cloudportal services manager 11 - citrix docs · oct 05, 2016 updated: 2014-09-29 citrix...
TRANSCRIPT
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.1https://docs.citrix.com
About this release
System Requirements
System Requirements for Server Roles
Firewall requirements for Services Manager
Plan
Services Manager Terminology and Concepts
Plan for deploying the Services Manager platform
Plan for deploying services
Install
Install and configure the Encryption Service
Verify deployment readiness
To create the system databases
To install server roles using the graphical interface
To install server roles from the command line
To configure server roles using the graphical interface
Configure locations using the graphical interface
Configure server roles and locations from the command line
Deploy components for high availability and fault tolerance
Upgrade
Upgrade system databases
Upgrade platform server roles
Upgrade platform server roles using the graphical interface or command line
Upgrade web components
Upgrade web services using the graphical interface or command line
Upgrade the Reporting service
Upgrade the Reporting service using the graphical interface or command line
Deploy Services
CloudPortal Services Manager 11.5
Jul 25, 2016
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.2https://docs.citrix.com
AD Sync
BlackBerry5
Citrix
DNS
Dynamics CRM
File Sharing
Hosted Apps and Desktops
Hosted Exchange
Lync Enterprise 2010 and Lync Hosted 2010
Lync Enterprise 2013 and Lync Hosted 2013
Mail Archiving
Microsoft SQL Server Hosting
MySQL
Office 365
Office Communication Server 2007
ShareFile
SharePoint 2010
SharePoint 2013
Virtual Machines
Windows Web Hosting
Export and import service packages
Create and provision additional user and customer plans
View and f ilter provisioning requests
Provision services and customers in bulk
To migrate users to different user plans in bulk with the Package Migration Wizard
Manage
Create and manage customers
Create and manage users
Manage security roles
Manage provisioning changes
Manage reports
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.3https://docs.citrix.com
About this release
Oct 05, 2016
Updated: 2014-09-29Citrix CloudPortal Services Manager transforms cloud infrastructures into profitable cloud businesses with a comprehensive
platform to manage business and operations support services, customers, and cloud offerings. Services Manager is an easy-
to-use web portal that helps service providers manage the delivery of cloud services and offerings to their customers. It
provides out-of-the-box support for Desktop-as-a-Service and Windows apps, as well as popular business applications like
Exchange, SharePoint, Lync, web hosting and more. Without any IT expertise, customers can add or change services, view
reports and manage users.
What's new in this release
Expanded language supportThe Services Manager control panel interface and documentation have been localized in Japanese, Simplified Chinese,
and Spanish.
Security enhancementsServices Manager now includes a new Encryption Service that supports AES 256. For more information, see Plan for
deploying the Services Manager platform.
Service integrationServices that were released separately, after Services Manager 11.0, are included in this release. These services are:
Lync Enterprise 2013
Lync Hosted 2013
SharePoint 2013
ShareFile
Hosted Apps and Desktops, supporting App Orchestration 2.0 and 2.5
Streamlined upgradingServices Manager 11.5 supports upgrading from Services Manager 11.0, including Versions 11.0.1, 11.0.1 CU1, and 11.0.1 CU2.
Server platform supportServices Manager platform components can be deployed on servers running Windows Server 2012 R2. For more
information about system requirements and support, see System Requirements for CloudPortal Services Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.4https://docs.citrix.com
System Requirements for CloudPortal ServicesManager
Jun 05, 2015
Updated: 2013-02-20Deploying Services Manager includes installing the platform components (server roles), configuring firewall ports for each
component, and installing the web services.
For system and f irewall requirements for platform components, refer to the following topics:System Requirements for Server Roles
Firewall requirements for Services Manager
For each requirement, the minimum version required is stated, as well as any later versions that are supported.
For requirements for specif ic services, refer to the topics in the Plan for deploying services section. This section containstopics for each service that Services Manager supports and includes additional planning information such as:
Service deployment overviews
Changes that occur in Active Directory when the service is deployed
Additional configuration details for specif ic deployment scenarios
For system requirements information for resource components such as Exchange servers, SharePoint farms, and so on,
refer to the component's product documentation.
Important: Before using Services Manager, check for and install any available security updates for the components youwant to deploy.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.5https://docs.citrix.com
System Requirements for Server Roles
Jun 05, 2015
Updated: 2014-08-29The sections in this topic describe supported platforms, required software, and other information that will be used when
you install and configure the core components (server roles) that comprise the Services Manager platform. The Services
Manager server role installer (Setup Tool) handles many of the prerequisites, such as installing .NET Framework 4.0, enabling
Web Server roles, and enabling MSMQ features. (The .NET software is also available in the Support folder of the Services
Manager installation media.) See Plan for deploying the Services Manager platform for additional preparation information.
Active Directory and Exchange requirements
Services Manager supports Active Directory Domain Services on the following platforms:Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
At a minimum, the domain functional level must be Windows Server 2008.
Before the Services Manager platform can be deployed, the Active Directory schema must be extended to include thestandard Exchange attributes and prepare the environment for multi-tenancy. You can extend the schema through one ofthe following methods:
Use the Schema Prep tool from the Microsoft Exchange installation media. This method applies if you do not plan to
deploy Exchange 2007 or 2010 and you do not intend to deploy the Exchange web service. In general, to deploy the
Schema Prep tool, you enter the following command in a Command Prompt window:
setup /p /on:OrganizationNameDeploy Exchange. This method applies if you plan on installing the Exchange web service in your Services Manager
deployment. Extending the Active Directory schema is part of the Exchange deployment process.
The domain user account used to extend the Active Directory schema or install the Services Manager platformcomponents must belong to the following groups:
Group Name Required for Services Manager platforminstallation
Required for extending Active Directoryschema
Domain Admins Yes Yes
EnterpriseAdmins
No Yes
Schema Admins No Yes
If any server (including DNS) is not in the domain, the same user account should be set up as a local user on that server with
the same password, as a member of the local Administrators group.
Security requirements
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.6https://docs.citrix.com
To ensure your deployment is protected from external threats, consider creating an account lockout policy that disables a
user's account for a specified period when an incorrect password is entered a specified number of times. When this policy is
set each failed logon attempt is recorded on the primary domain controller.
Before implementing an account lockout policy, consider carefully the risks and benefits of implementation to your Services
Manager deployment. For more information about configuring this policy, see the Microsoft TechNet article, "Account
Lockout Policy Technical Overview."
DNS requirements
Services Manager uses DNS aliases internally for the core components. Create CNAME records for the following roles andcomponents:
Platform component Alias
Encryption Service server CSMCORESVC
Database server CORTEXSQL
Provisioning server CORTEXPROVISIONING
Web server CORTEXWEB
Reporting Services CORTEXREPORTS
Encryption Service requirements
The Encryption Service allows the secure retrieval of encryption keys using the AES 256-bit encryption method. When youinstall the service, a new AES key is generated, encrypted, and stored in Windows Registry. For more information, see Planfor deploying the Services Manager platform.Important: Citrix strongly recommends using SSL with the Encryption Service. Because the traff ic to and from the servicecontains sensitive data, using SSL ensures this traff ic is encrypted appropriately.Citrix recommends installing the Encryption Service on a dedicated server; however, you can also install it on a server that
hosts other Services Manager components (such as the Provisioning server or Web server).
When preparing a server for installing and configuring the Encryption Service, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available for f ile growth
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
.NET version .NET Framework 4.0 installed. This software is included in the Support folder on the ServicesManager installation media.
User Account Disabled.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.7https://docs.citrix.com
Control (UAC)
Firewall Windows Firewall must allow inbound SSL (port 443) requests.
Windows serverroles
Enable the following roles:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Database server requirements
The database server hosts the system databases that are required for Services Manager to operate. When preparing thedatabase server, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
User AccountControl (UAC)
Disabled.
Databaseserver
Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.
Authentication Mixed mode enabled (SQL and Windows Authentication).
SQLconnectiontypes
Local and remote SQL connections enabled.
Installationaccount
Configure the account to be used during installation with the SysAdmin role. If you cannot do this inSQL, you can use an account with SysAdmin rights. You can remove this account after installationcompletes.
Firewall Windows Firewall must allow connections through the database instance port (default=1433).
When you install SQL Server, make note of the instance name (default=default) and port (default=1433). You will need this
information when you configure the server for use with Services Manager.
During platform installation, the following databases are created:OLM: The core database for customer and user information
OLMReports: Stores legacy reporting data and some system settings
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.8https://docs.citrix.com
OLMReporting: Stores reporting data
Additionally, the following SQL accounts are created for accessing the databases:CortexProp
OLMUser
OLMReportsUser
OLMReportingUser
Two SQL jobs are installed on the database server: Gather Daily Stats Data and Gather Monthly Stats Data.
Provisioning server requirements
If you are installing the Provisioning server role on a domain controller, give the ProvisioningUsers security group the Allow
logon locally permission. However, for security reasons, Citrix recommends installing the Provisioning engine on a server that
does not act as a domain controller in your network environment.
When preparing a server to host the Provisioning server role, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
User AccountControl (UAC)
Disabled.
.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the ServicesManager installation media.
Firewall Windows Firewall must allow inbound TCP requests on port 80.
Windows serverfeatures (Setupinstalls thisrequirement)
Enable the following features:Message Queuing > Message Queuing Services > Message Queuing Server
Message Queuing > Message Queuing Services > HTTP Support (only if the server is not in the
domain)
Telnet client
Windows PowerShell
SQL ServerManagementObjects
Install the 64-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This software is included in the Support folder of the Services Manager installation media. TheServices Manager Setup Tool can also install this requirement when you install the Provisioningserver role.
Domainmembership andprivileges
Server must be a member of the domain.
Service must have full domain administrator privileges.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.9https://docs.citrix.com
SMTP server Required. Depending on the notif ication, the Provisioning server also needs a temporary directoryfor assembling the email. The SMTP server can also be used by the Report Mailer server role. Whenconfiguring the Provisioning server role, you will need to provide the SMTP server address and portnumber.
Directory Web Service
In general, the Directory Web Service is installed on the same server that hosts the Provisioning server role. If you are
installing the Directory Web Service on a domain controller, give the CortexWSUsers and the Proxy Users groups the Allow
logon locally permission. However, for security reasons, Citrix recommends installing this role on a server that does not act
as a domain controller in your network environment.
When preparing a server to host the Directory Web Service, ensure the following server requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
User AccountControl (UAC)
Disabled.
.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the ServicesManager installation media.
Firewall Windows Firewall must allow inbound TCP requests on port 8095.
Windows serverfeatures
Enable the following features:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
PowerShell 2.0
Web server requirements
When preparing a server to host the web server, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.10https://docs.citrix.com
User AccountControl (UAC)
Disabled.
.NET Version .NET Framework 4.0 installed
Firewall Open port 80 from the web server to the SQL Reporting Services server.
Report Viewerversion
Microsoft Report Viewer 2008 SP1.
Windows serverroles
Enable the following roles:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
SQL ServerManagementObjects
Install the 32-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This is available in the Support folder of the Services Manager installation media.
During platform configuration, you will need to know the host header required for the web site. This is the URL used to
access the Services Manager control panel. The Configuration Tool refers to this as the external address.
When you install the web server role, the following items are installed:CortexMgmt Application Pool: Runs the Management Site.
Cortex Management Site: Contains the CortexDotNet and CortexAPI web applications.
CortexDotNet is the service that runs the control panel. CortexAPI is the XML-based web service that automates
management tasks.
Accessing the web server is supported on the following web browsers:Internet Explorer 9, 10, and 11
Firefox 31.x
Chrome 36.x
Safari 5.x
Note: If you intend to access the web server with Internet Explorer 10 or 11, install the hotfix for .NET Framework 4.0available from Microsoft Knowledge Base article 2600088 (http://support.microsoft.com/kb/2600088) on the web server.This hotfix updates the ASP.NET browser definitions which enables the control panel to function as expected withInternet Explorer 10 and 11. If you do not want to install this hotfix, use Internet Explorer 9 or supported Firefox, Chrome,and Safari browsers to access the web server.The Autologin tool supports Windows XP SP3, Windows 7 SP1, and Windows Server 2008.
Reporting and data warehouse requirements
SQL Reporting Services is the engine for providing reporting capabilities in Services Manager. The Reporting service and datawarehouse are installed on the server hosting SQL Reporting Services. When preparing a server for installing and configuring
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.11https://docs.citrix.com
the Reporting service and data warehouse, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
Firewall Open port 1433 between the Reporting server and the database server. Allow connections throughthe reporting port (default=80).
.NET version .NET Framework 4.0 installed. This software is included in the Support folder on the Services Managerinstallation media.
Databaseserver
Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.
DatabaseAuthentication
Windows Authentication enabled.
SSRS Serviceaccount
Set the SQL Server Reporting Services service account to Network Service.
SQLconnectiontypes
Local and remote SQL connections enabled.
SSRSAdministratoraccount
In SQL Server Reporting Services, create a dedicated user with the System Administrator role; domainadministrator rights are not required. Use this account when deploying the Reporting server role.
SQL ServerManagementObjects (SMO)
Services Manager setup installs Microsoft SQL Server Shared Management Objects automaticallywhen the Reporting server role is deployed. SMO is also available in the Support folder of the ServicesManager installation media.
Report Serverconfigurationfilemodifications
Verify that the Report Server configuration f ile (C:Program FilesMicrosoft SQLServerMSRS10.MSSQLSERVERReporting ServicesReportServerrsreportserver.config) contains theentry "<AuthenticationTypes><RSWindowsNTLM/> <RSWindowsNegotiate/></AuthenticationTypes>".
SMTP server Required for the data warehouse. You can specify the SMTP server used with the Provisioning server;however, it must allow relays from the data warehouse server.
OCSMonitoring
If you intend to use the OCS Monitoring service in your Services Manager environment, install andenable this service on the OCS 2007 server.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.12https://docs.citrix.com
Firewall requirements for Services Manager
Sep 14 , 2015
Updated: 2014-08-15Services Manager requires specific firewall ports be open to support communication between platform components. The
following diagram illustrates the required ports and the platform components that use each port in an environment that
includes a primary location and a remote location.
The following table lists the default connectivity configuration between the Services Manager roles. Configure thesebefore installing the roles.
Traff ic/Port From To Purpose
TCP 8095 Web Server Provisioning Engine Authenticate users and read-time ActiveDirectory lookups
MSMQ*, HTTP, orHTTPS
Web Server Provisioning Engine Provisioning request
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.13https://docs.citrix.com
TCP 1433** Provisioning Engine SQL Server Access to provisioning rules, write statistics
TCP 1433** Web Server SQL Server Access to customer and user information
TCP 80 Web Server SQL ReportingServices server
Access to SQL Reporting Services
TCP 443 Web Server, All domainservers
Encryption Serviceserver
Allow secure retrieval of encryption keys
* MSMQ comprises several ports, as specified by Microsoft.
** The supported SQL versions use TCP 1433 only for the default instance; other named instances use a dynamically
assigned port. If your installation is not the default instance and a firewall separates the SQL server from the other
Services Manager roles, you must override the dynamic behavior by allocating a specific port.
Traff ic/Port From To Purpose
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.14https://docs.citrix.com
Plan
Jun 05, 2015
Updated: 2013-04-18When deploying Services Manager, you have many choices of deployment designs and features which you can tailor to theneeds of the services you want to offer and the customers you serve. A typical process of planning a Services Managerdeployment includes:
Becoming familiar with Services Manager setup by creating a one-server or two-server test deployment.
Determining the number of servers you need for your deployment, deciding which roles each server will perform, and
evaluating hardware requirements.
Deciding which services you want to offer customers and resellers, and determining the deployment requirements for
each service.
Creating the network infrastructure design.
Defining the installation processes.
Creating and testing a pre-production pilot deployment based on your design.
Releasing the deployment into production.
Deployment Overview
A typical Services Manager deployment process includes:Phase 1: Services Manager platform
Phase 2: Services deployment
Phase 3: Customer and user provisioning
Phase 1: Services Manager platform
The Services Manager platform represents a series of servers that perform provisioning tasks, authenticate and manageusers, host the control panel interface and API services, store and process data from the main database, and manage billingand usage. These servers must be fully configured before services are deployed. A Services Manager deployment includesthe following core components (or server roles) that you install and configure:Web server
The web server hosts the control panel’s web interface and API services. The control panel is the primary user interface for
service providers, resellers and end-customer users. The customer administrator can manage the organization’s users and
associated services within the same system. Users can perform administrative and self-service tasks that have been
delegated to them. Provisioning requests are sent from the web server to the Provisioning Engine through a Microsoft
Message Queue.
Databases
The main system databases are the Microsoft SQL Server repositories for user, customer, and configuration information.
Several system databases are automatically created when you install and configure the server roles. The Services Manager
Reporting Service uses Microsoft SQL Server Reporting Services.
Provisioning Engine
The Provisioning Engine performs all provisioning tasks. It expedites requests from the web server and automates managed
services and resources.
Directory web service
The Directory web service provides the web server with function calls related to Active Directory, such as user
authentication, user account status inquiries, user enabling and disabling, and security group management.
Data warehouse
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.15https://docs.citrix.com
The data warehouse performs scheduled storage of historical data from the main system database, and manages the
creation and sending of usage and billing reports.
Report Mailer
The Report Mailer gathers anonymous usage data and emails usage reports to the Citrix license monitor. Customer and
user information is not transferred, only the number of customers and users-per-service.
To prepare your environment for these components, you perform the following tasks:Review the system requirements for each server role and perform any initial server configuration required.
Determine whether you will install and configure these server roles using the graphical user interface or the command
line.
Determine which server will host each server role. For example, the Directory web service is typically installed on the same
server as the Provisioning Engine. However, for a large deployment, you might consider using separate SQL servers for
hosting the reporting and billing databases.
Deploying the Services Manager platform also includes creating the first administrator user for the deployment. This user
represents the top-level administrator account and has permission to perform all control panel tasks.
Phase 2: Services deployment
Deploying services includes installing and configuring services for resources such as Microsoft Exchange, Citrix Apps and
Desktops, and Microsoft SharePoint. Before deploying any service, you must ensure the resources supporting the service
are fully deployed in your network environment. For example, to deploy the Hosted Exchange service, Services Manager
requires you have a working Exchange deployment in your environment. The Deploy services section of the Services
Manager documentation describes the configurations required to enable these resources to function successfully with the
Services Manager control panel. However, for details about deploying specific resources, you will need to refer to the
product documentation for these resources.
Phase 3: Customer and user provisioning
Provisioning customers and users represents a series of tasks for enabling resellers to sell specif ic services, making servicesavailable to end-customers, enabling customers' users to access services, and assigning security roles. To provisioncustomers and users, you perform the following tasks:1. Create the customer profile.
2. Create the customer administrator user. Some customers might require additional administrator users to manage specif ic
services. When you create these additional users, you can assign appropriate security roles.
3. Enable and configure the services that you are providing to the customer.
4. Create users for the customer and assign appropriate security roles.
5. Provision services to users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.16https://docs.citrix.com
Services Manager Terminology and Concepts
Jun 05, 2015
Updated: 2013-02-20The Services Manager documentation uses the following terminology:
Active Directory Location Services ("location level")
The level at which settings are configured for services enabled for a specif ic location. By default, services deployed within a
location inherit the settings configured at the top environment level. However, these settings can be overridden at the
location level.
control panel
The web-based interface that CSPs, resellers, and customer administrators use to configure and manage services,
resources, and users.
customer administrator
The f irst user created for a customer. This user has permission to create and modify user accounts, provision services to
users, and manage all services that are provisioned to the customer.
customer plan
In the context of services, a collection of configured settings that apply to all customers provisioned with a specif ic service.
Typically, customer plans represent different levels of service that the CSP provides to customers or enables resellers to sell.
For example, a customer plan might specify certain servers be used for a service, limit the total amount of resources
available for a customer to use, or enable or define specif ic features of a service. For some services, creating a customer
plan is required to enable the service at the top environment level.
location
Corresponds with an Active Directory domain and used to create associations between specif ic services, customers, and
users. For example, a service can be deployed to a specif ic location and provisioned only to customers and users in that
location. Services Manager supports multiple locations and the control panel can display only the items associated with a
selected location.
provisioning
The process of fulf illing requests made to the Provisioning engine for specif ic tasks such as creating customers, assigning
security roles, and removing users.
service provider administrator
The f irst administrator user created when the f irst location is created for a Services Manager deployment.
Top Environment Services ("top environment level")
The level at which default settings are configured for the Services Manager deployment. Settings configured at this level
are inherited by all locations in the deployment. These settings can be overridden at the Active Directory Location Services
level. Services must be enabled at the top environment level before they can be enabled and configured at the location
level.
user plan
In the context of services, a collection of configured settings that apply to all users associated with a specif ic customer.
Typically, user plans represent different modes of service that a customer provides. For example, a user plan might be
configured to allow provisioned users access to a specif ic network resource, limit the number of users that can be
provisioned with the service, or enable specif ic features of a service for provisioned users.
web service
An MSI f ile that, when installed, integrates service-specif ic functions into the Services Manager control panel. Web services
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.17https://docs.citrix.com
are installed using the Services Manager Setup Tool or by executing the MSI f ile from the command line of the server
hosting the service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.18https://docs.citrix.com
Plan for deploying the Services Manager platform
Jun 05, 2015
Updated: 2014-09-02Before you deploy the Services Manager platform, create a deployment plan that includes the following information:
The composition of each server in your deployment. This includes the platform server role that will be hosted, the
hardware configuration of the server, the software required to host the server role, and the configurations required for
the server to function in the selected role.
The topology of the deployment including f irewalls, required ports, and required protocols.
Deployment of Services Manager locations. A location is the main unit of isolation between tenants and usually
corresponds to an Active Directory domain or forest. A Services Manager deployment includes at least one (primary)
location. Based on your requirements, you should determine whether or not your deployment will include remote
locations and, if so, the number of remote locations.
Whether server role installation and configuration will occur using the graphical user interface or the command line.
Review the topics To configure server roles using the graphical interface and Configure server roles and locations from
the command line, and document the information you will need to provide during configuration of each server role.
This topic describes the following platform components and deployments:General platform installation guidelines
Encryption Service
System databases, reporting, and the data warehouse
Provisioning server
Directory web service
Web server
eCommerce SDK
Deployment summary for the primary location
Deployment summary for remote locations
General platform installation guidelines
You can specify server addresses as an IP address, in the form server.domain.local, by environment variables, or by DNS
alias. In the Services Manager Setup Tool, you can verify the required aliases are created by selecting the Check
Environment Prerequisites task. If you use the command-line interface, verify the aliases before using them when
installing Services Manager roles.
Role configuration includes specifying credentials for several Active Directory user accounts. In most cases, you can
either specify the user name and password, or allow the Services Manager Configuration Tool to generate the
credentials. For most user account specif ications, the Configuration Tool includes the option to create the user account
if the account does not already exist.
In the command line interface, enclose option values that contain spaces in quotation marks (for example,
/LocationName:"Southeast Hub").
Encryption Service
The Encryption Service allows the secure retrieval of encryption keys using the AES 256-bit encryption method. When youinstall the service, a new AES key is generated, encrypted, and stored in Windows Registry.Important: Install and configure the Encryption Service before creating the system databases and installing any other serverroles. This ensures the Configuration Tool can access the service's encrypted key when other platform components and
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.19https://docs.citrix.com
services are installed.Additionally, Citrix strongly recommends using SSL with the Encryption Service. Because the traffic to and from the service
contains sensitive data, using SSL ensures this traffic is encrypted appropriately.
When you configure the Encryption Service, the Configuration Tool performs the following actions:Creates the CortexSystem organizational unit (OU) in Active Directory, as well as the CortexAdmins, CortexReadOnly, and
CortexWSUsers security groups.
Creates a service account and adds it to the CortexWSUsers group. By default, the service account name is
csm_core_svc.
Creates an application pool and web site in IIS and configures authorization rules to limit access to the Domain Admins
and the CortexWSUsers groups.
Generates an encryption key and stores it in Windows Registry.
When you install Services Manager components or services, the Configuration Tool attempts to discover the Encryption
Service's encrypted key. For successful discovery, the Encryption Service must be correctly configured and you must be a
member of the Domain Admins group or the CortexWSUsers group. If you do not belong to these groups, discovery fails
and the Configuration Tool prompts you to import the key manually. To create a key file, you must be a member of the
Domain Admins or CortexWSUsers group. For more information about creating a key file, see Generate and export keyfiles
for the Encryption Service.
System databases, reporting, and the data warehouse
Microsoft SQL Server provides the database and reporting services required for running Services Manager. The main system
database (OLM) stores configuration information for all provisioned services, as well as all customer and user details. The
database also stores logging and auditing information for all provisioning transactions that are initiated. Additionally, the
database acts as a caching mechanism for Active Directory, so customers experience better response times and slow
directory queries are minimized.
The Reporting service for Services Manager delivers usage and billing reports to your customers and application vendors. It
includes standard reports to support provisioned services and communicates directly with SQL Server Reporting Services.
The Reporting service generates reports by accessing the data stored in the data warehouse.
The data warehouse stores historical provisioning data (OLMReporting) that is used for reporting. This history consists of
snapshots of the provisioning data stored in the OLM database, which are created once per day and subsequently
transferred to the data warehouse. The data warehouse is created when you install and configure the Reporting service. As
well, the server connections required for both the Reporting service and the data warehouse are created.
The Report Mailer is a required role for sending notifications to administrators and end users, and license reporting
information to Citrix. Typically, the Report Mailer role is installed on the same server as the Reporting service. The email
server you specify for the Report Mailer can be specified for the Provisioning server, which also requires email capabilities.
The Report Mailer role is installed and configured once for the entire Services Manager deployment, typically on a server in
the primary location.
Depending on your needs, you can deploy the system databases, reporting, and data warehouse in one of the followingways:
A single SQL Server hosts the system databases, the Reporting service (SQL Reporting Services) and data warehouse.
This is best for proof-of-concept deployments where server load is not a concern.
A SQL Server hosts the system databases while a separate SQL Server hosts the Reporting service and data warehouse.
This avoids taxing the primary database with reporting and data storage loads.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.20https://docs.citrix.com
If you are using clustered SQL servers in your Services Manager deployment, separating each server role is not required.
Reports are deployed by importing service packages. These services packages contain report definition f iles that are linkedto the OLM and OLMReporting databases, and configuration f iles for the data transfer process and the data warehouse.You can deploy reports using the following methods:
During Report service configuration, use the Configuration Tool to import the reports from selected service packages.
Using the control panel, import the reports manually using the service import feature.
Service packages for all supported services are located in the Services folder on the Services Manager installation media.
Provisioning server
The Provisioning engine runs as a Windows service, monitoring queues for provisioning requests. When a request is received,
it passes through a set of provisioning rules that determine which actions are required to complete the provisioning process.
These rules are designed to be easily customized using the Provisioning Manager graphical interface (Start > All Programs >
Citrix > Provisioning Engine > Provisioning Manager).
All provisioning processes in Services Manager are built using provisioning actions. This gives the service provider somevisibility into the processes that are executed within the deployment. Examples of provisioning actions include:
Directory User Create: Creates an Active Directory user
Directory Group Create: Creates a security group in Active Directory
FileSystem Create Folder: Creates a folder in a f ile system
Exchange Address List Create: Creates an address list in Microsoft Exchange
Run Command: Runs an executable within a command shell
Run Script: Runs a Visual Basic script
Services Manager includes over 100 provisioning actions.
The Provisioning engine is installed on a separate server in your Services Manager deployment. Additionally, configuration of
the Provisioning server includes specifying an email server for sending messages such as system updates to administrators,
account notifications to end users, and usage reporting to Citrix. The email server you specify for the Provisioning server can
be specified for the Report Mailer, which also requires email capabilities.
Directory web service
The Directory web service provides an interface to Active Directory. The Services Manager control panel uses this service to
perform real time tasks such as user authentication and retrieving password expiration data.
In general, the Directory web service is installed on the same server that hosts the Provisioning engine. However, if you areinstalling the Directory web service on a domain controller, add the CortexWSUsers and Proxy USERS groups to the Allowlog on locally security policy setting.Important: For production environments, Citrix recommends installing the Directory web service on a server other than adomain controller.When the Directory web service platform role is installed, the Citrix Csm Directory WS application pool is created as well as
the CortexServices web site which hosts the Directory application. The files for the web site and applications are located at
C:inetpubCortexServices.
Web server
Services Manager provides a web-based control panel for performing system administration tasks and delegating certainadministration tasks to resellers and customers. The control panel is a web application (CortexWeb) that is hosted on a
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.21https://docs.citrix.com
Web server, separate from the other servers in your deployment. The control panel interacts with other platformcomponents as follows:
SQL databases: When the system is configured, customers and users are provisioned, or auditing and reporting
performed, the control panel sends data to be stored in the system databases.
Web services: for real-time interaction with Active Directory and other hosted services.
Provisioning engine: When any provisioning transaction is performed, the control panel sends each request through
MSMQ.
Because the control panel has no dependency on Active Directory, it can operate outside of the managed domain. The
control panel's web site can be locked down and run with minimal administrative permissions without interfering with
administration tasks.
When the Web server platform role is installed, the CortexMgmt application pool is created as well as the Cortex
Management web site which hosts the CortexAPI and CortexDotNet applications. The files for the web site and
applications are located at C:inetpubCortex Management.
eCommerce SDK
The eCommerce SDK consists of two web services that expose APIs for configuration and querying usage. The
Configuration API enables you to perform tasks such as creating new customers or suspending a customer account. The
Usage API enables you to view historical usage data.
Install the eCommerce SDK after you have installed all other platform server roles. As with the other server roles, you install
the SDK using the Setup Tool and Configuration Tool.
By default, the eCommerce SDK files are located in the C:Program Files (x86)CitrixCortexeCommerceSDK directory. The
installation includes the eCommerce SDK User Guide, which provides an API reference, sample reports, code samples, and
troubleshooting guidance.
Deployment summary for the primary location
The following list describes the required tasks for deploying the platform servers and creating the primary location.Depending on your requirements, your deployment might include additional tasks.1. Prepare the deployment environment. This includes the following tasks:
Provision the platform servers that will be designated as the domain controller, Encryption Services server, database
server, reporting server, Provisioning server, and Web server.
Extend the Active Directory schema using the Exchange installation media.
Create DNS aliases for the Encryption Service, Provisioning, database, reporting, and web servers.
Open the required f irewall ports on all platform servers.
Install .NET Framework on all platform servers. If this component is not present, the Setup Tool installs it
automatically, prior to installing the server roles.
2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This
procedure is available in the Setup Tool graphical interface; you can also perform the verif ications manually. You can run
this task from anywhere in the domain.
3. Install and conf igure the Encryption Service. Citrix recommends performing this task on a dedicated server.
Alternatively, you can use a server that you have prepared to host other Services Manager components such as the
Provisioning Engine or the Web server.
4. Create system databases. Run this task on the server where Microsoft SQL Server is installed. In the Configuration
Tool's graphical interface, you specify database information before you install the server roles. In the command line
interface, you specify database information when you configure the server roles and location. All databases should be
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.22https://docs.citrix.com
backed up and synchronized daily.
5. Install and conf igure server roles. Using the Setup Tool, you install the platform server roles on the servers you
designate. With the Configuration Tool, you specify the configuration settings for the installed roles.
6. Create the primary location. Use the Configuration Tool to specify the settings for the primary location. You configure
the location from the server hosting the Provisioning engine or the web server.
An XML configuration file is used to maintain context across the Services Manager deployment. As you configure the
server roles, information is read and written to the configuration file. For example, the Provisioning engine writes its own
configuration information and reads where to reach the database. When you configure the primary location, the
configuration file will already have information needed about the Provisioning server.
There is one configuration file per location, although all locations can share a single database server. You configure the
primary location first, then optionally, remote locations. For example, a new customer with an existing infrastructure and
domain might be integrated as a remote location in the control panel. When you configure remote locations, you specify
connection details, which are used to generate a new configuration file. After that, configuring a remote location is
similar to configuring the primary location.
Deployment summary for remote locations
The following list describes the required tasks for deploying the platform servers that comprise a remote location.1. Prepare the deployment environment. This includes the following tasks:
Provision the servers that will be designated as the domain controller and Provisioning server. The remote location
uses the Encryption Service, web server, and the database server in the primary location for key encryption, control
panel administration, and reporting, respectively.
Extend the Active Directory schema using the Exchange installation media.
Create DNS aliases for the Encryption Service, Provisioning, database, and web servers. When creating the alias for the
Encryption Service, specify the Encryption Service server in the primary location. Do not install the Encryption Service in
remote locations.
Open the required f irewall ports on all servers to enable communication with the database server and web server in
the primary location.
Install .NET Framework on the platform servers, to avoid interruption when installing server roles. The Setup Tool also
installs this component automatically, if it is not present, when installing the server roles.
2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This
procedure is available in the Setup Tool graphical interface; you can also perform the verif ications manually. You can run
this task from anywhere in the domain.
3. Install and conf igure server roles. Using the Setup Tool, you select the server roles to be installed on each server. With
the Configuration Tool, you specify the configuration settings for the installed roles. As with the primary location, you
can install the Provisioning and Directory web service roles on the same server.
Note: When you install and configure server roles, the Configuration Tool discovers the Encryption Service key residing in
the primary location. If the key cannot be detected, you can export the key from the primary location as a key f ile. You
can then import the key f ile when prompted during the installation process. For more information about exporting the
encryption key, see Generate and export keyfiles for the Encryption Service.
4. Create the remote location. Use the Configuration Tool to specify the settings for the primary location. You configure
the location from the server hosting the Provisioning engine or the web server. Afterward, continue configuring the
remote location using the Services Manager control panel in the primary location.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.23https://docs.citrix.com
Plan for deploying services
Oct 05, 2016
Updated: 2013-02-27Before you begin the process of deploying services for Services Manager, create a deployment plan that includes thefollowing information:
The types of services you will offer through Services Manager. For example, hosted email, virtual machines, web hosting,
and so on.
The number of customers and users that each service will need to support. For some services, this has a signif icant
impact on the size of the resource deployment required.
The network and server resources that are required to support your service offerings. For example, if you offer Citrix
services, you will need to deploy a XenApp farm.
The location where each service will be deployed.
The topology of the deployment including f irewalls, required ports and protocols, and the servers hosting each service
offering.
Test plans for verifying the integrity and performance of resource deployments before and after deploying services.
Planning guidelines
Review the installation and configuration topics for each service carefully and make note of the information you will
need to supply for each task.
Service deployment summary
In general, deploying a service includes the following tasks:
Step 1: Deploy the network and application resources that are required to support your service offerings.
All services are based on the network and server resources in your environment. Therefore, these resources need to be fully
configured and operational prior to integration with Services Manager. For example, if you intend to offer the Hosted
Exchange service, you must first deploy Exchange with multi-tenant support in your environment. Likewise, if you intend to
offer Virtual Machines or Windows Web Hosting services, you must first deploy the network resources -- for example,
virtual networks, DNS, and web servers -- that are required for customers to use these services.
Step 2: Install the web service.
Some services require the installation of a web service for integration with the Services Manager platform. Web services are
installed on the server that will be hosting the service, using the Services Manager Setup Tool or the command line. For
example, the Citrix web service is installed on a XenApp server in your environment. Web services are executed with specific
parameters which are explained in the installation topic for each service. After the web service is installed, you can configure
the service. For services that do not require a web service, you can skip the installation step and configure the service right
away. For more information about which services require web service installation, see Deploy services.
Step 3: Conf igure the service using the control panel.
All services require configuration through the Services Manager control panel. Configuration includes enabling the service,
specifying server resources, adding credentials, and configuring service settings. During the configuration process, you create
the customer and user plans you want to offer, assign cost values, and specify resource limits for customers and users.
After you configure the service, you can provision the service to customers.
Step 4 : Provision the service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.24https://docs.citrix.com
In general, provisioning a service enables specific customers (including resellers) to access the service and provision it, in turn,
to their users or sub-customers. This occurs through the Services Manager control panel. During the provisioning process,
some services might require additional configuration. For example, when provisioning the BlackBerry service to a reseller, you
configure a user limit that restricts the number of users the reseller can provision. Additionally, the customer's primary
administrator user (the customer administrator) is created. After the customer is provisioned with the service, the customer
can provision the service to its users or sub-customers.
Step 5: Provision the service to users.
As with provisioning services to customers, services are provisioned to users through the Services Manager control panel.
Typically, this task is handled by the customer administrator or another customer user with the appropriate security role.
During the provisioning process, some services might require additional configuration. For example, when provisioning the
Lync 2010 for Hosting service to a user, the customer can specify the user's telephone extension. After users are
provisioned, the customer provides any additional information or assistance needed for using the service, such as
configuring Microsoft Outlook or Office Communicator to access hosted Exchange or Office Communication Server
services.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.25https://docs.citrix.com
AD Sync
Jun 05, 2015
Updated: 2014-09-16The AD Sync service for Services Manager synchronizes customer OUs in the hosted domain controller with user changes in
the external domain controllers. The service enables users to connect to hosted services with the same credentials they use
for their local domain. Additionally, Services Manager includes a server monitor that reports the connectivity status of
domain controllers on which the AD Sync client is installed.
The AD Sync service requires no installation on the hosted environment and uses the CloudPortal Services Manager API to
perform the synchronization. An AD Sync client installed on each external domain controller communicates with the API.
This interface is a one-way connection that can be customized to synchronize specific Active Directory information.
API requests are encrypted using a combination of a public/private key and a symmetric key (RSA and AES) to securely
transfer data and credentials. The data in the request is also hashed (SHA1) to prevent unauthorized changes.
The following diagram shows a typical installation scenario.
The AD Sync service is a customer-only service; by default, the service is unavailable for provisioning to users. Once
provisioned to a customer, the customer's administrator has access to download and configure the AD Sync tool to their
existing domain controller. To download the tool, the customer must be configured with the Allow passwords to Never
Expire option set to Yes. If this option is set to No, errors are recorded in the customer's event log and no users appear in
the control panel.
AD Sync server monitor
The AD Sync service monitors the connectivity status of external domain controllers on which the AD Sync client is installed
and displays a list of all monitored servers on the AD Sync Server Monitor page in the control panel.
The AD Sync client sends requests to the Services Manager API at specified intervals that are recorded in a monitoring
table. This table includes the server name, time of the last request made, and expected time interval between requests.
When the difference between the current time and the time of the last request exceeds the expected interval, the Server
Monitor page displays a red dot next to the affected server, indicating connectivity has been disrupted. When a request is
received within the expected time interval, the Server Monitor page displays a green dot next to the server, indicating
connectivity is uninterrupted.
Prerequisites for deployment
When configuring each domain controller in the external domain, perform the following tasks:If SSL is enabled for Services Manager, edit the CortexDotnetweb.config f ile to set the UserSyncAPISSL value to True.
Ensure the password complexity of the external domain controllers matches or exceeds the password complexity of the
domain controllers in the Services Manager deployment.
Disable User Account Control (UAC) on each external domain controller that will run the AD Sync client.
Obtain a list of the user groups to include in AD Sync operations.
If applicable, obtain proxy server information.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.26https://docs.citrix.com
On applicable f irewalls, perform one of the following tasks, depending on your network configuration:Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server hosting the Services Manager API and
each domain controller in the external domain.
Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server hosting the Services Manager API and the
proxy server used in the external domain.
Service deployment overview
Typically, deploying the AD Sync service involves the following tasks:1. Configure the AD Sync service using the control panel.
2. If required, customize the AD Sync client installer, such as default settings and logo images, for your Services Manager
deployment.
3. Install and test the AD Sync client on external domain controllers. If necessary, add or modify the Active Directory
attributes included in API requests by editing the request f ile on the external domain controller.
4. Provision the service to customers so they can download the AD Sync client software.
For deployment instructions, see Deploy the AD Sync service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.27https://docs.citrix.com
BlackBerry 5
Jun 05, 2015
Updated: 2013-08-16The BlackBerry service for Services Manager hosts BlackBerry Enterprise Server (BES) 5 from the cloud, providing push-based
access to Exchange, Office Communications Server, Customer Relationship Management, and other applications from
BlackBerry devices.
The BlackBerry service includes the following features:You can perform all of BlackBerry's standard management tasks within the Services Manager control panel.
You can delegate BlackBerry user provisioning to the end-customer.
The BlackBerry service is compatible with Exchange 2007 and 2010 Enterprise.
The BlackBerry service supports multiple BlackBerry Enterprise servers.
The BlackBerry service supports moving provisioned users from one BlackBerry Enterprise server to another.
The BlackBerry service can be provisioned with the Hosted Exchange service and supports Exchange 2010 Enterprise and
Exchange 2007. Services Manager can manage multiple BESs.
Configure your environment according to the BlackBerry installation guidelines. This topic assumes you have installed the
BlackBerry Enterprise Server software, the latest security updates, and the appropriate service pack for your deployment.
Supported versions and requirements
The BlackBerry service supports the following version of BlackBerry Enterprise Server and Microsoft Exchange.
Version Exchange 2007 Exchange 2010
BlackBerry 5 SP1 X X
BlackBerry 5 SP2 X
Services Manager requires the credentials that are used to run the BlackBerry service, in order to access the BlackBerry
Server MAPI profile. This account must be a member of the Exchange View Only Administrators group. Additionally, the
BlackBerry service account must have Open Address List permission on the Default Global Address List.
Service deployment overview
Deploying the BlackBerry 5 service involves the following tasks:1. Deploy the Exchange service and provision it to customers.
2. Configure the BlackBerry service.
3. Provision the BlackBerry service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.28https://docs.citrix.com
Citrix
Jun 05, 2015
Updated: 2013-05-13The Citrix service for Services Manager allows service providers to delegate end-user administration of Citrix applications to
customers.
Notable features of the Citrix service include:Managing multiple Citrix XenApp farms in a single Active Directory console.
Delivering published applications through application groups to which users are assigned.
Ability to choose pre-defined security account groups or create new security groups for application publishing.
Support for public and private applications, application groups, and resources.
Setting default applications, groups, and resources when provisioning Citrix services to customers and users.
When you provision customers with the Citrix service, the following items can be managed:Application groups that consist of application or resource collections. Service providers can use application groups to
provision several resources or applications to users more eff iciently.
Network resources, such as printers and f ile shares, that others in the organization access.
Resources that are packaged as applications such as desktops
Hosted applications that reside on XenApp servers.
Supported versions
The Citrix service supports the following XenApp versions:Citrix XenApp 5.0 for Windows Server 2008
Citrix XenApp 6.0 for Windows Server 2008 R2
Citrix XenApp 6.5 for Windows Server 2008 R2
Requirements for XenApp servers
When configuring the servers that will run any supported version of XenApp, ensure the following requirements are met:Operating system: supported platforms for the XenApp version. Install all recommended operating system patches.
Enable Remote Desktop Services.
Install .NET Framework 4.0.
Installation requires that the Cortex Domain Logon account and the DomainCortexWSUsers account have full
administration rights on the XenApp farm.
The Citrix web service uses port 8095 by default.
When configuring servers that will run XenApp 5, XenApp 6, or XenApp 6.5, perform the following actions:Disable UAC.
Enable the following roles:
Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Management Tools > IIS 6 Management Capability > IIS 6 Metabase Compatibility
Service deployment overview
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.29https://docs.citrix.com
Deploying the Citrix service involves the following tasks:1. Review the requirements in this topic and in the Prerequisites for deploying the Citrix service topic and ensure these are
met in your environment.
2. Install the Citrix web service on a server in the XenApp farm.
3. Configure the service using the control panel. This includes creating the server collection that will aggregate XenApp-
hosted applications for customers.
4. Import applications from the XenApp farm to the server collection.
5. Provision the service to customers.
For detailed deployment instructions, see Deploy the Citrix service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.30https://docs.citrix.com
Prerequisites for deploying the Citrix service
Jun 05, 2015
Updated: 2013-05-17Before deploying the Citrix service, ensure the following prerequisites are met:
Create a new security group
1. Create the Cortex Service Computers security group on the domain. You can create this group within the CortexSystem
OU.
2. Add all XenApp controllers to the security group.
3. In Active Directory Users and Computers, with Advanced Features enabled, assign the security group to any Services
Manager root customer OUs and any existing customers created in the location.
4. Assign Read permissions to the security group on the OU.
5. In the Advanced Security Settings for Servers dialog box, locate the Cortex Service Computers group. Edit the
permissions and, in Apply to, select This object and all descendant objects.
6. Restart all computers added to the security group.
Set up a file server
The Citrix service requires a file server to create file shares with permissions, store profiles, and so on. Ensure a file server is
available in your environment for this purpose. You can use the same file server for deploying the Citrix and File Sharing
services.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.31https://docs.citrix.com
DNS
Jun 05, 2015
Updated: 2013-02-11The DNS service for Services Manager provides Domain Name Service (DNS) hosting from the cloud. The DNS service
requires no installation and uses a WMI connection to the DNS server.
When the DNS service is provisioned to a customer, the service provider creates the DNS zone(s) that the customer can
then use to create subzones, if necessary. The DNS service is available at the customer level only. The service cannot be
provisioned to a customer's users.
Customers provisioned with the DNS service can create and manage DNS records that are attached to zones. DNS Service
Administrators can manage these records for the customer while Full Reseller Administrators can manage these records for
sub-customers.
Different types of records can be attached to a zone. When a record is created, only the Time to Live (TTL) setting can be
modified.
Supported software
The DNS service supports Windows (WMI) and BIND (UNIX) DNS.
Requirements
When configuring your DNS environment, perform the following actions:On applicable f irewalls, open DNS port (53) and RPC ports (various) bi-directionally between the DNS server(s) and both
the Services Manager web and provisioning servers. RPC uses random ports above port 1056, therefore non-stateful
inspection f irewalls might require open ports above 1056.
Add the DNS service account used for provisioning to the local administrators group.
Ensure the computer name has a DNS suff ix. If the DNS server is outside of the Services Manager domain, ensure the
DNS suff ix for the Services Manager domain is on the DNS server.
Ensure the DNS application has a zone for the DNS suff ix.
User Access Control (UAC) must be removed from each DNS server.
Ensure the DNS zone has an A record. If the DNS server is outside of the Services Manager domain, ensure the A record
is in the format dnsServerName.ServicesManagerDomain. For example, DNS01.cloudportal.com.
Supported record types
Services Manager supports the following types of DNS records:
Record Type Record Name Parameters
A IPv4 Host Record Host name
IPv4 Address
TTL
AAAA IPv6 Host Record Host name
IPv4 Address
TTL
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.32https://docs.citrix.com
CNAME Alias Alias
Host name
TTL
MX Mail Exchanger Host name
Target
Priority
TTL
NS Name Server Host name
Target
TTL
SRV Service Record Host name
Target
Service
Protocol
Priority
Weight
Port
TTL
TXT Generic Text Record Host name
Text
TTL
Record Type Record Name Parameters
Service deployment overview
Deploying the DNS service involves the following tasks:1. Configure the DNS service using the control panel.
2. Provision the DNS service to a customer.
3. Create test records to verify the service is configured correctly.
For deployment instructions, see Deploy the DNS service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.33https://docs.citrix.com
Dynamics CRM
Jul 22, 2016
Updated: 2013-04-22The CRM service enables service providers to deliver a robust customer relationship management solution to customers
through Microsoft Dynamics CRM 2011, 2013, or 2015. Customers enjoy a 360-degree view of their customers along with
automated workflows, ease of reporting, and a granular security structure.
The CRM service supports Internet-facing deployments (IFDs), which makes CRM organizations available from the Internet.
Additionally, the service is deployed for use with Active Directory Federated Services (ADFS).
System requirements
When configuring the Dynamics CRM service in your environment, ensure the following requirements are met:
A CRM Deployment Administrators security group has been created and has all required CRM Deployment Administrator
permissions to CRM Active Directory groups. Additionally, the CRM Deployment Administrator role has all required
permissions to the SQL Server instance where the CRM databases are stored. Finally, a CRM Deployment Administrator
domain user account has been created and added to the CRM Deployment Administrators security group.
When you install and configure the ADFS and Dynamics CRM services, you will need to supply this group and account
information to enable CloudPortal Services Manager to work with your CRM deployment. For more information about
creating CRM Deployment Administrators and assigning permissions, see the article "Creating a New CRM Deployment
Administrator Account" on the Microsoft TechNet web site (http://technet.microsoft.com/en-us/library/gg197627.aspx).
The user who is installing CRM has the following roles in SQL Server Reporting Services:
Content Manager role at the root level
System Administrator role at the site-wide level
For more information about assigning permissions for deploying CRM, see the article "How to assign the minimum
permissions to a deployment administrator in Microsoft Dynamics CRM 4.0" on the Microsoft Support web site
(http://support.microsoft.com/kb/946686).
Claims based authentication is optional. If you wish to use claims based authentication, t configure this from the CRM
Deployment Manager.
The Internet-facing Deployment feature has been configured. This feature enables integration of ADFS with CRM. For
help configuring an Internet Facing Domain (IFD) for CRM, see the "IFD for Microsoft Dynamics CRM 2011" video,
located at http://www.youtube.com/watch?v=T9jZIxDTsBw. Although this video is intended for CRM 2011, the same
principals apply for CRM 2013, and CRM 2015
The ADFS service user account (typically, Network Service) has Read access to the customer's OU. This is required for
successful authentication.
After configuring CRM, verify that user connections are successful and there are no certificate errors. Test the environment
by creating an organization using the CRM Deployment Manager and, afterward, browsing to the site.
Service deployment overview
Deploying the CRM service involves the following tasks:
1. Deploy the ADFS web service on the ADFS server in your environment and enable the server to execute PowerShell
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.34https://docs.citrix.com
commands.
2. Configure the Dynamics CRM service using the control panel.
3. Provision the service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.35https://docs.citrix.com
File Sharing
Jun 05, 2015
Updated: 2013-02-07The File Sharing service for Services Manager provides file sharing services from the cloud. A service provider can host a file
server with multiple customer file shares on the system directory. Security permissions limit customer access to shared
folders.
After provisioning, customers can use their file share directory to store and transfer files to others in the organization,
manage the directory subfolders, and assign folder permissions to users. Users can access the customer's file share directory
through another mechanism. For example, the file share can be configured as a resource through the Citrix service and
accessed in a Citrix XenApp session.
The File Sharing service requires no web service to be installed on the file server. You need only to configure the service in
the Services Manager control panel.
Requirements
On applicable firewalls, open SMB (445) and RPC (various) ports bi-directionally between the DNS server(s) and both the
Services Manager web and provisioning servers. RPC uses random ports above port 1056; therefore, non-stateful inspection
firewalls might require open ports above 1056.
Service deployment overview
In general, deploying the File Sharing service involves the following tasks:1. Ensure the f ile share path exists in your environment.
2. Configure the service using the control panel.
3. Provision the service to customers.
For deployment instructions, see Deploy the File Sharing service.
File share path creation
If the required file share path does not exist when you configure the File Sharing service, Services Manager can create it
automatically. To allow Services Manager to do this, you must grant Services Manager permissions on the target file server.
If you do not want to grant these permissions to Service Manager, be sure to create the file share you wish to use before
you configure the service.
Changes in Active Directory
When a customer is provisioned with the File Sharing service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> FSS is created and all Full Service Administrator users
are added as members.
The global security group FSS <CustomerShortName> FULL is created. No members are added to this group until users
are provisioned.
The global security group FSS <CustomerShortName> NONE is created. Users that are not provisioned with the File
Sharing service are members of this group.
When a user is provisioned with the File Sharing service, the user becomes a member of the global security group FSS
<CustomerShortName> FULL.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.36https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.37https://docs.citrix.com
Hosted Apps and Desktops
Jun 05, 2015
Updated: 2014-11-17The Hosted Apps and Desktops web service for Services Manager allows service providers to manage and delegate end-user administration of applications, desktops, and resources. This service comprises three components:
XenApp Web Service, which you install on a controller in your XenApp farm.
XenDesktop Web Service, which you install on a controller in your XenDesktop Site.
App Orchestration Configuration Tool, which you can install on your App Orchestration configuration server, when your
XenApp and XenDesktop deployments are managed by App Orchestration.
Using this service, you can:Support public and private offerings of applications, desktops, and other resources such as printers and f ile shares to
customers and users.
Create offerings that are private for one customer.
Set default applications, desktops, and resources for customers and users.
Set price and cost controls per application, desktop, and resource.
Configure settings at several levels, thus allowing you to override one or more settings for a particular customer.
Use App Orchestration to manage offerings from multiple Citrix XenApp farms and XenDesktop sites in a single Active
Directory console.
Note: This enhanced version of the Hosted Apps and Desktops web service offers expanded support and replaces theprevious version of the service.
Service deployment overview
Deploying the Hosted Apps and Desktops web service includes the following tasks:1. Review and complete the requirements described in this topic.
2. Install the service.
3. Configure the service.
4. Configure service offerings.
5. Provision the service.
Supported versions
The Hosted Apps and Desktops web service is supported on servers running one of the following minimum versions:Citrix XenApp 6.5 FP3, 7.5, and 7.6
Citrix XenDesktop 7.1, 7.5, and 7.6
Citrix App Orchestration 2.5 and 2.6
Note: If your environment includes earlier XenApp versions that you do not want to update to a supported version, installand use the Citrix web service for Services Manager. Also, use the Citrix web service if your environment requires applicationgroups or server collections.
Requirements and considerations for all deployments
Before installing the Hosted Apps and Desktop web service, add the servers where you will install the service (XenApp
controller, XenDesktop Controller, or App Orchestration configuration server) to the built-in CortexReadOnly group. Then,
restart each server you added to the group.
When using Internet Explorer 11 to access the Services Manager control panel to configure and provision the service,
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.38https://docs.citrix.com
ensure the following Compatibility View Settings are cleared:Display intranet sites in Compatibility View
Use Microsoft compatibility lists
Requirements and considerations for deploying the web service on a XenApp or XenDesktop Controller
On the XenApp or XenDesktop controller, complete the following before installing the web service:Ensure the XenApp or XenDesktop server has PowerShell remoting enabled and that the execution policy is set to
RemoteSigned.
Ensure that XenApp or XenDesktop is fully installed and configured, and that the operating system has all recommended
updates.
You must be a full XenApp or XenDesktop administrator to configure the web service.
Ensure that the f irewall on the server allows communications with the web service: the default is 8095. This must be the
same port that you specify when configuring the web service.
The web service installer will install or enable the following on the XenApp or XenDesktop controller, if not already present:.NET Framework 4.0
Remote Desktop Services
Web Server (IIS) 7 Role Services
ASP.NET
ASP.NET 4.5 (Windows Server 2012)
Windows Authentication
Management Scripts and Tools
Management Console
Hostable Web Core (Windows Server 2012)
IIS 6 Management Capability > IIS 6 Metabase Compatibility
SQL Server System CLR Types
SQL Server Shared Management Objects
WCF HTTP Activation 4.5 (Windows Server 2012)
You need a file server to support the creation of User Profile and Terminal Services Profile folders. You can use the same file
server for deploying this service and File Sharing services.
Requirements and considerations for deploying the web service on an App Orchestration configurationserver
Set up your App Orchestration deployment. For more information, refer to the product documentation for your installedversion:
App Orchestration 2.5 product documentation
App Orchestration 2.6 product documentation
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.39https://docs.citrix.com
Hosted Exchange
Oct 05, 2016
Updated: 2014-08-29The Hosted Exchange service for CloudPortal Services Manager delivers full-featured Microsoft Exchange services from the
cloud.
Supported versions
The Exchange service supports the following versions of Windows Server and Microsoft Exchange.
VersionWindows Server
2008Windows Server
2008 R2Windows Server
2012Windows Server
2012 R2
Exchange 2007 SP3 X
Exchange 2010 SP3 X X
Exchange 2013 X X
Exchange 2016 X X
Important: For Active Directory forests and domains at the Windows Server 2012 R2 functional level, the Exchange serviceis supported on Exchange 2013 SP1 only. For more information, refer to the article "Exchange 2013 system requirements"on the Microsoft TechNet web site.
Exchange web service server requirements
When configuring the server that will run the Exchange web service, perform the following tasks:Install all recommended operating system patches.
Enable Remote Desktop Services.
Disable User Account Control (UAC).
Enable the following IIS 6 and 7+ roles:
Web Server > Application Development > ASP.NET
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility
Install the .NET Framework 4.0.
Install Microsoft Exchange Management Tools.
Exchange User Plans are used as templates for Exchange mailboxes. User Plans define which protocols are enabled, plus
mailbox limits and data storage. The installation process creates one package, which is used to test the installation. This
package specif ies the mail databases to use (Server / Storage Group). One or more storage groups are created when
Exchange is installed; select one to use for the installation test.
Account requirements
Ensure the account that is being used for the installation has Domain Admin, and Exchange Administrative rights. This is
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.40https://docs.citrix.com
required for successful installation of the Exchange web service.
Configuration requirements
How you configure Exchange to work with CloudPortal Services Manager typically depends on whether you are deploying a
single version of Exchange or creating a mixed environment where multiple supported versions of Exchange are included.
For single-version deployments of Exchange 2007 SP3, the Services Manager Configuration Tool performs the followingtasks:
Task Action Performed
Enable the ListObjectpermission
In ADSIedit, the dsHeuristics property, located in the CN=Services > CN=Windows NT >CN=Directory Service container, is set to 001.
Disable theDefault Email-Address policy
In ADSIedit, the following properties, located in the CN=Services > CN=Microsoft Exchange >CN=ExchangeOrganization > CN=Recipient Policies > CN=Default Policy container are modif ied:
msExchLastAppliedRecipientFilter: Alias -eq 'NoSuchEmail'
msExchQueryFilter: Alias -eq 'NoSuchEmail'
Replace the current entry for msExchPurportedSearchUI: Microsoft.PropertyWell_QueryString=
(mailNickname=NoSuchEmail)
purportedSearch : (&(objectclass=PublicFolder)(!(extensionAttribute15=*)))
Lock down thedefault globaladdress lists
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization node >CN=Address Lists Container > CN=All Global Address Lists > CN=Default Global Address Listscontainer properties, the following modif ications are performed:
Inheritable permissions are not allowed to propagate.
The Authenticated Users group has the Read permission of msExchAvailabilityAddressSpace set
to Deny. All other permissions are removed.
The Everyone group is removed.
Lock downaddress lists
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization >CN=Address Lists Container > All Address Lists > All Users contain properties, the followingmodifications are performed:
Inheritable permissions are not allowed to propagate.
The Everyone and Authenticated Users groups are removed.
The Proxy USERS group has the Read permission set to Deny.
These modifications are also performed for All Groups, All Contacts, All Rooms, and Public Folders
containers.
Lock down theAll Address Listscontainer
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization >CN=Address Lists > CN=All Address Lists container properties, the Proxy USERS group is added withthe following settings:
Apply to: This object only
List contents: Deny
List Object: Allow
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.41https://docs.citrix.com
Delete thedefault off lineaddress list
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization> CN=Address Lists > CN=Offline Address Lists container, the CN=Default Offline Address List
container is deleted.
Set permissionson theExchangeorganization
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization container,the Proxy USERS group is added with the following settings:
Read: Allow
Apply to: This object only
List contents: Allow
List object: Allow
Read all properties: Allow
Read permissions: Allow
Task Action Performed
For single-version deployments of Exchange 2010 SP3 or Exchange 2013, the Configuration Tool disables the Default Email-
Address policy only.
For mixed Exchange deployments that include Exchange 2013 or Exchange 2010 SP3 servers in the same environment asExchange 2007 SP3 servers, the globalAddressList2 attribute must be populated with entries from the globalAddressListattribute. The globalAddressList2 attribute was introduced in Windows Server 2008 R2. In an environment that includesExchange 2013 or 2010 SP3, an address list must be populated into the attribute to ensure correct operation. Exchange2013 and 2010 SP3 manage the globalAddressList2 attribute automatically, but Exchange 2007 SP3 does not. To populatethis attribute, perform the following actions:1. Copy the globalAddressList attribute into the globalAddressList2 attribute.
