cloudportal services manager 11 - citrix docs · oct 05, 2016 updated: 2014-09-29 citrix...

© 1999-2017 Citrix Systems, Inc. All rights reserved. p.1https://docs.citrix.com

About this release

System Requirements

System Requirements for Server Roles

Firewall requirements for Services Manager

Plan

Services Manager Terminology and Concepts

Plan for deploying the Services Manager platform

Plan for deploying services

Install

Install and configure the Encryption Service

Verify deployment readiness

To create the system databases

To install server roles using the graphical interface

To install server roles from the command line

To configure server roles using the graphical interface

Configure locations using the graphical interface

Configure server roles and locations from the command line

Deploy components for high availability and fault tolerance

Upgrade

Upgrade system databases

Upgrade platform server roles

Upgrade platform server roles using the graphical interface or command line

Upgrade web components

Upgrade web services using the graphical interface or command line

Upgrade the Reporting service

Upgrade the Reporting service using the graphical interface or command line

Deploy Services

CloudPortal Services Manager 11.5

Jul 25, 2016


AD Sync

BlackBerry5

Citrix

DNS

Dynamics CRM

File Sharing

Hosted Apps and Desktops

Hosted Exchange

Lync Enterprise 2010 and Lync Hosted 2010


Mail Archiving

Microsoft SQL Server Hosting

MySQL

Office 365

Office Communication Server 2007

ShareFile

SharePoint 2010

SharePoint 2013

Virtual Machines

Windows Web Hosting

Export and import service packages

Create and provision additional user and customer plans

View and f ilter provisioning requests

Provision services and customers in bulk

To migrate users to different user plans in bulk with the Package Migration Wizard

Manage

Create and manage customers

Create and manage users

Manage security roles

Manage provisioning changes

Manage reports


About this release

Oct 05, 2016

Updated: 2014-09-29Citrix CloudPortal Services Manager transforms cloud infrastructures into profitable cloud businesses with a comprehensive

platform to manage business and operations support services, customers, and cloud offerings. Services Manager is an easy-

to-use web portal that helps service providers manage the delivery of cloud services and offerings to their customers. It

provides out-of-the-box support for Desktop-as-a-Service and Windows apps, as well as popular business applications like

Exchange, SharePoint, Lync, web hosting and more. Without any IT expertise, customers can add or change services, view

reports and manage users.

What's new in this release

Expanded language supportThe Services Manager control panel interface and documentation have been localized in Japanese, Simplified Chinese,

and Spanish.

Security enhancementsServices Manager now includes a new Encryption Service that supports AES 256. For more information, see Plan for

deploying the Services Manager platform.

Service integrationServices that were released separately, after Services Manager 11.0, are included in this release. These services are:

Lync Enterprise 2013

Lync Hosted 2013

SharePoint 2013

ShareFile

Hosted Apps and Desktops, supporting App Orchestration 2.0 and 2.5

Streamlined upgradingServices Manager 11.5 supports upgrading from Services Manager 11.0, including Versions 11.0.1, 11.0.1 CU1, and 11.0.1 CU2.

Server platform supportServices Manager platform components can be deployed on servers running Windows Server 2012 R2. For more

information about system requirements and support, see System Requirements for CloudPortal Services Manager.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-cpsm-platform.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-sys-reqs.html


System Requirements for CloudPortal ServicesManager

Jun 05, 2015

Updated: 2013-02-20Deploying Services Manager includes installing the platform components (server roles), configuring firewall ports for each

component, and installing the web services.

For system and f irewall requirements for platform components, refer to the following topics:System Requirements for Server Roles


For each requirement, the minimum version required is stated, as well as any later versions that are supported.

For requirements for specif ic services, refer to the topics in the Plan for deploying services section. This section containstopics for each service that Services Manager supports and includes additional planning information such as:

Service deployment overviews

Changes that occur in Active Directory when the service is deployed

Additional configuration details for specif ic deployment scenarios

For system requirements information for resource components such as Exchange servers, SharePoint farms, and so on,

refer to the component's product documentation.

Important: Before using Services Manager, check for and install any available security updates for the components youwant to deploy.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-sys-reqs/ccp-10-system-requirements-roles.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-sys-reqs/ccps-sys-reqs-firewall.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services.html


System Requirements for Server Roles

Jun 05, 2015

Updated: 2014-08-29The sections in this topic describe supported platforms, required software, and other information that will be used when

you install and configure the core components (server roles) that comprise the Services Manager platform. The Services

Manager server role installer (Setup Tool) handles many of the prerequisites, such as installing .NET Framework 4.0, enabling

Web Server roles, and enabling MSMQ features. (The .NET software is also available in the Support folder of the Services

Manager installation media.) See Plan for deploying the Services Manager platform for additional preparation information.

Active Directory and Exchange requirements

Services Manager supports Active Directory Domain Services on the following platforms:Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2

Windows Server 2008

At a minimum, the domain functional level must be Windows Server 2008.

Before the Services Manager platform can be deployed, the Active Directory schema must be extended to include thestandard Exchange attributes and prepare the environment for multi-tenancy. You can extend the schema through one ofthe following methods:

Use the Schema Prep tool from the Microsoft Exchange installation media. This method applies if you do not plan to

deploy Exchange 2007 or 2010 and you do not intend to deploy the Exchange web service. In general, to deploy the

Schema Prep tool, you enter the following command in a Command Prompt window:

setup /p /on:OrganizationNameDeploy Exchange. This method applies if you plan on installing the Exchange web service in your Services Manager

deployment. Extending the Active Directory schema is part of the Exchange deployment process.

The domain user account used to extend the Active Directory schema or install the Services Manager platformcomponents must belong to the following groups:

Group Name Required for Services Manager platforminstallation

Required for extending Active Directoryschema

Domain Admins Yes Yes

EnterpriseAdmins

No Yes

Schema Admins No Yes

If any server (including DNS) is not in the domain, the same user account should be set up as a local user on that server with

the same password, as a member of the local Administrators group.

Security requirements



To ensure your deployment is protected from external threats, consider creating an account lockout policy that disables a

user's account for a specified period when an incorrect password is entered a specified number of times. When this policy is

set each failed logon attempt is recorded on the primary domain controller.

Before implementing an account lockout policy, consider carefully the risks and benefits of implementation to your Services

Manager deployment. For more information about configuring this policy, see the Microsoft TechNet article, "Account

Lockout Policy Technical Overview."

DNS requirements

Services Manager uses DNS aliases internally for the core components. Create CNAME records for the following roles andcomponents:

Platform component Alias

Encryption Service server CSMCORESVC

Database server CORTEXSQL

Provisioning server CORTEXPROVISIONING

Web server CORTEXWEB

Reporting Services CORTEXREPORTS

Encryption Service requirements

The Encryption Service allows the secure retrieval of encryption keys using the AES 256-bit encryption method. When youinstall the service, a new AES key is generated, encrypted, and stored in Windows Registry. For more information, see Planfor deploying the Services Manager platform.Important: Citrix strongly recommends using SSL with the Encryption Service. Because the traff ic to and from the servicecontains sensitive data, using SSL ensures this traff ic is encrypted appropriately.Citrix recommends installing the Encryption Service on a dedicated server; however, you can also install it on a server that

hosts other Services Manager components (such as the Provisioning server or Web server).

When preparing a server for installing and configuring the Encryption Service, ensure the following requirements are met:

Hardwareconfiguration

Two or more server-class processors, 2.0 GHz or higher.

Minimum 2 GB RAM recommended

Minimum 2 GB free disk space available for f ile growth

Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.

.NET version .NET Framework 4.0 installed. This software is included in the Support folder on the ServicesManager installation media.

User Account Disabled.

http://technet.microsoft.com/en-us/library/hh994566(v=ws.10).aspx



Control (UAC)

Firewall Windows Firewall must allow inbound SSL (port 443) requests.

Windows serverroles

Enable the following roles:Web Server > Application Development > ASP.NET

Web Server > Security > Basic Authentication

Web Server > Security > Windows Authentication

Management Tools > IIS Management Console

Management Tools > IIS Management Scripts and Tools

Database server requirements

The database server hosts the system databases that are required for Services Manager to operate. When preparing thedatabase server, ensure the following requirements are met:





Operatingsystem

Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.

User AccountControl (UAC)

Disabled.

Databaseserver

Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.

Authentication Mixed mode enabled (SQL and Windows Authentication).

SQLconnectiontypes

Local and remote SQL connections enabled.

Installationaccount

Configure the account to be used during installation with the SysAdmin role. If you cannot do this inSQL, you can use an account with SysAdmin rights. You can remove this account after installationcompletes.

Firewall Windows Firewall must allow connections through the database instance port (default=1433).

When you install SQL Server, make note of the instance name (default=default) and port (default=1433). You will need this

information when you configure the server for use with Services Manager.

During platform installation, the following databases are created:OLM: The core database for customer and user information

OLMReports: Stores legacy reporting data and some system settings


OLMReporting: Stores reporting data

Additionally, the following SQL accounts are created for accessing the databases:CortexProp

OLMUser

OLMReportsUser

OLMReportingUser

Two SQL jobs are installed on the database server: Gather Daily Stats Data and Gather Monthly Stats Data.

Provisioning server requirements

If you are installing the Provisioning server role on a domain controller, give the ProvisioningUsers security group the Allow

logon locally permission. However, for security reasons, Citrix recommends installing the Provisioning engine on a server that

does not act as a domain controller in your network environment.

When preparing a server to host the Provisioning server role, ensure the following requirements are met:




Minimum 2 GB free disk space available

Operatingsystem



Disabled.

.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the ServicesManager installation media.

Firewall Windows Firewall must allow inbound TCP requests on port 80.

Windows serverfeatures (Setupinstalls thisrequirement)

Enable the following features:Message Queuing > Message Queuing Services > Message Queuing Server

Message Queuing > Message Queuing Services > HTTP Support (only if the server is not in the

domain)

Telnet client

Windows PowerShell

SQL ServerManagementObjects

Install the 64-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This software is included in the Support folder of the Services Manager installation media. TheServices Manager Setup Tool can also install this requirement when you install the Provisioningserver role.

Domainmembership andprivileges

Server must be a member of the domain.

Service must have full domain administrator privileges.


SMTP server Required. Depending on the notif ication, the Provisioning server also needs a temporary directoryfor assembling the email. The SMTP server can also be used by the Report Mailer server role. Whenconfiguring the Provisioning server role, you will need to provide the SMTP server address and portnumber.

Directory Web Service

In general, the Directory Web Service is installed on the same server that hosts the Provisioning server role. If you are

installing the Directory Web Service on a domain controller, give the CortexWSUsers and the Proxy Users groups the Allow

logon locally permission. However, for security reasons, Citrix recommends installing this role on a server that does not act

as a domain controller in your network environment.

When preparing a server to host the Directory Web Service, ensure the following server requirements are met:





Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.


Disabled.

.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the ServicesManager installation media.

Firewall Windows Firewall must allow inbound TCP requests on port 8095.

Windows serverfeatures

Enable the following features:Web Server > Application Development > ASP.NET





PowerShell 2.0

Web server requirements

When preparing a server to host the web server, ensure the following requirements are met:





Operatingsystem




Disabled.

.NET Version .NET Framework 4.0 installed

Firewall Open port 80 from the web server to the SQL Reporting Services server.

Report Viewerversion

Microsoft Report Viewer 2008 SP1.

Windows serverroles






SQL ServerManagementObjects

Install the 32-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This is available in the Support folder of the Services Manager installation media.

During platform configuration, you will need to know the host header required for the web site. This is the URL used to

access the Services Manager control panel. The Configuration Tool refers to this as the external address.

When you install the web server role, the following items are installed:CortexMgmt Application Pool: Runs the Management Site.

Cortex Management Site: Contains the CortexDotNet and CortexAPI web applications.

CortexDotNet is the service that runs the control panel. CortexAPI is the XML-based web service that automates

management tasks.

Accessing the web server is supported on the following web browsers:Internet Explorer 9, 10, and 11

Firefox 31.x

Chrome 36.x

Safari 5.x

Note: If you intend to access the web server with Internet Explorer 10 or 11, install the hotfix for .NET Framework 4.0available from Microsoft Knowledge Base article 2600088 (http://support.microsoft.com/kb/2600088) on the web server.This hotfix updates the ASP.NET browser definitions which enables the control panel to function as expected withInternet Explorer 10 and 11. If you do not want to install this hotfix, use Internet Explorer 9 or supported Firefox, Chrome,and Safari browsers to access the web server.The Autologin tool supports Windows XP SP3, Windows 7 SP1, and Windows Server 2008.

Reporting and data warehouse requirements

SQL Reporting Services is the engine for providing reporting capabilities in Services Manager. The Reporting service and datawarehouse are installed on the server hosting SQL Reporting Services. When preparing a server for installing and configuring

http://support.microsoft.com/kb/2600088


the Reporting service and data warehouse, ensure the following requirements are met:





Operatingsystem


Firewall Open port 1433 between the Reporting server and the database server. Allow connections throughthe reporting port (default=80).

.NET version .NET Framework 4.0 installed. This software is included in the Support folder on the Services Managerinstallation media.

Databaseserver

Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.

DatabaseAuthentication

Windows Authentication enabled.

SSRS Serviceaccount

Set the SQL Server Reporting Services service account to Network Service.

SQLconnectiontypes

Local and remote SQL connections enabled.

SSRSAdministratoraccount

In SQL Server Reporting Services, create a dedicated user with the System Administrator role; domainadministrator rights are not required. Use this account when deploying the Reporting server role.

SQL ServerManagementObjects (SMO)

Services Manager setup installs Microsoft SQL Server Shared Management Objects automaticallywhen the Reporting server role is deployed. SMO is also available in the Support folder of the ServicesManager installation media.

Report Serverconfigurationfilemodifications

Verify that the Report Server configuration f ile (C:Program FilesMicrosoft SQLServerMSRS10.MSSQLSERVERReporting ServicesReportServerrsreportserver.config) contains theentry "<AuthenticationTypes><RSWindowsNTLM/> <RSWindowsNegotiate/></AuthenticationTypes>".

SMTP server Required for the data warehouse. You can specify the SMTP server used with the Provisioning server;however, it must allow relays from the data warehouse server.

OCSMonitoring

If you intend to use the OCS Monitoring service in your Services Manager environment, install andenable this service on the OCS 2007 server.



Sep 14 , 2015

Updated: 2014-08-15Services Manager requires specific firewall ports be open to support communication between platform components. The

following diagram illustrates the required ports and the platform components that use each port in an environment that

includes a primary location and a remote location.

The following table lists the default connectivity configuration between the Services Manager roles. Configure thesebefore installing the roles.

Traff ic/Port From To Purpose

TCP 8095 Web Server Provisioning Engine Authenticate users and read-time ActiveDirectory lookups

MSMQ*, HTTP, orHTTPS

Web Server Provisioning Engine Provisioning request


TCP 1433** Provisioning Engine SQL Server Access to provisioning rules, write statistics

TCP 1433** Web Server SQL Server Access to customer and user information

TCP 80 Web Server SQL ReportingServices server

Access to SQL Reporting Services

TCP 443 Web Server, All domainservers

Encryption Serviceserver

Allow secure retrieval of encryption keys

* MSMQ comprises several ports, as specified by Microsoft.

** The supported SQL versions use TCP 1433 only for the default instance; other named instances use a dynamically

assigned port. If your installation is not the default instance and a firewall separates the SQL server from the other

Services Manager roles, you must override the dynamic behavior by allocating a specific port.

Traff ic/Port From To Purpose


Plan

Jun 05, 2015

Updated: 2013-04-18When deploying Services Manager, you have many choices of deployment designs and features which you can tailor to theneeds of the services you want to offer and the customers you serve. A typical process of planning a Services Managerdeployment includes:

Becoming familiar with Services Manager setup by creating a one-server or two-server test deployment.

Determining the number of servers you need for your deployment, deciding which roles each server will perform, and

evaluating hardware requirements.

Deciding which services you want to offer customers and resellers, and determining the deployment requirements for

each service.

Creating the network infrastructure design.

Defining the installation processes.

Creating and testing a pre-production pilot deployment based on your design.

Releasing the deployment into production.

Deployment Overview

A typical Services Manager deployment process includes:Phase 1: Services Manager platform

Phase 2: Services deployment

Phase 3: Customer and user provisioning

Phase 1: Services Manager platform

The Services Manager platform represents a series of servers that perform provisioning tasks, authenticate and manageusers, host the control panel interface and API services, store and process data from the main database, and manage billingand usage. These servers must be fully configured before services are deployed. A Services Manager deployment includesthe following core components (or server roles) that you install and configure:Web server

The web server hosts the control panel’s web interface and API services. The control panel is the primary user interface for

service providers, resellers and end-customer users. The customer administrator can manage the organization’s users and

associated services within the same system. Users can perform administrative and self-service tasks that have been

delegated to them. Provisioning requests are sent from the web server to the Provisioning Engine through a Microsoft

Message Queue.

Databases

The main system databases are the Microsoft SQL Server repositories for user, customer, and configuration information.

Several system databases are automatically created when you install and configure the server roles. The Services Manager

Reporting Service uses Microsoft SQL Server Reporting Services.

Provisioning Engine

The Provisioning Engine performs all provisioning tasks. It expedites requests from the web server and automates managed

services and resources.

Directory web service

The Directory web service provides the web server with function calls related to Active Directory, such as user

authentication, user account status inquiries, user enabling and disabling, and security group management.

Data warehouse


The data warehouse performs scheduled storage of historical data from the main system database, and manages the

creation and sending of usage and billing reports.

Report Mailer

The Report Mailer gathers anonymous usage data and emails usage reports to the Citrix license monitor. Customer and

user information is not transferred, only the number of customers and users-per-service.

To prepare your environment for these components, you perform the following tasks:Review the system requirements for each server role and perform any initial server configuration required.

Determine whether you will install and configure these server roles using the graphical user interface or the command

line.

Determine which server will host each server role. For example, the Directory web service is typically installed on the same

server as the Provisioning Engine. However, for a large deployment, you might consider using separate SQL servers for

hosting the reporting and billing databases.

Deploying the Services Manager platform also includes creating the first administrator user for the deployment. This user

represents the top-level administrator account and has permission to perform all control panel tasks.

Phase 2: Services deployment

Deploying services includes installing and configuring services for resources such as Microsoft Exchange, Citrix Apps and

Desktops, and Microsoft SharePoint. Before deploying any service, you must ensure the resources supporting the service

are fully deployed in your network environment. For example, to deploy the Hosted Exchange service, Services Manager

requires you have a working Exchange deployment in your environment. The Deploy services section of the Services

Manager documentation describes the configurations required to enable these resources to function successfully with the

Services Manager control panel. However, for details about deploying specific resources, you will need to refer to the

product documentation for these resources.

Phase 3: Customer and user provisioning

Provisioning customers and users represents a series of tasks for enabling resellers to sell specif ic services, making servicesavailable to end-customers, enabling customers' users to access services, and assigning security roles. To provisioncustomers and users, you perform the following tasks:1. Create the customer profile.

2. Create the customer administrator user. Some customers might require additional administrator users to manage specif ic

services. When you create these additional users, you can assign appropriate security roles.

3. Enable and configure the services that you are providing to the customer.

4. Create users for the customer and assign appropriate security roles.

5. Provision services to users.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy.html


Services Manager Terminology and Concepts

Jun 05, 2015

Updated: 2013-02-20The Services Manager documentation uses the following terminology:

Active Directory Location Services ("location level")

The level at which settings are configured for services enabled for a specif ic location. By default, services deployed within a

location inherit the settings configured at the top environment level. However, these settings can be overridden at the

location level.

control panel

The web-based interface that CSPs, resellers, and customer administrators use to configure and manage services,

resources, and users.

customer administrator

The f irst user created for a customer. This user has permission to create and modify user accounts, provision services to

users, and manage all services that are provisioned to the customer.

customer plan

In the context of services, a collection of configured settings that apply to all customers provisioned with a specif ic service.

Typically, customer plans represent different levels of service that the CSP provides to customers or enables resellers to sell.

For example, a customer plan might specify certain servers be used for a service, limit the total amount of resources

available for a customer to use, or enable or define specif ic features of a service. For some services, creating a customer

plan is required to enable the service at the top environment level.

location

Corresponds with an Active Directory domain and used to create associations between specif ic services, customers, and

users. For example, a service can be deployed to a specif ic location and provisioned only to customers and users in that

location. Services Manager supports multiple locations and the control panel can display only the items associated with a

selected location.

provisioning

The process of fulf illing requests made to the Provisioning engine for specif ic tasks such as creating customers, assigning

security roles, and removing users.

service provider administrator

The f irst administrator user created when the f irst location is created for a Services Manager deployment.

Top Environment Services ("top environment level")

The level at which default settings are configured for the Services Manager deployment. Settings configured at this level

are inherited by all locations in the deployment. These settings can be overridden at the Active Directory Location Services

level. Services must be enabled at the top environment level before they can be enabled and configured at the location

level.

user plan

In the context of services, a collection of configured settings that apply to all users associated with a specif ic customer.

Typically, user plans represent different modes of service that a customer provides. For example, a user plan might be

configured to allow provisioned users access to a specif ic network resource, limit the number of users that can be

provisioned with the service, or enable specif ic features of a service for provisioned users.

web service

An MSI f ile that, when installed, integrates service-specif ic functions into the Services Manager control panel. Web services


are installed using the Services Manager Setup Tool or by executing the MSI f ile from the command line of the server

hosting the service.


Plan for deploying the Services Manager platform

Jun 05, 2015

Updated: 2014-09-02Before you deploy the Services Manager platform, create a deployment plan that includes the following information:

The composition of each server in your deployment. This includes the platform server role that will be hosted, the

hardware configuration of the server, the software required to host the server role, and the configurations required for

the server to function in the selected role.

The topology of the deployment including f irewalls, required ports, and required protocols.

Deployment of Services Manager locations. A location is the main unit of isolation between tenants and usually

corresponds to an Active Directory domain or forest. A Services Manager deployment includes at least one (primary)

location. Based on your requirements, you should determine whether or not your deployment will include remote

locations and, if so, the number of remote locations.

Whether server role installation and configuration will occur using the graphical user interface or the command line.

Review the topics To configure server roles using the graphical interface and Configure server roles and locations from

the command line, and document the information you will need to provide during configuration of each server role.

This topic describes the following platform components and deployments:General platform installation guidelines

Encryption Service

System databases, reporting, and the data warehouse

Provisioning server


Web server

eCommerce SDK

Deployment summary for the primary location

Deployment summary for remote locations

General platform installation guidelines

You can specify server addresses as an IP address, in the form server.domain.local, by environment variables, or by DNS

alias. In the Services Manager Setup Tool, you can verify the required aliases are created by selecting the Check

Environment Prerequisites task. If you use the command-line interface, verify the aliases before using them when

installing Services Manager roles.

Role configuration includes specifying credentials for several Active Directory user accounts. In most cases, you can

either specify the user name and password, or allow the Services Manager Configuration Tool to generate the

credentials. For most user account specif ications, the Configuration Tool includes the option to create the user account

if the account does not already exist.

In the command line interface, enclose option values that contain spaces in quotation marks (for example,

/LocationName:"Southeast Hub").

Encryption Service

The Encryption Service allows the secure retrieval of encryption keys using the AES 256-bit encryption method. When youinstall the service, a new AES key is generated, encrypted, and stored in Windows Registry.Important: Install and configure the Encryption Service before creating the system databases and installing any other serverroles. This ensures the Configuration Tool can access the service's encrypted key when other platform components and

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccp-10-install-wrapper/ccps-install-config-roles-gui.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccp-10-install-wrapper/ccp-10-install-config-command.html











services are installed.Additionally, Citrix strongly recommends using SSL with the Encryption Service. Because the traffic to and from the service

contains sensitive data, using SSL ensures this traffic is encrypted appropriately.

When you configure the Encryption Service, the Configuration Tool performs the following actions:Creates the CortexSystem organizational unit (OU) in Active Directory, as well as the CortexAdmins, CortexReadOnly, and

CortexWSUsers security groups.

Creates a service account and adds it to the CortexWSUsers group. By default, the service account name is

csm_core_svc.

Creates an application pool and web site in IIS and configures authorization rules to limit access to the Domain Admins

and the CortexWSUsers groups.

Generates an encryption key and stores it in Windows Registry.

When you install Services Manager components or services, the Configuration Tool attempts to discover the Encryption

Service's encrypted key. For successful discovery, the Encryption Service must be correctly configured and you must be a

member of the Domain Admins group or the CortexWSUsers group. If you do not belong to these groups, discovery fails

and the Configuration Tool prompts you to import the key manually. To create a key file, you must be a member of the

Domain Admins or CortexWSUsers group. For more information about creating a key file, see Generate and export keyfiles

for the Encryption Service.

System databases, reporting, and the data warehouse

Microsoft SQL Server provides the database and reporting services required for running Services Manager. The main system

database (OLM) stores configuration information for all provisioned services, as well as all customer and user details. The

database also stores logging and auditing information for all provisioning transactions that are initiated. Additionally, the

database acts as a caching mechanism for Active Directory, so customers experience better response times and slow

directory queries are minimized.

The Reporting service for Services Manager delivers usage and billing reports to your customers and application vendors. It

includes standard reports to support provisioned services and communicates directly with SQL Server Reporting Services.

The Reporting service generates reports by accessing the data stored in the data warehouse.

The data warehouse stores historical provisioning data (OLMReporting) that is used for reporting. This history consists of

snapshots of the provisioning data stored in the OLM database, which are created once per day and subsequently

transferred to the data warehouse. The data warehouse is created when you install and configure the Reporting service. As

well, the server connections required for both the Reporting service and the data warehouse are created.

The Report Mailer is a required role for sending notifications to administrators and end users, and license reporting

information to Citrix. Typically, the Report Mailer role is installed on the same server as the Reporting service. The email

server you specify for the Report Mailer can be specified for the Provisioning server, which also requires email capabilities.

The Report Mailer role is installed and configured once for the entire Services Manager deployment, typically on a server in

the primary location.

Depending on your needs, you can deploy the system databases, reporting, and data warehouse in one of the followingways:

A single SQL Server hosts the system databases, the Reporting service (SQL Reporting Services) and data warehouse.

This is best for proof-of-concept deployments where server load is not a concern.

A SQL Server hosts the system databases while a separate SQL Server hosts the Reporting service and data warehouse.

This avoids taxing the primary database with reporting and data storage loads.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccp-10-install-wrapper/ccps-install-encryption/ccps-install-encryption-keygen.html


If you are using clustered SQL servers in your Services Manager deployment, separating each server role is not required.

Reports are deployed by importing service packages. These services packages contain report definition f iles that are linkedto the OLM and OLMReporting databases, and configuration f iles for the data transfer process and the data warehouse.You can deploy reports using the following methods:

During Report service configuration, use the Configuration Tool to import the reports from selected service packages.

Using the control panel, import the reports manually using the service import feature.

Service packages for all supported services are located in the Services folder on the Services Manager installation media.

Provisioning server

The Provisioning engine runs as a Windows service, monitoring queues for provisioning requests. When a request is received,

it passes through a set of provisioning rules that determine which actions are required to complete the provisioning process.

These rules are designed to be easily customized using the Provisioning Manager graphical interface (Start > All Programs >

Citrix > Provisioning Engine > Provisioning Manager).

All provisioning processes in Services Manager are built using provisioning actions. This gives the service provider somevisibility into the processes that are executed within the deployment. Examples of provisioning actions include:

Directory User Create: Creates an Active Directory user

Directory Group Create: Creates a security group in Active Directory

FileSystem Create Folder: Creates a folder in a f ile system

Exchange Address List Create: Creates an address list in Microsoft Exchange

Run Command: Runs an executable within a command shell

Run Script: Runs a Visual Basic script

Services Manager includes over 100 provisioning actions.

The Provisioning engine is installed on a separate server in your Services Manager deployment. Additionally, configuration of

the Provisioning server includes specifying an email server for sending messages such as system updates to administrators,

account notifications to end users, and usage reporting to Citrix. The email server you specify for the Provisioning server can

be specified for the Report Mailer, which also requires email capabilities.


The Directory web service provides an interface to Active Directory. The Services Manager control panel uses this service to

perform real time tasks such as user authentication and retrieving password expiration data.

In general, the Directory web service is installed on the same server that hosts the Provisioning engine. However, if you areinstalling the Directory web service on a domain controller, add the CortexWSUsers and Proxy USERS groups to the Allowlog on locally security policy setting.Important: For production environments, Citrix recommends installing the Directory web service on a server other than adomain controller.When the Directory web service platform role is installed, the Citrix Csm Directory WS application pool is created as well as

the CortexServices web site which hosts the Directory application. The files for the web site and applications are located at

C:inetpubCortexServices.

Web server

Services Manager provides a web-based control panel for performing system administration tasks and delegating certainadministration tasks to resellers and customers. The control panel is a web application (CortexWeb) that is hosted on a


Web server, separate from the other servers in your deployment. The control panel interacts with other platformcomponents as follows:

SQL databases: When the system is configured, customers and users are provisioned, or auditing and reporting

performed, the control panel sends data to be stored in the system databases.

Web services: for real-time interaction with Active Directory and other hosted services.

Provisioning engine: When any provisioning transaction is performed, the control panel sends each request through

MSMQ.

Because the control panel has no dependency on Active Directory, it can operate outside of the managed domain. The

control panel's web site can be locked down and run with minimal administrative permissions without interfering with

administration tasks.

When the Web server platform role is installed, the CortexMgmt application pool is created as well as the Cortex

Management web site which hosts the CortexAPI and CortexDotNet applications. The files for the web site and

applications are located at C:inetpubCortex Management.

eCommerce SDK

The eCommerce SDK consists of two web services that expose APIs for configuration and querying usage. The

Configuration API enables you to perform tasks such as creating new customers or suspending a customer account. The

Usage API enables you to view historical usage data.

Install the eCommerce SDK after you have installed all other platform server roles. As with the other server roles, you install

the SDK using the Setup Tool and Configuration Tool.

By default, the eCommerce SDK files are located in the C:Program Files (x86)CitrixCortexeCommerceSDK directory. The

installation includes the eCommerce SDK User Guide, which provides an API reference, sample reports, code samples, and

troubleshooting guidance.

Deployment summary for the primary location

The following list describes the required tasks for deploying the platform servers and creating the primary location.Depending on your requirements, your deployment might include additional tasks.1. Prepare the deployment environment. This includes the following tasks:

Provision the platform servers that will be designated as the domain controller, Encryption Services server, database

server, reporting server, Provisioning server, and Web server.

Extend the Active Directory schema using the Exchange installation media.

Create DNS aliases for the Encryption Service, Provisioning, database, reporting, and web servers.

Open the required f irewall ports on all platform servers.

Install .NET Framework on all platform servers. If this component is not present, the Setup Tool installs it

automatically, prior to installing the server roles.

2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This

procedure is available in the Setup Tool graphical interface; you can also perform the verif ications manually. You can run

this task from anywhere in the domain.

3. Install and conf igure the Encryption Service. Citrix recommends performing this task on a dedicated server.

Alternatively, you can use a server that you have prepared to host other Services Manager components such as the

Provisioning Engine or the Web server.

4. Create system databases. Run this task on the server where Microsoft SQL Server is installed. In the Configuration

Tool's graphical interface, you specify database information before you install the server roles. In the command line

interface, you specify database information when you configure the server roles and location. All databases should be


backed up and synchronized daily.

5. Install and conf igure server roles. Using the Setup Tool, you install the platform server roles on the servers you

designate. With the Configuration Tool, you specify the configuration settings for the installed roles.

6. Create the primary location. Use the Configuration Tool to specify the settings for the primary location. You configure

the location from the server hosting the Provisioning engine or the web server.

An XML configuration file is used to maintain context across the Services Manager deployment. As you configure the

server roles, information is read and written to the configuration file. For example, the Provisioning engine writes its own

configuration information and reads where to reach the database. When you configure the primary location, the

configuration file will already have information needed about the Provisioning server.

There is one configuration file per location, although all locations can share a single database server. You configure the

primary location first, then optionally, remote locations. For example, a new customer with an existing infrastructure and

domain might be integrated as a remote location in the control panel. When you configure remote locations, you specify

connection details, which are used to generate a new configuration file. After that, configuring a remote location is

similar to configuring the primary location.

Deployment summary for remote locations

The following list describes the required tasks for deploying the platform servers that comprise a remote location.1. Prepare the deployment environment. This includes the following tasks:

Provision the servers that will be designated as the domain controller and Provisioning server. The remote location

uses the Encryption Service, web server, and the database server in the primary location for key encryption, control

panel administration, and reporting, respectively.

Extend the Active Directory schema using the Exchange installation media.

