edit User.

2. Expand Account Settings and click Advanced Options.

3. In Security Roles, perform one of the following actions: select a role from the drop-down list to assign a default

administrator security role to the user.

Assign a default security role: Clear the Configure a custom role collection check box and select a default security role

from the drop-down list.

Assign a custom security role: Select the Configure a custom role collection check box and select any of the service

and system roles that appear.

4. Click Provision.


To enable and provision Account and ServiceManagement roles

Jun 05, 2015

To perform this procedure, ensure that you are logged on to the Services Manager as a Service Provider or as a user or

customer with the Reseller Full Administrator security role enabled.

1. Select a customer by performing one of the following steps:

Create a customer as described in Creating Customers .

From the Services Manager menu bar, click Customers to display all customers, then expand a customer to access

Customer Functions. Click Edit Customer.

2. Expand Advanced Properties.

3. In Allowed Roles, select one or more of the account and service management security roles.

4. Click Provision. The customer can now provision these security roles to one or more of the customer's users.