2. To populate globalAddressList2 with all entries from globalAddressList, run the following PowerShell script:
$configroot = ([adsi]"LDAP://rootdse").ConfigurationNamingContext$MSEXOU = [adsi]("LDAP://CN=Microsoft Exchange,CN=Services,$configroot")[array]$gal = $nullforeach ($dn in get-GlobalAddressList) { $gal += ($dn.distinguishedname)}$gal = '@("' + ([string]::join('"," ' , $gal)) + '")'$MSEXOU.putEx(2, 'globalAddressList2', (invoke-expression "$gal"))$MSEXOU.setinfo()
Service deployment overview
1. Install the Exchange web service on a server with the Exchange Management Tools installed.
2. Configure the service using the control panel.
3. If required for your deployment, configure the service for importing and exporting PST f iles.
4. If required for your deployment, configure Unif ied Messaging.
5. Provision the service to customers.
For deployment instructions, see Deploy the Hosted Exchange service.
Provisioning changes in Active Directory
When provisioning requests are issued for the Exchange service, CloudPortal Services Manager enacts several changes in
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.42https://docs.citrix.com
Active Directory.
Customers
When a customer is provisioned with the Exchange service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> HE is created and all Full Service Administrator users
are added as members.
The global security group HE <CustomerShortName> <ServiceAccessLevelName> is created for each user plan selected
for the customer. No members are added to these groups until users are provisioned with the Exchange service at the
corresponding level.
The global security group HE <CustomerShortName> NONE is created. No members are added to this group until users
are deprovisioned.
Users
When a user is provisioned with the Exchange service, the following changes occur:The user becomes a member of the HE <CustomerShortName> <ServiceAccessLevelName>.
Adding contacts
When contacts are added for a customer, the following changes occur:A Contact Type object is created under the customer organizational unit (OU) using the format
<ContactName>_<CustomerShortName>.
Creating distribution groups
When distribution groups are created for a customer, the following changes occur:A universal distribution group is created under the customer OU using the format Distribution <CustomerShortName>
<DistributionGroupName>
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.43https://docs.citrix.com
Lync Enterprise and Lync Hosted
Jun 05, 2015
Updated: 2014-08-29The Lync Enterprise and Lync Hosted services for Services Manager deliver unified communication services from the cloud.
Installing the Lync web services creates a web site on the Lync Front-End server. Both the Services Manager Web server and
Provisioning server issue commands on the Lync Front-End Server using a web service.
The Lync Enterprise service brings basic multi-tenancy to environments using Microsoft Lync Enterprise 2010 or 2013. The
Lync Hosted service is deployed in environments using Lync Server 2010 or 2013 Multitenant Pack for Hosting, which
provides full isolation of customers.
Supported versions
The Lync Enterprise and Lync Hosted services support the following versions of Lync Server:
Service Name Lync Server Version
Lync Enterprise (2010) Lync Server 2010
Lync 2010 for Hosted Lync Server 2010 Multitenant Hosting Pack
Lync Enterprise 2013 Lync Server 2013
Lync Hosted 2013 Lync Server 2013 Multitenant Hosting Pack
Lync server requirements
When configuring the servers that will run the Lync Enterprise or Lync Hosted web services, ensure the followingrequirements are met:
Requirement Lync Server2010
Lync Server2013
Install .NET Framework (Full) Version 4.0 Version 4.5 (64-bit)
Install Lync Server Management Shell Yes Yes
Enable IIS 6.0 (minimum) Yes Yes
Enable Remote Server Administration Tools > Role Administration Tools > AD DSand AD LDS Tools
Yes Yes
Enable PowerShell Version 2.0 Version 3.0
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.44https://docs.citrix.com
Certificate and DNS requirements
When preparing your Lync deployment for provisioning to customers, ensure the domain for the customer you are
provisioning is included on the certificates that exist on the Lync Front-End and Director servers.
For provisioning the DNS records required for the Lync services, configure the DNS service. This enables Services Manager to
provision the customer's forward lookup zone, as well as create the Host (A) record for SIP, and create the SRV records
required when you provision the Lync service. You can define the Lync DNS records that Services Manager will create when
you configure the Lync service settings. For more information about configuring the DNS service, see Deploy the DNS
service.
If the DNS service is not configured, you will need to create the following DNS records manually for each customer:A forward lookup zone for the domain to which you are provisioning the customer.
SRV records, _sipinternal and _sipinternaltls
Host (A) record for SIP, specifying the Lync Director server's IP address
Deployment overview
Typically, deploying the Lync services includes the following steps:1. For Lync 2013, deploy the Distributor Report f ix according to the instructions in CTX139274, in the Citrix Knowledge
Center.
2. Install the web service on the Lync Front-End server.
3. Configure the Lync service using the control panel.
4. If you intend for Services Manager to provision DNS records for the Edge and Front-End servers in your deployment,
configure the DNS service.
5. Provision the service to customers.
For deployment instructions, see the following topics:Deploy the Lync Enterprise 2010 and Lync Hosted 2010 services
Deploy the Lync Enterprise 2013 and Lync Hosted 2013 services
Changes to the server during installation
As part of the installation process, the Configuration Tool performs several tasks when you install the Lync 2010 or 2013web services.
Tasks performed Lync 2010 Lync 2013
Web service account iscreated in ActiveDirectory
Default service account: csm_lync_svc Enterprise: csm_lync_svc
Hosted:
csm_lynchosted_svc
Web service account isadded to ActiveDirectory groups
CSAdministrator
Domain Users
RTCUniversalServerAdmins
Note: You must add the web service account manually tothe CortexWSUsers group.
CortexWSUsers
CSAdministrator
Domain Users
RTCUniversalServerAdmins
Lync Front-End serveraccount is added to
No. You must add the server accounts for the Front-Endand Director servers manually to the CortexAdmins group.
Yes
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.45https://docs.citrix.com
CortexAdmins securitygroup
Reboot these servers for membership to take effect.
Application pool iscreated in IIS
Enterprise: Citrix Csm Lync WS
Hosted: Citrix Csm Lync Hosted WS
Enterprise: Citrix Csm Lync
Enterprise 2013 WS
Hosted: Citrix Csm Lync
Hosted 2013 WS
Service web site iscreated in IIS
Enterprise: LyncWS
Hosted: LyncHostedWS
Enterprise:
LyncEnterprise2013WS
Hosted:
LyncHosted2013WS
Tasks performed Lync 2010 Lync 2013
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.46https://docs.citrix.com
Mail Archiving
Jun 05, 2015
Updated: 2013-02-20The Mail Archiving service enables service providers and resellers to set up Exchange 2007 and 2010 journaling rules for their
customers. Incoming and outgoing email are included in a journal report which is sent to the customer's journaling inbox.
The journal report contains the transport envelope data of the archived message and the original message is included as an
attachment.
The Mail Archiving service requires no web service to be installed. You need only to configure the service using the Services
Manager control panel. The Mail Archiving service's customer plan defines the journaling type that is provisioned to
customers.
Supported journaling types
Services Manager supports the following journaling types:Internal journaling
External journaling
Global Relay, where mail is archived offsite through the Global Relay Message Archive service
Service deployment overview
Deploying the Mail Archiving service involves the following tasks:1. Determine the journaling types you will offer to customers.
2. Configure the service using the control panel.
3. Provision the service to customers.
For deployment instructions, see Deploy the Mail Archiving service.
Provisioning changes in Active Directory and Exchange
When users are provisioned with the Mail Archiving service, they become members of the MARCH {CustomerShortName}
FULL group.
When a customer is provisioned with the External customer plan, the following changes occur:
Changes in Active Directory Changes in Exchange 2007 and 2010
Contact {CustomerShortName} ArchiveMailbox Contact is added.
{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.
Universal Security Group{CustomerShortName} Archive Mailboxesare added.
{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].
Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.
{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).
Journal Reports are sent to {CustomerShortName} Archive MailboxContact.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.47https://docs.citrix.com
Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}
Changes in Active Directory Changes in Exchange 2007 and 2010
When a customer is provisioned with the Internal customer plan, the following changes occur:
Changes in Active Directory Changes in Exchange 2007 and 2010
User “mailarchive_{CustomerShortName}" isadded.
{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.
Universal Security Group{CustomerShortName} Archive Mailboxes isadded.
{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].
Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.
{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).
Journal Reports are sent to {CustomerShortName} Archive MailboxContact.
Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.48https://docs.citrix.com
Microsoft Office Communication Server 2007
Jun 05, 2015
Updated: 2013-04-18The Office Communication Server 2007 (OCS) service for Services Manager delivers unified communication services from the
cloud. Using the Office Communicator client software, users enjoy an array of communication options, including group
chats, status updates, and video conferencing.
The OCS service uses a WMI connection to the Office Communications Server in your environment. The service requires no
web service to be installed. You need only to configure the service through the Services Manager control panel.
Supported versions
The OCS service supports the following OCS versions:Office Communication Server 2007
Office Communication Server 2007 R2
Before you deploy the OCS service, you must have a supported version of OCS deployed in your environment.
Requirements
To allow provisioned users to connect to Communicator, perform the following actions:If needed, change the scope of the CortexAdmins group from global to universal.
Include the RTCUniversalAdmins and RTCUniversalReadOnlyAdmins groups in the CortexAdmins group.
On the OCS server, restart all services that use RTC credentials.
To enable OCS reporting, configure and enable the OCS Monitoring Service on the OCS server. During configuration,perform the following actions on the OCS server:
Use both TCP/IP and named pipes for local and remote connections.
Allow SQL Server mode and Windows Authentication mode.
Add a SQL Server logon that has been granted db_datareader and db_owner permissions to the following OCS
databases: RTC, RTCDYN, and LCSCDR (this database is present only when OCS Monitoring is enabled).
Service deployment overview
Deploying the OCS service involves the following tasks:1. Configure the service using the control panel.
2. If using in a multi-tenanted environment, partition the address book by OU.
3. If OCS 2007 R2 is installed in the Configuration container instead of System, update the location on the Services
Manager Provisioning server. By default, Services Manager looks for OCS settings in the System container.
4. Provision the service to customers.
For deployment instructions, see Deploy the Office Communication Server 2007 service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.49https://docs.citrix.com
Microsoft SQL Server Hosting
Jun 05, 2015
Updated: 2014-01-20The Microsoft SQL Server Hosting service for Services Manager enables you to host instances of Microsoft SQL Server
from the cloud.
The service requires no web service to be installed and uses a remote connection to Microsoft SQL Server in your
environment.
Multiple SQL Server databases can be provisioned to a customer and the customer can then assign users to the databases.
The customer's databases can be provisioned to different SQL Servers or instances, depending on the resource
configuration.
Supported versions
The Microsoft SQL Server Hosting service supports the following versions of SQL Server:Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2012
Requirements
When preparing SQL Server for your Services Manager deployment, perform the following tasks:Ensure the SQL Server is a member of a domain managed by Services Manager.
Set the Authentication mode to SQL Server and Windows Authentication.
Enable remote connections to the server.
Enable protocols for remote connection, such as TCP/IP.
Open inbound f irewall ports required for the SQL Server instance and for Services Manager. The port for default
instances of SQL Server is TCP 1433. The default port for Services Manager is TCP 8095.
Ensure the SQL Server Browser service is running and set to start automatically. This ensures Services Manager can
locate the SQL Server and enumerate the instances installed when you configure the Microsoft SQL Server Hosting
service in the control panel. If you are using named instances of SQL Server, ensure UDP port 1434 is also open for
inbound connections.
Install the SQL Native Client component on the Services Manager Provisioning server. The 32- and 64-bit clients for each
supported version of Microsoft SQL Server are available from the Microsoft downloads site.
Service deployment overview
Deploying the Microsoft SQL Server Hosting service involves the following tasks:1. Ensure the SQL Native Client component is installed on the Services Manager Provisioning server.
2. Configure the service using the control panel. This includes creating a server collection and retrieving SQL Server
instances from each SQL Server in the collection.
3. Provision the service to customers.
For deployment instructions, see Deploy the Microsoft SQL Server Hosting service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.50https://docs.citrix.com
MySQL
Jun 05, 2015
Updated: 2013-02-11The MySQL service for Services Manager enables service providers to grant customers the ability to create, modify, and
remove MySQL databases. Users can perform limited database operations according to the user roles that are assigned to
them.
Supported versions
The MySQL service is supported for use with MySQL 5.0 and 5.1.
Server requirements
When configuring the server that will be running MySQL, perform the following tasks:Run MySQL on the default port 3306.
Allow local and remote connections.
On applicable f irewalls, open the following ports:
Port 3306, to allow connections to the MySQL server.
Port 8095, to allow connections between the MySQL server and the Services Manager web and Provisioning servers.
Account requirements
Services Manager requires logon access to administer databases and users. If you are using multiple MySQL servers, use the
same account for all of them (suggested name: CortexMySQLHosting). This account must have DBA (grant all) global
privileges.
Supported database user roles
User roles are comprised of MySQL permissions. The following table describes the permissions that are included in each role.
MySQL Permissions ReadOnly Role DBA Role User Role Full Role
SELECT X X X X
INSERT X X X
UPDATE X X X
DELETE X X X
EXECUTE X X X X
SHOW VIEW X X
CREATE X X
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.51https://docs.citrix.com
ALTER X X
REFERENCES X
INDEX X X
CREATE VIEW X X
CREATE ROUTINE X X
ALTER ROUTINE X X
DROP X X
CREATE TEMPORARY TABLES X X X
LOCK TABLES X X X
MySQL Permissions ReadOnly Role DBA Role User Role Full Role
Service deployment overview
Deploying the MySQL service involves the following tasks:Install the web service on the MySQL server.
Configure the MySQL service using the control panel.
Provision the service to customers.
For deployment instructions, see Deploy the MySQL service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.52https://docs.citrix.com
ShareFile
Jun 05, 2015
Updated: 2014-08-29The ShareFile service for Services Manager enables service providers and resellers to manage ShareFile accounts through
the Services Manager control panel. Customer administrators can also manage user accounts and ShareFile folder
permissions.
Support for ShareFile user types
The ShareFile service supports only Employee user accounts. You can create Client user accounts at ShareFile.com.
Support for ShareFile plans
The ShareFile service supports only the Enterprise customer plan. The service does not support the creation of additional
customer or user plans.
Requirements for using the service
Customers must have a Citrix ShareFile account. If the customer does not have an account, create one at ShareFile.com
before provisioning the service.
Customers' users must have working primary email addresses specif ied in Services Manager so they can receive ShareFile
account activation emails upon service provisioning.
Service deployment overview
Deploying the ShareFile service includes the following tasks:Import the ShareFile service package to the Services Manager control panel.
Configure the service using the control panel.
Create a scheduled task that synchronizes Employee user accounts between Services Manager and Citrix ShareFile.
Provision the service to resellers.
Provision the service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.53https://docs.citrix.com
SharePoint
Jun 05, 2015
Updated: 2014-08-29The SharePoint 2010 and 2013 services deliver SharePoint web sites to customers for sharing documents and informationfrom the cloud. Services Manager integrates with SharePoint servers through a Windows Communication Foundation(WCF) service. This topic includes the following sections:
Supported versions
Service migration
SharePoint server requirements
PowerShell remoting requirements
SharePoint account requirements
Service deployment overview
Web service deployment methods
DNS provisioning
SharePoint 2013 licensing and Web Apps
Supported versions
The SharePoint services support the following SharePoint server and IIS versions:
Service Name SharePoint Server Version SharePoint Edition IIS Version
SharePoint 2013 SharePoint 2013
SharePoint 2013 SP1
SharePoint Enterprise 2013
SharePoint Standard 2013
SharePoint Foundation 2013
IIS 7.5
IIS 8.0
SharePoint 2010 SharePoint 2010 SharePoint Enterprise 2010
SharePoint Foundation 2010
IIS 7.0
IIS 7.5
Service migration
Migrating customers from the SharePoint 2010 service to the SharePoint 2013 service includes the following tasks:Upgrade your SharePoint 2010 deployment as described in the article "Overview of the upgrade process to SharePoint
2013" on the Microsoft TechNet web site.
Provision the SharePoint 2013 service to customers, but do not configure resources or sites.
Remove the SharePoint 2010 sites from the control panel.
Import customers' migrated sites to the control panel.
SharePoint server requirements
When preparing the server that will be hosting the SharePoint web service, ensure the following requirements are met.These requirements apply to both SharePoint 2010 and SharePoint 2013 unless otherwise specif ied.
Operating system Install one of the following operating systems:SharePoint 2010: Windows Server 2008 (minimum)
SharePoint 2013:
Windows Server 2008 R2 SP1 Standard, Enterprise, or Datacenter (64-bit)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.54https://docs.citrix.com
Windows Server 2012 Standard or Datacenter (64-bit)
SharePoint 2013 SP1: Windows Server 2012 R2 Standard or Datacenter
Remote DesktopServices
Enabled.
Windows Serverroles
Enable the following roles:Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
SharePoint siteDNS management
Install and configure the DNS service to enable Services Manager to manage DNS for SharePointsites.
Web hostingservice
Install and configure the Windows Web Hosting service on the same SharePoint server that hoststhe SharePoint web service.
Service ports Open ports 8095-8098 and 5985 from the server hosting the SharePoint and Windows WebHosting services to the Services Manager Web and Provisioning platform servers.
Loopback check SharePoint 2010: Disabled. To do this:1. From the Registry Editor, select the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
2. Right-click Lsa, point to New, and select DWORD Value.
3. Type DisableLoopbackCheck.
4. Right-click DisableLoopbackCheck, then select Modify.
5. In the Value f ield, type 1.
6. Restart the server.
PowerShell remoting requirements
SharePoint 2010 and 2013 use PowerShell remoting to communicate with other servers in the environment. PowerShell
remoting must be enabled on the SharePoint server as well as on the Web and Provisioning servers in your Services Manager
deployment. Additionally, Credential Security Service Provider (CredSSP) authentication must be enabled.
SharePoint 2010
When you install the SharePoint 2010 web service, the Services Manager Configuration Tool configures PowerShellremoting by performing the following tasks:
Configures local policies:
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management
(WinRM) > WinRM Service > Allow CredSSP Authentication
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management
(WinRM) > WinRM Client > Allow CredSSP Authentication
Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Fresh Credentials with
NTLM-only Server Authentication (SPN=WSMAN/*domain)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.55https://docs.citrix.com
Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Delegating Fresh
Credentials (SPN=WSMAN/*domain)
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Specify
maximum amount of memory in MB per Shell
Checks for existing WinRM listeners. If a listener is not detected, winrm quickconfig is executed.
SharePoint 2013
Before you install the SharePoint 2013 web service, perform the following tasks to configure PowerShell remoting:Enable PowerShell remoting by running the following cmdlet on the SharePoint, Web, and Provisioning servers:
Enable-PSRemoting -ForceEnable CredSSP by running the following PowerShell cmdlets:
On the SharePoint 2013 server:
Enable-WSManCredSSP -Role ServerNote: After the script f inishes, restart the server.
On the SharePoint, Web, and Provisioning servers:
Enable-WSManCredSSP -Role Client -DelegateComputer *.domainEnable and configure the following local policies on the SharePoint 2013 server:
Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Fresh Credentials with
NTLM-only Server Authentication (SPN=WSMAN/*.domain)
Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Delegating Fresh
Credentials (SPN=WSMAN/*.domain)
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Specify
maximum amount of memory in MB per Shell
SharePoint account requirements
The requirements in this section are applicable to both SharePoint 2010 and SharePoint 2013 unless otherwise specified.
Add the service account used for the SharePoint web service deployment and configurations to the farm. Use the
cmdlet Get-SPShellAdmin to look up the account name.
Add the web service account to the local Administrators group on the server hosting the SharePoint 2010 or SharePoint
2013 web service.
Add the web service account to the following security groups:
SharePoint Farm Administrators (SharePoint 2010)
Farm Administrators (SharePoint 2013)
Domain Admins
CortexWSUsers
CortexAdmins
Add the web service account to the following roles on the SQL Server deployed with SharePoint 2010 or SharePoint
2013:
SharePoint_Shell_Access
Dbcreator
Securityadmin
Sysadmin
Public
Ensure the web service account is a member of SharePoint Shell Admins and the SharePoint Process Account. You can
verify these memberships by using the following cmdlets:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.56https://docs.citrix.com
Get-SPShellAdmin
Get-SPProcessAccount
Service deployment overview
Typically, deploying the SharePoint 2010 and 2013 services involve the following tasks:1. Configure the DNS service using the Services Manager control panel and provision to customers.
2. Install and configure the Windows Web Hosting web service on the SharePoint server that hosts the SharePoint web
service.
3. Install the SharePoint web service on the SharePoint farm server.
4. Configure the SharePoint web service using the control panel.
5. Add SharePoint farms to the control panel and configure for multi-tenancy.
6. Add and configure SharePoint feature packs, if applicable.
7. Configure SSL certif icates for provisioning to customer sites. (SharePoint 2013)
8. Provision the SharePoint service to customers.
The SharePoint web service is deployed on the application (front-end) server in the SharePoint farm. During the web service
installation process, the Services Manager Configuration Tool sets the SharePoint web service to the same application pool
identity as the SharePoint Central Administration site. This configuration is required for Services Manager to provision
SharePoint resources.
For deployment instructions, see Deploy the SharePoint 2010 service.
Web service deployment methods
You can deploy the SharePoint web service in the following ways:As a dedicated web service, where each SharePoint server in your deployment hosts the SharePoint web service. To
complete provisioning requests, each SharePoint server communicates directly with the Web and Provisioning servers as
appropriate.
As a shared web service, where the SharePoint web service is hosted on a single SharePoint server in your deployment.
To complete provisioning requests, this server communicates directly with the Web and Provisioning servers, and also
connects with the other SharePoint servers in the deployment as needed using PowerShell remoting.
Citrix recommends deploying the SharePoint web service as a dedicated web service. This method improves performance by
avoiding the potential for "double-hopping," where web service connections are relayed through a single point to other
SharePoint servers. Using a dedicated web service also improves reliability in the event of a server failure, as there are other
SharePoint servers that can provide web service connections.
DNS provisioning
You can enable DNS provisioning for SharePoint sites you provision through Services Manager. To do this, you must deploythe DNS service and provision it to customers. The following table describes DNS provisioning support in the SharePoint2010 and SharePoint 2013 services.
Servicename
SupportedDNS recordtypes
DNS record conf iguration DNSenabledbydefault?
SharePoint2010
Host (A)
CNAME
Control panel: Configuration > System Manager > Service Deployment >
SharePoint 2010 > Service Settings
No
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.57https://docs.citrix.com
Manages only one record type at a time. Changing the DNS record type
after sites are created is not recommended as it results in duplication of
DNS records.
SharePoint2013
Host (A) Control panel: Configuration > System Manager > Service Deployment >SharePoint 2013 > Service Settings
Yes
Servicename
SupportedDNS recordtypes
DNS record conf iguration DNSenabledbydefault?
When a SharePoint site is provisioned, a DNS record is created if the following requirements are met:A DNS record type is defined for the site.
The SharePoint site URL includes a subdomain (for example, http://site01.sharepoint-domain.com).
The DNS zone for the site is provisioned to the customer (for example, if the site URL is "site01.sharepoint-domain.com,"
the DNS zone "sharepoint-domain.com" must be provisioned to the customer before the site is provisioned.
After the DNS record is created, you can view the record using the following methods:From the control panel: Services > DNS > DNS Records
From the DNS server, using the DNS Manager snap-in, under Forward Lookup Zones for the domain
For instructions on enabling DNS provisioning for SharePoint 2010 sites, see To enable DNS for the SharePoint 2010 service.
SharePoint 2013 licensing and Web Apps
In Services Manager, SharePoint 2013 farms can have one of the following licenses: Foundation, Standard, or Enterprise.
When a SharePoint farm has only Foundation features enabled, customers are billed for each site with access to those
features. When a farm has Standard or Enterprise features enabled, customers are billed for each user provisioned to a site
with access to those features. For users of Standard or Enterprise sites, the license they are provisioned governs the set of
features that are available when they access the site. For example, if a user has a Standard license and accesses a site with
Enterprise features, the license allows the user to access only the Standard set of features on the site.
To determine whether or not per-user licensing is enabled for a farm, use the SharePoint cmdlet Get-SPUserLicensing.
When you create a SharePoint farm through the control panel, the farm has Foundation licensing by default. You can
configure the license on the Services > SharePoint 2013 > Farm Configuration page. However, after the farm is provisioned
to a customer, you cannot modify the license.
For farms with Standard or Enterprise licenses, you can also enable Microsoft Office document editing and MicrosoftProject features within SharePoint. These options have the following requirements:
To use this option... These items are required...
Edit Office Web Apps Users must have licenses to use Office applications
SharePoint farm must be configured to work with Office Web Apps Server
Project Web Apps Users must have licenses to use Project
SharePoint farm must be configured to work with Project Web App
When these options are enabled for the farm, you can choose to enable these options for users that are provisioned with
Standard or Enterprise user plans (and the appropriate product licenses). These options apply to all sites to which users are
provisioned. For example, if a user has the Edit Office Web Apps option enabled and has a Microsoft Word user license, the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.58https://docs.citrix.com
user can modify Word documents stored on all of the SharePoint sites to which the user has access. However, if the Edit
Office Apps option is disabled for the user, then the user can no longer modify Word documents on any of their sites.
When these options are enabled for a user, the user is added to the following security groups:SharePoint2013 EditOfficeWebApps
SharePoint2013 Project
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.59https://docs.citrix.com
Virtual Machines
Jun 05, 2015
Updated: 2013-05-17The Virtual Machines service for Services Manager delivers virtual datacenters from the cloud. The service integrates with
Microsoft System Center Virtual Machine Manager (SCVMM) for VM management and supports Microsoft Hyper-V Server.
Customers provisioned with the Virtual Machines service can create and manage the virtual servers in their organizations.
Customers can add and configure new virtual servers, create checkpoints that enable restoring virtual servers to a previous
state, and add or remove servers from available networks.
Customers can be assigned resource pools which include limits on total disk storage, memory, processors, and number of
virtual machines. When a resource pool is assigned, the customer can create, manage, stop, start, upgrade, and downgrade
their virtual servers through the Services Manager control panel. If more resources are needed, the customer's reseller can
add the required resources.
Customers can be assigned one or more virtual networks and Services Manager can automatically assign a VLAN tag or
allow the customer to assign the tag manually. After the network is set up, the customer can add or remove virtual servers
from the virtual network. Virtual networks can span across multiple physical hosts managed by the same SCVMM server.
This means that customers' virtual servers can be distributed across hosts.
Supported versions
The Virtual Machines service supports the following versions of SCVMM and Windows Server:
Version Windows Server 2008 R2 Windows Server 2012
SCVMM 2008 R2 SP1 X
SCVMM 2012 SP1 X
Additionally, the Virtual Machines service supports Microsoft Hyper-V Server 2008 R2.
General requirements
Windowsserver roles
Enable the following Windows server roles:Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Microsoft.NETFramework4
Installed.
SCVMMconsolesoftware
Install the System Center Virtual Machine Manager 2008 R2 Administrator Console.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.60https://docs.citrix.com
ActiveDirectorygroups
An Active Directory security group is added to Hyper-V servers to enable remote connections. Yourenvironment must allow security groups to be added to the host from the domain containing theServices Manager components.
SCVMM role requirements
In SCVMM, a Self Service user role is required for integration with Services Manager. Create this role with the followingsettings:
User role name: SelfService
User role profile: Self-Service User
Role member: CortexWSUser
Select the VM host groups that Services Manager will manage
Grant permissions: All actions
Allow users to create new VMs
Do not allow users to store VMs in a library
Firewall requirements
Open inbound TCP port 8095 on the server hosting the Virtual Machines web service. Additionally, open the followingfirewall ports, by role:
Role Port Description
SCVMM servers 8100 VMM - Administrator Console to VMM server
Asinstalled
RDP - self-service portal website port
If using a remote VMMdatabase
1433 TDS - SQL Server
Virtual server 5900 VMRC - VMRC connection to virtual server host
Hyper-V hosts 80 WinRM - VMM server to VMM agent on Windows Server-based host(control)
443 BITS - Library server > hosts
445 SMB - VMM server to VMM agent on Windows Server-based host (data)
2179 RDP - VMConnect to Hyper-V hosts
5900 VMRC - connection to virtual server host
Virtual machines 3389 RDP - Remote desktop to VMs
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.61https://docs.citrix.com
Security software scanning rules
Remove the following folders or executables from real-time scanning by security software:The default virtual machine configuration folder (for example, C:ProgramDataMicrosoftWindowsHyper-V) and any
custom virtual machine configuration folders
The default virtual machine hard disk drive folder (for example, C:UsersPublicDocumentsHyper-VVirtual Hard Disks) and
any custom virtual machine hard disk drive folders
Snapshot folders
VMMS.EXE - Virtual Machine Management Service
VMWP.EXE - Virtual Machine Worker Process
If you use Hyper-V Live Migration with Cluster Shared Volumes, remove the Cluster Storage folder (for example,
C:Clusterstorage) and all subfolders.
Network access
For each Hyper-V host, use SCVMM to set up network access:Configure network adaptors.
Configure VLAN ranges for VLAN trunking.
Hyper-V hosts can be stand-alone or clustered. Services Manager supports Cluster Shared Volumes for provisioning highly
available VMs.
For each Hyper-V host Services Manager is to manage, refer to article CTX129850, "How to Add a Hyper-V Host to
Cortex," in the Citrix Knowledge Center.
Service deployment overview
Deploying the Virtual Machines service involves the following tasks:1. Install the web service on the SCVMM server.
2. Configure the service using the control panel.
3. Verify the connection to SCVMM and synchronize resources.
4. Add Hyper-V hosts to Services Manager. See article CTX129850, "How to Add a Hyper-V Host to Cortex," in the Citrix
Knowledge Center.
5. Create virtual servers and networks using the control panel.
6. Establish remote connectivity to virtual servers so that customers can access them when they are provisioned the
service. See article CTX129846, "How to Connect to a Virtual Machine," in the Citrix Knowledge Center.
7. Provision the service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.62https://docs.citrix.com
Windows Web Hosting
Jun 05, 2015
Updated: 2013-05-11The Windows Web Hosting service enables service providers to host customers' web sites on Windows-based web servers.
The service also provides IIS support and DNS management.
Supported platforms
The Windows Web Hosting service supports the following IIS and Windows Server versions:
Version Windows Server 2008 Windows Server 2008 R2 SP1 Windows Server 2008 R2 SP1 Web Edition
IIS 7 X
IIS 7.5 X X
Requirements
When configuring the IIS server, perform the following tasks:Enable CloudPortal Services Manager DNS Services and enable DNS records for the Services Manager Windows Web
Hosting Service.
Install CloudPortal Services Manager Windows Web Hosting Service.
Create Web hosting root directory and shares with appropriate permissions
Create AD user and groups for FTP access and grant them appropriate permissions to the Web hosting root directory
In IIS Manager, create an FTP site with the following settings:
Setting Name Value
FTP site name Enter a name of your choosing.
Physical path Enter the path to the web hosting root directory.
IP Address Enter an IP address that is unique across all FTP sites.
Start FTP site automatically Select this option.
Enable Virtual Host Names Leave blank.
SSL Select Allow SSL.
Authentication Select Basic.
Allow access to Select Specif ied roles or user groups and enter as domainCortexIISUser
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.63https://docs.citrix.com
Permissions Select Read and Write.
FTP User Isolation > Isolate
users
Select FTP home directory configured in Active Directory and enter the
credentials as domainCortexIISUser
FTP Authentication > Basic
Authentication
Click Edit and enter the fully qualif ied domain name for the user's default logon
domain.
Setting Name Value
Service deployment overview
Deploying the Windows Web Hosting service involves the following tasks:1. Configure the service using the control panel. This includes creating a server collection.
2. If required, retrieve the certif icate list on the web server and enable availability to customers' sites.
3. If required, retrieve the IP address list on the web server and modify as appropriate.
4. Provision the service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.64https://docs.citrix.com
Install
Jun 05, 2015
Updated: 2013-02-04Deploying Services Manager first comprises installing and configuring core components (server roles) and locations. The
Setup Tool manages prerequisites and installs server roles. The Configuration Tool configures server roles and locations.
Both tools offer a graphical wizard-driven interface and a command-line interface.
After you install the server roles, and configure the roles and locations, you install and configure the web services. See
Deploy services for details.
For the graphical interface, refer to the following topics:To install server roles using the graphical interface
To configure server roles using the graphical interface
Configure locations using the graphical interface
For the command-line interface, refer to the following topics:To install server roles from the command line
Configure server roles and locations from the command line.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.65https://docs.citrix.com
Install and configure the Encryption Service
Jun 05, 2015
Updated: 2014-08-29Important: Install and configure the Encryption Service before installing any other platform server roles. This ensures theConfiguration Tool can access the service's encrypted key when other platform components and services are installed.Additionally, Citrix strongly recommends using SSL with the Encryption Service. Because the traffic to and from the service
contains sensitive data, using SSL ensures this traffic is encrypted appropriately.
When you configure the Encryption Service, the Configuration Tool performs the following actions:Creates a service account in Active Directory. By default, the service account name is csm_core_svc.
Creates an application pool and web site in IIS and configures authorization rules to limit access to the Domain Admins
group or the CortexWSUsers group.
Generates an encryption key and stores it in Windows Registry.
To install and configure the Encryption Service using the graphical interface
1. From the installation media, double-click Setup.exe and then click Get Started.
2. On the Select Deployment Task page, select Install CloudPortal Services Manager.
3. On the Install CloudPortal Services Manager page, select Configure Encryption Service.
4. On the License Agreement page, accept the license agreement and click Next.
5. On the Ready to Install page, click Install. The Deploying Server Roles page indicates the progress of installing
prerequisites, the Configuration Tool, and the Encryption Service.
6. On the Deployment Complete page, click Finish.
7. On the Configure Application Pool Identity page, enter a password for the Encryption Service's service account. By
default, the username is csm_core_svc. Click Next.
8. On the Configure Site Binding page, select Use SSL and select the SSL certif icate you want to use. Click Next.
9. On the Summary page, click Commit.
10. After the configuration is completed, click Finish to return to the Install CloudPortal Services Manager page.
To install and configure the Encryption Service using the command line
1. On the server you prepared to host the Encryption Service, log on as a domain administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /install:EncryptionService. The Setup Tool installs the service
and returns the command prompt.
4. At the command prompt, enter install-locationConfigurationCortexConfigConsole.exe and specify the following
properties:
Property Description
/ESUserName:username The application pool user for the Encryption Service.
/ESPassword:password The application pool password.
/ESPort=port The port number to use when creating a site binding for the service. Default = 443
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.66https://docs.citrix.com
/AutoCreateESUser:True
| False
Optional. Automatically create the application pool user account in Active Directory if
the account does not exist already. Default = True
/ESSslCertif icate The friendly name of the SSL certif icate to use in the site binding. Optional if /ESUseSsl is
set to False.
/ESUseSsl:True | False Whether or not to use SSL. Default = False
Property Description
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program
Files (x86)CitrixCortex.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.67https://docs.citrix.com
Generate and export keyfiles for the EncryptionService
Jun 05, 2015
Updated: 2014-08-29When you install and configure Services Manager platform components or services, the Configuration Tool attempts to
discover the presence of the Encryption Service and access the encryption key that was created when you installed the
Encryption Service. If the attempt is unsuccessful, the Configuration Tool prompts you to import a keyfile. You can generate
and export this keyfile manually through the Encryption Service web site.
To access the Encryption Service web site and generate the keyfile, you must belong to the Domain Admins group or the
CortexWSUsers group. If you do not belong to these security groups, the Encryption Service web site prompts you for the
appropriate credentials. To generate the keyfile, you supply an encryption password that is at least eight characters long.
You enter this password through the Configuration Tool when you import the keyfile.
1. Using a web browser, navigate to the Encryption Service web site at https://EncryptionServiceFQDN/Encryption. The
Export Encryption Key page appears.
2. In Encryption Password, enter a string that is at least eight characters long.
3. Click Download and save the keyfile when prompted. The default f ilename for the keyfile is key.csmk; however, you can
save this f ile with any f ilename you choose.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.68https://docs.citrix.com
Verify deployment readiness
Jun 05, 2015
Updated: 2014-08-08Before installing any server roles, verify the following items:
Your Active Directory schema has been extended to accommodate Services Manager. This is performed using the
Microsoft Exchange installation tools.
The required DNS aliases have been configured. Services Manager uses DNS aliases to locate the servers where the
platform components will be deployed.
Use the Services Manager Setup Tool to verify these items. The tool queries your environment and, if successful, displays a
green check mark next to each verified item. If the queries cannot be completed, the Setup Tool displays a Verify button so
you can perform the checks again.
For more information about Active Directory and DNS requirements for Services Manager, review the topic System
Requirements for Server Roles.
1. From the installation media, double-click Setup.exe.
2. From the CloudPortal Services Manager splash page, click Get Started.
3. On the Select Deployment Task page, select Install CloudPortal Services Manager.
4. On the Install CloudPortal Services Manager page, select Check Environment Prerequisites. The Prepare Environment
page displays the status of the verif ied items. Successfully verif ied items are displayed with green check marks.
5. Click Back to return to the Install CloudPortal Services Manager page.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.69https://docs.citrix.com
To create the system databases
Jun 05, 2015
Updated: 2014-08-08Perform this task after you have deployed Microsoft SQL Server and SQL Server Reporting Services.
The system databases are created using the Services Manager Configuration Tool, which is installed as a part of this
process.
1. From the installation media, double-click Setup.exe.
2. From the CloudPortal Services Manager splash page, click Get Started.
3. On the Select Deployment Task page, select Install CloudPortal Services Manager.
4. On the Install CloudPortal Services Manager page, select Deploy Server Roles & Primary Location.
5. On the Deploy Server Roles & Primary Location page, select Create System Databases.
6. Install the Services Manager Configuration Tool:
1. When prompted, click Install to install the Configuration Tool.
2. On the License Agreement page, accept the license agreement and then click Next.
3. On the Ready to Install page, click Install. The Setup Tool installs the Configuration Tool and any prerequisites that
are not present.
4. Click Finish to continue creating the system databases.
7. On the Create Deployment Configuration File page, browse to the directory where you want to store the XML
deployment configuration f ile and then enter a f ile name. Click Next.
8. On the Create Primary Databases page, perform the following actions and then click Next:
1. Configure the following information about the SQL Server that will store system configuration information:
In Server address, specify the database server using the DNS alias, the IP address, or the FQDN.
In Server port, specify the port number used by SQL Server. The port for a default instance of SQL Server is 1433.
In Authentication mode, select whether to use Integrated (Windows and SQL) or SQL authentication. By default,
Integrated is selected.
In Connect as, specify the username and password of the SQL administrator user. These f ields are available when
you select the SQL authentication mode for your deployment.
2. Click Test Connection to ensure the Configuration Tool can contact the SQL Server and then click Next.
9. On the Configure Database Logins page, leave Generate credentials selected if you want passwords created
automatically for the CortexProp, OLM, and OLMReports database accounts. Clear this option if you want to enter the
passwords for these accounts. The CortexProp, OLM, and OLMReports accounts are created to ensure cross-domain
access to the system databases.
10. On the Summary page, review the database configuration information. If you want to change anything, click Back to
return to the appropriate configuration page.
11. Click Commit. The Applying Configuration page displays progress.
12. After the system databases are successfully created, click Finish. The Deploy Service Roles & Primary Location page
appears.
After the system databases are created, you can install the Provisioning, Directory Web Service, and Web platform server
roles on the other servers in your deployment.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.70https://docs.citrix.com
To install server roles using the graphical interface
Jun 05, 2015
Updated: 2013-03-04Perform this task on the server that will be hosting the server role you want to install. For example, install the Provisioningserver role on the server that you have designated as the Provisioning server. Likewise, install the Web server role on theweb server.Note: Install and configure the Reporting server role after the primary location has been configured. If you install theReporting service before the primary location has been configured, configuration of the Reporting service fails.1. From the installation media, double-click Setup.exe.
2. On the Setup Tool splash page, click Get Started.
3. On the Select Deployment Task page, select Install CloudPortal Services Manager.
4. On the Install CloudPortal Services Manager page, select Deploy Server Roles & Primary Location.
5. On the Deploy Server Roles & Primary Location page, select Install Server Roles.
6. On the License Agreement page, accept the license agreement and then click Next.
7. On the Select Server Roles page, select one or more roles to install and then click Next. The Configuration Tool check
box always remains selected.
8. On the Review Prerequisites page, review the prerequisite items that will be installed and then click Next.
9. On the Ready to Install page, review the selected roles and prerequisites that will be installed. Click Install. The Deploying
Server Roles page indicates the progress of installing prerequisites and the selected roles, and the result.
10. On the Deployment Complete page, click Finish. The installer returns to the Deploy Server Roles & Primary Location page.
After you have installed the selected server role(s), run the Configuration Tool to configure the server role. For more
information, see To configure server roles using the graphical interface.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.71https://docs.citrix.com
To install server roles from the command line
Jun 05, 2015
Updated: 2014-09-02Perform this task on the server that will be hosting the server role you want to install. For example, install the Provisioning
server role on the server that you have designated as the Provisioning server.
From the CortexSetup directory on the installation media, type the following at a command prompt:
CortexSetupConsole.exe /install:items [/Help]
/install:items
Comma-delimited list of Services Manager roles to install. Valid values are:
ConfigTool
Note: The Configuration Tool is automatically installed when you specify any other server roles to install. You must
specify it if you are not installing any other server roles with this command, but plan to later use a script to configure the
system databases.
Provisioning
DirectoryWebService
Web
Reporting
eCommerce
ReportMailer
/Help
Displays command help.
After you install the server role, run the Configuration Tool to configure the server role. After the Provisioning, Directory
Web Service, and Web server roles are installed and configured, you can configure the primary location. After configuring the
primary location, you can install and configure the Reporting server role.
Example
The following command installs the Provisioning Engine and Directory Web Service.CortexSetupConsole.exe /install:Provisioning,DirectoryWebService
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.72https://docs.citrix.com
To configure server roles using the graphical interface
Jun 05, 2015
Updated: 2014-09-02In general, the configuration process is similar for each server role you install. However, some server roles include additional
configuration options. Only the roles you install on the server are available for configuration.
This topic assumes you have installed the server roles you want to configure, the Services Manager Setup Tool is running
and displaying the Deploy Server Roles & Primary Location page.
1. From the Deploy Server Roles & Primary Location page of the Setup Tool, select Configure Server Roles. The
Configuration Tool attempts to contact the Encryption Service to retrieve the encrypted key. If the service cannot be
contacted, the Configuration Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile,
see Generate and export keyfiles for the Encryption Service.
2. If required, import the Encryption Service key f ile and then click Next:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was specif ied when the key f ile was generated.
3. On the Select Configuration Task page, select one or more roles to configure and then click Next.
4. Use the following table to configure the settings for each server role:
Role Page Description
Directory
Web
Service
Configure
Directory
Web Service
Configure the following options as required:
Auto-generate credentials: Select this option to create the Directory Web Service
account with auto-generated credentials. Leave this option cleared to specify
your own credentials for this account.
User name: Enter the user name of a domain administrator for the service
account. The default user name is cortex_dirws_svc. This f ield is not available if
you elect to auto-generate credentials.
Password: Enter a password for this account that conforms to your domain's
password policy. This f ield is not available if you elect to auto-generate
credentials.
Create if doesn't exist: Leave this option selected to create the service account if
it does not already exist. If you elect to create this account manually prior to
configuring the server role, clear this option. This option is not available if you elect
to auto-generate credentials.
Service port: Specify the port that the Directory Web Service will use. By default,
the Directory Web Service uses port 8095.
eCommerce
SDK
None. Proceed to Step 5.
Provisioning Configure
Queue
Monitor
Service
Configure
The Queue Monitor service processes administrative requests from the Web Server
and automates other internal services. The Provisioning Engine hosts scheduled tasks
that monitor Active Directory, keeping user account information current, and sending
email notifications for events such as password expiry.
Configure the following options as required:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.73https://docs.citrix.com
Directory
Monitoring
Services
Auto-generate credentials: Select this option to create the monitoring service
account with auto-generated credentials. Leave this option cleared to specify
your own credentials for this account.
User name: Enter the user name of a domain administrator for the service
account. For the Queue Monitor service, the default user name is
cortex_qmon_svc. For the Directory Monitor service, the default user name is
cortex_dirmon_svc. This f ield is not available if you elect to auto-generate
credentials.
Password: Enter a password for this account that conforms to your domain's
password policy. This f ield is not available if you elect to auto-generate
credentials.
Create if doesn't exist: Leave this option selected to create the service account if
it does not already exist. If you elect to create this account manually prior to
configuring the server role, clear this option. This option is not available if you elect
to auto-generate credentials.
Configure
Provisioning
Mail Server
Specify the SMTP server address and port number the Provisioning server will use to
send email messages, such as system updates to administrators, account
notifications to end users, and usage reporting to Citrix. Click Test Connectivity to
ensure the Configuration Tool can communicate with the SMTP server.
Report
Mailer
Configure
License
Reporting
Configuring the Report Mailer is required. Licensing data is reported to Citrix through
emailed reports.
Configure the following settings:
Customer ID: Enter your Citrix customer ID.
Auto-generate credentials: Select this option to create the service account with
auto-generated credentials. Leave this option cleared to specify your own
credentials for this account.
User name: Enter a unique user name for the service account. The default user
name is cortex_RM_svc. This f ield is not available if you elect to auto-generate
credentials.
Password: Enter a password for this account that conforms to your domain's
password policy. This f ield is not available if you elect to auto-generate
credentials.
Create if doesn't exist: Leave this option selected to create the service account if
it does not already exist. If you elect to create this account manually prior to
configuring the server role, clear this option. This option is not available if you elect
to auto-generate credentials.
Configure
Mail Server
for Report
Mailer
Specify the address and port number of the SMTP server that the Report Mailer
server will use to send email messages to administrators, end users and Citrix. If you
have previously configured SMTP settings for the Provisioning server, the Use shared
mail settings check box is selected by default.
Additionally, specify the From Address that will be used to send email messages. The
default address is [email protected].
Role Page Description
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.74https://docs.citrix.com
Reporting Reporting
Database
Credentials
Configure the following settings:
Auto-generate credentials: Select this option to create the Reporting service
account with auto-generated credentials. Leave this option cleared to specify
your own credentials for this account.
User name: Enter a unique user name for the service account. The default user
name is OLMReportingUser.
Password: Enter a password for this account that conforms to your domain's
password policy. This f ield is not available if you elect to auto-generate
credentials.
Configure
Mail Server
Specify the address and port number of the SMTP server that the Reporting service
will use to send email messages to administrators, end users, and Citrix.
Preview
Service
Package
Import
Review the selected service components that will be imported when the Reporting
service is configured. Unselected service components, such as packages, roles, and
assemblies, are imported when other server roles are configured.
Configure
Reporting
Database
Configure the following settings:
Use primary database settings: Leave this option cleared if you want to configure
a secondary database server to handle system reporting and billing. Select this
option if you want to use the server hosting the main database for these
functions.
Server address: Enter the FQDN, IP address, or DNS alias of the database server
you want to use.
Use specif ic port: Select this option to configure the port number for the
database server. The default port number is 1433.
Authentication mode: Select the database authentication you want to use. By
default, Windows (Integrated) is selected. A SQL Server login for the reporting
database ensures cross-domain accessibility.
Connection credentials: Enter the user name and password for the database
administrator user. These f ields are not available if SQL authentication is not
selected.
Click Test Connection to ensure the Configuration Tool can communicate with the
database server.
Configure
Data
Transfer
Service
The Data Transfer Service is a scheduled task of the Data Warehouse feature that
migrates and adapts data from the primary database to facilitate building reports
with Microsoft SQL Server Reporting Services. Configure the following settings:
Auto-generate credentials: Select this option to create the service account with
auto-generated credentials. Leave this option cleared to specify your own
credentials for this account.
User name: Enter a unique user name for the service account. The default user
name is csm_datatransfer_svc.
Role Page Description
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.75https://docs.citrix.com
Password: Enter a password for this account that conforms to your domain's
password policy. This f ield is not available if you elect to auto-generate
credentials.
Create if doesn't exist: Leave this option selected to create the service account if
it does not already exist. If you elect to create this account manually prior to
configuring the server role, clear this option. This option is not available if you elect
to auto-generate credentials.
Data
Transfer
Notifications
The Data Transfer task sends email notifications with the results of Data
Warehouse operations. This enables administrators to respond quickly to
interruptions in reporting functionality. Specify the source and destination email
addresses for sending success and failure notifications.
Specify
Reporting
Services
Details
Configure the following settings:
Report server URL: Enter the URL of the reporting server instance as it appears in
the Microsoft SQL Server Reporting Services Configuration Manager.
User name and password: Enter the credentials of the report server administrator
user. The password for this user account should never expire, in order to avoid
potential service interruption.
Click Test Connection to verify the Configuration Tool can communicate with the
reporting server.
Data
Warehouse
Service
Auto-generate credentials: Select this option to create the service account with
auto-generated credentials. Leave this option cleared to specify your own
credentials for this account.
User name: Enter a unique user name for the service account. The default user
name is csm_dataw_svc.
Password: Enter a password for this account that conforms to your domain's
password policy. This f ield is not available if you elect to auto-generate
credentials.
Create if doesn't exist: Leave this option selected to create the service account if
it does not already exist. If you elect to create this account manually prior to
configuring the server role, clear this option. This option is not available if you elect
to auto-generate credentials.
Service port: Specify the port that the service will use. The default port is 80.
Data purge window (months): Select Configure and then specify the number of
months after which older historical data is deleted. For example, specify 84 to
delete data that is older than seven years.
Web Preview
Service
Package
Import
Review the selected service components that will be imported when the Web server
role is configured. Unselected service components, such as reports, are imported
when other server roles are configured.
Configure External address: Enter an externally resolvable host name or address by which the
Role Page Description
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.76https://docs.citrix.com
Web Server server can be reached. The default address is cortexweb.
Binding IP: By default, all IP addresses are included.
Use SSL: Leave this option selected if you are deploying Services Manager in a
production environment. You can clear this option if you are deploying Services
Manager in a test environment.
SSL certif icate: Specify the SSL certif icate you want to use for the server. This
item is not available if you do not elect to use SSL.
Role Page Description
5. On the Summary page, review the configuration information for the server role. If you want to change anything, return
to the appropriate configuration page. When the summary contains the settings you want, click Commit. The Applying
Configuration page displays the configuration progress.
6. After the configuration is completed, click Finish to return to the Deploy Server Roles & Primary Location page.
After you configure the server roles on each server in the deployment, you can configure the primary location.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.77https://docs.citrix.com
Configure locations using the graphical interface
Jun 05, 2015
Updated: 2013-03-05Configuring the primary location initializes the control panel, specifies service provider details, and provisions the first
administrator. Configure the primary location once per deployment.
When configuring the primary location, consider the following items:Run all configuration steps as a domain administrator.
Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.
Ensure the required f irewall ports are configured for each server in the deployment.
To configure the primary location
This task assumes the Services Manager installer is running and the Deploy Server Roles & Primary Location page is
displayed.
1. On the Deploy Server Roles & Primary Location page, select Configure Primary Location..
2. On the Load Deployment Configuration File page, browse to the XML f ile you created when creating the system
databases. Click Next.
3. On the Specify Location Details page, enter the following information and then click Next:
Under Location Settings, enter the name and description for the primary location.
Under Customers' Organizational Unit, enter the OU name and the display name for the top level customer OU. The
default OU name is Customers and the default display name is Customers OU.
4. On the Enter Service Provider Details page, enter the following information and then click Next:
In Display Name, enter the service provider's name. The default name is Service Provider.
In Short Name, enter an abbreviation of the display name. By default, a three-letter abbreviation is supplied
automatically when you enter the display name.
In UPN Suffixes, enter one or more UPN suffixes to associate with your organization in Active Directory. This enables
you to assign customer or user-specif ic UPN logons. The default UPN suffix is csp.local.
In Contact name and Contact email, enter the name and email address of the primary contact for the location.
5. On the Create First Administrator page, enter the full name and logon credentials for the top-level administrator user for
the location. Click Next.
6. On the Summary page, review the location settings and administrator information you specif ied. If you want to change
anything, return to the appropriate page. When the summary contains the settings you want, click Commit.
To configure a remote location
Perform this task to associate a new, separate location with an existing Services Manager instance. For more information
about remote locations, see Plan for deploying the Services Manager platform.
1. From the installation media, double-click Setup.exe and then click Get Started.
2. On the Select Deployment Task page, select Add Services & Locations.
3. On the Add Services & Locations page, select Add Remote Location..
4. On the Configure Remote Location page, select Configure Location.
5. On the Load Deployment Configuration File page, browse to the XML f ile you created when creating the system
databases for the primary location. Click Next.
6. On the Specify Location Name Details page, enter the following information and then click Next:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.78https://docs.citrix.com
Under Location Settings, enter the name and description for the remote location.
Under Customers' Organizational Unit, enter the OU name and the display name for the top level customer OU. The
default OU name is Customers and the default display name is Customers OU.
7. On the Summary page, review the location settings you specif ied. If you want to change anything, return to the
appropriate page. When the summary contains the settings you want, click Commit.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.79https://docs.citrix.com
Configure server roles and locations from the command line
Jun 05, 2015
Updated: 2014-10-09This topic assumes that you have installed the Services Manager Configuration Tool on the platform servers you want to configure and on the server where you want to configure the primary
location or a remote location. When you install a platform server role, the Configuration Tool is installed automatically. To install the Configuration Tool only, see To install server roles from the
command line.
This topic includes the following sections:Command Conventions
Return Codes
Syntax
Databases options
Provisioning options
Directory Web Service options
Web options
Location options
Reporting options for deploying the Reporting service
Reporting options for deploying reports
Reporting (Data Warehouse) options
Report mailer options
Example: Configure the Provisioning and Directory Web Service server roles
Example: Configure the primary location
Example: Configure a remote location
Command Conventions
Several options use Boolean values (true or false).If you omit an option that requires a Boolean value, the default value is used. For example, if you do not include the /UseCortexSql:True | False option in the command, the default value (false) is
used; that is, the reporting database will not use the settings configured for the main system database.
If you specify an option that requires a Boolean value but you omit the value, the option value is true. For example, if you specify only /UseCortexSql (with no True or False value), the option is true;
that is, the reporting database will use the settings configured for the main system database.
You can use environment variables to represent one or more command-line options or option values (for example, /ReportingDBServer:%currentServer%, where currentServer is defined as an
environment variable).
Enclose option values that contain spaces in quotation marks (for example, /LocationName:"Southeast Hub").
Return Codes
The configuration command supports the following return codes:
Value Meaning
1 Another instance is already running.
0 Success.
-1, -2, -3 Command-line error.
-4 General failure during configuration. To debug further, review the log in %WINDIR%Temp.
Syntax
To configure the server roles and create the primary location from the command line, you execute the Services Manager Configuration Tool by typing the following at a command prompt:
CortexConfigConsole.exe /ConfigFile:config-file /Configure:tasks /task-options [/Help]
/Conf igFile:conf ig-f ile
Location of XML configuration f ile with read-write access for the current user. If this f ile already exists, its content will be overwritten during the configuration.
/Conf igure:tasks
Configures specif ied installed Services Manager roles and a location. Valid values are:
Databases – Creates the main Services Manager system databases.
Provisioning – Configures the Provisioning Engine.
DirectoryService - Configures the Directory Web Service.
Web – Configures the Web Server.
Location – Initializes the Services Manager instance. A location is the main unit of isolation between tenants, and usually corresponds to an Active Directory domain or forest.
Reporting – Creates the reporting database and configures the Data Warehouse feature.
ReportMailer – Configures the email environment for sending usage reports to the Citrix license monitor. Configuring the Report Mailer is required.
/Help
Displays command help.
Databases options
/CortexSql:name
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.80https://docs.citrix.com
Required. Name of the main system database (the previously-installed Microsoft SQL Server 2008 R2 instance).
/CortexSqlAuthMode:SQL|Windows
SQL Server authentication mode: SQL or Windows. Default = Windows
/CortexSqlUsername:username
Username for the main system database user. This is optional if you specify /CortexSqlAuthMode:Windows and are using integrated security.
/CortexSqlPassword:password
Password for the user name specif ied with the /CortexSqlUsername option. This is optional if you specify /CortexSqlAuthMode:Windows and you are using integrated security.
/CortexSqlPort:port
SQL Server port. Default = 1433 if this is the default SQL Server instance.
/GenerateCortexSqlCredentials:True | False
If true, passwords for the CortexProp, ExchangeLogs, OLMReports, and OLMUser system database users are automatically generated.
/CortexPropPassword:password
Password for the CortexProp database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/ExchangeLogsUserPassword:password
Password for the ExchangeLogs database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/OlmReportsUserPassword:password
Password for the OLMReporting database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/OlmUserPassword:password
Password for the main system database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/GenerateConf igFile:f ilename
Path and f ile name for XML configuration f ile.
Provisioning options
/SmtpServer:address
Required. Address of SMTP server from which email messages are sent, including system updates for administrators and account notif ications for end users.
/SmtpServerPort:port
Port on SMTP server to be used for sending email messages about system updates for administrators and account notif ications for end users. Default = 25
/SmtpOutFolder:folder
Folder that serves as an outbox for the control panel when sending emails. Default = %WINDIR%TempCortexEmail
/GenerateQueueMonitorCredentials (or GenQMonCreds):True | False
If true, user credentials are automatically generated for the Queue Monitor service, which processes administrative requests from the Web Server and automates other services. Default = False
/QueueMonitorUserName:username
User name for a domain account to be used by the Queue Monitor service (default = cortex_qmon_svc). The user must have full domain administrator permissions. This is optional if you specify
GenerateQueueMonitorCredentials:True.
/QueueMonitorPassword:password
Password for the user name specif ied with the /QueueMonitorUserName option. This is optional if you specify /GenerateQueueMonitorCredentials:True.
/AutoCreateQueueMonitorCredentials:True | False (or /AutoCreateQMon:True | False)
If true, the domain user account to be used by the Queue Monitor service is created if it does not already exist. Default = True
/GenerateDirectoryMonitoringCredentials:True | False (or GenDirMonCreds:True | False)
If true, user credentials for the Directory Monitoring service are generated automatically. This service monitors Active Directory, keeping account information current and sending email
notif ications for key events such as password expiry. Default = False
/DirectoryMonitoringUserName:username
User name for the account to be used by the Directory Monitoring service (default = cortex_dirmon_svc). This is optional if you specify /GenerateDirectoryMonitorCredentials:True.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.81https://docs.citrix.com
/DirectoryMonitoringPassword:password
Password for the user name specif ied with the /DirectoryMonitoringUserName option. This is optional if you specify /GenerateDirectoryMonitorCredentials:True.
/AutoCreateDirectoryMonitoringCredentials:True | False (or /AutoCreateDirMon:True | False)
If True, the user account to be used by the Directory Monitor service is created if it does not already exist. Default = True
Directory Web Service options
/DirectoryServicePort:port
Port used by the Directory Web Service. Default = 8095
/GenerateDirectoryServiceUserCredentials:True | False (or GenDirWSCreds:True | False)
If true, user credentials for the Directory Web Service are generated automatically. Default = False
/DirectoryServiceUserName:username
User name for an account to be used by the Directory Web Service. This is optional if you specify /GenerateDirectoryServiceUserCredentials.
/DirectoryServicePassword:password
Password for the user name specif ied with the /DirectoryServiceUserName option. This is optional if you specify /GenerateDirectoryServiceCredentials.
/AutoCreateDirectoryServiceUser:True | False (or /AutoCreateDirWS:True | False)
If true, the user account to be used by the Directory Web Service is created if it does not already exist. Default = True
Web options
/ExternalAddress:address
Externally-resolvable address by which the Web Server can be reached. Default = cortexweb
/UseSsl:True | False
If true, an SSL binding is created for the management portal. Default = True (recommended)
/SslCertif icate:name
Friendly name of the SSL certif icate to use. This is required if you specify /UseSSsl:True.