Create DNS aliases for the Encryption Service, Provisioning, database, and web servers. When creating the alias for the

Encryption Service, specify the Encryption Service server in the primary location. Do not install the Encryption Service in

remote locations.

Open the required f irewall ports on all servers to enable communication with the database server and web server in

the primary location.

Install .NET Framework on the platform servers, to avoid interruption when installing server roles. The Setup Tool also

installs this component automatically, if it is not present, when installing the server roles.

2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This

procedure is available in the Setup Tool graphical interface; you can also perform the verif ications manually. You can run

this task from anywhere in the domain.

3. Install and conf igure server roles. Using the Setup Tool, you select the server roles to be installed on each server. With

the Configuration Tool, you specify the configuration settings for the installed roles. As with the primary location, you

can install the Provisioning and Directory web service roles on the same server.

Note: When you install and configure server roles, the Configuration Tool discovers the Encryption Service key residing in

the primary location. If the key cannot be detected, you can export the key from the primary location as a key f ile. You

can then import the key f ile when prompted during the installation process. For more information about exporting the

encryption key, see Generate and export keyfiles for the Encryption Service.

4. Create the remote location. Use the Configuration Tool to specify the settings for the primary location. You configure

the location from the server hosting the Provisioning engine or the web server. Afterward, continue configuring the

remote location using the Services Manager control panel in the primary location.



Plan for deploying services

Oct 05, 2016

Updated: 2013-02-27Before you begin the process of deploying services for Services Manager, create a deployment plan that includes thefollowing information:

The types of services you will offer through Services Manager. For example, hosted email, virtual machines, web hosting,

and so on.

The number of customers and users that each service will need to support. For some services, this has a signif icant

impact on the size of the resource deployment required.

The network and server resources that are required to support your service offerings. For example, if you offer Citrix

services, you will need to deploy a XenApp farm.

The location where each service will be deployed.

The topology of the deployment including f irewalls, required ports and protocols, and the servers hosting each service

offering.

Test plans for verifying the integrity and performance of resource deployments before and after deploying services.

Planning guidelines

Review the installation and configuration topics for each service carefully and make note of the information you will

need to supply for each task.

Service deployment summary

In general, deploying a service includes the following tasks:

Step 1: Deploy the network and application resources that are required to support your service offerings.

All services are based on the network and server resources in your environment. Therefore, these resources need to be fully

configured and operational prior to integration with Services Manager. For example, if you intend to offer the Hosted

Exchange service, you must first deploy Exchange with multi-tenant support in your environment. Likewise, if you intend to

offer Virtual Machines or Windows Web Hosting services, you must first deploy the network resources -- for example,

virtual networks, DNS, and web servers -- that are required for customers to use these services.

Step 2: Install the web service.

Some services require the installation of a web service for integration with the Services Manager platform. Web services are

installed on the server that will be hosting the service, using the Services Manager Setup Tool or the command line. For

example, the Citrix web service is installed on a XenApp server in your environment. Web services are executed with specific

parameters which are explained in the installation topic for each service. After the web service is installed, you can configure

the service. For services that do not require a web service, you can skip the installation step and configure the service right

away. For more information about which services require web service installation, see Deploy services.

Step 3: Conf igure the service using the control panel.

All services require configuration through the Services Manager control panel. Configuration includes enabling the service,

specifying server resources, adding credentials, and configuring service settings. During the configuration process, you create

the customer and user plans you want to offer, assign cost values, and specify resource limits for customers and users.

After you configure the service, you can provision the service to customers.

Step 4 : Provision the service to customers.



In general, provisioning a service enables specific customers (including resellers) to access the service and provision it, in turn,

to their users or sub-customers. This occurs through the Services Manager control panel. During the provisioning process,

some services might require additional configuration. For example, when provisioning the BlackBerry service to a reseller, you

configure a user limit that restricts the number of users the reseller can provision. Additionally, the customer's primary

administrator user (the customer administrator) is created. After the customer is provisioned with the service, the customer

can provision the service to its users or sub-customers.

Step 5: Provision the service to users.

As with provisioning services to customers, services are provisioned to users through the Services Manager control panel.

Typically, this task is handled by the customer administrator or another customer user with the appropriate security role.

During the provisioning process, some services might require additional configuration. For example, when provisioning the

Lync 2010 for Hosting service to a user, the customer can specify the user's telephone extension. After users are

provisioned, the customer provides any additional information or assistance needed for using the service, such as

configuring Microsoft Outlook or Office Communicator to access hosted Exchange or Office Communication Server

services.


AD Sync

Jun 05, 2015

Updated: 2014-09-16The AD Sync service for Services Manager synchronizes customer OUs in the hosted domain controller with user changes in

the external domain controllers. The service enables users to connect to hosted services with the same credentials they use

for their local domain. Additionally, Services Manager includes a server monitor that reports the connectivity status of

domain controllers on which the AD Sync client is installed.

The AD Sync service requires no installation on the hosted environment and uses the CloudPortal Services Manager API to

perform the synchronization. An AD Sync client installed on each external domain controller communicates with the API.

This interface is a one-way connection that can be customized to synchronize specific Active Directory information.

API requests are encrypted using a combination of a public/private key and a symmetric key (RSA and AES) to securely

transfer data and credentials. The data in the request is also hashed (SHA1) to prevent unauthorized changes.

The following diagram shows a typical installation scenario.

The AD Sync service is a customer-only service; by default, the service is unavailable for provisioning to users. Once

provisioned to a customer, the customer's administrator has access to download and configure the AD Sync tool to their

existing domain controller. To download the tool, the customer must be configured with the Allow passwords to Never

Expire option set to Yes. If this option is set to No, errors are recorded in the customer's event log and no users appear in

the control panel.

AD Sync server monitor

The AD Sync service monitors the connectivity status of external domain controllers on which the AD Sync client is installed

and displays a list of all monitored servers on the AD Sync Server Monitor page in the control panel.

The AD Sync client sends requests to the Services Manager API at specified intervals that are recorded in a monitoring

table. This table includes the server name, time of the last request made, and expected time interval between requests.

When the difference between the current time and the time of the last request exceeds the expected interval, the Server

Monitor page displays a red dot next to the affected server, indicating connectivity has been disrupted. When a request is

received within the expected time interval, the Server Monitor page displays a green dot next to the server, indicating

connectivity is uninterrupted.

Prerequisites for deployment

When configuring each domain controller in the external domain, perform the following tasks:If SSL is enabled for Services Manager, edit the CortexDotnetweb.config f ile to set the UserSyncAPISSL value to True.

Ensure the password complexity of the external domain controllers matches or exceeds the password complexity of the

domain controllers in the Services Manager deployment.

Disable User Account Control (UAC) on each external domain controller that will run the AD Sync client.

Obtain a list of the user groups to include in AD Sync operations.

If applicable, obtain proxy server information.


On applicable f irewalls, perform one of the following tasks, depending on your network configuration:Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server hosting the Services Manager API and

each domain controller in the external domain.

Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server hosting the Services Manager API and the

proxy server used in the external domain.

Service deployment overview

Typically, deploying the AD Sync service involves the following tasks:1. Configure the AD Sync service using the control panel.

2. If required, customize the AD Sync client installer, such as default settings and logo images, for your Services Manager

deployment.

3. Install and test the AD Sync client on external domain controllers. If necessary, add or modify the Active Directory

attributes included in API requests by editing the request f ile on the external domain controller.

4. Provision the service to customers so they can download the AD Sync client software.

For deployment instructions, see Deploy the AD Sync service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-config-citrix.html


BlackBerry 5

Jun 05, 2015

Updated: 2013-08-16The BlackBerry service for Services Manager hosts BlackBerry Enterprise Server (BES) 5 from the cloud, providing push-based

access to Exchange, Office Communications Server, Customer Relationship Management, and other applications from

BlackBerry devices.

The BlackBerry service includes the following features:You can perform all of BlackBerry's standard management tasks within the Services Manager control panel.

You can delegate BlackBerry user provisioning to the end-customer.

The BlackBerry service is compatible with Exchange 2007 and 2010 Enterprise.

The BlackBerry service supports multiple BlackBerry Enterprise servers.

The BlackBerry service supports moving provisioned users from one BlackBerry Enterprise server to another.

The BlackBerry service can be provisioned with the Hosted Exchange service and supports Exchange 2010 Enterprise and

Exchange 2007. Services Manager can manage multiple BESs.

Configure your environment according to the BlackBerry installation guidelines. This topic assumes you have installed the

BlackBerry Enterprise Server software, the latest security updates, and the appropriate service pack for your deployment.

Supported versions and requirements

The BlackBerry service supports the following version of BlackBerry Enterprise Server and Microsoft Exchange.

Version Exchange 2007 Exchange 2010

BlackBerry 5 SP1 X X

BlackBerry 5 SP2 X

Services Manager requires the credentials that are used to run the BlackBerry service, in order to access the BlackBerry

Server MAPI profile. This account must be a member of the Exchange View Only Administrators group. Additionally, the

BlackBerry service account must have Open Address List permission on the Default Global Address List.


Deploying the BlackBerry 5 service involves the following tasks:1. Deploy the Exchange service and provision it to customers.

2. Configure the BlackBerry service.

3. Provision the BlackBerry service to customers.


Citrix

Jun 05, 2015

Updated: 2013-05-13The Citrix service for Services Manager allows service providers to delegate end-user administration of Citrix applications to

customers.

Notable features of the Citrix service include:Managing multiple Citrix XenApp farms in a single Active Directory console.

Delivering published applications through application groups to which users are assigned.

Ability to choose pre-defined security account groups or create new security groups for application publishing.

Support for public and private applications, application groups, and resources.

Setting default applications, groups, and resources when provisioning Citrix services to customers and users.

When you provision customers with the Citrix service, the following items can be managed:Application groups that consist of application or resource collections. Service providers can use application groups to

provision several resources or applications to users more eff iciently.

Network resources, such as printers and f ile shares, that others in the organization access.

Resources that are packaged as applications such as desktops

Hosted applications that reside on XenApp servers.

Supported versions

The Citrix service supports the following XenApp versions:Citrix XenApp 5.0 for Windows Server 2008

Citrix XenApp 6.0 for Windows Server 2008 R2

Citrix XenApp 6.5 for Windows Server 2008 R2

Requirements for XenApp servers

When configuring the servers that will run any supported version of XenApp, ensure the following requirements are met:Operating system: supported platforms for the XenApp version. Install all recommended operating system patches.

Enable Remote Desktop Services.

Install .NET Framework 4.0.

Installation requires that the Cortex Domain Logon account and the DomainCortexWSUsers account have full

administration rights on the XenApp farm.

The Citrix web service uses port 8095 by default.

When configuring servers that will run XenApp 5, XenApp 6, or XenApp 6.5, perform the following actions:Disable UAC.

Enable the following roles:

Web Server > Application Development > ASP.NET




Management Tools > IIS 6 Management Capability > IIS 6 Metabase Compatibility



Deploying the Citrix service involves the following tasks:1. Review the requirements in this topic and in the Prerequisites for deploying the Citrix service topic and ensure these are

met in your environment.

2. Install the Citrix web service on a server in the XenApp farm.

3. Configure the service using the control panel. This includes creating the server collection that will aggregate XenApp-

hosted applications for customers.

4. Import applications from the XenApp farm to the server collection.

5. Provision the service to customers.

For detailed deployment instructions, see Deploy the Citrix service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-citrix/ccps-plan-citrix-prereqs.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix.html


Prerequisites for deploying the Citrix service

Jun 05, 2015

Updated: 2013-05-17Before deploying the Citrix service, ensure the following prerequisites are met:

Create a new security group

1. Create the Cortex Service Computers security group on the domain. You can create this group within the CortexSystem

OU.

2. Add all XenApp controllers to the security group.

3. In Active Directory Users and Computers, with Advanced Features enabled, assign the security group to any Services

Manager root customer OUs and any existing customers created in the location.

4. Assign Read permissions to the security group on the OU.

5. In the Advanced Security Settings for Servers dialog box, locate the Cortex Service Computers group. Edit the

permissions and, in Apply to, select This object and all descendant objects.

6. Restart all computers added to the security group.

Set up a file server

The Citrix service requires a file server to create file shares with permissions, store profiles, and so on. Ensure a file server is

available in your environment for this purpose. You can use the same file server for deploying the Citrix and File Sharing

services.


DNS

Jun 05, 2015

Updated: 2013-02-11The DNS service for Services Manager provides Domain Name Service (DNS) hosting from the cloud. The DNS service

requires no installation and uses a WMI connection to the DNS server.

When the DNS service is provisioned to a customer, the service provider creates the DNS zone(s) that the customer can

then use to create subzones, if necessary. The DNS service is available at the customer level only. The service cannot be

provisioned to a customer's users.

Customers provisioned with the DNS service can create and manage DNS records that are attached to zones. DNS Service

Administrators can manage these records for the customer while Full Reseller Administrators can manage these records for

sub-customers.

Different types of records can be attached to a zone. When a record is created, only the Time to Live (TTL) setting can be

modified.

Supported software

The DNS service supports Windows (WMI) and BIND (UNIX) DNS.

Requirements

When configuring your DNS environment, perform the following actions:On applicable f irewalls, open DNS port (53) and RPC ports (various) bi-directionally between the DNS server(s) and both

the Services Manager web and provisioning servers. RPC uses random ports above port 1056, therefore non-stateful

inspection f irewalls might require open ports above 1056.

Add the DNS service account used for provisioning to the local administrators group.

Ensure the computer name has a DNS suff ix. If the DNS server is outside of the Services Manager domain, ensure the

DNS suff ix for the Services Manager domain is on the DNS server.

Ensure the DNS application has a zone for the DNS suff ix.

User Access Control (UAC) must be removed from each DNS server.

Ensure the DNS zone has an A record. If the DNS server is outside of the Services Manager domain, ensure the A record

is in the format dnsServerName.ServicesManagerDomain. For example, DNS01.cloudportal.com.

Supported record types

Services Manager supports the following types of DNS records:

Record Type Record Name Parameters

A IPv4 Host Record Host name

IPv4 Address

TTL

AAAA IPv6 Host Record Host name

IPv4 Address

TTL


CNAME Alias Alias

Host name

TTL

MX Mail Exchanger Host name

Target

Priority

TTL

NS Name Server Host name

Target

TTL

SRV Service Record Host name

Target

Service

Protocol

Priority

Weight

Port

TTL

TXT Generic Text Record Host name

Text

TTL

Record Type Record Name Parameters


Deploying the DNS service involves the following tasks:1. Configure the DNS service using the control panel.

2. Provision the DNS service to a customer.

3. Create test records to verify the service is configured correctly.

For deployment instructions, see Deploy the DNS service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-ocs-2007/ccp-10-services-config-ocs2007.html


Dynamics CRM

Jul 22, 2016

Updated: 2013-04-22The CRM service enables service providers to deliver a robust customer relationship management solution to customers

through Microsoft Dynamics CRM 2011, 2013, or 2015. Customers enjoy a 360-degree view of their customers along with

automated workflows, ease of reporting, and a granular security structure.

The CRM service supports Internet-facing deployments (IFDs), which makes CRM organizations available from the Internet.

Additionally, the service is deployed for use with Active Directory Federated Services (ADFS).

System requirements

When configuring the Dynamics CRM service in your environment, ensure the following requirements are met:

A CRM Deployment Administrators security group has been created and has all required CRM Deployment Administrator

permissions to CRM Active Directory groups. Additionally, the CRM Deployment Administrator role has all required

permissions to the SQL Server instance where the CRM databases are stored. Finally, a CRM Deployment Administrator

domain user account has been created and added to the CRM Deployment Administrators security group.

When you install and configure the ADFS and Dynamics CRM services, you will need to supply this group and account

information to enable CloudPortal Services Manager to work with your CRM deployment. For more information about

creating CRM Deployment Administrators and assigning permissions, see the article "Creating a New CRM Deployment

Administrator Account" on the Microsoft TechNet web site (http://technet.microsoft.com/en-us/library/gg197627.aspx).

The user who is installing CRM has the following roles in SQL Server Reporting Services:

Content Manager role at the root level

System Administrator role at the site-wide level

For more information about assigning permissions for deploying CRM, see the article "How to assign the minimum

permissions to a deployment administrator in Microsoft Dynamics CRM 4.0" on the Microsoft Support web site

(http://support.microsoft.com/kb/946686).

Claims based authentication is optional. If you wish to use claims based authentication, t configure this from the CRM

Deployment Manager.

The Internet-facing Deployment feature has been configured. This feature enables integration of ADFS with CRM. For

help configuring an Internet Facing Domain (IFD) for CRM, see the "IFD for Microsoft Dynamics CRM 2011" video,

located at http://www.youtube.com/watch?v=T9jZIxDTsBw. Although this video is intended for CRM 2011, the same

principals apply for CRM 2013, and CRM 2015

The ADFS service user account (typically, Network Service) has Read access to the customer's OU. This is required for

successful authentication.

After configuring CRM, verify that user connections are successful and there are no certificate errors. Test the environment

by creating an organization using the CRM Deployment Manager and, afterward, browsing to the site.


Deploying the CRM service involves the following tasks:

1. Deploy the ADFS web service on the ADFS server in your environment and enable the server to execute PowerShell

http://technet.microsoft.com/en-us/library/gg197627.aspx

http://support.microsoft.com/kb/946686

http://www.youtube.com/watch?v=T9jZIxDTsBw


commands.

2. Configure the Dynamics CRM service using the control panel.



File Sharing

Jun 05, 2015

Updated: 2013-02-07The File Sharing service for Services Manager provides file sharing services from the cloud. A service provider can host a file

server with multiple customer file shares on the system directory. Security permissions limit customer access to shared

folders.

After provisioning, customers can use their file share directory to store and transfer files to others in the organization,

manage the directory subfolders, and assign folder permissions to users. Users can access the customer's file share directory

through another mechanism. For example, the file share can be configured as a resource through the Citrix service and

accessed in a Citrix XenApp session.

The File Sharing service requires no web service to be installed on the file server. You need only to configure the service in

the Services Manager control panel.

Requirements

On applicable firewalls, open SMB (445) and RPC (various) ports bi-directionally between the DNS server(s) and both the

Services Manager web and provisioning servers. RPC uses random ports above port 1056; therefore, non-stateful inspection

firewalls might require open ports above 1056.


In general, deploying the File Sharing service involves the following tasks:1. Ensure the f ile share path exists in your environment.

2. Configure the service using the control panel.


For deployment instructions, see Deploy the File Sharing service.

File share path creation

If the required file share path does not exist when you configure the File Sharing service, Services Manager can create it

automatically. To allow Services Manager to do this, you must grant Services Manager permissions on the target file server.

If you do not want to grant these permissions to Service Manager, be sure to create the file share you wish to use before

you configure the service.

Changes in Active Directory

When a customer is provisioned with the File Sharing service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> FSS is created and all Full Service Administrator users

are added as members.

The global security group FSS <CustomerShortName> FULL is created. No members are added to this group until users

are provisioned.

The global security group FSS <CustomerShortName> NONE is created. Users that are not provisioned with the File

Sharing service are members of this group.

When a user is provisioned with the File Sharing service, the user becomes a member of the global security group FSS

<CustomerShortName> FULL.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-citrix.html




Jun 05, 2015

Updated: 2014-11-17The Hosted Apps and Desktops web service for Services Manager allows service providers to manage and delegate end-user administration of applications, desktops, and resources. This service comprises three components:

XenApp Web Service, which you install on a controller in your XenApp farm.

XenDesktop Web Service, which you install on a controller in your XenDesktop Site.

App Orchestration Configuration Tool, which you can install on your App Orchestration configuration server, when your

XenApp and XenDesktop deployments are managed by App Orchestration.

Using this service, you can:Support public and private offerings of applications, desktops, and other resources such as printers and f ile shares to

customers and users.

Create offerings that are private for one customer.

Set default applications, desktops, and resources for customers and users.

Set price and cost controls per application, desktop, and resource.

Configure settings at several levels, thus allowing you to override one or more settings for a particular customer.

Use App Orchestration to manage offerings from multiple Citrix XenApp farms and XenDesktop sites in a single Active

Directory console.

Note: This enhanced version of the Hosted Apps and Desktops web service offers expanded support and replaces theprevious version of the service.


Deploying the Hosted Apps and Desktops web service includes the following tasks:1. Review and complete the requirements described in this topic.

2. Install the service.

3. Configure the service.

4. Configure service offerings.

5. Provision the service.

Supported versions

The Hosted Apps and Desktops web service is supported on servers running one of the following minimum versions:Citrix XenApp 6.5 FP3, 7.5, and 7.6

Citrix XenDesktop 7.1, 7.5, and 7.6

Citrix App Orchestration 2.5 and 2.6

Note: If your environment includes earlier XenApp versions that you do not want to update to a supported version, installand use the Citrix web service for Services Manager. Also, use the Citrix web service if your environment requires applicationgroups or server collections.

Requirements and considerations for all deployments

Before installing the Hosted Apps and Desktop web service, add the servers where you will install the service (XenApp

controller, XenDesktop Controller, or App Orchestration configuration server) to the built-in CortexReadOnly group. Then,

restart each server you added to the group.

When using Internet Explorer 11 to access the Services Manager control panel to configure and provision the service,


ensure the following Compatibility View Settings are cleared:Display intranet sites in Compatibility View

Use Microsoft compatibility lists

Requirements and considerations for deploying the web service on a XenApp or XenDesktop Controller

On the XenApp or XenDesktop controller, complete the following before installing the web service:Ensure the XenApp or XenDesktop server has PowerShell remoting enabled and that the execution policy is set to

RemoteSigned.

Ensure that XenApp or XenDesktop is fully installed and configured, and that the operating system has all recommended

updates.

You must be a full XenApp or XenDesktop administrator to configure the web service.

Ensure that the f irewall on the server allows communications with the web service: the default is 8095. This must be the

same port that you specify when configuring the web service.

The web service installer will install or enable the following on the XenApp or XenDesktop controller, if not already present:.NET Framework 4.0

Remote Desktop Services

Web Server (IIS) 7 Role Services

ASP.NET

ASP.NET 4.5 (Windows Server 2012)

Windows Authentication

Management Scripts and Tools

Management Console

Hostable Web Core (Windows Server 2012)

IIS 6 Management Capability > IIS 6 Metabase Compatibility

SQL Server System CLR Types

SQL Server Shared Management Objects

WCF HTTP Activation 4.5 (Windows Server 2012)

You need a file server to support the creation of User Profile and Terminal Services Profile folders. You can use the same file

server for deploying this service and File Sharing services.

Requirements and considerations for deploying the web service on an App Orchestration configurationserver

Set up your App Orchestration deployment. For more information, refer to the product documentation for your installedversion:

App Orchestration 2.5 product documentation

App Orchestration 2.6 product documentation

http://docs.citrix.com/en-us/app-orchestration/app-orchestration-2-5/app-orchestration-25-whats-new.html#par_text_1

http://docs.citrix.com/en-us/app-orchestration/app-orchestration-2-6.html#par_anchortitle_542e


Hosted Exchange

Oct 05, 2016

Updated: 2014-08-29The Hosted Exchange service for CloudPortal Services Manager delivers full-featured Microsoft Exchange services from the

cloud.

Supported versions

The Exchange service supports the following versions of Windows Server and Microsoft Exchange.

VersionWindows Server

2008Windows Server

2008 R2Windows Server

2012Windows Server

2012 R2

Exchange 2007 SP3 X

Exchange 2010 SP3 X X

Exchange 2013 X X

Exchange 2016 X X

Important: For Active Directory forests and domains at the Windows Server 2012 R2 functional level, the Exchange serviceis supported on Exchange 2013 SP1 only. For more information, refer to the article "Exchange 2013 system requirements"on the Microsoft TechNet web site.

Exchange web service server requirements

When configuring the server that will run the Exchange web service, perform the following tasks:Install all recommended operating system patches.

Enable Remote Desktop Services.

Disable User Account Control (UAC).

Enable the following IIS 6 and 7+ roles:

Web Server > Application Development > ASP.NET



Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility

Install the .NET Framework 4.0.

Install Microsoft Exchange Management Tools.

Exchange User Plans are used as templates for Exchange mailboxes. User Plans define which protocols are enabled, plus

mailbox limits and data storage. The installation process creates one package, which is used to test the installation. This

package specif ies the mail databases to use (Server / Storage Group). One or more storage groups are created when

Exchange is installed; select one to use for the installation test.

Account requirements

Ensure the account that is being used for the installation has Domain Admin, and Exchange Administrative rights. This is

http://technet.microsoft.com/en-us/library/aa996719%28v=exchg.150%29.aspx


required for successful installation of the Exchange web service.

Configuration requirements

How you configure Exchange to work with CloudPortal Services Manager typically depends on whether you are deploying a

single version of Exchange or creating a mixed environment where multiple supported versions of Exchange are included.

For single-version deployments of Exchange 2007 SP3, the Services Manager Configuration Tool performs the followingtasks:

Task Action Performed

Enable the ListObjectpermission

In ADSIedit, the dsHeuristics property, located in the CN=Services > CN=Windows NT >CN=Directory Service container, is set to 001.

Disable theDefault Email-Address policy

In ADSIedit, the following properties, located in the CN=Services > CN=Microsoft Exchange >CN=ExchangeOrganization > CN=Recipient Policies > CN=Default Policy container are modif ied:

msExchLastAppliedRecipientFilter: Alias -eq 'NoSuchEmail'

msExchQueryFilter: Alias -eq 'NoSuchEmail'

Replace the current entry for msExchPurportedSearchUI: Microsoft.PropertyWell_QueryString=

(mailNickname=NoSuchEmail)

purportedSearch : (&(objectclass=PublicFolder)(!(extensionAttribute15=*)))

Lock down thedefault globaladdress lists

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization node >CN=Address Lists Container > CN=All Global Address Lists > CN=Default Global Address Listscontainer properties, the following modif ications are performed:

Inheritable permissions are not allowed to propagate.

The Authenticated Users group has the Read permission of msExchAvailabilityAddressSpace set

to Deny. All other permissions are removed.

The Everyone group is removed.

Lock downaddress lists

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization >CN=Address Lists Container > All Address Lists > All Users contain properties, the followingmodifications are performed:

Inheritable permissions are not allowed to propagate.

The Everyone and Authenticated Users groups are removed.

The Proxy USERS group has the Read permission set to Deny.

These modifications are also performed for All Groups, All Contacts, All Rooms, and Public Folders

containers.

Lock down theAll Address Listscontainer

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization >CN=Address Lists > CN=All Address Lists container properties, the Proxy USERS group is added withthe following settings:

Apply to: This object only

List contents: Deny

List Object: Allow


Delete thedefault off lineaddress list

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization> CN=Address Lists > CN=Offline Address Lists container, the CN=Default Offline Address List

container is deleted.

Set permissionson theExchangeorganization

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization container,the Proxy USERS group is added with the following settings:

Read: Allow

Apply to: This object only

List contents: Allow

List object: Allow

Read all properties: Allow

Read permissions: Allow

Task Action Performed

For single-version deployments of Exchange 2010 SP3 or Exchange 2013, the Configuration Tool disables the Default Email-

Address policy only.

For mixed Exchange deployments that include Exchange 2013 or Exchange 2010 SP3 servers in the same environment asExchange 2007 SP3 servers, the globalAddressList2 attribute must be populated with entries from the globalAddressListattribute. The globalAddressList2 attribute was introduced in Windows Server 2008 R2. In an environment that includesExchange 2013 or 2010 SP3, an address list must be populated into the attribute to ensure correct operation. Exchange2013 and 2010 SP3 manage the globalAddressList2 attribute automatically, but Exchange 2007 SP3 does not. To populatethis attribute, perform the following actions:1. Copy the globalAddressList attribute into the globalAddressList2 attribute.

2. To populate globalAddressList2 with all entries from globalAddressList, run the following PowerShell script:

$configroot = ([adsi]"LDAP://rootdse").ConfigurationNamingContext$MSEXOU = [adsi]("LDAP://CN=Microsoft Exchange,CN=Services,$configroot")[array]$gal = $nullforeach ($dn in get-GlobalAddressList) { $gal += ($dn.distinguishedname)}$gal = '@("' + ([string]::join('"," ' , $gal)) + '")'$MSEXOU.putEx(2, 'globalAddressList2', (invoke-expression "$gal"))$MSEXOU.setinfo()


1. Install the Exchange web service on a server with the Exchange Management Tools installed.


3. If required for your deployment, configure the service for importing and exporting PST f iles.

4. If required for your deployment, configure Unif ied Messaging.


For deployment instructions, see Deploy the Hosted Exchange service.

Provisioning changes in Active Directory

When provisioning requests are issued for the Exchange service, CloudPortal Services Manager enacts several changes in

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-exchange.html


Active Directory.

Customers

When a customer is provisioned with the Exchange service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> HE is created and all Full Service Administrator users

are added as members.

The global security group HE <CustomerShortName> <ServiceAccessLevelName> is created for each user plan selected

for the customer. No members are added to these groups until users are provisioned with the Exchange service at the

corresponding level.

The global security group HE <CustomerShortName> NONE is created. No members are added to this group until users

are deprovisioned.

Users

When a user is provisioned with the Exchange service, the following changes occur:The user becomes a member of the HE <CustomerShortName> <ServiceAccessLevelName>.

Adding contacts

When contacts are added for a customer, the following changes occur:A Contact Type object is created under the customer organizational unit (OU) using the format

<ContactName>_<CustomerShortName>.

Creating distribution groups

When distribution groups are created for a customer, the following changes occur:A universal distribution group is created under the customer OU using the format Distribution <CustomerShortName>

<DistributionGroupName>


Lync Enterprise and Lync Hosted

Jun 05, 2015

Updated: 2014-08-29The Lync Enterprise and Lync Hosted services for Services Manager deliver unified communication services from the cloud.

Installing the Lync web services creates a web site on the Lync Front-End server. Both the Services Manager Web server and

Provisioning server issue commands on the Lync Front-End Server using a web service.

The Lync Enterprise service brings basic multi-tenancy to environments using Microsoft Lync Enterprise 2010 or 2013. The

Lync Hosted service is deployed in environments using Lync Server 2010 or 2013 Multitenant Pack for Hosting, which

provides full isolation of customers.

Supported versions

The Lync Enterprise and Lync Hosted services support the following versions of Lync Server:

Service Name Lync Server Version

Lync Enterprise (2010) Lync Server 2010

Lync 2010 for Hosted Lync Server 2010 Multitenant Hosting Pack

Lync Enterprise 2013 Lync Server 2013

Lync Hosted 2013 Lync Server 2013 Multitenant Hosting Pack

Lync server requirements

When configuring the servers that will run the Lync Enterprise or Lync Hosted web services, ensure the followingrequirements are met:

Requirement Lync Server2010

Lync Server2013

Install .NET Framework (Full) Version 4.0 Version 4.5 (64-bit)

Install Lync Server Management Shell Yes Yes

Enable IIS 6.0 (minimum) Yes Yes

Enable Remote Server Administration Tools > Role Administration Tools > AD DSand AD LDS Tools

Yes Yes

Enable PowerShell Version 2.0 Version 3.0


Certificate and DNS requirements

When preparing your Lync deployment for provisioning to customers, ensure the domain for the customer you are

provisioning is included on the certificates that exist on the Lync Front-End and Director servers.

For provisioning the DNS records required for the Lync services, configure the DNS service. This enables Services Manager to

provision the customer's forward lookup zone, as well as create the Host (A) record for SIP, and create the SRV records

required when you provision the Lync service. You can define the Lync DNS records that Services Manager will create when

you configure the Lync service settings. For more information about configuring the DNS service, see Deploy the DNS

service.

If the DNS service is not configured, you will need to create the following DNS records manually for each customer:A forward lookup zone for the domain to which you are provisioning the customer.

SRV records, _sipinternal and _sipinternaltls

Host (A) record for SIP, specifying the Lync Director server's IP address

Deployment overview

Typically, deploying the Lync services includes the following steps:1. For Lync 2013, deploy the Distributor Report f ix according to the instructions in CTX139274, in the Citrix Knowledge

Center.

2. Install the web service on the Lync Front-End server.

3. Configure the Lync service using the control panel.

4. If you intend for Services Manager to provision DNS records for the Edge and Front-End servers in your deployment,

configure the DNS service.


For deployment instructions, see the following topics:Deploy the Lync Enterprise 2010 and Lync Hosted 2010 services

Deploy the Lync Enterprise 2013 and Lync Hosted 2013 services

Changes to the server during installation

As part of the installation process, the Configuration Tool performs several tasks when you install the Lync 2010 or 2013web services.