/BindingIpip-address
IP address to use for the new site binding. Default = "*" (all unassigned)
Location options
When configuring locations, consider the following items:Run all configuration steps as a domain administrator.
Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.
Ensure the required f irewall ports are configured for each server in the deployment.
/PrimaryLocation:True | False
Required. If True, the /Locationx configuration option values are for the f irst Services Manager administrator. This is the top-level administrative account in the control panel; it can add customers,
assign services, and manage delegated administration.
/LocationName:name
Required. Name of the location. Default = Top Location
/LocationDescription:description
Description of the location. Default = Top-level Service Provider Location
/LocationOU:location
OU of the location.
/LocationOULabel:label
OU label of the location.
/CspAdminFirstName:f irst-name
First name of administrator (Default = CSP). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.82https://docs.citrix.com
/CspAdminLastName:last-name
Last name of administrator (Default = Admin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspAdminUserName:username
User name for the administrator (Default = cspadmin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspAdminPassword:password
Password for the user name specif ied with the /CspAdminUserName option. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspContact:name
Contact name of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspContactEmail:address
Email address of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspName:name
Name of service provider that will appear in displays. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspUPN:suff ixes
UPN suffixes (Default = tsp.local). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
Reporting options for deploying the Reporting service
/UseCortexSql:True | False
If true, the reporting database will use the settings configured for the main system database. Default = False
/ReportingDBCollation:True | False
Determines how string data is sorted when comparing, selecting, or manipulating values from the database.
/ReportingDBServer:address
Address of the reporting database server. This is optional if you specify /UseCortexSql:True.
/ReportingDBServerPort:port
Port to use on the database server (Default = 1433). This is optional if you specify /UserCortexSql:True.
/ReportingDBName:name
Name of reporting database. Default = OLMReporting
/ReportingDBServerAuthMode:SQL | Windows
Authentication mode of the reporting database. This is optional if you specify /UseCortexSql:True.
/ReportingDBGenerateCredentials:True | False
If true, reporting database administrator account credentials are generated automatically. Default = False
/ReportingDBServerUserName:username
User name for an administrator account to be used to create the reporting database, plus create and configure the service account specif ied with the /OlmReporting* options. This is optional if
you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.
/ReportingDBServerPassword:password
Password for the user name specif ied with the /ReportingDBServerUserName option. This is optional if you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.
/OlmReportingUserName:username
Name of service account used by the Data Warehouse process to update the reporting database. This is optional if /ReportingDBGenerateCredentials:True.
/OlmReportingPassword:password
Password for the user name specif ied with the /OlmReportingUserName option. This is optional if /ReportingDBGenerateCredentials:True.
/OlmReportingUserAuthMode:SQL| Windows
Authentication mode: SQL or Windows (Default = SQL). This is optional if /ReportingDBGenerateCredentials:True.
Reporting options for deploying reports
/ReportingServer:url
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.83https://docs.citrix.com
Required. URL of the report server.
/ReportsUserName:username
Required. User name of the Reporting Service administrator.
/ReportsPassword:password
Required. Password for the user name specif ied with the /ReportsUserName option.
/PublishReports:report[,report]…
Comma-separated list of reports to deploy. Valid values are: AD Sync, Billing, Citrix, Communicator, DNS, Exchange, File Sharing, FTP, Mail Archiving, Microsoft CRM, MySQL, SharePoint, SQL Server,
Windows Web Hosting.
To publish all reports, use the /PublishAllReports option.
/PublishAllReports:True | False
If true, all available reports are published (Default = False). To publish a subset of the available reports, set this option to False, and use the /PublishReports option to specify the reports.
Reporting (Data Warehouse) options
/SuccessEmailFrom:address
Required. Source email address for success notif ications.
/SuccessEmailTo:address
Required. Destination email address for success notif ications.
/FailureEmailFrom:address
Required. Source email address for failure notif ications.
/FailureEmailTo:address
Required. Destination email address for failure notif ications.
/GenerateDataTransferCredentials:True | False
If true, user credentials for the Data Transfer Service are generated automatically. Default = False
/DataTransferUserName:username
User name for the account to use for the Data Transfer Service. This is optional if you specify /GenerateDataTransferCredentials:True.
/DataTransferPassword:password
Password for the user name specif ied with the /DataTransferUserName option. This is optional if you specify /GenerateDataTransferCredentials.
/SmtpServer:address
Address of SMTP server to be used for sending email messages.
/SmtpServerPort:port
Port on the SMTP server to be used for sending email messages.
Report mailer options
/CustomerId
Required. Customer ID.
/ReportMailerEmailServer:name
Name of SMTP mail server.
/GenerateUserCredentials:True | False
If true, credentials for the SMTP mail server user account are generated automatically. Default = False
/ReportMailerTaskUserName:username
User name for the account the Report Mailer task will use. This is optional if you specify /GenerateUserCredentails:True.
/ReportMailerTaskUserPassword:password
Password for the user name specif ied with the /ReportMailerTaskUserName option. This is optional if you specify /GenerateUserCredentails:True.
/ReportMailerEmailServerPort:port
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.84https://docs.citrix.com
Port number on SMTP server. Default = 25
/ReportMailerEmailUserName:username
User name for the user account that accesses the SMTP email server.
/ReportMailerEmailPassword:password
Password for the user name specif ied with the /ReportMailerEmailUserName option.
Example: Configure the Provisioning and Directory Web Service server roles
The following command configures the Provisioning and Directory Web Service server roles and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Provisioning,DirectoryWebService /SmtpServer:mail.takahepubs.com /DirectoryServiceUsername:cortex_dirws_svc /DirectoryServicePassword:passwordExample: Configure the primary location
The following command configures the primary location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Location /PrimaryLocation:True /LocationName:My First Location /LocationOU:Organization-Name /LocationOULabel:My Organization /CspAdminPassword:password /CspContact:CSP-Name /CspContactEmail:[email protected] /CspUPN:my-org.comExample: Configure a remote location
The following command configures a remote location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Location /PrimaryLocation:False /LocationName:My Second Location /LocationOU:Organization-Name /LocationOULabel:My Organization
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.85https://docs.citrix.com
This document provides a basic guidance for deploying these components to support highly availability and the
solution for disaster recovery based on Windows Server 2012, 2012R2, and SQL Server 2012.
Deploying CloudPortal Services Manager 11.x for highavailability and disaster recovery
Jul 13, 2015
Deploying CloudPortal Services Manager 11.x for high availability and disasterrecovery
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.86https://docs.citrix.com
Deploy services
Jul 22, 2016
Updated: 2014-08-07CloudPortal Services Manager supports a variety of services that service providers can provision to resellers and customers.
Service deployment typically involves the following tasks:
1. Install the service.
2. Configure the service.
3. Provision the service to customers.
4. Provision the service to users.
The installation and configuration steps differ for each service and are described in the topics dedicated to each service.
Service installation
Some services that Services Manager supports require you to install a web service on the server that will be hosting the
service. For example, the Lync Enterprise web service is installed on a Front End Server in your Lync deployment. You can
install these services in one of the following ways:
Install the service using the Setup Tool and specify initial settings using the Configuration Tool
Execute the service's MSI f ile from the command line of the server hosting the service
The following services require a web service to be installed:
ADFS (for use with the Dynamics CRM service)
Citrix XenApp
Hosted Apps and Desktops
Hosted Exchange
Lync Enterprise (2010 & 2013)
Lync 2010 for Hosting
Lync Hosted 2013
MySQL
Office Communication Server 2007
SharePoint 2010 and 2013
Virtual Machine
Windows Web Hosting
When you install and configure a web service, the Services Manager Setup Tool creates the IIS application pools, web
applications, and web sites required for the web service to function. The web site and application files are stored by default
in the C:inetpub directory on the server on which the web service is installed. The following table lists the default application
pools for each service:
Web service name Default name of application pool
ADFS ADFSAppPool
Citrix Citrix Csm Citrix WS
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.87https://docs.citrix.com
Hosted Apps and DesktopsCitrix Csm XenApp AppPoolCitrix Csm XenDesktop AppPool
Hosted Exchange Citrix Csm Exchange WS
Lync Enterprise Citrix Csm Lync WS
Lync 2010 for Hosting Citrix Csm LyncHosted WS
MySQL Citrix Csm MySQL WS
SharePoint 2010 Citrix Csm SharePoint 2010 WS
Virtual Machines Citrix Csm Hyper-V WS
Windows Web Hosting Citrix Csm Web Hosting WS
Some supported services do not require a web service and, therefore, no MSI files are included on the installation media.
The following services require control panel configuration only:
AD Sync
BlackBerry 5
Dynamics CRM
DNS
File Sharing
Mail Archiving
Microsoft SQL Server Hosting
Service configuration overview
Service configuration typically involves the following tasks:
1. Enable the service at the top environment and location levels.
2. Add credentials for accessing the servers and management tools.
3. Add the servers associated with the service.
4. Assign service roles to the servers.
5. Add service connections to establish communication between the servers and CloudPortal Services Manager.
6. Assign servers to a collection, if applicable.
7. Configure the service settings.
About service property settings, credentials, and servers
All services are enabled at both the Top Environment Services level and the Active Directory Location Services level. The
service settings at the top environment level are inherited by all locations configured in Services Manager. Typically, the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.88https://docs.citrix.com
top environment level setting defaults are suff icient and do not require modif ication.
For some services, a customer plan or user plan must be configured before the service is enabled at the location level.
To reset a service setting to the default value, clear the check box for the property and apply the change. The next time
the service settings are opened, the default value for the property appears.
Control access to a property setting by expanding it and setting the Hierarchy Permission.
Credentials that are in use for a specif ic web service connection cannot be deleted. To remove the credentials, you must
first remove the web service connection.
In most cases, server information is retrieved without any action from the service provider. A server that is outside of the
hosting domain must be manually added to the servers list (Conf iguration > System Manager > Servers).
Server connections enable Services Manager to connect with web services that are installed on the servers hosting the
service. If server connections are created for multiple servers hosting a particular web service, Services Manager assigns
primary and secondary status to the server connections for failover.
Server collections group multiple servers for some services, including Citrix XenApp, Microsoft SQL, MySQL, and Windows
Web Hosting Services. If a server collection and its servers should be available to all resellers, enable Automatic resellerselection. If a server collection should be enabled by default to all customers, enable Automatic customer selection.
Services and customer provisioning
After the service is configured, you can provision the service. Service provisioning typically involves the following tasks:
1. Provision the service to the root Service Provider's Reseller service.
2. Provision the service to the customer.
3. Provision the service to the customer's users.
About service provisioning
Re-provision customers after changing customer plans.
A service that is provisioned to customers cannot be disabled at the top environment level until it has been de-
provisioned from all customers and resellers and deleted from the location level.
Apply cost values to service properties
Service providers can apply a cost value to service properties at various levels (service level, customer plan, and user plan)
depending on the type of service. The values are used in monthly billing reports. Pricing values are inherited from the Top
Environment Services level and overridden at the reseller and customer levels.
The Prices properties typically appear at the end of the service, customer plan, and user plan settings. The properties include
a cost price and sales price. Cost price is the minimum price for a user plan. Sales price is the recommended purchase price,
with a recommended value that is equal or greater than the cost price. The Prices properties for the Hosted Exchange
service also include a price per mailbox value that is the unit price for mailbox usage that exceeds the agreed limit for public
folders.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.89https://docs.citrix.com
AD Sync
Jun 05, 2015
Updated: 2014-11-19Deploying the AD Sync service involves the following tasks:
Configure the AD Sync service
Synchronize Exchange contacts and distribution groups in a remote domain
If, after deployment, a customer performs changes that affect the AD Sync service, refer to Re-configure AD Sync for
Customer Changes to perform the required reconfiguration.
For more information about requirements for deploying the AD Sync service, refer to Plan to deploy the AD Sync service.
To configure the AD Sync service
1. Enable the service (top level):
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Expand AD Sync and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services and select a Location Filter, if applicable.
2. Expand AD Sync and then click Save.
3. Enable the service (top reseller level):
1. From the Services Manager menu bar, select Customers > Customer Hierarchy.
2. Under the top reseller node, expand Services and then expand Reseller. The Customer Services page appears.
3. In the service list, select the AD Sync check box and then click Provision.
4. Configure and provision the service to the customer:
1. From the Services Manager menu bar, click Customers.
2. Expand the selected customer and click Services.
3. Expand AD Sync and then click Provision.
To customize the AD Sync client installer
You can customize the following characteristics of the AD Sync client installer for a Services Manager site:
Product settings shown in the Windows Add or Remove Programs or Programs and Features panel. Settings include
name, manufacturer, and links to help and support.
Product name used as the default installation folder, service name, and source name of errors in the Event Log.
Banner and dialog images (.bmp or .jpg) used in the installer. The default sizes of those images are:
Banner (493 x 58 pixels)
Dialog (493 x 312 pixels)
1. Log on to the Services Manager web server and navigate to the [INSTALLDIR]CortexDotNetServicesSync directory.
2. Open sync.config in a text editor and customize the settings as needed. If you change a commented item, remove the
comment markup.
3. After completing the changes, direct your customers to download the AD Sync installer from the Services Manager web
site.
To install the AD Sync client on external domain controllers
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.90https://docs.citrix.com
Install the AD Sync client on every domain controller in the external domain. For more information on preparing thesedomain controllers for AD Sync, see Plan to deploy the AD Sync service.Important: The AD Sync client cannot decrypt users' existing passwords when installed due to Active Directory encryption.After the client is installed, users must change their passwords so the client can synchronize them with Services Manager.1. Log on to an external domain controller and then log on to the Services Manager control panel using the administrator
credentials of the customer just provisioned.
2. Download the AD Sync client installer:
1. From the Services Manager menu bar, select Services > AD Sync > AD Sync Download and then click Download.
2. Click Save to save the AD Sync client installer to a drive location so you can copy it to the other external domain
controllers.
3. Install the client:
1. Run the AD Sync Setup installer, enter the requested password, and then click Next.
2. Specify the User watch frequency, select the following settings, and then click Next:
Watch for changes to contacts
Watch for changes to groups
Watch for changes to users
Important: Perform this step for only one AD Sync client to ensure that duplicate requests are not sent to the
Services Manager API. The domain controller configured to watch for changes synchronizes user and password
changes. The other domain controllers synchronize only password changes.
3. Select the Active Directory user groups to include in AD Sync operations and then click Next twice. When the AD Sync
service detects a USN change, it performs the synchronization only if the user is in an included group. The last USN
value is stored in [INSTALLDIR]QueueSyncActiveDirectory.config.
4. If a proxy server is used in the external domain, enter the information for it. Using a proxy server ensures that domain
controllers are not exposed to the internet.
5. Click Next, choose a location to install the AD Sync client, click Next, and then click Install.
6. Restart the domain controller. The AD Sync service starts.
7. Copy the AD Sync client installer to all other external domain controllers and then repeat Steps 3a - 3g for each
domain controller.
4. Test the AD Sync client:
1. After a domain controller restarts, log on to Services Manager and then click Users to view the user list. The
synchronized users have a small green arrow next to the user icon.
2. To test that the synchronization works for new accounts, create a new user account in the external domain, add it
to a user group that is included in AD Sync operations, change an attribute on the account, and then verify that the
account appears on the Users screen.
To synchronize additional Active Directory attributes
To change the Active Directory attributes included in API requests, edit the request format in [INSTALLDIR]Requests.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.91https://docs.citrix.com
Synchronize Exchange contacts and distributiongroups in a remote domain
Jun 05, 2015
Updated: 2013-04-30You can configure AD Sync to monitor changes to Hosted Exchange contacts and distribution groups that are created in a
remote domain through Services Manager. You can also disable AD Sync for specific contacts and distribution groups so you
can modify them through the control panel.
When a contact or distribution group is created, an object identifier is assigned automatically. For contacts, the identifier is
the objectGUID. For distribution groups, the identifier is the objectSid. The AD Sync client provides these identifiers to
Services Manager, which uses them to display synchronized items in the control panel. By default, these object identifiers
are stored in extensionAttribute12 on the primary domain. If another application is using extensionAttribute12 to store
other values, you can modify the Sync Object Id setting in the Hosted Exchange service settings to specify a different
extension attribute (Configuration > System Manager > Service Deployment > Hosted Exchange > Service Settings,
Customer category, under Extension Attributes).
To enable synchronization for specific contacts and distribution groups
To configure AD Sync to synchronize contacts and distribution groups, you add the contacts and distribution groups youwant to synchronize to appropriate groups that will be included in the AD Sync client's inclusion f ilter. The AD Sync clientmonitors the Windows Event Log for changes to these items and synchronizes the included groups accordingly.Note: When contacts are added or removed, the AD Sync client does not synchronize these changes automatically as theyare not reflected in the Windown Event Log. To ensure changes to contacts are synchronized, you must force the AD Syncclient to synchronize. For more information, see To force synchronization of changes to contacts in Active Directorygroups.
To disable synchronization for specific contacts and distribution groups
Synchronized items such as contacts and distribution groups are displayed in the control panel as read-only items. If youwant to modify a synchronized contact or distribution group, you disable AD Sync for the item and then remove the itemfrom Active Directory group being synchronized. Disabling AD Sync removes the object identif ier from the item's customattribute and makes the item editable.Important: If you disable AD Sync for a contact or distribution group and make changes through the control panel, thosechanges will be lost if you re-enable AD Sync later.1. From the Services Manager menu bar, click Services > Exchange > Contacts or Distribution Groups.
2. Select the contact or distribution group for which you want to disable synchronization.
3. Click Disable AD Sync and then click Close.
4. On the remote domain controller, launch Active Directory Users and Computers and locate the group that contains the
contacts or distribution groups that are no longer being synchronized.
5. Right-click the group and select Properties.
6. On the Members tab, select the contacts or distribution groups you want to remove and click Remove. Click OK.
To re-enable synchronization for specific contacts and distribution groups
1. In the remote domain, locate the object identif ier for the contact or distribution group.
2. On the primary domain, add the object identif ier to the item's Exchange custom attribute.
3. Add the item to the appropriate group that is included in the IncludeGroups setting in the ADSync.exe.config f ile.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.92https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.93https://docs.citrix.com
Re-configure AD Sync for Customer Changes
Jun 05, 2015
Updated: 2013-04-30The following events at a customer site require changes to AD Sync service configuration:
A change has been made to the administrator account for the external domain controllers
A new contact has been added to or removed from a group that is included in AD Sync operations
To re-configure for a new administrator
If the administrator who installed the AD Sync client is no longer available, the new administrator must uninstall the AD
Sync client from all external domain controllers, re-install the client (which will be associated with the new administrator's
account), and restart the domain controllers. The AD Sync service then restarts using the new administrator's account and
synchronize all users on the remote Active Directory domains to Services Manager.
To force synchronization of changes to contacts in Active Directory groups
When a contact is added to or removed from an Active Directory group, the change is not automatically synchronized with
the AD Sync client. To force a synchronization, change a property in the contact. AD Sync detects the change and updates
the include group in Services Manager.
Note: If the contact is a member of a distribution group that is being synchronized, you do not need to force asynchronization. When the AD Sync client synchronizes the distribution group, the contact will be synchronized as well.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.94https://docs.citrix.com
BlackBerry 5
Jun 05, 2015
Updated: 2014-11-19Deploying the BlackBerry 5 service to customers includes the following tasks:
Configure the BlackBerry 5 service
Provision the BlackBerry service
For information about requirements for deploying the BlackBerry 5 service, refer to Plan to deploy the BlackBerry service.
To configure the BlackBerry 5 service
1. Enable the service (top level) and create a default customer plan:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand BlackBerry 5.
2. Click Customer Plans, create a customer plan named Default, click Apply Service, and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.
2. Expand BlackBerry 5 and click Save.
3. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for BES 5.
2. Under Server Connection Components, select BlackBerry 5 API and then click Save.
4. Add credentials for the service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.
2. In the credentials table, click Add.
3. In Username and Password, enter the user name and password for the BlackBerry service account.
4. Leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in the database.
Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use
plain-text credentials only for debugging purposes.
5. In Domain, enter the FQDN of the service account if the service account is an Active Directory account. If the service
account is an internal BES account, enter CortexBESInternal.
5. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the connection.
Server Role
Choose BlackBerry 5 API.
Server
Choose the BES 5 server.
Credentials
Choose the credentials for the BES.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.95https://docs.citrix.com
URL Bases
Defaults to /.
Protocol
Defaults to http.
Port
Defaults to 443. If you change the port here, change it also in the BES.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the
icon in the Test column for the server with the BlackBerry 5 API installed. The icon turns green for a successful
connection. A red icon indicates an unsuccessful connection. Mouse over it for information about the failed
connection.
6. Configure service settings:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
BlackBerry 5.
3. Click Service Settings, update the settings as needed, click Apply changes and then click Save.
7. Configure the customer plan:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment, select Active
Directory Location Services, choose a Location Filter if applicable, expand BlackBerry 5, click Customer Plans, and then
expand the Default customer plan.
2. Select the Instance check box, click Reload if needed to load the BlackBerry instance data, and then select the check
boxes for all applicable instances.
3. Select the IT Policies check box, click Reload if needed to load the BlackBerry policies data, and then select the check
boxes for all applicable policies.
4. Click Apply changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.96https://docs.citrix.com
Provision the BlackBerry service
Jun 05, 2015
To ensure that the BlackBerry service works successfully, the customer and user must be provisioned with the Hosted
Exchange service before they are provisioned with the BlackBerry service.
To provision the BlackBerry service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the BlackBerry service and then select the BlackBerry service name with which to configure the service.
5. Enable the customer plans and user plans that the reseller can sell to its customers.
Note: The plans determine the BlackBerry server that is used to store users' BlackBerry accounts.
6. Click the plan to display the Configure Service Settings page.
7. For user plans, under User Package Limit, enter the maximum number of users that can be provisioned with the selected
user plan.
8. Click Apply Changes to save your changes to the selected plan.
9. Click Apply Changes to save your changes to the BlackBerry service.
10. Click Provision to provision the BlackBerry service to the reseller.
To provision the BlackBerry service to customers
Before provisioning the BlackBerry service, customers must first be provisioned with Hosted Exchange services.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Select the BlackBerry service. The Service Package Configuration page appears.
4. Under Advanced Settings, enable the user plans that the customer can use to provision the service to its users.
5. Click the service access level to display the Configure Service Settings page.
6. Under User Package Limit, enter the maximum number of users that can be provisioned at the selected user plan.
7. Click Apply Changes to save your changes.
8. In Maximum Users, if required, click Enabled and then specify the maximum total number of users that can be provisioned
with the service.
9. In Billing, click Enabled to indicate the service generates charges to the customer.
10. Click Apply Changes to save your changes to the BlackBerry service.
11. Click Provision to provision the BlackBerry service to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.97https://docs.citrix.com
Call Home
Feb 10 , 2017
This topic includes information about the CloudPortal Services Manager Call Home service. You will also find instructions for
deploying, managing and troubleshooting CPSM Call Home service.
What’s new in release 11.5.8 (Cumulative Update 4)
• Additional Data Values: Add service usage and customer Hierarchy data to the call home uploaded package
Known Issues
If daily data upload fails after retrying 3 times, the daily data for this day will not be transmitted again.
In historical data upload, the data is not exactly the same with that in daily data upload. Historical data doesn’t include:
Location Information
Server Information
Web Service Information
CPSM Version Information
Customer Billing Information
In historical data upload, some fields in the data is not precise.
User Information
ServiceAdmin: It is used for marking whether this user is a service administrator.
Customer Service Information
CustomerOnly: It is used for marking whether the service is only for customer.
ResellerService: It is used for marking whether the service is a reseller service
UserService
StatusID: It is used for marking service status. Historical data only shows two kinds of statuses, Provisioned and
Not Provisioned. This status does not include middle status and failed status like Provision In Progress and
Provision Failed.
Documentation and support for CloudPortal Services Manager
CloudPortal Services Manager Discussion Forum: Use this Citrix Discussions site to ask questions and contribute your
knowledge about CloudPortal Services Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.98https://docs.citrix.com
How to deploy and manage CPSM Call Home
Jul 15, 2016
Use the following topics to install and configure Call Home:
Install and configure CPSM Call Home
How to trigger data uploading on demand
Install and configure CPSM Call Home
To install and configure CPSM Call Home, you must have Domain Admin permission. CPSM Call Home can only be installed
in CPSM Web Portal server.
This installation steps assume the Services Manager installer is running under the Domain Admin role.
1. Check Accept the terms of this license agreement to accept the License Agreement.
2. Click Next .
3. Select Call Home Windows Service and click Next4. Click Install.5. Click Next after the installation is complete.
6. Click Conf igure to set CPSM Call Home settings.
7. Uncheck the checkbox if you don’t want to view your customer and user information in the License Usage Insights
Service.
8. Click Next9. If you don’t uncheck View your customer and user information in the License Usage Insights Service, input your Citrix
Account Credential and click Next .
10. Click Next11. Click Finish after the configuration is complete.
You can reconfigure CPSM Call Home by running the Call Home Configuration Tool under Domain Admin role in your Web
Portal server.
How to trigger data upload on demand
Call Home uploads data automatically. Data upload needs to be manually triggered only when troubleshooting.
To trigger daily data upload on demand, perform the following steps:
1. Open Registry Editor.2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\Common3. Modify the value of StartTime as per your requirement using the date format HH:mm:ss
4. Restart CitrixCallHome service.
CPSM Call Home will now upload daily data at the StartTime every day.
To trigger historical data upload on demand, perform the following steps:
1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\.
2. Check the value for HistoryDataUploaded. If the value is 1, modify it to be 0.
3. Set the value of HistoryUploadedStartDay and HistoryUploadedEndDay in the format mm/dd/yy. Call Home will
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.99https://docs.citrix.com
upload data from HistoryUploadedStartDay to HistoryUploadedEndDay.
4. Open Registry Editor and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\Common5. Set HistoryStartTime (format HH:mm:ss) create it if not exist. HistoryStartTime specify the daily start time of
historical upload.
6. Restart CitrixCallHome service.
CPSM Call Home will start to upload historical data at the time specified by HistoryStartTime.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.100https://docs.citrix.com
Common configuration problems and troubleshooting
Jul 15, 2016
Get upload token failed
Symptom: While configuring CPSM Call Home, the configuration fails with the error message “Validate Citrix Username andPassword: Failed” Root cause: The upload token cannot be generated with the credentials used. Solution:
Make sure your network is available.
Make sure your Citrix account credentials are correct.
Install CPSM Call Home service failed
Symptom: The installation of CPSM Call Home service fails with the error message “Install Citrix Call Home Windows
Service: Failed.”
Root cause: CPSM Call Home configuration is unable to copy files to the target folder.
Solution:
Make sure CPSM Call Home configuration runs in the CPSM Web Portal ServerMake sure CPSM Call Home configuration has the Domain Admin permission
CPSM Call Home data upload failed
Symptom: Registry key UploadFailedTimes exists and value is not 0 and increases every day in
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome.
Root cause: CPSM Call Home is unable to upload daily data to Citrix
Solution:
Check the log in C:\Program Files (x86)\Citrix\Cortex\Services\CallHome\CallHomeSvc\log.txt
Other issues
Check whether the CitrixCallHome service is running.
Check the values of the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome.
Checking the values can help identify the cause of the issue
Registry Key Comment
UploadTimes Total daily uploads
UploadFailedTimes Total times daily uploads have failed
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.101https://docs.citrix.com
HistoryDataUploaded
Indicates whether historical upload
was completed. The value is 0 for
incomplete and 1 for completed
uploads.
Check the log in C:\ProgramFiles\(x86)\Citrix\Cortex\Services\CallHome\Conf iguration\log.txt
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.102https://docs.citrix.com
Citrix
Jun 05, 2015
Updated: 2013-02-11For information about requirements for deploying the Citrix service, refer to Plan to deploy the Citrix service.
Deploying the Citrix service to customers includes the following tasks:1. Install the Citrix web service
2. Configure the Citrix service
3. Provision the Citrix service to resellers
4. Provision the Citrix service to customers
After deploying the Citrix service, use the following topics to provide access to resources through the control panel:Create or remove Citrix application groups
Create or remove Citrix resources
Create or remove Citrix application resources
To configure Citrix hosted application settings
To provision applications to multiple users
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.103https://docs.citrix.com
Install the Citrix web service
Jun 05, 2015
Updated: 2014-08-14The Citrix web service is installed on all XenApp servers in your environment that you want to make available for provisioning
hosted apps and desktops to users. You can install the Citrix web service using either the graphical interface of the Services
Manager Setup Tool or through the command line. After the installation process finishes, you can enable the service and
continue configuration through the control panel.
To install the Citrix web service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, and
define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Citrix Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then
click Next.
7. On the Ready to Install page, click Install.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the XenApp Web Service item. The Configuration Tool attempts
to contact the Encryption Service to retrieve the encrypted key. If the service cannot be contacted, the Configuration
Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and export
keyfiles for the Encryption Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was specif ied when the key f ile was generated. Click Next.
12. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account
credentials automatically.
User name: Enter a user name for the Citrix web service account. The default user name is csm_citrix_svc. This f ield is
unavailable when you elect to auto-generate credentials.
Password: Enter a password for the Citrix web service account. This f ield is unavailable when you elect to auto-
generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not
already exist in Active Directory.
Service port: Enter the port used by the Citrix web service. The default port is 8095.
13. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate
configuration page. When the summary contains the settings you want, click Next. The Configuration Tool configures
the Citrix web service and displays progress.
14. Click Finish and then click Exit to close the Configuration Tool.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.104https://docs.citrix.com
To install the Citrix web service from the command line
Before installing the Citrix web service, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the
XenApp server.
The XenApp servers are running supported versions of Citrix XenApp.
You have created the Citrix web service account in Active Directory.
The Citrix web service account is a Citrix administrator with Full Administration permissions on the XenApp servers where
you install the Citrix web service.
The XenApp server allows inbound connections from the Web platform server on the appropriate port. The default port
is 8095.
When you install the Citrix service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the XenApp server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:Citrix. The Setup Tool installs the web service and
returns the command prompt.
4. At the command prompt, enter install-locationServicesCitrixWSConfigurationCitrixServiceConfigConsole.exe and specify
the following properties:
Property Description
/UserName:ctx_svc_acct Impersonation account for the Citrix service. This account must be a Citrix administrator.
/Password:password Password for the Citrix service account.
/ServicePort:port Inbound port to be used/added to the CortexServices web site. Default = 8095
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program
Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesCitrixWSConfigurationCitrixServiceConfigConsole.exe /UserName:ctx_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see
Configure the Citrix service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.105https://docs.citrix.com
Configure the Citrix service
Jun 05, 2015
Updated: 2013-04-18Before configuring the Citrix service, review the following topics and ensure all requirements have been met:
Plan to deploy the Citrix service
Prerequisites for deploying the Citrix service
To configure the Citrix service
1. Enable the service (top level):
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment.
2. Expand Citrix and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
2. Expand Citrix and then click Save.
3. Verify credentials:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.
2. Verify that the administrative impersonation account for the Citrix service exists. If it does not, create the account.
Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when
Services Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.
4. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. If the XenApp server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the server.
2. Under Server Connection Components, select Citrix App and then click Save.
6. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information for the web service.
Server Role
Choose Citrix App.
Server
Choose the XenApp server where the Services Manager Web Service is installed.
Credentials
Choose the credentials for the XenApp server.
Protocol
Defaults to http.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.106https://docs.citrix.com
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds. If a large number of applications are published on the Citrix farm, set this value to
-1 (unlimited).
2. Click Save.
3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the
icon in the Test column for the XenApp server. The icon turns green for a successful connection. A red icon indicates
an unsuccessful connection. Mouse over it for information about the failed connection.
7. Create a server collection: A server collection can be assigned to a customer before applications are installed on the
servers.
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Collections.
2. If the Location Filter appears, select the relevant location from the list.
3. Click New Server Collection.
4. Enter a Name for the collection, such as CitrixFarm01. You cannot change or delete a collection name after
provisioning the server collection to a customer or after saving applications, application groups, or resources on the
server collection.
5. From the Service list, choose Citrix.
6. In the Servers list, select each XenApp server to be managed under this server collection and then click Save.
8. Update service properties as needed: From the main menu, choose Configuration > System Manager > Service
Deployment, select Active Directory Location Services, choose a Location Filter if applicable, expand Citrix, and then click
Service Settings.
To import applications from a XenApp farm to a server collection
1. From the Services Manager menu bar, choose Services > Citrix > Configuration > Citrix Applications, choose a Location (if
applicable), and choose a Server Collection.
2. Change the New Application Settings as needed for the server collection.
Set new applications to 'default' for customer selection – Select this option to automatically select it for provisioning
to customers and users. You can override this setting at the reseller level.
Make new applications public to all customers – Select this option to provision all new applications for public access.
Generate missing application groups – Select this option to automatically create a security group in Active Directory
for applications. The application group name is in the form of CitrixApp {DatabaseID} or CitrixApp {Name}, based on
the Application Group Name service setting.
3. Click Refresh to start the import operation.
4. If a timeout occurs during the import operation, change the Timeout value on the connection (Configuration > System
Manager > Server Connections).
5. Repeat steps 1 - 3 for each server collection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.107https://docs.citrix.com
Provision the Citrix service to resellers
Jun 05, 2015
To provision the Citrix service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Citrix service check box and then click the Citrix service name. The Reseller Service Setup page appears.
5. Select the server collection that the reseller can use to offer resources to customers.
6. Enable or disable the application groups, applications, and resources the reseller can offer to customers.
Note: If more than one server collection is available, you can select resources from these collections for the reseller.
After you make selections from one collection, select another collection and make additional resource selections.
7. Under User Plan, ensure Full is selected.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Citrix services to customers.
To enable resellers to offer resources from specified collections
By default, a reseller provisioned with the Citrix service can offer to a customer resources available on all configured Citrix
server collections. However, service providers can limit these offerings by specifying the collections available to resellers
when provisioning the Citrix service.
1. From the Services Manager menu bar, click Customers and select the reseller or customer for whom you want to
provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Click the Citrix service name. The Reseller Service Setup page appears.
5. Click Service Settings. The Configure Service Settings page appears.
6. Select the Server Collections check box to enable setting changes.
7. Clear the Use all server collections check box and then select the server collections to make available to the reseller.
8. Click Apply Changes to save your selections.
9. Click Apply Changes to save your changes to the Citrix service offering.
Note: To verify your changes, click Citrix to view the Reseller Service Setup page. If you specif ied only one server
collection for the reseller, only the collection's resources appear. If you specif ied more than one server collection, only
those you specif ied appear in the Server Collections box.
10. Click Provision to update the Reseller service with your changes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.108https://docs.citrix.com
To provision the Citrix service to customers
Jun 05, 2015
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Citrix service name. The Grant access to Citrix applications page appears.
4. Select the server collection that the customer can use to access resources.
Note: If only one server collection is available, only the collection's resources appear. If multiple server collections are
available, you can configure only one collection for the customer.
5. Select the application groups, applications, and resources that the customer can access.
6. Click Provision to enable the customer to provision Citrix services to users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.109https://docs.citrix.com
Create or remove Citrix application groups
Jun 05, 2015
An application group is a collection of hosted applications, other application groups, and resources. With application groups,you can provision multiple applications and resources to customers quickly and eff iciently.You can also enable customers to create their own application groups that include the applications and resources that are
available to them. To use this feature, the customer must have a user with Citrix Service Administrator permissions, at a
minimum.
To create an application group
Before you create application groups, ensure there is a server collection configured that hosts the applications and
resources you want to include in the group.
When creating an application group, you have the option to make the group available to all customers (public group) or
make the group available to a specific customer (private group). If you choose to make the group private, be sure to click
Save & Reload. When you click Save & Reload, the group is assigned to the customer and all of the customer's private
applications and resources are available for inclusion. To modify this assignment, you first deprovision the Citrix service for
the customer through the Customer Services page. Then, you can modify the application group to assign it to a different
customer or make the group public. After you modify the application group, you can reprovision the Citrix service for the
customer.
When you assign an application group to a specific customer, you can include the group only in other application groups
that are assigned to the same customer.
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.
2. Under Citrix Server Filter, select the location and server collection you want to use for the application group. Any existing
application groups configured for the server collection appear.
3. Under Group Management, click New Application Group.
4. Type the name and description of the new group.
5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is
provisioned to customers.
6. In Access, configure the application group's availability by performing one of the following actions:
To make the application group available to all customers, select the Public Group check box.
To make the application group available to one specif ic customer, clear the Public Group check box and enter the
name of the customer you want to assign.
Note: If you make the application group private, click Save & Reload to create the group and view the customer's
other private application groups or resources. You can then include these items in the group.
7. In Directory Resource, choose one of the following options:
Generate creates and names a security group automatically (e.g., CitrixGrp 3).
Search enables you to f ind and select an existing security group within the domain.
Custom enables you to create a new security group with a unique name you specify.
8. Under Applications, select the hosted applications you want to include in the group.
9. Under Groups, select other available application groups you want to include.
10. Under Resources, select the network resources you want to include in the group.
11. In Publish, select Enabled to make the application group visible to customers.
12. Click Save to create the application group.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.110https://docs.citrix.com
To delete an application group
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.
2. Select the application group you want to remove.
3. Under Manage Application Groups, click Delete and then click OK to confirm. The option to delete the corresponding
Active Directory object appears.
4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory
check box selected. To keep the Active Directory object, clear this check box.
5. Click Delete to remove the application group. The application group entry and Active Directory object, if selected, are
removed.
To create a customer-level application group
1. From the Services Manager menu bar, click Services > Citrix > Customer Application Groups.
2. Under Customer Management, search for and select the customer for whom you want to create the application group.
3. Under Group Management, click New Application Group.
4. Type the name and description of the new group.
5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is
provisioned to the customer's users.
6. Under Applications, select the application resources and hosted applications you want to include in the group.
7. Under Groups, select other available application groups you want to include.
8. Under Resources, select the network resources you want to include in the group.
9. Click Save to create the application group.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.111https://docs.citrix.com
Create or remove Citrix resources
Jun 05, 2015
To create a resource
When creating a resource, you have the option to make the resource available to all customers (public resource) or make
the resource available to a specific customer (private resource). If you choose to make the resource private, the resource is
assigned only to the customer you specify and can be included in application groups only for the same customer. To modify
this assignment, you first deprovision the Citrix service for the customer through the Customer Services page. Then, you can
modify the resource to assign it to a different customer or make the resource public. After you modify the resource, you
can reprovision the Citrix service for the customer.
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.
2. Under Citrix Server Filter, select the location and server collection you want to use for the resource. Any existing
resources configured for the server collection appear.
3. Under Management, click New Resource.
4. Type the name and description of the new resource
5. In Allocation, select the Default Resource check box to include the resource in the Citrix services package that is
provisioned to customers.
6. In Access, configure the resource's availability by performing one of the following actions:
To make the resource available to all customers, select the Public Group check box.
To make the resource available to one specif ic customer, clear the Public Group check box and enter the name of the
customer you want to assign.
7. In Directory Resource, choose one of the following options:
Generate creates and names a security group automatically (e.g., CitrixGrp 3).
Search enables you to f ind and select an existing security group within the domain.
Custom enables you to create a new security group with a unique name you specify.
8. In Publish, select Enabled to make the application group visible to customers.
9. Click Save to create the application group.
To delete a resource
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.
2. Select the resource you want to remove.
3. Under Manage Resources, click Delete and then click OK to confirm. The option to delete the corresponding Active
Directory object appears.
4. To remove the corresponding Active Directory object, leave the Delete the resource group from Active Directory check
box selected. To keep the Active Directory object, clear this check box.
5. Click Delete to remove the resource. The resource entry and Active Directory object, if selected, are removed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.112https://docs.citrix.com
Create or remove Citrix application resources
Jun 05, 2015
To create an application resource
Before you create applications, ensure there is a server collection configured that hosts the resource.
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.
2. Under Management, click New Application.
3. Type the name and description for the application.
4. In Allocation, select the Default Application check box to include the application in the Citrix services package that is
provisioned to customers.
5. In Access, configure the application's availability by performing one of the following actions:
To make the application available to all customers, select the Public Group check box.
To make the application available to one specif ic customer, clear the Public Group check box and enter the name of
the customer you want to assign.
6. In Directory Resource, choose one of the following options:
Generate creates and names a security group automatically (e.g., CitrixRes 3).
Search enables you to f ind and select an existing security group within the domain.
Custom enables you to create a new security group with a unique name you specify.
7. In Publish, select Enabled to make the application visible to customers.
8. Click Save to create the application.
To delete an application resource
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.
2. Select the application you want to remove.
3. In Manage Applications, click Delete and then click OK to confirm. The option to delete the corresponding Active
Directory object appears.
4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory
check box selected. To keep the Active Directory object, clear this check box.
5. Click Delete to remove the application. The application entry and Active Directory object, if selected, are removed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.113https://docs.citrix.com
To configure Citrix hosted application settings
Jun 05, 2015
To enable Services Manager to discover the hosted applications in your environment, you configure a server collection thatincludes the XenApp servers where the applications reside. After the server collection is created, you can use the CitrixApplications page to configure the global settings for each application.1. From the Services Manager menu bar, click Services > Citrix > Configuration > Citrix Applications.
2. Under Citrix Server Filter, select the location and server collection you want to use. All hosted applications configured for
the server collection appear.
Note: Click Refresh to ensure you are viewing all available hosted applications.
3. Under Configured Applications, select the hosted application whose settings you want to configure.
4. Under Manage Application Settings, select one of the following options to create an Active Directory group:
Generate creates and names a security group automatically (e.g., CitrixApp 3).
Custom enables you to create a new security group with a unique name you specify.
5. In Allocation, select the Default Application check box to include the hosted application in the Citrix services package
that is provisioned to customers.
6. In Access, configure the hosted application's availability by performing one of the following actions:
To make the hosted application available to all customers, select the Public Application check box.
To make the resource available to one specif ic customer, clear the Public Application check box and enter the name
of the customer you want to assign.
Note: If you make the hosted application available to one specif ic customer, the application can be added only to
application groups that belong to the same customer.
7. In Publish, select Enabled to make the hosted application visible to customers.
8. Click Save to create the Active Directory group and save your selections.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.114https://docs.citrix.com
To provision applications to multiple users
Jun 05, 2015
With Citrix application access, you can provision an application, resource, or application group to multiple users with a singleprovisioning request.To use application access, the Citrix service must be provisioned to the customer to whom the users belong. Additionally,
resellers who want to provision multiple users of sub-customers must have the Citrix service provisioned.
1. From the Services Manager menu bar, click Customers and select a customer for whom you want to provision
applications.
2. In Customer Functions, click Services. This ensures the customer is selected.
3. From the Services Manager menu bar, click Services > Citrix > Application Access.
4. In Type, select the type of application or resource you want to provision.
5. Select the application or resource you want to provision.
6. Under Citrix Application Management, select the users you want to provision.
7. Click Provision to send provisioning requests for all users selected. The selected users are added to the Active Directory
group for the application or resource.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.115https://docs.citrix.com
DNS
Jun 05, 2015
Updated: 2013-04-251. Enable the service (top environment level):
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and then expand
DNS.
2. Click Save.
2. Enable the service (location level):
1. Under Service Filter, choose Active Directory Location Services.
2. If applicable, choose a Location Filter and then expand DNS.
3. Click Save.
3. Add the credentials for the DNS service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials. The Credentials
Overview page appears.
2. In the credentials table, click Add.
3. In Username and Password, enter the user name and password of the service account.
4. Leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in the database.
Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use
plain-text credentials only for debugging purposes.
5. In Domain, enter the FQDN of the service account.
4. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. If the DNS server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles to each DNS server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles.
2. If applicable, choose a Location Filter and then expand the entry for a server that will host the DNS zones.
3. Under Server Roles, select DNS, and then click Save. The DNS role is used for both Windows DNS and BIND DNS.
6. Update service settings as needed:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment.
2. Select Active Directory Location Services and choose a Location Filter, if applicable.
3. Expand DNS and then click Service Settings.
4. Configure the following required settings:
DNS Credentials
Required fully qualif ied credentials that have read and write access to the DNS server.
Is Server 2008 Provisioning
Select the check box if the DNS server uses Windows Server 2008, 2008 R2, or 2012 for provisioning.
Primary DNS Server
Choose the server that hosts the DNS service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.116https://docs.citrix.com
(Optional) Secondary DNS Server
Select the check box for each secondary DNS server to be used. All secondary servers regularly perform zone
transfers from the primary server to provide redundancy and load balancing.
SOA Responsible Person
Enter the email address of the person responsible for administering the domain's Start of Authority (SOA) record.
Update Method
Choose WMI (Windows) or UNIX (BIND).
Zone Credentials
Choose the fully qualif ied credentials for managing DNS zones.
7. To verify the configuration, provision the DNS service to a customer and then go to Services > DNS > DNS Records to
create test records. The service is working correctly if no errors occur during record creation.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.117https://docs.citrix.com
To provision the DNS service to customers
Jun 05, 2015
Updated: 2013-02-251. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision DNS services.
3. In the services list, select DNS. The service configuration page appears. Domains that have been entered in the
customer's Domain Management section appear under Available Domains.
4. To add a new domain as a DNS zone, under Add Domain, enter the domain and click Add Domain. The domain appears in
a table under DNS Zones. You can add only one domain in this manner. If you enter another domain, the newly entered
domain replaces the previously entered domain in the DNS Zones table.
5. To add an existing domain as a DNS zone, under Available Domains, select the check box of the domain you want to add
and then click Add Zone. The domain appears in the DNS Zones table.
6. Click Provision. The Forward Lookup Zones folder on the DNS server is updated with the defined zones. Each zone has
the following records attached:
Start of Authority (SOA) record
Name of Server (NS) record
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.118https://docs.citrix.com
Create DNS zones and records
Jun 05, 2015
Updated: 2013-02-04
To create DNS subzones
DNS zones are created when customers are initially provisioned with DNS services. Additional zones are created when
domains are added to the DNS service. Customers with DNS Service Administrator permissions can create DNS subzones to
which they can also add DNS records.
1. From the Services Manager menu bar, click Services > DNS > DNS Records.
2. Under Zone Management, enter the name of the new subzone and then select the zone to which it belongs.
3. Click New Sub-Zone. When the DSN page refreshes, the new subzone appears under DNS Filter, in the Zone drop-down
box.
To create DNS records
When you create a DNS record, only the Time to Live (TTL) setting can be modified. To change other record settings, you
must first deprovision the record. When you have finished making changes, you provision the record again.
1. From the Services Manager menu bar, click Services > DNS > DNS Records.
2. Under DNS Filter, perform the following actions:
1. In Zone, select the DNS zone to which you want to add the new record.
2. In Type, select the type of DNS record you want to create.
3. Under DNS Management, click New DNS Entry. The DNS Record screen appears.
4. Enter the record details and then click Provision to create the record.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.119https://docs.citrix.com
To create DNS templates
Jun 05, 2015
DNS templates define the DNS records that are created when a customer domain is added or a service is provisioned to the
customer's account.
Templates can be created at any level in the customer hierarchy. Templates can also be overridden. For example, a Service
Provider has five domain templates configured. For Reseller A, two new templates are created at the reseller level. When
Reseller A provisions a customer, the Service Provider templates will be ignored and the two reseller templates will be
configured for the customer.
If you delete a DNS template, the template is not used for new domains or services that are provisioned to a customer.
However, existing customers' DNS records that were generated with the template are not removed. You can remove these
records manually through the DNS Records menu item.
By default, only the Service Provider Administrator role has permission to manage DNS templates. To enable this permission
for other security roles, click Security > Security Roles from the Services Manager menu bar and then select a security role.
Ensure the security role is a member of the DNS Service Administrator role group. The DNS Templates permission is located
on the Menus tab, under Services > DNS
1. From the Services Manager menu bar, click Services > DNS > DNS Templates. The DNS Overview page displays all the
templates that have been created for the selected customer.
2. Under DNS Management, click New DNS Template.
3. In Template Service, select the service for which the template is being configured. When the service is provisioned to the
customer, the DNS template is created. Leave this f ield blank if the template is created when a domain is added to the
customer.
4. In Record Type, select a record type and configure the options that are created when the DNS record is created. A
default {Domain} value is displayed for all DNS templates. This value refers to the customer's domain.
5. Click Save to create the template. The new template appears in the DNS template table.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.120https://docs.citrix.com
Dynamics CRM
Jul 22, 2016
Updated: 2013-04-03
To Deploy the Dynamics CRM – ADFS Web Service
1. On the Select Deployment Task page, select Add Services & Locations.
2. On the Add Services & Locations page, select Install Services.
3. Accept the License Agreement and then click Next .
4. On the Select Web Services page, select ADFS Web Service and then click Next .
5. On the Ready to Install page, click Install. The Deploying Server Roles page displays the installation progress.
6. After the installation f inishes, click Finish.
7. On the Installed Services page, click Conf igure next to the ADFS web service list item. The Configuration Tool checks
to ensure the prerequisites are present on the ADFS server.
8. On the Create Service Account page, enter the following information and then click Next :
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account
credentials automatically.
User name: Enter a user name for the ADFS web service account. The default user name is csm_adfs_svc. This f ield
is unavailable when you elect to auto-generate credentials.
Password: Enter a password for the ADFS web service account. This f ield is unavailable when you elect to auto-
generate credentials.
Create if doesn't exist : Leave this check box selected to allow the web service account to be created if it does not
already exist in Active Directory.
9. On the Prepare CRM 2011 page, select Integrate with Microsoft Dynamics CRM 2011 to connect Services Manager
to an existing CRM 2011 deployment. Click Next .
10. On the Specify CRM Service Accounts page, enter the following information and then click Next :
Asynchronous Processing service: Enter the account used for running the Microsoft CRM Asynchronous Processing
service.
Deployment service: Enter the account used for the CRM Deployment Service application pool.
11. On the Specify CRM Deployment Administrators Group, enter the name of the CRM 2011 Deployment
Administrators group in Active Directory. Typically, this group is created when you deploy CRM2011. Click Next .
12. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate
configuration page. When the summary contains the settings you want, click Next . The Configuration Tool configures
the ADFS web service and displays progress.
13. Click Finish and then click Exit to close the Configuration Tool.
14. To verify the web service is installed correctly, launch a web browser and enter the URL of the ADFSWebService.asmx f ile
in the address bar. For example, https://fqdn.cpsm.citrix.com/adfs/ls/ADFSWebService.asmx. The URL returns
the ADFSService definition page.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.121https://docs.citrix.com
To configure the Dynamics CRM service
Jul 22, 2016
Updated: 2014-11-19Step 1: Enable the service (top level) and create user and customer plans
1. From the Services Manager menu bar, select Conf iguration > System Manager > Service Deployment and then
expand Customer Relationship Management .
2. Click Customer Plans, create a customer plan, click Create, and then click Save.
Step 2: Enable the service (location level)
1. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.
2. Expand Customer Relationship Management and then click Save.
Step 3: Verify credentials
1. From the Services Manager menu bar, select Conf iguration > System Manager > Credentials.
2. Verify that the service account for the Dynamics CRM service exists (this is the Deployment Administrator). If it does not,
create the account.
Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services
Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.
Step 4: Enable the server
1. From the Services Manager menu bar, select Conf iguration > System Manager > Servers.
2. If the server that hosts CRM is not listed, click Refresh Server List .
3. Expand the entry for the server and verify that Server Enabled is selected.
Step 5: Assign CRM server roles
1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Roles and then expand the
entry for the CRM server.
2. Under Server Connection Components, select Dynamics CRM Deployment and Dynamics CRM Discovery.
3. Under Server Roles, select Dynamics CRM Application Server and then click Save.
4. Expand the entry for the server which is configured in CRM as the SQL content database.
5. Under Server Roles, select Dynamics CRM SQL Server and then click Save.
Step 6: Assign ADFS server roles (If ADFS is being used)
1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Roles, then expand the entry
for the server hosting the ADFS web service
2. Under Server Connection Components, select ADFS and click Save.
Step 7: Add the CRM server connections.
1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Connections, select a
Location Filter if applicable. Then, for the Dynamics CRM Deployment and the Dynamics CRM Discovery Server roles
click New Connection, and then specify the following information:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.122https://docs.citrix.com
Note: There should be two Dynamics CRM Web Services configured.
Server Role Choose Dynamics CRM Deployment or Dynamics CRM Discovery.
Server Choose the CRM server.
Credentials Choose the credentials for the CRM Deployment Administrator.
URL BaseDefaults to /XRMDeployment/2011/Deployment.svcand /XRMServices/2011/Discovery.svc.
Protocol Defaults to https.
Port Defaults to 446. This should match the CRM Web Site Bindings on the CRM Server.
T imeout Defaults to 200000 milliseconds.
2. Click Save.
3. From the Services Manager menu bar, select Configuration > System Manager > Server Connections and then
click the icon in the Test column for both of the new Server connections. The icon turns green for a successful connection.
A red icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.
Step 8: Add the ADFS server connection
1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Connections, select a
Location Filter if applicable, then click New Connection, and then specify the following information:
Server Role Choose ADFS.
Server Choose the server hosting the ADFS web service.
Credentials Choose the credentials for the ADFS web service.
URL Base Defaults to /adfs/ls/ADFSWebService.asmx.
Protocol Defaults to https.
Port Defaults to 443. This should match the ADFS Web Service bindings.
Timeout Defaults to 200000 milliseconds.
2. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.123https://docs.citrix.com
Step 9: Update service settings as needed
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment, select Active
Directory Location Services, and then choose a Location Filter if applicable.
2. Expand Customer Relationship Management and then click Service Settings.
3. Configure the following required settings:
Default Currency Code Set to an applicable currency code for your location.
Language Code Set to an applicable language code for your location.
Step 10: Click Apply Changes.
Step 11: Update Customer Plans as needed.
1. With Active Directory Location Services still selected, expand Customer Relationship Management , click CustomerPlans, and then expand a plan.
2. Configure the following required settings:
ADFS Account (if ADFS isin use)
Set to the name of the ADFS service account. This is used to provide ADFS access to theusers OU for validating credentials.
ADFS Party Trust (ifADFS is in use)
Set to the name of the ADFS Relying Party Trust.
CRM Servers Select the Server or Servers applicable for this Customer Plan.
Is IFD Enabled If ADFS is being used, this must be checked, otherwise it cannot be checked.
Report Server SRS URL Enter the URL for the Report Server.
SQL Server Select the Content database SQL Server.
User Login URLThis is an informational URL so that the user knows where to login to their CRM Sitewhen they are provided access.
Step 12: Click Apply Changes, then Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.124https://docs.citrix.com
Provision the Dynamics CRM service
Jul 22, 2016
To provision the Dynamics CRM service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.4. Select the Customer Relationship Management check box and then click the service name. The Reseller Service
Setup page appears.
5. Select the customer plans that the reseller can offer to customers.
Note: The customer plans selected determine the CRM servers that are allocated to the reseller for provisioning
customers. Because Customer Plans are used to configure the CRM Servers to provision to (among other properties), use
customer plans to configure different versions of CRM to offer to customers.
6. To customize the customer plan, click the plan name to display the Conf igure Service Settings page and make the
appropriate changes.
Note: Changes you make to the customer plan are applied to all customers within this Reseller subsequently provisioned
with the plan.
7. Click Apply Changes to save your changes to the customer plan.
8. Click Apply Changes to save your changes to the service.
9. Click Provision to enable the reseller to offer the CRM service to customers.
To provision the Dynamics CRM service to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision
services.
2. Select Services. The Customer Services page appears.
3. Click Customer Relationship Management to create an instance. Enter an instance name and a display name and then
click Create. The Instance Setup page appears.
4. Under Service Conf iguration, select the customer plan to provision to the customer.
Note: The customer plan determines the servers on which the customer's user data is stored and how Services Manager
sets up the database. The plan selection also determines any additional service options that require configuration before
the service can be provisioned to customers.
5. Under CRM Conf iguration, perform the following actions:
1. In CRM Server, select the CRM server that hosts the customer's instance.
2. Ensure the following settings are selected and that the correct values have been entered:
SQL CollationCurrency CodeCurrency NameCurrency Symbol
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.125https://docs.citrix.com
Currency Precision
The Currency Code setting cannot be changed after the CRM service is provisioned to the customer.
6. Click Provision to provision the customer with the CRM service.
To import CRM organizations created outside Services Manager
The CRM Import Tool for Dynamics CRM enables service providers to import CRM organizations that were not initially
created through Services Manager. Service providers can link the organization to a customer in Services Manager and, where
possible, match the organization's users to the domain user ID of the customer's users in Services Manager.
1. From the Services Manager menu bar, click Services > Dynamics CRM > CRM Import . The CRM Customer Allocationpage displays a list of the organizations configured on the CRM server. If an organization is allocated to a customer, the
customer's name appears in the list.
2. Select the CRM organization you want to import. The Customer Import Manager page displays.
3. Under Customer Details, perform the following actions:
1. In CRM Description, enter the name of the CRM site.
2. In Customer Search, enter the name of the CRM customer you want to import and select the customer name.
4. Click Provision. The Customer Import Manager page displays a table of the users that match the domain user IDs of
the customer's CRM users. By default, these users are selected for provisioning.
5. Click Provision Users to provision the selected users with the CRM service. Services Manager updates the selected users'
services with the provisioned CRM organization.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.126https://docs.citrix.com
File Sharing
Jun 05, 2015
Updated: 2013-05-071. Enable the service at the top environment level and create a default customer plan:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and
2. Expand File Sharing and then click Customer Plans.
3. Under New Customer Plan, in Name, type Default.
4. Click Create. Services Manager creates the customer plan and then displays the service settings.
5. In File Share Path, enter the path of the f ile share you wish to use.
Note: If the specif ied path does not exist, Services Manager can create it, provided it has permissions on the specif ied
server. Otherwise, be sure the path exists before configuring the customer plan.
6. Click Apply Changes.
7. Click Save.
2. Enable the service at the location level:
1. On the Service Deployment page, under Service Filter, select Active Directory Location Services, and then choose a
Location Filter if applicable.
2. Expand File Sharing and then click Save.
3. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the server hosting the File Sharing service.
2. Under Server Roles, select File Sharing and then click Save.
4. Create a server collection:
1. From the Services Manager menu bar, select Configuration > System Manager > Server Collections.
2. Click New Server Collection and complete the following f ields:
In Name, enter a unique name for the server collection.
In Display Label, enter a friendly name for the server collection.
In Service, select File Sharing.
In Servers, select the servers that you want to add to the collection.
Select Automatic reseller selection if you want to make the collection the default for resellers that are provisioned
with the service.
Select Automatic customer selection if you want to make the collection the default for customers that are
provisioned with the service.
3. Click Save.
5. Enable the server collection for the customer plan:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services, and then choose a Location Filter if applicable.
3. Expand the File Sharing service, click Customer Plans, and then expand the Default plan.
4. Under Configure Service Settings, select File Share Servers, and then select the servers you want customers to use
when they are provisioned with the Default plan.
5. Click Apply Changes and then click Save.
After you configure the File Sharing service, you can provision the service to customers. For more information, see Provision
the File Sharing service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.127https://docs.citrix.com
Provision the File Sharing service
Jun 05, 2015
Updated: 2013-02-05
To provision file sharing to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the File Sharing service check box and then click the File Sharing service name. The Reseller Service Setup page
appears.
5. In the User Plan table, enable any of the following service access levels:
Full allows users to read, modify, and delete f iles.
Read includes List permissions and allows users to traverse folders and run program files.
List allows users to view file and subfolder names, read data in the f iles, and to view file and folder attributes, including
extended attributes.
6. In the Customer Plan table, enable the plans that the reseller can offer to customers.
7. Under Resource Configuration, in Disk Limit, enter the maximum amount of storage in megabytes (MB) to allocate to the
reseller.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer the service to customers.
To provision file sharing to customers
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision File Sharing services.
3. In the services list, select File Sharing. The Service Plan Configuration page appears.
4. In Customer Plan, select the plan with which to provision the customer. To customize the plan, click Edit.
5. In File Share Server, select the server hosting the customer's f ile share directory.
Note: This f ield appears when the selected customer plan does not have the Automatic Server Selection property
enabled and has more than one server configured. If the selected package has this property enabled, this f ield does not
appear and a f ile server is chosen automatically when the File Sharing service is provisioned to the customer.
6. To customize the storage limit for the customer, under Resource Configuration, clear the Auto select package resource
limits check box and, in Disk Limit, enter a new value.
7. Click Advanced Settings and perform the following actions:
1. Under User Plans, select the check box for each service access level to which the customer can assign users.
2. To limit the number of users the customer can provision, under Maximum Users, select the Enabled check box and
enter the number of users allowed.
3. To ensure the service generates charges to the customer when provisioned, under Billing, ensure the Enabled check
box is selected.
8. Click Provision to save your selections and provision the service to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.128https://docs.citrix.com
Manage folders for the File Sharing service
Jun 05, 2015
Updated: 2013-02-05
To create a subfolder in the file sharing directory
1. From the Services Manager menu bar, click Services > File Sharing Manager.
2. In the Folders pane, select the folder under which you want to create the subfolder.
3. On the Folders tab, in New Directory, enter the name of the subfolder you want to create.
4. Click Create. The new subfolder appears in the Folders pane.
To assign folder permissions to users
1. From the Services Manager menu bar, click Services > File Sharing Manager.
2. In the Folders pane, select the folder for which you want to assign permissions.
3. On the Permissions tab, search for the user or security group to whom you want to assign folder permissions. After
locating the user, click Add. The user appears in the Members table.
4. From the Members table, select the users to whom you want to assign folder permissions and click Manage Permissions.
5. Under Permissions, select the permission level you want to assign and click Save.
6. To apply the permissions only to the selected folder, clear the Apply the permissions to subfolders and f iles check box.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.129https://docs.citrix.com
Hosted Apps and Desktops
Jul 19, 2016
Updated: 2014-11-20The Hosted Apps and Desktops service for Services Manager delivers applications, desktops, and resources either directly
from XenApp farms and XenDesktop sites, or from farms and sites that are managed by Citrix App Orchestration.
Deploying the Hosted Apps and Desktop service includes the following tasks:Install the Hosted Apps and Desktops web service
Configure the Hosted Apps and Desktops service
Configure Hosted Apps and Desktops offerings
Provision the Hosted Apps and Desktops service
You can install the web service on a XenApp or XenDesktop Controller or on an App Orchestration configuration server
using the Services Manager Setup Tool or from the command line.
For more information about the requirements for deploying the service, review the information in Plan to deploy the
Hosted Apps and Desktops service.
What’s new in Version 11.5.6
CloudPortal Services Manager now includes even more support for provisioning and managing app and desktop offerings at
scale across multiple tenants, managing multiple sites and support for the latest XenApp and XenDesktop versions.
Latest XenDesktop version support : �Simplify management of application and desktop service offerings across
multiple versions including XenDesktop 7.9. Take advantage of new XenApp and XenDesktop features by adding or
updating existing sites to the latest version.
Support for multiple delivery sites:� Manage the delivery of desktop and application offerings eff iciently at scale
across multiple XenApp and XenDesktop sites. This release provides new functionality and UI to manage multiple XenApp
and XenDesktop sites within a single location or domain – including support for multiple XenApp and XenDesktop
versions and App Orchestration 2.6. The new site management UI displays the details for each site as well as the
configured offerings and customer relationships.
Version co-existence and upgrade via migration: The new features in this release allow for upgrades by way of
migration for service providers wanting to host services on the latest XenApp and XenDesktop releases. Choose to
upgrade sites in place or migrate offerings to newly deployed sites to de-risk upgrade scenarios and ensure continuity of
services.
Delivery group management :� In this release, the Hosted Apps and Desktop Service has surfaced the XenApp and
XenDesktop delivery group concepts in a newly added interface. This addition clarif ies how Hosted Apps and Desktops
offering assignment and provisioning maps into the underlying site configuration. This addition simplif ies tenant isolation
for service providers managing shared or private offerings.
Performance optimization:� Speed management of app and desktop services with faster and more responsive UIs.
New performance optimizations for offering management and provisioning allow service providers to quickly move
between UIs without delay. Newly added discovery actions allow for UIs to load existing customer and service data
quickly and discover new offerings and delivery groups on demand when needed.
Detailed usage tracking and insight : �Find improved usability throughout the service that allows service providers to
quickly identify which tenants are using each site, delivery group and offering. This release provides quickly accessible
context into who’s using what, thereby simplifying and speeding up management and support tasks.
Offering discovery and removal of _Offer_ pref ix requirement : In this release, it is no longer required to add the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.130https://docs.citrix.com
_Offer_ prefixes for XenApp and XenDesktop delivery groups and applications to be discovered by the service. This
release uses a new offering discovery process to surface apps and desktops published on XenApp and XenDesktop sites
– allowing the underlying delivery groups and applications to be named as the service provider chooses.
Simplif ied delivery group isolation: New simplif ied app and desktop onboarding makes it easier to introduce new
delivery groups and assign them to a specif ic tenant. In this version, the Hosted Apps and Desktops service will no longer
clone or replicate delivery groups during provisioning. All delivery groups are created outside of CPSM by the service
provider then discovered and assigned in the Hosted Apps and Desktops service.
Backwards compatibility with previous version: In this version, legacy XenApp and XenDesktop offerings that use
the _Offer_ prefix as well as App Orchestration 2.6 are supported after the upgrade.
What's new in Version 11.5.3
Multi-User service provisioning and offering management :
Manage delivery of desktop and application offerings eff iciently at scale. This release enables bulk user provisioning and
deprovisioning of services. In a single operation across multiple users, offerings can be added or removed, or a f ixed set of
offerings can be applied to users.
Backup datacenter support :
Deliver highly available and disaster-tolerant app and desktop services using the multi-datacenter design of Citrix App
Orchestration. Provide a tenant-level backup datacenter property set during service provisioning. Downstream
automation and orchestration technology helps ensure appropriate app and desktop delivery infrastructure is deployed
in primary and backup datacenters.
High-Availability and disaster recovery guidance:
Maintain core portal capabilities to ensure onboarding, reporting, provisioning remain online. Continue leveraging user
management and service provisioning capabilities during disaster plan execution. Ensure customer self-service and help
desk teams continue operations. Limit manual touch and out of band configuration when reacting to datacenter
outages
XenDesktop 7.6 application folder support :
Simplify management of application and desktop service offerings using XenDesktop 7.6 application folders. Define
service offerings residing in application folders to design and organize a back-end delivery infrastructure that simplif ies
management of multi-tenant design.
Increased quality and resiliency:
Find improved service resiliency and reliability when provisioning in multi-domain requirements, more eff icient delivery of
private tenant offerings and additional support for highly configurable automated provisioning.
Known Issues
When creating a delivery group or any application in XenDesktop, XenApp or App Orchestration, the usage of excessively
long names leads to the failure of provisioning offerings to customers.
This new release of Hosted Apps and Desktops Service only supports multiple XenDesktop sites along with an optional
single XenApp and single App Orchestration backend. This new release does not support multiple XenApp deployments or
multiple App Orchestration deployments. The deployments, in this scenario, refer to the server connections in
CloudPortal Services Manager. For example, you can not create multiple server connections for XenApp or for App
Orchestration in CloudPortal Services Manager.
It is recommended to wait until a workflow is completed while subscribing or unsubscribing customers from App
Orchestration offerings. Failure to do so may lead to errors in the connection to that particular tenant in CloudPortal
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.131https://docs.citrix.com
Services Manager.
When you upgrade the web service on web service servers without uninstalling the previous version of Hosted Apps and
Desktops web service in advance, you need to launch the Hosted Apps and Desktops Conf iguration Tool to
complete the configuration.
Duplication of XenApp applications in XenApp farm is not supported. This is to prevent the duplicated offering from
sharing the same CitrixAppId with its parent application, which will lead to confusion in the new Hosted Apps and
Desktops Service.
The Type value for delivery groups created in XenDesktop 7.8 and 7.9 can be inconsistent with the Type value in
CloudPortal Services Manager. For example, when creating a delivery group in XenDesktop 7.8 or 7.9 without any type,
the Type value displayed in Citrix Studio is “-”, and the Type value displayed on the delivery group management page of
CloudPortal Service Manager is “Desktop and Applications”.
When you have multiple web service server connections in your CloudPortal Services Manger deployment, once a server
connection is tested with errors, you must reconfigure the server connection and make it successful, otherwise the
failed server connection can result in sites, delivery groups, and offerings retrieving errors for other server connections.
Changing the value of HAAD Subscription Group Type propertyis not supported if you want CloudPortal Services
Manger to manage offerings of App Orchestration.
When you create a delivery group with type Desktops and Applications, you must not create any applications that have
the same name as the delivery group.
FAQ
Q: How do I change the group type created on the Domain Controller while provisioning a service to a customer?
A: A new property named HAAD Subscription Group Type is added in Service Settings to determine the types of security
groups that are created while provisioning a service to a customer.
You can set the group type for security groups by performing the following steps:
1. Log on to CloudPortal Services Manager as a service provider admin.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.
3. From the Services Manager menu bar, choose Conf iguration > System Manager > Service Deployment .
4. Expand Hosted Apps and Desktops and click Service Settings.
5. Select the HAAD Subscription Group Type checkbox.
6. Select the appropriate group type for the security groups created while provisioning Hosted Apps and Desktops Service
to customers.
7. Click Apply Changes.
8. Click Save.
NoteThe property of HAAD Subscription Group Type should be set only at the top level or location level by a service provider. The
properties will not work if they are set at the reseller or customer levels.
Once a security group is generated, the group type cannot be changed by changing the value of HAAD Subscription GroupType at the location level and taking a customer service reprovision in CloudPortal Services Manager.
Use the CloudPortal Services Manager Discussion Forum to ask questions and contribute your knowledge about
CloudPortal Services Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.132https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.133https://docs.citrix.com
Plan to deploy the Hosted Apps and Desktops Service
Jul 18 , 2016
The Hosted Apps and Desktops web service for Services Manager allows service providers to manage and delegate end-
user administration of applications, desktops, and resources.
The following is the topology of Hosted Apps and Desktops Service. In this topology, we can support multiple XenDesktop
instances, but only one XenApp instance and one AppOrchestration configuration server to be managed by CloudPortal
Services Manager. For the XA Farm, AO Configure Server and XD Site mentioned below, Hosted Apps and Desktops Service
must be installed to communicate with CloudPortal Services Manager:
CPSM: CPSM web server, CPSM provisioning engine, CPSM database
DC: Domain Controller
XA Farm: A farm is a group of XenApp servers that can be managed as a single logical entity, use a single data store
database, and balance the load resulting from requests for published resources in the farm.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.134https://docs.citrix.com
AO Conf iguration Server: The App Orchestration Configuration Server hosts the App Orchestration engine and the
web-based management console.
XD Site: A Site is the name you give to a product deployment. It comprises the Delivery Controllers and the other core
components, VDAs, virtual resource connections (if used), and the machine catalogs and delivery groups you create and
manage.
Deploying the Hosted Apps and Desktop Service includes the following tasks:
Install the Hosted Apps and Desktops Service
Configure the Hosted Apps and Desktops Service
Configure the Hosted Apps and Desktops sites
Configure Hosted Apps and Desktops delivery groups
Configure Hosted Apps and Desktops offerings
Provision the Hosted Apps and Desktops Service
You can install the service on a XenApp server or a XenDesktop Delivery Controller, or on an App Orchestration
configuration server using the setup tool of Hosted Apps and Desktops Service or from the command line.
The following versions of XenApp, XenDesktop, and App Orchestration are supported:
XenDesktop 7.1, 7.5, 7.6, 7.8 and 7.9
XenApp 6.5 FP4 7.5 and 7.6
AppOrchestration 2.5 and 2.6
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.135https://docs.citrix.com
Install the Hosted Apps and Desktops Service
Jul 19, 2016
It’s allowed to manage offerings from XenDesktop, XenApp and App Orchestration simultaneously, which means you can
install Hosted Apps and Desktops web service for multiple Desktop Delivery Controllers (from different Delivery Sites), one
XenApp farm server and one App Orchestration configuration server at the same time if you want to connect to all the
servers by CloudPortal Services Manager.
NoteWhen you upgrade the web service on the web service servers, it is recommended that you uninstall the previous version of
Hosted Apps and Desktops service in advance and then reinstall this new version. This ensures that the Hosted Apps andDesktops Conf iguration Tool is automatically launched and gets CloudPortal Services Manager configured correctly. If you
upgrade the web service without uninstalling the previous version of Hosted Apps and Desktops web service in advance, you
need to manually launch the Hosted Apps and Desktops Conf iguration Tool to complete the configuration. Configuring the
service correctly is necessary for this version to work properly.
For XenDesktop, multiple server connections are supported, but for XenApp or App Orchestration, only one server connection is
supported.
In the new version of Hosted Apps and Desktops Service, creating multiple server connections to a XenDesktop site is not
supported. If you have multiple Delivery Controllers within a XenDesktop site, only one Delivery Controller is required to install the
Hosted Apps and Desktops web service.
To install the Hosted Apps and Desktops Service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS applicationpool, and
define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next .
5. On the Select Web Services page, select one of the following options, depending on the product installed on the
server, and then click Next :
If you are installing the web service on a XenApp server, select Hosted Apps and Desktop Web Service (XenApp).If you are installing the web service on a XenDesktop server, select Hosted Apps and Desktops Web Service(XenDesktop).If you are preparing an App Orchestration configuration server to work with the Hosted Apps and Desktops service
through the control panel, select App Orchestration Conf iguration Tool.6. On the Review Prerequisites page, review the list of software that will be installed to support the component and then
click Next . Setup will install any prerequisites that are not already present.
7. On the Ready to Install page, review your selection and then click Install.8. After the installation f inishes, click Finish.
9. On the Add Services page, select Conf igure Services.
10. On the Conf igure Installed Components page, click Conf igure next to the component you want to configure.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.136https://docs.citrix.com
11. To configure the XenApp or XenDesktop web services, on the Conf igure IIS page, enter the following information and
then click Next :
Auto-generate credentials: Select this check box to allow service account credentials to be generated
automatically.
User name: Enter a user name for the web service account. If you installed the web service on a XenApp server, the
default user name is csm_xenapp_svc. If you installed the web service on a XenDesktop server, the default user
name is csm_xendesktop_svc. This f ield is unavailable when you elect to auto-generate credentials.
Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate
credentials.
Create if doesn't exist : Leave this check box selected to allow the web service account to be created if it does not
already exist in Active Directory.
Service port : Enter the port used by the web service. The default port is 8095.
12. To configure the App Orchestration Configuration Tool, perform the following actions:
On the Specify Conf ig Server page, enter the following information and then click Next :
Server address: Enter the FQDN of the App Orchestration configuration server if it is not already present. By
default, the FQDN of the current server is displayed.
Connect as: Enter the username and password of the orchestration service account used to access the App
Orchestration configuration server. By default, the username of the current logged-in user is displayed
in DOMAIN\username format.
Click Test Connection to test communication with the App Orchestration configuration server.
On the Create Service Account page, enter the following information and then click Next :
Username: Enter a user name for the self-service account for App Orchestration. The defaultuser
name is csm_haad_selfsvc. This account is added as an administrator to the App Orchestration deployment.
Password: Enter a password for the self-service account.
Create if doesn't exist : Leave this checkbox selected to allow the self-service account to be created if it does
not already exist in Active Directory.
13. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate
configuration page. When the summary contains the settings you want, click Next . The Configuration Tool configures
the web service and displays progress.
14. Click Finish and then click Exit to close the Configuration Tool.
To install the Hosted Apps and Desktops Service from the command line
1. On the server where you are installing the web service, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. To install the web service component, at the command prompt, enter CortexSetupConsole.exe/Install:component.
Component Description
CsmXenDesktopWS XenDesktop Web Service
CsmXenAppWS XenApp Web Service
CsmAppOrchestration App Orchestration Configuration Tool
The Setup Tool installs the web service and returns the command prompt.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.137https://docs.citrix.com
4. To perform preliminary configuration, at the command prompt, enter install-
location\Services\component\Configuration\HostedAppsAndDesktops\ConfigConsole.exe and specify the following
properties:
Property Description
/UserName:ctx_svc_acct Valid only when installing the XenApp or XenDesktop component.Username for
the web service account. This account must be a XenApp or XenDesktop
administrator.
/Password:password Valid only when installing the XenApp or XenDesktop component.Password for
the web service account. This property is optional if /GenerateCredentials is
specif ied.
/SqlServer:server-address Required. Address of the server where the SQL Server database is deployed.
/AutoCreateUser:True|False Valid only when installing the XenApp or XenDesktop component. Optional.
Creates the service account in Active Directory, if required.
/GenerateCredentials:True|False Valid only when installing the XenApp or XenDesktop component. Optional.
Generates a password for the service account.
/ServicePort:port Valid only when installing the XenApp or XenDesktop component. Optional.
Inbound port to be used/added to the CortexServices web site. Default = 8095.
/SqlUserName:user-name Optional. SQL Server login username.
/SqlPassword:password Optional. SQL Server login password.
/UseSqlAuthentication:True|False Optional. Enables or disables use of SQL authentication mode.
Install-location is the installation directory on the local computer. The default directory is C:\Program Files
(x86)\CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command strings
The following commands install and initially configure the XenDesktop component of the Hosted Apps and Desktops web
service. The default port (8095) will be used.
CortexSetupConsole.exe /Install:CsmXenDesktopWS
c:\Program
Files(x86)\Citrix\Cortex\Services\CsmXenDesktopWS\Configuration\HostedAppsAndDesktopsConfigConsole.exe
/UserName:ctx_svc_acct /Password:password /SqlServer:server-address
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.138https://docs.citrix.com
Configure the Hosted Apps and Desktops service
Jul 19, 2016
Updated: 2014-08-10Configure the Hosted Apps and Desktops service after you install it .
To import the service package, you must have the Service Schema Administrator security role. To configure the service, you
must have the Service Provider Administrator security role.
If you intend to use the CloudPortal Services Manager API to access the service that is deployed with App Orchestration,
ensure you have created the datacenter you want to use through the App Orchestration web management console
before you configure the service. You can then specify the datacenter when you configure the service at the location level.
This is required because the API cannot use the default datacenter registered in App Orchestration. For more information
about this requirement, see Plan to deploy the Hosted Apps and Desktops service.
To configure the Hosted Apps and Desktops service
1. Import the service package into the control panel:1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.2. Under Services Management, click Import a service.3. On the Service Import page, click Browse and locate the Hosted Apps and Desktops.package file. Click Open.4. Click Preview. Services Manager displays the contents of the file for your review.5. Click Import at the bottom of the page. Services Manager imports the file and reports Import Complete.
2. On the Services Manager provisioning server, either restart the CortexQueueMonitor service or restart the machine.3. Clear your browser cache before logging into the control panel. 4. In the control panel, enable the service at the top level:
1. From the Services Manager menu bar in the control panel, choose Configuration > System Manager > Service Deployment and thenexpand Hosted Apps and Desktops. Click Save
5. Enable the service at the location level:1. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.2. Click Apply Changes and then click Save.
6. Verify credentials:1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.2. Create the administrative impersonation account for the Hosted Apps and Desktops service by clicking Add, and then entering a
username, password, and domain (preferably in Fully Qualified Domain Name form).Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services Manager isdeployed in a production environment. Use plain-text credentials only for debugging.
7. Enable the server:1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.2. If the server on which you installed the service is not listed, click Refresh Server List.3. Expand the entry for the server and verify that Server Enabled is selected.
8. Assign server roles:1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles, and then expand the entry for the
server.2. Under Server Connection Components, select Hosted Apps and Desktops, and then click Save.
9. Add a server connection:1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, select a Location Filter if
applicable, click New Connection, and then select or type the following information for the web service.
Server RoleSelect or type Hosted Apps and Desktops.
ServerSelect the server where the web service is installed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.139https://docs.citrix.com
CredentialsSelect or type the credentials for the server.
URL BaseSelect or type /CSMXenAppWS/v1 for XenApp, /CSMXenDesktopWS/v1 for XenDesktop, and /cam/api for the App OrchestrationConfiguration Tool.
ProtocolSelect http for XenApp and XenDesktop, https for App Orchestration.
PortType 8095 for XenApp or XenDesktop, 443 (default) for App Orchestration.
T imeoutDefaults to 200000 milliseconds.
VersionSelect the installed service component: App Orchestration for the App Orchestration Configuration Tool, XenDesktop Direct for theXenDesktop web service, or XenApp Direct for the XenApp web service.
2. Click Save.3. On the Server Connections page, click the icon in the Test column for the server. The icon turns green for a successful connection. A red
icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.10. If you intend to use the CloudPortal Services Manager API to access the service that is deployed with App Orchestration, then now you can
go back and configure the default datacenter.1. From the Services Manager menu bar in the control panel, choose Conf iguration > System Manager > Service Deployment2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.3. Expand Hosted Apps and Desktops, click Service Settings, and then expand App Orchestration.4. Select the App Orchestration Datacenter check box and click Reload to populate the setting's list with the datacenters that are
registered in App Orchestration. From the list, select the datacenter you want to use with the Hosted Apps and Desktops service. 5. Click Apply Changes and then click Save.
You should now configure the rest of the properties associated with this service. The Service Settings properties all have appropriate'default' values, but the Customer and User Plans will need attention.
11. Configure the Customer Plan properties1. Expand Hosted Apps and Desktops again, and click Customer Plans, and expand the App Orchestration Customer Plan.2. Expand the App Orchestration section3. Select the App Orchestration Private Network Name checkbox, and enter a Network pattern if required. Note: this property now
accepts {variable} notation seen in other areas of the CloudPortal Services Manager control panel. A sample value might be{CustomerShortName} - Network.
4. Select the App Orchestration Store Front Isolation check box and select a default isolation mode. NOTE: this value, as well asthe Private Network Name can be altered on a per tenant basis when provisioning the Service to the tenant.
5. Click Apply Changes, and then click Save.12. Configure the User Plan properties:
1. Expand Hosted Apps and Desktops again, and click User Plans, and expand the Default User Plan.2. User the following table as a guide to setting these values.
Property Example Value
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.140https://docs.citrix.com
Name of home drive share {customershortname}_{username}_home
Name of the profile share {customershortname}_{username}_profile
Path to share for the user profile C:\Shares\home\{CustomerShortName}\{username}
Path to share for the user profile C:\Shares\profile\{CustomerShortName}\{username}
Profile home folder drive letter P:
Profile home folder drive path \\fs\{customershortname}_{username}_home
Profile tab profile path \\fs\{customershortname}_{username}_profile
Terminal services file serverFs
Terminal services home drive letter
H:
Terminal services home drive path \\fs\{customershortname}_{username}_home
Terminal services profile path
\\fs\{customershortname}_{username}_profile
Property Example Value
If you have multiple backend servers to connect to, repeat Steps 5 through 8 listed above to create multiple server
connections.
NoteWhen creating server connections for each web service server, you must choose the correct Version for each server. For example,
while creating a server connection for XenDesktop, select XenDesktop Direct as the Version.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.141https://docs.citrix.com
Configure the Hosted Apps and Desktops sites
Jul 18 , 2016
The Site Management page lists the information related to the XenDesktop sites, App Orchestration configuration server,
and the XenApp farm connected to CloudPortal Services Manager. Service providers can also view customer usage and
offerings usage of the sites from this page.
The following table shows the information that is displayed on the Site Management page.
Property Description
Site NameThe display name of the site. For XenDesktop sites, this is the site name. For XenApp, this is XenApp farm name. For App
Orchestration, this is server name of the App Orchestration configuration server with a suffix “_AO”.
Type The type of each server. It can be: XenApp, XenDesktop and App Orchestration.
ServerName
The name of the HAaD web service server.
ServerVersion
The version of the XenDesktop, XenApp, App Orchestration server.
ConfiguredOfferings
The number of configured offerings within a site. If the value is greater than 0, it is clickable and links to a page that shows
the details of the configured offerings.
Used By
The customer usage of each offering in a site.
If only one customer is provisioned offerings of a site, the value is the customer name. It is clickable and linked to the
customer service page.
If more than one customer is provisioned offerings of a site, the value is a number with a link that represents the total
number of customers being provisioned with offerings of this site. When you click the number, a dialog box appears,
listing all the customers being provisioned with the offerings from this site.
NoteThe term site in this context is a CloudPortal Services Manager term. It can be a XenDesktop site, a XenApp farm, or an App
Orchestration configuration server.
To update the Hosted App and Desktops sites
After the server connections have been created and configured, update the site information on the Site Managementpage by performing the following steps:
1. On the Services Manager menu bar, click Services > Hosted Apps and Desktops > Site Management .
2. Click Discover.3. Make sure all the sites connected by server connection are listed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.142https://docs.citrix.com
NoteOnce a server connection is added or deleted, update the site information by clicking Discover again before any other operation.
Otherwise, information of delivery groups and offerings is not updated correctly. For example, if you delete a server connection and
then go to the Offering Management page directly to discover the offerings, an error occurs with the message “Unable to get the
web service with id xx”.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.143https://docs.citrix.com
Configure Hosted Apps and Desktops delivery groups
Jul 18 , 2016
In the new version of Hosted Apps and Desktops Service, a new page has been added to support delivery group
management and delivery group isolation mode configuration. Delivery groups created in XenDesktop after the new version
of Hosted Apps and Desktops is deployed are displayed and isolation mode is configurable. Clicking Discover provides a
realtime status of delivery groups in your XenDesktop site. From the delivery group management page, service providers can
get customer usage and offerings usage of their delivery groups.
NoteFor XenDesktop legacy delivery group (applications or desktops of the delivery group managed by previous versions of Hosted
Apps and Desktops Service), the delivery group is not visible and configurable on this page, with the exception that the delivery
group and its applications do not start with naming prefixes such as “_Offer”, “_Offer_Shared” or “_Offer_Isolated.”
Delivery groups generated by App Orchestration are not displayed and cannot be managed by CloudPortal Services Manager.
The following table shows the information displayed on the Delivery Group Management page.
Property Description
Conf iguredThis property indicates whether the delivery group is configured. Only after the delivery group isconfigured, offerings belonging to that delivery group are visible and configurable on the OfferingManagement page , and vice versa.
DeliveryGroupName
The name of the delivery group.
Site The name of the XenDesktop site that the delivery group belongs to.
IsolationMode
Indicates the isolation mode of offerings from this delivery group. Two isolation modes can be
configured: Shared and Private.
Shared: The delivery group can be shared by multiple customers, and all offerings from the delivery
group have shared isolation mode;
Private: The delivery group can be used by one customer. All offerings from the delivery group have
private isolation mode and can be assigned to the same customer only.
TypeIndicates the type of the delivery group. It can be either Desktop, Desktop and Applications,Applications, or N/A.
Conf iguredOfferings
The number of configured offerings of a delivery group. If the value is greater than 0, it is clickable andlinks to a page that shows the details of the configured offerings.
The offering usage of a delivery group.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.144https://docs.citrix.com
Used By
For a private delivery group, the value is the customer name. It is clickable and links to the customer
service page.
For a shared delivery group, the value is a number with a link that represents the total number of
customers being provisioned with offerings from this delivery group. When you click the number, a
dialog appears, listing all the customers being provisioned with offerings from this delivery group.
NoteFor XenDesktop 7.8 or XenDesktop 7.9, delivery groups can be created without any type. If a delivery group is created without
any type, the value of Type in delivery group management page is N/A
Before configuring the delivery groups in CloudPortal Services Manager, they must be created in the backend first and the Hosted
Apps and Desktop service must be configured.
To configure XenDesktop delivery groups
1. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Delivery Group Management .
2. Click Discover.3. Use the Search Delivery Group Name and Filter by f ields to tailor the display of available delivery groups as needed.
4. Select one or more unconfigured delivery groups and then click Conf igure.
5. Under Conf iguration Dialogue, select the Isolation Mode for the delivery group:
Private: The private delivery group can be used only by one customer. Other customers cannot see any offerings from
the delivery group. All offerings from the private delivery group have the private isolation mode.
Shared: The shared delivery group can be used by multiple customers. Offerings from the shared delivery group can be
provisioned to resellers and customers by delegated admins. All offerings from the shared delivery group have the
shared isolation mode.
6. Click Save.
You can unconfigure a delivery group by clicking Unconfigure. On unconfiguring a delivery group, offerings from the delivery
group are no longer visible in CloudPortal Services Manager. A delivery group cannot be unconfigured until all the offerings
of the delivery group are unconfigured in CloudPortal Services Manager.
NoteYou cannot change the isolation mode of the delivery group until it is unconfigured.
If you do not click Discover, only configured delivery groups are displayed. When you click Discover button, delivery groups
from XenDesktop backend servers are displayed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.145https://docs.citrix.com
Configure Hosted Apps and Desktops offerings
Jul 19, 2016
Updated: 2014-11-17Before configuring offerings, configure the service.
After you configure offerings, provision the service.
ImportantIf you use the Hosted Apps and Desktops service with an environment running XenDesktop 7.6, and your Hosted Apps and
Desktops version is prior to v11.5.3, then CloudPortal Services Manager will not automatically discover applications and desktops
that are contained in custom folders. With this configuration, all offerings must reside in the default (root) application folder. This
limitation is resolved with version 11.5.3.
The Offering Management page lists all offerings created in XenDesktop, XenApp, and App Orchestration sites. Clicking
Discover on this page fetches realtime status of offerings of XenDesktop, XenApp, and App Orchestration. Service
providers can use this page to configure offerings and view customer usage of offerings. Once an offering is configured, it
can be used by resellers or customers.
The following table shows the information that displayed on the Offering Management page.
Property Description
Configured Indicates whether the offering is configured. If the offering is configured, it can be used by resellers or customers.
Offering The display name of the offering
DeliveryGroup
The delivery group that the offering belongs to.
Site The site that the offering belongs to.
IsolationMode
Indicates the isolation mode of the offering. The isolation mode decides whether the offering can be used by one
customer or be shared by multiple customers.
Used By
Shows the usage of the offering.
For a private offering, the customer name is listed. It is clickable and links to the customer service page.
For a shared offering, the value is a number with a link that represents the total number of all resellers and customers
being provisioned with the offering. When you click the number, a dialog apperas, listing the hierachy of resellers and
customers being provisioned with this offering.
In the new version of Hosted Apps and Desktop Service, there is no naming limitation on application and delivery group
names on XenDesktop sites. For offerings created in XenDesktop after the new version of Hosted Apps and Desktops is
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.146https://docs.citrix.com
installed and configured:
Offerings are visible in CloudPortal Services Manager and can be configured after the delivery groups have been
configured.
Offerings can have isolation mode in accordance with thei delivery groups. For example, if the delivery group has shared
isolation mode, offerings of this delivery group have shared isolation mode as well.
For shared offerings, offerings can be provisioned by multiple customers after they are configured.
For private offerings, offerings cannot be configured until they are assigned to a customer. Once a private offering is
configured to a customer, all other offerings from the same delivery group are automatically assigned to the same
customer. These offerings cannot be assigned to another customer unless all private offerings of the delivery group are
unconfigured. These kinds of offerings can be provisioned to only one customer.
XenDesktop offerings managed by previous versions of Hosted Apps and Desktops Service, and offerings of App
Orchestration and XenApp are displayed with a yellow background on the Offering Management page. These offerings
retain the behavior of the previous versions of Hosted Apps and Desktops Service.
The isolation mode of these offerings depends on the naming prefix of offerings on the Desktop Delivery Controller. To
get more information about configuring isolation mode on the backend server, see Configure applications and desktops
in the backend.
Both private and shared offerings can be assigned to a specif ic customer during configuration. Once an offering is
configured to a customer, it is visible only to that customer. Both private and shared offerings can be provisioned to
multiple resellers and customers.
To configure Citrix application and desktop offerings
Perform the following steps to configure XenDesktop Applications and Desktops created after the new version of Hosted
Apps and Desktops Service is deployed:
NoteBefore the newly created XenDesktop offerings are available within CloudPortal Services Manager, the delivery group must be
configured.
1. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Offering Management .
2. Click Discover.3. Use the Search Offerings and Filter by f ields to f ilter the display of available offerings if required.
4. Select one or more unconfigured offerings and then click Conf igure.
5. Under the Conf iguration Dialog, you can:
Specify a Display Name, Description, Price, Cost , and Code (for integration with third party billing systems).
Indicate if this offering is allocated by default. When this option is enabled, the offering appears in the list of available
applications and is selected by default for provisioning to a new user, customer, or reseller.
Assign a customer. This is visible only for private offerings. After a customer is assigned, only the customer can see the
offering.
6. Click Save.
You can unconfigure an offering by clicking Unconfigure. Unconfigured offerings are no longer available to resellers or
customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.147https://docs.citrix.com
NoteA customer name must be selected for private offerings before configuration, otherwise the offering can not be configured.
For private offerings, to assign a customer to the offering, the customer must be provisioned with Hosted Apps and Desktops
Service in advance.
Configure offerings of App Orchestration, XenApp, and XenDesktop managed by earlier versions of HostedApps and Desktops Service
App Orchestration, XenApp, and legacy XenDesktop are configure the same way as earlier versions of Hosted Apps and
Desktops Service. For more information, see To configure Citrix application and desktop offerings.
To configure non-Citrix application or resource offerings
To configure non-Citrix application or resource offerings, perform the following steps:1. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Offering Management.
2. Select the tab for the offering type: Non-Citrix Apps or Resources. Use the Search offerings and Filter by f ields to tailor
the display of available offerings.
3. To add an offering, click New.
4. Under New offering, you can:
Provide directory name guidance: allow Services Manager to generate a directory name (default), specify a custom
directory name, or specify an existing directory.
Specify a display name (to replace 'New offering'), description, price, cost, and code (for integration with third party
billing systems).
Indicate if this offering will be allocated as a default - When this option is enabled, the offering appears in the list of
available applications and is selected by default for provisioning to a new user, customer, or reseller.
Marked as private - When this option is enabled, the offering can be assigned to a single customer; it does not appear
in the list of available applications unless the customer is the owner. If the offering is already in use, this option is not
available.
5. Click Save.
To edit an offering, select it and then click Edit. You can edit all the configured items except the directory. If you select
more than one offering, you cannot configure the display name or description.
To remove an offering, select it and then click Delete. When prompted, confirm the deletion.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.148https://docs.citrix.com
Provision the Hosted Apps and Desktops service
Jul 18 , 2016
Updated: 2013-12-06The Hosted Apps and Desktops Service allows service providers to provision customers and resellers with XenApp and
XenDesktop applications, desktops, and resources either directly from a XenApp or XenDesktop Delivery Controller, or
through App Orchestration.
Before provisioning the service, configure the service, configure the delivery groups (only for XenDesktop offerings) and
then configure offerings.
Offerings assigned to a single customer are available only to that customer. In such cases, go to To provision the Hosted
Apps and Desktops Service to customers directly.
Unlike provisioning XenDesktop private offerings in earlier versions of Hosted Apps and Desktops Service, when provisioning
a private XenDesktop offering created after deploying a new version of Hosted Apps and Desktops Service to a customer,
CloudPortal Services Manager does not duplicate extra delivery groups for the isolated offerings.
To provision the Hosted Apps and Desktops service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, click Reseller.
4. Select the Hosted Apps and Desktops service check box and then click the Hosted Apps and Desktops service name.
5. Under Reseller Service Setup, select the applications, desktops, and resources to be offered.
6. Click an individual offering row and then click Edit to:
Provide directory name guidance: allow Services Manager to generate a directory name (default), specify a custom
directory name, or specify an existing directory.
Specify a display name (to replace 'New offering'), description, price, cost, and code (for integration with third party
billing systems).
Indicate if this offering will be allocated as a default - When this option is enabled, the offering appears in the list of
available applications and is selected by default for provisioning to a new user, customer, or reseller.
If you change any settings, click Save.
7. Click Service Settings to specify service message information. If you change settings, click Apply changes. If you have the
Service Schema Administrator role, you can also specify display name and Active Directory information. You can specify
the datacenter address if you are using App Orchestration.
8. Select the appropriate user and customer plans.
9. Click Advanced Settings to:
Specify the maximum number of users that the customer can provision with this service.
Enable or disable billing.
Access demo account retention and warning settings. Click Service Settings. If you change service settings, click Apply
changes.
If you have the Service Schema Administrator role, you can also specify host header, Web Server, customer creation,
remote directory, and message information.
10. Click Provision.
To provision the Hosted Apps and Desktops service to customers
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.149https://docs.citrix.com
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click Hosted Apps and Desktops. The Service Plan Configuration page appears.
4. Select the appropriate customer plan.
5. Click Edit, in order to override the Customer Plan settings. This displays the following settings for App Orchestration only:
1. The tenant's Storefront Insolation Level. Choose between shared, private or a private server group.
2. The tenant's private network name: a management network to which a customer's privately-allocated machines are
connected. If a network is not specif ied, the configured shared management network is used.
6. Select the applications, desktops, and resources that the customer can offer. To specify a default application, select the
offering, click Edit, enable Allocate as default application and then click Save.
7. Click Advanced Settings to:
Select a user plan.
Specify the maximum number of users that the customer can provision with this service.
Enable or disable billing.
Specify service message information. Click Service Settings. If you change settings, click Apply changes.
If you have the Service Schema Administrator role, you can also specify display name and Active Directory information.
You can specify the datacenter address if you are using App Orchestration.
8. Click Provision.
For App Orchestration, the Provisioning process performs the following actions:Creates the customer as a tenant
Creates offering subscriptions for the tenant. When you enable an offering for the customer, Services Manager creates
an Active Directory user group and associates the group with the offering subscription.
Creates a StoreFront site for the tenant at the selected isolation level.
NoteOfferings of App Orchestration, XenApp, and of XenDesktop managed by earlier versions of Hosted Apps and Desktops Service
can be subscribed and unsubscribed to customers. The behavior is the same as in earlier versions of Hosted Apps and Desktops
Service.
The differences in provisioning compared with earlier versions are as follows:
If the offering is picked up after the new version of Hosted Apps and Desktops has been deployed, CloudPortal Services
Manager creates an Active Directory security group and associates the group with the desktop or application on the
Desktop Delivery Controller.
If the offering is a legacy private offering, when you enable an offering for a customer, an extra delivery group with the
related applications is duplicated for the private offering on the Desktop Delivery Controller, and CloudPortal Services
Manager creates an Active Directory security group and associates the group with the duplicated delivery group.
To provision the Hosted Apps and Desktops service to users
You can add selected offerings to a single user or multiple users. You can also remove selected offerings from a single useror multiple users when provisioning the Hosted Apps and Desktops Service to users.1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.
2. Select Services. The User Services page appears.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.150https://docs.citrix.com
3. Click Hosted Apps and Desktops. The User Service Setup page appears.
4. Choose the appropriate user plan.
5. Select the applications, desktops, and resources the user can access.
6. Click Service Settings to specify service message information. If you change settings, click Apply changes. If you have the
Service Schema Administrator role, you can also specify Active Directory information.
7. Click Provision.
When you provision a user, the provisioning process simply adds the user to the groups which correspond to the selectedofferings.
Bulk user operations
Multi-user service provisioning and offering management features are available in Hosted Apps and Desktops Service 11.5.3
and later versions.
To access the bulk user operations in the Hosted Apps and Desktops Service:
1. From the Services Manager menu bar, click Users and select multiple users for whom you want to provision services.
2. From the panel on the lower left, select Services.
3. Click Hosted Apps and Desktops. The User Service Setup page appears.
4. Choose the available user plan.
5. Select the applications, desktops, and resources the user can access.
When performing bulk user operations, different usability modes align with specific uses.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.151https://docs.citrix.com
Used when performing initial service provisioning and final service deprovisioning or when performing offering management
where all selected users have the same set of app and desktop offerings:
Service provisioning: Provision a specific set of app and desktop offerings to multiple users. These users are configured
access for only the specified offerings. Any offerings not selected are removed. Selected offerings will be provisioned.
Unselected offerings will be de-provisioned.
Service deprovisioning: Remove access to all offerings and deprovision the Hosted Apps and Desktops service from
selected users.
You perform deprovisioning by not selecting any of checkbox options for additive or subtractive provisioning. Click
Deprovision, and the selected offerings are ignored. All offerings will be de-provisioned and the service will be
deprovisioned from the user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.152https://docs.citrix.com
Additive provisioning: Used for bulk user offering management of users with different application sets. Provision selected
app and desktop offerings to multiple users. Access is only granted for the selected offerings. No access to existing
offerings is revoked.
1. Select Add selected offerings, unselected offerings will remain unchanged.2. Click Provision.
In this operation mode the selected offerings are provisioned to users and other offering settings remain unchanged.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.153https://docs.citrix.com
Subtractive de-provisioning: Access is revoked only for the selected offerings. No other offering access are changed.
1. Select Remove selected offerings, unselected offerings will remain unchanged.
2. Click Deprovision.
The selected offerings are deprovisioned from the users. Users’ original offerings remain unchanged.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.154https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.155https://docs.citrix.com
Upgrade the Hosted Apps and Desktops Service
Jul 19, 2016
When upgrading to a new version of the Hosted Apps and Desktops Service, there could be more than one component to
upgrade, depending on the architecture and approach being used. In all upgrade scenarios, administrators will need to
import the new Hosted Apps and Desktops Service Package.
When using the Hosted Apps and Desktops Service with App Orchestration, the web service is not using during service
operations or provisioning, and does not need to be updated. When using the Hosted Apps and Desktops service directly
with XenDesktop, it is required to update the web service residing on the XenApp or XenDesktop delivery controller.
Re-install the Hosted Apps and Desktops Web Service
To upgrade the web service, it is required to re-install the Hosted Apps and Desktops web service in the backend servers.
During the process of upgrading the web service, the Hosted Apps and Desktops service will fetch all the delivery groups
from Desktop Delivery Controller (for XenDesktop backends), and specify the delivery groups previously managed by
CloudPortal Services Manager as legacy delivery groups. The delivery groups that were notmanaged by CloudPortal Services
Manager are imported as as newly created delivery groups.
1. On the server where the web service is installed, log on as administrator.
2. Navigate to the unzipped folder and double-click the Setup f ile.
3. On the Select Web Services page, select the specif ied service (XenApp Web Service, XenDesktop Web Service, App
Orchestration Configuration Tool) that you want to install.
4. On the Review Prerequisites Page review the information and click Next .
5. On the Ready to install page, click Install to install the service, and then click Next .
6. On the Conf igure Installed Components page, click Conf igure to configure the hosted apps and desktops Web
Service.
7. On the Conf igure IIS page, configure the web service account; keep the original credentials and the service port during
the configuration. If you changed the credentials and the service port, be sure to configure the Server Connections
again on CPSM web console
8. Click Next , and then click Finish.
NoteIt is recommended to uninstall the previous version of the web service before re-installing the new version of the web service.
When upgrading the web service directly from the previous version, make sure to run the Hosted Apps and Desktops WebService Conf iguration Tool to configure the web service.
Import the service package into the control panel
After the packge has been updated. It is required to restart the CitrixQueueMonitor service, and then configure the site,
delivery group and offering before using them:
1. Download the latest Hosted Apps and Desktops service package and unzip it to a local folder.
2. Import the service package into the control panel:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.156https://docs.citrix.com
Note: To access service import features in the portal, the user must have the Service Schema Administrator security role.
1. From the Services Manager menu bar, click Conf iguration > System Manager > Service Schema.
2. Under Services Management , click Import a service.
3. On the Service Import page, click Browse and locate the Hosted Apps and Desktops.package f ile. Click Open.
4. Click Preview. Services Manager displays the contents of the f ile for your review.
5. Click Import at the bottom of the page. Services Manager imports the f ile and reports Import Complete.
6. Clear the browser cache and restart the browser to login
3. On the Services Manager provisioning server, restart the CitrixQueueMonitor service or restart the machine.
4. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Site Management .
5. Click Discover.6. Ensure all the sites connected by the server connection are listed.
7. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Delivey Group Management .
8. Click Discover.9. Ensure all the new delivery groups are listed.
10. Select one or more delivery groups, and click Conf igure.
11. Select the Isolation Mode of delivery groups.
12. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Offering Management .
13. Click Discover.14. Ensure your offerings are listed.
NoteAfter importing the new version of the service package, it required to clear the browser cache to ensure that the new JavaScript files
have been used. Failure to do so may lead to distortions and unresponsive interactions with the UI.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.157https://docs.citrix.com
Upgrade Citrix application and desktop offerings
Jul 18 , 2016
In the new version of Hosted Apps and Desktops Service, the behavior of existing managed offerings and the bavior
ofnewly added offerings are different. If you want to migrate the existing managed offerings to the new ones and use the
new features, follow the following upgrade steps:
1. Prepare to upgrade the delivery group from the old version to the new version
1. Before upgrading offerings, make sure the new version of the Hosted Apps and Desktops Service package has been
imported, and web service has been reinstalled.
2. Unconfigure all existing offerings. For offerings that are in use, deprovision the offerings from resellers or customers.
2. Change the metadata for old version delivery groups.
1. On the Desktop Delivery Controller, log on as an administrator.
2. Open a powershell terminal and input cmdlet to add the Citrix powershell snapin.
Add-PSSnapin "Citrix.Broker.Admin.V*"
3. Run cmdlet to get the delivery groups managed by the old version of Hosted Apps and Desktops Service.
$dg = Get-BrokerDesktopGroup -Name "{delivery group name}"
4. Run $dg. MetadataMap to check the value in property key Version. Ensure that the value in Version is V0 for the
legacy delivery group.
5. Run cmdlet to change the version of the old version delivery groups from V0 to V2.
Set-BrokerDesktopGroupmetadata -DesktopGroupId $dg.Uid -Name Version -Value "V2" – PassThru
6. Run Steps c and d to confirm that the version in metadata of the delivery group isnow Version 2.
3. The delivery group used from the earlier Hosted Apps and Desktops Service can be used as a Version 2 type delivery
group now. Configure delivery groups and then offerings in CloudPortal Services Manager by the new version of Hosted
Apps and Desktops Service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.158https://docs.citrix.com
Migrate the Hosted Apps and Desktops for AppOrchestration to XenDesktop
Jul 18 , 2016
Citrix strongly recommends that you migrate offerings from App Orchestration to XenDesktop - using CloudPortal Services
Manager to directly manage desktops and applications.
Set up and configure XenDesktop
Information about the setup and configuration on XenDesktop is given below:
Create Delivery Sites
A delivery site is composed of identically configured Delivery Controllers and includes the Session Machines, Delivery
Groups, and other components that deliver hosted apps and desktops to tenants and their users at the appropriate
isolation level. When transforming a delivery site from App Orchestration to XenDesktop, you must create a Site in
XenDesktop.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.159https://docs.citrix.com
Create Session Machine Catalogs
A Session Machine Catalog in App Orchestration is identical to a Machine Catalog in XenDesktop. Multiple machines are
collected in one Session Machine Catalog. These machines host applications and desktops for users to access through
Citrix Reciever. You can create a Machine Catalog in XenDesktop when migrating from App Orchestration.
Create Offerings
Offering is a term of App Orchestration. While Offerings are actually applications and desktops hosted on the
machines, they can be subscribed to users through Hosted Apps and Desktops Service of CloudPortal Services Manager,
just as App Orchestration did. In App Orchestration, you can create Offerings with a delivery group isolation level. The
isolation level you select depends on whether you want to create an Offering that uses shared machines or machines
that are dedicated to an individual tenant. Hosted Apps and Desktops support the same logic of isolation by configuring
isolation mode of delivery group.
Create Delivery Groups
In App Orchestration, delivery groups are created in the process of subscription according to the isolation level defined
for the Offerings. Delivery groups can be dedicated to a single tenant's users or shared among the users of several
tenants. After migrating from App Orchestration, the delivery groups must be created in XenDesktop server in advance.
NoteApp Orchestration introduces multiple datacenters to support resources deployed across geographic locations. The new version of
Hosted Apps and Desktop Service does not support manipulation for multiple datacenters, although the concept of multiple
datacenters is similar to the concept of Zones in XenDesktop 7.8 and 7.9. You can still use XenDesktop Zones to utilize the feature
of multiple datacenters.
App Orchestration and CloudPortal Services Manager share the same concept of isolation mode of delivery groups.
Offering Isolation
App Orchestration supports the specif icying the isolation level of offerings, which is used for session machines and
delivery groups when a subscription is made to the offering. The new version of Hosted Apps and Desktops Service
allows the configuration of the isolation mode of offerings.
Subscribe Tenant to offerings
Hosted Apps and Desktops allows service providers to provision an offering to tenants or users so that users can access
a specif ic offering through StoreFront.
NoteNetwork Isolation, StoreFront Isolation, and NetScalar Gateway Isolation are not currently supported in Hosted Apps and Desktops
Service in CloudPortal Services Manager. To utilize these features when migrating, they must be configured separately.
Migrate App Orchestration’s Offering to XenDesktop
The steps for migration are illustrated using the following scenario:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.160https://docs.citrix.com
Deployment in App Orchestration:
Customer1
Customer1 is created in CloudPortal Services Manager.
Customer2
Customer2 is created in CloudPortal Services Manager.
Customer3
Customer3 is created in CloudPortal Services Manager.
Offering1
Type: Desktop
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.161https://docs.citrix.com
Isolation mode: Shared delivery group
Offering2
Type: Application
Isolation mode: Private delivery group
To migrate deployments from App Orchestration, perform the following steps:
Preparation in XenDesktop
1. Prepare an isolated XenDesktop server.
2. Create a site on a Desktop Delivery Controller with the same name as in App Orchestration, which is “Delivery Site 1.”
3. Create a primary and satellite zone as shown below.
4. Configure the network and Netscaler based on your deployment.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.162https://docs.citrix.com
5. In the Primary and Satellite zones, create “StoreFront server Group1” with two or more StoreFront servers.
6. Create one or more Delivery Controllers in the primary and satellite zones.
7. Create “Session Machine Catelog1” with session machines VDA1 and VDA2 in the Primary zone.
8. Create “Session Machine Catelog2” with session machines VDA3 and VDA4 in the Satellite zone.
9. Create two delivery groups in the primary zone. “Delivery group 1” uses a VDA from “Session machine catalog1.”
“Delivery group 2” uses a VDA from “Session machine catalog2.”
10. Create a desktop named “Offering1” in “Delivery group 1”.
11. Create an application named “Offering2” in “Delivery group 2”.
Configure in CloudPortal Services Manager
1. Unsubscribe (deprovision) all App Orchestration offerings from users, customers and resellers.
2. Delete the Hosted Apps and Desktops server connection of App Orchestration.
3. Update the Hosted Apps and Desktops Service package to the latest version.
4. Install the Hosted Apps and Desktops web service on the newly deployed XenDesktop server.
5. Follow the steps mentioned above to create a server connection for the newly deployed XenDesktop server in
CloudPortal Services Manager.
6. Provision the Hosted Apps and Desktops Service to service provider reseller.
7. Provision the Hosted Apps and Desktops Service to Customer3.
8. Configure Hosted Apps and Desktops sites.
9. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Delivery Group Management .
10. Click Discover.11. Select the delivery group named “Delivery group 1” and click Conf igure.
12. Enable Shared in the Isolation Mode selection.
13. Select “Delivery group 2” and click Conf igure.
14. Enable Private in the Isolation Mode selection.
15. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Offering Management .
16. Click Discover.17. Select “Offering1,” click Conf igure, and then click Save.
18. Select “Offering2” and click Conf igure.
19. Input “Customer3” next to Customer Name and click Save.
20. Perform the steps listed in To provision the Hosted Apps and Desktops Service to customers to provision “Offering1” to
“Customer1” and “Customer2,” provision “Offering2” to “Customer3”.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.163https://docs.citrix.com
Hosted Exchange
Feb 10 , 2017
Updated: 2013-02-05
What's new in version 11.5.8 (Cumulative Update 4)
The Exchange service is now officially supported on Windows Server 2016.
What's new in version 11.5.6
Exchange 2016: This release has added support for Exchange 2016, and simplif ies the migration of Exchange objects
from Exchange 2013 to Exchange 2016.
Performance optimization:� Performance improvements related to the handling and use of the Powershell Remoting
URL. Instantiating new (remote) sessions is costly to performance, so new ways to manage remote sessions has been
developed to improve the overall performance of User and Customer Service provisioning.
Bug f ixes: All Exchange related bug f ixes since version 11.5 have been included in this release. This includes bug f ixes
not yet release since Cumulative Update 3 for v11.5
Deployment
Depending on the installation media that you have available, there may be a couple of ways to install the Hosted Exchangecomponents. Main Release Install Media:If the media you have is the complete CloudPortal Services Manager installation media, then you should apply the followingsteps to complete the installation of the Exchange Web Service:
Install the Hosted Exchange web service
Specif ic Service Release Only:If the media you have only includes binaries specif ic to the Hosted Exchange Service. i.e. The service was released on itsown, outside of a main product release of CloudPortal Services Manager. Then you shouold apply the following the stepsto complete the installation or upgrade of the Exchange components
Install or upgrade to the latest version of the Hosted Exchange Web Service
Conf iguration:Regardless of the install media, the configuration of the Web Service Components is the same. Apply the step in thefollowing topic to complete this configuration:
To configure the Hosted Exchange service (Applies to all new Web Service components)
Provision the Hosted Exchange service to resellers and customers
For information about requirements for deploying the Hosted Exchange service, refer to Plan to deploy the Hosted
Exchange service.
Management
Use the following topics to configure mail archiving, PST Import/Export, and Unif ied Messaging for Hosted Exchange users:Configure personal archives for Exchange 2010
Configure PST File Import and Export
Configure Unif ied Messaging
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.164https://docs.citrix.com
After deploying the Hosted Exchange service, use the following topics to provide access to resources through the controlpanel:
Manage public folders
Manage Exchange contacts
Manage Exchange distribution groups
To create mail disclaimers
To create mailboxes for managing meeting resources
Import and export Exchange mailbox f iles
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.165https://docs.citrix.com
Install the Hosted Exchange web service
Oct 05, 2016
Updated: 2014-08-14The Hosted Exchange web service is installed on a server in your environment that hosts the Exchange Management Console. You can install the Exchange web service using either the graphical
interface of the CloudPortal Services Manager installer or through the command line.
To install the Exchange web service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, define the Exchange deployment environment, and add multi-tenancy
permissions to Active Directory. After installation, you can enable the service and continue configuration through the control panel.
This task assumes the CloudPortal Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Exchange Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service. Click Next.
7. On the Ready to Install page, click Install. The Deploying Server Roles page displays the installation progress.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the Exchange Web Service item. The Configuration Tool attempts to contact the Encryption Service to retrieve the encrypted key. If the
service cannot be contacted, the Configuration Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and export keyfiles for the Encryption
Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was specif ied when the key f ile was generated. Click Next.
12. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the Exchange web service account. The default user name is csm_exchange_svc. This f ield is unavailable when you elect to auto-generate credentials.
Password: Enter a password for the Exchange web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the Exchange web service. The default port is 8095.
13. On the Exchange Deployment Details page, enter the following information and then click Next:
Exchange version: Select the version of Exchange that is deployed in your environment.
Mixed-mode deployment: Select this check box if your Exchange deployment includes servers running different versions of Exchange. For example, your deployment includes Exchange 2010
servers as well as Exchange 2007 servers.
Preferred domain controller: Leave this blank. CloudPortal Services Manager will f ind an available domain controller to use for each provisioning request automatically.
14. On the Configure Exchange for Multi-Tenancy page, select Apply multi-tenancy permissions to ensure customers will be isolated appropriately when the Exchange service is provisioned to them.
Click Next.
15. On the Create Scheduled Tasks page, select Create sync scheduled tasks to synchronize Exchange data with CloudPortal Services Manager. This option is selected by default; however, you only
need to create these tasks on one Exchange server in your deployment. If these tasks have been created already, clear this option.
16. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the summary contains the settings you want,
click Next. The Configuration Tool configures the Exchange web service, imports the Encryption Service key, and displays progress.
17. Click Finish and then click Exit to close the Configuration Tool.
To install the Exchange web service from the command line
Before installing the Exchange web service, ensure the following pre-requisites are met:The server on which you are installing the web service has the Exchange Management Console installed.
The Exchange servers are running supported versions of Microsoft Exchange.
You have installed .NET Framework 4, located in the Support folder of the CloudPortal Services Manager installation media, on the server hosting the Exchange web service.
You have created the Exchange web service account in Active Directory.
The Exchange server allows inbound connections from the web server on the appropriate port. The default port is 8095.
1. On the Exchange server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the CloudPortal Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:Exchange. The Setup Tool installs the web service and returns the command prompt.
4. At the command prompt, enter install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe and specify the following properties:
Property Description
/UserName:username Impersonation account for the Exchange service. This parameter is optional if you are using /GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort=port Inbound port to be used and added to the CortexServices web site. Default = 8095
/ExchangeOrganization:org-
name
Optional. The name of the Exchange organization.
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.166https://docs.citrix.com
/GenerateCredentials:True |
False
Optional. Generate password for the service account.
/HasLegacyServers:True |
False
Optional. Whether or not the environment contains servers running multiple versions of Exchange. For example, servers running Exchange 2010 in the same
environment as Exchange 2007 servers. Default = False
/Lockdown:True | False Optional. Apply lockdown of Exchange permissions. Default = False
/PreferredDc:FQDN Optional. Preferred domain controller.
/TargetVersion:2007 | 2010
| 2013
Optional. The version of Exchange to use with CloudPortal Services Manager. Supported versions: 2007, 2010, or 2013.
NOTE: If installing the Web Service for Exchange 2016, then choose 2013, then change the version within the web.config file after the install is complete
Property Description
Install-location denotes the web service installation directory on the local computer. The default directory is C:\Program Files (x86)\Citrix\Cortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample installation command string
The following command performs the initial configuration of the web service.install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe /UserName:exch_svc_acct /ExchangePassword:password /ServicePort:8095 /TargetVersion:2013When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Hosted Exchange service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.167https://docs.citrix.com
Install or Upgrade the Hosted Exchange web servicefrom a Service Only Release
Oct 05, 2016
Updated: 2014-08-14When all you have in the way of install media is simply the Hosted Exchange Service, then the installation or upgrade
instructions for this is different to the normal install instructions as the CloudPortal Services Manager installer is not
present.
To install or update the Exchange web service
The installation of the Hosted Exchange Web Service will be performed on a domain joined server that has the Exchange
Management tools installed. These tools should be the same version as the highest version of Exchange that you are
offering in this environment.
1. On the sected server, logon as a Domain Administrator
2. Launch the Setup.exe from the Hosted Exchange installation folders
3. Check Exchange Web Service, click Next, follow the steps to f inish the installation
4. Click the Configure link to configure the service
5. Specify Service Account, keep the Service port by default
6. Specify Exchange version, choose the appropriate version that matches the version of the Exchange Management Tools
installed on this server
7. Click Next to f inish the configuration
To import the Hosted Exchange Service definition (.package file)
The install media will have a "Hosted Exchange.package" f ile within the Hosted Exchange folder. This should be importedto update the Service Schema with the latest web pages, provisioning rules, permissions, reports, etc.1. Follow the instructions according to the "To Import as Service Package" section in the following topic:
Export and Import Service Packages
2. Restart the "Citrix Queue Monitor Service" on the Provisioning Server to ensure the latest rules are loaded
Configure the Service
Follow the instructions "To configure the Hosted Exchange Service" to complete the configuring of the Web Service and to
include any new Exchange Mailstores or Servers to be used when provisioning Exchange to Customers or Users
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.168https://docs.citrix.com
To configure the Hosted Exchange service
Oct 05, 2016
Updated: 2013-04-181. Enable the service (top level) and create user and customer plans:
1. From the CloudPortal Services Manager menu bar, select Configuration > System Manager > Service Deployment and
then expand Hosted Exchange.