Tasks performed Lync 2010 Lync 2013

Web service account iscreated in ActiveDirectory

Default service account: csm_lync_svc Enterprise: csm_lync_svc

Hosted:

csm_lynchosted_svc

Web service account isadded to ActiveDirectory groups

CSAdministrator

Domain Users

RTCUniversalServerAdmins

Note: You must add the web service account manually tothe CortexWSUsers group.

CortexWSUsers

CSAdministrator

Domain Users

RTCUniversalServerAdmins

Lync Front-End serveraccount is added to

No. You must add the server accounts for the Front-Endand Director servers manually to the CortexAdmins group.

Yes

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-sharepoint/ccp-10-services-config-sharepoint-2010.html

http://support.citrix.com/article/CTX139274


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-lync-2013.html


CortexAdmins securitygroup

Reboot these servers for membership to take effect.

Application pool iscreated in IIS

Enterprise: Citrix Csm Lync WS

Hosted: Citrix Csm Lync Hosted WS

Enterprise: Citrix Csm Lync

Enterprise 2013 WS

Hosted: Citrix Csm Lync

Hosted 2013 WS

Service web site iscreated in IIS

Enterprise: LyncWS

Hosted: LyncHostedWS

Enterprise:

LyncEnterprise2013WS

Hosted:

LyncHosted2013WS

Tasks performed Lync 2010 Lync 2013


Mail Archiving

Jun 05, 2015

Updated: 2013-02-20The Mail Archiving service enables service providers and resellers to set up Exchange 2007 and 2010 journaling rules for their

customers. Incoming and outgoing email are included in a journal report which is sent to the customer's journaling inbox.

The journal report contains the transport envelope data of the archived message and the original message is included as an

attachment.

The Mail Archiving service requires no web service to be installed. You need only to configure the service using the Services

Manager control panel. The Mail Archiving service's customer plan defines the journaling type that is provisioned to

customers.

Supported journaling types

Services Manager supports the following journaling types:Internal journaling

External journaling

Global Relay, where mail is archived offsite through the Global Relay Message Archive service


Deploying the Mail Archiving service involves the following tasks:1. Determine the journaling types you will offer to customers.



For deployment instructions, see Deploy the Mail Archiving service.

Provisioning changes in Active Directory and Exchange

When users are provisioned with the Mail Archiving service, they become members of the MARCH {CustomerShortName}

FULL group.

When a customer is provisioned with the External customer plan, the following changes occur:

Changes in Active Directory Changes in Exchange 2007 and 2010

Contact {CustomerShortName} ArchiveMailbox Contact is added.

{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.

Universal Security Group{CustomerShortName} Archive Mailboxesare added.

{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].

Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.

{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).

Journal Reports are sent to {CustomerShortName} Archive MailboxContact.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-upgrade-cpsm11/ccps-upgrade-reporting/ccps-upgrade-reporting-task.html


Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}


When a customer is provisioned with the Internal customer plan, the following changes occur:


User “mailarchive_{CustomerShortName}" isadded.

{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.

Universal Security Group{CustomerShortName} Archive Mailboxes isadded.

{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].

Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.

{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).

Journal Reports are sent to {CustomerShortName} Archive MailboxContact.

Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}


Microsoft Office Communication Server 2007

Jun 05, 2015

Updated: 2013-04-18The Office Communication Server 2007 (OCS) service for Services Manager delivers unified communication services from the

cloud. Using the Office Communicator client software, users enjoy an array of communication options, including group

chats, status updates, and video conferencing.

The OCS service uses a WMI connection to the Office Communications Server in your environment. The service requires no

web service to be installed. You need only to configure the service through the Services Manager control panel.

Supported versions

The OCS service supports the following OCS versions:Office Communication Server 2007

Office Communication Server 2007 R2

Before you deploy the OCS service, you must have a supported version of OCS deployed in your environment.

Requirements

To allow provisioned users to connect to Communicator, perform the following actions:If needed, change the scope of the CortexAdmins group from global to universal.

Include the RTCUniversalAdmins and RTCUniversalReadOnlyAdmins groups in the CortexAdmins group.

On the OCS server, restart all services that use RTC credentials.

To enable OCS reporting, configure and enable the OCS Monitoring Service on the OCS server. During configuration,perform the following actions on the OCS server:

Use both TCP/IP and named pipes for local and remote connections.

Allow SQL Server mode and Windows Authentication mode.

Add a SQL Server logon that has been granted db_datareader and db_owner permissions to the following OCS

databases: RTC, RTCDYN, and LCSCDR (this database is present only when OCS Monitoring is enabled).


Deploying the OCS service involves the following tasks:1. Configure the service using the control panel.

2. If using in a multi-tenanted environment, partition the address book by OU.

3. If OCS 2007 R2 is installed in the Configuration container instead of System, update the location on the Services

Manager Provisioning server. By default, Services Manager looks for OCS settings in the System container.


For deployment instructions, see Deploy the Office Communication Server 2007 service.




Jun 05, 2015

Updated: 2014-01-20The Microsoft SQL Server Hosting service for Services Manager enables you to host instances of Microsoft SQL Server

from the cloud.

The service requires no web service to be installed and uses a remote connection to Microsoft SQL Server in your

environment.

Multiple SQL Server databases can be provisioned to a customer and the customer can then assign users to the databases.

The customer's databases can be provisioned to different SQL Servers or instances, depending on the resource

configuration.

Supported versions

The Microsoft SQL Server Hosting service supports the following versions of SQL Server:Microsoft SQL Server 2005

Microsoft SQL Server 2008

Microsoft SQL Server 2008 R2

Microsoft SQL Server 2012

Requirements

When preparing SQL Server for your Services Manager deployment, perform the following tasks:Ensure the SQL Server is a member of a domain managed by Services Manager.

Set the Authentication mode to SQL Server and Windows Authentication.

Enable remote connections to the server.

Enable protocols for remote connection, such as TCP/IP.

Open inbound f irewall ports required for the SQL Server instance and for Services Manager. The port for default

instances of SQL Server is TCP 1433. The default port for Services Manager is TCP 8095.

Ensure the SQL Server Browser service is running and set to start automatically. This ensures Services Manager can

locate the SQL Server and enumerate the instances installed when you configure the Microsoft SQL Server Hosting

service in the control panel. If you are using named instances of SQL Server, ensure UDP port 1434 is also open for

inbound connections.

Install the SQL Native Client component on the Services Manager Provisioning server. The 32- and 64-bit clients for each

supported version of Microsoft SQL Server are available from the Microsoft downloads site.


Deploying the Microsoft SQL Server Hosting service involves the following tasks:1. Ensure the SQL Native Client component is installed on the Services Manager Provisioning server.

2. Configure the service using the control panel. This includes creating a server collection and retrieving SQL Server

instances from each SQL Server in the collection.


For deployment instructions, see Deploy the Microsoft SQL Server Hosting service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-mysql/ccp-10-services-config-mysql.html


MySQL

Jun 05, 2015

Updated: 2013-02-11The MySQL service for Services Manager enables service providers to grant customers the ability to create, modify, and

remove MySQL databases. Users can perform limited database operations according to the user roles that are assigned to

them.

Supported versions

The MySQL service is supported for use with MySQL 5.0 and 5.1.

Server requirements

When configuring the server that will be running MySQL, perform the following tasks:Run MySQL on the default port 3306.

Allow local and remote connections.

On applicable f irewalls, open the following ports:

Port 3306, to allow connections to the MySQL server.

Port 8095, to allow connections between the MySQL server and the Services Manager web and Provisioning servers.

Account requirements

Services Manager requires logon access to administer databases and users. If you are using multiple MySQL servers, use the

same account for all of them (suggested name: CortexMySQLHosting). This account must have DBA (grant all) global

privileges.

Supported database user roles

User roles are comprised of MySQL permissions. The following table describes the permissions that are included in each role.

MySQL Permissions ReadOnly Role DBA Role User Role Full Role

SELECT X X X X

INSERT X X X

UPDATE X X X

DELETE X X X

EXECUTE X X X X

SHOW VIEW X X

CREATE X X


ALTER X X

REFERENCES X

INDEX X X

CREATE VIEW X X

CREATE ROUTINE X X

ALTER ROUTINE X X

DROP X X

CREATE TEMPORARY TABLES X X X

LOCK TABLES X X X

MySQL Permissions ReadOnly Role DBA Role User Role Full Role


Deploying the MySQL service involves the following tasks:Install the web service on the MySQL server.

Configure the MySQL service using the control panel.

Provision the service to customers.

For deployment instructions, see Deploy the MySQL service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-customer-manage/ccps-customer-branding/ccps-customer-brand-assign.html


ShareFile

Jun 05, 2015

Updated: 2014-08-29The ShareFile service for Services Manager enables service providers and resellers to manage ShareFile accounts through

the Services Manager control panel. Customer administrators can also manage user accounts and ShareFile folder

permissions.

Support for ShareFile user types

The ShareFile service supports only Employee user accounts. You can create Client user accounts at ShareFile.com.

Support for ShareFile plans

The ShareFile service supports only the Enterprise customer plan. The service does not support the creation of additional

customer or user plans.

Requirements for using the service

Customers must have a Citrix ShareFile account. If the customer does not have an account, create one at ShareFile.com

before provisioning the service.

Customers' users must have working primary email addresses specif ied in Services Manager so they can receive ShareFile

account activation emails upon service provisioning.


Deploying the ShareFile service includes the following tasks:Import the ShareFile service package to the Services Manager control panel.

Configure the service using the control panel.

Create a scheduled task that synchronizes Employee user accounts between Services Manager and Citrix ShareFile.

Provision the service to resellers.

Provision the service to customers.


SharePoint

Jun 05, 2015

Updated: 2014-08-29The SharePoint 2010 and 2013 services deliver SharePoint web sites to customers for sharing documents and informationfrom the cloud. Services Manager integrates with SharePoint servers through a Windows Communication Foundation(WCF) service. This topic includes the following sections:

Supported versions

Service migration

SharePoint server requirements

PowerShell remoting requirements

SharePoint account requirements


Web service deployment methods

DNS provisioning

SharePoint 2013 licensing and Web Apps

Supported versions

The SharePoint services support the following SharePoint server and IIS versions:

Service Name SharePoint Server Version SharePoint Edition IIS Version

SharePoint 2013 SharePoint 2013

SharePoint 2013 SP1

SharePoint Enterprise 2013

SharePoint Standard 2013

SharePoint Foundation 2013

IIS 7.5

IIS 8.0

SharePoint 2010 SharePoint 2010 SharePoint Enterprise 2010

SharePoint Foundation 2010

IIS 7.0

IIS 7.5

Service migration

Migrating customers from the SharePoint 2010 service to the SharePoint 2013 service includes the following tasks:Upgrade your SharePoint 2010 deployment as described in the article "Overview of the upgrade process to SharePoint

2013" on the Microsoft TechNet web site.

Provision the SharePoint 2013 service to customers, but do not configure resources or sites.

Remove the SharePoint 2010 sites from the control panel.

Import customers' migrated sites to the control panel.

SharePoint server requirements

When preparing the server that will be hosting the SharePoint web service, ensure the following requirements are met.These requirements apply to both SharePoint 2010 and SharePoint 2013 unless otherwise specif ied.

Operating system Install one of the following operating systems:SharePoint 2010: Windows Server 2008 (minimum)

SharePoint 2013:

Windows Server 2008 R2 SP1 Standard, Enterprise, or Datacenter (64-bit)

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-sharepoint.html









http://technet.microsoft.com/en-us/library/cc262483.aspx

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharepoint-2013/ccps-sharepoint-2013-provision.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharepoint-2013/ccps-sharepoint-2013-site-import-remove.html



Windows Server 2012 Standard or Datacenter (64-bit)

SharePoint 2013 SP1: Windows Server 2012 R2 Standard or Datacenter

Remote DesktopServices

Enabled.

Windows Serverroles





SharePoint siteDNS management

Install and configure the DNS service to enable Services Manager to manage DNS for SharePointsites.

Web hostingservice

Install and configure the Windows Web Hosting service on the same SharePoint server that hoststhe SharePoint web service.

Service ports Open ports 8095-8098 and 5985 from the server hosting the SharePoint and Windows WebHosting services to the Services Manager Web and Provisioning platform servers.

Loopback check SharePoint 2010: Disabled. To do this:1. From the Registry Editor, select the following registry key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

2. Right-click Lsa, point to New, and select DWORD Value.

3. Type DisableLoopbackCheck.

4. Right-click DisableLoopbackCheck, then select Modify.

5. In the Value f ield, type 1.

6. Restart the server.

PowerShell remoting requirements

SharePoint 2010 and 2013 use PowerShell remoting to communicate with other servers in the environment. PowerShell

remoting must be enabled on the SharePoint server as well as on the Web and Provisioning servers in your Services Manager

deployment. Additionally, Credential Security Service Provider (CredSSP) authentication must be enabled.

SharePoint 2010

When you install the SharePoint 2010 web service, the Services Manager Configuration Tool configures PowerShellremoting by performing the following tasks:

Configures local policies:

Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management

(WinRM) > WinRM Service > Allow CredSSP Authentication

Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management

(WinRM) > WinRM Client > Allow CredSSP Authentication

Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Fresh Credentials with

NTLM-only Server Authentication (SPN=WSMAN/*domain)


Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Delegating Fresh

Credentials (SPN=WSMAN/*domain)

Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Specify

maximum amount of memory in MB per Shell

Checks for existing WinRM listeners. If a listener is not detected, winrm quickconfig is executed.

SharePoint 2013

Before you install the SharePoint 2013 web service, perform the following tasks to configure PowerShell remoting:Enable PowerShell remoting by running the following cmdlet on the SharePoint, Web, and Provisioning servers:

Enable-PSRemoting -ForceEnable CredSSP by running the following PowerShell cmdlets:

On the SharePoint 2013 server:

Enable-WSManCredSSP -Role ServerNote: After the script f inishes, restart the server.

On the SharePoint, Web, and Provisioning servers:

Enable-WSManCredSSP -Role Client -DelegateComputer *.domainEnable and configure the following local policies on the SharePoint 2013 server:

Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Fresh Credentials with

NTLM-only Server Authentication (SPN=WSMAN/*.domain)

Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Delegating Fresh

Credentials (SPN=WSMAN/*.domain)

Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Specify

maximum amount of memory in MB per Shell

SharePoint account requirements

The requirements in this section are applicable to both SharePoint 2010 and SharePoint 2013 unless otherwise specified.

Add the service account used for the SharePoint web service deployment and configurations to the farm. Use the

cmdlet Get-SPShellAdmin to look up the account name.

Add the web service account to the local Administrators group on the server hosting the SharePoint 2010 or SharePoint

2013 web service.

Add the web service account to the following security groups:

SharePoint Farm Administrators (SharePoint 2010)

Farm Administrators (SharePoint 2013)

Domain Admins

CortexWSUsers

CortexAdmins

Add the web service account to the following roles on the SQL Server deployed with SharePoint 2010 or SharePoint

2013:

SharePoint_Shell_Access

Dbcreator

Securityadmin

Sysadmin

Public

Ensure the web service account is a member of SharePoint Shell Admins and the SharePoint Process Account. You can

verify these memberships by using the following cmdlets:


Get-SPShellAdmin

Get-SPProcessAccount


Typically, deploying the SharePoint 2010 and 2013 services involve the following tasks:1. Configure the DNS service using the Services Manager control panel and provision to customers.

2. Install and configure the Windows Web Hosting web service on the SharePoint server that hosts the SharePoint web

service.

3. Install the SharePoint web service on the SharePoint farm server.

4. Configure the SharePoint web service using the control panel.

5. Add SharePoint farms to the control panel and configure for multi-tenancy.

6. Add and configure SharePoint feature packs, if applicable.

7. Configure SSL certif icates for provisioning to customer sites. (SharePoint 2013)

8. Provision the SharePoint service to customers.

The SharePoint web service is deployed on the application (front-end) server in the SharePoint farm. During the web service

installation process, the Services Manager Configuration Tool sets the SharePoint web service to the same application pool

identity as the SharePoint Central Administration site. This configuration is required for Services Manager to provision

SharePoint resources.

For deployment instructions, see Deploy the SharePoint 2010 service.

Web service deployment methods

You can deploy the SharePoint web service in the following ways:As a dedicated web service, where each SharePoint server in your deployment hosts the SharePoint web service. To

complete provisioning requests, each SharePoint server communicates directly with the Web and Provisioning servers as

appropriate.

As a shared web service, where the SharePoint web service is hosted on a single SharePoint server in your deployment.

To complete provisioning requests, this server communicates directly with the Web and Provisioning servers, and also

connects with the other SharePoint servers in the deployment as needed using PowerShell remoting.

Citrix recommends deploying the SharePoint web service as a dedicated web service. This method improves performance by

avoiding the potential for "double-hopping," where web service connections are relayed through a single point to other

SharePoint servers. Using a dedicated web service also improves reliability in the event of a server failure, as there are other

SharePoint servers that can provide web service connections.

DNS provisioning

You can enable DNS provisioning for SharePoint sites you provision through Services Manager. To do this, you must deploythe DNS service and provision it to customers. The following table describes DNS provisioning support in the SharePoint2010 and SharePoint 2013 services.

Servicename

SupportedDNS recordtypes

DNS record conf iguration DNSenabledbydefault?

SharePoint2010

Host (A)

CNAME

Control panel: Configuration > System Manager > Service Deployment >

SharePoint 2010 > Service Settings

No



Manages only one record type at a time. Changing the DNS record type

after sites are created is not recommended as it results in duplication of

DNS records.

SharePoint2013

Host (A) Control panel: Configuration > System Manager > Service Deployment >SharePoint 2013 > Service Settings

Yes

Servicename

SupportedDNS recordtypes

DNS record conf iguration DNSenabledbydefault?

When a SharePoint site is provisioned, a DNS record is created if the following requirements are met:A DNS record type is defined for the site.

The SharePoint site URL includes a subdomain (for example, http://site01.sharepoint-domain.com).

The DNS zone for the site is provisioned to the customer (for example, if the site URL is "site01.sharepoint-domain.com,"

the DNS zone "sharepoint-domain.com" must be provisioned to the customer before the site is provisioned.

After the DNS record is created, you can view the record using the following methods:From the control panel: Services > DNS > DNS Records

From the DNS server, using the DNS Manager snap-in, under Forward Lookup Zones for the domain

For instructions on enabling DNS provisioning for SharePoint 2010 sites, see To enable DNS for the SharePoint 2010 service.

SharePoint 2013 licensing and Web Apps

In Services Manager, SharePoint 2013 farms can have one of the following licenses: Foundation, Standard, or Enterprise.

When a SharePoint farm has only Foundation features enabled, customers are billed for each site with access to those

features. When a farm has Standard or Enterprise features enabled, customers are billed for each user provisioned to a site

with access to those features. For users of Standard or Enterprise sites, the license they are provisioned governs the set of

features that are available when they access the site. For example, if a user has a Standard license and accesses a site with

Enterprise features, the license allows the user to access only the Standard set of features on the site.

To determine whether or not per-user licensing is enabled for a farm, use the SharePoint cmdlet Get-SPUserLicensing.

When you create a SharePoint farm through the control panel, the farm has Foundation licensing by default. You can

configure the license on the Services > SharePoint 2013 > Farm Configuration page. However, after the farm is provisioned

to a customer, you cannot modify the license.

For farms with Standard or Enterprise licenses, you can also enable Microsoft Office document editing and MicrosoftProject features within SharePoint. These options have the following requirements:

To use this option... These items are required...

Edit Office Web Apps Users must have licenses to use Office applications

SharePoint farm must be configured to work with Office Web Apps Server

Project Web Apps Users must have licenses to use Project

SharePoint farm must be configured to work with Project Web App

When these options are enabled for the farm, you can choose to enable these options for users that are provisioned with

Standard or Enterprise user plans (and the appropriate product licenses). These options apply to all sites to which users are

provisioned. For example, if a user has the Edit Office Web Apps option enabled and has a Microsoft Word user license, the



user can modify Word documents stored on all of the SharePoint sites to which the user has access. However, if the Edit

Office Apps option is disabled for the user, then the user can no longer modify Word documents on any of their sites.

When these options are enabled for a user, the user is added to the following security groups:SharePoint2013 EditOfficeWebApps

SharePoint2013 Project


Virtual Machines

Jun 05, 2015

Updated: 2013-05-17The Virtual Machines service for Services Manager delivers virtual datacenters from the cloud. The service integrates with

Microsoft System Center Virtual Machine Manager (SCVMM) for VM management and supports Microsoft Hyper-V Server.

Customers provisioned with the Virtual Machines service can create and manage the virtual servers in their organizations.

Customers can add and configure new virtual servers, create checkpoints that enable restoring virtual servers to a previous

state, and add or remove servers from available networks.

Customers can be assigned resource pools which include limits on total disk storage, memory, processors, and number of

virtual machines. When a resource pool is assigned, the customer can create, manage, stop, start, upgrade, and downgrade

their virtual servers through the Services Manager control panel. If more resources are needed, the customer's reseller can

add the required resources.

Customers can be assigned one or more virtual networks and Services Manager can automatically assign a VLAN tag or

allow the customer to assign the tag manually. After the network is set up, the customer can add or remove virtual servers

from the virtual network. Virtual networks can span across multiple physical hosts managed by the same SCVMM server.

This means that customers' virtual servers can be distributed across hosts.

Supported versions

The Virtual Machines service supports the following versions of SCVMM and Windows Server:

Version Windows Server 2008 R2 Windows Server 2012

SCVMM 2008 R2 SP1 X

SCVMM 2012 SP1 X

Additionally, the Virtual Machines service supports Microsoft Hyper-V Server 2008 R2.

General requirements

Windowsserver roles

Enable the following Windows server roles:Web Server > Application Development > ASP.NET


Microsoft.NETFramework4

Installed.

SCVMMconsolesoftware

Install the System Center Virtual Machine Manager 2008 R2 Administrator Console.


ActiveDirectorygroups

An Active Directory security group is added to Hyper-V servers to enable remote connections. Yourenvironment must allow security groups to be added to the host from the domain containing theServices Manager components.

SCVMM role requirements

In SCVMM, a Self Service user role is required for integration with Services Manager. Create this role with the followingsettings:

User role name: SelfService

User role profile: Self-Service User

Role member: CortexWSUser

Select the VM host groups that Services Manager will manage

Grant permissions: All actions

Allow users to create new VMs

Do not allow users to store VMs in a library

Firewall requirements

Open inbound TCP port 8095 on the server hosting the Virtual Machines web service. Additionally, open the followingfirewall ports, by role:

Role Port Description

SCVMM servers 8100 VMM - Administrator Console to VMM server

Asinstalled

RDP - self-service portal website port

If using a remote VMMdatabase

1433 TDS - SQL Server

Virtual server 5900 VMRC - VMRC connection to virtual server host

Hyper-V hosts 80 WinRM - VMM server to VMM agent on Windows Server-based host(control)

443 BITS - Library server > hosts

445 SMB - VMM server to VMM agent on Windows Server-based host (data)

2179 RDP - VMConnect to Hyper-V hosts

5900 VMRC - connection to virtual server host

Virtual machines 3389 RDP - Remote desktop to VMs


Security software scanning rules

Remove the following folders or executables from real-time scanning by security software:The default virtual machine configuration folder (for example, C:ProgramDataMicrosoftWindowsHyper-V) and any

custom virtual machine configuration folders

The default virtual machine hard disk drive folder (for example, C:UsersPublicDocumentsHyper-VVirtual Hard Disks) and

any custom virtual machine hard disk drive folders

Snapshot folders

VMMS.EXE - Virtual Machine Management Service

VMWP.EXE - Virtual Machine Worker Process

If you use Hyper-V Live Migration with Cluster Shared Volumes, remove the Cluster Storage folder (for example,

C:Clusterstorage) and all subfolders.

Network access

For each Hyper-V host, use SCVMM to set up network access:Configure network adaptors.

Configure VLAN ranges for VLAN trunking.

Hyper-V hosts can be stand-alone or clustered. Services Manager supports Cluster Shared Volumes for provisioning highly

available VMs.

For each Hyper-V host Services Manager is to manage, refer to article CTX129850, "How to Add a Hyper-V Host to

Cortex," in the Citrix Knowledge Center.


Deploying the Virtual Machines service involves the following tasks:1. Install the web service on the SCVMM server.


3. Verify the connection to SCVMM and synchronize resources.

4. Add Hyper-V hosts to Services Manager. See article CTX129850, "How to Add a Hyper-V Host to Cortex," in the Citrix

Knowledge Center.

5. Create virtual servers and networks using the control panel.

6. Establish remote connectivity to virtual servers so that customers can access them when they are provisioned the

service. See article CTX129846, "How to Connect to a Virtual Machine," in the Citrix Knowledge Center.






Windows Web Hosting

Jun 05, 2015

Updated: 2013-05-11The Windows Web Hosting service enables service providers to host customers' web sites on Windows-based web servers.

The service also provides IIS support and DNS management.

Supported platforms

The Windows Web Hosting service supports the following IIS and Windows Server versions:

Version Windows Server 2008 Windows Server 2008 R2 SP1 Windows Server 2008 R2 SP1 Web Edition

IIS 7 X

IIS 7.5 X X

Requirements

When configuring the IIS server, perform the following tasks:Enable CloudPortal Services Manager DNS Services and enable DNS records for the Services Manager Windows Web

Hosting Service.

Install CloudPortal Services Manager Windows Web Hosting Service.

Create Web hosting root directory and shares with appropriate permissions

Create AD user and groups for FTP access and grant them appropriate permissions to the Web hosting root directory

In IIS Manager, create an FTP site with the following settings:

Setting Name Value

FTP site name Enter a name of your choosing.

Physical path Enter the path to the web hosting root directory.

IP Address Enter an IP address that is unique across all FTP sites.

Start FTP site automatically Select this option.

Enable Virtual Host Names Leave blank.

SSL Select Allow SSL.

Authentication Select Basic.

Allow access to Select Specif ied roles or user groups and enter as domainCortexIISUser


Permissions Select Read and Write.

FTP User Isolation > Isolate

users

Select FTP home directory configured in Active Directory and enter the

credentials as domainCortexIISUser

FTP Authentication > Basic

Authentication

Click Edit and enter the fully qualif ied domain name for the user's default logon

domain.

Setting Name Value


Deploying the Windows Web Hosting service involves the following tasks:1. Configure the service using the control panel. This includes creating a server collection.

2. If required, retrieve the certif icate list on the web server and enable availability to customers' sites.

3. If required, retrieve the IP address list on the web server and modify as appropriate.



Install

Jun 05, 2015

Updated: 2013-02-04Deploying Services Manager first comprises installing and configuring core components (server roles) and locations. The

Setup Tool manages prerequisites and installs server roles. The Configuration Tool configures server roles and locations.

Both tools offer a graphical wizard-driven interface and a command-line interface.

After you install the server roles, and configure the roles and locations, you install and configure the web services. See

Deploy services for details.

For the graphical interface, refer to the following topics:To install server roles using the graphical interface



For the command-line interface, refer to the following topics:To install server roles from the command line

Configure server roles and locations from the command line.


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccp-10-install-wrapper/ccps-install-roles-gui.html


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccp-10-install-wrapper/ccps-install-config-locations-gui.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccp-10-install-wrapper/ccps-install-roles-cli.html



Install and configure the Encryption Service

Jun 05, 2015

Updated: 2014-08-29Important: Install and configure the Encryption Service before installing any other platform server roles. This ensures theConfiguration Tool can access the service's encrypted key when other platform components and services are installed.Additionally, Citrix strongly recommends using SSL with the Encryption Service. Because the traffic to and from the service

contains sensitive data, using SSL ensures this traffic is encrypted appropriately.

When you configure the Encryption Service, the Configuration Tool performs the following actions:Creates a service account in Active Directory. By default, the service account name is csm_core_svc.

Creates an application pool and web site in IIS and configures authorization rules to limit access to the Domain Admins

group or the CortexWSUsers group.

Generates an encryption key and stores it in Windows Registry.

To install and configure the Encryption Service using the graphical interface

1. From the installation media, double-click Setup.exe and then click Get Started.

2. On the Select Deployment Task page, select Install CloudPortal Services Manager.

3. On the Install CloudPortal Services Manager page, select Configure Encryption Service.

4. On the License Agreement page, accept the license agreement and click Next.

5. On the Ready to Install page, click Install. The Deploying Server Roles page indicates the progress of installing

prerequisites, the Configuration Tool, and the Encryption Service.

6. On the Deployment Complete page, click Finish.

7. On the Configure Application Pool Identity page, enter a password for the Encryption Service's service account. By

default, the username is csm_core_svc. Click Next.

8. On the Configure Site Binding page, select Use SSL and select the SSL certif icate you want to use. Click Next.

9. On the Summary page, click Commit.

10. After the configuration is completed, click Finish to return to the Install CloudPortal Services Manager page.

To install and configure the Encryption Service using the command line

1. On the server you prepared to host the Encryption Service, log on as a domain administrator.

2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.

3. At the command prompt, enter CortexSetupConsole.exe /install:EncryptionService. The Setup Tool installs the service

and returns the command prompt.

4. At the command prompt, enter install-locationConfigurationCortexConfigConsole.exe and specify the following

properties:

Property Description

/ESUserName:username The application pool user for the Encryption Service.

/ESPassword:password The application pool password.

/ESPort=port The port number to use when creating a site binding for the service. Default = 443


/AutoCreateESUser:True

| False

Optional. Automatically create the application pool user account in Active Directory if

the account does not exist already. Default = True

/ESSslCertif icate The friendly name of the SSL certif icate to use in the site binding. Optional if /ESUseSsl is

set to False.

/ESUseSsl:True | False Whether or not to use SSL. Default = False


Install-location denotes the web service installation directory on the local computer. The default directory is C:Program

Files (x86)CitrixCortex.


Generate and export keyfiles for the EncryptionService

Jun 05, 2015

Updated: 2014-08-29When you install and configure Services Manager platform components or services, the Configuration Tool attempts to

discover the presence of the Encryption Service and access the encryption key that was created when you installed the

Encryption Service. If the attempt is unsuccessful, the Configuration Tool prompts you to import a keyfile. You can generate

and export this keyfile manually through the Encryption Service web site.

To access the Encryption Service web site and generate the keyfile, you must belong to the Domain Admins group or the

CortexWSUsers group. If you do not belong to these security groups, the Encryption Service web site prompts you for the

appropriate credentials. To generate the keyfile, you supply an encryption password that is at least eight characters long.

You enter this password through the Configuration Tool when you import the keyfile.

1. Using a web browser, navigate to the Encryption Service web site at https://EncryptionServiceFQDN/Encryption. The

Export Encryption Key page appears.

2. In Encryption Password, enter a string that is at least eight characters long.

3. Click Download and save the keyfile when prompted. The default f ilename for the keyfile is key.csmk; however, you can

save this f ile with any f ilename you choose.


Verify deployment readiness

Jun 05, 2015

Updated: 2014-08-08Before installing any server roles, verify the following items:

Your Active Directory schema has been extended to accommodate Services Manager. This is performed using the

Microsoft Exchange installation tools.

The required DNS aliases have been configured. Services Manager uses DNS aliases to locate the servers where the

platform components will be deployed.

Use the Services Manager Setup Tool to verify these items. The tool queries your environment and, if successful, displays a

green check mark next to each verified item. If the queries cannot be completed, the Setup Tool displays a Verify button so

you can perform the checks again.

For more information about Active Directory and DNS requirements for Services Manager, review the topic System

Requirements for Server Roles.

1. From the installation media, double-click Setup.exe.

2. From the CloudPortal Services Manager splash page, click Get Started.


4. On the Install CloudPortal Services Manager page, select Check Environment Prerequisites. The Prepare Environment

page displays the status of the verif ied items. Successfully verif ied items are displayed with green check marks.

5. Click Back to return to the Install CloudPortal Services Manager page.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-sys-reqs/ccp-10-system-requirements-roles.html


To create the system databases

Jun 05, 2015

Updated: 2014-08-08Perform this task after you have deployed Microsoft SQL Server and SQL Server Reporting Services.

The system databases are created using the Services Manager Configuration Tool, which is installed as a part of this

process.

1. From the installation media, double-click Setup.exe.

2. From the CloudPortal Services Manager splash page, click Get Started.


4. On the Install CloudPortal Services Manager page, select Deploy Server Roles & Primary Location.

5. On the Deploy Server Roles & Primary Location page, select Create System Databases.

6. Install the Services Manager Configuration Tool:

1. When prompted, click Install to install the Configuration Tool.

2. On the License Agreement page, accept the license agreement and then click Next.

3. On the Ready to Install page, click Install. The Setup Tool installs the Configuration Tool and any prerequisites that

are not present.

4. Click Finish to continue creating the system databases.

7. On the Create Deployment Configuration File page, browse to the directory where you want to store the XML

deployment configuration f ile and then enter a f ile name. Click Next.