2. Click User Plans, enter a Name for the user plan, and then click Create.
3. Click Customer Plans, create a customer plan, click Create, and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
2. Expand Hosted Exchange and then click Save.
3. Verify credentials:
1. From the context menu, select Credentials.
2. Verify that the service account for the Hosted Exchange service exists. If it does not, create the account.
Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when
CloudPortal Services Manager is deployed in a production environment. Use plain-text credentials only for debugging
purposes.
4. Enable the server:
1. From the context menu, select Servers.
2. If the server where the Exchange web service is installed is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles:
1. From the context menu, select Server Roles and then expand the entry for the server.
2. Under Server Connection Components, select Hosted Exchange and then click Save.
6. Add a server connection:
1. From the context menu, select Server Connections, select a Location Filter if applicable, click New Connection, and
then specify the following information for the Hosted Exchange service:
Setting Description
Server Role Choose Hosted Exchange.
Server Choose the server where the Exchange Web Service is installed.
Credentials Choose the credentials for the Exchange web service.
URL Base Defaults to /ExchangeWS/HostedExchange.asmx.
Protocol Defaults to http.
PortDefaults to 8095. If you change the port here, make sure it matches the bindings in IIS for the
Exchange Web Service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.169https://docs.citrix.com
Timeout Defaults to 200000 milliseconds.
Version Select the Exchange version that you are configuring.
2. Click Save.
3. Click the icon in the Test column for the Exchange server. The icon turns green for a successful connection. A red icon
indicates an unsuccessful connection. Mouse over it for information about the failed connection.
7. Update service settings as needed:
1. From the context menu, select Service Deployment, select Active Directory Location Services, and then choose a
Location Filter if applicable.
2. Expand Hosted Exchange and then click Service Settings.
3. Configure the following required settings:
Any setting that includes the value [ExchangeServer]
Replace with the Exchange server's name.
System Domain
If this is not set to the correct domain, provisioning will fail. This should match the default Accepted Domain
within Exchange
Public Folders > Public Folders Enabled
Select the check box to provision Public Folders.
Public Folders > Public Folder Server
Select this check box, click Reload to replace the default public folder server, and then select the check box for
the public folder server.
Off line Address Book (OAB)
OABs can be distributed using public folders (prior to Exchange 2013 only) or web-based virtual directories.
To distribute OABs using public folders:
1. Expand Offline Address Book (OAB) and then select the Public Folder Distribution check box.
2. Select the Public Folder Servers check box and the check box for the server (if the correct server is not listed,
click Reload).
3. Click the Server check box and the check box for the server (click Reload if needed).
To distribute OABs using virtual directories:
1. Expand Offline Address Book (OAB) and verify that the Public Folder Distribution and Public Folder Servers
check boxes are cleared.
2. Click the Server check box and the check box for the server (click Reload if needed).
3. Select the Virtual Directory check box, click Reload, select the check box for the server, and then click Enable
web-based distribution.
For more information about advanced properties, refer to Exchange Services Advanced Properties.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.170https://docs.citrix.com
8. Enable mailbox creation during user provisioning:
1. With Active Directory Location Services still selected, expand Hosted Exchange, click User Plans, and then expand a
plan.
2. Select the Mail Databases check box, click Reload, and then select the check box for at least one mail database.
3. Select the Mailbox storage limit check box and enter the maximum amount of storage allocated to each provisioned
user.
Important: Configure this setting before provisioning users with the Hosted Exchange service. After the Hosted
Exchange service has been provisioned, you cannot modify this setting.
4. Click Apply changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.171https://docs.citrix.com
Configure personal archives
Oct 05, 2016
Updated: 2013-04-03Personal archives are a feature made available from Exchange 2010 and beyond that allow users to store older messages in
a server-side mailbox instead of in a .pst file that is stored locally. Users can access their personal archive mailbox through
their Outlook Client or the Outlook Web App.
Enabling personal archives includes the following tasks:Enable support in CloudPortal Services Manager. Because support for personal archives is not enabled by default, you
must enable it for each applicable Hosted Exchange user plan you intend to provision. If support is not enabled, personal
archives are not available to the user when the Hosted Exchange service is provisioned.
Enable personal archives for each user in Exchange. If personal archives are not enabled in Exchange for the user when
the Hosted Exchange service is provisioned, CloudPortal Services Manager enables the feature automatically. If no
mailbox database is specif ied when the user plan is configured, Services Manager selects the appropriate mailbox
database automatically when the user is provisioned.
To configure mail archiving for Exchange 2007, refer to the topic To configure the Mail Archiving service.
To enable support for personal archives
1. From the CloudPortal Services Manager menu bar, click Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable
3. Expand Hosted Exchange and then click User Plans.
4. Select an existing user plan for which you want enable support for personal archives.
5. Expand the Mail Archiving Exchange 2010 / 2013 category and select the Enabled checkbox.
6. In Mailbox Database, select the mailbox database that CloudPortal Services Manager will use for personal archives. If no
database is selected, one will be automatically chosen when the user is provisioned.
7. Click Apply Changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.172https://docs.citrix.com
Configure PST File Import and Export
Oct 05, 2016
Updated: 2014-02-04Configure PST file import and export to enable CloudPortal Services Manager to import and export Exchange personal
store mailboxes using a network share or an FTP server.
To store the PST f iles, use one of the following methods:Create a shared folder called "WebHosting" on a f ile server in your environment. Security for the shared folder is
described in Steps 2b-2d of To configure the FTP server for PST import and export.
Set up an FTP server to enable customers to upload PST f iles without service provider assistance. Access to a customer's
folder on the FTP server is limited to the customer's users who have the Hosted Exchange Service Administrator security
role.
If you choose to set up an FTP server, install the following items:FTP Server role service components
Exchange Management Tools
Microsoft Outlook
.NET Framework 4
To configure the FTP server for PST import and export
1. In Active Directory, perform the following actions:
1. Create a new user account called servername_pst in the CortexSystem OU.
2. Grant Full Control permissions of the servername_pst account to the Customers OU.
3. Add the servername_pst account to the CortexAdmins group.
2. For the FTP server, perform the following actions:
1. On the FTP server, create a new folder for use by CloudPortal Services Manager. The default path is C:\CortexFTP.
2. Share the folder as Webhosting and grant Full Control of the share to Everyone.
3. In the folder properties, on the Security tab, verify that inheritance is disabled and, when prompted, click Add to copy
the current permissions to the folder.
4. Add the domain security group ServiceAdmins HE to the ACL of the folder and grant List Folder Contents permissions.
5. Add the servername_pst account to the ACL of the folder and grant it Full Control.
3. Add and configure the FTP site in IIS:
1. On the FTP server, open the IIS Management Console and then navigate to the Sites container.
2. Right-click the Sites container, choose Add FTP Site, and configure it.
FTP site name: A name such as "CloudPortal Services Manager PST FTP Site"
Physical path: The path configured in step 2a above
Binding IP Address: An IP address and port or All Unassigned
SSL: Allow SSL
Authentication: Basic
Authorization: Allow access to: Specif ied roles or user groups
Authorization (credentials):domainServiceAdmins HE
Authorization: Permissions: Read and Write
3. Select the FTP site node in the console's left pane and, in the Features view, perform the following actions:
1. Double-click FTP User Isolation and choose FTP home directory configured in Active Directory.
2. Click Set to specify the credentials in DomainUsername format for the new AD user account set up in Step 1a.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.173https://docs.citrix.com
3. Click Apply to save your changes.
4. Select the FTP site node in the console's left pane and, in the Features view, perform the following actions:
1. Double-click FTP Authentication.
2. Disable Anonymous Authentication and enable Basic Authentication.
3. With Basic Authentication selected, click Edit and set the Default domain to the fully-qualif ied domain name.
4. Restart the FTP site.
5. Restart the Microsoft FTP Service.
To configure PST file import and export in CloudPortal Services Manager
Important: For Exchange 2007, use all steps in this procedure to configure PST f ile import and export through theCloudPortal Services Manager control panel. For Exchange 2010 and above, use only Steps 3 and 4 in this procedure.1. Assign server roles:
1. From the CloudPortal Services Manager menu bar, choose Configuration > System Manager > Server Roles and then
expand the server to be used for PST import and export. If the server is not listed, go to Configuration > System
Manager > Servers and refresh the list.
2. Under Server Connection Components select Hosted Exchange.
2. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and select a
Location Filter if applicable.
2. Click New Connection and then specify the following information for the Exchange web service:
Server Role
Choose Hosted Exchange.
Server
Choose the server where the Exchange web service is installed.
Credentials
Choose the impersonation account for the Exchange service.
URL Base
Defaults to /ExchangeWS/HostedExchange.asmx.
Protocol
Select http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
Version
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.174https://docs.citrix.com
Select Mailbox Import/Export.
3. Click Save.
4. From the CloudPortal Services Manager menu bar, select Configuration > System Manager > Server Connections and
then click the icon in the Test column for the Exchange server. The icon turns green for a successful connection. A red
icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.
3. Configure service settings:
1. From the CloudPortal Services Manager menu bar, choose Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Top Environment Services, and expand Hosted Exchange.
3. Click Service Settings, expand Mailbox Import/Export, and then select the Enabled check box.
4. Configure the following settings:
Bad Item Limit
Enter a value for the number of corrupt messages to skip during an export. Default = 0.
To set a value greater than 50, edit the NewMailboxExportRequest.ps1 and NewMailboxImportRequest.ps1 scripts
and add the -AcceptLargeDataLoss parameter, setting it to $true. Typically, these scripts are located on the server
hosting the Exchange web service at C:\Inetpub\CortexServices\ExchangeWS\Scripts.
Export File Pattern
The pattern for the f ilename of the PST f ile. Default = username.pst
Export Path Pattern
The pattern for the export folder name that Services Manager creates for the customer. Default =
MailboxExport\
FTP Message
If using FTP, the message that is displayed on the Import/Export page in the control panel.
FTP Root
The FTP root folder. Default = \\LocalHost\WebHosting
Import Export Server
The name of the server where the PST f iles reside for import and export. This value is used to form the Root Path
Pattern value.
Import Path Pattern
The pattern of the import folder name that Services Manager creates for the customer. Default =
MailboxImport\
Root Path Pattern
The full path to the customer's import and export location. The Export Path Pattern and Import Path Pattern
values are appended Root Path Pattern value to form the complete path.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.175https://docs.citrix.com
Example: \ImportExportServerWebHostingCustomerShortName
Zip Files
(Optional) Select this option to export PST f iles as ZIP archive f iles.
Citrix recommends clearing this option for mailboxes larger than 2 GB.
5. Click Save.
4. Reprovision the Hosted Exchange service to existing customers. This action creates a folder for each customer and
ensures all required permissions are applied to the folder.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.176https://docs.citrix.com
Configure Unified Messaging
Jun 05, 2015
Updated: 2013-02-041. From the main menu, choose Configuration > System Manager > Service Deployment, expand Hosted Exchange or
Hosted Exchange Multi-tenanted, and then click Service Settings.
2. Expand Unif ied Messaging and complete the settings. Use the Exchange Management Console to look up the Mailbox
Policy name under Organizational Configuration > Unif ied Messaging > UM Mailbox Policies.
3. From Category Filter, choose User and then expand Unif ied Messaging.
4. In Extensions, enter the starting point for the auto-generated extensions. Use the same number of digits configured in
Exchange for extensions.
5. Click Apply Changes and then click User Plans.
6. Expand the user, expand Unif ied Messaging, and then complete the applicable settings. Required: Select the Unif ied
Messaging check box to enable the feature for a mailbox.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.177https://docs.citrix.com
Provision the Hosted Exchange service
Oct 05, 2016
Updated: 2013-02-04
To provision the Hosted Exchange service to resellers
1. From the CloudPortal Services Manager menu bar, click Customers and select the reseller for whom you want to
provision the Exchange service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Hosted Exchange check box and then select the Hosted Exchange service name. The Reseller Service Setup
page appears.
5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.
7. Under Resource Configuration, enter the maximum amount of space allotted for mailbox and public folder storage.
Note: When this limit is reached, the reseller cannot provision Exchange services to new customers.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Exchange services to its customers.
To provision the Hosted Exchange service to customers
1. From the CloudPortal Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision Exchange services.
3. In the services list, select Hosted Exchange. The Service Package Configuration page appears.
4. In Customer Plan, select the package you want to provision to the customer.
Note: The package you select determines whether or not public folders are enabled and the available disk space for the
customer's mailboxes.
5. Under Exchange Domains, select the domain type to be used for inbound email routing.
Note: By default, domains are set to Authoritative when the Exchange service is f irst provisioned to a customer. Domains
that are added after Exchange has been provisioned default to External Relay. To change this, the Customer
Administrator can modify the type and reprovision the Exchange service.
6. Under Email Patterns, select one of the following options:
Select Force customer wide primary address to ensure all users' email addresses adhere to a specif ied format. In the
email format table, select the formats you want to use. Select the Primary Email option to designate one format as
the primary format. When the service is provisioned, any manually configured addresses are overwritten with
addresses in the specif ied format.
Select Manage individual user primary e-mail addresses to allow different formats for users' email addresses.
Note: If the address format is changed after provisioning the Exchange service, select the Apply email policy check box
to ensure the email format selected in the format table is applied to all provisioned users. To ensure the change is
applied only to newly provisioned users, leave this box unselected.
7. If the location is configured to host Exchange 2007, and the customer is being hosted on Exchange 2007, ensure the
Exchange 2007 Customer option is selected.
8. Under Public Folders, perform the following actions if the selected customer plan includes public folders and you want to
customize storage limits:
1. Clear the Auto select a public folder package check box.
2. Select the Create Public Folders check box.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.178https://docs.citrix.com
3. To specify unlimited storage, leave the Public Folder Storage Limit box blank.
When the Exchange service is provisioned, a root public folder is created for the customer. Exchange Service
Administrators become owners of the root folder and the customer's users are granted Author permissions.
9. Under Resource Configuration, to customize the total amount of mailbox storage for all users provisioned with the
Exchange service, perform the following actions:
1. Clear the Auto select package resource limits check box.
2. In Mailbox Storage (MB), enter the total amount of storage allocated to user mailboxes. To specify unlimited storage,
leave this f ield blank.
10. To restrict the number of users assigned to a user plan, perform the following actions:
1. Click Advanced Settings and then select the user plan you want to configure.
2. In User Limit, enter the total number of users that can be assigned to the selected user plan.
3. Click Apply Changes to save your selections.
11. In Billing, ensure the Enabled check box is selected so the appropriate charges are generated for the customer.
12. Click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.179https://docs.citrix.com
Manage public folders
Oct 05, 2016
Updated: 2013-02-04When the Hosted Exchange service is provisioned to customers, a root public folder is automatically created. New public
folders are created as subfolders under the root folder.
To create a public folder
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the root public folder. In general, the root public folder is
represented with the customer's short name.
3. On the Folders tab, in New Public Folder, type the name of the subfolder you want to create.
4. Click Create. The new public folder appears under the root folder.
To rename a public folder
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder you want to rename.
Note: You can rename subfolders only. You cannot rename root public folders.
3. On the Folders tab, in Existing Public Folder, type the new name for the public folder.
4. Click Rename. The renamed folder appears after the public folder tree refreshes.
To enable a public folder to receive email
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder you want to enable for email.
3. On the Mail tab, click Enable Mail. The Public Folder Emails table appears and a primary email address for the folder is
automatically generated.
4. To add an email to the Public Folder Emails table, click Add.
5. Type the email alias for the folder and select the appropriate domain.
6. Click Update. The new email address appears in the Public Folder Emails table.
7. Click Save Emails to save your entries.
To remove a public folder from the Global Address List
When a public folder is removed from the Global Address List, users can still send email to the folder even though it no
longer appears in the list.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder you want to remove.
3. On the Permissions tab, select the Hide from Address List checkbox.
4. Click Save Permissions to save your changes. The public folder is no longer visible to users through the Global Address List.
To restrict incoming email to public folders
To prevent external "spam" emails from flooding the customer's environment, you can configure public folders to accept
email only from users within the customer's organization.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Public Folders.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.180https://docs.citrix.com
2. In the left pane of the Public Folders Overview page, select the public folder to which you want to restrict email.
3. On the Permissions tab, select the Senders require authentication checkbox.
4. Click Save Permissions to save your changes.
To enable users to send email through public folders
You can assign certain users permission to send email using a public folder alias. To recipients, the sender appears as the
name of the public folder instead of the individual user.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder to which you want to enable users to send
email.
3. On the Permissions tab, under Send As Permissions, search for the users you want to add. Search results appear in a
table under the Member Search box.
4. Select the checkbox for each user you want to enable to send email.
5. Click Add. The selected users appear in the Existing Send As Permissions table.
6. Click Save Permissions to save your changes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.181https://docs.citrix.com
Manage Exchange contacts
Oct 05, 2016
Updated: 2013-02-05When the Hosted Exchange service is provisioned to customers, users can view their company's Global Address Lists, sendemail to contacts in the list from Microsoft Outlook, add and modify contacts, and assign contacts to distribution groups.Full Customer Service Administrators can add, modify, and delete contacts as well as prevent contacts from displaying in the
Global Address List.
To add new contacts
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Contacts.
2. Under Contact Management, click New Contact. A blank Contact Details form appears.
3. Enter the details of the contact. Fields marked with an asterisk (*) are required.
4. Click Save.
To prevent contacts from appearing in the Global Address List
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Contacts.
2. Select the contact you want to hide.
3. On the Contact Details form, select the Hide From Address List checkbox.
4. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.182https://docs.citrix.com
Manage Exchange distribution groups
Oct 05, 2016
Updated: 2013-02-05Exchange distribution groups are collections of users, contacts, and other distribution groups that are represented with asingle email address in the Global Address List. When a user sends an email to the group email address, all members of thegroup receive the email.When the Hosted Exchange service is provisioned to customers, users can view distribution groups through the Global
Address List using Outlook, as well as create and manage distribution groups.
Users who create distribution groups are known as owners. Additionally, group ownership can be assigned to a group of
Exchange users or a security group. Group owners can add and remove members through Outlook.
Full Customer Service Administrators can create and delete groups, manage group members, and configure group email alias
permissions and member email restrictions.
To create distribution groups
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Under Group Management, type a name for the group you want to create and ensure the Distribution option is
selected.
3. Click New Group. The distribution group is created and the group properties screen appears.
4. Click Save.
To add members to a distribution group
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to add members.
3. Click the Members tab.
4. In Member Search, type the name of the contact you want to add and click Find.
5. Select the contact's checkbox and click Add.
6. Click Save.
To create an email alias for a distribution group
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group for which you want to create an email alias.
3. Click the Email tab.
4. In the Group Email Addresses table, click Add. A blank alias table entry appears.
5. Under Name, type the email alias you want users to specify when sending emails to the group.
6. Click Update to save your entries.
7. Click Save.
To restrict incoming email to distribution groups
To prevent external "spam" emails from flooding the group, you can configure distribution groups to accept email only from
users within the customer's organization.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to restrict email.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.183https://docs.citrix.com
3. Click the Email tab.
4. Select the Senders require authentication checkbox.
5. Click Save.
To designate group owners
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group for which you want to assign an owner.
3. Click the Management tab.
4. In Owner Search, type the name of the contact to whom you want to assign group ownership and click Find.
5. Select the contact's checkbox and click Add.
6. Under Membership Approval, choose whether owner approval is required for joining or leaving the group.
7. Click Save.
To enable users to send email through distribution groups
You can assign certain users to send email using the distribution group alias. To recipients, the sender appears as the name
of the distribution group instead of the individual user.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group through which you want users to send email.
3. Click the Permissions tab.
4. Under Send-As Permissions, search for the users you want to add.
5. Select the checkbox for each user you want to add and click Add.
6. Click Save.
To restrict group access to specific users
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to restrict access.
3. Click the Permissions tab.
4. Under Accepted Senders, select the Only users in the following list option.
5. Search for the users you want to add and select the checkbox for each user.
6. Click Add.
7. Click Save.
To block group emails from specific users
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want block users.
3. Click the Permissions tab.
4. Under Rejected Senders, select the Only users in the following list option.
5. Search for the users you want to add and select the checkbox for each user.
6. Click Add.
7. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.184https://docs.citrix.com
To create mail disclaimers
Oct 05, 2016
Mail disclaimers are legal notices or warnings that are automatically attached to all outgoing email. The Exchange ServiceAdministrator can create, modify, and remove the company's mail disclaimer.1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Configuration > Mail Disclaimer.
2. Type a name for the mail disclaimer and then type the body of the message.
3. Choose whether to append or prepend the disclaimer to outgoing email messages.
4. Choose whether email to which the disclaimer cannot be directly attached is ignored, rejected, or wrapped in an
Exchange envelope before sending.
5. Choose whether the disclaimer is attached to email sent to external contacts only.
6. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.185https://docs.citrix.com
To create mailboxes for managing meeting resources
Oct 05, 2016
Resources consist of spaces or equipment that are used for holding meetings and need to be reserved when a meeting isorganized. Exchange provides mailboxes for these resources so that users can include them in meeting requests madethrough Outlook.Exchange Service Administrators can create, modify, and remove resources from the customer's organizational unit.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Resource Mailboxes.
2. Under Resource Management, click New resource mailbox.
3. Type a name for the resource and select whether it is a meeting room or equipment (e.g., projector, f lip chart, etc.).
Note: Resource types cannot be amended after the resource mailbox has been provisioned. To change the resource
type, the mailbox must be deprovisioned f irst.
4. Click Provision to create the mailbox.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.186https://docs.citrix.com
Import and export Exchange mailbox files
Oct 05, 2016
Updated: 2013-02-05Importing and exporting mailboxes are important tasks for managing the Hosted Exchange service. Exporting mailboxesfacilitates disaster recovery and compliance efforts. Importing mailboxes helps with migrating users from old versions ofExchange and enabling users to add off line mail archives to their Exchange mailbox.
To export a mailbox
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.
2. Click Export Mailboxes. A table of available mailbox f iles appears.
3. Select the Export checkbox for each user's mailbox you want to export.
4. Click Export Mailboxes. The export process begins. To view the status of the export, click Refresh Status.
The exporting process creates .PST files and places them on the customer's FTP server, in a folder called MailboxExport. To
view these files, log on to the FTP server using the information that appears under FTP Login Details on the Mailbox Import
and Export Overview screen and navigate to the MailboxExport folder. Depending on the customer's configuration, mailbox
files might appear as zipped archives.
To import a mailbox
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.
2. Click Import Mailboxes. A table of users that are provisioned with an Exchange mailbox appears.
3. Click Edit for the user whose mailbox you want to update with the imported mailbox f ile.
4. Select the mailbox f ile you want to import and then click Update.
5. Click Import Mailboxes. The import process begins. To view the status of the import, click Refresh Status.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.187https://docs.citrix.com
Migrate Exchange Customers and Users to nexthighest version
Oct 05, 2016
Updated: 2013-02-05After installing a new version of Exchange, moving your customers onto the latest version is made simple with CloudPortalServices Manager. From a CloudPortal Services Manager point of view, the process involves the following steps:
Configure Service Settings
Configure new User Plans
Enable new User Plans at Reseller Level
Re-Provision Customer Services
Move Users to new User Plans
Configure Service Settings
1. From the CloudPortal Services Manager menu bar, select Conf iguration > System Manager > Service Deployment2. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.
3. Expand Hosted Exchange.
4. Click Service Settings.
5. Configure the following settings to include details of the new Servers and mailstores that you wish to include when
provisioning Customers and Users with the Hosted Exchange Service
Section Setting Description
Default Preferred Mail StoresRealistically, this should not be set, but if it is, then make sure that the appropriate
stores are selected
DefaultResource MB Mail
DatabasesAdd Mail Databases for the new version
Offline Address Book
(OAB)Public Folder Servers
Select the new server(s) appropriate for Public Folders. Not applicable for Exchange
2013 and above.
Offline Address Book
(OAB)Virtual Directory Select all appropriate Virtual Directories
Public Folders Public Folder Server Select all appropriate Public Folder servers
6. Click Apply Changes 7. Click Save
Configure new User Plans
The tendency might be to reconfigure your current user plans to remove the older Mailstores and add in the new ones.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.188https://docs.citrix.com
Citrix advises against this method to move users mailboxes to new mailstores as it becomes almost impossible to control
the mailbox moves. If a customer administrator was to reprovision one of their user services, and the user plan the user was
on was the one which has been changed, then the mailbox might be moved unexpectedly.
To control the mailbox moves on a customer by customer basis, then it is best to keep all old user plans configured as they
are, and create new user plans for the users to be moved to.
Consider the following example:
The following User Plans are in use:
Bronze (2Gb) Exchange 2013
Silver (5Gb) Exchange 2013
Gold (10Gb) Exchange 2013
The idea would be to create the following NEW User Plans:Bronze (2Gb) Exchange 2016
Silver (5Gb) Exchange 2016
Gold (10Gb) Exchange 2016
Then you can use the Package Migration Wizard to move users from the old plans to the new ones.Firstly, follow these steps to create new User Plans:1. From the CloudPortal Services Manager menu bar, select Conf iguration > System Manager > Service Deployment2. Expand Hosted Exchange.
3. Click User Plans.
4. Create new User Plans
1. Type the name for a new User Plan, and click Create2. Enter all relevant settings to match one of the old User Plans.
3. Click Apply Changes5. Repeat step 4 for all User Plans
6. Click Save7. Under Service Filter, select the Active Directory Location Services radio button, and choose the appropriate Location
Filter if applicable
8. Expand Hosted Exchange9. Click User Plans
10. Update new User Plans
1. Enable the Checkbox beside the new User Plan
2. Select the new User Plan
3. Update all settings that are Location Specif ic, like ActiveSync Policy, Mailbox Storage Limit , Mail Databases and
Enabled Protocols, etc.
4. For Mail Databases, select the new version tab, and select the appropriate Mail Databases. Make sure the old
version has no databases selected
5. Click Apply Changes.
11. Repeat step 10 for all User Plans.
12. Click Save.
Enable the new User Plans at Reseller Level
New User Plans are not enabled throughout the Reseller / Customer Hierarchy automatically, so need to be enabled
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.189https://docs.citrix.com
manually. Under normal circumstances, you would need to enable these User Plans for each customer who is going to use
them, but if you are using the Package Migration Wizard, then these User Plans will be added and enabled for the
customers automatically, provided the customer's Reseller has them available already.
Once the User Plan is enabled for the Reseller, then new customers provisioned with the Hosted Exchange Service will have
these User Plans enabled automatically by default.
To enable the new User Plans for the Reseller(s):
1. Find the Top Level Reseller (Service Provider) in the Customers List, and click the Customer to expand the
Customer Functions iFrame.
2. Select Services.
3. Click the Reseller Service.
4. Click Hosted Exchange.
5. Enable the new User Plans.
6. Click Apply Changes.
7. Click Provision.
8. Repeat for all other Resellers
Re-Provision Customer Services
Reprovisioning the Customer Services will move Customer related objects to the new servers. i.e. Public Folders, Address
books, etc, but will leave the Users Mailboxes where they currently are.
User Service Provisioning gets the version from the Customer Service, so this is important to complete before moving on to
the User Services.
To re-provision the Customer Service, simply:
1. Identify the Customer
2. From the Customers page, click the customer in question
3. Under Customer Functions, select Services.
4. Click Hosted Exchange.
5. Change the Version. This can only go up to a higher version. It cannot go down.
6. Click Provision.
Move Users to new User Plans
The Package Migration wizard will allow you to make an old to new mapping of User Plans, and will then only allow the
selection of those customers who are currently using the old User Plans. This will allow you to manage your migration of
user's mailboxes on a Customer by Customer basis, thereby allowing you to control your custoemr migrations better.
To Migrate users mailboxes on a Customer by Customer basis:
1. From the CloudPortal Services Manager menu bar, select Conf iguration > Provisioning & Debug Tools > PackageMigration Wizard.
2. Specify the default wizard behavior by:
1. Leave the Select all Customers checkbox unchecked.
2. Check the Select all Users checkbox.
3. Check the Generate missing destination packages checkbox. This is what allocates the new User Plans to
customers automatically.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.190https://docs.citrix.com
4. Click Next .
3. Select the Hosted Exchange Service.
4. Click Next .
5. Select all of the OLD User Plans (Hold ctrl while selecting to select multiple User Plans.), then click add selectedpackages.
6. For each User Plan
1. Make the mappings to the new User Plans in the Destination column of the mapping table
7. Click Next .
8. Select the Customer(s) you wish the migration to be executed for
9. Click Next .
10. Under Request Details, give it a Name and Description. This is what will show up in the Provisioning Request Logs to
help identify this migration from others.
11. Click Finish.
12. Click view, to view the request activity in the Provisioning Request Logs
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.191https://docs.citrix.com
Lync Enterprise 2010 and Lync Hosted 2010
Jun 05, 2015
Updated: 2014-11-20Deploying Lync 2010 services involves the following tasks:
Install the web service for Lync Enterprise or Lync 2010 for Hosting
To configure the Lync Enterprise 2010 service
To configure the Lync 2010 for Hosting service
Provision the Lync Enterprise 2010 service
Provision the Lync 2010 for Hosting service
The Lync Enterprise and Lync 2010 for Hosting web services are installed on the Lync Front-End servers in your environment that you want to make available for
provisioning unified communication services to customers. You can install the Lync web services using the graphical interface of the Services Manager installer or
through the command line. After the installation process finishes, you can enable the service and continue configuration through the control panel.
For more information about requirements for deploying the Lync Enterprise 2010 and Lync Hosted 2010 services, refer to Plan to deploy Lync Enterprise and Lync
Hosted services.
To install the Lync Enterprise web service using the graphical interface
The Services Manager installer enables you to install the Lync Enterprise web service. The installation process includes preliminary configuration to create the web
service account and IIS application pool, and define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Lync Web Service or Lync Hosted Web Service, and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then click Next.
7. On the Ready to Install page, review your selection and then click Install.
8. After the installation f inishes, click Finish.
9. On the Installed Services page, click Configure next to the Lync web service list item.
10. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the Lync web service account. The default user name is csm_lync_svc. This f ield is unavailable when you elect to auto-
generate credentials.
Password: Enter a password for the Lync web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the Lync web service. The default port is 8095.
11. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the
summary contains the settings you want, click Next. The Configuration Tool configures the Lync web service and displays progress.
12. Click Finish and then click Exit to close the Configuration Tool.
To install the Lync Enterprise or Lync 2010 for Hosting web services from the command line
Before installing the Lync web services, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the Lync Front-End server.
You have created the Lync web service account in Active Directory.
The Lync Front-End server allows inbound connections from the Services Manager Web server on the appropriate port. By default, this port is 8095.
When you install the Lync web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the Lync Front-End server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter one of the following commands:
CortexSetupConsole.exe /Install:LyncEnterprise
CortexSetupConsole.exe /Install:LyncHosted
The Setup Tool installs the web service and returns the command prompt.
4. At the command prompt, enter install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe and specify the following properties:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.192https://docs.citrix.com
Property Description
/UserName:username User name for the Lync service account. This parameter is optional if you are using /GenerateCredentials.
/Password:password Password for the Lync service account. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True | False Optional. Create the service account in Active Directory.
/GenerateCredentials:True | False Optional. Generate a password for the service account.
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe /UserName:lync_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Lync Enterprise 2010
service or To configure the Lync 2010 for Hosting service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.193https://docs.citrix.com
To configure the Lync Enterprise 2010 service
Jun 05, 2015
Updated: 2013-07-26Before you configure the Lync Enterprise service through the Services Manager control panel, ensure the Lync Enterprise
web service is installed on the Front-End server in your Lync deployment.
1. Enable the service (top level) and create user and customer plans:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Lync Enterprise.
2. Click User Plans, enter a Name such as Default for the user plan, and then click Create.
3. Click Customer Plans, enter a Name such as Default for the customer plan, click Create, and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services.
2. Choose a Location Filter, if applicable.
3. Expand Lync Enterprise and click Save.
3. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. Click Refresh Server List.
3. Expand the entry for the Lync server and verify that Server Enabled is selected.
4. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the Lync server.
2. Under Server Connection Components, select Lync and then click Save.
5. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the web service.
Server Role
Choose Lync.
Server
Defaults to the Lync server.
Credentials
Choose the credentials for the Lync server.
URL Base
For Lync Enterprise, this entry defaults to /LyncWS/Lync.asmx.
Protocol
Defaults to http.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.194https://docs.citrix.com
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.195https://docs.citrix.com
To configure the Lync 2010 for Hosting service
Jun 05, 2015
Updated: 2013-04-03Before configuring the Lync 2010 for Hosting service, ensure you have the following items:
Your Lync 2010 topology is configured.
You have added the computer accounts for the Lync 2010 servers to the CortexAdmins security group.
The Lync 2010 for Hosting web service is installed on the Lync Front-End server.
When configuring the Lync 2010 for Hosting service, you create user and customer plans for resellers to offer their
customers. The user plans consist of Lync features (specified at the top environment level) and Lync user policies (added at
the location level). Lync user policies are initially defined for the location in which the Lync server resides. When you select
policies for a user plan, Services Manager displays the individual policies from the Lync server in the Configure User Plans
dialog box.
1. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. Click Refresh Server List.
3. Expand the entry for the Lync server and, in Server Enabled, verify that the Enabled check box is selected.
2. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the Lync server.
2. Under Server Connection Components, select LyncHosted and then click Save.
3. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the Web service.
Server Role
Choose LyncHosted.
Server
Defaults to the Lync server.
Credentials
Choose the credentials for the Lync server.
URL Base
Defaults to /LyncHostedWS/Lync.asmx.
Protocol
Select http.
Port
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.196https://docs.citrix.com
Defaults to 8095. If you change the port here, change it also in the Services Manager Web service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
4. Create user and customer plans at the top level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, ensure Top Environment Services is selected.
3. Under Services Overview, expand Lync 2010 for Hosting.
4. Click User Plans, enter a Name such as Default for the user plan, and then click Create.
5. In the Configure User Plans dialog box, in Telephony Options, select one of the following Lync features and click Apply
Changes:
PC-to-PC communication only
Remote call control
Enable Enterprise Voice
Audio/video disabled
6. Click Customer Plans, enter a Name such as Default for the customer plan and click Create.
7. Click Apply Changes and then click Save.
5. Enable user and customer plans and assign policies at the location level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Expand Lync 2010 for Hosting.
4. Click User Plans, select Enabled for the user plan, and then expand the user plan.
5. Expand Lync User Policies and select the policies you want to enable for provisioned users. To specify a configured
policy from the Lync topology, click Reload and then select the appropriate policy. Click Apply Changes.
6. Click Customer Plans and select Enabled for the customer plan.
7. In Registrar Pool, type the pool to which provisioned users will be assigned.
8. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.197https://docs.citrix.com
Provision the Lync Enterprise 2010 service
Jun 05, 2015
Updated: 2013-08-05
To provision Lync Enterprise 2010 to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Lync Enterprise service check box and then click the Lync Enterprise service name. The Reseller Service Setup
page appears.
5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer the Lync Enterprise service to its customers.
To provision Lync Enterprise 2010 to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Lync Enterprise service name. The Service Plan Configuration page appears.
4. In Customer Plan, select the appropriate plan, if applicable.
5. Click Provision to enable the customer to provision the service to users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.198https://docs.citrix.com
Provision the Lync 2010 for Hosting service
Jun 05, 2015
Updated: 2013-02-11Before provisioning customers and users, ensure your Lync 2010 deployment includes the following items:
The Active Directory computer accounts for the Lync Front-End and Director servers have been added to the
CortexAdmins group. After performing this task, reboot the servers to ensure the membership changes take effect.
The domain for the customer you are provisioning is included on the certif icates that exist on the Lync Front-End and
Director servers.
A forward lookup zone has been created for the domain to which you are provisioning the customer.
The following DNS records exist on the domain controller for the customer you are provisioning:
SRV records, _sipinternal and _sipinternaltls
Host (A) record for SIP, specifying the Lync Director server's IP address
When provisioning multiple users or moving or copying users provisioned with the Lync 2010 for Hosting service, consider thefollowing:
When a user is moved to another customer, the service does not transfer with the user. Before moving the user, you
must deprovision the service.
When provisioning multiple users simultaneously or copying a user, and you select a user plan configured with the
Enterprise Voice, PC-to-PC communication, or Audio/Video Disabled option, the service's Line URI f ield remains blank.
After provisioning, you will need to supply this information for each provisioned user. However, if you select a user plan
configured with the Remote Call Control option, the provision operation might fail because the service's Line URI value is
incorrect. If this happens, you will need to re-provision the service to the user with the correct Line URI value.
To provision Lync 2010 for Hosting services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Lync 2010 for Hosting service check box and then click the Lync 2010 for Hosting service name. The Reseller
Service Setup page appears.
5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer Hosted Lync services to its customers.
To provision Lync 2010 for Hosting services to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Lync 2010 for Hosting service name. The Service Plan Configuration page appears.
4. In Customer Plan, select the appropriate plan, if applicable.
5. Under Internal SIP Domains, select the appropriate domain.
6. Click Provision to enable the customer to provision the service to users.
To provision Lync 2010 for Hosting services to users
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.199https://docs.citrix.com
2. Under Customer Functions, click Users.
3. On the Users page, select the user you want to provision and then click Services.
4. Expand Lync 2010 for Hosting and select the user plan you want to enable for the user.
5. In Line URI, enter the user's telephone extension using the "tel: 12345" format, if applicable.
6. Click Provision to allow the user to access the Lync service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.200https://docs.citrix.com
Lync Enterprise 2013 and Lync Hosted 2013
Jun 05, 2015
Updated: 2013-10-03The Lync 2013 services provide out-of-the-box support for Microsoft's Lync Server 2013 to tenants, resellers, and users and
delivers unified communication services from the cloud.
The Lync Enterprise 2013 service is for dedicated Lync environments. The Lync Hosted 2013 service is a multi-tenanted
solution that can host multiple customers in a shared environment. Lync Hosted 2013 complies with the Microsoft Lync
Server 2013 Multitenant Hosting Pack Deployment Guide, available from the Microsoft Download Center
(http://www.microsoft.com/en-us/download/details.aspx?id=39101).
Features in Lync 2013 services
Both services provide the following features:Manage SIP domains per customer
Manage DNS records per customer
SRV records for SIP domains (Access Edge Server)
A or CNAME records for Lync clients and simple, meet, and dialin URLs (Front-End Servers)
Manage line and service URIs
Manage SIP addresses
Enable or disable Lync user accounts
Manage user policy allocation
Reporting for Lync users and account types
Supports Workflow Approval in Services Manager
Supported languages: EN, DE, FR, NL
Additional Features in Lync Enterprise 2013
Customizable user plans with telephony, registrar pools, and policy options
Allocate dial plans to users
Additional features in Lync Hosted 2013
Manage Lync tenant organizations
Manage SIP domains per customer
Manage DNS records per customer
Manage simple and meet URLs
Customizable user plans with simple URL options; for example:
https://meet.tenant.com
https://lync.tenant.com/meet
https://lync.reseller.com/tenant/meet
Manage federation: Support for SIP domain blacklist and whitelist
Partitioned address book to manage the visibility of contacts and distribution groups for Lync clients
Publish global and customer-specif ic dial plans
How do I deploy the Lync 2013 services?
Before you deploy the Lync 2013 services, review the deployment requirements in Plan to deploy Lync Enterprise and Lync
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.201https://docs.citrix.com
Hosted services.
Use the following topics to install, configure, and provision the services:
Install the Lync Enterprise 2013 and Lync Hosted 2013 web services
To configure the Lync Enterprise 2013 service
To configure the Lync Hosted 2013 service
Provision the Lync Enterprise 2013 service
Provision the Lync Hosted 2013 service
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.202https://docs.citrix.com
Install the Lync Enterprise 2013 and Lync Hosted 2013 web services
Jun 05, 2015
Updated: 2014-08-29Before you install the Lync 2013 web services, ensure you have a working deployment of Lync Server 2013 Enterprise Edition or Lync Server 2013 Multitenant
Hosting Pack with a published topology.
Install the Lync Enterprise 2013 or Lync Hosted 2013 web services on the Lync Front-End servers in your environment.
You can install the Lync 2013 web services using the graphical interface of the Services Manager Setup Tool or through the command line. The Setup Tool installs
the web service, any prerequisites needed, and the Configuration Tool. After installing the web service, you launch the Configuration Tool to perform the
preliminary configuration. You then continue the configuration through the control panel.
To install the Lync 2013 web services through the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, and define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Lync Enterprise 2013 Web Service or Lync Hosted 2013 Web Service. Click Next.
6. On the Review Prerequisites page, review the required items the Setup Tool will install. Click Next.
7. On the Ready to Install page, review your selections and then click Install. The Setup Tool installs the required f iles and displays the installation progress.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the Lync web service you installed.
11. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the Lync web service account. For a list of the default user names for the service accounts for all Lync versions, see Plan to
deploy Lync Enterprise and Lync Hosted services. This f ield is unavailable when you elect to auto-generate credentials.
Password: Enter a password for the Lync web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the Lync web service. The default port is 8095.
12. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the
summary contains the settings you want, click Next. The Configuration Tool configures the Lync web service and displays progress.
13. Click Finish and then click Exit to close the Configuration Tool.
After you install the web service, continue the configuration using the Services Manager control panel. For more information, see To configure the Lync Enterprise
2013 service or To configure the Lync Hosted 2013 service.
To install the Lync 2013 web services through the command line
Before installing the Lync web services, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the Lync Front-End server.
The Lync Front-End server allows inbound connections from the Services Manager web server on the appropriate port. By default, this port is 8095.
When you install the Lync web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the Lync Front-End server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter one of the following commands:
CortexSetupConsole.exe /Install:LyncEnterprise2013
CortexSetupConsole.exe /Install:LyncHosted2013
The Setup Tool installs the web service and returns the command prompt.
4. At the command prompt, enter install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe and specify the following properties:
Property Description
/UserName:username User name for the Lync service account. This parameter is optional if you are using /GenerateCredentials.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.203https://docs.citrix.com
/Password:password Password for the Lync service account. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
/GenerateCredentials:True
| False
Optional. Generate a password for the service account.
/SqlServer:server-address The SQL database server that hosts the Services Manager system databases.
/UseSqlAuthentication:True
| False
Whether or not to use SQL authentication to access the SQL Server. Default = Integrated authentication which
authenticates as the user running the configuration
/SqlUserName:user-name If /UseSqlAuthentication:True, the username of the SQL logon to use.
/SqlPassword:password If /UseSqlAuthentication:True, the password of the SQL logon to use.
Property Description
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe /UserName:lync_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Lync Enterprise 2013
service or To configure the Lync Hosted 2013 service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.204https://docs.citrix.com
To configure the Lync Hosted 2013 service
Jun 05, 2015
Updated: 2014-04-16Before you configure the Lync Hosted 2013 service through the control panel, ensure the Lync Hosted 2013 web service is
installed on the Front-End server in your Lync 2013 deployment. Additionally, if you intend to enable Services Manager to
provision DNS records for your Lync deployment, ensure the DNS service is configured.
1. Import the Lync Hosted 2013 service package into the control panel:
1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.
2. Under Services Management, click Import a service.
3. On the Service Import page, click Browse and locate the Lync Hosted 2013.package f ile on the installation media. Click
Open.
4. Click Preview. Services Manager displays the contents of the f ile for your review.
5. Click Import. Services Manager imports the f ile and reports Import Complete.
6. Restart the Citrix Queue Monitor Service to complete the service import: On the server hosting the Provisioning
engine, click Start > Administrative Tools > Services, select Citrix Queue Monitor Service and click Restart.
This step ensures all service components are correctly loaded and prevents errors when using the service.
2. Enable the service at the top level:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Lync Hosted 2013.
2. Click Save.
3. Enable the service at the location level:
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
2. Expand Lync Hosted 2013.
3. Click Save
4. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. Click Refresh Server List.
3. Expand the entry for the Lync server and verify that Server Enabled is selected.
5. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the Lync server.
2. Under Server Connection Components, select LyncHosted2013 and then click Save.
6. Add credentials for the web service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.
2. In the credentials table, click Add and enter the credentials for the web service account and the account domain. The
default account is csm_lynchosted_svc. Leave the Encrypted checkbox selected.
3. Click Add to save your entries.
7. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the web service:
Setting Value
Server Role Select LyncHosted2013.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.205https://docs.citrix.com
Server Defaults to the Lync server.
Credentials Choose the credentials for the Lync web service account.
URL Base Defaults to /LyncHostedWS/Lync.asmx. Modify the default entry to
/LyncHosted2013WS/Lync.asmx
Protocol Defaults to http.
Port Defaults to 8095. If you change the port here, change it also in the Services Manager web service.
T imeout Defaults to 200000 milliseconds.
Setting Value
2. Click Save.
8. Configure service settings:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Lync Hosted 2013.
2. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
3. Expand Lync Hosted 2013.
4. Select Dial Plans and then click Reload to retrieve a list of configured dial plans from the Lync deployment. Select the
appropriate dial plans.
5. Select Line Server Uri and change "yourdomain.com" to the service provider's SIP domain.
6. Under DNS, perform the following actions if Services Manager will provision DNS records for the Lync service:
In Access Edge Server and Front End Server, specify the IP address or FQDN of the Edge server and Front End
server in your Lync deployment. Leave these f ields blank if you want to create these DNS records manually.
In Record Type, select A Record if you specif ied IP addresses for the Edge and Front End servers. Select CNAME
Record if you specif ied FQDNs for the Edge and Front End servers.
9. Configure user and customer plans:
1. Click User Plans and expand the user plan you want to modify.
2. Expand Policies and select the policies you want to enable for provisioned users. To specify a configured policy from
the Lync deployment, click Reload and then select the appropriate policy. Click Apply Changes.
3. Click Customer Plans and expand the customer plan you want to modify.
4. In Registrar Pool, type the pool to which provisioned users will be assigned.
5. In Simple URL Provisioning, specify the Meet DNS Pattern and Meet URL Pattern to enable Services Manager to
create a meet URL and corresponding DNS record for the SIP domain. Leave these settings blank if you intend to
create the meet URL and DNS record manually.
6. Click Apply Changes
10. Click Save
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.206https://docs.citrix.com
To configure the Lync Enterprise 2013 service
Jun 05, 2015
Updated: 2014-04-16Before you configure the Lync Enterprise 2013 service through the control panel, ensure the Lync Enterprise 2013 web
service is installed on the Front-End server in your Lync 2013 deployment. Additionally, if you intend to enable Services
Manager to provision DNS records for the Edge and Front-End servers in your deployment, ensure the DNS service is
enabled and configured.
1. Import the Lync Enterprise 2013 service package into the control panel:
1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.
2. Under Services Management, click Import a service.
3. On the Service Import page, click Browse and locate the Lync Enterprise 2013.package f ile. Click Open.
4. Click Preview. Services Manager displays the contents of the f ile for your review.
5. Click Import. Services Manager imports the f ile and reports Import Complete.
6. Restart the Citrix Queue Monitor Service to complete the service import: On the server hosting the Provisioning
engine, click Start > Administrative Tools > Services, select Citrix Queue Monitor Service and click Restart.
This step ensures all service components are correctly loaded and prevents errors when using the service.
2. Enable the service at the top level:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Lync Enterprise 2013.
2. Click Save.
3. Enable the service at the location level:
1. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
2. Expand Lync Enterprise 2013.
3. Click Save
4. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. Click Refresh Server List.
3. Expand the entry for the Lync server and verify that Server Enabled is selected.
5. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the Lync server.
2. Under Server Connection Components, select Lync Enterprise 2013 and then click Save.
6. Add credentials for the web service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.
2. In the credentials table, click Add and enter the credentials for the web service account and the account domain. The
default account is csm_lync_svc. Leave the Encrypted checkbox selected.
3. Click Add to save your entries.
7. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the web service:
Setting Value
Server Role Select LyncEnterprise2013.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.207https://docs.citrix.com
Server Defaults to the Lync server.
Credentials Choose the credentials for the Lync web service account.
URL Base Defaults to /LyncEnterprise2013WS/Lync.asmx.
Protocol Defaults to http.
Port Defaults to 8095. If you change the port here, change it also in the Services Manager web service.
T imeout Defaults to 200000 milliseconds.
Setting Value
2. Click Save.
8. Configure service settings:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Lync Enterprise 2013.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Click Service Settings.
4. Select Dial Plans and then click Reload to retrieve a list of configured dial plans from the Lync topology. Select the
appropriate dial plans.
5. Select Line Server Uri and change "yourdomain.com" to the service provider's SIP domain.
6. Under DNS, perform the following actions if Services Manager will provision DNS records for the Lync service:
In Access Edge Server and Front End Server, specify the IP address or FQDN of the Edge server and Front End
server in your Lync deployment. Leave these f ields blank if you want to create these DNS records manually.
In Record Type, select A Record if you specif ied IP addresses for the Edge and Front End servers. Select CNAME
Record if you specif ied FQDNs for the Edge and Front End servers.
9. Configure user and customer plans:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Lync Enterprise 2013.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Expand Lync Enterprise 2013.
4. Click User Plans and expand the user plan you want to modify. Perform the following actions:
In Registrar Pool, enter the registrar pool you want to assign to users provisioned with the user plan. Leave this
f ield blank to specify the customer's registrar pool by default.
Expand Policies and select the Lync policies you want to enable for provisioned users. To specify a configured
policy from the Lync topology, click Reload and then select the appropriate policy.
5. Click Apply Changes.
6. Click Customer Plans and expand the customer plan you want to modify.
7. In Registrar Pool, enter the registrar pool you want to assign to customers provisioned with the customer plan.
8. Click Apply Changes.
9. Click Save
To enable Services Manager to provision DNS records for customers and users provisioned with the Lync Enterprise 2013
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.208https://docs.citrix.com
service, configure the DNS service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.209https://docs.citrix.com
Provision the Lync Enterprise 2013 service
Jun 05, 2015
Updated: 2013-08-21
To provision Lync Enterprise 2013 to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Lync Enterprise 2013 service check box and then expand the service. The Reseller Service Setup page appears.
5. In the User Plan table, select the check box for each user plan the reseller can offer its customers. By default, all
configured plans are selected.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer. By default, all configured
plans are selected.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer the Lync Enterprise service to its customers.
To provision Lync Enterprise 2013 to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Lync Enterprise 2013 service name. The Service Plan Configuration page appears.
4. In Customer Plan, select the appropriate plan, if applicable.
5. In Internal SIP Domains, select the applicable domains. By default, all configured SIP domains are selected.
6. Click Advanced Settings and perform the following actions:
1. Under User Plans, select the check box for each user plan the customer can offer to its users.
2. Under Maximum Users, click the Enabled check box and enter the maximum number of users the customer can
provision with the service.
7. Click Service Settings and perform the following actions:
1. If applicable, select Dial Plans and then select the dial plans that will be available to the customer.
2. If applicable, select Line Server Uri and then enter the SIP URI of the SIP/CSTA gateway in your Lync deployment. This
setting applies to users provisioned with Remote Call Control user plans.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the customer to provision the service to users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.210https://docs.citrix.com
Provision the Lync Hosted 2013 service
Jun 05, 2015
Updated: 2013-08-21
To provision Lync Hosted 2013 to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Lync Hosted 2013 service check box and then click the Lync Hosted 2013 service name. The Reseller Service
Setup page appears.
5. In the User Plan table, select the check box for each user plan the reseller can offer its customers. By default, all
configured plans are selected.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer. By default, all configured
plans are selected.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer the Lync service to its customers.
To provision Lync Hosted 2013 to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Lync Hosted 2013 service name. The Service Plan Configuration page appears.
4. In Customer Plan, select the appropriate plan.
5. Under Internal SIP Domains, select the applicable domains. By default, all configured SIP domains are selected.
6. Under Federation, select one of the following options:
Disable federation: Select this option to disable access to federated domains. This option is selected by default.
Federate with domains specif ied in the allowed list: Select this option to enable access to domains on the list of
allowed domains. After you select this option, click Add to create the list of allowed domains.
Federate with all domains except those listed in the block list: Select this option to enable access to all domains that
are not included on the list of blocked domains. After you select this option, click Add to create the list of blocked
domains.
7. Click Advanced Settings and perform the following actions:
1. Under User Plans, select the check box for each user plan the customer can offer to its users.
2. Under Maximum Users, click the Enabled check box and enter the maximum number of users the customer can
provision with the service.
8. Click Service Settings and perform the following actions:
1. If applicable, select Dial Plans and then select the dial plans that will be available to the customer.
2. If applicable, select Line Server Uri and then enter the SIP URI of the SIP/CSTA gateway in your Lync deployment. This
setting applies to users provisioned with Remote Call Control user plans.
9. Click Apply Changes to save your selections.
10. Click Provision to enable the customer to provision the service to users.
To provision the Lync Hosted 2013 service to users
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Under Customer Functions, click Users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.211https://docs.citrix.com
3. On the Users page, select the user you want to provision and then click Services.
4. Expand Lync Hosted 2013 and, under User Service Setup, select the user plan you want to enable for the user.
5. In Line Uri, enter the user's telephone extension using the "tel: 12345" format, if applicable.
6. In Dial Plan, select the appropriate dial plan for the user, if applicable. By default, Automatic is selected.
7. Click Provision to allow the user to access the Lync service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.212https://docs.citrix.com
Mail Archiving
Jun 05, 2015
Updated: 2014-11-20For more information about the requirements for deploying the Mail Archiving service, refer to Plan to deploy the Mail
Archiving service
1. Enable the service at the top level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and then expand
Mail Archiving.
2. Click Save.
2. Enable the service at the location level:
1. Under Service Filter, select Active Directory Location Services.
2. Choose a location f ilter, if applicable.
3. Expand the Mail Archiving service, click Service Settings, and perform either of the following actions:
If you are using internal or external archiving, leave the setting defaults.
If you are using Global Relay, enter the service URL (typically
https://controlcenter.globalrelay.com/hxapi/Service.asmx) and the customer's Global Relay email and password
information. Click Validate to confirm the settings are valid.
4. Click Apply Changes.
3. At the location level, expand the Mail Archiving service and then expand the customer plan you want to enable. Use the
following table to configure the appropriate settings.
PlanTemplate
Template Property
Internal
Relay
Archive Type: Generic Internal
Mail Databases: Specify the location of the internal journal mailbox
External
Relay
Archive Type: Generic External
Global Relay Archive Type: Global Relay
Global Relay IMAP Port: 993
Global Relay IMAP Server: Specify the external address configured to allow Global Relay to download
the customer's mail
Mail Databases: Specify the location where the Global Relay archiving mailboxes are stored
4. Click Apply Changes and then click Save.
After configuration, you can provision the Mail Archiving service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.213https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.214https://docs.citrix.com
Provision the Mail Archiving service
Jun 05, 2015
Updated: 2013-04-03
To provision the Mail Archiving service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the Mail
Archiving service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Mail Archiving check box and then select the Mail Archiving service name. The Reseller Service Setup page
appears.
5. Select the customer plans that the reseller can offer to customers and then click Apply Changes.
6. Click Provision.
To provision the Mail Archiving service to customers
Before provisioning this service to a customer, ensure the customer has the Hosted Exchange service provisioned. The Mail
Archiving service is supported with Exchange 2007.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the Mail
Archiving service.
2. Under Customer Functions, select Services. The customer's Customer Services page appears.
3. In Customer Plan, select the appropriate package for the customer.
4. Depending on the package you selected, configure the following properties:
PlanTemplateName
Template Property
Internal Mailbox Password: Specify the password for the customer's archive mailbox account.
External External Email Address: Specify the external email address receiving the journal reports.
Global
Relay
Mailbox Password: Specify the password for the customer's archive mailbox account.
Primary Domain: Specify the customer's unique primary domain.
Secondary Domain: If applicable, specify the secondary domains that will be managed by Global Relay.
Under Administrator Contact Details, specify the telephone and mobile numbers and the email address
of the service administrator. These details are forwarded to Global Relay Administration.
5. Click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.215https://docs.citrix.com
This document includes information and instructions to help you learn more about deploying and managing your
Microsoft ADFS service.
Microsoft ADFS
Apr 13, 2016
The deployment guide includes sections on the following topics:
How to deploy and manage service
How to prepare your ADFS infrastructure
Installation and configuration of the service
Importing and configuring the service
Common configuration problems and troubleshooting
Microsoft ADFS Service Deployment Guide
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.216https://docs.citrix.com
Microsoft SQL Server Hosting
Jun 05, 2015
Updated: 2014-11-20Before configuring the Microsoft SQL Server Hosting service, review the service requirements in Plan to deploy the
Microsoft SQL Server Hosting service.
1. Enable the service (top level) and create a default customer plan:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and expand
Microsoft SQL Server Hosting.
2. Click Customer Plans, enter a Name such as Default, click Create, and then click Save.
2. Enable and configure the service (location level):
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Microsoft
SQL Server Hosting, and click Service Settings.
2. In Connection String Pattern, specify the connection string used to connect to SQL Server instances. If you are using
SQL authentication, use the string from the Connection String Pattern for SQL Authentication setting in this f ield. If
you are using Windows authentication, use the string from the Connection String Pattern for Windows
Authentication setting in this f ield. When editing the strings, specify the values for DatabaseName and, if using SQL
authentication, the SQL user name. For example:
SQL authentication: Data Source=[ServerInstanceName];Initial Catalog=Master;User ID=[UserName];Password=
[Password]
Windows authentication: Data Source=[ServerInstanceName];Initial Catalog=Master;Integrated Security=SSPI
3. Specify the Database File Path and the Database Log File Path. Example: C:SQLhosting
4. Specify the User Domain Name such as domain.local, click Apply changes, and then click Save.
3. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the SQL hosting server.
2. Under Server Roles, select Microsoft SQL Server 2005 Hosting and then click Save.
4. Create a server collection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Collections.
2. If the Location Filter appears, select the relevant location from the list.
3. Click New Server Collection.
4. Enter a Name for the collection, such as SQLHosting.
5. From the Service list, choose Microsoft SQL Server Hosting.
6. In the Servers list, select each SQL hosting server to be managed under this server collection and then click Save.
5. Verify server settings for the default customer plan:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment, select Active
Directory Location Services, choose a Location Filter if applicable, expand Microsoft SQL Server Hosting, and click
Customer Plans.
2. Expand the default customer plan and verify that the correct Server Collection is selected, specify the database and
log f ile size settings, click Apply changes, and click Save.
6. Retrieve SQL server instances:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Resources > SQL Servers,
expand a SQL server entry, and click Retrieve. Repeat this step for each SQL server.
2. Verify that all required SQL Server instances appear in the list. To manually add an instance that already exists on the
SQL Server, click Add.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.217https://docs.citrix.com
To specify the default instance, enter only the server name. To specify a nonstandard instance and port, use the
following form: servernameinstance,port. Example: SQL01INST01,1450
At least one server instance must be configured per server.
Note: If you have SQL Server 2012 instances that are running on Windows Server 2012, Services Manager might not
display all instances when you attempt to retrieve them. To ensure all instances appear on the SQL Servers page,
manually add any server instances that do not appear when retrieved.
3. To restrict an instance so that it is not available in Services Manager, click Edit and then select the Reserved check
box.
After configuration, you can provision the service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.218https://docs.citrix.com
Provision the Microsoft SQL Server Hosting service
Jun 05, 2015
Updated: 2013-02-25Multiple SQL databases can be provisioned to a customer and the customer can then assign users to the databases. The
customer's databases can be provisioned to different SQL servers or instances, depending on the resource configuration.
Additionally, the SQL servers and instances that form resellers' SQL service offerings can be configured.
To provision the SQL service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the
Microsoft SQL Server Hosting service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Microsoft SQL Server Hosting check box and then select the Microsoft SQL Server Hosting service name. The
Reseller Service Setup page appears.
5. Under Servers and Resources, expand the server collection tree and select the database servers and instances that the
Reseller can offer its customers.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer its customers.
7. Under Resource Configuration, configure the following resource limits for the reseller:
In Instance Limit, enter the number of SQL databases the reseller can offer.
In Database Disk Limit (MB), enter the total amount of database storage allotted to the reseller.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Microsoft SQL Server hosting services.
To provision the SQL service to customers
Before provisioning the Microsoft SQL Server Hosting service, database resources must be configured for the customer. If
you attempt to provision the service without configuring resources, the following error appears:
"No SQL server instances are available for the selected customer plan. Please select a different package or contact your
service provider for server access."
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the Microsoft SQL Server Hosting service.
3. In the services list, select Microsoft SQL Server Hosting configure resources and perform the following actions:
1. On the Service Setup page, under Servers and Resources, expand the server collection tree and select the check boxes
for the servers and instances that can be allocated to the customer.
2. Click Save to save your selections.
4. In the services list, select Microsoft SQL Server Hosting create an instance The Microsoft SQL Server Hosting Service
Instance page appears.
5. In Instance Name, enter a name that does not contain spaces or special characters and then click Create. The Instance
Setup page appears.
6. Under Service Package Configuration, in Customer Plan, select the template to assign to the customer.
Note: The customer plan defines the initial size of the database, the database's maximum size, and the grow sizes of the
database and log f iles. The plan also specif ies the servers hosting the database.
7. Under SQL Server Hosting Configuration, in Database Server Instance, select the instance to assign to the customer. If
only one instance is enabled, this f ield appears dimmed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.219https://docs.citrix.com
8. Click Advanced Settings and perform the following actions:
1. Under User Plans, enable or disable the levels at which the customer can provision users.
2. Under Maximum Users, select the Enabled check box and enter the maximum number of users the customer can
provision.
3. Under Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
9. Click Provision to enable the customer to provision users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.220https://docs.citrix.com
MySQL
Jun 05, 2015
Updated: 2014-11-20The MySQL web service is installed on all MySQL servers in your environment that you want to make available for
provisioning MySQL databases to customers. You can install the MySQL web service using either the graphical interface of
the Services Manager installer or through the command line. After the installation process finishes, you can enable the
service and continue configuration through the control panel.
After you install the MySQL web service, you can configure the MySQL service using the Services Manager control panel.
For information about the requirements for deploying the MySQL service, refer to Plan to deploy the MySQL service.
To install the MySQL web service using the graphical interface
The installation process includes preliminary configuration to create the IIS application and define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select MySQL Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then
click Next.
7. On the Ready to Install page, review your selection and then click Install.
8. After the installation f inishes, click Finish.
9. On the Installed Services page, click Configure next to the MySQL Web Service item. The Configuration Tool attempts
to contact the Encryption Service to retrieve the encrypted key. If the service cannot be contacted, the Configuration
Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and export
keyfiles for the Encryption Service.
10. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was specif ied when the key f ile was generated. Click Next.
11. On the Configure IIS page, enter the port used by the MySQL web service. The default port is 8095. Click Next.
12. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate
configuration page. When the summary contains the settings you want, click Next. The Configuration Tool configures
the MySQL web service, imports the Encryption Service key, and displays progress.
13. Click Finish and then click Exit to close the Configuration Tool.
To install the MySQL web service from the command line
1. On the MySQL server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:MySQL. The Setup Tool installs the web service and
returns the command prompt.
4. At the command prompt, enter install-locationServicesMySQLWSConfigurationMySQLConfigConsole.exe and specify
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.221https://docs.citrix.com
the following properties:
Property Description
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program
Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesMySQLWSConfigurationMySQLConfigConsole.exe /ServicePort:8095This web service does not require any additional properties to be passed for installation.
After installation is finished, you can configure the MySQL service. For instructions, see To configure the MySQL service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.222https://docs.citrix.com
To configure the MySQL service
Jun 05, 2015
Updated: 2013-05-141. Enable the service at the top environment and location levels:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, ensure Top Environment Services is selected and then click MySQL
3. Click Save.
4. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
5. Click MySQL and then click Save.
2. Add credentials for the MySQL deployment and the MySQL web service:
1. From the Services Manager menu bar, select Configuration > System Manager > Credentials. The Credentials Overview
page appears.
2. In the credentials table, click Add and enter the following information:
To addcredentialsfor
Username Password Domain
MySQL
deployment
Enter the username of the MySQL
account.
Enter the password of the MySQL
account.
Enter MySQL.
MySQL
web service
Enter the username of the domain
administrator account for the
primary location.
Enter the password of the domain
administrator account for the
primary location.
Enter the domain
name for the
primary location.
3. For each entry, leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in
the database.
Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use
plain-text credentials only for debugging purposes.
4. Click Add to save each credential entry.
Note: The MySQL user you specify must have all rights that are listed in the MySQL users table, including
References_priv.
3. Assign server roles:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Roles and then click the entry
for the server hosting MySQL.
2. Under Server Connection Components, select MySQL.
3. Under Server Roles, select MySQL Hosting.
4. Click Save
4. Create a server connection:
1. From the Services Manager menu bar, select Configuration > System Manager > Server Connections.
2. Under Management, click New Connection and then enter the following information for the server hosting MySQL:
In Server Role, select MySQL.
In Server, select the server hosting the MySQL web service.
In Credentials, select the domain administrator credentials that you created in Step 2 for running the MySQL web
service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.223https://docs.citrix.com
In URL Base, enter the portion of the URL pointing to the MySQL web service. The default value is
/MySQL/MySQLService.asmx. Modify this value to /MySQLWS/MySQLService.asmx.
In Protocol, select http.
In Port, the default value is 8095. If you change the port number here, make the same change for the web service
as well.
In T imeout, the default value is 200000 milliseconds. If needed, modify this value to suit your deployment.
3. Click Save.
4. On the Server Connection Overview page, click the Test icon for the MySQL server. The icon turns green for a
successful connection. A red icon indicates an unsuccessful connection. Mouse over it for information about the
failed connection.
5. Configure the service at the location level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Click MySQL and then click Service Settings.
4. Select the MySQL Credentials check box and then select the MySQL deployment credentials you created in Step 2.
5. Click Apply changes and then click Save.
6. Create a server collection:
1. From the Services Manager menu bar, select Configuration > System Manager > Server Collections.
2. If the Location Filter appears, select the appropriate location from the list.
3. Under Management, click New Server Collection.
4. In Name, enter a name for the collection, such as MySQLWindows.
Note: The name cannot contain spaces.
5. In Display Label, enter a friendly name that will be displayed when the service is provisioned. This name can contain
spaces.
6. In Service, select MySQL.
7. In Servers, select each server hosting MySQL to be managed under this server collection.
8. Click Save.
After configuring the MySQL service, you can provision the service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.224https://docs.citrix.com
Provision the MySQL service
Jun 05, 2015
Updated: 2013-02-11
To provision MySQL services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the MySQL
service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the MySQL check box and then select the MySQL service name. The Reseller Service Setup page appears.
5. Under Servers, select the MySQL database server that the reseller can use for provisioning customers.
6. In the Customer Plan table, select the check boxes for each template the reseller can offer to customers.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer the MySQL service to customers.
To provision MySQL services to customers
Before provisioning the MySQL service, database resources must be configured for the customer.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision MySQL services.
3. In the services list, select MySQL configure resources. The Service Setup page appears.
4. Expand the server tree, select the server to use for provisioning the customer, and then click Save.
5. In the services list, select MySQL. The Service Plan Configuration page appears.
6. In Customer Plan, select the template to assign to the customer.
Note: The customer plan defines the number of databases and users that the Customer Administrator can create after
the service is provisioned.
7. In MySQL Server, select the server the customer can use to host databases and users.
8. To customize the database and user limits, under Resource Configuration, perform the following actions:
1. Clear the Auto select package resource limits check box.
2. In Database Limit, enter the maximum number of databases the customer can create.
3. In User Limit, enter the maximum number of database users the customer can provision.
9. Click Provision to provision the MySQL service to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.225https://docs.citrix.com
Create MySQL databases and users
Jun 05, 2015
Updated: 2013-02-11
To create a new MySQL database
1. From the Services Manager menu bar, click Services > MySQL > Databases.
2. Under Database Management, click New MySQL Database. The Database Details box appears.
3. Enter the name of the new database.
Note: The database name consists of a default prefix (customer code) and the name you specify. The entire database
name, including prefix, cannot exceed 16 characters.
4. Click Provision to create the database.
To add new MySQL users
1. From the Services Manager menu bar, click Services > MySQL > Users.
2. Under MySQL User Management, click New MySQL User.
3. Enter the user name and password for the new user.
4. Ensure the Is Enabled check box is selected. Clearing this check box disables the user account.
5. Under Databases, select the databases to which you want to assign access.
6. To configure permissions for each database, click Edit and then select one of the following roles:
ReadOnly allows users to execute queries and view records.
DBA allows users to perform most database functions, with the exception of referencing table columns as part of
foreign key constraints.
User allows users to run queries as well as create, modify, and remove records.
Full allows users to perform all database functions.
7. Click Update to save your selection.
8. Click Provision to create the user account.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.226https://docs.citrix.com
This document provides an overview of the Office 365 service architecture and includes guidance for deploying,
configuring and provisioning the service.
Office 365
Apr 12, 2016
The deployment guide includes sections on the following topics:
service architecture and deployment topology
how the service works and interacts with Office 365
service installation and deployment
adding domains in Office 365
configuring DNS requirements
Identity sync & Microsoft Azure AD Connect
provisioning the service to customers and users
troubleshooting and trace capture
Office 365 Service Deployment Guide
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.227https://docs.citrix.com
Office Communication Server 2007
Jun 05, 2015
Updated: 2014-11-20The Services Manager installer enables you to install the OCS 2007 web service. The installation process includes preliminary
configuration to specify the SQL Server instance to use with OCS and create the SQL Server login account that is used to
integrate OCS with the Services Manager control panel.
For information about the requirements for deploying the Office Communication Server 2007 (OCS) service, refer to Plan to
deploy the Office Communication Server 2007 service.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Add Services & Locations.
2. On the Add Services & Locations page, select Install Services.
3. Accept the License Agreement and then click Next.
4. On the Select Web Services page, select OCS Web Service and then click Next.
5. On the Review prerequisites page, click Next.
6. On the Ready to Install page, review your selection and then click Install.
7. After the installation f inishes, click Finish.
8. On the Installed Services page, click Configure next to the OCS web service list item.
9. On the Specify SQL Server page, enter the following information and then click Next:
Server address: Enter the server name and instance name, if applicable, of the SQL Server instance you want to use.
Server port: Click Use specif ic port and enter the port number for the database instance you want to use.
Authentication mode: Select the database authentication you want to use. By default, Integrated is selected.
Connect as: Enter the username and password of the SQL database administrator user. These f ields are not available
if Integrated authentication is selected.
10. On the Create SQL Login page, enter the username and password that will be used to create an account on the SQL
server that OCS will use. This account is used to integrate OCS with the Services Manager control panel.
11. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate
configuration page. When the summary contains the settings you want, click Next. The Configuration Tool configures
the OCS web service and displays progress.
12. Click Finish and then click Exit to close the Configuration Tool.
After installation, you can configure the OCS service using the Services Manager control panel.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.228https://docs.citrix.com
Configure the Office Communication Server 2007service
Jun 05, 2015
Updated: 2013-04-18CloudPortal Services Manager Office Communication Server 2007 Services deliver communication services from the cloud.
To configure the Office Communication Server service
1. Enable the service (top level) and create a customer plan:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and expand
Office Communication Server 2007.
2. Click Customer Plans, enter a Name for the plan such as Pool1, click Create, and click Save. Repeat this step to create
a customer plan for each OCS pool.
3. Expand Office Communication Server 2007, click Customer Plans, expand a plan name, enter the distinguished name
for RTC Home Server, and click Apply changes. Repeat this step for each customer plan.
To look up the RTC Home Server name, launch AdsiEdit.msc and locate the distinguishedName attribute of the OCS
pool. Example: CN=LC Services,CN=Microsoft,CN=OCSPool,CN=Pools,CN=RTC
Service,CN=Microsoft,CN=configuration,DC=Machine1,DC=test,DC=com
4. Click Service Settings, expand SIP Address, specify the RTC Server Name, click Apply changes, and click Save. The RTC
Server Name is used for OCS reporting.
2. From the Services Manager menu bar, choose Configuration > System Manager > Credentials and add credentials for the
SQL Server logon account.
Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services
Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.
3. Enable the service (location level) and configure OCS reporting:
1. From the Services Manager menu bar, select Configuration > System Manager > Services.
2. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office
Communication Server 2007, and click Service Settings.
3. Expand Usage Reporting and then choose the SQL Server Login account credentials for RTC Database Credentials.
4. Enter the full RTC Server Name for the server that contains the OCS databases, click Apply Changes, and then click
Save.
4. Create and configure a user plan:
1. Under Service Filter, select Top Environment Services, expand Office Communication Server 2007, click User Plans,
enter a Name for the user plan such as Full, and click Create.
2. Click User Plans, expand the plan, and update the settings if needed.
3. Click Apply changes and then click Save.
4. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office
Communication Server 2007, click User Plans, and expand the user plan.
5. Select the Meetings Policy check box and then select the applicable policy.
6. Select the Unif ied Communications Policy check box, select the applicable policy, click Apply changes, and click Save.
To partition the address book by OU for a multi-tenant environment
In a hosted multi-tenant environment, user address book searches should return only the users and groups that are in the
same OU (customer) as the user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.229https://docs.citrix.com
To limit user search results, use the Address Book Service Configuration Tool (ABSConfig.exe) to partition the address book
by OU. That tool is in the Microsoft Office Communications Server 2007 R2 Resource Kit, available from the Microsoft
download site.
Note: Partitioning the address book by OU does not impact a user's ability to send an instant message to other customers'users.
To update OCSSettingsLocation values in Provisioning web.config files
By default, the CloudPortal Services Manager Provisioning Engine Web Services and Directory Web Services are installed
with the OCSSettingsLocation set to System (for example, CN=System,DC=Machine1,DC=test,DC=com).
Microsoft Office Communications Server 2007 R2 allows the service provider to install the OCS directory at either
Configuration (for example, CN=configuration,DC=server,DC=local) or System. If the OCS directory is installed at
Configuration, the OCSSettingsLocation value in the web.config files for the Provisioning server and Directory Web Service
must be updated. If the container settings for OCS and the web services do not match, Service Manager displays errors
such as the following during user plan updates or user provisioning:
Server was unable to process request. ---> Failed to load the LCS/OCS policies from path'LDAP://CN=Policies,CN=RTC Service,CN=Microsoft,CN=System,DC=Machine1,DC=local' . Error: There isno such object on the server.
This procedure describes how to change the configuration files for the Provisioning server and Directory Web Service.
1. Log on to the Provisioning server and stop the Citrix Queue Monitor service.
2. On the Provisioning server, open the appSettings.config f ile. This f ile is typically located in: C:Program Files
(x86)CitrixCortexProvisioning Engine.
3. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.
4. Restart the Citrix Queue Monitor service.
5. On the server hosting the Directory Web Service, open the web.config f ile. This f ile is typically located in: C:Program Files
(x86)CitrixCortexServicesDirectory.
6. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.
7. Repeat steps 1-6 for each Provisioning server and Directory Web Service in your Services Manager deployment.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.230https://docs.citrix.com
Provision the Office Communication Server 2007service
Jun 05, 2015
Updated: 2013-02-11
To provision the Office Communication Server 2007 service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the OCS
service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Office Communication Server 2007 check box and then select the Office Communication Server 2007 service
name. The Reseller Service Setup page appears.
5. In the User Plan table, select the check boxes for each level the reseller can offer to customers.
Note: The user plan defines the Communicator features that are available to provisioned users.
6. In the Customer Plan table, select the check boxes for each template the reseller can offer.
Note: The customer plan defines the home server to which users are assigned.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer the OCS service.
To provision the Office Communication Server 2007 service to customers
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the OCS service.
3. In the services list, select Office Communication Server 2007. The Service Plan Configuration page appears.
4. In Customer Plan, select the template to assign to the customer.
Note: The customer plan defines the home server to which users are assigned.
5. Under Internal SIP Domains, select the check boxes for each domain you want to enable for handling voice and video
communication.
6. Click Advanced Settings and perform the following actions:
1. Under User Plans, select the check boxes for each user plan the customer can offer users.
Note: The user plan defines the Communicator features that are available to provisioned users.
2. In Maximum Users, select the Enabled check box and then enter the total number of users the customer can
provision.
3. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
7. Click Provision to enable the customer to provision users with the OCS service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.231https://docs.citrix.com
ShareFile
Jun 05, 2015
Updated: 2014-08-13With the ShareFile service, you can manage customers' ShareFile accounts through the Services Manager control panel.
Features of the ShareFile service
With the ShareFile service, you can perform the following tasks from within the Services Manager control panel:Onboard customers using their existing ShareFile Enterprise account
Provision and deprovision Employee user accounts directly to ShareFile
Create, modify, and delete folders
Configure folder permissions
Grant users access to specif ic folders, either individually or using groups
Configure users' permissions for specif ic folders
Create, modify, and delete distribution groups
Maintain accurate billing data by synchronizing Services Manager customers and users with ShareFile
How do I deploy the ShareFile service?
Before you deploy the ShareFile service, review the deployment requirements in Plan to deploy the ShareFile service.
Use the following topics to configure and provision the service:1. Configure the ShareFile service
2. Provision the ShareFile service
3. To synchronize ShareFile users with Services Manager
After deploying the ShareFile service, use the following topics to manage folders and maintain and view billing information:Manage ShareFile folders and folder access
View ShareFile billing information
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.232https://docs.citrix.com
Configure the ShareFile service
Jun 05, 2015
Updated: 2014-01-09Configuring the ShareFile service includes importing the service package file to the control panel. To import service packages,
you must have the Service Schema or All Services Schema security role.
1. Import the ShareFile service package to the control panel:
1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.
2. Under Services Management, click Import a service.
3. On the Service Import page, click Browse and locate the ShareFile.package f ile. Click Open.
4. Click Preview. Services Manager displays the contents of the f ile for your review.
5. Click Import. Services Manager imports the f ile and reports Import Complete.
2. Enable the service (top level):
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and expand
ShareFile.
2. Click Save.
3. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
ShareFile.
2. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.233https://docs.citrix.com
This document includes information and instructions on how to plan for your App Orchestration deployment,
prepare core components, and perform tasks such as creating offerings and subscribing tenants to those
offerings.
Configure ShareFile SAML Authentication
Apr 13, 2016
This deployment guide includes sections on the following topics:
ShareFile SAML authentication topology
How to deploy and manage the ShareFile service
Configuring the ShareFile service with SAML authentication
Provisioning the ShareFile service with SAML authentication
How to view authentication methods, Relying Party Trust, and token-signing certif icates status
Common configuration problems and trouble shooting
SAML Authentication Support in ShareFile Service 11.5.5
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.234https://docs.citrix.com
Provision the ShareFile service
Jun 05, 2015
Updated: 2014-01-29Before you provision customers with the ShareFile service, ensure they have an existing ShareFile account. When you
provision the service to a customer, Services Manager associates the customer's ShareFile account information with the
customer's information in Services Manager. The service does not provision new ShareFile accounts for customers on
behalf of the reseller.
Deprovisioning the service
When deprovisioning the service for a customer, the customer's users must be deprovisioned, including the ShareFile
customer administrator. Upon deprovisioning, the service data is removed immediately from the customer in Services
Manager. Additionally, you must cancel the customer's account through the ShareFile.com web site.
When a user is deprovisioned, the Employee user account associated with the Services Manager user is deleted immediately.
The user receives no notification from ShareFile.
If you want to reprovision the ShareFile service to a customer whose account has been cancelled, the customer must first
contact ShareFile to re-establish the former account or create a new one. Afterward, you can provision the ShareFile
service to the customer through Services Manager.
To provision the ShareFile service to resellers
When provisioning a customer with the ShareFile service, Services Manager suggests a subdomain based on the customer's
primary domain name (for example, mycompany.sharefile.com). However, Services Manager does not validate the subdomain
prior to account creation. If the subdomain is invalid or in use by another customer, Services Manager displays an error
message.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the
service.
2. Click Services and then click Reseller.
3. From the services list, click ShareFile.
4. Click Provision to enable the reseller to offer the ShareFile service to customers.
To provision the ShareFile service to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the
service.
2. Click Services and then click ShareFile.
3. Under Account Information, enter the following information:
ShareFile Domain: The default top-level domain. For example, sharefile.com.
ShareFile Sub-domain: The customer's ShareFile subdomain. For example, mycompany.sharefile.com.
Administrator Username: The customer administrator's ShareFile account username. The username must be a valid
email address.
Administrator Password: The customer administrator's ShareFile account password.
Employee Licenses: The number of Employee users associated with the customer's ShareFile account.
4. Click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.235https://docs.citrix.com
To provision the ShareFile service to users
When you provision the ShareFile service to a user, Services Manager creates a ShareFile account with the user's First
Name, Last Name, Email Address, and Company properties. If the provisioned user already has a ShareFile account under the
same primary email address as that specified in Services Manager, Services Manager associates the existing ShareFile
account with the user and does not create a new account. After provisioning, ShareFile sends an activation email to the
user that includes a temporary password with which to log on to the ShareFile.com web site and update the account
password.
Users must have a working email address specified in Services Manager to receive the ShareFile activation email. If the user's
email address is not functioning, you must update the email address. To do this, deprovision the ShareFile service for the
user and delete the user from ShareFile. Then, update the user's email address in Services Manager. Afterward, you can
provision the service to the user again.
When provisioned, users can receive the following basic permissions:The ability to create root-level folders
The use of a personal f ile box
The ability to change their own passwords
The ability to view My Settings on the ShareFile.com web site
1. From the Services Manager menu bar, click Customers and select the customer with the users to whom you want to
provision the service.
2. Under Customer Functions, click Users.
3. On the Users page, select the user you want to provision and then click Services.
4. Expand ShareFile.
5. Under Basic Permissions, select the default permissions to grant to the user when using ShareFile. By default, all
permissions are selected.
6. Click Provision to enable the reseller to offer the ShareFile service to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.236https://docs.citrix.com
To synchronize ShareFile users with Services Manager
Jun 05, 2015
Updated: 2014-01-29To ensure accurate reporting of customer activity, it is important to ensure provisioned users in Services Manager
correspond with active user accounts in ShareFile. To do this, you can synchronize user accounts between Services
Manager and ShareFile and generate bulk provisioning requests for any account additions or deletions that are detected.
To perform this synchronization, you use the command-line utility ShareFileSyncUsers.exe, included with the ShareFile
service. This utility is installed when you import the ShareFile service package and is typically located at C:Program Files
(x86)CitrixCortexProvisioning Engine.
If the synchronization detects a new ShareFile user for a customer that matches a user in Services Manager, Services
Manager provisions the ShareFile service to the user. If a user in Services Manager is no longer an Employee user in ShareFile,
Services Manager deprovisions the service for the user.
To run this utility at regular intervals, create a scheduled task on the server hosting the Provisioning Engine.
1. Launch Task Scheduler: Click Start > All Programs > Accessories > System Tools > Task Scheduler.
2. Create a new task:
1. In the left pane of the console, expand Task Scheduler Library, expand Citrix, and then select CloudPortal Services
Manager.
2. In the right pane, under Actions, click Create Task.
3. On the General tab, name the task ShareFile Sync.
4. In Security Options, under When running this task, use the following user account, click Change User or Group and
select the Provisioning Engine scheduled task user. By default, this account is cortex_dirmon_svc.
5. Select Run with highest privileges.
6. On the Triggers tab, click New and select Daily. Click OK.
7. On the Actions tab, click New, configure the following settings, and click OK:
In Action, select Start a program.
In Program/script, click Browse and select the path of the ShareFileSyncUsers utility. The default path is C:Program
Files (x86)CitrixCortexProvisioning Engine.
8. Click OK to save the task.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.237https://docs.citrix.com
Manage ShareFile folders and folder access
Jun 05, 2015
Updated: 2014-01-29ShareFile customer administrators can use Services Manager to perform the following tasks:
View the users with access to a specif ic folder
Add, delete, or rename folders
Grant users access to specif ic folders
Modify users' permissions for a specif ic folder
To grant users access to a specific folder
1. From the Services Manager menu bar, click Services > ShareFile > Manage Folders.
2. Under Subfolders, select the folder you want users to access.
3. Under Folder Access, click Add Users.
4. In Edit Folder Access, select whether to Add multiple users or Add groups.
5. Enter the user name of a specif ic user or select the users or groups to whom you want to grant access.
To modify user permissions for a specific folder
1. From the Services Manager menu bar, click Services > ShareFile > Manage Folders.
2. Under Subfolders, select the folder you want to modify.
3. Under Folder Access, for each user, select or clear the check boxes for the folder permissions you want to enable or
disable.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.238https://docs.citrix.com
View ShareFile billing information
Jun 05, 2015
Updated: 2014-01-29The ShareFile service includes the following billing reports:
ShareFile Customer: Displays details for all customers provisioned with the ShareFile service.
ShareFile Plan: Displays ShareFile customers and users grouped by plan at the reseller level.
ShareFile Reseller: Displays ShareFile customers and users at the reseller level.
To view these reports, click Reports > View Reports, and then expand ShareFile.
Important: To maintain accurate billing data for customers, ensure the cost and sales price values you configure for theShareFile service are updated in the event of updates to ShareFile's service pricing. Because of limitations in the ShareFileReseller API, Services Manager cannot read summary billing data directly from ShareFile.com. Therefore, you must manuallyverify with ShareFile that the cost and sale price values you have configured in Services Manager remain accurate.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.239https://docs.citrix.com
SharePoint 2010
Jun 05, 2015
Updated: 2014-08-15The SharePoint 2010 web service is installed on a SharePoint 2010 server in your environment. You can install the SharePoint web service using either the graphical interface of
the Services Manager installer or through the command line. After the installation process finishes, you can enable the service and continue configuration through the control
panel.
To install the SharePoint web service using the graphical interface
The installation process creates the IIS web service, updates the web application settings, and enables PowerShell remoting.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select SharePoint 2010 Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then click Next.
7. On the Ready to Install page, review your selection and then click Install.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the SharePoint 2010 Web Service item.
11. On the Configure Service Details page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the SharePoint 2010 web service account. The default user name is csm_sharepoint_svc. This f ield is unavailable when you elect to
auto-generate credentials.
Password: Enter a password for the SharePoint 2010 web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the SharePoint web service. The default port is 8095.
12. On the Specify Remoting Credentials page, enter the Username and Password of an account with PowerShell remoting permissions and then click Next. The default
account username is csm_sharepoint_rem.
13. On the Summary page, click Next. The Configuration Tool configures the SharePoint 2010 web service and displays progress.
14. Click Finish and then click Exit to close the Configuration Tool.
To install the SharePoint web service from the command line
1. On the SharePoint 2010 server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:SharePoint2010. The Setup Tool installs the web service and returns the command prompt.
4. At the command prompt, enter install-locationServicesSharePoint2010WSConfigurationSharePointConfigConsole.exe and specify the following properties:
Property Description
/UserName:username The application pool ID. Usually, this is SharePoint Admin User. This parameter is optional if you are using /GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True | False Optional. Create the service account in Active Directory.
/GenerateCredentials:True | False Optional. Generate the password for the service account.
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesSharePoint2010WSConfigurationSharePointConfigConsole.exe /UserName:shpt_svc_acct /Password:password /ServicePort:8095 When the installation process is finished, log on to the control panel and configure the web service. For instructions, see Configure the SharePoint 2010 service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.240https://docs.citrix.com
Configure the SharePoint 2010 service
Jun 05, 2015
Updated: 2013-05-07The SharePoint 2010 service has one standard user plan (named Full) that is applied to all users. The standard user plan
assigns users to a specific Active Directory security group which does not affect user access within the SharePoint site. You
do not need to manage the individual users in the SharePoint application. Active Directory Domain Services manages the
users for you.
The SharePoint 2010 service includes twelve customer plans that support common configurations. You can disable the
default plans and create new ones. However, you cannot switch to a different customer plan after provisioning a customer.
For details about the default customer plan properties and patterns, see SharePoint Default Customer Plans.
To configure the SharePoint 2010 service
1. Enable the service (top level): From the Services Manager menu bar, select Configuration > System Manager > Service
Deployment, expand SharePoint 2010, and click Save.
2. Enable and configure the service (location level):
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
SharePoint 2010.
2. Click Service Settings, expand Configuration, and specify an Application Pool Account. The account must be an
administrator in SharePoint and entered using the exact form as the value returned by the PowerShell cmdlet Get-
SPProcessAccount.
3. Click Apply changes and then click Save to enable the service.
3. Add the credentials for the SharePoint service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials. The Credentials
Overview page appears.
2. In the credentials table, click Add.
3. In Username and Password, enter the user name and password for the service account.
4. Leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in the database.
Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use
plain-text credentials only for debugging purposes.
5. In Domain, enter the FQDN of the service account.
6. Click Add to save your entries.
4. Enable the server:
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the server where the SharePoint WCF service is running is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles for each server to be added to a SharePoint farm:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the
server.
2. Under Server Connection Components, select SharePoint 2010.
3. Under Server Roles, select SharePoint 2010 Farm and then click Save.
6. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the SharePoint WCF service running on the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.241https://docs.citrix.com
SharePoint 2010 server.
Server Role
Choose SharePoint 2010.
Server
Choose the server where the SharePoint WCF service is running.
Credentials
Choose the credentials for the SharePoint WCF service.
URL Base
Enter /sharepoint2010/sharepoint.svc.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
column for the SharePoint server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
To add and configure SharePoint farms
1. Add SharePoint farms:
1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farms and then choose a Location.
2. Click Add, enter a user-friendly Farm name, choose a Server for the farm, and then click Update. The farm name is
visible to customers during resource and site configuration. After a server is allocated to a farm, you cannot allocate it
to another farm.
2. Configure multi-tenancy features on SharePoint farms:
1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farm Configuration and then choose a
Location and Farm.
2. Under Managed Accounts, either choose a domain account or specify the credentials to apply the SharePoint 2010
service account to an existing user. The account specif ied is used in the next two steps.
3. If a default web application is not already created, create one. Use IIS to determine if a default web application was
created during the SharePoint 2010 installation.
4. Under Proxy Group, enter a Proxy Group Name, and then click Create. The default web application is associated with
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.242https://docs.citrix.com
this proxy group. This step can take several minutes to complete.
5. Under Site Subscription, complete the settings, and then click Create. The site subscription tenant service starts. This
step can take several minutes to complete.
3. To import web templates from a farm: From the SharePoint 2010 Farm Configuration page, click Retrieve Web
Templates. After web templates are stored in the Services Manager database, they can be assigned to a SharePoint site
during customer provisioning.
To add and configure SharePoint feature packs
A SharePoint feature pack is a collection of SharePoint features. The Services Manager displays the feature packs
configured on a SharePoint farm and enables you to create new feature packs from a list of the features installed on the
SharePoint server.
1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Feature Packs, choose a Location and Farm,
and then click Retrieve Feature Packs.
2. To add a feature pack, click New Feature Pack, enter a user-friendly Name, and add the features for the feature pack.
You can add the features individually or click a default feature pack (such as foundation or enterprise). The Name is
visible to customers during resource configuration. After a feature pack is added, it can be configured for a customer
account.
To enable DNS for the SharePoint 2010 service
Before you enable DNS for the SharePoint 2010 service and configure DNS provisioning, the DNS service must be enabledand configured.Important: The SharePoint 2010 service enables you to manage only one DNS record type at a time for SharePoint sites.Do not change the DNS record type after SharePoint sites have been created. Changing the DNS record type can result induplicate DNS records being created for each site.1. Enable DNS for the SharePoint 2010 service:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Expand SharePoint 2010 and then click Service Settings.
4. In DNS Record Type, select A Record or CNAME Record for the SharePoint server as appropriate.
5. Click Save.
2. Enable DNS provisioning:
1. From the Services Manager bar, Configuration > System Manager > Servers.
2. Select the SharePoint server from the server list and perform one of the following actions:
To enable A Record provisioning, in External IP Address, enter the IP address of the SharePoint server.
To enable CNAME Record provisioning, in External Name, enter the FQDN of the SharePoint server.
3. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.243https://docs.citrix.com
SharePoint Default Customer Plans
Jun 05, 2015
Updated: 2013-09-17
Default customer plans
The following authenticated and anonymous customer plans are installed with SharePoint 2010 and 2013 services:
Service Name Default Customer Plans
SharePoint 2010 Customer Site
Customer Site (Anonymous)
Customer SSL Site
Customer SSL Site (Anonymous)
Shared Site
Shared Site (Anonymous)
Shared SSL Site
Shared SSL Site (Anonymous)
Dedicated Site
Dedicated Site (Anonymous)
Dedicated SSL Site
Dedicated SSL Site (Anonymous)
SharePoint 2013 Customer Site
Dedicated Site
Shared Site
Patterns
The patterns in this section apply to SharePoint 2010 and 2013 services unless otherwise specif ied.Content Database
Pattern used to create content databases for the site.
Default: SP_{CustomerShortName}_{ServiceID}
Web App Host Header
Pattern used to create the host header for web applications.
Defaults:
For Customer Site: SPWebApp{CustomerShortName}
For Shared Site (2010): SPSharedWebApp{NextID}
For Shared Site (2013): SPSharedWebAppAnonymous{NextID}
For Dedicated Site: {HostHeader}
Web App Path
Pattern used to create the local IIS path for web applications.
Defaults:
For Customer Site: C:SharePoint{CustomerShortName}
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.244https://docs.citrix.com
For Shared Site: C:SharePoint{WebAppName}
For Dedicated Site: C:SharePoint{CustomerShortName}{ServiceID}
Web App Share Path
Pattern used to create the shared IIS path for web applications.
Defaults:
For Customer Site: \{SPServer}C$SharePoint{CustomerShortName}
For Shared Site: \{SPServer}C$SharePoint{WebAppName}
For Dedicated Site: \{SPServer}C$SharePoint{CustomerShortName}{ServiceID}
Web Application
Pattern used to create web applications.
Defaults:
For Customer Site: SPWebApp{CustomerShortName}
For Shared Site (2010): SPSharedWebApp{NextID}
For Shared Site (2013): SPSharedWebAppAnonymous{NextID}
For Dedicated Site: SPWebApp{CustomerShortName}{ServiceID}
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.245https://docs.citrix.com
Provision the SharePoint 2010 service to customers
Jun 05, 2015
Before provisioning the SharePoint 2010 service to a customer, at least one SharePoint Farm and Feature Pack must be
configured and assigned to the customer. When provisioning a customer, you can specify multiple, different farms with
companion feature packs. However, you cannot specify multiple instances of the same farm.
Customers are configured with SharePoint Feature Packs that determine the functionality that is available to provisioned
users.
A standard SharePoint installation includes 12 preconfigured customer plans. These plans determine how the site isconfigured and saved on the SharePoint 2010 server. Service providers configure the availability of the following templateswhen they provision the service to customers. All templates support SSL authentication.Customer Site
This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured
with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.
Additionally, a separate Customer site template is available that includes anonymous authentication.
Shared Site
This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated
content database. Additionally, a separate Shared site template is available that includes anonymous authentication.
Dedicated Site
This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool
unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content
database. Additionally, a separate Dedicated site template is available that includes anonymous authentication.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision SharePoint 2010.
3. In the services list, click SharePoint 2010 configure resources. The Service Setup page appears.
4. In the SharePoint Farm table, click Add and select the farms and companion feature packs to allocate to the customer.
5. Click Update to save your selections.
6. Click Save to save the resource configuration.
7. In the services list, click SharePoint 2010 create an instance. The SharePoint 2010 Service Instance page appears.
8. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.
9. Under Service Plan Configuration, in Customer Plan, select the settings package to use for the site. To customize the
template, click Edit and make the appropriate changes. When you are f inished, click Apply Changes.
10. Under Site Administrators, enter the user names for the users granted full administration rights to the site. These users
must be members of the customer's organizational unit in Active Directory.
11. In Site Template, select the SharePoint site template with which to create the site.
Note: If no template is selected, no template is configured when the site is provisioned. The Site Administrator must
access the SharePoint site directly to configure the site template and security groups manually before users can access
the site.
12. In Site Name, enter the host header for the site.
13. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enabled check box and enter the total number of users the customer can provision to
the site.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.246https://docs.citrix.com
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
3. Click Apply Changes to save your selections.
14. Click Provision to provision the site to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.247https://docs.citrix.com
SharePoint 2013
Jun 05, 2015
Updated: 2013-10-31The SharePoint 2013 service delivers SharePoint web sites to customers for sharing documents and information from the
cloud. Services Manager integrates with SharePoint servers through a Windows Communication Foundation (WCF) service.
Features in the SharePoint 2013 service
The SharePoint 2013 service provides the following features:Manage DNS records per customer (A records only)
Reporting for SharePoint users and site types
Import existing sites to manage in the control panel
Remove sites from the control panel without affecting the farm
Licensing:
Per-site licensing for Foundation sites
Per-user licensing for Standard and Enterprise sites enables user access to site features based on the user plan
provisioned
Office Web Apps and Project Web App options enable users to work with Microsoft Office or Project f iles from
within Standard or Enterprise sites (requires licenses for Microsoft Office or Project products)
Assign certif icates to customer sites
Supports Workflow Approval, allowing users to self-provision appropriate user plans based on the customer's site
licensing
How do I deploy the SharePoint 2013 service?
Before you deploy the SharePoint 2013 service, review the deployment requirements in Plan to deploy the SharePoint
service.
Use the following topics to install, configure, and provision the service:
Install the SharePoint 2013 web service
Configure the SharePoint 2013 service
Configure certif icates for SharePoint 2013 sites
Provision the SharePoint 2013 service
If you are migrating customers from SharePoint 2010 to SharePoint 2013, see Migrate customers to SharePoint 2013 for
information about onboarding migrated SharePoint sites to Services Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.248https://docs.citrix.com
Install the SharePoint 2013 web service
Jun 05, 2015
Updated: 2014-08-15Install the SharePoint 2013 web service on the SharePoint 2013 front-end web servers in your environment.
You can install the SharePoint 2013 web service using the graphical interface of the Services Manager Setup Tool or
through the command line. After the installation process is finished, you can enable the service and continue configuration
through the control panel.
To install the SharePoint 2013 web service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, and
define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select SharePoint 2013 Web Service. Click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then
click Next.
7. On the Ready to Install page, click Install.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the SharePoint 2013 Web Service item. The Configuration Tool
attempts to contact the Encryption Service to retrieve the encrypted key. If the service cannot be contacted, the
Configuration Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and
export keyfiles for the Encryption Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was specif ied when the key f ile was generated. Click Next.
12. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account
credentials automatically.
User name: Enter a user name for the SharePoint web service account. The default user name is csm_sp2013_svc. This
f ield is unavailable when you elect to auto-generate credentials.
Password: Enter a password for the SharePoint web service account. This f ield is unavailable when you elect to auto-
generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not
already exist in Active Directory.
Service port: Enter the port used by the SharePoint web service. The default port is 8095.
13. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate
configuration page. When the summary contains the settings you want, click Next. The Configuration Tool configures
the SharePoint web service, imports the Encryption Service key, and displays progress.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.249https://docs.citrix.com
14. Click Finish and then click Exit to close the Configuration Tool.
After you install the web service, continue the configuration using the Services Manager control panel. For more
information, see Configure the SharePoint 2013 service.
To install the SharePoint 2013 web service using the command line
When you install the SharePoint 2013 web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the SharePoint 2013 server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:SharePoint2013. The Setup Tool installs the web service
and returns the command prompt.
4. At the command prompt, enter install-locationServicesSharePoint2013ConfigurationSharePointConfigConsole.exe and
specify the following properties:
Property Description
/UserName:username The application pool ID. Usually, this is the SharePoint administrator user. This
parameter is optional if you are using /GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using
/GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
/GenerateCredentials:True
| False
Optional. Generate the password for the service account.
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program
Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesSharePoint2013ConfigurationSharePointConfigConsole.exe /UserName:shpt_svc_acct /Password:password /ServicePort:8095When the installation process is finished, configure the SharePoint 2013 service through the Services Manager control
panel. For instructions, see Configure the SharePoint 2013 service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.250https://docs.citrix.com
Configure the SharePoint 2013 service
Jun 05, 2015
Updated: 2013-10-26Before configuring the SharePoint 2013 service, ensure the SharePoint server meets the following requirements:
The SharePoint server has a DNS A record in the domain in which it is deployed
The web service is installed
PowerShell remoting is enabled
CredSSP authentication is enabled for both Server and Client roles
You can initiate a remoting connection with CredSSP authentication from the SharePoint server to the Web and
Provisioning servers in your deployment
Note: For more information about PowerShell remoting and CredSSP authentication requirements, see Plan to deploy
the SharePoint service.
Additionally, if you want to provision DNS for customers' SharePoint 2013 sites, ensure the DNS service is enabled and
configured. By default, DNS is enabled in the SharePoint 2013 service settings.
To configure the SharePoint 2013 service
Configuring the SharePoint 2013 service includes importing the service package file to the control panel. To import service
packages, you must have the Service Schema or All Services Schema security role.
1. Import the SharePoint 2013 service package into the control panel:
1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.
2. Under Services Management, click Import a service.
3. On the Service Import page, click Browse and locate the SharePoint 2013.package f ile. Click Open.
4. Click Preview. Services Manager displays the contents of the f ile for your review.
5. Click Import. Services Manager imports the f ile and reports Import Complete.
2. Enable the service (top level): From the Services Manager menu bar, select Configuration > System Manager > Service
Deployment, expand SharePoint 2013, and click Save.
3. Enable and configure the service (location level):
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
SharePoint 2013.
2. Click Service Settings, expand Configuration, and specify an Application Pool Account. The account must be an
administrator in SharePoint and entered using the exact form as the value returned by the PowerShell cmdlet Get-
SPProcessAccount.
3. Click Apply changes and then click Save to enable the service.
4. Add the credentials for the SharePoint service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials. The Credentials
Overview page appears.
2. In the credentials table, click Add.
3. In Username and Password, enter the user name and password for the service account.
4. Leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in the database.
Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use
plain-text credentials only for debugging purposes.
5. In Domain, enter the FQDN of the service account.
6. Click Add to save your entries.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.251https://docs.citrix.com
5. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. If the server where the SharePoint web service is running is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
4. If you enabled CredSSP client authentication on the SharePoint server using a wildcard (for example,
WSMAN/*.domain.com), in Alias, enter the FQDN of the SharePoint server.
6. Assign server roles for each server to be added to a SharePoint farm:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the server.
2. Under Server Connection Components, select SharePoint 2013.
3. Under Server Roles, select SharePoint 2013 Farm and then click Save.
7. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the SharePoint WCF service running on the
SharePoint 2013 server.
Server Role
Choose SharePoint 2013.
Server
Choose the server where the SharePoint WCF service is running.
Credentials
Choose the credentials for the SharePoint WCF service.
URL Base
Defaults to SharePoint2013WSManagement.asmx.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the
icon in the Test column for the SharePoint server. The icon turns green for a successful connection. A red icon
indicates an unsuccessful connection. Mouse over it for information about the failed connection.
To add and configure SharePoint farms
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.252https://docs.citrix.com
When you create a SharePoint farm through the control panel, the farm has Foundation licensing by default. You can
change the license when you configure the farm. However, after the farm is provisioned to a customer, you cannot modify
the license. For more information about SharePoint 2013 licensing, see SharePoint 2013 licensing and Web Apps.
1. Add a SharePoint farm:
1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Farms and then choose a Location.
2. In the farm table, click Add and perform the following actions:
1. Enter a user-friendly Farm name.
2. Choose a Server for the farm.
3. Select the appropriate Credentials for the farm.
4. Click Update to save your changes.
The farm name is visible to customers during resource and site configuration. After a server is allocated to a farm, you
cannot allocate it to another farm.
2. Configure multi-tenancy features on SharePoint farms:
1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Farm Configuration. Under Farm Selection,
choose a Location and Farm.
2. Under Managed Account, either choose a domain account or specify the credentials to apply the SharePoint 2013
service account to an existing user. The account specif ied is used in Steps C and D.
3. If a Default Web Application was not already created when you installed SharePoint 2013, enter a Web Application
Name and Application Pool and then click Create. The default name and application pool is "SharePoint - 80." Use IIS
to determine if a default web application was created.
4. Under Proxy Group, enter a Proxy Group Name, and then click Create. The default proxy group is TenantProxyGroup.
The default web application is associated with this proxy group. This step can take several minutes to complete.
5. Under Site Subscription, complete the settings, and then click Create. If you accept the default settings, the
SPSubscription application pool is created, the Farm_SiteSubscriptionSettingsServiceApp service is started, and the
Farm_SiteSubscriptionSettingsServiceAppDB database is created. This step can take several minutes to complete.
6. Under Licensing Configuration, select the SharePoint licensing version you want to apply to the farm and, if applicable,
enable MS Office or Project Web Apps capabilities. Click Save.
Note: Select Edit Office Web Apps or Project Web Apps only if the farm is configured to use Office Web Apps Server
or Project Web App, respectively.
3. Import web templates from a SharePoint farm:
1. Under Farm Selection, ensure the appropriate Location and Farm are selected.
2. Under Templates, click Retrieve Web Templates.
After web templates are stored in the Services Manager database, they can be assigned to a SharePoint site during
customer provisioning.
To add and configure SharePoint 2013 feature packs
A SharePoint feature pack is a collection of SharePoint features. Services Manager displays the feature packs configured
on a SharePoint farm and enables you to create new feature packs from a list of the features installed on the SharePoint
server.
1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Feature Packs, choose a Location and Farm,
and then click Retrieve Feature Packs.
2. To add a feature pack, perform the following actions:
1. Under Management, click New Feature Pack.
2. In Label, enter a user-friendly name.
3. Under Available Features, select the SharePoint features you want to include and click Add Features. To add all
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.253https://docs.citrix.com
features included in a SharePoint edition, click Add Foundation, Add Standard, or Add Enterprise.
4. Click Save.
The feature pack name is visible to customers during resource configuration. After a feature pack is added, it can be
configured for a customer account.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.254https://docs.citrix.com
Configure certificates for SharePoint 2013 sites
Jun 05, 2015
Updated: 2013-10-18When you provision a SharePoint 2013 site to a customer, you can specify that the site be accessed using HTTPS andselect the certif icate to use for the site. To make certif icates available for provisioning customer sites, you perform thefollowing tasks:
On the SharePoint farm server, create the required IP addresses and install the required certif icates
In the control panel, assign the certif icates to the appropriate IP addresses and specify the access level of the
certif icate (available to all customers or dedicated to a single customer)
1. From the Services Manager menu bar, click Services > SharePoint 2013 > Certif icates.
2. Under Sync, click Retrieve IP Addresses, then click Retrieve Certif icates. By default, all certif icates are marked as Reserved
until they are configured.
3. In the certif icates table, click Edit for the certif icate you want to configure.
4. In IP Address, select the IP address you want to assign to the certif icate.
5. In Access, select one of the following options:
Reserved: The certif icate is unavailable for use by any customer.
Public: The certif icate is available for use by any customer.
Dedicated Customer: The certif icate is available for use only by a specif ic customer. When you select this option,
enter the Customer to whom you are allocating the certif icate.
6. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.255https://docs.citrix.com
Provision the SharePoint 2013 service
Jun 05, 2015
Updated: 2013-10-31
To provision the SharePoint 2013 service to customers
Before provisioning the SharePoint 2013 service to a customer, at least one SharePoint farm and feature pack must be
configured (see Configure the SharePoint 2013 service). Feature packs determine the functionality that is available to
provisioned users.
Additionally, to enable Services Manager to provision DNS records to the customer when provisioning SharePoint 2013 sites,
ensure the DNS service is configured. For domains that are owned by the customer, ensure the DNS service is configured
and provisioned to the customer.
Provisioning the SharePoint 2013 service to a customer consists of the following actions:Conf igure SharePoint resources: This action creates a subscription for the customer to the SharePoint farm you
specify. You can specify multiple, different farms with companion feature packs. However, you cannot specify multiple
instances of the same farm.
Conf igure SharePoint sites: This action deploys a SharePoint site for the customer using the customer plan, site
template, SSL certif icate, and URL you specify.
Customer plans determine how the site is configured and saved on the SharePoint 2013 server. Service providers configurethe availability of the following plans when they provision the service to customers. All plans support SSL and anonymousauthentication.Customer Site
This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured
with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.
Shared Site
This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated
content database.
Dedicated Site
This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool
unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content
database.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the SharePoint 2013 service.
3. In the services list, click SharePoint 2013 configure resources.
4. In the SharePoint farm table, click Add and select the farm and companion feature pack to allocate to the customer.
Note: Changing the companion feature pack affects the features of all sites that are provisioned to a customer. This
change can affect the customer's billing for those sites. For example, if a customer has several sites provisioned in a farm
with the Foundation feature pack, changing the feature pack to Enterprise will cause the customer to be billed at the
Enterprise level for all provisioned sites.
5. Click Update and then click Save.
6. In the services list, click SharePoint 2013 create an instance.
7. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.256https://docs.citrix.com
8. Under Service Plan Configuration, select the appropriate Customer Plan. To customize the plan, click Edit and make the
appropriate changes. When you are f inished, click Apply Changes.
9. Under Site Administrators, enter the user names for the users granted full administration rights to the site. These users
must be members of the customer's organizational unit in Active Directory.
10. Under Site Configuration, select the Site Template with which to create the site.
Note: If no template is selected, no template is configured when the site is provisioned. Before users can access the
SharePoint site, the Site Administrator must access the site directly to select a template and configure security groups.
11. Under Site Address, configure the following settings:
1. In Type, select the authentication method for accessing the site (HTTP or HTTPS).
2. In Certif icate, select the appropriate site certif icate for the customer. This f ield is available when you select HTTPS as
the address type.
Note: To make a certif icate available for provisioning, the certif icate must be configured for the customer's use. For
more information, see Configure certif icates for SharePoint 2013 sites
3. In Address, type the customer's site name to complete the address. If you select a certif icate that is dedicated to the
customer, this f ield is automatically completed.
12. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enabled check box and enter the total number of users the customer can provision to
the site.
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
3. Click Apply Changes to save your selections.
13. Click Provision to provision the site to the customer.
To provision the SharePoint 2013 service to users
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision users.
2. Under Customer Function, click Users.
3. On the Users page, select the user you want to provision and then click Services.
4. Expand SharePoint 2013 and select the user plan you want to enable for the user. The user plans available for
provisioning are determined by the license of the farm assigned to the customer. For example, if the customer's farm has
a Standard license, then only the Standard user plan can be provisioned. However, if the farm has an Enterprise license,
both the Standard and Enterprise user plans are available for provisioning. If the farm has a Foundation license, then no
user plans are available.
5. Under Group Membership, select the site groups you want to assign to the user.
6. Under Role Membership, select the site roles you want to assign to the user.
7. Configure any of the following settings:
Site Administrator: Confers administrator permissions for the site to which the user is being provisioned.
Edit Office Web Apps: Enables the user to modify Office documents within the SharePoint site (requires valid
Microsoft Office product licenses).
Project Web Apps: Enables the user to use Project features within the SharePoint site (requires a valid Project product
license).
Note: The Edit Office Web Apps and Project Web App settings apply to all sites to which the user is provisioned.
Therefore, if you enable or disable these settings for a single site that the user can access, these settings are also
enabled or disabled for all other sites provisioned to the user.
8. Click Provision to provision the service to the user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.257https://docs.citrix.com
Migrate customers to SharePoint 2013
Jun 05, 2015
Updated: 2013-10-31To migrate customers' SharePoint 2010 sites to SharePoint 2013, you perform the following tasks:1. Upgrade your SharePoint 2010 deployment to SharePoint 2013 as described in the article "Overview of the upgrade
process to SharePoint 2013" on the Microsoft TechNet web site.
2. In the Services Manager control panel, remove customers' SharePoint 2010 sites. This step removes sites from the
control panel, but does not delete them from the SharePoint farm.
3. Import customers' upgraded SharePoint 2013 sites into the control panel for management.
To remove SharePoint sites
Removing a SharePoint site removes the site listing from the Services Manager control panel only. The site remains intact in
the SharePoint farm.
1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Site Removal.
2. Under Farm Selection, select the SharePoint Version, Location, and Farm server where the site you want to remove
resides.
3. In the site table, select the SharePoint site you want to remove.
4. Click Delete Sites. The site table no longer displays the site entry.
To import existing SharePoint 2013 sites
Before you import an existing SharePoint site, ensure you have the following items:The customer to whom you want to assign the imported site has been added to Services Manager
The user designated as the site's Primary Administrator has been added to the customer
When you import a site, Services Manager automatically assigns it to the customer based on the user designated as the
site's Primary Administrator. If Services Manager detects that the user does not belong to a customer, you cannot import
the site.
1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Site Import.
2. Under Farm Selection, select a Location and Farm where the site you want to import resides. Services Manager
automatically detects the sites in the farm and displays them in a list.
3. From the site list, select the unassigned site you want to import and then click Import.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.258https://docs.citrix.com
Skype for Business service
Jul 11, 2016
The new Skype for Business service includes all the features of the Lync Enterprise 2013 service and is compatible with
Skype for Business 2015 . This document will help you plan your Skype for Business service deployment and upgrade Skype
for Business service in a standalone Lync Enterprise 2013/Skype for Business 2015 environment, in an in-place upgrade
environment, and in a co-existence migration environment.
What’s new in this release
Support for different versions of Skype for Business Servers: CloudPortal Services Manager supports Skype for Business
service in different versions of Skype for Business servers, including Lync Enterprise 2013 server and Skype for Business
2015 server.
Support for in-place upgrade of Lync Enterprise 2013 to Skype for Business 2015 : CloudPortal Services Manager
supports provision/deprovision/reprovision Skype for Business service in a Skype for Business 2015 deployment that
undrwent an in-place upgrade from Lync Enterprise 2013.
Support for co-existence migration from Lync Enterprise 2013 to Skype for Business 2015 : CloudPortal Services Manager
supports provision/deprovision/reprovision Skype for Business service in a Skype for Business 2015 deployment that was
migrated from Lync Enterprise 2013.
Wording improvement in service schema and reports: In this version, some wording improvements have been introduced in
service schema and reporting.
Known issues
When you upgrade from Lync Enterprise 2013 service, the new components of Skype for Business service will replace the
existing ones. To prevent the upgrade from creating duplicate components for Skype for Business, ensure that the
Reporting role is installed and configured in CloudPortal Service Manager.
Skype for Business topology support
In this version, Skype for Business service supports three deployment types in a location.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.259https://docs.citrix.com
Figure 1: Deployment with standalone Lync Enterprise 2013
Figure 2: Deployment with standalone Skype for Business 2015
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.260https://docs.citrix.com
Figure 3: Deployment of Lync Enterprise 2013/Skype for Business 2015 co-existence environment
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.261https://docs.citrix.com
Deploy and Configure Skype for Business service
Jul 11, 2016
To configure Skype for Business service in a new instance of CloudPortal Services Manager (that has never been provisioned
with any Lync Enterprise 2013 service), follow the Lync 2013 Guide to review the deployment requirements and common
steps to deploy new Skype for Business service in a standalone Lync Enterprise 2013 or Skype for Business 2015
environment. The general configuration steps are the same as in the previous version except for the following, minor
differences:
Configure server connection
Provision Skype for Business service to customer
Skype for Business service adds a new feature to distinguish Skype servers of different versions. The following additional
steps are required in the process of Configuring Skype for Business service:
Step 1: Specify the version of Skype server when you create a server connection
1. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Connections, click NewConnection, and then select or type the following information for the web service.
Setting Value
Server Role Select Skype for Business.
Server Defaults to the Lync/Skype server.
Credentials Choose the credentials for the Lync/Skype web service account.
URL Base Defaults to /LyncEnterprise2013WS/Lync.asmx.
Protocol Defaults to http.
Port Defaults to 8095. If you change the port here, change it also in the Services Manager web service.
T imeout Defaults to 200000 milliseconds.
Version o Lync Enterprise 2013 o Skype for Business 2015
2. Click Save.
Step 2: Provision the Skype for Business service to a customer by choosing theSkype version
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.262https://docs.citrix.com
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. In Skype Version, choose the corresponding Skype version in your deployment.
NoteWhen provisioning Skype for Business to a customer, Citrix recommends that the Skype version match the version of the web
service connection, otherwise when provisioning Skype for Business to a customer, a default web service connection with the latest
Skype version is chosen. For example, the Skype for Business 2015 server connection will be used for provisioning customer
service in Lync 2013 server.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.263https://docs.citrix.com
Upgrade to Skype for Business service
Jul 11, 2016
This section describes how to upgrade the exsiting Lync Enterprise 2013 service to Skype for Business service in
A standalone Lync Enterprise 2013 deployment
A Skype for Business 2015 deployment that underwent an in-place upgrade from Lync Enterprise 2013
A Skype for Business 2015 deployment that coexists with Lync Enterprise 2013
Upgrade service in standalone Lync Enterprise 2013
In this scenario, Lync Enterprise 2013 server is installed and deployed with Lync Enterprise 2013 service. To upgrade the existing Lync Enterprise 2013 service to Skype for Business service, you must
perform the following steps:
Step 1: Upgrade Skype for Business package in CloudPortal Services Manager
1. Log on to Cloud Portal Services Manager as Service Provider admin.
2. Go to Conf iguration > System Manager > Service Schema, click Import a service, click Choose File button, browse to the private build, select Skype for Business package, click Preview, then
click Import .
3. If no error occurs, right click Toolbars, open Task Manager, click Details, locate CortexQueueMonitor.exe and click End task. Click Services, then locate and start CortexQueueMonitor.
NoteMake sure the CPSM reporting role is successfully installed. Otherwise some wording in the user interface, such as ‘Lync Enterprise 2013’ will not upgrade.
Step 2: Upgrade Skype for Business web service
1. Log on to Lync Enterprise 2013 web service servers.
2. Go to Control Panel and uninstall Citrix CloudPortal Services Manager Lync Enterprise 2013 Web Service.
3. Launch Setup.exe from the Skype for Business installation folders.
4. Check Skype for Business Web Service, click Next , and then follow the steps to f inish the installation.
5. Click Conf igure to configure the service.
6. Specify Service Account, keep the default Service port.
7. Click Next to f inish the configuration.
Upgrade service in Skype for Business 2015 that underwent an in-place upgrade
To upgrade Skype for Business service in an In-Place Upgrade Skype for Business 2015 environment, besides the previous steps in Upgrade service in a standalone Lync Enterprise 2013, you must
perform the following additional steps to upgrade the customer and user information.
Step 1: Upgrade Server Connections
1. Log on to Cloud Portal Services Manager as Service Provider admin.
2. Go to Conf iguration > System Manager > Server Connections, click and expand Skype for Business – Lync Enterprise 2013.
3. Under Version, Select Skype for Business 2015.
Step 2: Upgrade Registrar Pool in Customer Plan and User Plan
1. Go to Conf iguration > System Manager > Service Deployment . Under Service Filter, select Active Directory Location Services, and choose a Location Filter.2. Expand Skype for Business.
3. Expand User Plans. Then expand each user plan, select the checkbox before Registrar pool, and then click Reload. Make sure the registrar pool is the Skype for Business 2015 pool. Click Applychanges.
4. Expand Customer Plans. Then expand each customer plan, select the checkbox before Registrar pool, and then click Reload. Make sure the registrar pool is the Skype for Business 2015 pool.
Click Apply changes.
5. Click Save.
Step 3: Reprovision Skype for Business service to Reseller
To reprovision Skype for Business service to Reseller, perform the steps listed in Reprovision Skype for Business to Reseller.
Step 4: Reprovision Skype for Business service to Customer
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Change the Skype Version to Skype for Business 2015.
5. Keep other properties unchanged and click Provision.
Step 5: Reprovision Skype for Business service to users
1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.
2. Select Services. The User Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Keep other properties unchanged and click Provision.
Upgrade service in a co-existence Lync/Skype co-existence environment
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.264https://docs.citrix.com
In this scenario, you can migrate Lync Enterprise 2013 servers to Skype for Business 2015 servers. The temporary environment that exists during migration still remains Lync Enterprise 2013 and Skype
for Business 2015 .