8. On the Create Primary Databases page, perform the following actions and then click Next:

1. Configure the following information about the SQL Server that will store system configuration information:

In Server address, specify the database server using the DNS alias, the IP address, or the FQDN.

In Server port, specify the port number used by SQL Server. The port for a default instance of SQL Server is 1433.

In Authentication mode, select whether to use Integrated (Windows and SQL) or SQL authentication. By default,

Integrated is selected.

In Connect as, specify the username and password of the SQL administrator user. These f ields are available when

you select the SQL authentication mode for your deployment.

2. Click Test Connection to ensure the Configuration Tool can contact the SQL Server and then click Next.

9. On the Configure Database Logins page, leave Generate credentials selected if you want passwords created

automatically for the CortexProp, OLM, and OLMReports database accounts. Clear this option if you want to enter the

passwords for these accounts. The CortexProp, OLM, and OLMReports accounts are created to ensure cross-domain

access to the system databases.

10. On the Summary page, review the database configuration information. If you want to change anything, click Back to

return to the appropriate configuration page.

11. Click Commit. The Applying Configuration page displays progress.

12. After the system databases are successfully created, click Finish. The Deploy Service Roles & Primary Location page

appears.

After the system databases are created, you can install the Provisioning, Directory Web Service, and Web platform server

roles on the other servers in your deployment.


To install server roles using the graphical interface

Jun 05, 2015

Updated: 2013-03-04Perform this task on the server that will be hosting the server role you want to install. For example, install the Provisioningserver role on the server that you have designated as the Provisioning server. Likewise, install the Web server role on theweb server.Note: Install and configure the Reporting server role after the primary location has been configured. If you install theReporting service before the primary location has been configured, configuration of the Reporting service fails.1. From the installation media, double-click Setup.exe.

2. On the Setup Tool splash page, click Get Started.


4. On the Install CloudPortal Services Manager page, select Deploy Server Roles & Primary Location.

5. On the Deploy Server Roles & Primary Location page, select Install Server Roles.

6. On the License Agreement page, accept the license agreement and then click Next.

7. On the Select Server Roles page, select one or more roles to install and then click Next. The Configuration Tool check

box always remains selected.

8. On the Review Prerequisites page, review the prerequisite items that will be installed and then click Next.

9. On the Ready to Install page, review the selected roles and prerequisites that will be installed. Click Install. The Deploying

Server Roles page indicates the progress of installing prerequisites and the selected roles, and the result.

10. On the Deployment Complete page, click Finish. The installer returns to the Deploy Server Roles & Primary Location page.

After you have installed the selected server role(s), run the Configuration Tool to configure the server role. For more

information, see To configure server roles using the graphical interface.



To install server roles from the command line

Jun 05, 2015

Updated: 2014-09-02Perform this task on the server that will be hosting the server role you want to install. For example, install the Provisioning

server role on the server that you have designated as the Provisioning server.

From the CortexSetup directory on the installation media, type the following at a command prompt:

CortexSetupConsole.exe /install:items [/Help]

/install:items

Comma-delimited list of Services Manager roles to install. Valid values are:

ConfigTool

Note: The Configuration Tool is automatically installed when you specify any other server roles to install. You must

specify it if you are not installing any other server roles with this command, but plan to later use a script to configure the

system databases.

Provisioning

DirectoryWebService

Web

Reporting

eCommerce

ReportMailer

/Help

Displays command help.

After you install the server role, run the Configuration Tool to configure the server role. After the Provisioning, Directory

Web Service, and Web server roles are installed and configured, you can configure the primary location. After configuring the

primary location, you can install and configure the Reporting server role.

Example

The following command installs the Provisioning Engine and Directory Web Service.CortexSetupConsole.exe /install:Provisioning,DirectoryWebService



Jun 05, 2015

Updated: 2014-09-02In general, the configuration process is similar for each server role you install. However, some server roles include additional

configuration options. Only the roles you install on the server are available for configuration.

This topic assumes you have installed the server roles you want to configure, the Services Manager Setup Tool is running

and displaying the Deploy Server Roles & Primary Location page.

1. From the Deploy Server Roles & Primary Location page of the Setup Tool, select Configure Server Roles. The

Configuration Tool attempts to contact the Encryption Service to retrieve the encrypted key. If the service cannot be

contacted, the Configuration Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile,

see Generate and export keyfiles for the Encryption Service.

2. If required, import the Encryption Service key f ile and then click Next:

1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.

2. In Password, enter the password that was specif ied when the key f ile was generated.

3. On the Select Configuration Task page, select one or more roles to configure and then click Next.

4. Use the following table to configure the settings for each server role:

Role Page Description

Directory

Web

Service

Configure

Directory

Web Service

Configure the following options as required:

Auto-generate credentials: Select this option to create the Directory Web Service

account with auto-generated credentials. Leave this option cleared to specify

your own credentials for this account.

User name: Enter the user name of a domain administrator for the service

account. The default user name is cortex_dirws_svc. This f ield is not available if

you elect to auto-generate credentials.

Password: Enter a password for this account that conforms to your domain's

password policy. This f ield is not available if you elect to auto-generate

credentials.

Create if doesn't exist: Leave this option selected to create the service account if

it does not already exist. If you elect to create this account manually prior to

configuring the server role, clear this option. This option is not available if you elect

to auto-generate credentials.

Service port: Specify the port that the Directory Web Service will use. By default,

the Directory Web Service uses port 8095.

eCommerce

SDK

None. Proceed to Step 5.

Provisioning Configure

Queue

Monitor

Service

Configure

The Queue Monitor service processes administrative requests from the Web Server

and automates other internal services. The Provisioning Engine hosts scheduled tasks

that monitor Active Directory, keeping user account information current, and sending

email notifications for events such as password expiry.

Configure the following options as required:



Directory

Monitoring

Services

Auto-generate credentials: Select this option to create the monitoring service



User name: Enter the user name of a domain administrator for the service

account. For the Queue Monitor service, the default user name is

cortex_qmon_svc. For the Directory Monitor service, the default user name is

cortex_dirmon_svc. This f ield is not available if you elect to auto-generate

credentials.



credentials.





Configure

Provisioning

Mail Server

Specify the SMTP server address and port number the Provisioning server will use to

send email messages, such as system updates to administrators, account

notifications to end users, and usage reporting to Citrix. Click Test Connectivity to

ensure the Configuration Tool can communicate with the SMTP server.

Report

Mailer

Configure

License

Reporting

Configuring the Report Mailer is required. Licensing data is reported to Citrix through

emailed reports.

Configure the following settings:

Customer ID: Enter your Citrix customer ID.

Auto-generate credentials: Select this option to create the service account with

auto-generated credentials. Leave this option cleared to specify your own

credentials for this account.

User name: Enter a unique user name for the service account. The default user

name is cortex_RM_svc. This f ield is not available if you elect to auto-generate

credentials.



credentials.





Configure

Mail Server

for Report

Mailer

Specify the address and port number of the SMTP server that the Report Mailer

server will use to send email messages to administrators, end users and Citrix. If you

have previously configured SMTP settings for the Provisioning server, the Use shared

mail settings check box is selected by default.

Additionally, specify the From Address that will be used to send email messages. The

default address is [email protected].



Reporting Reporting

Database

Credentials


Auto-generate credentials: Select this option to create the Reporting service




name is OLMReportingUser.



credentials.

Configure

Mail Server

Specify the address and port number of the SMTP server that the Reporting service

will use to send email messages to administrators, end users, and Citrix.

Preview

Service

Package

Import

Review the selected service components that will be imported when the Reporting

service is configured. Unselected service components, such as packages, roles, and

assemblies, are imported when other server roles are configured.

Configure

Reporting

Database


Use primary database settings: Leave this option cleared if you want to configure

a secondary database server to handle system reporting and billing. Select this

option if you want to use the server hosting the main database for these

functions.

Server address: Enter the FQDN, IP address, or DNS alias of the database server

you want to use.

Use specif ic port: Select this option to configure the port number for the

database server. The default port number is 1433.

Authentication mode: Select the database authentication you want to use. By

default, Windows (Integrated) is selected. A SQL Server login for the reporting

database ensures cross-domain accessibility.

Connection credentials: Enter the user name and password for the database

administrator user. These f ields are not available if SQL authentication is not

selected.

Click Test Connection to ensure the Configuration Tool can communicate with the

database server.

Configure

Data

Transfer

Service

The Data Transfer Service is a scheduled task of the Data Warehouse feature that

migrates and adapts data from the primary database to facilitate building reports

with Microsoft SQL Server Reporting Services. Configure the following settings:





name is csm_datatransfer_svc.





credentials.





Data

Transfer

Notifications

The Data Transfer task sends email notifications with the results of Data

Warehouse operations. This enables administrators to respond quickly to

interruptions in reporting functionality. Specify the source and destination email

addresses for sending success and failure notifications.

Specify

Reporting

Services

Details


Report server URL: Enter the URL of the reporting server instance as it appears in

the Microsoft SQL Server Reporting Services Configuration Manager.

User name and password: Enter the credentials of the report server administrator

user. The password for this user account should never expire, in order to avoid

potential service interruption.

Click Test Connection to verify the Configuration Tool can communicate with the

reporting server.

Data

Warehouse

Service





name is csm_dataw_svc.



credentials.





Service port: Specify the port that the service will use. The default port is 80.

Data purge window (months): Select Configure and then specify the number of

months after which older historical data is deleted. For example, specify 84 to

delete data that is older than seven years.

Web Preview

Service

Package

Import

Review the selected service components that will be imported when the Web server

role is configured. Unselected service components, such as reports, are imported

when other server roles are configured.

Configure External address: Enter an externally resolvable host name or address by which the



Web Server server can be reached. The default address is cortexweb.

Binding IP: By default, all IP addresses are included.

Use SSL: Leave this option selected if you are deploying Services Manager in a

production environment. You can clear this option if you are deploying Services

Manager in a test environment.

SSL certif icate: Specify the SSL certif icate you want to use for the server. This

item is not available if you do not elect to use SSL.


5. On the Summary page, review the configuration information for the server role. If you want to change anything, return

to the appropriate configuration page. When the summary contains the settings you want, click Commit. The Applying

Configuration page displays the configuration progress.

6. After the configuration is completed, click Finish to return to the Deploy Server Roles & Primary Location page.

After you configure the server roles on each server in the deployment, you can configure the primary location.



Jun 05, 2015

Updated: 2013-03-05Configuring the primary location initializes the control panel, specifies service provider details, and provisions the first

administrator. Configure the primary location once per deployment.

When configuring the primary location, consider the following items:Run all configuration steps as a domain administrator.

Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.

Ensure the required f irewall ports are configured for each server in the deployment.

To configure the primary location

This task assumes the Services Manager installer is running and the Deploy Server Roles & Primary Location page is

displayed.

1. On the Deploy Server Roles & Primary Location page, select Configure Primary Location..

2. On the Load Deployment Configuration File page, browse to the XML f ile you created when creating the system

databases. Click Next.

3. On the Specify Location Details page, enter the following information and then click Next:

Under Location Settings, enter the name and description for the primary location.

Under Customers' Organizational Unit, enter the OU name and the display name for the top level customer OU. The

default OU name is Customers and the default display name is Customers OU.

4. On the Enter Service Provider Details page, enter the following information and then click Next:

In Display Name, enter the service provider's name. The default name is Service Provider.

In Short Name, enter an abbreviation of the display name. By default, a three-letter abbreviation is supplied

automatically when you enter the display name.

In UPN Suffixes, enter one or more UPN suffixes to associate with your organization in Active Directory. This enables

you to assign customer or user-specif ic UPN logons. The default UPN suffix is csp.local.

In Contact name and Contact email, enter the name and email address of the primary contact for the location.

5. On the Create First Administrator page, enter the full name and logon credentials for the top-level administrator user for

the location. Click Next.

6. On the Summary page, review the location settings and administrator information you specif ied. If you want to change

anything, return to the appropriate page. When the summary contains the settings you want, click Commit.

To configure a remote location

Perform this task to associate a new, separate location with an existing Services Manager instance. For more information

about remote locations, see Plan for deploying the Services Manager platform.

1. From the installation media, double-click Setup.exe and then click Get Started.

2. On the Select Deployment Task page, select Add Services & Locations.

3. On the Add Services & Locations page, select Add Remote Location..

4. On the Configure Remote Location page, select Configure Location.

5. On the Load Deployment Configuration File page, browse to the XML f ile you created when creating the system

databases for the primary location. Click Next.

6. On the Specify Location Name Details page, enter the following information and then click Next:



Under Location Settings, enter the name and description for the remote location.

Under Customers' Organizational Unit, enter the OU name and the display name for the top level customer OU. The

default OU name is Customers and the default display name is Customers OU.

7. On the Summary page, review the location settings you specif ied. If you want to change anything, return to the

appropriate page. When the summary contains the settings you want, click Commit.


Configure server roles and locations from the command line

Jun 05, 2015

Updated: 2014-10-09This topic assumes that you have installed the Services Manager Configuration Tool on the platform servers you want to configure and on the server where you want to configure the primary

location or a remote location. When you install a platform server role, the Configuration Tool is installed automatically. To install the Configuration Tool only, see To install server roles from the

command line.

This topic includes the following sections:Command Conventions

Return Codes

Syntax

Databases options

Provisioning options

Directory Web Service options

Web options

Location options

Reporting options for deploying the Reporting service

Reporting options for deploying reports

Reporting (Data Warehouse) options

Report mailer options

Example: Configure the Provisioning and Directory Web Service server roles

Example: Configure the primary location

Example: Configure a remote location

Command Conventions

Several options use Boolean values (true or false).If you omit an option that requires a Boolean value, the default value is used. For example, if you do not include the /UseCortexSql:True | False option in the command, the default value (false) is

used; that is, the reporting database will not use the settings configured for the main system database.

If you specify an option that requires a Boolean value but you omit the value, the option value is true. For example, if you specify only /UseCortexSql (with no True or False value), the option is true;

that is, the reporting database will use the settings configured for the main system database.

You can use environment variables to represent one or more command-line options or option values (for example, /ReportingDBServer:%currentServer%, where currentServer is defined as an

environment variable).

Enclose option values that contain spaces in quotation marks (for example, /LocationName:"Southeast Hub").

Return Codes

The configuration command supports the following return codes:

Value Meaning

1 Another instance is already running.

0 Success.

-1, -2, -3 Command-line error.

-4 General failure during configuration. To debug further, review the log in %WINDIR%Temp.

Syntax

To configure the server roles and create the primary location from the command line, you execute the Services Manager Configuration Tool by typing the following at a command prompt:

CortexConfigConsole.exe /ConfigFile:config-file /Configure:tasks /task-options [/Help]

/Conf igFile:conf ig-f ile

Location of XML configuration f ile with read-write access for the current user. If this f ile already exists, its content will be overwritten during the configuration.

/Conf igure:tasks

Configures specif ied installed Services Manager roles and a location. Valid values are:

Databases – Creates the main Services Manager system databases.

Provisioning – Configures the Provisioning Engine.

DirectoryService - Configures the Directory Web Service.

Web – Configures the Web Server.

Location – Initializes the Services Manager instance. A location is the main unit of isolation between tenants, and usually corresponds to an Active Directory domain or forest.

Reporting – Creates the reporting database and configures the Data Warehouse feature.

ReportMailer – Configures the email environment for sending usage reports to the Citrix license monitor. Configuring the Report Mailer is required.

/Help

Displays command help.

Databases options

/CortexSql:name

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccp-10-install-wrapper/ccps-install-roles-cli.html

















Required. Name of the main system database (the previously-installed Microsoft SQL Server 2008 R2 instance).

/CortexSqlAuthMode:SQL|Windows

SQL Server authentication mode: SQL or Windows. Default = Windows

/CortexSqlUsername:username

Username for the main system database user. This is optional if you specify /CortexSqlAuthMode:Windows and are using integrated security.

/CortexSqlPassword:password

Password for the user name specif ied with the /CortexSqlUsername option. This is optional if you specify /CortexSqlAuthMode:Windows and you are using integrated security.

/CortexSqlPort:port

SQL Server port. Default = 1433 if this is the default SQL Server instance.

/GenerateCortexSqlCredentials:True | False

If true, passwords for the CortexProp, ExchangeLogs, OLMReports, and OLMUser system database users are automatically generated.

/CortexPropPassword:password

Password for the CortexProp database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/ExchangeLogsUserPassword:password

Password for the ExchangeLogs database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/OlmReportsUserPassword:password

Password for the OLMReporting database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/OlmUserPassword:password

Password for the main system database user. This is optional if you specify /GenerateCortexSqlCredentials:True.

/GenerateConf igFile:f ilename

Path and f ile name for XML configuration f ile.

Provisioning options

/SmtpServer:address

Required. Address of SMTP server from which email messages are sent, including system updates for administrators and account notif ications for end users.

/SmtpServerPort:port

Port on SMTP server to be used for sending email messages about system updates for administrators and account notif ications for end users. Default = 25

/SmtpOutFolder:folder

Folder that serves as an outbox for the control panel when sending emails. Default = %WINDIR%TempCortexEmail

/GenerateQueueMonitorCredentials (or GenQMonCreds):True | False

If true, user credentials are automatically generated for the Queue Monitor service, which processes administrative requests from the Web Server and automates other services. Default = False

/QueueMonitorUserName:username

User name for a domain account to be used by the Queue Monitor service (default = cortex_qmon_svc). The user must have full domain administrator permissions. This is optional if you specify

GenerateQueueMonitorCredentials:True.

/QueueMonitorPassword:password

Password for the user name specif ied with the /QueueMonitorUserName option. This is optional if you specify /GenerateQueueMonitorCredentials:True.

/AutoCreateQueueMonitorCredentials:True | False (or /AutoCreateQMon:True | False)

If true, the domain user account to be used by the Queue Monitor service is created if it does not already exist. Default = True

/GenerateDirectoryMonitoringCredentials:True | False (or GenDirMonCreds:True | False)

If true, user credentials for the Directory Monitoring service are generated automatically. This service monitors Active Directory, keeping account information current and sending email

notif ications for key events such as password expiry. Default = False

/DirectoryMonitoringUserName:username

User name for the account to be used by the Directory Monitoring service (default = cortex_dirmon_svc). This is optional if you specify /GenerateDirectoryMonitorCredentials:True.


/DirectoryMonitoringPassword:password

Password for the user name specif ied with the /DirectoryMonitoringUserName option. This is optional if you specify /GenerateDirectoryMonitorCredentials:True.

/AutoCreateDirectoryMonitoringCredentials:True | False (or /AutoCreateDirMon:True | False)

If True, the user account to be used by the Directory Monitor service is created if it does not already exist. Default = True

Directory Web Service options

/DirectoryServicePort:port

Port used by the Directory Web Service. Default = 8095

/GenerateDirectoryServiceUserCredentials:True | False (or GenDirWSCreds:True | False)

If true, user credentials for the Directory Web Service are generated automatically. Default = False

/DirectoryServiceUserName:username

User name for an account to be used by the Directory Web Service. This is optional if you specify /GenerateDirectoryServiceUserCredentials.

/DirectoryServicePassword:password

Password for the user name specif ied with the /DirectoryServiceUserName option. This is optional if you specify /GenerateDirectoryServiceCredentials.

/AutoCreateDirectoryServiceUser:True | False (or /AutoCreateDirWS:True | False)

If true, the user account to be used by the Directory Web Service is created if it does not already exist. Default = True

Web options

/ExternalAddress:address

Externally-resolvable address by which the Web Server can be reached. Default = cortexweb

/UseSsl:True | False

If true, an SSL binding is created for the management portal. Default = True (recommended)

/SslCertif icate:name

Friendly name of the SSL certif icate to use. This is required if you specify /UseSSsl:True.

/BindingIpip-address

IP address to use for the new site binding. Default = "*" (all unassigned)

Location options

When configuring locations, consider the following items:Run all configuration steps as a domain administrator.

Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.

Ensure the required f irewall ports are configured for each server in the deployment.

/PrimaryLocation:True | False

Required. If True, the /Locationx configuration option values are for the f irst Services Manager administrator. This is the top-level administrative account in the control panel; it can add customers,

assign services, and manage delegated administration.

/LocationName:name

Required. Name of the location. Default = Top Location

/LocationDescription:description

Description of the location. Default = Top-level Service Provider Location

/LocationOU:location

OU of the location.

/LocationOULabel:label

OU label of the location.

/CspAdminFirstName:f irst-name

First name of administrator (Default = CSP). This is optional if you are configuring a secondary location (/PrimaryLocation:False).


/CspAdminLastName:last-name

Last name of administrator (Default = Admin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspAdminUserName:username

User name for the administrator (Default = cspadmin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspAdminPassword:password

Password for the user name specif ied with the /CspAdminUserName option. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspContact:name

Contact name of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspContactEmail:address

Email address of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspName:name

Name of service provider that will appear in displays. This is optional if you are configuring a secondary location (/PrimaryLocation:False).

/CspUPN:suff ixes

UPN suffixes (Default = tsp.local). This is optional if you are configuring a secondary location (/PrimaryLocation:False).

Reporting options for deploying the Reporting service

/UseCortexSql:True | False

If true, the reporting database will use the settings configured for the main system database. Default = False

/ReportingDBCollation:True | False

Determines how string data is sorted when comparing, selecting, or manipulating values from the database.

/ReportingDBServer:address

Address of the reporting database server. This is optional if you specify /UseCortexSql:True.

/ReportingDBServerPort:port

Port to use on the database server (Default = 1433). This is optional if you specify /UserCortexSql:True.

/ReportingDBName:name

Name of reporting database. Default = OLMReporting

/ReportingDBServerAuthMode:SQL | Windows

Authentication mode of the reporting database. This is optional if you specify /UseCortexSql:True.

/ReportingDBGenerateCredentials:True | False

If true, reporting database administrator account credentials are generated automatically. Default = False

/ReportingDBServerUserName:username

User name for an administrator account to be used to create the reporting database, plus create and configure the service account specif ied with the /OlmReporting* options. This is optional if

you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.

/ReportingDBServerPassword:password

Password for the user name specif ied with the /ReportingDBServerUserName option. This is optional if you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.

/OlmReportingUserName:username

Name of service account used by the Data Warehouse process to update the reporting database. This is optional if /ReportingDBGenerateCredentials:True.

/OlmReportingPassword:password

Password for the user name specif ied with the /OlmReportingUserName option. This is optional if /ReportingDBGenerateCredentials:True.

/OlmReportingUserAuthMode:SQL| Windows

Authentication mode: SQL or Windows (Default = SQL). This is optional if /ReportingDBGenerateCredentials:True.

Reporting options for deploying reports

/ReportingServer:url


Required. URL of the report server.

/ReportsUserName:username

Required. User name of the Reporting Service administrator.

/ReportsPassword:password

Required. Password for the user name specif ied with the /ReportsUserName option.

/PublishReports:report[,report]…

Comma-separated list of reports to deploy. Valid values are: AD Sync, Billing, Citrix, Communicator, DNS, Exchange, File Sharing, FTP, Mail Archiving, Microsoft CRM, MySQL, SharePoint, SQL Server,

Windows Web Hosting.

To publish all reports, use the /PublishAllReports option.

/PublishAllReports:True | False

If true, all available reports are published (Default = False). To publish a subset of the available reports, set this option to False, and use the /PublishReports option to specify the reports.

Reporting (Data Warehouse) options

/SuccessEmailFrom:address

Required. Source email address for success notif ications.

/SuccessEmailTo:address

Required. Destination email address for success notif ications.

/FailureEmailFrom:address

Required. Source email address for failure notif ications.

/FailureEmailTo:address

Required. Destination email address for failure notif ications.

/GenerateDataTransferCredentials:True | False

If true, user credentials for the Data Transfer Service are generated automatically. Default = False

/DataTransferUserName:username

User name for the account to use for the Data Transfer Service. This is optional if you specify /GenerateDataTransferCredentials:True.

/DataTransferPassword:password

Password for the user name specif ied with the /DataTransferUserName option. This is optional if you specify /GenerateDataTransferCredentials.

/SmtpServer:address

Address of SMTP server to be used for sending email messages.

/SmtpServerPort:port

Port on the SMTP server to be used for sending email messages.

Report mailer options

/CustomerId

Required. Customer ID.

/ReportMailerEmailServer:name

Name of SMTP mail server.

/GenerateUserCredentials:True | False

If true, credentials for the SMTP mail server user account are generated automatically. Default = False

/ReportMailerTaskUserName:username

User name for the account the Report Mailer task will use. This is optional if you specify /GenerateUserCredentails:True.

/ReportMailerTaskUserPassword:password

Password for the user name specif ied with the /ReportMailerTaskUserName option. This is optional if you specify /GenerateUserCredentails:True.

/ReportMailerEmailServerPort:port


Port number on SMTP server. Default = 25

/ReportMailerEmailUserName:username

User name for the user account that accesses the SMTP email server.

/ReportMailerEmailPassword:password

Password for the user name specif ied with the /ReportMailerEmailUserName option.

Example: Configure the Provisioning and Directory Web Service server roles

The following command configures the Provisioning and Directory Web Service server roles and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Provisioning,DirectoryWebService /SmtpServer:mail.takahepubs.com /DirectoryServiceUsername:cortex_dirws_svc /DirectoryServicePassword:passwordExample: Configure the primary location

The following command configures the primary location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Location /PrimaryLocation:True /LocationName:My First Location /LocationOU:Organization-Name /LocationOULabel:My Organization /CspAdminPassword:password /CspContact:CSP-Name /CspContactEmail:[email protected] /CspUPN:my-org.comExample: Configure a remote location

The following command configures a remote location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Location /PrimaryLocation:False /LocationName:My Second Location /LocationOU:Organization-Name /LocationOULabel:My Organization


PDF

This document provides a basic guidance for deploying these components to support highly availability and the

solution for disaster recovery based on Windows Server 2012, 2012R2, and SQL Server 2012.

Deploying CloudPortal Services Manager 11.x for highavailability and disaster recovery

Jul 13, 2015

Deploying CloudPortal Services Manager 11.x for high availability and disasterrecovery

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccp-10-install-wrapper/CloudPortal Services Manager High Availability.pdf

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccp-10-install-wrapper/CloudPortal Services Manager High Availability.pdf


Deploy services

Jul 22, 2016

Updated: 2014-08-07CloudPortal Services Manager supports a variety of services that service providers can provision to resellers and customers.

Service deployment typically involves the following tasks:

1. Install the service.

2. Configure the service.


4. Provision the service to users.

The installation and configuration steps differ for each service and are described in the topics dedicated to each service.

Service installation

Some services that Services Manager supports require you to install a web service on the server that will be hosting the

service. For example, the Lync Enterprise web service is installed on a Front End Server in your Lync deployment. You can

install these services in one of the following ways:

Install the service using the Setup Tool and specify initial settings using the Configuration Tool

Execute the service's MSI f ile from the command line of the server hosting the service

The following services require a web service to be installed:

ADFS (for use with the Dynamics CRM service)

Citrix XenApp


Hosted Exchange

Lync Enterprise (2010 & 2013)

Lync 2010 for Hosting

Lync Hosted 2013

MySQL


SharePoint 2010 and 2013

Virtual Machine

Windows Web Hosting

When you install and configure a web service, the Services Manager Setup Tool creates the IIS application pools, web

applications, and web sites required for the web service to function. The web site and application files are stored by default

in the C:inetpub directory on the server on which the web service is installed. The following table lists the default application

pools for each service:

Web service name Default name of application pool

ADFS ADFSAppPool

Citrix Citrix Csm Citrix WS


Hosted Apps and DesktopsCitrix Csm XenApp AppPoolCitrix Csm XenDesktop AppPool

Hosted Exchange Citrix Csm Exchange WS

Lync Enterprise Citrix Csm Lync WS

Lync 2010 for Hosting Citrix Csm LyncHosted WS

MySQL Citrix Csm MySQL WS

SharePoint 2010 Citrix Csm SharePoint 2010 WS

Virtual Machines Citrix Csm Hyper-V WS

Windows Web Hosting Citrix Csm Web Hosting WS

Some supported services do not require a web service and, therefore, no MSI files are included on the installation media.

The following services require control panel configuration only:

AD Sync

BlackBerry 5

Dynamics CRM

DNS

File Sharing

Mail Archiving


Service configuration overview

Service configuration typically involves the following tasks:

1. Enable the service at the top environment and location levels.

2. Add credentials for accessing the servers and management tools.

3. Add the servers associated with the service.

4. Assign service roles to the servers.

5. Add service connections to establish communication between the servers and CloudPortal Services Manager.

6. Assign servers to a collection, if applicable.

7. Configure the service settings.

About service property settings, credentials, and servers

All services are enabled at both the Top Environment Services level and the Active Directory Location Services level. The

service settings at the top environment level are inherited by all locations configured in Services Manager. Typically, the


top environment level setting defaults are suff icient and do not require modif ication.

For some services, a customer plan or user plan must be configured before the service is enabled at the location level.

To reset a service setting to the default value, clear the check box for the property and apply the change. The next time

the service settings are opened, the default value for the property appears.

Control access to a property setting by expanding it and setting the Hierarchy Permission.

Credentials that are in use for a specif ic web service connection cannot be deleted. To remove the credentials, you must

first remove the web service connection.

In most cases, server information is retrieved without any action from the service provider. A server that is outside of the

hosting domain must be manually added to the servers list (Conf iguration > System Manager > Servers).

Server connections enable Services Manager to connect with web services that are installed on the servers hosting the

service. If server connections are created for multiple servers hosting a particular web service, Services Manager assigns

primary and secondary status to the server connections for failover.

Server collections group multiple servers for some services, including Citrix XenApp, Microsoft SQL, MySQL, and Windows

Web Hosting Services. If a server collection and its servers should be available to all resellers, enable Automatic resellerselection. If a server collection should be enabled by default to all customers, enable Automatic customer selection.

Services and customer provisioning

After the service is configured, you can provision the service. Service provisioning typically involves the following tasks:

1. Provision the service to the root Service Provider's Reseller service.

2. Provision the service to the customer.

3. Provision the service to the customer's users.

About service provisioning

Re-provision customers after changing customer plans.

A service that is provisioned to customers cannot be disabled at the top environment level until it has been de-

provisioned from all customers and resellers and deleted from the location level.

Apply cost values to service properties

Service providers can apply a cost value to service properties at various levels (service level, customer plan, and user plan)

depending on the type of service. The values are used in monthly billing reports. Pricing values are inherited from the Top

Environment Services level and overridden at the reseller and customer levels.

The Prices properties typically appear at the end of the service, customer plan, and user plan settings. The properties include

a cost price and sales price. Cost price is the minimum price for a user plan. Sales price is the recommended purchase price,

with a recommended value that is equal or greater than the cost price. The Prices properties for the Hosted Exchange

service also include a price per mailbox value that is the unit price for mailbox usage that exceeds the agreed limit for public

folders.


AD Sync

Jun 05, 2015

Updated: 2014-11-19Deploying the AD Sync service involves the following tasks:

Configure the AD Sync service

Synchronize Exchange contacts and distribution groups in a remote domain

If, after deployment, a customer performs changes that affect the AD Sync service, refer to Re-configure AD Sync for

Customer Changes to perform the required reconfiguration.

For more information about requirements for deploying the AD Sync service, refer to Plan to deploy the AD Sync service.

To configure the AD Sync service

1. Enable the service (top level):

1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.

2. Expand AD Sync and then click Save.

2. Enable the service (location level):

1. Under Service Filter, select Active Directory Location Services and select a Location Filter, if applicable.

2. Expand AD Sync and then click Save.

3. Enable the service (top reseller level):

1. From the Services Manager menu bar, select Customers > Customer Hierarchy.

2. Under the top reseller node, expand Services and then expand Reseller. The Customer Services page appears.

3. In the service list, select the AD Sync check box and then click Provision.

4. Configure and provision the service to the customer:

1. From the Services Manager menu bar, click Customers.

2. Expand the selected customer and click Services.

3. Expand AD Sync and then click Provision.

To customize the AD Sync client installer

You can customize the following characteristics of the AD Sync client installer for a Services Manager site:

Product settings shown in the Windows Add or Remove Programs or Programs and Features panel. Settings include

name, manufacturer, and links to help and support.

Product name used as the default installation folder, service name, and source name of errors in the Event Log.

Banner and dialog images (.bmp or .jpg) used in the installer. The default sizes of those images are:

Banner (493 x 58 pixels)

Dialog (493 x 312 pixels)

1. Log on to the Services Manager web server and navigate to the [INSTALLDIR]CortexDotNetServicesSync directory.

2. Open sync.config in a text editor and customize the settings as needed. If you change a commented item, remove the

comment markup.

3. After completing the changes, direct your customers to download the AD Sync installer from the Services Manager web

site.