This section provide information specific to upgrading existing objects provisioned with Lync Enterprise 2013 service in CPSM. For example, migrating users from Lync Enterprise 2013 front end server
to Skype for Business 2015 front end server, updating DNS record to upgrade some simple url.
Besides the previous steps in Upgrade service in a standalone Lync Enterprise 2013, some extra steps are required.
Step 1: Install Skype for Business web service in Skype for Business 2015 front-end servers
1. Logon to Skype for Business 2015 front-end server
2. Launch the Setup.exe from the Skype for Business installation folders
3. Check Skype for Business Web Service, click Next , follow the steps to f inish the installation
4. Click the Conf igure link to configure the service
5. Specify Service Account, keep the Service port by default
6. Click Next to f inish the configuration
Step 2: Enable the Server for Skype for Business 2015 front-end servers
1. Logon to Cloud Portal Services Manager as Service Provider admin
2. From the Services Manager menu bar, choose Conf iguration > System Manager > Servers.
3. Click Refresh Server List .
4. Expand the entry for the Skype for Business 2015 server and verify that Server Enabled is selected.
Step 3: Assign server roles
1. Logon to Cloud Portal Services Manager as Service Provider admin
2. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Roles and then expand the entry for the Skype server.
3. Under Server Connection Components, select Skype for Business and then click Save.
Step 4: Upgrade Server Connections
1. Logon to Cloud Portal Services Manager as Service Provider admin
2. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Connections, click and expand Skype for Business – Lync Enterprise 2013, click delete to delete the
server connection for Lync Enterprise 2013 servers.
3. Click New Connection, and then select or type the following information for the web service.
Setting Value
Server Role Select Skype for Business.
Server Defaults to the Skype for Business 2015 server.
Credentials Choose the credentials for the Skype web service account.
URL Base Defaults to /LyncEnterprise2013WS/Lync.asmx.
Protocol Defaults to http.
Port Defaults to 8095. If you change the port here, change it also in the Services Manager web service.
T imeout Defaults to 200000 milliseconds.
Version o Lync Enterprise 2013 o Skype for Business 2015
4. Click Save.
Choose the credentials for the Skype web service account.
Choose the credentials for the Skype web service account.
Defaults to http.
Defaults to http.
Defaults to http.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.265https://docs.citrix.com
Defaults to http.
Defaults to http.
Defaults to http.
Defaults to 200000 milliseconds.
Defaults to 200000 milliseconds.
Defaults to 200000 milliseconds.
NoteTo deploy Skype for Business service in a Lync Enterprise 2013/Skype for Business 2015 co-existence environment, only one server connection is required, while the server connection must connect to Skype for
Business 2015 web service. For in a co-exsitence environment, some Skype/Lync commands can be executed only at the top version level.
Step 5: Upgrade Registrar Pool in Customer Plan and User Plan
To upgrade Registrar pool in Customer Plan and User Plan, perform the steps listed in Upgrade Registrar Pool in Customer Plan and User Plan.
Step 6: Upgrade DNS Record
1. Go to Conf iguration > System Manager > Service Deployment . Under Service Filter, select Active Directory Location Services, and choose a Location Filter.2. Expand Skype for Business.
3. Click Service Settings.
4. Under DNS, perform the following actions if Services Manager is to provision DNS records for the Skype for Business service:
In Front End Server, specify the IP address or FQDN of the Front End server of the newly deployed Skype for Business 2015 server. Leave these f ields blank if you want to create the DNS
records manually.
NoteCitrix recommends that you set the IP address or FQDN in Front End Server to a Skype for Business 2015 server IP or FQDN.
Step 7: Reprovision Skype for Business service to Reseller
To reprovision Skype for Business service to Reseller, perform the steps listed in Reprovision Skype for Business to Reseller.
Step 8: Reprovision Skype for Business service to Customer
The steps for reprovisioning Skype for Business service to Customer are the same as those listed under Step 4 of Upgrade service in Skype for Business 2015 that underwent an in-place upgrade.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Change the Skype Version to Skype for Business 2015.
5. Keep other properties unchanged and click Provision.
Step 9: Reprovision Skype for Business service to users
The steps for reprovisioning Skype for Business service to users are the same as those listed under Step 5 of Upgrade service in Skype for Business 2015 that underwent an in-place upgrade.
1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.
2. Select Services. The User Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Keep other properties unchanged and click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.266https://docs.citrix.com
Virtual Machines
Jun 05, 2015
Updated: 2014-08-15The Virtual Machine web service is installed on the Microsoft SCVMM server in your environment. You can install the Virtual Machine web service using
either the graphical interface of the Services Manager installer or through the command line. After the installation process finishes, you can enable the
service and continue configuration through the control panel.
To install the Virtual Machines web service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, and define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Virtual Machine Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then click Next.
7. On the Ready to Install page, review your selection and then click Install.
8. After the installation f inishes, click Finish.
9. On the Installed Services page, click Configure next to the Virtual Machine web service list item.
10. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When
the summary contains the settings you want, click Next. The Configuration Tool configures the Virtual Machine web service and displays progress.
11. Click Finish and then click Exit to close the Configuration Tool.
To install the Virtual Machines web service through the command line
1. On the SCVMM server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:VirtualMachine. The Setup Tool installs the web service and returns the command
prompt.
4. At the command prompt, enter install-locationServicesVirtualMachineWSConfigurationVMConfigConsole.exe and specify the following properties:
Property Description
/UserName:vm_svc_acct Impersonation account for the Virtual Machine service. This parameter is optional if you are using
/GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
/GenerateCredentials:True
| False
Optional. Generate password for the service account.
/SkipUserRoleCreation:True
| False
Default = False
/UserRoleName:name The SCVMM user role under which the service operates. Default = CSM_SelfServiceUser. This parameter is optional
if you have set /SkipUserRoleCreation to True.
/VMHostGroups:host-
groups
A comma-delimited list of host groups to add to the SCVMM scope. This parameter is optional if you have set
/SkipUserRoleCreation to True.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.267https://docs.citrix.com
/VMMServer:address:port Default = localhostProperty Description
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs initial configuration of the web service:install-locationServicesCitrixWSConfigurationVMConfigConsole.exe /UserName:vm_svc_acct /Password:password /ServicePort:8095 When the installation process is finished, log on to the control panel and configure the web service. For instructions, see Configure the Virtual Machine
service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.268https://docs.citrix.com
Configure the Virtual Machine service
Jun 05, 2015
Updated: 2014-01-06To configure the Virtual Machine service, you perform the following tasks:
Configure the Virtual Machine service using the control panel
Synchronize resources from the SCVMM server
Configure the virtual networks that customers will use
To configure the Virtual Machine service
1. Enable the service (top level):
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment, expand Virtual
Machine, and click Save.
2. Expand Virtual Machine, click Customer Plans, and create a customer plan if one is not already created. Verify and save
the settings. Customer plan settings include per-customer machine limits and whether dynamic disks are used.
Typically, dynamic disks are disabled to avoid over-subscription of disk storage. However, some Service Providers
enable dynamic disks to increase provisioning speed.
2. Enable and configure the service (location level): Under Service Filter, select Active Directory Location Services, choose a
Location Filter if applicable, expand Virtual Machine, and click Service Settings. Verify the settings, making sure that the
following settings are configured, and then save the service:
RDP Console URL
Defaults to VMConnection.aspx.
Self Service Role
Set to SelfService, the name of the self-service user group configured in SCVMM.
Virtual Machine Path
If the customer will use clustered Hyper-V hosts, change the path from
{PreferredDrive}Images{CustomerShortName} to {PreferredDrive}{CustomerShortName}. That change helps
prevent folder creation errors in the cluster shared volume.
3. Add the credentials for the service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials. The Credentials
Overview page appears.
2. In the credentials table, click Add.
3. In Username and Password, enter the user name and password for the service account.
4. Leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in the database.
Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use
plain-text credentials only for debugging purposes.
5. In Domain, enter the FQDN of the service account.
6. Click Add to save your entries.
4. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.269https://docs.citrix.com
2. If the SCVMM server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the SCVMM server.
2. Under Server Connection Components, select Virtual Machine. Virtual Machine refers to the VirtualMachineWS.
3. Under Server Roles, select Virtual Machine Manager and then click Save. Virtual Machine Manager indicates that
SCVMM is installed on the server.
6. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the SCVMM server.
Server Role
Choose Virtual Machine.
Server
Choose the server where the VM web service is running.
Credentials
Choose the credentials for the service.
URL Base
Defaults to /VirtualMachine/VirtualMachine.asmx.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Citrix recommends that you change the setting from 200000 to 2000000 milliseconds. This increases the timeout
to about 35 minutes, needed for disk creation operations.
2. Click Save.
3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the
icon in the Test column for the SharePoint server. The icon turns green for a successful connection. A red icon
indicates an unsuccessful connection. Mouse over it for information about the failed connection.
To synchronize resources
This procedure verifies the server role and connection configuration and retrieves information from the SCVMM server.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.270https://docs.citrix.com
1. From the Services Manager menu bar, choose Services > Virtual Machine > Configuration > Virtual Resource Manager.
2. Under Environment, choose the Location and SCVMM server. Incorrect entries in those lists indicate incorrect
configuration of server roles or server connections.
3. Click Refresh. The message "The Resources were updated successfully" appears. If it does not, verify the configuration.
4. Expand the resource folders and verify their contents:
1. Provide user-friendly labels and group names. For example, you might rename "Server03x64WE-DE” to “64-bit
Windows Server 2003 – German".
2. Review assignments.
3. Assign sets of items to groups, such as "SQL Server DVDs", to speed selection of resources during provisioning.
5. (Optional) Import existing Hyper-V VMs into the Service Manager customer: Before moving a VM to a customer, verify
that it resides on a host assigned to that customer, along with the relevant VLANs.
1. Expand Virtual Machines and locate a VM not yet managed by Services Manager (their names appear dimmed).
2. Select the VM and use the right pane to search for a customer.
3. Click Provision.
To configure virtual networks
You can create the following types of VLANs:Dedicated – Can be assigned to one customer only (most commonly used).
Shared – Can be assigned to one or more customers.
Reserved – Not usable for customers. For instance, you might add an out-of-band management VLAN to ensure a
customer is not accidently placed into the same network.
Mandatory – Available to all customers.
You can assign multiple subnets to a VLAN and use Services Manager to define a default gateway, DNS servers, and range
for the subnet.
To configure virtual networks, choose Services > Virtual Machine > Configuration > Virtual Network Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.271https://docs.citrix.com
To provision the Virtual Machine service to customers
Jun 05, 2015
Updated: 2013-02-251. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the Virtual Machine service.
3. In the services list, click Virtual Machine. The Service Plan Configuration page appears.
4. In Customer Plan, select the plan you want to assign to the customer.
Note: The customer plan defines the properties of all virtual machines that are created, including CPU, memory, and the
total number of virtual machines that can be created.
5. In Management Server, select the SCVMM server to use for handling customer requests generated through Services
Manager.
Note: When the service is provisioned to the customer, this setting cannot be changed. To update the server, deprovision
the service for the customer and ensure the virtual machines are recreated on the new SCVMM server.
6. Under Virtual Resources, perform the following actions:
1. Expand the Hosts & Networks node and select the server you want to host the virtual machines and the network
under each host.
2. Expand the Machine Templates node and select the templates the customer administrator can use to create virtual
machines.
3. Expand the Guest OS Profiles node and select the operating systems the customer administrator can assign to the
machine templates.
4. Expand the DVD Images node and select the images the customer administrator can mount on virtual machines.
5. Expand the CPU Types node and select the CPUs the customer administrator can use for virtual machines.
7. Under Networking, expand the node for the type of VLAN you want to assign and select the VLAN to assign as the
customer's virtual environment.
8. Under Resource Configuration, to customize the settings assigned by the package template you selected in Step 4, clear
the Auto select package resource limits check box and make the appropriate changes.
9. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enable check box and enter the total number of users the customer can provision.
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
10. Click Provision to enable the customer to create virtual machines.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.272https://docs.citrix.com
To add virtual servers
Jun 05, 2015
Updated: 2013-05-17Before adding virtual servers through the Virtual Machine service, you must ensure a host exists on the SCVMM server and
that Services Manager can communicate with the host. To do this, see the article CTX129850, "How to Add a New Hyper-V
Host to Cortex," in the Citrix Knowledge Center.
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Under Machine Management, click New Virtual Machine. The Virtual Server Manager appears.
3. Under Virtual Machine Identity, enter a computer name and description for the new virtual machine.
4. Under Source Templates, perform one of the following actions:
Select Create a new virtual machine with a blank disk to create a virtual machine without using a source image.
Select Use an existing virtual machine template to create a virtual machine using a source image that you select from
the Machine Template drop-down box.
5. Under Guest Operating System, perform the following actions:
1. In Template, select the operating system you want to install.
2. In T ime Zone, select the time zone for the server.
3. In Product Key, enter the software product key for the selected operating system. If the product key has been
included in the operating system template, a note appears to this effect.
4. In Administrator Password, specify the password for the machine's local administrator account. If the password has
been included in the operating system template, a note appears to this effect.
6. Under Hardware, perform the following actions:
1. In CPU, specify the number and type of cores for the new virtual machine.
2. In Memory, specify the amount of available memory for the new virtual machine.
3. Configure the virtual devices associated with the machine. For example, to add a disk drive to the machine, click New
Disk. When you add devices, a configuration box appears where you can define the device's properties such as device
channel, media (for DVD devices), type, and size.
Note: After the virtual machine is provisioned, you can only increase the disk size. You cannot decrease it. To modify
the virtual machine's hardware, you must f irst stop the machine.
7. Under Network Adapters, perform the following actions:
1. Choose the network adapter to use for the virtual machine and click Add network adapter.
2. Configure the network adapter, if necessary, to connect to a specif ic network and configure the machine's MAC
address.
8. To start the virtual machine immediately after it is provisioned, select the Start the virtual machine check box.
9. Click Provision to save your selections.
After you have added the virtual servers, ensure that customers can access their virtual machines by setting up remote
connectivity. To do this, see the article CTX129846, "How to Connect to a Virtual Machine," in the Citrix Knowledge Center.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.273https://docs.citrix.com
Record virtual server states with checkpoints
Jun 05, 2015
Updated: 2013-02-11Checkpoints capture the state of a virtual machine at a certain moment in time. You can then use the checkpoint torestore the virtual machine to the state it was in when the checkpoint was created.
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Select the virtual machine for which you want to create a checkpoint.
3. On the Checkpoints tab, in the Checkpoint Management table, click Add. A blank text box appears in the Name column.
4. Type the name of the checkpoint and then click Update.
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Select the virtual machine whose state you want to restore.
3. On the Checkpoints tab, select the checkpoint you want to use.
4. Click Restore. The restore request is sent to the host machine. To view the progress of the restore, click the Status tab.
The Most Recent Task section displays the progress of each task the host machine processes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.274https://docs.citrix.com
Windows Web Hosting
Jun 05, 2015
Updated: 2013-02-11For information about the requirements for deploying the Windows Web Hosting service, refer to Plan to deploy the
Windows Web Hosting service.
Deploying the Windows Web Hosting service involves the following tasks:Install the Windows Web Hosting web service
Configure the Windows Web Hosting service
To provision Windows Web Hosting services to resellers
Provision the Windows Web Hosting service to customers
After deploying the Windows Web Hosting service, use the following the topics to add and import web sites, manage website directories and subdomains, and install web applications:
To import existing web sites for a customer
To add default documents to a web site
Manage web site directories
To install web applications
To add or remove subdomains
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.275https://docs.citrix.com
Install the Windows Web Hosting web service
Jun 05, 2015
Updated: 2013-02-15The Windows Web Hosting web service is installed on all web servers in your environment that you want to make available for provisioning web sites to
customers. You can install the Windows Web Hosting web service using either the graphical interface of the Services Manager installer or through the
command line. After the installation process finishes, you can enable the service and continue configuration through the control panel.
The installation process includes preliminary configuration to create the web service account, local file share, and FTP site. This process also creates an
FTP User Isolation account for accessing each customer's service OU in Active Directory.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Add Services & Locations.
2. On the Add Services & Locations page, select Install Services.
3. Accept the License Agreement and then click Next.
4. On the Select Web Services page, select Windows Web Hosting Service and then click Next.
5. On the Ready to Install page, review your selection and then click Install.
6. After the installation f inishes, click Finish.
7. On the Installed Services page, click Configure next to the IIS web service list item.
8. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the web service account. The default user name is csm_iis_svc. This f ield is unavailable when you elect to auto-
generate credentials.
Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active
Directory.
Service port: Enter the port used by the web service. The default port is 8095.
9. On the Create FTP Site page, enter the following information and then click Next:
External address: Enter the name of the server that customers will access to manage their hosted content. By default, the local server name is
entered.
Binding IP: Enter the IP address through which the server receives incoming connections. By default, all IP addresses are included.
Use SSL: Select this option to secure FTP transmissions with SSL. Citrix strongly recommends this option if you are deploying the service in a
production environment.
SSL Certif icate: Specify the SSL certif icate you want to use. This item is not available if you do not elect to use SSL.
Content f ile share: Specify the f ile share that customers will access to store hosted content. The default f ile share is C:CsmWebHosting.
10. On the FTP User Isolation page, enter the following information and then click Next:
Auto-generate credentials: Leave this check box selected to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the web service account. The default user name is IISFTPUser. This f ield is unavailable when you elect to auto-
generate credentials.
Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active
Directory.
11. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When
the summary contains the settings you want, click Next. The Configuration Tool configures the web service and displays progress.
12. Click Finish and then click Exit to close the Configuration Tool.
1. On an IIS server in your environment, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:WinWebHosting. The Setup Tool installs the web service and returns the command
prompt.
4. At the command prompt, enter install-locationServicesWinWebHostingWSConfigurationIISConfigConsole.exe and specify the following properties:
Propert yPropert y Descript ionDescript ion
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.276https://docs.citrix.com
/UserName:username Impersonation account for the Windows Web Hosting service. This parameter is optional if you are using
/GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True | False Optional. Create the service account in Active Directory.
/GenerateCredentials:True |
False
Optional. Generate password for the service account.
/FtpFileShare:f ile-path Optional. The location of the FTP f ile share. Default = %SystemDrive%WebHosting
/FtpSiteIp:ip-address Optional. The site binding IP address. Default = * (all assigned)
/FtpSiteName:site-name Optional. The name of the FTP site. Default = Services Mgr Web Hosting FTP
/FtpSslCertThumbprint Optional. The thumbprint of the SSL certif icate used to secure the FTP site.
/FtpUseSsl:True | False Optional. Whether or not SSL is used for the FTP site.
Propert yPropert y Descript ionDescript ion
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample installation command string
The following command performs the initial configuration of the web service.install-locationServicesCitrixWSConfigurationIISConfigConsole.exe /UserName:iis_svc_acct /Password:password /ServicePort:8095
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.277https://docs.citrix.com
Configure the Windows Web Hosting service
Jun 05, 2015
Updated: 2013-04-18Windows Web Hosting for Services Manager provides Windows-based web hosting from the cloud, with IIS support andDNS management.
1. Enable the service (top level) and create a customer plan:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Windows Web-Hosting.
2. Click Customer Plans, create a default customer plan, click Apply changes, and then click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand Windows Web-Hosting, and click Save.
3. Add the credentials for the web hosting service account:
1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials. The Credentials
Overview page appears.
2. In the credentials table, click Add.
3. In Username and Password, enter the user name and password for the service account.
4. Leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in the database.
Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use
plain-text credentials only for debugging purposes.
5. In Domain, enter the FQDN of the service account.
6. Click Add to save your entries.
4. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the server where the Windows Web Hosting service is installed.
2. Under Server Connection Components, select IIS.
3. Under Server Roles, select Windows Web-Hosting, and then click Save.
5. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the web service.
Server RoleServer Role
Choose IIS.
ServerServer
Choose the server where the Windows Web Hosting Services are installed.
Credent ialsCredent ials
Choose the credentials for the Windows Web Hosting Services.
URL BaseURL Base
Defaults to /IISWS/IIS.asmx. For IIS 7, change the value to /IISWS/IIS7.asmx.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.278https://docs.citrix.com
Prot ocolProt ocol
Select http.
PortPort
The port for the IIS service. Defaults to 8095. If you change this port, it must match the port for the web hosting
service.
T imeoutT imeout
Defaults to 200000 milliseconds.
VersionVersion
Select IIS7.
2. Click Save.
3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the
icon in the Test column for the web server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
6. Create a server collection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Collections.
2. If the Location Filter appears, select the relevant location from the list.
3. Click New Server Collection.
4. Enter a Name for the collection, such as WindowsWebHosting. The name cannot contain spaces.
5. From the Service list, choose Windows Web-Hosting.
6. In the Servers list, select the server and then click Save.
7. Configure the service (location level):
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment, select Active
Directory Location Services, choose a Location Filter if applicable, and expand Windows Web-Hosting.
2. Click Customer Plans, expand the default plan, and enable Server Collection.
3. Expand IIS Version, select the version, click Apply changes, and then click Save.
You can use Services Manager to retrieve a certificate list from the web server and manage the certificates for customers.
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Resources > Web Servers,
expand the web server, and then click Retrieve.
2. Click Edit and then configure the applicable settings. The Public setting makes the certif icate available to all resellers and
customers. To make a certif icate available only to some nodes in the hierarchy, enable it only for those nodes.
You can add, change, and remove IP addresses from web servers as described in the following steps. Then, when you
provision the service, you can enable the addresses.
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.279https://docs.citrix.com
2. Expand the server and scroll to IP Address Management.
3. Click Retrieve and then add, edit, and delete IP addresses as needed.
4. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.280https://docs.citrix.com
To provision Windows Web Hosting services toresellers
Jun 05, 2015
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Windows Web-Hosting service check box and then click the Windows Web-Hosting service name. The
Reseller Service Setup page appears.
5. Enable the Web servers and resources the reseller can offer to customers.
6. From the Customer Plans table, select the plans the reseller can offer to customers.
7. Under Resource Configuration, to customize the resource limits for the Web site storage, clear the Auto select package
resource limits check box and make the appropriate changes.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Web hosting services to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.281https://docs.citrix.com
Provision the Windows Web Hosting service tocustomers
Jun 05, 2015
Updated: 2013-02-11To provision the Windows Web Hosting service to customers, you perform the following tasks:
Configure the IIS servers and resources that the customer will use for hosting web sites
Provision a web hosting instance to the customer
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.
3. In the services list, click Windows Web-Hosting configure resources.
4. Under Servers and Resources, in Resource View, select one of the following views to display available resources:
None displays no resources.
Customer displays the total resources currently provisioned to the customer.
Reseller displays the total resources for Web sites and customers that have been provisioned by the reseller.
All displays the total resources for Web sites that have been provisioned to the reseller's customers as well as to the
reseller itself .
5. In the resource tree, expand a server collection node. The tree displays the servers configured to host the Web Hosting
service.
6. Select the servers and resources to use when provisioning Web hosting instances for the customer.
7. Click Save to save your selections.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.
3. In the services list, click Windows Web-Hosting create an instance.
4. In Instance Name, type the name of the Web hosting instance and click Create.
5. In Customer Plan, select the template to assign to the customer.
6. In Web Host Server, select the server to host the customer's Web site.
7. Under Site Bindings, click Add and enter the site binding details for the customer's Web site.
8. Click Update to save your entry.
9. Under Resource Configuration, to customize the default service settings, clear the Auto select package resource limits
check box and make the appropriate changes.
10. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enabled check box and enter the total number of users that can be provisioned.
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
11. Click Provision to create the customer's Web site.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.282https://docs.citrix.com
To import existing web sites for a customer
Jun 05, 2015
Updated: 2013-02-25The Web Site Import tool enables service providers to import and configure IIS 7 web sites for customers. After provisioning,
the customer's administrator can manage the site using the IIS Manager.
Before importing web sites, the following prerequisites must be met:The user performing the import must have Service Provider Administrator privileges.
The web server currently hosting the sites is configured with the Windows Web-Hosting server role (Configuration >
System Manager > Server Roles).
The web server currently hosting the sites is included in an applicable server collection (Configuration > System Manager
> Server Collections).
A server connection has been set up for the web server currently hosting the sites (Configuration > System Manager >
Server Connections).
The customer for whom the web sites are imported has a Services Manager account. However, the Windows Web-
Hosting service does not need to be provisioned to the customer. When the f irst web site is migrated, Services Manager
provisions the Windows Web-Hosting service and enables the server hosting the site.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > Web Site Import.
2. Under Server Connection, perform the following actions:
1. In Location, select the location where the server resides.
2. In Web Service, select the server that is configured with the Windows Web-Hosting service. In Server, select the server
that is hosting the web site you want to import.
3. Click Load. A list of all the web sites that are present on the server appears.
4. From the site list, select the web site you want to import. The Site Import Manager page appears.
5. In Customer Search, type the name of the customer for whom you want to import the site.
6. Click Load. The page refreshes and displays the customer's name and primary domain.
7. Under Service Setup, in Instance Name, type the name of the instance that does not contain spaces. This name appears
as an instance in the customer's services list.
8. In Customer Plan, select the package template to which the server is assigned.
9. Click Provision to import the web site.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.283https://docs.citrix.com
To add default documents to a web site
Jun 05, 2015
Updated: 2013-02-25In IIS, default documents are files that are automatically served when a user accesses the customer's web site but does
not request a specific file. A default document might be the customer's home page or a file list (if directory browsing is
enabled).
When a customer is provisioned with an instance of Windows Web Hosting, the following default documents are createdin the web site's root directory:
Index.htm
Index.html (IIS 7 only)
Index.cfm (IIS 7 only)
Default.asp
Default.aspx (IIS 7 only)
Default.htm
iisstart.htm (IIS 7 only)
Note: Index.php is created only when the Web Hosting instance is configured with PHP Framework settings.The default documents that are created in the web site root directory are automatically passed to any subdirectories that
are created.
Default documents can be modified at the root web site level or at the subdirectory level. If a document is added at the
root level, it is applied to all subdirectories.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager
displays the customer's available web sites.
2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder
structure appears in the Web Site pane.
3. In the Web Site pane, click the folder where you want to add the new default document.
4. On the Settings tab, under Default Documents, enter the new document name in the text box.
Note: The document names in this box appear in ranked order. If you want the new document to be the f irst one IIS
serves to users, place it at the top of the list.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.284https://docs.citrix.com
Manage web site directories
Jun 05, 2015
Updated: 2013-02-11
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager
displays the web sites available to you.
2. From the Site drop-down box, select the web site for which you want to create the subdirectory. The site's folder
structure appears in the Web Site pane.
3. In the Web Site pane, click the folder under which you want to create the subdirectory.
4. On the Folders tab, in New Directory, enter the name of the subdirectory you want to create.
5. Click Create. The new subdirectory appears beneath the site root directory in the Web Site pane.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager
displays the web sites available to you.
2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder
structure appears in the Web Site pane.
3. In the Web Site pane, click the folder you want to rename or remove.
4. On the Folders tab, in Current Directory, perform one of the following actions:
To rename the subdirectory, enter a new name and click Rename.
To remove the subdirectory, click Delete.
Directory browsing allows a subdirectory of your web site to display a list of the files it contains when users access it with a
web browser. You can enable directory browsing at the site root level or at the subdirectory level. If configured at the site
root level, directory browsing applies to all subdirectories in the web site.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. In the Web Site pane, select the Web application you want to configure.
3. On the Settings tab, under Application Settings, select the Directory Browsing check box.
4. Click Update to save your selection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.285https://docs.citrix.com
To install web applications
Jun 05, 2015
Updated: 2013-02-25If a customer's web site involves serving dynamically-generated content, the subdirectories containing that content can bepublished as web applications.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. In the Web Site pane, select the folder you want to publish as a web application.
3. On the Settings tab, under Install Application, click Install. The IIS Site Manager page refreshes and the selected folder is
displayed as a web application.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.286https://docs.citrix.com
To add or remove subdomains
Jun 05, 2015
Customers can add or remove subdomains, or host headers, that are bound to their Web site. This allows the customer toconfigure multiple Web sites using a single Windows Web Hosting instance.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. From the Site drop-down box, select the Web site for which you want to create the subdomain. The site's folder
structure appears in the Web Site pane.
3. On the Domains tab, under Add Site Bindings, enter the new subdomain name and then click Add. The subdomain is
added to the list of identities for the root Web site.
4. To delete a subdomain, under Remove Site Bindings, select the subdomain from the drop-down box and then click
Remove.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.287https://docs.citrix.com
Export and import service packages
Jun 05, 2015
Updated: 2013-02-11Before exporting or importing service packages, ensure the following requirements are met:
Verify that the source and destination environments for the service package have the same version of Services Manager
installed.
Verify that a user is configured with the two schema administrator roles (All Services Schema Administrator and Service
Schema Administrator), required to create a custom service or import or export a service.
Create the service (Configuration > System Manager > Service Deployment) or configure the property, customer plan,
and/or user plans to be transferred.
Test and validate the service to be exported. A service that contains errors will not appear in the Services Manager
control panel.
You can export and import customer services to transfer them between different Services Manager environments. For
example, service developers can create custom services and provide them to customers to import into their environments.
Customers can customize service settings and user plans in a test environment and then migrate the settings to a
production environment by exporting and importing services.
Service export and import is available for the services provided with Services Manager as well as for customized services. A
customized service is created through the control panel, from Configuration > System Manager > Service Schema.
To transfer a service between environments, export a service to a file and then import that file into a different Services
Manager environment, as described in this topic. The import deploys and enables the service at the Top Environment
Services level.
The export package file includes service properties, customer and user plans, roles and permissions, validation controls, web
server controls and assemblies, and provisioning engine assemblies, actions, and rules. A custom service created from the
Service Schema page includes only the database records for the service settings and plan properties. Before exporting a
custom service, add to it any provisioning engine or web server assembly (.dll) files that contain the code needed to run
actions on the provisioning server or to display custom user controls when provisioning the service on the web page. On the
Service Deployment page and at the Top Environment Services level, create default plans for the base service offering and
update default service properties such as patterns for file locations.
1. Log on to the Services Manager control panel.
2. From the Services Manager menu bar, choose Configuration > System Manager > Service Schema.
3. Expand the service to be exported.
4. Click Export to view the Export service to f ile area.
5. (Optional best practice) Specify the Creator, URL, and Version for the service. The URL should be the full path to the
developer’s site.
6. In the Preview area, review the items to be included in the export f ile and update as needed.
7. To add an assembly f ile (.dll) to the export package for a custom service:
1. In the Add f ile area, click Browse, navigate to the .dll f ile, and click Open.
2. Choose the folder for the dll f ile and then click Add.
8. Click Export.
9. Save the exported f ile.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.288https://docs.citrix.com
1. Log on to the Services Manager control panel. This operation requires these user roles: All Services Schema Administrator
and Service Schema Administrator.
2. From the Services Manager menu bar, choose Configuration > System Manager > Service Schema.
3. Under Service Management, click Import a service.
4. Click Browse to navigate to and select the service and then click Open.
5. To review the items included in the package f ile, click Preview and update the selections as needed. Components that
already exist on the system are highlighted.
6. Click Import. An “Import Complete” message displays, followed by a list of the actions performed during the import.
When web components are imported, Services Manager restarts and automatically logs out all users.
7. Restart all provisioning servers across all locations. The provisioning servers are updated with any new rules and f iles.
8. Use the control panel to update customer and user plans and service settings as needed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.289https://docs.citrix.com
Create and provision additional user and customerplans
Jun 05, 2015
Updated: 2013-02-11When you configure a service for the f irst time, you create the initial user and customer plans that are eventually sold toResellers and customers. However, adding more plans later does not require the same level of configuration that wasrequired during service configuration. After the service is fully configured, you can create additional user or customer plansand:
Enable Resellers to offer additional levels of service to their customers.
Migrate customers’ users to a new user plan using the Package Migration Wizard. For more information about
performing this task, refer to the topic To migrate users to different user plans in bulk with the Package Migration
Wizard in Citrix eDocs.
This topic assumes the following conditions:You have fully configured the services for which you are creating more plans.
You have at least one user plan and one customer plan enabled and available for provisioning.
Use this topic as a guide for creating more plans and making them available to Resellers and customers. For more
information about configuring service-specific settings, consult the service’s configuration instructions in the Deploy
services section of the Services Manager product documentation in Citrix eDocs.
1. Create and configure a user plan for the desired service at the Top Environment Level:
1. From the Services Manager menu bar, click Configuration > System Manager > Service Deployment.
2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.
3. Click User Plans, enter a Name for the user plan, and then click Create.
4. Perform any additional configuration required.
5. Click Apply Changes, and then click Save.
2. Enable and configure the user plan at the Location level:
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
2. Expand the desired service, click User Plans, and then select the Enabled check box for the new user plan.
3. Expand the new user plan and update applicable settings.
4. Click Apply Changes and then click Save.
3. Provision the user plan to the top Reseller:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the Reseller and click Search. The specif ied customer is selected.
2. Expand the Reseller service and then expand the service for which you added the new user plan.
3. Select the Enabled check box for the new user plan.
4. Click Apply Changes and then click Provision.
4. Repeat Step 3 for any other Resellers in the hierarchy.
5. Provision the user plan to the customer:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the customer and click Search.
2. Expand the desired service and click Advanced Settings.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.290https://docs.citrix.com
3. Under User Plans, select the Enabled check box for the new user plan.
4. Click Provision.
1. Create a customer plan for the desired service at the Top level:
1. From the main menu, choose Configuration > System Manager > Service Deployment.
2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.
3. Click Customer Plans, enter a Name for the customer plan, and then click Create.
4. Perform any additional configuration required.
5. Click Apply Changes, and then click Save.
2. Enable and configure the customer plan at the Location level:
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
2. Expand the desired service, click Customer Plans, and then select the Enabled check box for the new customer plan.
3. Expand the new customer plan and update applicable settings.
4. Click Apply Changes and then click Save.
3. Provision the customer plan to the top Reseller:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the Reseller and click Search. The specif ied customer is selected.
2. Expand the Reseller service and then expand the service for which you added the new customer plan.
3. Select the Enabled check box for the new customer plan.
4. Click Apply Changes and then click Provision.
4. Repeat Step 3 for any other Resellers in the hierarchy.
5. Verify the new customer plan is available for provisioning:
1. From the Customer Services page, expand the desired service.
2. In Customer Plan, click the drop-down box to view the available plans. The newly added customer plan is displayed and
is available for selection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.291https://docs.citrix.com
View and filter provisioning requests
Jun 05, 2015
Updated: 2013-02-11Services Manager enables administrators to review the current status of provisioning requests after they have been
submitted to the provisioning engine.
Administrators can view these requests through the Services Manager system or with an RSS feed. Administrators can also
search for a specific request.
Using the Services Manager control panel, administrators can view the following information:The type of provisioning request (e.g., Bulk Request, Object Provision, Object Deprovision, etc.)
The service and customer for whom the request is created
The date on which the request is executed
The subrequests that are executed as part of the provisioning request and their transaction logs
If all subrequests in a provisioning request execute successfully, the request displays a green status indicator. If some
subrequests do not execute successfully, the request displays a yellow triangle status indicator which, later, changes to a
red status indicator.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
2. To view the transaction logs and subtasks executed in a provisioning request, click the Request Type entry and then
expand the Request Logs or Sub-Requests nodes.
The Services Manager RSS feed enables administrators to receive notifications whenever a provisioning error occurs.
Because the RSS feed is secured using Windows authentication, an RSS reader that supports digest authentication is
required. You can change the authentication method through IIS, if necessary.
The URL for the RSS feed is http://YourHostHeaderName/cortexdotnet/Rss/CortexProvisioningErrorsRss.aspx.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
2. Under Request Filter, use the following f ilters to refine the list of provisioning requests:
Type displays requests of a specif ic type such as Object Provision.
My Requests and All Requests displays requests that you have created or all requests in the system.
Request Status displays requests of a particular status that have been recorded during the life of the system. For
example, using this f ilter to f ind requests with the Provisioned status displays requests with a green status indicator in
the Status column.
Object Status displays requests where the current status of subrequests matches the status selected.
Note: Using this f ilter to f ind subrequests with the Provisioned status might display some failed provisioning requests
in f iltered results. However, the subrequest itself is not necessarily in a failed state. For example, a provisioning request
to move a customer's user from one Hosted Exchange package to another might fail because the Services Manager
system cannot f ind the mail store for the new package. Although the provisioning request failed, the user is still
attached to the current package.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.292https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.293https://docs.citrix.com
Provision services and customers in bulk
Jun 05, 2015
Updated: 2013-02-11Services Manager enables service providers to create bulk provisioning requests for existing customers and users. Serviceproviders can use this feature to apply service updates to existing customers in one operation. Service providers can use thefollowing options:
Bulk Reprovisioning creates requests for users and services of a single customer.
Bulk System Provisioning creates requests for all users and all customers
When a provisioning request is created, it is sent to the provisioning engine and a confirmation message is displayed. Any
errors in the actual provisioning transaction appear on the Customer Services page of the control panel.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk Reprovisioning.
2. Under Customer Search, enter the name of the customer whose users you want to reprovision and click Search.
3. Select one of the following options:
Re-provision all users creates a request to reprovision all users of the specif ied customer.
Re-provision all customer services creates a request to reprovision all the services originally provisioned to the specif ied
customer.
Re-provision all user services creates a request to reprovision all the services originally provisioned to the specif ied
customer's users.
Re-provision a specif ic service to all users creates a request to reprovision a selected service to all users of the
specif ied customer, regardless of whether or not the service was originally provisioned to all users.
4. Click Provision. The provisioning request is created and sent to the provisioning engine. To view the status of the request,
click Configuration > Provisioning & Debug Tools > Provisioning Requests.
Use the Bulk System Reprovisioning feature to issue provisioning requests that affect all customers or users in the Services
Manager system. For example, you can create a request for all customers or users to be reprovisioned with services based
on whether or not the services were provisioned successfully on a previous attempt.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk System Provisioning.
2. Under Entity, select one of the following options:
Customers creates a provisioning request for all customers in the Services Manager system.
Customer Services creates a request for a selected service to be reprovisioned to all customers in the Services
Manager system.
Users creates a provisioning request for all users in the Services Manager system.
User Services creates a request for a selected service to be reprovisioned to all users in the Service Manager system.
3. Under Current Status, select one of the following options:
Provisioned specif ies requests that have been successfully provisioned for the selected entity.
Provisioning failed specif ies requests that have been unsuccessfully provisioned for the selected entity.
Provisioning and Provisioning failed specif ies all requests submitted for the selected entity.
4. Click Provision. The request is sent to the provisioning engine. To view the status of the request, click Configuration >
Provisioning & Debug Tools > Provisioning Requests. Any resulting errors appear on the Customers or Users pages of the
control panel.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.294https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.295https://docs.citrix.com
To migrate users to different user plans in bulk withthe Package Migration Wizard
Jun 05, 2015
Use the Package Migration Wizard to move multiple users from one user plan to another user plan. When you specify theservice and user plan from which to migrate, Services Manager can automatically select the customers and users whomatch the criteria. If the users you are migrating belong to customers that have not been provisioned with the target userplan, Services Manager can create the required package and complete the migration.This process creates a bulk provisioning request that you can track on the Provisioning Requests page. To make tracking
easier, you can specify a unique name and description for the request.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Package Migration Wizard.
2. Under Wizard Setup, select any of the following wizard options and then click Next:
Select all customers selects for migration all customers with the specif ied source plan.
Select all users selects for migration all users in the Services Manager system with the specif ied source plan.
Generate missing destination packages enables Services Manager to create the target user plan for users belonging
to customers who are not provisioned with the target user plan.
3. Under Service Selection, in Service, select the service containing the user plan from which you want to migrate and then
click Next.
4. Select the user plan from which you want to migrate and click Add selected packages. The selected user plan appears in
a table, in the Source column.
5. From the package table, in the Destination column, select the plan to which you want to migrate and then click Next. A
table displays the customers that match the selected service and source user plans.
6. Ensure the customers you want to migrate are selected and then click Next. The source and destination user plans are
displayed.
7. To verify the appropriate users are selected, perform the following actions:
1. Click the source user plan and then click the customer name.
2. On the Users screen, select or clear the Selected check box as required for any users that you do or do not want
migrated.
3. Click Save and then click Save again to save your changes.
8. Under Request Details, enter a name and description for the provisioning request so it can be easily tracked on the
Provisioning Requests page.
9. Click Finish. Services Manager creates the provisioning request and sends it to the provisioning engine. To view the status
of the request, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.296https://docs.citrix.com
Upgrade
Oct 05, 2016
Updated: 2014-10-09CloudPortal Services Manager 11.5 supports in-place upgrading from CloudPortal Services Manager 11.0.1, including
Cumulative Update 1 and Cumulative Update 2.
If you are using CloudPortal Services Manager 10, you must upgrade to Version 11.0.1 first, before you can upgrade to
Version 11.5. For more information, refer to the topic Upgrade from CloudPortal Services Manager 10.
If you are using CloudPortal Services Manager 11, ensure you are using Version 11.0.1. For more information about upgrading
your deployment to Version 11.0.1, refer to CTX138867, "Upgrading CloudPortal Services Manager 11.0 to Version 11.0.1."
Upgrading your CloudPortal Services Manager 11.0.1 deployment to version 11.5 involves several steps that you perform insequence. To prepare your deployment for upgrading, perform the following tasks:1. If required, deprovision the Hosted Apps and Desktops service from customers.
2. Disable all locations in your deployment by stopping the Directory Web Service, Provisioning Engine, and Web platform
components.
3. Back up all Services Manager databases (OLM, OLMReports, OLMReporting).
If you have customers who are provisioned with the Hosted Apps and Desktops service that was included in CloudPortal
Services Manager 11.0.1, you must deprovision the service from these customers before performing the upgrade. The
Hosted Apps and Desktops service in version 11.5 includes a new service schema that is incompatible with this version of the
service. Deprovisioning the service ensures the upgrade occurs smoothly and affects only the customer entitlements in
CloudPortal Services Manager; it does not affect the hosted application and desktop resources that you have allocated to
these customers.
If you have customers who are provisioned with the Hosted Apps and Desktops 11.2 service, which was released after
CloudPortal Services Manager 11.0.1, you do not need to take any action. The upgrade occurs as it would for any other
web service.
During the upgrade process, the Configuration Tool removes the Hosted Apps and Desktops service and installs the new
version. After the upgrade is complete, you can reprovision the service to customers.
After you have completed the preparation steps, you can perform the upgrade. The following table lists the required stepsand the instructions for performing them. Perform these steps in the order shown.
St ep #St ep # T o perf orm t his t ask...T o perf orm t his t ask... ...ref er t o t his t opic....ref er t o t his t opic.
1. Deploy the Encryption Service Install and configure the Encryption Service
2. Upgrade the system databases Upgrade system databases
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.297https://docs.citrix.com
3. Upgrade and reconfigure platform server roles Upgrade platform server roles
4. Upgrade and reconfigure web services in use Upgrade web components
5. Upgrade the Reporting service Upgrade the Reporting service
St ep #St ep # T o perf orm t his t ask...T o perf orm t his t ask... ...ref er t o t his t opic....ref er t o t his t opic.
After you have finished all the upgrade steps, re-enable all locations in your deployment by starting the Directory Web
Service, Provisioning Engine, and Web platform components.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.298https://docs.citrix.com
Upgrade system databases
Oct 05, 2016
Updated: 2014-08-29Before upgrading the system databases, perform the following tasks:
Ensure you have installed and configured the Encryption Service on a server in your deployment
Ensure you have backed up all databases in your CloudPortal Services Manager deployment: OLM, OLMReports, and
OLMReporting
Important: The upgrade process makes irreversible changes to these databases. Creating backups ensures you can
recover and restart the upgrade process in the event of a failure.
This topic provides instructions for upgrading the system databases in CloudPortal Services Manager 11.0.1 to system
databases compatible with version 11.5.
You can perform this upgrade on the database server for the primary location or on a server that can connect to the
database server. When you perform the upgrade, the Configuration Tool imports the key from the Encryption Service and
then deploys a set of SQL scripts that are included on the CloudPortal Services Manager installation media. These scripts
prepare the system databases for upgrading the other components.
1. From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade System Databases and then click Install.
4. When prompted, accept the End User Licensing Agreement and then click Next.
5. Click Install. The Setup Tool installs the Configuration Tool and displays progress.
6. Click Finish to continue with the upgrade process.
7. On the Specify Primary Database Settings page, perform the following actions and then click Next:
1. Enter the following database details for the primary location:
In Server address, specify the database server for the primary location using the DNS alias, IP address, or FQDN.
In Server Port, select Use specif ic port and enter the port number used by the SQL Server. The port for the default
instance of SQL Server is 1433.
In Authentication Mode, select whether to use Integrated (Windows) or SQL authentication. By default,
Integrated is selected.
In Connect as, specify the username and password of the SQL administrator user. These f ields are available when
select the SQL authentication mode.
2. Click Test Connection to ensure the Configuration Tool can contact the SQL Server.
8. On the Confirm Databases Are Backed Up page, select This step has been completed and then click Next.
9. On the Summary page, review the database configuration information. If you want to change anything, click Back to
return to the appropriate configuration page.
10. Click Commit. The Configuration Tool imports the Encryption Service's key, launches the database upgrade scripts and
displays the upgrade progress.
11. When the upgrade is completed, click Finish. The Configuration Tool returns you to the Upgrade Existing Deployment
page.
Open the Command Prompt window and enter the following command:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.299https://docs.citrix.com
CortexConfigConsole.exe /Upgrade:DatabasesThe Configuration Tool launches the upgrade database scripts that perform the upgrade. When the upgrade is completed,
the command prompt is returned.
After upgrading the system databases, continue the upgrade process by upgrading the CloudPortal Services Manager
platform server roles. For more information, refer to the topic Upgrade platform server roles using the graphical interface or
command line.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.300https://docs.citrix.com
Upgrade platform server roles
Jun 05, 2015
Updated: 2014-08-13For upgrades, the term platform server roles applies to the Directory Web Service, Provisioning, and Web server roles only.
When you upgrade the Provisioning role, the Configuration Tool performs the following tasks:1. Back up the configuration f iles.
2. Stop the Queue Monitor service.
3. Disable all scheduled tasks.
4. Upgrade product f iles and applicable registry settings.
5. Import and save the Encryption Service key.
6. Restore configuration f iles and apply any XML updates.
7. Restart the Queue Monitor service.
8. Re-enable all scheduled tasks.
When you upgrade the Web server role, the Configuration Tool imports service package components such as service schema
and properties, and imports the Encryption Service key. For components that will be updated with newer versions, the
Configuration Tool gives you the option of overwriting the current version or ignoring the component.
The following customer data f iles are preserved during the upgrade process:
Upgraded server roleUpgraded server role Locat ion of preserved f ilesLocat ion of preserved f iles
Provisioning INSTALLDIR\Provisioning Engine\appSettings.config
INSTALLDIR\Provisioning Engine\CortexCommand.exe.config
INSTALLDIR\Provisioning Engine\CortexEventLogMonitor.exe.config
INSTALLDIR\Provisioning Engine\CortexQueueMonitor.exe.config
INSTALLDIR\Provisioning Engine\ProvisioningManager.exe.config
INSTALLDIR\Provisioning Engine\RequestGenerator.exe.config
INSTALLDIR\Provisioning Engine\RulesEditor.exe.config
Web INSTALLDIR\CortexWeb\Web.config
INSTALLDIR\CortexWeb\CortexDotNetWeb.config
INSTALLDIR\CortexWeb\CortexDotNetDownloads*
INSTALLDIR\CortexWeb\CortexDotNetpics*
INSTALLDIR\CortexWeb\CortexDotNetStylesheets*
INSTALLDIR\CortexWeb\CortexAPIWeb.config
Note: I f your deployment of CloudPort al Services Manager 11.0.1 includes cust omizat ions, be aware t hat youIf your deployment of CloudPort al Services Manager 11.0.1 includes cust omizat ions, be aware t hat youmight need t o updat e t hese cust omizat ions manually when you upgrade t o CloudPort al Services Managermight need t o updat e t hese cust omizat ions manually when you upgrade t o CloudPort al Services Manager11.5. For example, you might need t o updat e cust om st ylesheet s t o accommodat e changes in t he sit e11.5. For example, you might need t o updat e cust om st ylesheet s t o accommodat e changes in t he sit est ruct ure.st ruct ure.For instructions to upgrade the platform server roles, see Upgrade platform server roles using the graphical interface or
command line.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.301https://docs.citrix.com
Oct 05, 2016
Updated: 2014-08-29Use this topic to upgrade CloudPortal Services Manager platform servers from version 11.0.1 to version 11.5. Perform theupgrade on the servers hosting the following platform components:
Directory Web Service
Provisioning
Web
The upgrade process involves the following tasks:Upgrade the platform roles installed on each server in your deployment.
Reconfigure each role to f inalize the upgrade.
1. From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database
version. If the correct database version is not detected, the Setup Tool prompts you to manually verify the version and
click Next.
4. When prompted, accept the End User Licensing Agreement and then click Next.
5. On the Select Components page, select the components you want to upgrade. By default, installed components for
which upgrades are available are selected.
6. On the Ready to upgrade page, click Upgrade. The Setup Tool installs the Configuration Tool, upgrades the selected
roles or services, and displays progress.
7. On the Upgrade Complete page, click Finish.
8. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services.
9. On the Re-configure Upgraded Components page, select the component you want to reconfigure and click Finish
Upgrade.
10. Use the following table to configure the settings for each server role:
RoleRole PagePage Descript ionDescript ion
Directory
Web
Service
Enter
Directory
Service
Credentials
Enter the user name and password for the Queue Monitor service account. The
default user name is cortex_dirws_svc.
Provisioning Enter Queue
Monitor
Credentials
Enter the user name and password for the Queue Monitor service account. The
default user name is cortex_qmon_svc.
Report
Mailer
No configuration needed. Proceed to Step 11.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.302https://docs.citrix.com
Web Preview
Service
Package
Import
Review the service components that will be imported when the Web server role is
configured. Other service components, such as reports, are imported when the
Reporting service is reconfigured.
RoleRole PagePage Descript ionDescript ion
11. On the Summary page, click Commit.
12. When the reconfiguration is complete, click Finish.
13. Repeat Steps 1-12 for each server role you want to upgrade.
To upgrade platform components, you perform the following tasks:Upgrade the platform server roles using the Setup Tool
Reconfigure the platform server roles using the Configuration Tool
When running the Setup and Configuration Tools, use the following role names to specify the platform server roles youwant to upgrade:
Provisioning
DirectoryWebService
Web
1. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
2. At the command prompt, enter CortexSetupConsole.exe /Install:role-name /Upgrade . To specify multiple
components, use a comma-delimited list. The Setup Tool upgrades the specif ied role and returns the command prompt.
3. At the command prompt, enter CortexConfigConsole.exe /Upgrade:role-name. The Configuration Tool
reconfigures the specif ied role and returns the command prompt.
The following command upgrades the Provisioning server and Directory Web Service.CortexSetupConsole.exe /Install:Provisioning,DirectoryWebService /UpgradeAfter upgrading the platform server roles, continue the upgrade process by upgrading Services Manager web services. For
more information, refer to the topic Upgrade web components.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.303https://docs.citrix.com
Oct 05, 2016
Updated: 2014-08-14This topic describes the upgrade process of web components from CloudPortal Services Manager 11 to version 11.5. For
upgrades, the term web components refers to the control panel web site, the API web service, and all service related web
services.
During the upgrade process, the CloudPortal Services Manager Setup Tool updates all sites to run from the backup andputs all associated sites and application pools in a stopped state. Therefore, if the names of any of the sites or applicationpools in your deployment have been changed from the default, you must specify those changes in an XML f ile before youinitiate the upgrade. To create this f ile, use the following format:<Configuration> <Property Name="<service-id>.ApplicationPool" Value="MyAppPool" /> <Property Name="<service-id>.Application" Value="MyAppName" /> <Property Name="<service-id>.Site" Value="MySite" /></Configuration>The service-id property is the web service's deployment identifier used in the Configuration Tool.
After creating the XML f ile, you can initiate the upgrade using the following command:CortexSetup.exe /ConfigFile:path-to-XML-fi le /Upgrade
When you upgrade the web components, the Configuration Tool performs the following tasks:1. Stop the site and applicable web services in IIS.
2. Back up the site. The default f ile path for this backup is %ProgramData%\Citrix\CloudPortal Services Manager
Setup\Backups\Legacy\component-name.
3. Update physical paths in IIS to point to the site backup.
4. Update the site f iles in the %ProgramFiles% directory.
5. Copy updated site f iles from %ProgramFiles% to C:\Inetpub\site-name.
6. Restore customer content from site backup (for example, downloads, images, stylesheets, or scripts).
7. Restore web.config f ile from site backup and apply updates.
8. Imports and saves the Encryption Service key.
9. Update physical paths in IIS.
10. Restart site in IIS.
In the event a conflict arises during the upgrade, the sites remain in a stopped state and reference the backup created
earlier in the process. Site files in the %ProgramFiles% directory are updated and site content in C:\Inetpub\component-
name are reverted to the previous version. You can then review the configuration update file located in %ProgramFiles% and
make any necessary changes to the deployed web.config file.
For instructions to upgrade web components, see Upgrade web services using the graphical interface or command line.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.304https://docs.citrix.com
Oct 05, 2016
Updated: 2014-08-29Use this task to upgrade CloudPortal Services Manager web services from version 11.0.1 to version 11.5. Perform this task onthe servers hosting the following components:
Citrix
Hosted Exchange
Lync Enterprise 2010 and 2013
Lync Hosted 2010 and 2013
MySQL
SharePoint 2010 and 2013
Virtual Machine
Windows Web Hosting
The upgrade process involves the following tasks:Upgrade the web services installed on each server in your deployment
Reconfigure the web services to f inalize the upgrade
1. From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database
version. If the correct database version is not detected, the Setup Tool prompts you to manually verify that the system
databases have been upgraded and click Next.
4. When prompted, accept the End User Licensing Agreement and then click Next.
5. On the Select Components page, the Configuration Tool automatically selects the web services that are installed on the
server. Click Next.
6. On the Review Prerequisites page, the Configuration Tool displays the required software that will be installed to support
the upgraded web service. Click Next.
7. On the Ready to upgrade page, click Upgrade. The Configuration Tool upgrades the selected services and displays
progress.
8. On the Upgrade Complete page, click Finish.
9. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services. The Configuration Tool
attempts to retrieve the Encryption Service key.
10. On the Re-configure Upgraded Components page, click Finish Upgrade for the web service you want to upgrade. The
Configuration Tool attempts to contact the Encryption Service to retrieve the service's encrypted key. If the Encryption
Service cannot be contacted, the Configuration Tool prompts you to import the encrypted key manually using a key f ile.
To generate the key f ile, see Generate and export keyfiles for the Encryption Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was created when the key f ile was generated and then click Next.
12. On the Enter Service Credentials page, enter the User Name and Password for the web service's service account and
then click Next. By default, the Configuration Tool displays the default user name of the web service you are upgrading.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.305https://docs.citrix.com
13. On the Summary page, review the settings that will be reconfigured and click Next. The Configuration Tool restores and
upgrades the IIS site for the web service, imports the Encryption Service key, and displays progress.
14. When the reconfiguration is complete, click Finish and then click Exit.
When running the Setup and Configuration Tools, use the following information to specify the web service you want toupgrade and the location of its configuration console:
Web service nameWeb service name Conf igurat ion console locat ionConf igurat ion console locat ion
Citrix install-location\Services\CitrixWS\Configuration\CitrixServiceConfigConsole.exe
Exchange install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe
LyncEnterprise install-location\Services\LyncWS\Configuration\LyncConfigConsole.exe
LyncEnterprise2013 install-location\Services\LyncWS\Configuration\LyncConfigConsole.exe
LyncHosted install-location\Services\LyncHostedWS\Configuration\LyncHostedConfigConsole.exe
LyncHosted2013 install-location\Services\LyncWS\Configuration\LyncConfigConsole.exe
MySQL install-location\Services\MySQLWS\Configuration\MySQLConfigConsole.exe
SharePoint2010 install-location\Services\SharePoint2010WS\Configuration\SharePointConfigConsole.exe
SharePoint2013 install-location\Services\SharePoint2013WS\Configuration\SharePointConfigConsole.exe
VirtualMachine install-location\Services\VirtualMachineWS\Configuration\VMConfigConsole.exe
WinWebHosting install-location\Services\IISWS\Configuration\IISConfigConsole.exe
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files
(x86)CitrixCortex.
1. On the server hosting the web service, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /upgrade:web-service-name. The Setup Tool upgrades
the service and returns the command prompt.
4. At the command prompt, enter path-to-service-configuration-console /Upgrade. The Configuration Tool
reconfigures the web service and returns the command prompt.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.306https://docs.citrix.com
The following command upgrades the Citrix web service.CortexSetupConsole.exe /Upgrade:CitrixThe following command reconfigures the Citrix web service.install-location\Services\CitrixWS\Configuration\CitrixServiceConfigConsole.exe /UpgradeAfter upgrading all web services, continue the upgrade process by upgrading the Reporting service and data warehouse. For
more information, refer to the topic Upgrade the Reporting service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.307https://docs.citrix.com
Oct 05, 2016
Updated: 2014-08-15Migrating the data warehouse uses the public API of the Data Warehouse service and a Data Transfer configuration file to
update the required schema in the OLMReporting database and reprocess historical data. This process might run for an
extended period of time due to data reprocessing. You can monitor this process through the Data Warehouse logs located
at %PROGRAMDATA%\Citrix\CloudPortal Services Manager Setup\Logs\Data Warehouse Migration\timestamp.log.
Additionally, the %PROGRAMFILES%\Citrix\Cortex\Data Warehouse Service\log folder contains logs of errors that occur
while upgrading the OLMReporting database schema and data to the Version 11.5 format.
To initiate the upgrade, you can use the CloudPortal Services Manager graphical interface or the command line.Important: The user initiating the upgrade must be logged on as a domain administrator.When you upgrade the Reporting service, the Configuration Tool performs the following tasks:1. Back up the CloudPortal Services Manager 11 config.xml f ile, report definitions, and data sources.
2. Upgrade product f iles for the Reporting service.
3. Finalize the upgrade.
After the DataWarehouseMigrator.exe utility is f inished running, you manually restore any reporting customizations. Forexample:1. Redeploy any custom views or stored procedures to accommodate schema changes.
2. Migrate any custom commands in the Version 11 config.xml f ile to the Version 11.5 config.xml f ile to accommodate
schema changes.
3. Redeploy any report definition customizations.
For instructions to upgrade the Reporting service, see Upgrade the Reporting service using the graphical interface or
command line.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.308https://docs.citrix.com
Oct 05, 2016
Updated: 2014-08-29Upgrading the Reporting service involves backing up the config.xml file, RDL files, and data sources. The config.xml file is located at %PROGRAMFILES%\Citrix\Cortex\Data Warehouse\Data
Warehouse Service\config\config.xml. You can find the RDL files and data sources through the Report Manager web site for SQL Server Reporting Services. I f t he report ing definit ions and dat aIf t he report ing definit ions and dat a
sources have been moved t o anot her locat ion, you must back up t hese component s manually .sources have been moved t o anot her locat ion, you must back up t hese component s manually .
The user performing the upgrade must be logged on as a domain administrator.
1. From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database version. If the correct database version is not detected, the Setup Tool
prompts you to manually verify the version and click Next.
4. When prompted, accept the End User Licensing Agreement and then click Next.
5. On the Select Components page, select Reporting. By default, installed components for which upgrades are available are selected.
6. On the Review Prerequisites page, the Configuration Tool displays the required software that will be installed to support the upgraded component. Click Next.
7. On the Ready to upgrade page, click Upgrade. The Setup Tool installs the Configuration Tool, upgrades the selected components, and displays progress.
8. On the Upgrade Complete page, click Finish.
9. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services.
10. On the Re-configure Upgraded Components page, click Finish Upgrade. The Configuration Tool attempts to contact the Encryption Service and retrieve the encrypted key. If the Encryption Service
cannot be contacted, the Configuration Tool prompts you to import the encrypted key manually using a key f ile. To generate the key f ile, see Generate and export keyfiles for the Encryption
Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was created when the key f ile was generated. Click Next.
12. On the Preview Service Package page, review the service components that will be imported when the Reporting service is reconfigured. By default, only the Reporting service components are
selected. Other components, such as roles and assemblies, are imported when the Web server role is configured. Click Next.
13. On the Summary page, click Commit.
14. When the reconfiguration is complete, click Finish.
1. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
2. At the command prompt, enter CortexSetup.exe /Upgrade:Reporting. The Setup Tool upgrades the Reporting service and returns the command prompt.
3. At the command prompt, enter CortexConfigConsole.exe /Upgrade:Reporting and specify the following properties:
Propert yPropert y Descript ionDescript ion
/OlmPassword The password for the OLM database.
/OlmReportingPassword The password for the OLMReporting database.
/DwsUserName The user name for the data warehouse service account.
/DwsPassword The password for the data warehouse service account.
/AutoCreateDwsUser:True|False Optional. Create the data warehouse user account. Default = True
/DwsServer:hostname Optional. The hostname of the server hosting the data warehouse. Default = the name of the local computer
/DwsPort:port Optional. Inbound port to be used with the data warehouse. Default = 8095
/PackageFolder:path-to-service-packages Optional. The location of the Services folder on the Services Manager installation media, which contains the service packages.
/IgnoreErrors:True|False Optional. Whether or not to ignore service import errors. Default = True
/PurgeAgeInMonths Optional. The number of months after which older historical data is deleted. For example, specify 84 to delete data that is older than seven years.
The following command reconfigures the Reporting service and migrates the data warehouse.CortexConfigConsole.exe /Upgrade:Reporting /OlmPassword:password /OlmReportingPassword:password /DwsUserName:user-name /DwsPassword:password /IgnoreErrors:False
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.309https://docs.citrix.com
Oct 05, 2016
Updated: 2013-05-17Management tasks in CloudPortal Services Manager include creating and managing customers and users, assigning security
roles, using Workflow Approval to manage provisioning changes, and using reports.
Use the following topics to learn more about these tasks:Create and manage customers
Create and manage users
Manage security roles
Manage provisioning changes
Manage reports
Manage deployment
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.310https://docs.citrix.com
Sep 17, 2015
Updated: 2013-02-12A common task for a service provider or reseller to perform after logging on to the Services Manager control panel is tocreate a customer. A customer is a container that can consist of :
Hosted services that can be configured and made available (that is, provisioned) to the customer's users
A customer administrator who can create and manage users, and provision services to them
Users who access one or more services with which they have been provisioned
Additional customers (known as resellers) who, in turn, can create and manage customers and users of their own, and
provision services to them
To create a reseller, the service provider provisions a customer with the Reseller service. Resellers can, in turn, create their
own customers and enable them to be resellers as well. Service providers have access to advanced system configuration
functions, such as service configuration, which resellers do not.
As you create a customer through the control panel, you specify the customer location (that is, the hosted domain), its
Active Directory organizational structure (optionally), and any advanced properties. Advanced properties can include
password expiry rules, additional organizational structure, and service security roles. You can select one or more security
roles to enable the customer to administer available services. As a final step, the Provisioning engine creates an organization
structure and security groups in Active Directory for the defined customer.
Creating a customer consists of these initial steps:1. Create a new customer by selecting Customers > New Customer from the Services Manager menu bar.
You can quickly create a customer with minimal details: name, email contact information, and a domain name. Services
Manager assigns a default set of restricted and allowed security roles in this case. Alternately, you can add more detailed
information and choose roles for the customer and any inherited customers and users.
2. Create a customer administrator user to manage users and administer services in the customer's organization.
After creating a customer, Services Manager automatically prompts you to create an administrator user. You can cancel
this operation, but this first user created for a customer is always an administrator user.
3. Provision available services to a customer, an action performed by a service provider or reseller.
4. Create users to whom services are later provisioned, an action performed by a customer administrator.
5. Provision services to users, an action performed by the customer administrator.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.311https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.312https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.313https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.314https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.315https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.316https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.317https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.318https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.319https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.320https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.321https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.322https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.323https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.324https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.325https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.326https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.327https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.328https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.329https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.330https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.331https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.332https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.333https://docs.citrix.com
Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.
Some things to try:
Go to Docs.citrix.com and search or navigate for the content
Clear your browser cache and retry the link
Report the problem and we'll investigate
Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it
AppDNA
Citrix Cloud
Citrix Receiver
CloudBridge
CloudPortal Services Manager
NetScaler
NetScaler Gateway
NetScaler SD-WAN
ShareFile
VDI-in-a-Box
XenApp and XenDesktop
XenMobile
XenServer
Advanced Concepts
Developer
Legacy Documentation
/
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.334https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.335https://docs.citrix.com
Jun 05, 2015
Updated: 2013-02-12You can create users in the following ways:
Create a new user with the New User Wizard
Import many users by using the Bulk User Import feature, with user information defined in a Microsoft Excel spreadsheet
Move users from one customer to another customer
Creating a user through the Services Manager control panel consists of these initial steps:1. Create a new user by clicking Users > New User from the Services Manager menu bar. You can quickly create a user with a
minimum of information: name, user name and password, and display name.
2. Provision available services to the user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.336https://docs.citrix.com
Create users and configure account settings
Jun 05, 2015
Updated: 2013-01-04Service providers, resellers, and customer administrators with the User Administrator security role can create users for the
services provisioned to a customer. You can assign one or more security roles to the user you create. For more information
about the security roles available, see Assign user security roles.
To create a user
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to create a new
user. Under Customer Functions, click Users.
2. On the Users page, under Management, click New User.
3. Select or type the following information:
In UPN, type a user name that will be appended to the domain name that you select from the drop-down list. The
user name is automatically populated in the Username field. You can edit the Username field.
4. In First Names and Last Name, type the f irst and last name of the user. The Display Name field is automatically
populated with the f irst and last name of the user. You can edit the Display Name field.
5. Click Additional User Properties to add more information about the user.
6. To designate the user a test user, select the Test User check box.
Note: Test users are user accounts that are not added to billing reports. You can later edit this user and clear this check
box.
7. If you do not want to add more details, under Password Configuration, add a password for the user.
8. Click Provision to create the user.
To configure account settings for a new user
1. Click Additional User Properties to add more information about the user.
2. Expand Account Settings to configure the following options:
In Change password at next logon, select Yes to require the user to create a password when f irst logging on. Select
No to disable the change password feature.
In Set passwords to Never Expire, select Yes to prevent user passwords from expiring. Select No to allow the user
password to expire at regular intervals.
In Account Disabled, select Yes or No to enable or disable the user account. If you provision a user with its account
disabled, that user cannot log on to use services until you enable them by clicking Enable in User Functions.
In Account Locked, No is the only option and is selected by default.
In Account Expires, select Never to prevent account expiration. Select End of to choose the date when the account
expires.
Note: If an end date is selected, the Services Manager will automatically disable the user's account on the next
calendar day and they will not be able to access the Services Manager or any related services. Leave this setting as
Never if the user's account does not need to expire. This setting does not define the Password Expiry date as
configured by the Service Provider for the Active Directory domain's Group Policy.
3. Click Advanced Options to select security roles for the user. The Configure a custom role collection check box and all
security roles are selected by default. You can clear or select one or more roles for the user.
4. Clear Configure a custom role collection to select and assign one pre-configured role from the drop-down list.
5. (Optional) Expand Email Addresses to configure one or email addresses for the user. Otherwise, the Services Manager
automatically assigns an email address constructed from the UPN.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.337https://docs.citrix.com
6. When you are f inished, click Provision to create the user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.338https://docs.citrix.com
Create users with templates
Jun 05, 2015
Updated: 2013-05-07If you need to create users that have similar settings, you can use a template to create these users quickly. When you
create the template, you specify the user settings, including security roles, and the services to be provisioned when the
template is used. To create a new user, you select the template you want to use and then click New User from the User
Functions dialog box. The user details from the template are copied to the new user.
Templates are customer-specific; that is, they are accessible only to the administrator of a particular customer's account.
For example, a customer administrator cannot view or use the templates of a parent reseller, and the reseller cannot view
or use the templates of any of their customers.
Templates are stored in the system database as users. You can access existing templates from the Users page of the
control panel. Under Advanced Search, enter search criteria and select the Template user type.
To create a new template
1. From the Services Manager menu bar, click Users.
2. Under Management, click New Template User. The Create User page appears.
3. In Display Name, enter a name for the template user.
4. Click Additional Properties to add address and organizational details.
5. Click Account Settings to configure password change and expiration settings.
6. Click Advanced Options to select a security role for the template user. To customize the security role, select Configure a
custom role collection.
7. Click Save. The Provision Services page appears.
8. Select the services you want to provision when the template is used to create a new user.
9. Click Save.
To create a new user based on a template
1. From the Services Manager menu bar, click Users.
2. Find and select the template you want to use:
1. Under Advanced Search, in User Types, select Template.
2. Click Search. A list of all existing templates appears.
3. Select the template you want to use. The Create User page appears.
3. Under User Details, perform the following actions:
1. Enter the user's UPN and name information.
2. (Optional) Click Additional Properties and enter any additional location or organization details for the user.
4. Under Password Configuration, enter the user's password and confirm the entry.
5. (Optional) Under Account Settings, review the password settings and security role, and make any required changes.
6. Under Email Addresses, add email addresses as required.
7. Under Copy Services, select the services you want to provision to the new user.
8. Click Provision.
After the new user is provisioned, ensure the user's provisioning status appears with a green indicator for all services.
Services that appear with a blue indicator require additional configuration.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.339https://docs.citrix.com
Create multiple users with Bulk User Import
Jun 05, 2015
Updated: 2013-02-12You can import new or edit existing users in a customer hierarchy by using the Bulk User Import feature. This featureenables you to create new or modify existing multiple users as specif ied in a Microsoft Excel 97-2003 format workbook(.xls). You can download a new blank template or a workbook populated with existing user information from the portal. Ineither scenario, you perform the following actions:
Download the appropriate template
Create new or edit existing users
Upload the template to the portal
Select users to add or update
Provision services to the users and then provision the users
After uploading the template, Services Manager gives you the opportunity to perform the following actions:Resend the f ile process request to upload the template again
Import the users from the template you uploaded
Download the template you uploaded
Cancel the bulk user import process
Delete the f ile from the imported f ile list
Bulk User Import Template Settings describes the template's workbook headings and settings.
Consider the following when you create or edit a Bulk User Import template:Do not rename the column headings in the templates.
Do not leave blank rows between users.
The templates do not support provisioning new services to users. You must provision services to users through the
Services Manager by using the User Functions or Multi User Selection features.
To download a template
1. Click Users > Bulk User Import.
2. Click one of the following options, then click Save when prompted to save a copy of the template on your PC:
Click New Users Template to download a blank workbook template with column headings.
Click Existing Users Template to download a workbook with column headings and cells populated with user data.
Click Generate Template to create a new template with column headings and cells populated with current user data.
When the workbook template is ready, click Existing Users Template to download it.
Note: This selection exists depending on how Services Manager was installed. The workbook is not generated
immediately. The speed at which the workbook is generated depends on how many users exist in the customer
hierarchy.
To import users
1. Click Users > Bulk User Import.
2. Under Upload User Import File, click Browse, navigate to your new or edited workbook, and select it.
3. Add a description for the workbook and click Upload. The Bulk Import File List displays the f ile details as the f ile is verif ied.
4. From the f ile list, click the upload date of the f ile you uploaded and, under Import File Management, click Import. The
User Import page appears.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.340https://docs.citrix.com
5. Click New Users or Existing Users to view the uploaded users. The list of users is shown, including any users who might
have errors in their entries. You can select verif ied users to import at this time, and f ix invalid users to upload at a later
date.
6. (Optional) Expand a user to view account properties associated with the user.
7. Click Save to import the selected users.
Note: You cannot import users that have errors in their entries. With your mouse pointer, hover over any error to reveal
the source.
8. Provision one or more services to the users and provision the users to activate them in the customer hierarchy.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.341https://docs.citrix.com
Bulk User Import Template Settings
Jun 05, 2015
The Bulk User Import Template workbook is a Microsoft Excel 97-2003 compatible .xls format file that can be blank or
contain information about one or more users in a customer hierarchy. It contains a header row that indicates all possible
fields associated with a user.
First Name
First name of the user
Surname
Surname or last name of the user
Display Name
First name and last name of the user. If left blank, the Display Name is automatically created from the First Name and
Surname fields.
UPN
User principal name in the format of username@domain. The domain is the customer's domain. A user can log on using the
UPN. If you specify an email pattern such as %g.%s@domain, the resulting email address is in the form of
firstname.lastname@domain.
Username
If blank, the software automatically creates a username for the user, using the UPN username appended with a
_CustomerShortName. The _CustomerShortName is derived from the customer's ShortName. You can edit this f ield in the
template or Edit User dialog.
Password
An alphanumeric user password. If blank for an existing user, the user's password is preserved. A password is required for a
new user. Passwords must be at least eight characters long and contain at least three of the following four character
types:
Lower case alpha character
Upper case alpha character
Numeric character
Symbol character, such as !, @, #, $, %
Location
The Active Directory Location of the user's customer. If blank, the default location is Unassigned.
Department
The user's assigned department. If blank, the default department is Unassigned.
Phone Number
Telephone number associated with the user.
Custom Field
One or more for customized information associated with the user.
Roles
Specify one or more comma-separated security roles for the user. For example: Customer Administrator, Exchange Service
Administrator. Each column is limited to 250 characters. Use the Roles 2 through Roles 4 f ields for additional roles.
Account Disabled
This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user account is disabled
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.342https://docs.citrix.com
and the user cannot log on to access services. FALSE specif ies that the account is enabled upon import.
Change Password at Logon
This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user must change its
password when f irst logging on. FALSE specif ies that the user does not need to change the user account password at f irst
logon.
Password Never Expires
Select TRUE to set the user password to Never Expire. You must select TRUE if you want to use the AD Sync tool. Select
FALSE to allow the user password to expire at regular intervals.
Email Addresses
Specify one or more email addresses for the user. If blank, the software automatically assigns an email address constructed
from the UPN.
City/ZipPostal/Title/Street
Specify physical address information for the user. You can specify a user's organizational title; for example, Manager of
Engineering Services
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.343https://docs.citrix.com
Find users
Jun 05, 2015
Updated: 2013-05-11You can f ind users by using one of the following search methods:
The User Search feature available from the control panel Home page, located under User Management
The search criteria available from the Users page
Note: User search is limited to the users of a specif ic customer. Before searching for users, f ind and select the customer towhom the target users belong.
To search for users from the Home page
1. From the Services Manager menu bar, click Home and expand User Management.
2. Select a f ilter of Name, UPN, or Email.
3. In User Search, type a user name, email, or User Principal Name (UPN) and click Search.
You can use the percent (%) character as a leading wildcard to perform partial searches. For example, type %citrix to find
all users with "citrix" as part of the user name.
To search for users from the Users page
1. From the Services Manager menu bar, click Users. The Users page appears, listing all the users for the current customer.
2. To search for users alphabetically:
1. Expand Filter Fields and select one of the following criteria:
User ID
UPN
Firstname
Surname
Location
Department
2. Click the letter with which the selected criteria begins.
For example, to f ind users with UPNs beginning with F, you select UPN and then click the letter F.
3. To search for users using several different criteria:
1. Expand Advanced Search and enter any of the following information:
In User ID, UPN, First Name, Surname, or Email, type at least one letter in any of these f ields to f ind users whose
information begins with the letter or letters.
In Role, select a security role from the drop-down list. For example, select User Administrator to f ind users assigned
the User Administrator role.
Under User Types, select Standard to f ind a customer's user. Select Template to f ind any user templates in the
Services Manager. Typically, a template user is the defined user template you can download for Create multiple
users with Bulk User Import.
2. Under Service Filter, enter any of the following information:
In Service, select a service from the drop-down list. Only services that are currently provisioned to the customer
appear in this f ield.
In Access Level, select a user plan, if applicable.
In Status, select the service provisioning status for the users you want to f ind.
3. Under Account Status, select Yes or No to f ind users according to the associated account status. By default, Ignore is
selected to prevent the account status options from being considered in searching.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.344https://docs.citrix.com
4. Under Password Status, select Yes or No to f ind users according to the associated password expiration status. By
default, Ignore is selected to prevent the password status options from being considered in searching.
5. Under Additional Options, enter criteria found in the custom fields, location, or department specif ied in the user
properties.
4. Click Search.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.345https://docs.citrix.com
Move and copy users
Jun 05, 2015
Updated: 2013-02-12You can move a user from one customer to another customer, migrating the user information and provisioned services tothe new customer, with the following conditions:
Both customers must belong to the same Services Manager location (that is, Active Directory domain).
Provisioned services that will transfer with the user are limited to Hosted Exchange and Office Communications Server
(OCS). If the user is provisioned with any other service, deprovision that service before attempting the migration.
You can also make a copy of an existing user within the customer hierarchy. The copied user resides in the original user's
customer hierarchy and possesses the original user's provisioned services.
To move a user to a different customer
Ensure that you perform the following procedure as a Service Provider or Reseller administrator.
1. From the Service Manager menu bar, select Users > Configuration > User Move.
2. In Customer Search, type a source customer name and click Next. Services Manager returns the source customer name,
if found.
3. In User Search, type a user name and click Next. Services Manager returns the user name, if found.
4. In Customer Search, type a destination customer name and click Next. Services Manager returns the customer name, if
found, and displays the User Mapping table to enable you to change the moving user's new UPN and email address.
5. Accept or edit the defaults and click Next.
6. Click Finish to move the user.
When complete, Services Manager prompts you to review the customer and user. Citrix recommends that you review both
and edit each as required. To move another user, click Move another user to a new customer.
To copy a user in the same customer hierarchy
Ensure that you perform the following procedure as a user administrator, at a minimum.
When performing this procedure, consider the following items:Some services might appear in the User Services dialog box with a blue provisioning status. Blue indicates that the user's
services require additional configuration. After configuring the service, manually provision it.
When the Hosted Exchange service is provisioned to the copied user, the default primary email address is the new copied
user's address.
If populated, the Title and Web Page f ields in Additional User Properties are copied to the new user.
1. Click Users to display all users for a customer, then click a user to access the User Functions dialog box.
2. Click Copy User. The Create User page appears.
3. Enter user details and password for the new user and configure account settings as described in Create users and
configure account settings.
4. Click Copy Services and clear the check boxes for any provisioned services you do not want to be copied to the new user.
5. Click Provision. The Provision Services page displays all provisioned and unprovisioned services.
6. Provision any additional services from the list to the copied user.
7. Click Provision for each service you want to provision to the user. The copied user is now created and provisioned in the
customer hierarchy.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.346https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.347https://docs.citrix.com
Assign user security roles
Jun 05, 2015
Updated: 2013-02-12Each user can be assigned a specif ic security role in the Services Manager control panel. A security role provides a user withselected access permissions in the Services Manager. The following roles are the standard or default administrator rolesavailable when creating or editing a user.
SecurityRole
Description
Customeradministrator
The f irst user created by default after creating a customer inherits this role. The customeradministrator can create, provision, and edit users, then provision users to services. This role can alsomanage services provisioned to the customer. This role includes all permissions of the user and serviceadministrator.
Partial useradministrator
This role can reset passwords for a customer's user.
Useradministrator
This role can create, provision, and edit users for a customer.
Serviceadministrator
This role can manage services provisioned to the customer. It can access any editable administrationinterface associated with a service.
User andserviceadministrator
This role is identical to the customer administrator. Assign this role to a user when you require morethan one customer administrator user in your organization or hierarchy.
Services Manager also includes three security roles to enable end-users (that is, consumers of customer services) to managetheir accounts and provisioned services. These roles are disabled by default and need to be enabled and provisioned to thetop-level customer by a service provider or reseller administrator before they can be provisioned to a user account. Onceprovisioned, users can manage their accounts through My Account, available from the Services Manager menu bar afterlogon.
Security Role Description
My AccountManagement
Enables the end user to change the user information details, account password, and manageemail addresses associated with the user account.
My ServicesManagement
Enables the end user to select, edit, and re-provision the services provisioned to the end useraccount.
My Account & ServicesManagement
Combines the above management capabilities in a single role.
To enable and provision user security roles
Ensure that you are logged on to the Services Manager as a customer administrator user to perform these steps.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.348https://docs.citrix.com
1. Select a user by performing one of the following steps:
Create a user as described in Create users and configure account settings.
From the Services Manager menu bar, click Users to display all users, then expand a user to access User Functions. Click
Edit User.
2. Expand Account Settings and click Advanced Options.
3. In Security Roles, perform one of the following actions: select a role from the drop-down list to assign a default
administrator security role to the user.
Assign a default security role: Clear the Configure a custom role collection check box and select a default security role
from the drop-down list.
Assign a custom security role: Select the Configure a custom role collection check box and select any of the service
and system roles that appear.
4. Click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.349https://docs.citrix.com
Modify users
Jun 05, 2015
Updated: 2013-02-12
To modify an individual user
The User Functions dialog box enables you, as the administrator, to manage an individual user in your organization. To
manage multiple users with User Functions, use the Multi User Selection dialog box.
1. Find a user by using one of the following methods in Find users.
2. Click the user name to display the User Functions dialog box.
3. Select any of the following options:
Option Description
Edit User Modify user contact information and email addresses, change the user password, add or remove
security roles, and modify account settings.
Copy User Make a copy of an existing user within a customer hierarchy. The copied user resides in the original
customer hierarchy and possesses the original user's provisioned services. See Move and copy users.
Delete Permanently delete a deprovisioned user account from the Services Manager and Active Directory.
This function is only available after you deprovision a user.
Deprovision Deactivate the user account in Active Directory but keep the account information in the Services
Manager database.
Disable Disable the user account in the Services Manager database and Active Directory. The user cannot log
in to the Services Manager while disabled and the administrator cannot modify any services previously
provisioned to the user.
To reinstate the user, click Enable and then Provision.
To delete the user, click Delete. This action deletes the user account from the Services Manager
and Active Directory and also deletes any data associated with the user (such as Exchange
mailboxes).
Note: You can modify user settings by using Edit User while the user is disabled. Click Provision in
the Edit User dialog box to apply the changes to the user.
Enable Reinstates the user account in the Services Manager and Active Directory. Next, click Provision to
provide the user with full access to its provisioned services.
Provision Activate the user account after updating or modifying account settings. If a user had been disabled,
Enable the user before performing a Provision operation.
Services Select and configure service settings and provision one or more services to the user.
To modify multiple users
1. Perform one of the following steps:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.350https://docs.citrix.com
If you are a Service Provider administrator, search for and select a customer, then click Users to display that
customer's users.
If you are a customer administrator, click Users from the Services Manager menu bar to display your users.
2. Under Multi User Selection, click Select All Users to select every user in the customer hierarchy. Otherwise, select the
users on which to perform the operation.
3. Click one of the following options:
Services
Disable
Enable
Provision
Deprovision
Delete
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.351https://docs.citrix.com
To impersonate a user
Jun 05, 2015
Updated: 2013-05-13Impersonating a user allows you to see what the user can access and view within the Services Manager control panel. Youcan do this, for example, when troubleshooting a system problem that a user is experiencing. To impersonate a user, youmust have the User Administrator security role assigned to you.While you are impersonating a user, you cannot impersonate another user, even if the user you are impersonating has the
User Administrator security role assigned.
1. From the Services Manager menu bar, select Customers.
2. Select the customer whose user you want to impersonate and then, under Customer Functions, click Users.
3. Select the user you want to impersonate and then, under User Functions, click Impersonate. The impersonation takes
immediate effect and the top of the control panel page indicates you are impersonating the selected user. The control
panel displays all the menus and functions that are allowed for the selected user.
4. To return to your own user account, click your username near the top of the control panel. The control panel displays
the customer's Users page.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.352https://docs.citrix.com
Manage user password expiration email notificationsand reports
Jun 05, 2015
Updated: 2013-02-12Services Manager enables a customer administrator to configure, enable, and report on user password expiry andnotif ication. As described in Create users and configure account settings, you can allow passwords in user accounts toexpire. Creating and configuring password expiration email notif ication is the f irst step of a two-step process: f irst create amessage, then enable the message to be sent. To do this, you perform the following tasks:
Create and configure a password expiration email notif ication to all users within a customer hierarchy.
Enable the password expiration notif ication email.
Generate a user email expiry report to be sent to a customer administrator.
Note: The Password Expiry date is set by the service provider or domain administrator for the domain's Group Policy.
To create and configure a password expiration email notification to users
If you intend to include a file attachment with the notification, upload the file before creating the new notification
message.
1. From the Services Manager menu bar, click Customers > Configuration > Email Notif ication.
2. (Optional) If you intend to include a f ile attachment with the notif ication, click Attachments and then select and upload
the f ile you want to include. To return to the email notif ication page, click Notif ication.
3. Under Create Messages, select the following options:
In Event, select User Password Expiry.
In Recipient, User.
In Customer Type, select Full Customer.
4. Click New Message. The Email Content dialog box appears.
5. Configure the following email notif ication settings and then click Save:
Under Settings, select the status, frequency, modif ication settings for the notif ication. By default, notif ications have
an Enabled status and are sent once.
Under Recipients, select one of the following f ilters by which to search for or select recipients and then click Add:
Select Custom and, in E-mail, type a common email pattern or customized email address. For example, the common
email pattern {UserExternalEmail} sends email to the address specif ied in the user's External Email Address property.
Select User or Customer and, in Search, type a name or search by specifying a partial name prepended with the
percent (%) character.
Select Role and choose a role from the drop-down list. All users provisioned with that role will receive a notif ication
email.
Select Reseller Role and choose a role from the drop-down list. All users provisioned with that role will receive a
notif ication email.
In From Address and From Display, type the reply-to address and a display name of the email sender.
Under Message, perform the following actions:
In Language, select a language from the drop-down list.
In Subject, type a subject for the notif ication.
(Optional) In Attachments, select a f ile that you uploaded using the Attachments feature.
In the message box, type the text of your message.
In Message Type, select Html or Text.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.353https://docs.citrix.com
To enable the password expiration notification email and email expiry report
1. From the Services Manager menu bar, click Users > Configuration > Email Configuration.
2. Configure the following email notif ication and report settings and then click Save:
In Email Expiry Report, select Yes to generate a daily report about user accounts to be sent to the specif ied customer
administrator, based on the conditions selected on this page. Selecting No disables all selections except Email
Notif ication Report.
In Email Notif ication Report, select Yes to send an email to user accounts where the password is due to expire in the
time specif ied on this page. The Services Manager also sends a summary report to the customer administrator email
specif ied in this dialog. The report includes all users to whom the notif ication email was sent successfully and any
users to whom the notif ication was not sent because an email address was not configured for their account.
Selecting No disables all selections except Email Expiry Report.
In Include users with passwords that expire in blank days, Select Yes and type the number of days in which user
passwords expire. Selecting No disables the remaining choices labeled with "Filter."
In Filter never expire, select Yes to report users whose passwords are set to Never Expire.
In Filter expired passwords, select Yes to report users whose passwords have expired.
In Filter accounts locked, select Yes to report users whose accounts are locked.
In Filter accounts disabled, select Yes to report users whose accounts are disabled.
In Email Address, specify the customer administrator email address and select the location from the drop-down list. To
send the report to more than one customer administrator, create a Microsoft Exchange Distribution Group and type
the Distribution Group's email address.
In Language, select a language from the drop-down list.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.354https://docs.citrix.com
Manage security roles
Jun 05, 2015
Updated: 2013-05-11A security role is a set of permissions that defines customer, administrator, and user access to specific tasks in the services
manager. For example, the first or default user created for a customer is a customer administrator. The customer
administrator is automatically assigned the Customer Administrator security role (and can also be assigned other security
roles). The customer administrator can then assign one or more security roles to users in the customer hierarchy. A security
role can also consist of multiple security roles; for example, the My Account and Services Management role consists of the
My Account Management and My Services Management roles.
Services Manager includes a default set of security roles. A service provider can manage security roles associated with:Customer, user, and service tasks
User services
Reports and reporting
Dialog boxes, menus, or pages in the control panel
This topic lists the default security roles available and describes how to:Create or copy security roles
Export and import security roles, enabling you to design, test, and configure a customized role before implementing it in a
production environment
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.355https://docs.citrix.com
Default Security Roles
Jul 22, 2016
Updated: 2014-01-06Services Manager includes a default set of security roles. The default roles cannot be deleted or modified but can be copied
and used as a template for a new role. A role can consist of one or more roles. In the case of a role consisting of multiple
roles, the role inherits the permission levels of the component roles.
Security Roles Installed by Default
Role Description Component Roles
AD Sync
Administrator
Advanced User View Enables access to Advanced section of the Create
User dialog box.
All Services Schema
Administrator
Manage the schema and configuration for all services. Service Schema Administrator
API User Enables access to the Services Manager API.
Authenticated Users Permission to perform generic user functions and view
related dialogs. Access any service-related user dialog
when the user is provisioned with that specific service.
Mandatory role assigned to all authenticated users.
Exchange User
Office Communication Server (OCS)
User
SharePoint User
SQL Users
Citrix Service
Administrator
Create customized Citrix Application Groups for the
administrator's customer.
Content
Management
Service
Administrator
Update or modify the services manager interface.
Customer
Administrator
The first user created by default after creating a
customer inherits this role. The customer administrator
can create, provision, and edit users, then provision
User Administrator
Service Administrator
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.356https://docs.citrix.com
users to services. This role can also manage services
provisioned to the customer. This role includes all
permissions of the user and service administrator.
DNS Service
Administrator
Allowed access to the Domain Name Service (DNS)
Records and DNS Templates dialogs. Can manage DNS
zones and create DNS entries.
Dynamics CRM
Administrator
Manage the service, including all pages.
Dynamics CRM User Allowed access to the service as a user.
Everyone Permission for authenticated and non-authenticated
users to view generic pages in the services manager.
Exchange Service
Administrator
Create and manage Microsoft Exchange Distribution
Groups, Contacts, and Public Folders.
Exchange Users Access to Exchange Summary dialog and can
download Outlook Account settings.
File Sharing Service
Administrator
Create folders and add specific user permissions to
folders. Create user security groups.
Hosted Apps and
Desktops Service
Administrator
Manage the service, including all pages.
Hosted Apps and
Desktops User
Enables users to access the service.
Lync 2010 for
Hosters Service
Administrator
Manage the service, including all pages.
Lync 2010 for
Hosters User
Enables users to access the service.
Lync Enterprise
Service
Manage the service, including all pages.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.357https://docs.citrix.com
Administrator
Lync Enterprise User Enables users to access the service.
Mail Archiving
Service
Administrator
Manage the service, including all pages.
My Account and
Services
Management
Combines My Account Management and My Services
Management roles. Enables end users to manage their
own accounts, edit services provisioned to them, and
select new available services.
My Account Management
My Services Management
My Account
Management
Enables the end user to change the user information
details, account password, and manage email
addresses associated with the user account.
My Exchange
Service
Enables the customer to manage Hosted Exchange
resources such as public folders and distribution lists.
My Hosted Apps
and Desktops
Service
Enables the user to access subscriptions provisioned
through the service.
My Services
Management
Enables the end user to select, edit, and re-provision
the services provisioned to the end user account.
MySQL
Administrator
Manage the service, including all pages.
OCS Service
Administrator
Manage the service, including all pages.
OCS User Allowed access to the service as a user.
Partial User
Administrator (Reset
Passwords)
Reset passwords for a customer's user. Cannot create
or delete users.
Reporting Users Access to the front-end reporting system.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.358https://docs.citrix.com
Reseller Full
Administrator
Create, provision, and edit its own customers, then
provision services to its customers. Create, provision,
and edit users, then provision users to services.
Reseller Partial
Administrator
Manage reseller customer services and users.
Service
Administrator
Manage administration tasks for services. Access any
editable service-related administration dialog when the
customer is provisioned with that specific service.
BlackBerry Service Administrator
Citrix Service Administrator
Content Management Service
Administrator
DNS Service Administrator
Dynamics CRM Administrator
Exchange Service Administrator
File Sharing Service Administrator
OCS Service Administrator
Office 365 Service Administrator
ShareFile Service Administrator
SharePoint 2010 Service Administrator
SharePoint 2013 Service Administrator
SQL 2000 Service Administrator
SQL 2005 Service Administrator
User Sync Administrator
Virtual Machine Administrator
Windows Web-Hosting Service
Administrator
Service Provider
Administrator
Allowed full services manager access, all security role
permissions, and service access levels.
Citrix Service Administrator
Content Management Service
Administrator
DNS Service Administrator
Exchange Service Administrator
File Sharing Service Administrator
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.359https://docs.citrix.com
SharePoint Portal Service
Administrator
Windows Web-Hosting Service
Administrator
Reseller Full Administrator
Store Manager
Service Schema
Administrator
Allowed access to common service schema page and
menu permissions.
SharePoint 2010
Administrator
Manage the service, including all pages.
SQL Service
Administrator
Manage the service, including all pages.
SQL Users Allowed access to the summary details dialog.
Template User and
Service
Administrator
Create user templates and configure services to them.
This administrator can create a new user by using a
default template.
User Administrator Create, provision, and edit users for a customer.
User and Service
Administrator
Enable the user to create and administer users and
provision services for a customer.
This role is identical to the customer administrator.
Assign this role to a user when you require more than
one customer administrator user in your organization
or hierarchy.
User Administrator
Service Administrator
Virtual Machine
Administrator
Access the Virtual Machine Management pages.
Windows Web
Hosting Service
Administrator
Create and configure web sites, add user permissions
to web sites, and create user security groups.
Workflow Approval Allowed to define approval subscriptions.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.360https://docs.citrix.com
Administrator
Workflow Approval
User
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.361https://docs.citrix.com
Create or copy security roles
Jun 05, 2015
Updated: 2013-02-12The default roles in Services Manager cannot be deleted or modified but can be copied and used as a template for a new
role. You can also create a completely new role through the New Role dialog box.
A security role consists of Role Setup information and Role Permissions settings.
For detailed information about Role Setup fields, see Role Setup.
For detailed information about Role Permissions settings, see the following topics:Role Permissions: Customers, Services, User Services, Users
Role Permissions: Menus, Pages, Reports
To create a new security role
When you create a new security role, the Role Setup section is blank and the Role Permissions access settings are set to a
default value of None and all Menus, Pages, and Reports selections are cleared.
1. From the Services Manager menu bar, select Configuration > Security > Security Roles.
2. Click New Role. A new Role Management dialog box is displayed.
3. Complete the f ields and selections in the Role Setup section and modify the Role Permissions section as required, then
click Save.
To copy an existing security role
When you create a new security role, the Role Setup section is blank and the Role Permissions area contains the access
settings of the copied security role.
1. Select Configuration > Security > Security Roles to display the list of security roles.
2. Click a role from the list to expand the role properties.
3. Click Copy at the bottom of the Role Management dialog box. A new Role Management dialog box is displayed.
4. Complete the f ields and selections in the Role Setup section and modify the Role Permissions section as required, then
click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.362https://docs.citrix.com
Role Setup
Jun 05, 2015
Updated: 2013-03-06The Role Setup section of the Role Management dialog box enables you to specify the service to which the role is applied,
any associated role groups (such as Exchange Users), administrator type, and other settings and information.
Name
Provide a descriptive name for the security role, using alphanumeric characters, including spaces.
Directory Name
Specify the name of an Active Directory security group to associate with the security role. Leave this value blank if you do
not want to create a group. Specify the name in the form of a pattern. For example, specify "HE {CustomerShortName}
USERS" for Hosted Exchange Users of a particular customer.
Description
Optionally describe the new security role.
Filter on Service
Select an existing service from the drop-down list. If a service f ilter is selected and the customer has been provisioned with
that service, the security role is available in the user or customer Account Settings dialog box. Selecting this option enables
the Service Filter Scope setting.
Service Filter Scope
This setting is enabled if you selected a service from the Filter on Service drop-down list.
Select Customer to make the security role available if the customer is provisioned with the service. For example, an
administrator can view service administration dialog boxes when the service is provisioned to a customer.
Select User to activate the role to users provisioned with the associated service.
Mandatory
Select Enabled to automatically assign the security role to all users. The security role is not displayed on the user
Account Settings dialog box.
Clear Enabled to make the security role selectable on the user Account Settings dialog box.
Hidden
Select Enabled to hide the security role; that is, the security role is not visible to users other than the service
administrator. Use this option until the security role is ready to be applied to users or customers.
Clear Enabled to make the security role visible in the services manager.
Role Groups
Attach existing security roles to the new or edited security role. When assigned, the user or customer inherits the
permissions of the new or edited security role and the selected security roles.
Administration Role
Select Enabled to include this security role as common role to all users. The security role is displayed on the user Account
Settings dialog box.
Select Clear to make this security role available to users through the Configure a custom role collection option displayed
on the user Account Settings dialog box.
User role type
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.363https://docs.citrix.com
Select one of the following user role types. A related icon will appear next to the user when the security role is assigned:
None
Service Administrator
User Administrator
User and Service Administrator
Available to all customers
Select Enabled to make the security role available to all customers. The role can be assigned to any user unless explicitly
denied to a customer when creating or editing the customer properties.
Clear Enabled to enable you to explicitly assign the role to a customer or reseller customer (which can then be assigned
to a user) from the Allowed Roles list available from the customer's Advanced Properties.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.364https://docs.citrix.com
Role Permissions: Customers, Services, User Services,Users
Jun 05, 2015
Updated: 2013-05-11This topic describes the settings used for defining a security role's access to customers, services, and users in the control
panel. These settings appear in the Role Permissions section of the Role Management screen. To access the Role
Management screen, select Configuration > Security > Security Roles and then create or select the security role you want
to configure.
For information about role settings for accessing menus, pages, and reports, see Role Permissions: Menus, Pages, Reports.
On the Customer, Services, User Services, and Users tabs, you can expand certain permissions and apply more detailed
permissions. For example, on the Customers tab, you can expand the Read permission and select additional permissions such
as Name, Contact Detail, and Billing Identifier. On the Services and User Services tabs only, you can use the Filter drop-down
list to apply selected permissions to a specific service or to all services in your deployment.
You set permissions for each function by clicking the Access selector next to the function. The Access selector changes todenote one of the following permission levels:
AccessType
Accessselectorsymbol
Access description
Noneselected
No access to the function.
Customer The function is permitted for the selected customer. For example, the User Services permissionsof Read, Update, and Provision for the My Services Management security role are set asCustomer. This setting indicates that the administrator user with the My Services Managementrole can perform that function on its customer only.
SubCustomer
The function is permitted for the subcustomer of the selected customer. For example, if theUser Services permissions of Read, Update, and Provision for a security role are set as SubCustomer, users with this role can perform the function on the customer's subcustomer (butnot on the customer).
Customerand SubCustomer
The function is permitted for the selected customer and related subcustomer(s). For example, ifthe User Services permissions of Read, Update, and Provision for a security role are set toCustomer and Sub Customer, users with this role can perform the function on the customerand its subcustomer(s).
After you finish modifying the security role, click Save.
Permission reference
Available Function Customers Services User Services Users
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.365https://docs.citrix.com
Filter X X
Create X X
Read X X X X
Update X X X X
Delete X X
Enable/Disable X X
Provision X X X X
Deprovision X X X X
Reset X X X X
Reports X X X
Email Content X
API Access X
System Content X
Full Logging X
Change Domain Ownership X
Manage Brands X
Manage System Brands X
Copy X
Impersonate X
Account Management X
Available Function Customers Services User Services Users
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.366https://docs.citrix.com
Credential Management X
Password Management X
Manage Security Questions X
Email Management X
Role Management X
Administrator Management X
Service Provider X X X
Available Function Customers Services User Services Users
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.367https://docs.citrix.com
Role Permissions: Menus, Pages, Reports
Jul 22, 2016
Updated: 2013-05-11This topic describes the settings used for defining a security role's access to menus, pages, and reports in the control panel.
These settings appear in the Role Permissions section of the Role Management screen. To access the RoleManagement screen, select Configuration > Security > Security Roles and then create or select the security role you
want to configure.
For information about role settings for accessing customers, services, and users, see Role Permissions: Customers, Services,
User Services, Users.
To permit a security role to access specific menus, pages, or reports, you select the appropriate check box. To deny access,
clear the appropriate check box.
NoteWhen granting access to submenus, you must also enable access to all parent menus. If you do not enable access to the parent
menus, the submenu item is not visible to applicable users when they are logged on to the control panel. For example, if you enable
access to the Customer Brand submenu item, but do not enable access to Customers, Configuration, and Branding, the
Customer Brand menu item does not appear in the menu bar to applicable users.
After you have finished modifying the security role, click Save.
Menu reference
Top-level Menu Second-level Submenus Third-level Submenus Fourth-levelSubmenus
Customers New Customer
Customers
Customer Services
Customer Hierarchy
Configuration Branding Brands
Customer Brand
Customer List Customer List
Types
Customer Lists
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.368https://docs.citrix.com
Table Schema
Table Data
Display Properties
Customer Move
Email Notif ication
Organizational Structure Departments
Locations
User Specif ied
Groups
Restricted Domains
Security Security Groups
User Groups
Users New User
Users
Bulk User Import
Configuration Email Configuration
User Move
Services (All installed services arelisted here)
Group Management
SQL Hosting Summary
AD Sync AD Sync Download
AD Sync Server
Monitor
Backup Agent Client
Citrix Application Access
Customer Application
Top-level Menu Second-level Submenus Third-level Submenus Fourth-levelSubmenus
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.369https://docs.citrix.com
Groups
Configuration Applications
Application Groups
Citrix Applications
Resources
Dynamics CRM CRM Summary
CRM Import
DNS DNS Records
DNS Templates
Downloads
Exchange Exchange Summary
Device Settings
Contacts
Distribution Groups
Public Folders
Resource Mailboxes
Mailbox
Import/Export
File Sharing Manager
Hosted Apps and Desktops Advertisement
Management
Resources
MySQL Databases
Users
SharePoint 2010 Farms
Farm Configuration
Feature Packs
Virtual Machine Virtual Machines
Networks
Resource Summary
Top-level Menu Second-level Submenus Third-level Submenus Fourth-levelSubmenus
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.370https://docs.citrix.com
Configuration Virtual Resource
Manager
Virtual Network
Manager
Windows Web Hosting IIS Site Manager
Web Site Import
Configuration Content Management Content Translation
Language
Import/Export
Supported Languages
URL Branding
Provisioning & Debug Tools Recorded Errors
Provisioning Requests
Bulk Reprovisioning
Package Migration
Wizard
Bulk Exchange Mobile
SMS
Security Security Roles
Page Manager
System Manager Locations
Credentials
Service Schema
Service Deployment
Servers
Server Roles
Server Collections
Server Connections
Top-level Menu Second-level Submenus Third-level Submenus Fourth-levelSubmenus
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.371https://docs.citrix.com
Server Resources SQL Servers
Web Servers
Validation
Workflow Setup
Control Panel Properties
Workflow Approval Responses
Approval Requests
Approval Status
Configuration Workflow Groups
Workflow Managers
Approval Emails
Approval Providers
Reports View Reports
Configuration Data Warehouse
Help Version and CopyrightInformation
My Account Personal Details
Exchange Summary
SQL Hosting Summary
Services
Password Change Password
Security Questions
Logout None
Top-level Menu Second-level Submenus Third-level Submenus Fourth-levelSubmenus
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.372https://docs.citrix.com
Export and import security roles
Jun 05, 2015
Updated: 2013-02-12Before you import or export a role, consider the following:
You cannot import a security role that already exists in the control panel.
Make any changes to security roles through the control panel, not by editing the XML f ile created by exporting a
security role. Importing an edited security role XML f ile causes the import operation to fail.
Services Manager enables you to import and export roles between Services Manager environments. For example, you can
design and test security roles in a test or staging environment, then import the roles into one or more of your production
environments through an XML formatted file.
To export a security role
1. Click Configuration > Security > Security Roles.
2. Expand the security role to export and click Export.
3. In the File Download dialog box, save the XML f ile.
To import a security role
1. Click Configuration > Security > Security Roles.
2. In the Role Import area, click Browse to navigate to the exported security role XML f ile.
3. Click Import Role.
The security role is imported, as indicated by the message Role import completed. If any errors occur, try exporting the
role, then import it again.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.373https://docs.citrix.com
Manage provisioning changes
Jun 05, 2015
Updated: 2013-03-04During the course of business, resellers or customers might need to change services that are provisioned, the number of
provisioned users, or the level at which a service is provisioned. These changes affect the pricing and billing of services, so
service providers, resellers, and customers need a mechanism for managing these requests in a timely manner.
Using Workflow Approval, you can approve or reject provisioning requests such as deprovisioning a service from a customer,
updating user details, or adding users to an existing service. Approvers can be managers in an organization or members of a
group that is notified whenever a specific type of request is made. All requests move through an approval chain before they
are enacted in the system.
Enabling and disabling workflow approvals
Workflow Approval is not enabled by default in Services Manager. You can enable this feature through the Feature Setup
menu item (Configuration > System Manager > Workflow Setup). Only Service Provider Administrators can enable workflow
approvals and customize notification messages by default. After this feature is enabled, users logging on to the control
panel see the Workflow menu bar item which enables them to view provisioning requests. Additionally, you can configure
approval requirements and create approval chains.
When Workflow Approval is enabled, the following events occur:All users are assigned the Workflow Approval User security role and can view approval requests and responses.
The Workflow Approval Administrator security role is available for assigning to appropriate users.
The My Account Management, My Services Management, and My Account and Service Management security roles are
enabled for all customers. These roles allow users to modify their own account or provision services to themselves which
can be approved by managers or groups you define.
For Service Provider Administrators, a Workflow Approval preview link appears on the Customer Details, User Details,
customer service, and user service pages. When clicked, this link displays a preview of the approval notif ication message
that will be sent when information on these pages is modif ied.
When Workflow Approval is disabled, the following events occur:The Workflow Approval Administrator and Workflow Approval User security roles are disabled for all customers and users.
Workflow Approval role membership is removed from other security roles in which it was included.
For Service Provider Administrators, the Workflow Approval preview link is removed from all control panel pages.
The Bypass workflow approval role permission is enabled for the Authenticated Users security role and applies to all
control panel items governing customers, users, and services. This disables workflow approvals for all customers.
Workflow approval security roles
When enabling workflow approval, you can also enable security roles that allow users to modify their own account orprovision services to themselves without additional approval. When these security roles are enabled for selected users,those users can log on to the control panel and perform the following tasks:
The My Account Management security role allows users to modify their own User Details page. Clicking My Account >
Personal Details displays the User Functions dialog box, enabling the user to click Edit User and make changes to the User
Details page.
The My Services Management security role allows users to manage their own service provisioning. Clicking My Account >
Services displays the User Services page for the logged in user. From this page, the user can provision available services,
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.374https://docs.citrix.com
change the user plan for a provisioned service, and modify the service settings.
The My Account and Service Management security role confers both account and service management permissions to
specif ic users.
Manager Approval chains
The Manager Approval chain is comprised of users who are designated as managers. You specify a user's manager using the
Manager field on the User Details page in the control panel. In this chain, actions are approved at successive levels in the
customer's organization. For example, provisioning a user with a new service might require approvals from the user's
immediate manager and the director of the user's department.
When a request a generated, only the first member in the chain is notified. The next member in the chain is not notified of
the request until the first member has approved it. If the first member rejects the request, the next member in the chain is
never notified of it. For a request to be approved, all members of the chain must approve it. A request is rejected if any
member in the chain rejects it.
Group Approval chains
The Group Approval chain is comprised of users who elect to receive notifications of specific types of requests. In this chain,
actions are approved by users who perform specific functions within the customer's organization. For example, provisioning
a user with a new service might require approvals from users in the organization's Accounting department.
When a request is generated, all of the group members are notified. The group members can approve or reject the request
at any time. For a request to be approved, a certain number of group members must approve it. A request is rejected if the
required number of members do not approve it. You configure the number of members required from the Workflow Group
Management dialog box. For more information, see Configure workflow approval chains.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.375https://docs.citrix.com
To enable workflow approvals
Jun 05, 2015
Updated: 2013-03-04The Workflow Approval feature is not enabled by default in the control panel. To enable workflow approvals, you must
have the Service Provider Administrator security role enabled for your account.
1. From the Services Manager menu bar, select Configuration > System Manager > Workflow Setup.
2. On the Workflow Setup page, click Enable. The Workflow Setup page displays configuration options for Workflow
Approval.
3. Under Components, select the workflow approval chain types to enable in the control panel. By default, Manager
Approval and Group Approval are selected.
4. Under Email, configure the following items:
Reply Email Address: Enter the email address you want to use for approval notif ications.
Reply Email From: Enter the display text that appears in the notif ication email's From field.
Web Url: Enter the external URL for the Services Manager control panel.
5. Under Maintenance, in Retention Days, enter the number of days to keep resolved approval requests in the system
database. By default, requests are kept for 30 days.
6. To enable self-service security roles for Workflow Approval, select Allows users to manage their own account and
services. After these roles are enabled, customers can assign them to specif ic users as appropriate.
7. If needed, select Reset to default role settings to reapply the security role changes that were effected when the
feature was originally enabled.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.376https://docs.citrix.com
Configure workflow approval chains
Jun 05, 2015
Updated: 2013-03-04The Workflow Approval feature includes two types of approval chains: Group Approval and Manager Approval.
In the Group Approval chain, actions are approved by members performing a specific function in the customer's
organization. In the Manager Approval chain, actions are approved at successive levels in the customer's organization.
When you configure each approval chain, you select the services you want to enable for approval and the actions that will
generate approval notifications. For group approvals, you also select the group members who can approve these actions.
For manager approvals, you define the manager levels required for approval.
To configure group approvals
1. From the Services Manager menu bar, select Workflow > Configuration > Workflow Groups.
2. Under Management, click New Group. The Workflow Group Management page appears.
3. In Name and Description, enter a group name and brief description.
4. Click Advanced Options and configure the following options:
All users must approve the request: This option is selected by default. If you want to specify that a request is
approved only when a certain number of members approve it, clear this option and enter the required number of
members in the Member(s) of this group must approve the request f ield.
Automatically reject unresolved requests after a week: This option is selected by default. If you want to specify the
number of days before a request is rejected automatically, clear this option and enter the required number of days in
the Day(s) before an unresolved request will be rejected automatically f ield.
Send a reminder notice to all users who have responded yet: By default, this option is selected and configured to send
reminders after three days have elapsed. If you don't want to send reminders, clear this option.
5. In Member Search, type the name of the member you want to add to the group and then click Add.
6. Under Subscription, perform the following actions:
1. Select the appropriate tab for the item you want to designate for approval. For example, click the User Services tab
for actions that affect users' access to specif ic services.
2. In Filter, select the service for which you want to enable approvals. By default, All is selected. This f ield is available on
the Services and User Services tabs.
3. In Provision and Deprovision, click the Subscription symbol to select each action for notif ication.
7. Repeat Step 6 for each item you want to designate for approval (for example, Customers, Services, and so on).
8. Click Save.
To configure manager approvals
1. From the Services Manager menu bar, select Workflow > Configuration > Workflow Managers.
2. Click Advanced Options and configure the following settings:
Manager(s) must approve the request: Enter the number of managers required to approve provisioning requests.
Day(s) before an unresolved request will be rejected automatically: Enter the number of days allowed before a
pending request is rejected without input from members of the chain.
Send a reminder notice to all users who haven't responded yet: Select this check box to send reminder notices to
managers who have not approved or rejected the request.
Day(s) after the request was submitted: Enter the number of days after a request is generated to send reminder
notices.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.377https://docs.citrix.com
Make the manager f ield mandatory for all users: Select this check box to require that the Manager f ield on the User
Details page is f illed in for all users.
3. To enable approvals for service provisioning or deprovisioning, perform the following actions:
1. On the User Services tab, in Filter, select the service for which actions should be approved. By default, All is selected.
2. In Provision and Deprovision, click the Subscription symbol to select each action for approval.
3. Repeat Steps A and B for each service you want to add for manager approval.
4. To enable approvals for user provisioning or deprovisioning, click the Users tab and, in Provision and Deprovision, click the
Subscription symbol to select each action for notif ication.
5. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.378https://docs.citrix.com
View workflow approvals
Jun 05, 2015
When the Workflow Approval feature is enabled, all users can view approval requests and responses. However, onlyWorkflow Approval Administrators can view the current status of approvals.
To view approval requests
Use this procedure to view approval requests that you have generated.
1. From the Services Manager menu bar, select Workflow > Approval Requests.
2. In Filter, select the response status of requests you want to view (for example, Pending, Accepted, and so on).
The Approval Request page displays the requests you selected.
To view approval responses
1. From the Services Manager menu bar, select Workflow > Approval Responses.
2. In Filter, select the response status of requests you want to view (for example, Pending, Accepted, and so on).
3. Select whether you want to view responses to requests you generated or to all requests in the system.
The Approval Response page displays the requests you selected.
To view the status of approval requests
1. From the Services Manager menu bar, select Workflow > Approval Status.
2. In Status, select the status of requests you want to view (for example, Pending, Accepted, and so on).
3. To refine your search by date, select Request Date or Resolved Date and then select the appropriate date.
The Approval Status page displays the requests you selected.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.379https://docs.citrix.com
Customize workflow approval notifications
Jun 05, 2015
Updated: 2013-03-04The Workflow Approval feature includes a set of XSL templates that are used to create the notification emails that are
sent when approval requests are generated. Service Provider Administrators can customize these templates according to
their needs or create new templates for specific services.
Notification emails are composed of the Header and Footer template and an Email Content template. The Header and
Footer template defines the overall look and feel of all notification messages. Email Content templates define the text
used for specific actions and services.
Services Manager includes Email Content templates for the following actions:Provisioning and deprovisioning customers or users
Provisioning and deprovisioning services for a customer or user
Provisioning the DNS service for a customer
Provisioning the Reseller service for a customer
Each Email Content template includes text for approval requests and approval responses.
After you customize a template, you can preview your changes by clicking the Workflow Approval preview link located on
the Customer Details, User Details, customer services, and user services pages.
To customize an existing workflow notification template
1. From the Services Manager menu bar, select Workflow > Configuration > Approval Emails.
2. From the template list, click the template you want to customize. The XSL editor page appears.
3. If you are customizing an Email Content template, click the Request or Response tab to select the content you want to
customize.
4. Make the appropriate changes using well-formed XSL tags.
5. Click Save.
To create a new Email Content template
You can create new Email Content templates for notif ications about customer and user actions or about specif ic servicesin your deployment.Note: If you attempt to create a new template for an action or service that already exists in the template list, a newtemplate is not created and the existing template is not overwritten. Instead, the existing template opens so you cancustomize it.1. From the Services Manager menu bar, select Workflow > Configuration > Approval Emails.
2. Under Create Notif ications, perform the following actions:
1. In Category, select the type of notif ication you want to create. For example, select User Service for notif ications
about a user's access to a service.
2. In Event, select the action about which you want to notify approvers.
3. In Service, select the service for which you want to create the notif ication. This f ield is available when you select the
Customer Service or User Service categories.
4. Click New Message. An empty XSL editor page appears.
3. Click the Request or Response tab to select the type of content you want to insert. For example, click the Request tab
to add text for an approval request notif ication.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.380https://docs.citrix.com
4. When you are f inished, click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.381https://docs.citrix.com
Manage reports
Feb 10 , 2017
Updated: 2013-03-18
What's new in release 11.58.(Cumulative Update 4)
This release has updated for the Distributor Summary Report. Now it can show the service usage by specifying the start
and end time, and more services are supported.
Report for Service report displays the usage count of service for all locations by services.
Report for Customer report displays the usage count of service for all locations by customers.
Services unit redef inition different SKUs for SharePoint, Skype for Business, Hosted Exchange services are merged into
one. And also support the new services like Microsoft ADFS, File Sharing and Office 365.
Paid and Free count newly added f ield to indicate the customer is paid or free.
Reporting for Services Manager delivers usage and billing reports to your customers and application vendors. It includes
standard reports to support standard provisioned services and a data warehouse. The Reporting service communicates
directly with the SQL Server Reporting Services web service.
The View Reports page of the control panel (Reports > View Reports) displays the reports available for each service as wellas billing reports. The service reports include the following report types:
Customer reports list users provisioned with the service at the customer level.
Plan reports list user counts grouped by the service's plans, at the reseller level.
Depending on the service, Reseller reports list varied information at the reseller level. For some services, this information is
limited to customers and users provisioned with the service. For other services, this information includes items such as
usage limits, f ile transfers and instant messages, memory and disk usage, or f ile counts.
Services Manager includes the following billing reports:Customer Detail displays the billing detail for services at the customer level.
Distributor Summary displays usage data for reporting to the CSP distributor.
Reseller Detail displays the billing detail for services at the reseller level.
To generate a report, click a report link on the View Reports page. A separate window appears, displaying the report. After
you generate a report, you can export it in several formats, including XML, CSV, and Excel. You can also customize the
parameters of the report, including starting and ending dates and whether or not to include certain types of records. After
you modify the parameters, click Generate to regenerate the report.
To generate reporting views
Reporting views are used as a source for data transferred to the data warehouse. When you generate reporting views,
issues related to missing source views during data transfer are described in error messages to help you with troubleshooting.
1. From the Services Manager menu bar, click Reports > Configuration > Data Warehouse.
2. Under Refresh, click Refresh report views from reporting services.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.382https://docs.citrix.com
Note: If a "401 Unauthorized error appears, verify which service account is configured for SQL Server Reporting Services.
If it is Network Service or Local System, try adding http/SQLReportingServiceFQDN to the servicePrincipalName
attribute of the service account.
3. Under Filter, select the service for which you want to generate views, if applicable.
4. Under Generate, click one of the following options:
Views for all services. Click this option to generate views for all deployed services.
Views for selected service. Click this option to generate views for the service you selected in Step 3.
To create a new reporting view
When creating a new reporting view for a service, you will also need to ensure it can transfer data to the data warehouse.
To do this, add a transfer command for the service to the data warehouse configuration file.
1. From the Services Manager menu bar, click Reports > Configuration > Data Warehouse.
2. Under Filter, select the service for which you want to create a new view.
3. Under Management, click New Reporting View.
4. Under Reporting View Configuration, configure the following settings:
In Description and Base View, enter a friendly name and select an existing template on which to base the new view.
Under View Name, select the options you want for creating a unique view name. If you want to further differentiate
the view name, in Include Descriptor, enter a descriptive tag.
5. Under Data Set, click Keys or Filters to define the data included in the new view. Select Optimize for Large Datasets to
improve performance when a large number of records will be processed.
6. Under Properties, click Properties and select whether to include properties from the selected base view or from the
reporting object ID.
7. Under Property & Counter Aggregation, specify aggregate and non-aggregate properties and counters.
8. Click Apply Changes to save your selections.
9. Click Save.
To add billing units to service plans
You can associate a billing unit with a specific plan type and include it in service billing reports. The settings with which to
configure the billing unit vary with the service you select. To add billing units, you must have the Service Schema
Administrator security role assigned to your account.
1. From the Services Manager menu bar, select Configuration > System Manager > Service Schema.
2. Click the service name to expand the service settings.
3. Expand Billing Units and perform the following actions:
1. Click New Billing Unit.
2. In Plan, select the plan type.
3. In Unit, select the unit type.
4. Click Advanced Properties and configure the Quantity and Price for the unit. If you are creating multiple billing units
for the same service, you can add a Unit Code to differentiate each billing unit.
4. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.383https://docs.citrix.com
This document is intended to be used by Citrix Service Providers as a guide to configure their CloudPortal
Services Manager environment and to assist with troubleshooting issues.
Manage deployment
Apr 19, 2016
The operations guide includes sections on the following topics:
Architecture
Deployment Scenarios
Monitoring and Maintenance
Troubleshooting
CloudPortal Services Manager Operations Guide V2.0