To install the AD Sync client on external domain controllers

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-ad-sync/ccps-ad-sync-contacts-dist-groups.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-ad-sync/ccp-10-services-config-ad-sync-customer-changes.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-ad-sync.html


Install the AD Sync client on every domain controller in the external domain. For more information on preparing thesedomain controllers for AD Sync, see Plan to deploy the AD Sync service.Important: The AD Sync client cannot decrypt users' existing passwords when installed due to Active Directory encryption.After the client is installed, users must change their passwords so the client can synchronize them with Services Manager.1. Log on to an external domain controller and then log on to the Services Manager control panel using the administrator

credentials of the customer just provisioned.

2. Download the AD Sync client installer:

1. From the Services Manager menu bar, select Services > AD Sync > AD Sync Download and then click Download.

2. Click Save to save the AD Sync client installer to a drive location so you can copy it to the other external domain

controllers.

3. Install the client:

1. Run the AD Sync Setup installer, enter the requested password, and then click Next.

2. Specify the User watch frequency, select the following settings, and then click Next:

Watch for changes to contacts

Watch for changes to groups

Watch for changes to users

Important: Perform this step for only one AD Sync client to ensure that duplicate requests are not sent to the

Services Manager API. The domain controller configured to watch for changes synchronizes user and password

changes. The other domain controllers synchronize only password changes.

3. Select the Active Directory user groups to include in AD Sync operations and then click Next twice. When the AD Sync

service detects a USN change, it performs the synchronization only if the user is in an included group. The last USN

value is stored in [INSTALLDIR]QueueSyncActiveDirectory.config.

4. If a proxy server is used in the external domain, enter the information for it. Using a proxy server ensures that domain

controllers are not exposed to the internet.

5. Click Next, choose a location to install the AD Sync client, click Next, and then click Install.

6. Restart the domain controller. The AD Sync service starts.

7. Copy the AD Sync client installer to all other external domain controllers and then repeat Steps 3a - 3g for each

domain controller.

4. Test the AD Sync client:

1. After a domain controller restarts, log on to Services Manager and then click Users to view the user list. The

synchronized users have a small green arrow next to the user icon.

2. To test that the synchronization works for new accounts, create a new user account in the external domain, add it

to a user group that is included in AD Sync operations, change an attribute on the account, and then verify that the

account appears on the Users screen.

To synchronize additional Active Directory attributes

To change the Active Directory attributes included in API requests, edit the request format in [INSTALLDIR]Requests.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-ad-sync.html


Synchronize Exchange contacts and distributiongroups in a remote domain

Jun 05, 2015

Updated: 2013-04-30You can configure AD Sync to monitor changes to Hosted Exchange contacts and distribution groups that are created in a

remote domain through Services Manager. You can also disable AD Sync for specific contacts and distribution groups so you

can modify them through the control panel.

When a contact or distribution group is created, an object identifier is assigned automatically. For contacts, the identifier is

the objectGUID. For distribution groups, the identifier is the objectSid. The AD Sync client provides these identifiers to

Services Manager, which uses them to display synchronized items in the control panel. By default, these object identifiers

are stored in extensionAttribute12 on the primary domain. If another application is using extensionAttribute12 to store

other values, you can modify the Sync Object Id setting in the Hosted Exchange service settings to specify a different

extension attribute (Configuration > System Manager > Service Deployment > Hosted Exchange > Service Settings,

Customer category, under Extension Attributes).

To enable synchronization for specific contacts and distribution groups

To configure AD Sync to synchronize contacts and distribution groups, you add the contacts and distribution groups youwant to synchronize to appropriate groups that will be included in the AD Sync client's inclusion f ilter. The AD Sync clientmonitors the Windows Event Log for changes to these items and synchronizes the included groups accordingly.Note: When contacts are added or removed, the AD Sync client does not synchronize these changes automatically as theyare not reflected in the Windown Event Log. To ensure changes to contacts are synchronized, you must force the AD Syncclient to synchronize. For more information, see To force synchronization of changes to contacts in Active Directorygroups.

To disable synchronization for specific contacts and distribution groups

Synchronized items such as contacts and distribution groups are displayed in the control panel as read-only items. If youwant to modify a synchronized contact or distribution group, you disable AD Sync for the item and then remove the itemfrom Active Directory group being synchronized. Disabling AD Sync removes the object identif ier from the item's customattribute and makes the item editable.Important: If you disable AD Sync for a contact or distribution group and make changes through the control panel, thosechanges will be lost if you re-enable AD Sync later.1. From the Services Manager menu bar, click Services > Exchange > Contacts or Distribution Groups.

2. Select the contact or distribution group for which you want to disable synchronization.

3. Click Disable AD Sync and then click Close.

4. On the remote domain controller, launch Active Directory Users and Computers and locate the group that contains the

contacts or distribution groups that are no longer being synchronized.

5. Right-click the group and select Properties.

6. On the Members tab, select the contacts or distribution groups you want to remove and click Remove. Click OK.

To re-enable synchronization for specific contacts and distribution groups

1. In the remote domain, locate the object identif ier for the contact or distribution group.

2. On the primary domain, add the object identif ier to the item's Exchange custom attribute.

3. Add the item to the appropriate group that is included in the IncludeGroups setting in the ADSync.exe.config f ile.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-ad-sync/ccp-10-services-config-ad-sync-customer-changes.html


Re-configure AD Sync for Customer Changes

Jun 05, 2015

Updated: 2013-04-30The following events at a customer site require changes to AD Sync service configuration:

A change has been made to the administrator account for the external domain controllers

A new contact has been added to or removed from a group that is included in AD Sync operations

To re-configure for a new administrator

If the administrator who installed the AD Sync client is no longer available, the new administrator must uninstall the AD

Sync client from all external domain controllers, re-install the client (which will be associated with the new administrator's

account), and restart the domain controllers. The AD Sync service then restarts using the new administrator's account and

synchronize all users on the remote Active Directory domains to Services Manager.

To force synchronization of changes to contacts in Active Directory groups

When a contact is added to or removed from an Active Directory group, the change is not automatically synchronized with

the AD Sync client. To force a synchronization, change a property in the contact. AD Sync detects the change and updates

the include group in Services Manager.

Note: If the contact is a member of a distribution group that is being synchronized, you do not need to force asynchronization. When the AD Sync client synchronizes the distribution group, the contact will be synchronized as well.


BlackBerry 5

Jun 05, 2015

Updated: 2014-11-19Deploying the BlackBerry 5 service to customers includes the following tasks:

Configure the BlackBerry 5 service

Provision the BlackBerry service

For information about requirements for deploying the BlackBerry 5 service, refer to Plan to deploy the BlackBerry service.

To configure the BlackBerry 5 service

1. Enable the service (top level) and create a default customer plan:

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then

expand BlackBerry 5.

2. Click Customer Plans, create a customer plan named Default, click Apply Service, and then click Save.


1. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.

2. Expand BlackBerry 5 and click Save.

3. Assign server roles:

1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the

entry for BES 5.

2. Under Server Connection Components, select BlackBerry 5 API and then click Save.

4. Add credentials for the service account:

1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.

2. In the credentials table, click Add.

3. In Username and Password, enter the user name and password for the BlackBerry service account.

4. Leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in the database.

Note: Citrix recommends encrypting credentials when Services Manager is deployed in a production environment. Use

plain-text credentials only for debugging purposes.

5. In Domain, enter the FQDN of the service account if the service account is an Active Directory account. If the service

account is an internal BES account, enter CortexBESInternal.

5. Add a server connection:

1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New

Connection, and then select or type the following information for the connection.

Server Role

Choose BlackBerry 5 API.

Server

Choose the BES 5 server.

Credentials

Choose the credentials for the BES.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-blackberry5/ccp-10-services-admin-blackberry-prov.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-blackberry.html


URL Bases

Defaults to /.

Protocol

Defaults to http.

Port

Defaults to 443. If you change the port here, change it also in the BES.

Timeout

Defaults to 200000 milliseconds.

2. Click Save.

3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the

icon in the Test column for the server with the BlackBerry 5 API installed. The icon turns green for a successful

connection. A red icon indicates an unsuccessful connection. Mouse over it for information about the failed

connection.

6. Configure service settings:

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment.

2. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand

BlackBerry 5.

3. Click Service Settings, update the settings as needed, click Apply changes and then click Save.

7. Configure the customer plan:

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment, select Active

Directory Location Services, choose a Location Filter if applicable, expand BlackBerry 5, click Customer Plans, and then

expand the Default customer plan.

2. Select the Instance check box, click Reload if needed to load the BlackBerry instance data, and then select the check

boxes for all applicable instances.

3. Select the IT Policies check box, click Reload if needed to load the BlackBerry policies data, and then select the check

boxes for all applicable policies.

4. Click Apply changes and then click Save.


Provision the BlackBerry service

Jun 05, 2015

To ensure that the BlackBerry service works successfully, the customer and user must be provisioned with the Hosted

Exchange service before they are provisioned with the BlackBerry service.

To provision the BlackBerry service to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.

2. Select Services. The Customer Services page appears.

3. From the services list, select Reseller.

4. Select the BlackBerry service and then select the BlackBerry service name with which to configure the service.

5. Enable the customer plans and user plans that the reseller can sell to its customers.

Note: The plans determine the BlackBerry server that is used to store users' BlackBerry accounts.

6. Click the plan to display the Configure Service Settings page.

7. For user plans, under User Package Limit, enter the maximum number of users that can be provisioned with the selected

user plan.

8. Click Apply Changes to save your changes to the selected plan.

9. Click Apply Changes to save your changes to the BlackBerry service.

10. Click Provision to provision the BlackBerry service to the reseller.

To provision the BlackBerry service to customers

Before provisioning the BlackBerry service, customers must first be provisioned with Hosted Exchange services.

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.


3. Select the BlackBerry service. The Service Package Configuration page appears.

4. Under Advanced Settings, enable the user plans that the customer can use to provision the service to its users.

5. Click the service access level to display the Configure Service Settings page.

6. Under User Package Limit, enter the maximum number of users that can be provisioned at the selected user plan.

7. Click Apply Changes to save your changes.

8. In Maximum Users, if required, click Enabled and then specify the maximum total number of users that can be provisioned

with the service.

9. In Billing, click Enabled to indicate the service generates charges to the customer.

10. Click Apply Changes to save your changes to the BlackBerry service.

11. Click Provision to provision the BlackBerry service to the customer.


Call Home

Feb 10 , 2017

This topic includes information about the CloudPortal Services Manager Call Home service. You will also find instructions for

deploying, managing and troubleshooting CPSM Call Home service.

What’s new in release 11.5.8 (Cumulative Update 4)

• Additional Data Values: Add service usage and customer Hierarchy data to the call home uploaded package

Known Issues

If daily data upload fails after retrying 3 times, the daily data for this day will not be transmitted again.

In historical data upload, the data is not exactly the same with that in daily data upload. Historical data doesn’t include:

Location Information

Server Information

Web Service Information

CPSM Version Information

Customer Billing Information

In historical data upload, some fields in the data is not precise.

User Information

ServiceAdmin: It is used for marking whether this user is a service administrator.

Customer Service Information

CustomerOnly: It is used for marking whether the service is only for customer.

ResellerService: It is used for marking whether the service is a reseller service

UserService

StatusID: It is used for marking service status. Historical data only shows two kinds of statuses, Provisioned and

Not Provisioned. This status does not include middle status and failed status like Provision In Progress and

Provision Failed.

Documentation and support for CloudPortal Services Manager

CloudPortal Services Manager Discussion Forum: Use this Citrix Discussions site to ask questions and contribute your

knowledge about CloudPortal Services Manager.

http://discussions.citrix.com/forum/319-cloudportal-services-manager/


How to deploy and manage CPSM Call Home

Jul 15, 2016

Use the following topics to install and configure Call Home:

Install and configure CPSM Call Home

How to trigger data uploading on demand

Install and configure CPSM Call Home

To install and configure CPSM Call Home, you must have Domain Admin permission. CPSM Call Home can only be installed

in CPSM Web Portal server.

This installation steps assume the Services Manager installer is running under the Domain Admin role.

1. Check Accept the terms of this license agreement to accept the License Agreement.

2. Click Next .

3. Select Call Home Windows Service and click Next4. Click Install.5. Click Next after the installation is complete.

6. Click Conf igure to set CPSM Call Home settings.

7. Uncheck the checkbox if you don’t want to view your customer and user information in the License Usage Insights

Service.

8. Click Next9. If you don’t uncheck View your customer and user information in the License Usage Insights Service, input your Citrix

Account Credential and click Next .

10. Click Next11. Click Finish after the configuration is complete.

You can reconfigure CPSM Call Home by running the Call Home Configuration Tool under Domain Admin role in your Web

Portal server.

How to trigger data upload on demand

Call Home uploads data automatically. Data upload needs to be manually triggered only when troubleshooting.

To trigger daily data upload on demand, perform the following steps:

1. Open Registry Editor.2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\Common3. Modify the value of StartTime as per your requirement using the date format HH:mm:ss

4. Restart CitrixCallHome service.

CPSM Call Home will now upload daily data at the StartTime every day.

To trigger historical data upload on demand, perform the following steps:

1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\.

2. Check the value for HistoryDataUploaded. If the value is 1, modify it to be 0.

3. Set the value of HistoryUploadedStartDay and HistoryUploadedEndDay in the format mm/dd/yy. Call Home will


upload data from HistoryUploadedStartDay to HistoryUploadedEndDay.

4. Open Registry Editor and navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\Common5. Set HistoryStartTime (format HH:mm:ss) create it if not exist. HistoryStartTime specify the daily start time of

historical upload.

6. Restart CitrixCallHome service.

CPSM Call Home will start to upload historical data at the time specified by HistoryStartTime.


Common configuration problems and troubleshooting

Jul 15, 2016

Get upload token failed

Symptom: While configuring CPSM Call Home, the configuration fails with the error message “Validate Citrix Username andPassword: Failed” Root cause: The upload token cannot be generated with the credentials used. Solution:

Make sure your network is available.

Make sure your Citrix account credentials are correct.

Install CPSM Call Home service failed

Symptom: The installation of CPSM Call Home service fails with the error message “Install Citrix Call Home Windows

Service: Failed.”

Root cause: CPSM Call Home configuration is unable to copy files to the target folder.

Solution:

Make sure CPSM Call Home configuration runs in the CPSM Web Portal ServerMake sure CPSM Call Home configuration has the Domain Admin permission

CPSM Call Home data upload failed

Symptom: Registry key UploadFailedTimes exists and value is not 0 and increases every day in

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome.

Root cause: CPSM Call Home is unable to upload daily data to Citrix

Solution:

Check the log in C:\Program Files (x86)\Citrix\Cortex\Services\CallHome\CallHomeSvc\log.txt

Other issues

Check whether the CitrixCallHome service is running.

Check the values of the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome.

Checking the values can help identify the cause of the issue

Registry Key Comment

UploadTimes Total daily uploads

UploadFailedTimes Total times daily uploads have failed


HistoryDataUploaded

Indicates whether historical upload

was completed. The value is 0 for

incomplete and 1 for completed

uploads.

Check the log in C:\ProgramFiles\(x86)\Citrix\Cortex\Services\CallHome\Conf iguration\log.txt


Citrix

Jun 05, 2015

Updated: 2013-02-11For information about requirements for deploying the Citrix service, refer to Plan to deploy the Citrix service.

Deploying the Citrix service to customers includes the following tasks:1. Install the Citrix web service

2. Configure the Citrix service

3. Provision the Citrix service to resellers

4. Provision the Citrix service to customers

After deploying the Citrix service, use the following topics to provide access to resources through the control panel:Create or remove Citrix application groups

Create or remove Citrix resources

Create or remove Citrix application resources

To configure Citrix hosted application settings

To provision applications to multiple users


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccps-install-citrix.html


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-admin-citrix-prov-reseller.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-admin-citrix-prov-customer.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-admin-citrix-app-groups.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-admin-citrix-resources.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-admin-citrix-app-rsc.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-admin-citrix-hosted-apps.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-citrix/ccp-10-services-admin-citrix-app-access.html


Install the Citrix web service

Jun 05, 2015

Updated: 2014-08-14The Citrix web service is installed on all XenApp servers in your environment that you want to make available for provisioning

hosted apps and desktops to users. You can install the Citrix web service using either the graphical interface of the Services

Manager Setup Tool or through the command line. After the installation process finishes, you can enable the service and

continue configuration through the control panel.

To install the Citrix web service using the graphical interface

The installation process includes preliminary configuration to create the web service account and IIS application pool, and

define the service port.

This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.


2. On the Install CloudPortal Services Manager page, select Add Services.

3. On the Add Services page, select Install Services.

4. Accept the License Agreement and then click Next.

5. On the Select Web Services page, select Citrix Web Service and then click Next.

6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then

click Next.

7. On the Ready to Install page, click Install.

8. After the installation f inishes, click Finish.

9. On the Add Services page, select Configure Services.

10. On the Installed Services page, click Configure next to the XenApp Web Service item. The Configuration Tool attempts

to contact the Encryption Service to retrieve the encrypted key. If the service cannot be contacted, the Configuration

Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and export

keyfiles for the Encryption Service.

11. If required, import the Encryption Service key f ile:


2. In Password, enter the password that was specif ied when the key f ile was generated. Click Next.

12. On the Configure IIS page, enter the following information and then click Next:

Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account

credentials automatically.

User name: Enter a user name for the Citrix web service account. The default user name is csm_citrix_svc. This f ield is

unavailable when you elect to auto-generate credentials.

Password: Enter a password for the Citrix web service account. This f ield is unavailable when you elect to auto-

generate credentials.

Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not

already exist in Active Directory.

Service port: Enter the port used by the Citrix web service. The default port is 8095.

13. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate

configuration page. When the summary contains the settings you want, click Next. The Configuration Tool configures

the Citrix web service and displays progress.

14. Click Finish and then click Exit to close the Configuration Tool.



To install the Citrix web service from the command line

Before installing the Citrix web service, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the

XenApp server.

The XenApp servers are running supported versions of Citrix XenApp.

You have created the Citrix web service account in Active Directory.

The Citrix web service account is a Citrix administrator with Full Administration permissions on the XenApp servers where

you install the Citrix web service.

The XenApp server allows inbound connections from the Web platform server on the appropriate port. The default port

is 8095.

When you install the Citrix service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.

Perform initial configuration of the web service using the Configuration Tool.

1. On the XenApp server, log on as an administrator.


3. At the command prompt, enter CortexSetupConsole.exe /Install:Citrix. The Setup Tool installs the web service and

returns the command prompt.

4. At the command prompt, enter install-locationServicesCitrixWSConfigurationCitrixServiceConfigConsole.exe and specify

the following properties:


/UserName:ctx_svc_acct Impersonation account for the Citrix service. This account must be a Citrix administrator.

/Password:password Password for the Citrix service account.

/ServicePort:port Inbound port to be used/added to the CortexServices web site. Default = 8095



The Configuration Tool performs initial configuration of the web service and returns the command prompt.

Sample command string

The following command performs the initial configuration of the web service.install-locationServicesCitrixWSConfigurationCitrixServiceConfigConsole.exe /UserName:ctx_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see

Configure the Citrix service.



Configure the Citrix service

Jun 05, 2015

Updated: 2013-04-18Before configuring the Citrix service, review the following topics and ensure all requirements have been met:

Plan to deploy the Citrix service

Prerequisites for deploying the Citrix service

To configure the Citrix service



2. Expand Citrix and then click Save.


1. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.

2. Expand Citrix and then click Save.

3. Verify credentials:


2. Verify that the administrative impersonation account for the Citrix service exists. If it does not, create the account.

Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when

Services Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.

4. Enable the server:

1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.

2. If the XenApp server is not listed, click Refresh Server List.

3. Expand the entry for the server and verify that Server Enabled is selected.



entry for the server.

2. Under Server Connection Components, select Citrix App and then click Save.


1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then

select or type the following information for the web service.

Server Role

Choose Citrix App.

Server

Choose the XenApp server where the Services Manager Web Service is installed.

Credentials

Choose the credentials for the XenApp server.

Protocol

Defaults to http.


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-citrix/ccps-plan-citrix-prereqs.html


Port

Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.

Timeout

Defaults to 200000 milliseconds. If a large number of applications are published on the Citrix farm, set this value to

-1 (unlimited).

2. Click Save.


icon in the Test column for the XenApp server. The icon turns green for a successful connection. A red icon indicates

an unsuccessful connection. Mouse over it for information about the failed connection.

7. Create a server collection: A server collection can be assigned to a customer before applications are installed on the

servers.

1. From the Services Manager menu bar, choose Configuration > System Manager > Server Collections.

2. If the Location Filter appears, select the relevant location from the list.

3. Click New Server Collection.

4. Enter a Name for the collection, such as CitrixFarm01. You cannot change or delete a collection name after

provisioning the server collection to a customer or after saving applications, application groups, or resources on the

server collection.

5. From the Service list, choose Citrix.

6. In the Servers list, select each XenApp server to be managed under this server collection and then click Save.

8. Update service properties as needed: From the main menu, choose Configuration > System Manager > Service

Deployment, select Active Directory Location Services, choose a Location Filter if applicable, expand Citrix, and then click

Service Settings.

To import applications from a XenApp farm to a server collection

1. From the Services Manager menu bar, choose Services > Citrix > Configuration > Citrix Applications, choose a Location (if

applicable), and choose a Server Collection.

2. Change the New Application Settings as needed for the server collection.

Set new applications to 'default' for customer selection – Select this option to automatically select it for provisioning

to customers and users. You can override this setting at the reseller level.

Make new applications public to all customers – Select this option to provision all new applications for public access.

Generate missing application groups – Select this option to automatically create a security group in Active Directory

for applications. The application group name is in the form of CitrixApp {DatabaseID} or CitrixApp {Name}, based on

the Application Group Name service setting.

3. Click Refresh to start the import operation.

4. If a timeout occurs during the import operation, change the Timeout value on the connection (Configuration > System

Manager > Server Connections).

5. Repeat steps 1 - 3 for each server collection.


Provision the Citrix service to resellers

Jun 05, 2015

To provision the Citrix service to resellers




4. Select the Citrix service check box and then click the Citrix service name. The Reseller Service Setup page appears.

5. Select the server collection that the reseller can use to offer resources to customers.

6. Enable or disable the application groups, applications, and resources the reseller can offer to customers.

Note: If more than one server collection is available, you can select resources from these collections for the reseller.

After you make selections from one collection, select another collection and make additional resource selections.

7. Under User Plan, ensure Full is selected.

8. Click Apply Changes to save your selections.

9. Click Provision to enable the reseller to offer Citrix services to customers.

To enable resellers to offer resources from specified collections

By default, a reseller provisioned with the Citrix service can offer to a customer resources available on all configured Citrix

server collections. However, service providers can limit these offerings by specifying the collections available to resellers

when provisioning the Citrix service.

1. From the Services Manager menu bar, click Customers and select the reseller or customer for whom you want to

provision services.



4. Click the Citrix service name. The Reseller Service Setup page appears.

5. Click Service Settings. The Configure Service Settings page appears.

6. Select the Server Collections check box to enable setting changes.

7. Clear the Use all server collections check box and then select the server collections to make available to the reseller.


9. Click Apply Changes to save your changes to the Citrix service offering.

Note: To verify your changes, click Citrix to view the Reseller Service Setup page. If you specif ied only one server

collection for the reseller, only the collection's resources appear. If you specif ied more than one server collection, only

those you specif ied appear in the Server Collections box.

10. Click Provision to update the Reseller service with your changes.


To provision the Citrix service to customers

Jun 05, 2015



3. Click the Citrix service name. The Grant access to Citrix applications page appears.

4. Select the server collection that the customer can use to access resources.

Note: If only one server collection is available, only the collection's resources appear. If multiple server collections are

available, you can configure only one collection for the customer.

5. Select the application groups, applications, and resources that the customer can access.

6. Click Provision to enable the customer to provision Citrix services to users.


Create or remove Citrix application groups

Jun 05, 2015

An application group is a collection of hosted applications, other application groups, and resources. With application groups,you can provision multiple applications and resources to customers quickly and eff iciently.You can also enable customers to create their own application groups that include the applications and resources that are

available to them. To use this feature, the customer must have a user with Citrix Service Administrator permissions, at a

minimum.

To create an application group

Before you create application groups, ensure there is a server collection configured that hosts the applications and

resources you want to include in the group.

When creating an application group, you have the option to make the group available to all customers (public group) or

make the group available to a specific customer (private group). If you choose to make the group private, be sure to click

Save & Reload. When you click Save & Reload, the group is assigned to the customer and all of the customer's private

applications and resources are available for inclusion. To modify this assignment, you first deprovision the Citrix service for

the customer through the Customer Services page. Then, you can modify the application group to assign it to a different

customer or make the group public. After you modify the application group, you can reprovision the Citrix service for the

customer.

When you assign an application group to a specific customer, you can include the group only in other application groups

that are assigned to the same customer.

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.

2. Under Citrix Server Filter, select the location and server collection you want to use for the application group. Any existing

application groups configured for the server collection appear.

3. Under Group Management, click New Application Group.

4. Type the name and description of the new group.

5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is

provisioned to customers.

6. In Access, configure the application group's availability by performing one of the following actions:

To make the application group available to all customers, select the Public Group check box.

To make the application group available to one specif ic customer, clear the Public Group check box and enter the

name of the customer you want to assign.

Note: If you make the application group private, click Save & Reload to create the group and view the customer's

other private application groups or resources. You can then include these items in the group.

7. In Directory Resource, choose one of the following options:

Generate creates and names a security group automatically (e.g., CitrixGrp 3).

Search enables you to f ind and select an existing security group within the domain.

Custom enables you to create a new security group with a unique name you specify.

8. Under Applications, select the hosted applications you want to include in the group.

9. Under Groups, select other available application groups you want to include.

10. Under Resources, select the network resources you want to include in the group.

11. In Publish, select Enabled to make the application group visible to customers.

12. Click Save to create the application group.


To delete an application group

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.

2. Select the application group you want to remove.

3. Under Manage Application Groups, click Delete and then click OK to confirm. The option to delete the corresponding

Active Directory object appears.

4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory

check box selected. To keep the Active Directory object, clear this check box.

5. Click Delete to remove the application group. The application group entry and Active Directory object, if selected, are

removed.

To create a customer-level application group

1. From the Services Manager menu bar, click Services > Citrix > Customer Application Groups.

2. Under Customer Management, search for and select the customer for whom you want to create the application group.

3. Under Group Management, click New Application Group.

4. Type the name and description of the new group.

5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is

provisioned to the customer's users.

6. Under Applications, select the application resources and hosted applications you want to include in the group.

7. Under Groups, select other available application groups you want to include.

8. Under Resources, select the network resources you want to include in the group.



Create or remove Citrix resources

Jun 05, 2015

To create a resource

When creating a resource, you have the option to make the resource available to all customers (public resource) or make

the resource available to a specific customer (private resource). If you choose to make the resource private, the resource is

assigned only to the customer you specify and can be included in application groups only for the same customer. To modify

this assignment, you first deprovision the Citrix service for the customer through the Customer Services page. Then, you can

modify the resource to assign it to a different customer or make the resource public. After you modify the resource, you

can reprovision the Citrix service for the customer.

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.

2. Under Citrix Server Filter, select the location and server collection you want to use for the resource. Any existing

resources configured for the server collection appear.

3. Under Management, click New Resource.

4. Type the name and description of the new resource

5. In Allocation, select the Default Resource check box to include the resource in the Citrix services package that is


6. In Access, configure the resource's availability by performing one of the following actions:

To make the resource available to all customers, select the Public Group check box.

To make the resource available to one specif ic customer, clear the Public Group check box and enter the name of the

customer you want to assign.


Generate creates and names a security group automatically (e.g., CitrixGrp 3).



8. In Publish, select Enabled to make the application group visible to customers.


To delete a resource

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.

2. Select the resource you want to remove.

3. Under Manage Resources, click Delete and then click OK to confirm. The option to delete the corresponding Active

Directory object appears.

4. To remove the corresponding Active Directory object, leave the Delete the resource group from Active Directory check

box selected. To keep the Active Directory object, clear this check box.

5. Click Delete to remove the resource. The resource entry and Active Directory object, if selected, are removed.


Create or remove Citrix application resources

Jun 05, 2015

To create an application resource

Before you create applications, ensure there is a server collection configured that hosts the resource.

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.

2. Under Management, click New Application.

3. Type the name and description for the application.

4. In Allocation, select the Default Application check box to include the application in the Citrix services package that is


5. In Access, configure the application's availability by performing one of the following actions:

To make the application available to all customers, select the Public Group check box.

To make the application available to one specif ic customer, clear the Public Group check box and enter the name of

the customer you want to assign.


Generate creates and names a security group automatically (e.g., CitrixRes 3).



7. In Publish, select Enabled to make the application visible to customers.

8. Click Save to create the application.

To delete an application resource

1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.

2. Select the application you want to remove.

3. In Manage Applications, click Delete and then click OK to confirm. The option to delete the corresponding Active

Directory object appears.

4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory

check box selected. To keep the Active Directory object, clear this check box.

5. Click Delete to remove the application. The application entry and Active Directory object, if selected, are removed.


To configure Citrix hosted application settings

Jun 05, 2015

To enable Services Manager to discover the hosted applications in your environment, you configure a server collection thatincludes the XenApp servers where the applications reside. After the server collection is created, you can use the CitrixApplications page to configure the global settings for each application.1. From the Services Manager menu bar, click Services > Citrix > Configuration > Citrix Applications.

2. Under Citrix Server Filter, select the location and server collection you want to use. All hosted applications configured for

the server collection appear.

Note: Click Refresh to ensure you are viewing all available hosted applications.

3. Under Configured Applications, select the hosted application whose settings you want to configure.

4. Under Manage Application Settings, select one of the following options to create an Active Directory group:

Generate creates and names a security group automatically (e.g., CitrixApp 3).


5. In Allocation, select the Default Application check box to include the hosted application in the Citrix services package

that is provisioned to customers.

6. In Access, configure the hosted application's availability by performing one of the following actions:

To make the hosted application available to all customers, select the Public Application check box.

To make the resource available to one specif ic customer, clear the Public Application check box and enter the name

of the customer you want to assign.

Note: If you make the hosted application available to one specif ic customer, the application can be added only to

application groups that belong to the same customer.

7. In Publish, select Enabled to make the hosted application visible to customers.

8. Click Save to create the Active Directory group and save your selections.


To provision applications to multiple users

Jun 05, 2015

With Citrix application access, you can provision an application, resource, or application group to multiple users with a singleprovisioning request.To use application access, the Citrix service must be provisioned to the customer to whom the users belong. Additionally,

resellers who want to provision multiple users of sub-customers must have the Citrix service provisioned.

1. From the Services Manager menu bar, click Customers and select a customer for whom you want to provision

applications.

2. In Customer Functions, click Services. This ensures the customer is selected.

3. From the Services Manager menu bar, click Services > Citrix > Application Access.

4. In Type, select the type of application or resource you want to provision.

5. Select the application or resource you want to provision.

6. Under Citrix Application Management, select the users you want to provision.

7. Click Provision to send provisioning requests for all users selected. The selected users are added to the Active Directory

group for the application or resource.


DNS

Jun 05, 2015

Updated: 2013-04-251. Enable the service (top environment level):

1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and then expand

DNS.

2. Click Save.


1. Under Service Filter, choose Active Directory Location Services.

2. If applicable, choose a Location Filter and then expand DNS.

3. Click Save.

3. Add the credentials for the DNS service account:

1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials. The Credentials

Overview page appears.


3. In Username and Password, enter the user name and password of the service account.




5. In Domain, enter the FQDN of the service account.



2. If the DNS server is not listed, click Refresh Server List.


5. Assign server roles to each DNS server:

1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles.

2. If applicable, choose a Location Filter and then expand the entry for a server that will host the DNS zones.

3. Under Server Roles, select DNS, and then click Save. The DNS role is used for both Windows DNS and BIND DNS.

6. Update service settings as needed:


2. Select Active Directory Location Services and choose a Location Filter, if applicable.

3. Expand DNS and then click Service Settings.

4. Configure the following required settings:

DNS Credentials

Required fully qualif ied credentials that have read and write access to the DNS server.

Is Server 2008 Provisioning

Select the check box if the DNS server uses Windows Server 2008, 2008 R2, or 2012 for provisioning.

Primary DNS Server

Choose the server that hosts the DNS service.


(Optional) Secondary DNS Server

Select the check box for each secondary DNS server to be used. All secondary servers regularly perform zone

transfers from the primary server to provide redundancy and load balancing.

SOA Responsible Person

Enter the email address of the person responsible for administering the domain's Start of Authority (SOA) record.

Update Method

Choose WMI (Windows) or UNIX (BIND).

Zone Credentials

Choose the fully qualif ied credentials for managing DNS zones.

7. To verify the configuration, provision the DNS service to a customer and then go to Services > DNS > DNS Records to

create test records. The service is working correctly if no errors occur during record creation.


To provision the DNS service to customers

Jun 05, 2015

Updated: 2013-02-251. From the Services Manager menu bar, click Customers > Customer Services.

2. In Customer Search, f ind the customer for whom you want to provision DNS services.

3. In the services list, select DNS. The service configuration page appears. Domains that have been entered in the

customer's Domain Management section appear under Available Domains.

4. To add a new domain as a DNS zone, under Add Domain, enter the domain and click Add Domain. The domain appears in

a table under DNS Zones. You can add only one domain in this manner. If you enter another domain, the newly entered

domain replaces the previously entered domain in the DNS Zones table.

5. To add an existing domain as a DNS zone, under Available Domains, select the check box of the domain you want to add

and then click Add Zone. The domain appears in the DNS Zones table.

6. Click Provision. The Forward Lookup Zones folder on the DNS server is updated with the defined zones. Each zone has

the following records attached:

Start of Authority (SOA) record

Name of Server (NS) record


Create DNS zones and records

Jun 05, 2015

Updated: 2013-02-04

To create DNS subzones

DNS zones are created when customers are initially provisioned with DNS services. Additional zones are created when

domains are added to the DNS service. Customers with DNS Service Administrator permissions can create DNS subzones to

which they can also add DNS records.

1. From the Services Manager menu bar, click Services > DNS > DNS Records.

2. Under Zone Management, enter the name of the new subzone and then select the zone to which it belongs.

3. Click New Sub-Zone. When the DSN page refreshes, the new subzone appears under DNS Filter, in the Zone drop-down

box.

To create DNS records

When you create a DNS record, only the Time to Live (TTL) setting can be modified. To change other record settings, you

must first deprovision the record. When you have finished making changes, you provision the record again.

1. From the Services Manager menu bar, click Services > DNS > DNS Records.

2. Under DNS Filter, perform the following actions:

1. In Zone, select the DNS zone to which you want to add the new record.

2. In Type, select the type of DNS record you want to create.

3. Under DNS Management, click New DNS Entry. The DNS Record screen appears.

4. Enter the record details and then click Provision to create the record.


To create DNS templates

Jun 05, 2015

DNS templates define the DNS records that are created when a customer domain is added or a service is provisioned to the

customer's account.

Templates can be created at any level in the customer hierarchy. Templates can also be overridden. For example, a Service

Provider has five domain templates configured. For Reseller A, two new templates are created at the reseller level. When

Reseller A provisions a customer, the Service Provider templates will be ignored and the two reseller templates will be

configured for the customer.

If you delete a DNS template, the template is not used for new domains or services that are provisioned to a customer.

However, existing customers' DNS records that were generated with the template are not removed. You can remove these

records manually through the DNS Records menu item.

By default, only the Service Provider Administrator role has permission to manage DNS templates. To enable this permission

for other security roles, click Security > Security Roles from the Services Manager menu bar and then select a security role.

Ensure the security role is a member of the DNS Service Administrator role group. The DNS Templates permission is located

on the Menus tab, under Services > DNS

1. From the Services Manager menu bar, click Services > DNS > DNS Templates. The DNS Overview page displays all the

templates that have been created for the selected customer.

2. Under DNS Management, click New DNS Template.

3. In Template Service, select the service for which the template is being configured. When the service is provisioned to the

customer, the DNS template is created. Leave this f ield blank if the template is created when a domain is added to the

customer.

4. In Record Type, select a record type and configure the options that are created when the DNS record is created. A

default {Domain} value is displayed for all DNS templates. This value refers to the customer's domain.

5. Click Save to create the template. The new template appears in the DNS template table.


Dynamics CRM

Jul 22, 2016

Updated: 2013-04-03

To Deploy the Dynamics CRM – ADFS Web Service


2. On the Add Services & Locations page, select Install Services.

3. Accept the License Agreement and then click Next .

4. On the Select Web Services page, select ADFS Web Service and then click Next .

5. On the Ready to Install page, click Install. The Deploying Server Roles page displays the installation progress.


7. On the Installed Services page, click Conf igure next to the ADFS web service list item. The Configuration Tool checks

to ensure the prerequisites are present on the ADFS server.

8. On the Create Service Account page, enter the following information and then click Next :



User name: Enter a user name for the ADFS web service account. The default user name is csm_adfs_svc. This f ield

is unavailable when you elect to auto-generate credentials.

Password: Enter a password for the ADFS web service account. This f ield is unavailable when you elect to auto-


Create if doesn't exist : Leave this check box selected to allow the web service account to be created if it does not


9. On the Prepare CRM 2011 page, select Integrate with Microsoft Dynamics CRM 2011 to connect Services Manager

to an existing CRM 2011 deployment. Click Next .

10. On the Specify CRM Service Accounts page, enter the following information and then click Next :

Asynchronous Processing service: Enter the account used for running the Microsoft CRM Asynchronous Processing

service.

Deployment service: Enter the account used for the CRM Deployment Service application pool.

11. On the Specify CRM Deployment Administrators Group, enter the name of the CRM 2011 Deployment

Administrators group in Active Directory. Typically, this group is created when you deploy CRM2011. Click Next .


configuration page. When the summary contains the settings you want, click Next . The Configuration Tool configures

the ADFS web service and displays progress.


14. To verify the web service is installed correctly, launch a web browser and enter the URL of the ADFSWebService.asmx f ile

in the address bar. For example, https://fqdn.cpsm.citrix.com/adfs/ls/ADFSWebService.asmx. The URL returns

the ADFSService definition page.


To configure the Dynamics CRM service

Jul 22, 2016

Updated: 2014-11-19Step 1: Enable the service (top level) and create user and customer plans

1. From the Services Manager menu bar, select Conf iguration > System Manager > Service Deployment and then

expand Customer Relationship Management .

2. Click Customer Plans, create a customer plan, click Create, and then click Save.

Step 2: Enable the service (location level)


2. Expand Customer Relationship Management and then click Save.

Step 3: Verify credentials

1. From the Services Manager menu bar, select Conf iguration > System Manager > Credentials.

2. Verify that the service account for the Dynamics CRM service exists (this is the Deployment Administrator). If it does not,

create the account.

Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services

Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.

Step 4: Enable the server

1. From the Services Manager menu bar, select Conf iguration > System Manager > Servers.

2. If the server that hosts CRM is not listed, click Refresh Server List .


Step 5: Assign CRM server roles

1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Roles and then expand the

entry for the CRM server.

2. Under Server Connection Components, select Dynamics CRM Deployment and Dynamics CRM Discovery.

3. Under Server Roles, select Dynamics CRM Application Server and then click Save.

4. Expand the entry for the server which is configured in CRM as the SQL content database.

5. Under Server Roles, select Dynamics CRM SQL Server and then click Save.

Step 6: Assign ADFS server roles (If ADFS is being used)

1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Roles, then expand the entry

for the server hosting the ADFS web service

2. Under Server Connection Components, select ADFS and click Save.

Step 7: Add the CRM server connections.

1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Connections, select a

Location Filter if applicable. Then, for the Dynamics CRM Deployment and the Dynamics CRM Discovery Server roles

click New Connection, and then specify the following information:


Note: There should be two Dynamics CRM Web Services configured.

Server Role Choose Dynamics CRM Deployment or Dynamics CRM Discovery.

Server Choose the CRM server.

Credentials Choose the credentials for the CRM Deployment Administrator.

URL BaseDefaults to /XRMDeployment/2011/Deployment.svcand /XRMServices/2011/Discovery.svc.

Protocol Defaults to https.

Port Defaults to 446. This should match the CRM Web Site Bindings on the CRM Server.

T imeout Defaults to 200000 milliseconds.

2. Click Save.

3. From the Services Manager menu bar, select Configuration > System Manager > Server Connections and then

click the icon in the Test column for both of the new Server connections. The icon turns green for a successful connection.

A red icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.

Step 8: Add the ADFS server connection

1. From the Services Manager menu bar, select Conf iguration > System Manager > Server Connections, select a

Location Filter if applicable, then click New Connection, and then specify the following information:

Server Role Choose ADFS.

Server Choose the server hosting the ADFS web service.

Credentials Choose the credentials for the ADFS web service.

URL Base Defaults to /adfs/ls/ADFSWebService.asmx.

Protocol Defaults to https.

Port Defaults to 443. This should match the ADFS Web Service bindings.

Timeout Defaults to 200000 milliseconds.

2. Click Save.


Step 9: Update service settings as needed

1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment, select Active

Directory Location Services, and then choose a Location Filter if applicable.

2. Expand Customer Relationship Management and then click Service Settings.


Default Currency Code Set to an applicable currency code for your location.

Language Code Set to an applicable language code for your location.

Step 10: Click Apply Changes.

Step 11: Update Customer Plans as needed.

1. With Active Directory Location Services still selected, expand Customer Relationship Management , click CustomerPlans, and then expand a plan.


ADFS Account (if ADFS isin use)

Set to the name of the ADFS service account. This is used to provide ADFS access to theusers OU for validating credentials.

ADFS Party Trust (ifADFS is in use)

Set to the name of the ADFS Relying Party Trust.

CRM Servers Select the Server or Servers applicable for this Customer Plan.

Is IFD Enabled If ADFS is being used, this must be checked, otherwise it cannot be checked.

Report Server SRS URL Enter the URL for the Report Server.

SQL Server Select the Content database SQL Server.

User Login URLThis is an informational URL so that the user knows where to login to their CRM Sitewhen they are provided access.

Step 12: Click Apply Changes, then Save.


Provision the Dynamics CRM service

Jul 22, 2016

To provision the Dynamics CRM service to resellers



3. From the services list, select Reseller.4. Select the Customer Relationship Management check box and then click the service name. The Reseller Service

Setup page appears.

5. Select the customer plans that the reseller can offer to customers.

Note: The customer plans selected determine the CRM servers that are allocated to the reseller for provisioning

customers. Because Customer Plans are used to configure the CRM Servers to provision to (among other properties), use

customer plans to configure different versions of CRM to offer to customers.

6. To customize the customer plan, click the plan name to display the Conf igure Service Settings page and make the

appropriate changes.

Note: Changes you make to the customer plan are applied to all customers within this Reseller subsequently provisioned

with the plan.

7. Click Apply Changes to save your changes to the customer plan.

8. Click Apply Changes to save your changes to the service.

9. Click Provision to enable the reseller to offer the CRM service to customers.

To provision the Dynamics CRM service to customers

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision

services.


3. Click Customer Relationship Management to create an instance. Enter an instance name and a display name and then

click Create. The Instance Setup page appears.

4. Under Service Conf iguration, select the customer plan to provision to the customer.

Note: The customer plan determines the servers on which the customer's user data is stored and how Services Manager

sets up the database. The plan selection also determines any additional service options that require configuration before

the service can be provisioned to customers.

5. Under CRM Conf iguration, perform the following actions:

1. In CRM Server, select the CRM server that hosts the customer's instance.

2. Ensure the following settings are selected and that the correct values have been entered:

SQL CollationCurrency CodeCurrency NameCurrency Symbol


Currency Precision

The Currency Code setting cannot be changed after the CRM service is provisioned to the customer.

6. Click Provision to provision the customer with the CRM service.

To import CRM organizations created outside Services Manager

The CRM Import Tool for Dynamics CRM enables service providers to import CRM organizations that were not initially

created through Services Manager. Service providers can link the organization to a customer in Services Manager and, where

possible, match the organization's users to the domain user ID of the customer's users in Services Manager.

1. From the Services Manager menu bar, click Services > Dynamics CRM > CRM Import . The CRM Customer Allocationpage displays a list of the organizations configured on the CRM server. If an organization is allocated to a customer, the

customer's name appears in the list.

2. Select the CRM organization you want to import. The Customer Import Manager page displays.

3. Under Customer Details, perform the following actions:

1. In CRM Description, enter the name of the CRM site.

2. In Customer Search, enter the name of the CRM customer you want to import and select the customer name.

4. Click Provision. The Customer Import Manager page displays a table of the users that match the domain user IDs of

the customer's CRM users. By default, these users are selected for provisioning.

5. Click Provision Users to provision the selected users with the CRM service. Services Manager updates the selected users'

services with the provisioned CRM organization.


File Sharing

Jun 05, 2015

Updated: 2013-05-071. Enable the service at the top environment level and create a default customer plan:

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and

2. Expand File Sharing and then click Customer Plans.

3. Under New Customer Plan, in Name, type Default.

4. Click Create. Services Manager creates the customer plan and then displays the service settings.

5. In File Share Path, enter the path of the f ile share you wish to use.

Note: If the specif ied path does not exist, Services Manager can create it, provided it has permissions on the specif ied

server. Otherwise, be sure the path exists before configuring the customer plan.

6. Click Apply Changes.

7. Click Save.

2. Enable the service at the location level:

1. On the Service Deployment page, under Service Filter, select Active Directory Location Services, and then choose a

Location Filter if applicable.

2. Expand File Sharing and then click Save.



entry for the server hosting the File Sharing service.

2. Under Server Roles, select File Sharing and then click Save.

4. Create a server collection:

1. From the Services Manager menu bar, select Configuration > System Manager > Server Collections.

2. Click New Server Collection and complete the following f ields:

In Name, enter a unique name for the server collection.

In Display Label, enter a friendly name for the server collection.

In Service, select File Sharing.

In Servers, select the servers that you want to add to the collection.

Select Automatic reseller selection if you want to make the collection the default for resellers that are provisioned

with the service.

Select Automatic customer selection if you want to make the collection the default for customers that are

provisioned with the service.

3. Click Save.

5. Enable the server collection for the customer plan:


2. Under Service Filter, select Active Directory Location Services, and then choose a Location Filter if applicable.

3. Expand the File Sharing service, click Customer Plans, and then expand the Default plan.

4. Under Configure Service Settings, select File Share Servers, and then select the servers you want customers to use

when they are provisioned with the Default plan.

5. Click Apply Changes and then click Save.

After you configure the File Sharing service, you can provision the service to customers. For more information, see Provision

the File Sharing service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-file-sharing/ccp-10-services-admin-file-share-prov.html


Provision the File Sharing service

Jun 05, 2015

Updated: 2013-02-05

To provision file sharing to resellers




4. Select the File Sharing service check box and then click the File Sharing service name. The Reseller Service Setup page

appears.

5. In the User Plan table, enable any of the following service access levels:

Full allows users to read, modify, and delete f iles.

Read includes List permissions and allows users to traverse folders and run program files.

List allows users to view file and subfolder names, read data in the f iles, and to view file and folder attributes, including

extended attributes.

6. In the Customer Plan table, enable the plans that the reseller can offer to customers.

7. Under Resource Configuration, in Disk Limit, enter the maximum amount of storage in megabytes (MB) to allocate to the

reseller.


9. Click Provision to enable the reseller to offer the service to customers.

To provision file sharing to customers

1. From the Services Manager menu bar, click Customers > Customer Services.

2. In Customer Search, f ind the customer for whom you want to provision File Sharing services.

3. In the services list, select File Sharing. The Service Plan Configuration page appears.

4. In Customer Plan, select the plan with which to provision the customer. To customize the plan, click Edit.

5. In File Share Server, select the server hosting the customer's f ile share directory.

Note: This f ield appears when the selected customer plan does not have the Automatic Server Selection property

enabled and has more than one server configured. If the selected package has this property enabled, this f ield does not

appear and a f ile server is chosen automatically when the File Sharing service is provisioned to the customer.

6. To customize the storage limit for the customer, under Resource Configuration, clear the Auto select package resource

limits check box and, in Disk Limit, enter a new value.

7. Click Advanced Settings and perform the following actions:

1. Under User Plans, select the check box for each service access level to which the customer can assign users.

2. To limit the number of users the customer can provision, under Maximum Users, select the Enabled check box and

enter the number of users allowed.

3. To ensure the service generates charges to the customer when provisioned, under Billing, ensure the Enabled check

box is selected.

8. Click Provision to save your selections and provision the service to the customer.


Manage folders for the File Sharing service

Jun 05, 2015

Updated: 2013-02-05

To create a subfolder in the file sharing directory

1. From the Services Manager menu bar, click Services > File Sharing Manager.

2. In the Folders pane, select the folder under which you want to create the subfolder.

3. On the Folders tab, in New Directory, enter the name of the subfolder you want to create.

4. Click Create. The new subfolder appears in the Folders pane.

To assign folder permissions to users

1. From the Services Manager menu bar, click Services > File Sharing Manager.

2. In the Folders pane, select the folder for which you want to assign permissions.

3. On the Permissions tab, search for the user or security group to whom you want to assign folder permissions. After

locating the user, click Add. The user appears in the Members table.

4. From the Members table, select the users to whom you want to assign folder permissions and click Manage Permissions.

5. Under Permissions, select the permission level you want to assign and click Save.

6. To apply the permissions only to the selected folder, clear the Apply the permissions to subfolders and f iles check box.



Jul 19, 2016

Updated: 2014-11-20The Hosted Apps and Desktops service for Services Manager delivers applications, desktops, and resources either directly

from XenApp farms and XenDesktop sites, or from farms and sites that are managed by Citrix App Orchestration.

Deploying the Hosted Apps and Desktop service includes the following tasks:Install the Hosted Apps and Desktops web service

Configure the Hosted Apps and Desktops service

Configure Hosted Apps and Desktops offerings

Provision the Hosted Apps and Desktops service

You can install the web service on a XenApp or XenDesktop Controller or on an App Orchestration configuration server

using the Services Manager Setup Tool or from the command line.

For more information about the requirements for deploying the service, review the information in Plan to deploy the

Hosted Apps and Desktops service.

What’s new in Version 11.5.6

CloudPortal Services Manager now includes even more support for provisioning and managing app and desktop offerings at

scale across multiple tenants, managing multiple sites and support for the latest XenApp and XenDesktop versions.

Latest XenDesktop version support : �Simplify management of application and desktop service offerings across

multiple versions including XenDesktop 7.9. Take advantage of new XenApp and XenDesktop features by adding or

updating existing sites to the latest version.

Support for multiple delivery sites:� Manage the delivery of desktop and application offerings eff iciently at scale

across multiple XenApp and XenDesktop sites. This release provides new functionality and UI to manage multiple XenApp

and XenDesktop sites within a single location or domain – including support for multiple XenApp and XenDesktop

versions and App Orchestration 2.6. The new site management UI displays the details for each site as well as the

configured offerings and customer relationships.

Version co-existence and upgrade via migration: The new features in this release allow for upgrades by way of

migration for service providers wanting to host services on the latest XenApp and XenDesktop releases. Choose to

upgrade sites in place or migrate offerings to newly deployed sites to de-risk upgrade scenarios and ensure continuity of

services.

Delivery group management :� In this release, the Hosted Apps and Desktop Service has surfaced the XenApp and

XenDesktop delivery group concepts in a newly added interface. This addition clarif ies how Hosted Apps and Desktops

offering assignment and provisioning maps into the underlying site configuration. This addition simplif ies tenant isolation

for service providers managing shared or private offerings.

Performance optimization:� Speed management of app and desktop services with faster and more responsive UIs.

New performance optimizations for offering management and provisioning allow service providers to quickly move

between UIs without delay. Newly added discovery actions allow for UIs to load existing customer and service data

quickly and discover new offerings and delivery groups on demand when needed.

Detailed usage tracking and insight : �Find improved usability throughout the service that allows service providers to

quickly identify which tenants are using each site, delivery group and offering. This release provides quickly accessible

context into who’s using what, thereby simplifying and speeding up management and support tasks.

Offering discovery and removal of _Offer_ pref ix requirement : In this release, it is no longer required to add the

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-plan-overview/ccps-plan-services/ccps-plan-haad.html


_Offer_ prefixes for XenApp and XenDesktop delivery groups and applications to be discovered by the service. This

release uses a new offering discovery process to surface apps and desktops published on XenApp and XenDesktop sites

– allowing the underlying delivery groups and applications to be named as the service provider chooses.

Simplif ied delivery group isolation: New simplif ied app and desktop onboarding makes it easier to introduce new

delivery groups and assign them to a specif ic tenant. In this version, the Hosted Apps and Desktops service will no longer

clone or replicate delivery groups during provisioning. All delivery groups are created outside of CPSM by the service

provider then discovered and assigned in the Hosted Apps and Desktops service.

Backwards compatibility with previous version: In this version, legacy XenApp and XenDesktop offerings that use

the _Offer_ prefix as well as App Orchestration 2.6 are supported after the upgrade.

What's new in Version 11.5.3

Multi-User service provisioning and offering management :

Manage delivery of desktop and application offerings eff iciently at scale. This release enables bulk user provisioning and

deprovisioning of services. In a single operation across multiple users, offerings can be added or removed, or a f ixed set of

offerings can be applied to users.

Backup datacenter support :

Deliver highly available and disaster-tolerant app and desktop services using the multi-datacenter design of Citrix App

Orchestration. Provide a tenant-level backup datacenter property set during service provisioning. Downstream

automation and orchestration technology helps ensure appropriate app and desktop delivery infrastructure is deployed

in primary and backup datacenters.

High-Availability and disaster recovery guidance:

Maintain core portal capabilities to ensure onboarding, reporting, provisioning remain online. Continue leveraging user

management and service provisioning capabilities during disaster plan execution. Ensure customer self-service and help

desk teams continue operations. Limit manual touch and out of band configuration when reacting to datacenter

outages

XenDesktop 7.6 application folder support :

Simplify management of application and desktop service offerings using XenDesktop 7.6 application folders. Define

service offerings residing in application folders to design and organize a back-end delivery infrastructure that simplif ies

management of multi-tenant design.

Increased quality and resiliency:

Find improved service resiliency and reliability when provisioning in multi-domain requirements, more eff icient delivery of

private tenant offerings and additional support for highly configurable automated provisioning.

Known Issues

When creating a delivery group or any application in XenDesktop, XenApp or App Orchestration, the usage of excessively

long names leads to the failure of provisioning offerings to customers.

This new release of Hosted Apps and Desktops Service only supports multiple XenDesktop sites along with an optional

single XenApp and single App Orchestration backend. This new release does not support multiple XenApp deployments or

multiple App Orchestration deployments. The deployments, in this scenario, refer to the server connections in

CloudPortal Services Manager. For example, you can not create multiple server connections for XenApp or for App

Orchestration in CloudPortal Services Manager.

It is recommended to wait until a workflow is completed while subscribing or unsubscribing customers from App

Orchestration offerings. Failure to do so may lead to errors in the connection to that particular tenant in CloudPortal

https://www.citrix.com/solutions/hosted-desktops/app-orchestration.html


Services Manager.

When you upgrade the web service on web service servers without uninstalling the previous version of Hosted Apps and

Desktops web service in advance, you need to launch the Hosted Apps and Desktops Conf iguration Tool to

complete the configuration.

Duplication of XenApp applications in XenApp farm is not supported. This is to prevent the duplicated offering from

sharing the same CitrixAppId with its parent application, which will lead to confusion in the new Hosted Apps and

Desktops Service.

The Type value for delivery groups created in XenDesktop 7.8 and 7.9 can be inconsistent with the Type value in

CloudPortal Services Manager. For example, when creating a delivery group in XenDesktop 7.8 or 7.9 without any type,

the Type value displayed in Citrix Studio is “-”, and the Type value displayed on the delivery group management page of

CloudPortal Service Manager is “Desktop and Applications”.

When you have multiple web service server connections in your CloudPortal Services Manger deployment, once a server

connection is tested with errors, you must reconfigure the server connection and make it successful, otherwise the

failed server connection can result in sites, delivery groups, and offerings retrieving errors for other server connections.

Changing the value of HAAD Subscription Group Type propertyis not supported if you want CloudPortal Services

Manger to manage offerings of App Orchestration.

When you create a delivery group with type Desktops and Applications, you must not create any applications that have

the same name as the delivery group.

FAQ

Q: How do I change the group type created on the Domain Controller while provisioning a service to a customer?

A: A new property named HAAD Subscription Group Type is added in Service Settings to determine the types of security

groups that are created while provisioning a service to a customer.

You can set the group type for security groups by performing the following steps:

1. Log on to CloudPortal Services Manager as a service provider admin.


3. From the Services Manager menu bar, choose Conf iguration > System Manager > Service Deployment .

4. Expand Hosted Apps and Desktops and click Service Settings.

5. Select the HAAD Subscription Group Type checkbox.

6. Select the appropriate group type for the security groups created while provisioning Hosted Apps and Desktops Service

to customers.


8. Click Save.

NoteThe property of HAAD Subscription Group Type should be set only at the top level or location level by a service provider. The

properties will not work if they are set at the reseller or customer levels.

Once a security group is generated, the group type cannot be changed by changing the value of HAAD Subscription GroupType at the location level and taking a customer service reprovision in CloudPortal Services Manager.

Use the CloudPortal Services Manager Discussion Forum to ask questions and contribute your knowledge about

CloudPortal Services Manager.

http://discussions.citrix.com/forum/319-cloudportal-services-manager/


Plan to deploy the Hosted Apps and Desktops Service

Jul 18 , 2016

The Hosted Apps and Desktops web service for Services Manager allows service providers to manage and delegate end-

user administration of applications, desktops, and resources.

The following is the topology of Hosted Apps and Desktops Service. In this topology, we can support multiple XenDesktop

instances, but only one XenApp instance and one AppOrchestration configuration server to be managed by CloudPortal

Services Manager. For the XA Farm, AO Configure Server and XD Site mentioned below, Hosted Apps and Desktops Service

must be installed to communicate with CloudPortal Services Manager:

CPSM: CPSM web server, CPSM provisioning engine, CPSM database

DC: Domain Controller

XA Farm: A farm is a group of XenApp servers that can be managed as a single logical entity, use a single data store

database, and balance the load resulting from requests for published resources in the farm.


AO Conf iguration Server: The App Orchestration Configuration Server hosts the App Orchestration engine and the

web-based management console.

XD Site: A Site is the name you give to a product deployment. It comprises the Delivery Controllers and the other core

components, VDAs, virtual resource connections (if used), and the machine catalogs and delivery groups you create and

manage.

Deploying the Hosted Apps and Desktop Service includes the following tasks:

Install the Hosted Apps and Desktops Service

Configure the Hosted Apps and Desktops Service

Configure the Hosted Apps and Desktops sites

Configure Hosted Apps and Desktops delivery groups


Provision the Hosted Apps and Desktops Service

You can install the service on a XenApp server or a XenDesktop Delivery Controller, or on an App Orchestration

configuration server using the setup tool of Hosted Apps and Desktops Service or from the command line.

The following versions of XenApp, XenDesktop, and App Orchestration are supported:

XenDesktop 7.1, 7.5, 7.6, 7.8 and 7.9

XenApp 6.5 FP4 7.5 and 7.6

AppOrchestration 2.5 and 2.6

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/install-the-hosted-apps-and-desktops-service.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config-sites.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config-delivery-groups.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config-offerings.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-provision.html


Install the Hosted Apps and Desktops Service

Jul 19, 2016

It’s allowed to manage offerings from XenDesktop, XenApp and App Orchestration simultaneously, which means you can

install Hosted Apps and Desktops web service for multiple Desktop Delivery Controllers (from different Delivery Sites), one

XenApp farm server and one App Orchestration configuration server at the same time if you want to connect to all the

servers by CloudPortal Services Manager.

NoteWhen you upgrade the web service on the web service servers, it is recommended that you uninstall the previous version of

Hosted Apps and Desktops service in advance and then reinstall this new version. This ensures that the Hosted Apps andDesktops Conf iguration Tool is automatically launched and gets CloudPortal Services Manager configured correctly. If you

upgrade the web service without uninstalling the previous version of Hosted Apps and Desktops web service in advance, you

need to manually launch the Hosted Apps and Desktops Conf iguration Tool to complete the configuration. Configuring the

service correctly is necessary for this version to work properly.

For XenDesktop, multiple server connections are supported, but for XenApp or App Orchestration, only one server connection is

supported.

In the new version of Hosted Apps and Desktops Service, creating multiple server connections to a XenDesktop site is not

supported. If you have multiple Delivery Controllers within a XenDesktop site, only one Delivery Controller is required to install the

Hosted Apps and Desktops web service.

To install the Hosted Apps and Desktops Service using the graphical interface

The installation process includes preliminary configuration to create the web service account and IIS applicationpool, and



1. On the Select Deployment Task page, select Install CloudPortal Services Manager.2. On the Install CloudPortal Services Manager page, select Add Services.


4. Accept the License Agreement and then click Next .

5. On the Select Web Services page, select one of the following options, depending on the product installed on the

server, and then click Next :

If you are installing the web service on a XenApp server, select Hosted Apps and Desktop Web Service (XenApp).If you are installing the web service on a XenDesktop server, select Hosted Apps and Desktops Web Service(XenDesktop).If you are preparing an App Orchestration configuration server to work with the Hosted Apps and Desktops service

through the control panel, select App Orchestration Conf iguration Tool.6. On the Review Prerequisites page, review the list of software that will be installed to support the component and then

click Next . Setup will install any prerequisites that are not already present.

7. On the Ready to Install page, review your selection and then click Install.8. After the installation f inishes, click Finish.

9. On the Add Services page, select Conf igure Services.

10. On the Conf igure Installed Components page, click Conf igure next to the component you want to configure.


11. To configure the XenApp or XenDesktop web services, on the Conf igure IIS page, enter the following information and

then click Next :

Auto-generate credentials: Select this check box to allow service account credentials to be generated

automatically.

User name: Enter a user name for the web service account. If you installed the web service on a XenApp server, the

default user name is csm_xenapp_svc. If you installed the web service on a XenDesktop server, the default user

name is csm_xendesktop_svc. This f ield is unavailable when you elect to auto-generate credentials.

Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate

credentials.

Create if doesn't exist : Leave this check box selected to allow the web service account to be created if it does not


Service port : Enter the port used by the web service. The default port is 8095.

12. To configure the App Orchestration Configuration Tool, perform the following actions:

On the Specify Conf ig Server page, enter the following information and then click Next :

Server address: Enter the FQDN of the App Orchestration configuration server if it is not already present. By

default, the FQDN of the current server is displayed.

Connect as: Enter the username and password of the orchestration service account used to access the App

Orchestration configuration server. By default, the username of the current logged-in user is displayed

in DOMAIN\username format.

Click Test Connection to test communication with the App Orchestration configuration server.

On the Create Service Account page, enter the following information and then click Next :

Username: Enter a user name for the self-service account for App Orchestration. The defaultuser

name is csm_haad_selfsvc. This account is added as an administrator to the App Orchestration deployment.

Password: Enter a password for the self-service account.

Create if doesn't exist : Leave this checkbox selected to allow the self-service account to be created if it does

not already exist in Active Directory.


configuration page. When the summary contains the settings you want, click Next . The Configuration Tool configures

the web service and displays progress.


To install the Hosted Apps and Desktops Service from the command line

1. On the server where you are installing the web service, log on as an administrator.


3. To install the web service component, at the command prompt, enter CortexSetupConsole.exe/Install:component.

Component Description

CsmXenDesktopWS XenDesktop Web Service

CsmXenAppWS XenApp Web Service

CsmAppOrchestration App Orchestration Configuration Tool

The Setup Tool installs the web service and returns the command prompt.


4. To perform preliminary configuration, at the command prompt, enter install-

location\Services\component\Configuration\HostedAppsAndDesktops\ConfigConsole.exe and specify the following

properties:


/UserName:ctx_svc_acct Valid only when installing the XenApp or XenDesktop component.Username for

the web service account. This account must be a XenApp or XenDesktop

administrator.

/Password:password Valid only when installing the XenApp or XenDesktop component.Password for

the web service account. This property is optional if /GenerateCredentials is

specif ied.

/SqlServer:server-address Required. Address of the server where the SQL Server database is deployed.

/AutoCreateUser:True|False Valid only when installing the XenApp or XenDesktop component. Optional.

Creates the service account in Active Directory, if required.

/GenerateCredentials:True|False Valid only when installing the XenApp or XenDesktop component. Optional.

Generates a password for the service account.

/ServicePort:port Valid only when installing the XenApp or XenDesktop component. Optional.

Inbound port to be used/added to the CortexServices web site. Default = 8095.

/SqlUserName:user-name Optional. SQL Server login username.

/SqlPassword:password Optional. SQL Server login password.

/UseSqlAuthentication:True|False Optional. Enables or disables use of SQL authentication mode.

Install-location is the installation directory on the local computer. The default directory is C:\Program Files

(x86)\CitrixCortex.


Sample command strings

The following commands install and initially configure the XenDesktop component of the Hosted Apps and Desktops web

service. The default port (8095) will be used.

CortexSetupConsole.exe /Install:CsmXenDesktopWS

c:\Program

Files(x86)\Citrix\Cortex\Services\CsmXenDesktopWS\Configuration\HostedAppsAndDesktopsConfigConsole.exe

/UserName:ctx_svc_acct /Password:password /SqlServer:server-address


Configure the Hosted Apps and Desktops service

Jul 19, 2016

Updated: 2014-08-10Configure the Hosted Apps and Desktops service after you install it .

To import the service package, you must have the Service Schema Administrator security role. To configure the service, you

must have the Service Provider Administrator security role.

If you intend to use the CloudPortal Services Manager API to access the service that is deployed with App Orchestration,

ensure you have created the datacenter you want to use through the App Orchestration web management console

before you configure the service. You can then specify the datacenter when you configure the service at the location level.

This is required because the API cannot use the default datacenter registered in App Orchestration. For more information

about this requirement, see Plan to deploy the Hosted Apps and Desktops service.

To configure the Hosted Apps and Desktops service

1. Import the service package into the control panel:1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.2. Under Services Management, click Import a service.3. On the Service Import page, click Browse and locate the Hosted Apps and Desktops.package file. Click Open.4. Click Preview. Services Manager displays the contents of the file for your review.5. Click Import at the bottom of the page. Services Manager imports the file and reports Import Complete.

2. On the Services Manager provisioning server, either restart the CortexQueueMonitor service or restart the machine.3. Clear your browser cache before logging into the control panel. 4. In the control panel, enable the service at the top level:

1. From the Services Manager menu bar in the control panel, choose Configuration > System Manager > Service Deployment and thenexpand Hosted Apps and Desktops. Click Save

5. Enable the service at the location level:1. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.2. Click Apply Changes and then click Save.

6. Verify credentials:1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.2. Create the administrative impersonation account for the Hosted Apps and Desktops service by clicking Add, and then entering a

username, password, and domain (preferably in Fully Qualified Domain Name form).Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services Manager isdeployed in a production environment. Use plain-text credentials only for debugging.

7. Enable the server:1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.2. If the server on which you installed the service is not listed, click Refresh Server List.3. Expand the entry for the server and verify that Server Enabled is selected.

8. Assign server roles:1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles, and then expand the entry for the

server.2. Under Server Connection Components, select Hosted Apps and Desktops, and then click Save.

9. Add a server connection:1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, select a Location Filter if

applicable, click New Connection, and then select or type the following information for the web service.

Server RoleSelect or type Hosted Apps and Desktops.

ServerSelect the server where the web service is installed.


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-haad.html


CredentialsSelect or type the credentials for the server.

URL BaseSelect or type /CSMXenAppWS/v1 for XenApp, /CSMXenDesktopWS/v1 for XenDesktop, and /cam/api for the App OrchestrationConfiguration Tool.

ProtocolSelect http for XenApp and XenDesktop, https for App Orchestration.

PortType 8095 for XenApp or XenDesktop, 443 (default) for App Orchestration.

T imeoutDefaults to 200000 milliseconds.

VersionSelect the installed service component: App Orchestration for the App Orchestration Configuration Tool, XenDesktop Direct for theXenDesktop web service, or XenApp Direct for the XenApp web service.

2. Click Save.3. On the Server Connections page, click the icon in the Test column for the server. The icon turns green for a successful connection. A red

icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.10. If you intend to use the CloudPortal Services Manager API to access the service that is deployed with App Orchestration, then now you can

go back and configure the default datacenter.1. From the Services Manager menu bar in the control panel, choose Conf iguration > System Manager > Service Deployment2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.3. Expand Hosted Apps and Desktops, click Service Settings, and then expand App Orchestration.4. Select the App Orchestration Datacenter check box and click Reload to populate the setting's list with the datacenters that are

registered in App Orchestration. From the list, select the datacenter you want to use with the Hosted Apps and Desktops service. 5. Click Apply Changes and then click Save.

You should now configure the rest of the properties associated with this service. The Service Settings properties all have appropriate'default' values, but the Customer and User Plans will need attention.

11. Configure the Customer Plan properties1. Expand Hosted Apps and Desktops again, and click Customer Plans, and expand the App Orchestration Customer Plan.2. Expand the App Orchestration section3. Select the App Orchestration Private Network Name checkbox, and enter a Network pattern if required. Note: this property now

accepts {variable} notation seen in other areas of the CloudPortal Services Manager control panel. A sample value might be{CustomerShortName} - Network.

4. Select the App Orchestration Store Front Isolation check box and select a default isolation mode. NOTE: this value, as well asthe Private Network Name can be altered on a per tenant basis when provisioning the Service to the tenant.

5. Click Apply Changes, and then click Save.12. Configure the User Plan properties:

1. Expand Hosted Apps and Desktops again, and click User Plans, and expand the Default User Plan.2. User the following table as a guide to setting these values.

Property Example Value


Name of home drive share {customershortname}_{username}_home

Name of the profile share {customershortname}_{username}_profile

Path to share for the user profile C:\Shares\home\{CustomerShortName}\{username}

Path to share for the user profile C:\Shares\profile\{CustomerShortName}\{username}

Profile home folder drive letter P:

Profile home folder drive path \\fs\{customershortname}_{username}_home

Profile tab profile path \\fs\{customershortname}_{username}_profile

Terminal services file serverFs

Terminal services home drive letter

H:

Terminal services home drive path \\fs\{customershortname}_{username}_home

Terminal services profile path

\\fs\{customershortname}_{username}_profile

Property Example Value

If you have multiple backend servers to connect to, repeat Steps 5 through 8 listed above to create multiple server

connections.

NoteWhen creating server connections for each web service server, you must choose the correct Version for each server. For example,

while creating a server connection for XenDesktop, select XenDesktop Direct as the Version.


Configure the Hosted Apps and Desktops sites

Jul 18 , 2016

The Site Management page lists the information related to the XenDesktop sites, App Orchestration configuration server,

and the XenApp farm connected to CloudPortal Services Manager. Service providers can also view customer usage and

offerings usage of the sites from this page.

The following table shows the information that is displayed on the Site Management page.


Site NameThe display name of the site. For XenDesktop sites, this is the site name. For XenApp, this is XenApp farm name. For App

Orchestration, this is server name of the App Orchestration configuration server with a suffix “_AO”.

Type The type of each server. It can be: XenApp, XenDesktop and App Orchestration.

ServerName

The name of the HAaD web service server.

ServerVersion

The version of the XenDesktop, XenApp, App Orchestration server.

ConfiguredOfferings

The number of configured offerings within a site. If the value is greater than 0, it is clickable and links to a page that shows

the details of the configured offerings.

Used By

The customer usage of each offering in a site.

If only one customer is provisioned offerings of a site, the value is the customer name. It is clickable and linked to the

customer service page.

If more than one customer is provisioned offerings of a site, the value is a number with a link that represents the total

number of customers being provisioned with offerings of this site. When you click the number, a dialog box appears,

listing all the customers being provisioned with the offerings from this site.

NoteThe term site in this context is a CloudPortal Services Manager term. It can be a XenDesktop site, a XenApp farm, or an App

Orchestration configuration server.

To update the Hosted App and Desktops sites

After the server connections have been created and configured, update the site information on the Site Managementpage by performing the following steps:

1. On the Services Manager menu bar, click Services > Hosted Apps and Desktops > Site Management .

2. Click Discover.3. Make sure all the sites connected by server connection are listed.


NoteOnce a server connection is added or deleted, update the site information by clicking Discover again before any other operation.

Otherwise, information of delivery groups and offerings is not updated correctly. For example, if you delete a server connection and

then go to the Offering Management page directly to discover the offerings, an error occurs with the message “Unable to get the

web service with id xx”.


Configure Hosted Apps and Desktops delivery groups

Jul 18 , 2016

In the new version of Hosted Apps and Desktops Service, a new page has been added to support delivery group

management and delivery group isolation mode configuration. Delivery groups created in XenDesktop after the new version

of Hosted Apps and Desktops is deployed are displayed and isolation mode is configurable. Clicking Discover provides a

realtime status of delivery groups in your XenDesktop site. From the delivery group management page, service providers can

get customer usage and offerings usage of their delivery groups.

NoteFor XenDesktop legacy delivery group (applications or desktops of the delivery group managed by previous versions of Hosted

Apps and Desktops Service), the delivery group is not visible and configurable on this page, with the exception that the delivery

group and its applications do not start with naming prefixes such as “_Offer”, “_Offer_Shared” or “_Offer_Isolated.”

Delivery groups generated by App Orchestration are not displayed and cannot be managed by CloudPortal Services Manager.

The following table shows the information displayed on the Delivery Group Management page.


Conf iguredThis property indicates whether the delivery group is configured. Only after the delivery group isconfigured, offerings belonging to that delivery group are visible and configurable on the OfferingManagement page , and vice versa.

DeliveryGroupName

The name of the delivery group.

Site The name of the XenDesktop site that the delivery group belongs to.

IsolationMode

Indicates the isolation mode of offerings from this delivery group. Two isolation modes can be

configured: Shared and Private.

Shared: The delivery group can be shared by multiple customers, and all offerings from the delivery

group have shared isolation mode;

Private: The delivery group can be used by one customer. All offerings from the delivery group have

private isolation mode and can be assigned to the same customer only.

TypeIndicates the type of the delivery group. It can be either Desktop, Desktop and Applications,Applications, or N/A.

Conf iguredOfferings

The number of configured offerings of a delivery group. If the value is greater than 0, it is clickable andlinks to a page that shows the details of the configured offerings.

The offering usage of a delivery group.


Used By

For a private delivery group, the value is the customer name. It is clickable and links to the customer

service page.

For a shared delivery group, the value is a number with a link that represents the total number of

customers being provisioned with offerings from this delivery group. When you click the number, a

dialog appears, listing all the customers being provisioned with offerings from this delivery group.

NoteFor XenDesktop 7.8 or XenDesktop 7.9, delivery groups can be created without any type. If a delivery group is created without

any type, the value of Type in delivery group management page is N/A

Before configuring the delivery groups in CloudPortal Services Manager, they must be created in the backend first and the Hosted

Apps and Desktop service must be configured.

To configure XenDesktop delivery groups

1. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Delivery Group Management .

2. Click Discover.3. Use the Search Delivery Group Name and Filter by f ields to tailor the display of available delivery groups as needed.

4. Select one or more unconfigured delivery groups and then click Conf igure.

5. Under Conf iguration Dialogue, select the Isolation Mode for the delivery group:

Private: The private delivery group can be used only by one customer. Other customers cannot see any offerings from

the delivery group. All offerings from the private delivery group have the private isolation mode.

Shared: The shared delivery group can be used by multiple customers. Offerings from the shared delivery group can be

provisioned to resellers and customers by delegated admins. All offerings from the shared delivery group have the

shared isolation mode.

6. Click Save.

You can unconfigure a delivery group by clicking Unconfigure. On unconfiguring a delivery group, offerings from the delivery

group are no longer visible in CloudPortal Services Manager. A delivery group cannot be unconfigured until all the offerings

of the delivery group are unconfigured in CloudPortal Services Manager.

NoteYou cannot change the isolation mode of the delivery group until it is unconfigured.

If you do not click Discover, only configured delivery groups are displayed. When you click Discover button, delivery groups

from XenDesktop backend servers are displayed.




Jul 19, 2016

Updated: 2014-11-17Before configuring offerings, configure the service.

After you configure offerings, provision the service.

ImportantIf you use the Hosted Apps and Desktops service with an environment running XenDesktop 7.6, and your Hosted Apps and

Desktops version is prior to v11.5.3, then CloudPortal Services Manager will not automatically discover applications and desktops

that are contained in custom folders. With this configuration, all offerings must reside in the default (root) application folder. This

limitation is resolved with version 11.5.3.

The Offering Management page lists all offerings created in XenDesktop, XenApp, and App Orchestration sites. Clicking

Discover on this page fetches realtime status of offerings of XenDesktop, XenApp, and App Orchestration. Service

providers can use this page to configure offerings and view customer usage of offerings. Once an offering is configured, it

can be used by resellers or customers.

The following table shows the information that displayed on the Offering Management page.


Configured Indicates whether the offering is configured. If the offering is configured, it can be used by resellers or customers.

Offering The display name of the offering

DeliveryGroup

The delivery group that the offering belongs to.

Site The site that the offering belongs to.

IsolationMode

Indicates the isolation mode of the offering. The isolation mode decides whether the offering can be used by one

customer or be shared by multiple customers.

Used By

Shows the usage of the offering.

For a private offering, the customer name is listed. It is clickable and links to the customer service page.

For a shared offering, the value is a number with a link that represents the total number of all resellers and customers

being provisioned with the offering. When you click the number, a dialog apperas, listing the hierachy of resellers and

customers being provisioned with this offering.

In the new version of Hosted Apps and Desktop Service, there is no naming limitation on application and delivery group

names on XenDesktop sites. For offerings created in XenDesktop after the new version of Hosted Apps and Desktops is





installed and configured:

Offerings are visible in CloudPortal Services Manager and can be configured after the delivery groups have been

configured.

Offerings can have isolation mode in accordance with thei delivery groups. For example, if the delivery group has shared

isolation mode, offerings of this delivery group have shared isolation mode as well.

For shared offerings, offerings can be provisioned by multiple customers after they are configured.

For private offerings, offerings cannot be configured until they are assigned to a customer. Once a private offering is

configured to a customer, all other offerings from the same delivery group are automatically assigned to the same

customer. These offerings cannot be assigned to another customer unless all private offerings of the delivery group are

unconfigured. These kinds of offerings can be provisioned to only one customer.

XenDesktop offerings managed by previous versions of Hosted Apps and Desktops Service, and offerings of App

Orchestration and XenApp are displayed with a yellow background on the Offering Management page. These offerings

retain the behavior of the previous versions of Hosted Apps and Desktops Service.

The isolation mode of these offerings depends on the naming prefix of offerings on the Desktop Delivery Controller. To

get more information about configuring isolation mode on the backend server, see Configure applications and desktops

in the backend.

Both private and shared offerings can be assigned to a specif ic customer during configuration. Once an offering is

configured to a customer, it is visible only to that customer. Both private and shared offerings can be provisioned to

multiple resellers and customers.

To configure Citrix application and desktop offerings

Perform the following steps to configure XenDesktop Applications and Desktops created after the new version of Hosted

Apps and Desktops Service is deployed:

NoteBefore the newly created XenDesktop offerings are available within CloudPortal Services Manager, the delivery group must be

configured.

1. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Offering Management .

2. Click Discover.3. Use the Search Offerings and Filter by f ields to f ilter the display of available offerings if required.

4. Select one or more unconfigured offerings and then click Conf igure.

5. Under the Conf iguration Dialog, you can:

Specify a Display Name, Description, Price, Cost , and Code (for integration with third party billing systems).

Indicate if this offering is allocated by default. When this option is enabled, the offering appears in the list of available

applications and is selected by default for provisioning to a new user, customer, or reseller.

Assign a customer. This is visible only for private offerings. After a customer is assigned, only the customer can see the

offering.

6. Click Save.

You can unconfigure an offering by clicking Unconfigure. Unconfigured offerings are no longer available to resellers or

customers.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config-offerings.html#par_anchortitle



NoteA customer name must be selected for private offerings before configuration, otherwise the offering can not be configured.

For private offerings, to assign a customer to the offering, the customer must be provisioned with Hosted Apps and Desktops

Service in advance.

Configure offerings of App Orchestration, XenApp, and XenDesktop managed by earlier versions of HostedApps and Desktops Service

App Orchestration, XenApp, and legacy XenDesktop are configure the same way as earlier versions of Hosted Apps and

Desktops Service. For more information, see To configure Citrix application and desktop offerings.

To configure non-Citrix application or resource offerings

To configure non-Citrix application or resource offerings, perform the following steps:1. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Offering Management.

2. Select the tab for the offering type: Non-Citrix Apps or Resources. Use the Search offerings and Filter by f ields to tailor

the display of available offerings.

3. To add an offering, click New.

4. Under New offering, you can:

Provide directory name guidance: allow Services Manager to generate a directory name (default), specify a custom

directory name, or specify an existing directory.

Specify a display name (to replace 'New offering'), description, price, cost, and code (for integration with third party

billing systems).

Indicate if this offering will be allocated as a default - When this option is enabled, the offering appears in the list of

available applications and is selected by default for provisioning to a new user, customer, or reseller.

Marked as private - When this option is enabled, the offering can be assigned to a single customer; it does not appear

in the list of available applications unless the customer is the owner. If the offering is already in use, this option is not

available.

5. Click Save.

To edit an offering, select it and then click Edit. You can edit all the configured items except the directory. If you select

more than one offering, you cannot configure the display name or description.

To remove an offering, select it and then click Delete. When prompted, confirm the deletion.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config-offerings.html#par_anchortitle_ecca


Provision the Hosted Apps and Desktops service

Jul 18 , 2016

Updated: 2013-12-06The Hosted Apps and Desktops Service allows service providers to provision customers and resellers with XenApp and

XenDesktop applications, desktops, and resources either directly from a XenApp or XenDesktop Delivery Controller, or

through App Orchestration.

Before provisioning the service, configure the service, configure the delivery groups (only for XenDesktop offerings) and

then configure offerings.

Offerings assigned to a single customer are available only to that customer. In such cases, go to To provision the Hosted

Apps and Desktops Service to customers directly.

Unlike provisioning XenDesktop private offerings in earlier versions of Hosted Apps and Desktops Service, when provisioning

a private XenDesktop offering created after deploying a new version of Hosted Apps and Desktops Service to a customer,

CloudPortal Services Manager does not duplicate extra delivery groups for the isolated offerings.

To provision the Hosted Apps and Desktops service to resellers



3. From the services list, click Reseller.

4. Select the Hosted Apps and Desktops service check box and then click the Hosted Apps and Desktops service name.

5. Under Reseller Service Setup, select the applications, desktops, and resources to be offered.

6. Click an individual offering row and then click Edit to:

Provide directory name guidance: allow Services Manager to generate a directory name (default), specify a custom

directory name, or specify an existing directory.

Specify a display name (to replace 'New offering'), description, price, cost, and code (for integration with third party

billing systems).

Indicate if this offering will be allocated as a default - When this option is enabled, the offering appears in the list of

available applications and is selected by default for provisioning to a new user, customer, or reseller.

If you change any settings, click Save.

7. Click Service Settings to specify service message information. If you change settings, click Apply changes. If you have the

Service Schema Administrator role, you can also specify display name and Active Directory information. You can specify

the datacenter address if you are using App Orchestration.

8. Select the appropriate user and customer plans.

9. Click Advanced Settings to:

Specify the maximum number of users that the customer can provision with this service.

Enable or disable billing.

Access demo account retention and warning settings. Click Service Settings. If you change service settings, click Apply

changes.

If you have the Service Schema Administrator role, you can also specify host header, Web Server, customer creation,

remote directory, and message information.

10. Click Provision.

To provision the Hosted Apps and Desktops service to customers




http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-provision.html#par_text_3




3. Click Hosted Apps and Desktops. The Service Plan Configuration page appears.

4. Select the appropriate customer plan.

5. Click Edit, in order to override the Customer Plan settings. This displays the following settings for App Orchestration only:

1. The tenant's Storefront Insolation Level. Choose between shared, private or a private server group.

2. The tenant's private network name: a management network to which a customer's privately-allocated machines are

connected. If a network is not specif ied, the configured shared management network is used.

6. Select the applications, desktops, and resources that the customer can offer. To specify a default application, select the

offering, click Edit, enable Allocate as default application and then click Save.

7. Click Advanced Settings to:

Select a user plan.

Specify the maximum number of users that the customer can provision with this service.

Enable or disable billing.

Specify service message information. Click Service Settings. If you change settings, click Apply changes.

If you have the Service Schema Administrator role, you can also specify display name and Active Directory information.

You can specify the datacenter address if you are using App Orchestration.

8. Click Provision.

For App Orchestration, the Provisioning process performs the following actions:Creates the customer as a tenant

Creates offering subscriptions for the tenant. When you enable an offering for the customer, Services Manager creates

an Active Directory user group and associates the group with the offering subscription.

Creates a StoreFront site for the tenant at the selected isolation level.

NoteOfferings of App Orchestration, XenApp, and of XenDesktop managed by earlier versions of Hosted Apps and Desktops Service

can be subscribed and unsubscribed to customers. The behavior is the same as in earlier versions of Hosted Apps and Desktops

Service.

The differences in provisioning compared with earlier versions are as follows:

If the offering is picked up after the new version of Hosted Apps and Desktops has been deployed, CloudPortal Services

Manager creates an Active Directory security group and associates the group with the desktop or application on the

Desktop Delivery Controller.

If the offering is a legacy private offering, when you enable an offering for a customer, an extra delivery group with the

related applications is duplicated for the private offering on the Desktop Delivery Controller, and CloudPortal Services

Manager creates an Active Directory security group and associates the group with the duplicated delivery group.

To provision the Hosted Apps and Desktops service to users

You can add selected offerings to a single user or multiple users. You can also remove selected offerings from a single useror multiple users when provisioning the Hosted Apps and Desktops Service to users.1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.

2. Select Services. The User Services page appears.


3. Click Hosted Apps and Desktops. The User Service Setup page appears.

4. Choose the appropriate user plan.

5. Select the applications, desktops, and resources the user can access.

6. Click Service Settings to specify service message information. If you change settings, click Apply changes. If you have the

Service Schema Administrator role, you can also specify Active Directory information.

7. Click Provision.

When you provision a user, the provisioning process simply adds the user to the groups which correspond to the selectedofferings.

Bulk user operations

Multi-user service provisioning and offering management features are available in Hosted Apps and Desktops Service 11.5.3

and later versions.

To access the bulk user operations in the Hosted Apps and Desktops Service:

1. From the Services Manager menu bar, click Users and select multiple users for whom you want to provision services.

2. From the panel on the lower left, select Services.

3. Click Hosted Apps and Desktops. The User Service Setup page appears.

4. Choose the available user plan.

5. Select the applications, desktops, and resources the user can access.

When performing bulk user operations, different usability modes align with specific uses.


Used when performing initial service provisioning and final service deprovisioning or when performing offering management

where all selected users have the same set of app and desktop offerings:

Service provisioning: Provision a specific set of app and desktop offerings to multiple users. These users are configured

access for only the specified offerings. Any offerings not selected are removed. Selected offerings will be provisioned.

Unselected offerings will be de-provisioned.

Service deprovisioning: Remove access to all offerings and deprovision the Hosted Apps and Desktops service from

selected users.

You perform deprovisioning by not selecting any of checkbox options for additive or subtractive provisioning. Click

Deprovision, and the selected offerings are ignored. All offerings will be de-provisioned and the service will be

deprovisioned from the user.


Additive provisioning: Used for bulk user offering management of users with different application sets. Provision selected

app and desktop offerings to multiple users. Access is only granted for the selected offerings. No access to existing

offerings is revoked.

1. Select Add selected offerings, unselected offerings will remain unchanged.2. Click Provision.

In this operation mode the selected offerings are provisioned to users and other offering settings remain unchanged.


Subtractive de-provisioning: Access is revoked only for the selected offerings. No other offering access are changed.

1. Select Remove selected offerings, unselected offerings will remain unchanged.

2. Click Deprovision.

The selected offerings are deprovisioned from the users. Users’ original offerings remain unchanged.


Upgrade the Hosted Apps and Desktops Service

Jul 19, 2016

When upgrading to a new version of the Hosted Apps and Desktops Service, there could be more than one component to

upgrade, depending on the architecture and approach being used. In all upgrade scenarios, administrators will need to

import the new Hosted Apps and Desktops Service Package.

When using the Hosted Apps and Desktops Service with App Orchestration, the web service is not using during service

operations or provisioning, and does not need to be updated. When using the Hosted Apps and Desktops service directly

with XenDesktop, it is required to update the web service residing on the XenApp or XenDesktop delivery controller.

Re-install the Hosted Apps and Desktops Web Service

To upgrade the web service, it is required to re-install the Hosted Apps and Desktops web service in the backend servers.

During the process of upgrading the web service, the Hosted Apps and Desktops service will fetch all the delivery groups

from Desktop Delivery Controller (for XenDesktop backends), and specify the delivery groups previously managed by

CloudPortal Services Manager as legacy delivery groups. The delivery groups that were notmanaged by CloudPortal Services

Manager are imported as as newly created delivery groups.

1. On the server where the web service is installed, log on as administrator.

2. Navigate to the unzipped folder and double-click the Setup f ile.

3. On the Select Web Services page, select the specif ied service (XenApp Web Service, XenDesktop Web Service, App

Orchestration Configuration Tool) that you want to install.

4. On the Review Prerequisites Page review the information and click Next .

5. On the Ready to install page, click Install to install the service, and then click Next .

6. On the Conf igure Installed Components page, click Conf igure to configure the hosted apps and desktops Web

Service.

7. On the Conf igure IIS page, configure the web service account; keep the original credentials and the service port during

the configuration. If you changed the credentials and the service port, be sure to configure the Server Connections

again on CPSM web console

8. Click Next , and then click Finish.

NoteIt is recommended to uninstall the previous version of the web service before re-installing the new version of the web service.

When upgrading the web service directly from the previous version, make sure to run the Hosted Apps and Desktops WebService Conf iguration Tool to configure the web service.

Import the service package into the control panel

After the packge has been updated. It is required to restart the CitrixQueueMonitor service, and then configure the site,

delivery group and offering before using them:

1. Download the latest Hosted Apps and Desktops service package and unzip it to a local folder.

2. Import the service package into the control panel:

https://www.citrix.com/downloads/cloudportal/product-software/cloudportal-services-manager-11.html


Note: To access service import features in the portal, the user must have the Service Schema Administrator security role.

1. From the Services Manager menu bar, click Conf iguration > System Manager > Service Schema.

2. Under Services Management , click Import a service.

3. On the Service Import page, click Browse and locate the Hosted Apps and Desktops.package f ile. Click Open.

4. Click Preview. Services Manager displays the contents of the f ile for your review.

5. Click Import at the bottom of the page. Services Manager imports the f ile and reports Import Complete.

6. Clear the browser cache and restart the browser to login

3. On the Services Manager provisioning server, restart the CitrixQueueMonitor service or restart the machine.

4. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Site Management .

5. Click Discover.6. Ensure all the sites connected by the server connection are listed.

7. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Delivey Group Management .

8. Click Discover.9. Ensure all the new delivery groups are listed.

10. Select one or more delivery groups, and click Conf igure.

11. Select the Isolation Mode of delivery groups.


13. Click Discover.14. Ensure your offerings are listed.

NoteAfter importing the new version of the service package, it required to clear the browser cache to ensure that the new JavaScript files

have been used. Failure to do so may lead to distortions and unresponsive interactions with the UI.


Upgrade Citrix application and desktop offerings

Jul 18 , 2016

In the new version of Hosted Apps and Desktops Service, the behavior of existing managed offerings and the bavior

ofnewly added offerings are different. If you want to migrate the existing managed offerings to the new ones and use the

new features, follow the following upgrade steps:

1. Prepare to upgrade the delivery group from the old version to the new version

1. Before upgrading offerings, make sure the new version of the Hosted Apps and Desktops Service package has been

imported, and web service has been reinstalled.

2. Unconfigure all existing offerings. For offerings that are in use, deprovision the offerings from resellers or customers.

2. Change the metadata for old version delivery groups.

1. On the Desktop Delivery Controller, log on as an administrator.

2. Open a powershell terminal and input cmdlet to add the Citrix powershell snapin.

Add-PSSnapin "Citrix.Broker.Admin.V*"

3. Run cmdlet to get the delivery groups managed by the old version of Hosted Apps and Desktops Service.

$dg = Get-BrokerDesktopGroup -Name "{delivery group name}"

4. Run $dg. MetadataMap to check the value in property key Version. Ensure that the value in Version is V0 for the

legacy delivery group.

5. Run cmdlet to change the version of the old version delivery groups from V0 to V2.

Set-BrokerDesktopGroupmetadata -DesktopGroupId $dg.Uid -Name Version -Value "V2" – PassThru

6. Run Steps c and d to confirm that the version in metadata of the delivery group isnow Version 2.

3. The delivery group used from the earlier Hosted Apps and Desktops Service can be used as a Version 2 type delivery

group now. Configure delivery groups and then offerings in CloudPortal Services Manager by the new version of Hosted

Apps and Desktops Service.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-upgrade.html#par_anchortitle

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-upgrade.html#par_anchortitle_0




Migrate the Hosted Apps and Desktops for AppOrchestration to XenDesktop

Jul 18 , 2016

Citrix strongly recommends that you migrate offerings from App Orchestration to XenDesktop - using CloudPortal Services

Manager to directly manage desktops and applications.

Set up and configure XenDesktop

Information about the setup and configuration on XenDesktop is given below:

Create Delivery Sites

A delivery site is composed of identically configured Delivery Controllers and includes the Session Machines, Delivery

Groups, and other components that deliver hosted apps and desktops to tenants and their users at the appropriate

isolation level. When transforming a delivery site from App Orchestration to XenDesktop, you must create a Site in

XenDesktop.

http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/install-configure/site-create.html


Create Session Machine Catalogs

A Session Machine Catalog in App Orchestration is identical to a Machine Catalog in XenDesktop. Multiple machines are

collected in one Session Machine Catalog. These machines host applications and desktops for users to access through

Citrix Reciever. You can create a Machine Catalog in XenDesktop when migrating from App Orchestration.

Create Offerings

Offering is a term of App Orchestration. While Offerings are actually applications and desktops hosted on the

machines, they can be subscribed to users through Hosted Apps and Desktops Service of CloudPortal Services Manager,

just as App Orchestration did. In App Orchestration, you can create Offerings with a delivery group isolation level. The

isolation level you select depends on whether you want to create an Offering that uses shared machines or machines

that are dedicated to an individual tenant. Hosted Apps and Desktops support the same logic of isolation by configuring

isolation mode of delivery group.

Create Delivery Groups

In App Orchestration, delivery groups are created in the process of subscription according to the isolation level defined

for the Offerings. Delivery groups can be dedicated to a single tenant's users or shared among the users of several

tenants. After migrating from App Orchestration, the delivery groups must be created in XenDesktop server in advance.

NoteApp Orchestration introduces multiple datacenters to support resources deployed across geographic locations. The new version of

Hosted Apps and Desktop Service does not support manipulation for multiple datacenters, although the concept of multiple

datacenters is similar to the concept of Zones in XenDesktop 7.8 and 7.9. You can still use XenDesktop Zones to utilize the feature

of multiple datacenters.

App Orchestration and CloudPortal Services Manager share the same concept of isolation mode of delivery groups.

Offering Isolation

App Orchestration supports the specif icying the isolation level of offerings, which is used for session machines and

delivery groups when a subscription is made to the offering. The new version of Hosted Apps and Desktops Service

allows the configuration of the isolation mode of offerings.

Subscribe Tenant to offerings

Hosted Apps and Desktops allows service providers to provision an offering to tenants or users so that users can access

a specif ic offering through StoreFront.

NoteNetwork Isolation, StoreFront Isolation, and NetScalar Gateway Isolation are not currently supported in Hosted Apps and Desktops

Service in CloudPortal Services Manager. To utilize these features when migrating, they must be configured separately.

Migrate App Orchestration’s Offering to XenDesktop

The steps for migration are illustrated using the following scenario:

http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/install-configure/machine-catalogs-create.html


http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config-delivery-groups.html#par_anchortitle_ed3

http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/install-configure/delivery-groups-create.html

http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/manage-deployment/zones.html


Deployment in App Orchestration:

Customer1

Customer1 is created in CloudPortal Services Manager.

Customer2


Customer3


Offering1

Type: Desktop


Isolation mode: Shared delivery group

Offering2

Type: Application

Isolation mode: Private delivery group

To migrate deployments from App Orchestration, perform the following steps:

Preparation in XenDesktop

1. Prepare an isolated XenDesktop server.

2. Create a site on a Desktop Delivery Controller with the same name as in App Orchestration, which is “Delivery Site 1.”

3. Create a primary and satellite zone as shown below.

4. Configure the network and Netscaler based on your deployment.

http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/manage-deployment/zones.html


5. In the Primary and Satellite zones, create “StoreFront server Group1” with two or more StoreFront servers.

6. Create one or more Delivery Controllers in the primary and satellite zones.

7. Create “Session Machine Catelog1” with session machines VDA1 and VDA2 in the Primary zone.

8. Create “Session Machine Catelog2” with session machines VDA3 and VDA4 in the Satellite zone.

9. Create two delivery groups in the primary zone. “Delivery group 1” uses a VDA from “Session machine catalog1.”

“Delivery group 2” uses a VDA from “Session machine catalog2.”

10. Create a desktop named “Offering1” in “Delivery group 1”.

11. Create an application named “Offering2” in “Delivery group 2”.

Configure in CloudPortal Services Manager

1. Unsubscribe (deprovision) all App Orchestration offerings from users, customers and resellers.

2. Delete the Hosted Apps and Desktops server connection of App Orchestration.

3. Update the Hosted Apps and Desktops Service package to the latest version.

4. Install the Hosted Apps and Desktops web service on the newly deployed XenDesktop server.

5. Follow the steps mentioned above to create a server connection for the newly deployed XenDesktop server in

CloudPortal Services Manager.

6. Provision the Hosted Apps and Desktops Service to service provider reseller.

7. Provision the Hosted Apps and Desktops Service to Customer3.

8. Configure Hosted Apps and Desktops sites.

9. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Delivery Group Management .

10. Click Discover.11. Select the delivery group named “Delivery group 1” and click Conf igure.

12. Enable Shared in the Isolation Mode selection.

13. Select “Delivery group 2” and click Conf igure.

14. Enable Private in the Isolation Mode selection.


16. Click Discover.17. Select “Offering1,” click Conf igure, and then click Save.

18. Select “Offering2” and click Conf igure.

19. Input “Customer3” next to Customer Name and click Save.

20. Perform the steps listed in To provision the Hosted Apps and Desktops Service to customers to provision “Offering1” to

“Customer1” and “Customer2,” provision “Offering2” to “Customer3”.

http://docs.citrix.com/en-us/storefront/3-6/configure-server-group.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-upgrade.html



http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-config-sites.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-install-haad/ccps-haad-provision.html#par_text_3


Hosted Exchange

Feb 10 , 2017

Updated: 2013-02-05

What's new in version 11.5.8 (Cumulative Update 4)

The Exchange service is now officially supported on Windows Server 2016.

What's new in version 11.5.6

Exchange 2016: This release has added support for Exchange 2016, and simplif ies the migration of Exchange objects

from Exchange 2013 to Exchange 2016.

Performance optimization:� Performance improvements related to the handling and use of the Powershell Remoting

URL. Instantiating new (remote) sessions is costly to performance, so new ways to manage remote sessions has been

developed to improve the overall performance of User and Customer Service provisioning.

Bug f ixes: All Exchange related bug f ixes since version 11.5 have been included in this release. This includes bug f ixes

not yet release since Cumulative Update 3 for v11.5

Deployment

Depending on the installation media that you have available, there may be a couple of ways to install the Hosted Exchangecomponents. Main Release Install Media:If the media you have is the complete CloudPortal Services Manager installation media, then you should apply the followingsteps to complete the installation of the Exchange Web Service:

Install the Hosted Exchange web service

Specif ic Service Release Only:If the media you have only includes binaries specif ic to the Hosted Exchange Service. i.e. The service was released on itsown, outside of a main product release of CloudPortal Services Manager. Then you shouold apply the following the stepsto complete the installation or upgrade of the Exchange components

Install or upgrade to the latest version of the Hosted Exchange Web Service

Conf iguration:Regardless of the install media, the configuration of the Web Service Components is the same. Apply the step in thefollowing topic to complete this configuration:

To configure the Hosted Exchange service (Applies to all new Web Service components)

Provision the Hosted Exchange service to resellers and customers

For information about requirements for deploying the Hosted Exchange service, refer to Plan to deploy the Hosted

Exchange service.

Management

Use the following topics to configure mail archiving, PST Import/Export, and Unif ied Messaging for Hosted Exchange users:Configure personal archives for Exchange 2010

Configure PST File Import and Export

Configure Unif ied Messaging

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccps-install-exchange.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccps-install-exchange-fromservicerelease.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-config-exchange-hosted.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-admin-exchange-prov.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-plan-overview/ccps-plan-services/ccps-plan-exchange.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-config-exchange-hosted/ccps-exch-2010-mail-archiving.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-config-exchange-hosted/ccp-10-services-config-exchange-pst.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-config-exchange-hosted/ccp-10-services-config-exchange-unified-msg.html


After deploying the Hosted Exchange service, use the following topics to provide access to resources through the controlpanel:

Manage public folders

Manage Exchange contacts

Manage Exchange distribution groups

To create mail disclaimers

To create mailboxes for managing meeting resources

Import and export Exchange mailbox f iles

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-admin-exchange-public-folders.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-admin-exchange-contacts.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-admin-exchange-groups.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-admin-exchange-disclaimers.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-admin-exchange-resources.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-admin-exchange-mbx-import.html


Install the Hosted Exchange web service

Oct 05, 2016

Updated: 2014-08-14The Hosted Exchange web service is installed on a server in your environment that hosts the Exchange Management Console. You can install the Exchange web service using either the graphical

interface of the CloudPortal Services Manager installer or through the command line.

To install the Exchange web service using the graphical interface

The installation process includes preliminary configuration to create the web service account and IIS application pool, define the Exchange deployment environment, and add multi-tenancy

permissions to Active Directory. After installation, you can enable the service and continue configuration through the control panel.

This task assumes the CloudPortal Services Manager installer is running and the Select Deployment Task page is displayed.





5. On the Select Web Services page, select Exchange Web Service and then click Next.

6. On the Review Prerequisites page, review the list of software that will be installed to support the web service. Click Next.

7. On the Ready to Install page, click Install. The Deploying Server Roles page displays the installation progress.



10. On the Installed Services page, click Configure next to the Exchange Web Service item. The Configuration Tool attempts to contact the Encryption Service to retrieve the encrypted key. If the

service cannot be contacted, the Configuration Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and export keyfiles for the Encryption

Service.





Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.

User name: Enter a user name for the Exchange web service account. The default user name is csm_exchange_svc. This f ield is unavailable when you elect to auto-generate credentials.

Password: Enter a password for the Exchange web service account. This f ield is unavailable when you elect to auto-generate credentials.

Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.

Service port: Enter the port used by the Exchange web service. The default port is 8095.

13. On the Exchange Deployment Details page, enter the following information and then click Next:

Exchange version: Select the version of Exchange that is deployed in your environment.

Mixed-mode deployment: Select this check box if your Exchange deployment includes servers running different versions of Exchange. For example, your deployment includes Exchange 2010

servers as well as Exchange 2007 servers.

Preferred domain controller: Leave this blank. CloudPortal Services Manager will f ind an available domain controller to use for each provisioning request automatically.

14. On the Configure Exchange for Multi-Tenancy page, select Apply multi-tenancy permissions to ensure customers will be isolated appropriately when the Exchange service is provisioned to them.

Click Next.

15. On the Create Scheduled Tasks page, select Create sync scheduled tasks to synchronize Exchange data with CloudPortal Services Manager. This option is selected by default; however, you only

need to create these tasks on one Exchange server in your deployment. If these tasks have been created already, clear this option.

16. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the summary contains the settings you want,

click Next. The Configuration Tool configures the Exchange web service, imports the Encryption Service key, and displays progress.


To install the Exchange web service from the command line

Before installing the Exchange web service, ensure the following pre-requisites are met:The server on which you are installing the web service has the Exchange Management Console installed.

The Exchange servers are running supported versions of Microsoft Exchange.

You have installed .NET Framework 4, located in the Support folder of the CloudPortal Services Manager installation media, on the server hosting the Exchange web service.

You have created the Exchange web service account in Active Directory.

The Exchange server allows inbound connections from the web server on the appropriate port. The default port is 8095.

1. On the Exchange server, log on as an administrator.

2. Open a command line window and navigate to the CortexSetup directory on the CloudPortal Services Manager installation media.

3. At the command prompt, enter CortexSetupConsole.exe /Install:Exchange. The Setup Tool installs the web service and returns the command prompt.

4. At the command prompt, enter install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe and specify the following properties:


/UserName:username Impersonation account for the Exchange service. This parameter is optional if you are using /GenerateCredentials.

/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.

/ServicePort=port Inbound port to be used and added to the CortexServices web site. Default = 8095

/ExchangeOrganization:org-

name

Optional. The name of the Exchange organization.

/AutoCreateUser:True |

False

Optional. Create the service account in Active Directory.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccp-10-install-wrapper/ccps-install-encryption/ccps-install-encryption-keygen.html


/GenerateCredentials:True |

False

Optional. Generate password for the service account.

/HasLegacyServers:True |

False

Optional. Whether or not the environment contains servers running multiple versions of Exchange. For example, servers running Exchange 2010 in the same

environment as Exchange 2007 servers. Default = False

/Lockdown:True | False Optional. Apply lockdown of Exchange permissions. Default = False

/PreferredDc:FQDN Optional. Preferred domain controller.

/TargetVersion:2007 | 2010

| 2013

Optional. The version of Exchange to use with CloudPortal Services Manager. Supported versions: 2007, 2010, or 2013.

NOTE: If installing the Web Service for Exchange 2016, then choose 2013, then change the version within the web.config file after the install is complete


Install-location denotes the web service installation directory on the local computer. The default directory is C:\Program Files (x86)\Citrix\Cortex.


Sample installation command string

The following command performs the initial configuration of the web service.install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe /UserName:exch_svc_acct /ExchangePassword:password /ServicePort:8095 /TargetVersion:2013When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Hosted Exchange service.



Install or Upgrade the Hosted Exchange web servicefrom a Service Only Release

Oct 05, 2016

Updated: 2014-08-14When all you have in the way of install media is simply the Hosted Exchange Service, then the installation or upgrade

instructions for this is different to the normal install instructions as the CloudPortal Services Manager installer is not

present.

To install or update the Exchange web service

The installation of the Hosted Exchange Web Service will be performed on a domain joined server that has the Exchange

Management tools installed. These tools should be the same version as the highest version of Exchange that you are

offering in this environment.

1. On the sected server, logon as a Domain Administrator

2. Launch the Setup.exe from the Hosted Exchange installation folders

3. Check Exchange Web Service, click Next, follow the steps to f inish the installation

4. Click the Configure link to configure the service

5. Specify Service Account, keep the Service port by default

6. Specify Exchange version, choose the appropriate version that matches the version of the Exchange Management Tools

installed on this server

7. Click Next to f inish the configuration

To import the Hosted Exchange Service definition (.package file)

The install media will have a "Hosted Exchange.package" f ile within the Hosted Exchange folder. This should be importedto update the Service Schema with the latest web pages, provisioning rules, permissions, reports, etc.1. Follow the instructions according to the "To Import as Service Package" section in the following topic:

Export and Import Service Packages

2. Restart the "Citrix Queue Monitor Service" on the Provisioning Server to ensure the latest rules are loaded

Configure the Service

Follow the instructions "To configure the Hosted Exchange Service" to complete the configuring of the Web Service and to

include any new Exchange Mailstores or Servers to be used when provisioning Exchange to Customers or Users

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccp-10-services-config-export-import.html



To configure the Hosted Exchange service

Oct 05, 2016

Updated: 2013-04-181. Enable the service (top level) and create user and customer plans:

1. From the CloudPortal Services Manager menu bar, select Configuration > System Manager > Service Deployment and

then expand Hosted Exchange.

2. Click User Plans, enter a Name for the user plan, and then click Create.

3. Click Customer Plans, create a customer plan, click Create, and then click Save.



2. Expand Hosted Exchange and then click Save.

3. Verify credentials:

1. From the context menu, select Credentials.

2. Verify that the service account for the Hosted Exchange service exists. If it does not, create the account.

Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when

CloudPortal Services Manager is deployed in a production environment. Use plain-text credentials only for debugging

purposes.


1. From the context menu, select Servers.

2. If the server where the Exchange web service is installed is not listed, click Refresh Server List.



1. From the context menu, select Server Roles and then expand the entry for the server.

2. Under Server Connection Components, select Hosted Exchange and then click Save.


1. From the context menu, select Server Connections, select a Location Filter if applicable, click New Connection, and

then specify the following information for the Hosted Exchange service:

Setting Description

Server Role Choose Hosted Exchange.

Server Choose the server where the Exchange Web Service is installed.

Credentials Choose the credentials for the Exchange web service.

URL Base Defaults to /ExchangeWS/HostedExchange.asmx.

Protocol Defaults to http.

PortDefaults to 8095. If you change the port here, make sure it matches the bindings in IIS for the

Exchange Web Service.


Timeout Defaults to 200000 milliseconds.

Version Select the Exchange version that you are configuring.

2. Click Save.

3. Click the icon in the Test column for the Exchange server. The icon turns green for a successful connection. A red icon

indicates an unsuccessful connection. Mouse over it for information about the failed connection.

7. Update service settings as needed:

1. From the context menu, select Service Deployment, select Active Directory Location Services, and then choose a


2. Expand Hosted Exchange and then click Service Settings.


Any setting that includes the value [ExchangeServer]

Replace with the Exchange server's name.

System Domain

If this is not set to the correct domain, provisioning will fail. This should match the default Accepted Domain

within Exchange

Public Folders > Public Folders Enabled

Select the check box to provision Public Folders.

Public Folders > Public Folder Server

Select this check box, click Reload to replace the default public folder server, and then select the check box for

the public folder server.

Off line Address Book (OAB)

OABs can be distributed using public folders (prior to Exchange 2013 only) or web-based virtual directories.

To distribute OABs using public folders:

1. Expand Offline Address Book (OAB) and then select the Public Folder Distribution check box.

2. Select the Public Folder Servers check box and the check box for the server (if the correct server is not listed,

click Reload).

3. Click the Server check box and the check box for the server (click Reload if needed).

To distribute OABs using virtual directories:

1. Expand Offline Address Book (OAB) and verify that the Public Folder Distribution and Public Folder Servers

check boxes are cleared.

2. Click the Server check box and the check box for the server (click Reload if needed).

3. Select the Virtual Directory check box, click Reload, select the check box for the server, and then click Enable

web-based distribution.

For more information about advanced properties, refer to Exchange Services Advanced Properties.



8. Enable mailbox creation during user provisioning:

1. With Active Directory Location Services still selected, expand Hosted Exchange, click User Plans, and then expand a

plan.

2. Select the Mail Databases check box, click Reload, and then select the check box for at least one mail database.

3. Select the Mailbox storage limit check box and enter the maximum amount of storage allocated to each provisioned

user.

Important: Configure this setting before provisioning users with the Hosted Exchange service. After the Hosted

Exchange service has been provisioned, you cannot modify this setting.



Configure personal archives

Oct 05, 2016

Updated: 2013-04-03Personal archives are a feature made available from Exchange 2010 and beyond that allow users to store older messages in

a server-side mailbox instead of in a .pst file that is stored locally. Users can access their personal archive mailbox through

their Outlook Client or the Outlook Web App.

Enabling personal archives includes the following tasks:Enable support in CloudPortal Services Manager. Because support for personal archives is not enabled by default, you

must enable it for each applicable Hosted Exchange user plan you intend to provision. If support is not enabled, personal

archives are not available to the user when the Hosted Exchange service is provisioned.

Enable personal archives for each user in Exchange. If personal archives are not enabled in Exchange for the user when

the Hosted Exchange service is provisioned, CloudPortal Services Manager enables the feature automatically. If no

mailbox database is specif ied when the user plan is configured, Services Manager selects the appropriate mailbox

database automatically when the user is provisioned.

To configure mail archiving for Exchange 2007, refer to the topic To configure the Mail Archiving service.

To enable support for personal archives

1. From the CloudPortal Services Manager menu bar, click Configuration > System Manager > Service Deployment.

2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable

3. Expand Hosted Exchange and then click User Plans.

4. Select an existing user plan for which you want enable support for personal archives.

5. Expand the Mail Archiving Exchange 2010 / 2013 category and select the Enabled checkbox.

6. In Mailbox Database, select the mailbox database that CloudPortal Services Manager will use for personal archives. If no

database is selected, one will be automatically chosen when the user is provisioned.


http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccp-10-services-config-mail-archiving.html


Configure PST File Import and Export

Oct 05, 2016

Updated: 2014-02-04Configure PST file import and export to enable CloudPortal Services Manager to import and export Exchange personal

store mailboxes using a network share or an FTP server.

To store the PST f iles, use one of the following methods:Create a shared folder called "WebHosting" on a f ile server in your environment. Security for the shared folder is

described in Steps 2b-2d of To configure the FTP server for PST import and export.

Set up an FTP server to enable customers to upload PST f iles without service provider assistance. Access to a customer's

folder on the FTP server is limited to the customer's users who have the Hosted Exchange Service Administrator security

role.

If you choose to set up an FTP server, install the following items:FTP Server role service components

Exchange Management Tools

Microsoft Outlook

.NET Framework 4

To configure the FTP server for PST import and export

1. In Active Directory, perform the following actions:

1. Create a new user account called servername_pst in the CortexSystem OU.

2. Grant Full Control permissions of the servername_pst account to the Customers OU.

3. Add the servername_pst account to the CortexAdmins group.

2. For the FTP server, perform the following actions:

1. On the FTP server, create a new folder for use by CloudPortal Services Manager. The default path is C:\CortexFTP.

2. Share the folder as Webhosting and grant Full Control of the share to Everyone.

3. In the folder properties, on the Security tab, verify that inheritance is disabled and, when prompted, click Add to copy

the current permissions to the folder.

4. Add the domain security group ServiceAdmins HE to the ACL of the folder and grant List Folder Contents permissions.

5. Add the servername_pst account to the ACL of the folder and grant it Full Control.

3. Add and configure the FTP site in IIS:

1. On the FTP server, open the IIS Management Console and then navigate to the Sites container.

2. Right-click the Sites container, choose Add FTP Site, and configure it.

FTP site name: A name such as "CloudPortal Services Manager PST FTP Site"

Physical path: The path configured in step 2a above

Binding IP Address: An IP address and port or All Unassigned

SSL: Allow SSL

Authentication: Basic

Authorization: Allow access to: Specif ied roles or user groups

Authorization (credentials):domainServiceAdmins HE

Authorization: Permissions: Read and Write

3. Select the FTP site node in the console's left pane and, in the Features view, perform the following actions:

1. Double-click FTP User Isolation and choose FTP home directory configured in Active Directory.

2. Click Set to specify the credentials in DomainUsername format for the new AD user account set up in Step 1a.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-10-services-config-exchange-hosted/ccp-10-services-config-exchange-pst.html


3. Click Apply to save your changes.

4. Select the FTP site node in the console's left pane and, in the Features view, perform the following actions:

1. Double-click FTP Authentication.

2. Disable Anonymous Authentication and enable Basic Authentication.

3. With Basic Authentication selected, click Edit and set the Default domain to the fully-qualif ied domain name.

4. Restart the FTP site.

5. Restart the Microsoft FTP Service.

To configure PST file import and export in CloudPortal Services Manager

Important: For Exchange 2007, use all steps in this procedure to configure PST f ile import and export through theCloudPortal Services Manager control panel. For Exchange 2010 and above, use only Steps 3 and 4 in this procedure.1. Assign server roles:

1. From the CloudPortal Services Manager menu bar, choose Configuration > System Manager > Server Roles and then

expand the server to be used for PST import and export. If the server is not listed, go to Configuration > System

Manager > Servers and refresh the list.

2. Under Server Connection Components select Hosted Exchange.


1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and select a


2. Click New Connection and then specify the following information for the Exchange web service:

Server Role

Choose Hosted Exchange.

Server

Choose the server where the Exchange web service is installed.

Credentials

Choose the impersonation account for the Exchange service.

URL Base

Defaults to /ExchangeWS/HostedExchange.asmx.

Protocol

Select http.

Port


Timeout


Version


Select Mailbox Import/Export.

3. Click Save.

4. From the CloudPortal Services Manager menu bar, select Configuration > System Manager > Server Connections and

then click the icon in the Test column for the Exchange server. The icon turns green for a successful connection. A red

icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.


1. From the CloudPortal Services Manager menu bar, choose Configuration > System Manager > Service Deployment.

2. Under Service Filter, select Top Environment Services, and expand Hosted Exchange.

3. Click Service Settings, expand Mailbox Import/Export, and then select the Enabled check box.

4. Configure the following settings:

Bad Item Limit

Enter a value for the number of corrupt messages to skip during an export. Default = 0.

To set a value greater than 50, edit the NewMailboxExportRequest.ps1 and NewMailboxImportRequest.ps1 scripts

and add the -AcceptLargeDataLoss parameter, setting it to $true. Typically, these scripts are located on the server

hosting the Exchange web service at C:\Inetpub\CortexServices\ExchangeWS\Scripts.

Export File Pattern

The pattern for the f ilename of the PST f ile. Default = username.pst

Export Path Pattern

The pattern for the export folder name that Services Manager creates for the customer. Default =

MailboxExport\

FTP Message

If using FTP, the message that is displayed on the Import/Export page in the control panel.

FTP Root

The FTP root folder. Default = \\LocalHost\WebHosting

Import Export Server

The name of the server where the PST f iles reside for import and export. This value is used to form the Root Path

Pattern value.

Import Path Pattern

The pattern of the import folder name that Services Manager creates for the customer. Default =

MailboxImport\

Root Path Pattern

The full path to the customer's import and export location. The Export Path Pattern and Import Path Pattern

values are appended Root Path Pattern value to form the complete path.


Example: \ImportExportServerWebHostingCustomerShortName

Zip Files

(Optional) Select this option to export PST f iles as ZIP archive f iles.

Citrix recommends clearing this option for mailboxes larger than 2 GB.

5. Click Save.

4. Reprovision the Hosted Exchange service to existing customers. This action creates a folder for each customer and

ensures all required permissions are applied to the folder.


Configure Unified Messaging

Jun 05, 2015

Updated: 2013-02-041. From the main menu, choose Configuration > System Manager > Service Deployment, expand Hosted Exchange or

Hosted Exchange Multi-tenanted, and then click Service Settings.

2. Expand Unif ied Messaging and complete the settings. Use the Exchange Management Console to look up the Mailbox

Policy name under Organizational Configuration > Unif ied Messaging > UM Mailbox Policies.

3. From Category Filter, choose User and then expand Unif ied Messaging.

4. In Extensions, enter the starting point for the auto-generated extensions. Use the same number of digits configured in

Exchange for extensions.

5. Click Apply Changes and then click User Plans.

6. Expand the user, expand Unif ied Messaging, and then complete the applicable settings. Required: Select the Unif ied

Messaging check box to enable the feature for a mailbox.


Provision the Hosted Exchange service

Oct 05, 2016

Updated: 2013-02-04

To provision the Hosted Exchange service to resellers

1. From the CloudPortal Services Manager menu bar, click Customers and select the reseller for whom you want to

provision the Exchange service.

2. Under Customer Functions, select Services. The reseller's Customer Services page appears.


4. Select the Hosted Exchange check box and then select the Hosted Exchange service name. The Reseller Service Setup

page appears.

5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.

6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.

7. Under Resource Configuration, enter the maximum amount of space allotted for mailbox and public folder storage.

Note: When this limit is reached, the reseller cannot provision Exchange services to new customers.


9. Click Provision to enable the reseller to offer Exchange services to its customers.

To provision the Hosted Exchange service to customers

1. From the CloudPortal Services Manager menu bar, click Customers > Customer Services.

2. In Customer Search, f ind the customer for whom you want to provision Exchange services.

3. In the services list, select Hosted Exchange. The Service Package Configuration page appears.

4. In Customer Plan, select the package you want to provision to the customer.

Note: The package you select determines whether or not public folders are enabled and the available disk space for the

customer's mailboxes.

5. Under Exchange Domains, select the domain type to be used for inbound email routing.

Note: By default, domains are set to Authoritative when the Exchange service is f irst provisioned to a customer. Domains

that are added after Exchange has been provisioned default to External Relay. To change this, the Customer

Administrator can modify the type and reprovision the Exchange service.

6. Under Email Patterns, select one of the following options:

Select Force customer wide primary address to ensure all users' email addresses adhere to a specif ied format. In the

email format table, select the formats you want to use. Select the Primary Email option to designate one format as

the primary format. When the service is provisioned, any manually configured addresses are overwritten with

addresses in the specif ied format.

Select Manage individual user primary e-mail addresses to allow different formats for users' email addresses.

Note: If the address format is changed after provisioning the Exchange service, select the Apply email policy check box

to ensure the email format selected in the format table is applied to all provisioned users. To ensure the change is

applied only to newly provisioned users, leave this box unselected.

7. If the location is configured to host Exchange 2007, and the customer is being hosted on Exchange 2007, ensure the

Exchange 2007 Customer option is selected.

8. Under Public Folders, perform the following actions if the selected customer plan includes public folders and you want to

customize storage limits:

1. Clear the Auto select a public folder package check box.

2. Select the Create Public Folders check box.


3. To specify unlimited storage, leave the Public Folder Storage Limit box blank.

When the Exchange service is provisioned, a root public folder is created for the customer. Exchange Service

Administrators become owners of the root folder and the customer's users are granted Author permissions.

9. Under Resource Configuration, to customize the total amount of mailbox storage for all users provisioned with the

Exchange service, perform the following actions:

1. Clear the Auto select package resource limits check box.

2. In Mailbox Storage (MB), enter the total amount of storage allocated to user mailboxes. To specify unlimited storage,

leave this f ield blank.

10. To restrict the number of users assigned to a user plan, perform the following actions:

1. Click Advanced Settings and then select the user plan you want to configure.

2. In User Limit, enter the total number of users that can be assigned to the selected user plan.


11. In Billing, ensure the Enabled check box is selected so the appropriate charges are generated for the customer.

12. Click Provision.


Manage public folders

Oct 05, 2016

Updated: 2013-02-04When the Hosted Exchange service is provisioned to customers, a root public folder is automatically created. New public

folders are created as subfolders under the root folder.

To create a public folder

1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Public Folders.

2. In the left pane of the Public Folders Overview page, select the root public folder. In general, the root public folder is

represented with the customer's short name.

3. On the Folders tab, in New Public Folder, type the name of the subfolder you want to create.

4. Click Create. The new public folder appears under the root folder.

To rename a public folder


2. In the left pane of the Public Folders Overview page, select the public folder you want to rename.

Note: You can rename subfolders only. You cannot rename root public folders.

3. On the Folders tab, in Existing Public Folder, type the new name for the public folder.

4. Click Rename. The renamed folder appears after the public folder tree refreshes.

To enable a public folder to receive email


2. In the left pane of the Public Folders Overview page, select the public folder you want to enable for email.

3. On the Mail tab, click Enable Mail. The Public Folder Emails table appears and a primary email address for the folder is

automatically generated.

4. To add an email to the Public Folder Emails table, click Add.

5. Type the email alias for the folder and select the appropriate domain.

6. Click Update. The new email address appears in the Public Folder Emails table.

7. Click Save Emails to save your entries.

To remove a public folder from the Global Address List

When a public folder is removed from the Global Address List, users can still send email to the folder even though it no

longer appears in the list.


2. In the left pane of the Public Folders Overview page, select the public folder you want to remove.

3. On the Permissions tab, select the Hide from Address List checkbox.

4. Click Save Permissions to save your changes. The public folder is no longer visible to users through the Global Address List.

To restrict incoming email to public folders

To prevent external "spam" emails from flooding the customer's environment, you can configure public folders to accept

email only from users within the customer's organization.



2. In the left pane of the Public Folders Overview page, select the public folder to which you want to restrict email.

3. On the Permissions tab, select the Senders require authentication checkbox.

4. Click Save Permissions to save your changes.

To enable users to send email through public folders

You can assign certain users permission to send email using a public folder alias. To recipients, the sender appears as the

name of the public folder instead of the individual user.


2. In the left pane of the Public Folders Overview page, select the public folder to which you want to enable users to send

email.

3. On the Permissions tab, under Send As Permissions, search for the users you want to add. Search results appear in a

table under the Member Search box.

4. Select the checkbox for each user you want to enable to send email.

5. Click Add. The selected users appear in the Existing Send As Permissions table.

6. Click Save Permissions to save your changes.


Manage Exchange contacts

Oct 05, 2016

Updated: 2013-02-05When the Hosted Exchange service is provisioned to customers, users can view their company's Global Address Lists, sendemail to contacts in the list from Microsoft Outlook, add and modify contacts, and assign contacts to distribution groups.Full Customer Service Administrators can add, modify, and delete contacts as well as prevent contacts from displaying in the

Global Address List.

To add new contacts

1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Contacts.

2. Under Contact Management, click New Contact. A blank Contact Details form appears.

3. Enter the details of the contact. Fields marked with an asterisk (*) are required.

4. Click Save.

To prevent contacts from appearing in the Global Address List

1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Contacts.

2. Select the contact you want to hide.

3. On the Contact Details form, select the Hide From Address List checkbox.

4. Click Save.


Manage Exchange distribution groups

Oct 05, 2016

Updated: 2013-02-05Exchange distribution groups are collections of users, contacts, and other distribution groups that are represented with asingle email address in the Global Address List. When a user sends an email to the group email address, all members of thegroup receive the email.When the Hosted Exchange service is provisioned to customers, users can view distribution groups through the Global

Address List using Outlook, as well as create and manage distribution groups.

Users who create distribution groups are known as owners. Additionally, group ownership can be assigned to a group of

Exchange users or a security group. Group owners can add and remove members through Outlook.

Full Customer Service Administrators can create and delete groups, manage group members, and configure group email alias

permissions and member email restrictions.

To create distribution groups

1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.

2. Under Group Management, type a name for the group you want to create and ensure the Distribution option is

selected.

3. Click New Group. The distribution group is created and the group properties screen appears.

4. Click Save.

To add members to a distribution group


2. Select the group to which you want to add members.

3. Click the Members tab.

4. In Member Search, type the name of the contact you want to add and click Find.

5. Select the contact's checkbox and click Add.

6. Click Save.

To create an email alias for a distribution group


2. Select the group for which you want to create an email alias.

3. Click the Email tab.

4. In the Group Email Addresses table, click Add. A blank alias table entry appears.

5. Under Name, type the email alias you want users to specify when sending emails to the group.

6. Click Update to save your entries.

7. Click Save.

To restrict incoming email to distribution groups

To prevent external "spam" emails from flooding the group, you can configure distribution groups to accept email only from

users within the customer's organization.


2. Select the group to which you want to restrict email.


3. Click the Email tab.

4. Select the Senders require authentication checkbox.

5. Click Save.

To designate group owners


2. Select the group for which you want to assign an owner.

3. Click the Management tab.

4. In Owner Search, type the name of the contact to whom you want to assign group ownership and click Find.

5. Select the contact's checkbox and click Add.

6. Under Membership Approval, choose whether owner approval is required for joining or leaving the group.

7. Click Save.

To enable users to send email through distribution groups

You can assign certain users to send email using the distribution group alias. To recipients, the sender appears as the name

of the distribution group instead of the individual user.


2. Select the group through which you want users to send email.

3. Click the Permissions tab.

4. Under Send-As Permissions, search for the users you want to add.

5. Select the checkbox for each user you want to add and click Add.

6. Click Save.

To restrict group access to specific users


2. Select the group to which you want to restrict access.


4. Under Accepted Senders, select the Only users in the following list option.

5. Search for the users you want to add and select the checkbox for each user.

6. Click Add.

7. Click Save.

To block group emails from specific users


2. Select the group to which you want block users.


4. Under Rejected Senders, select the Only users in the following list option.

5. Search for the users you want to add and select the checkbox for each user.

6. Click Add.

7. Click Save.


To create mail disclaimers

Oct 05, 2016

Mail disclaimers are legal notices or warnings that are automatically attached to all outgoing email. The Exchange ServiceAdministrator can create, modify, and remove the company's mail disclaimer.1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Configuration > Mail Disclaimer.

2. Type a name for the mail disclaimer and then type the body of the message.

3. Choose whether to append or prepend the disclaimer to outgoing email messages.

4. Choose whether email to which the disclaimer cannot be directly attached is ignored, rejected, or wrapped in an

Exchange envelope before sending.

5. Choose whether the disclaimer is attached to email sent to external contacts only.

6. Click Save.


To create mailboxes for managing meeting resources

Oct 05, 2016

Resources consist of spaces or equipment that are used for holding meetings and need to be reserved when a meeting isorganized. Exchange provides mailboxes for these resources so that users can include them in meeting requests madethrough Outlook.Exchange Service Administrators can create, modify, and remove resources from the customer's organizational unit.

1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Resource Mailboxes.

2. Under Resource Management, click New resource mailbox.

3. Type a name for the resource and select whether it is a meeting room or equipment (e.g., projector, f lip chart, etc.).

Note: Resource types cannot be amended after the resource mailbox has been provisioned. To change the resource

type, the mailbox must be deprovisioned f irst.

4. Click Provision to create the mailbox.


Import and export Exchange mailbox files

Oct 05, 2016

Updated: 2013-02-05Importing and exporting mailboxes are important tasks for managing the Hosted Exchange service. Exporting mailboxesfacilitates disaster recovery and compliance efforts. Importing mailboxes helps with migrating users from old versions ofExchange and enabling users to add off line mail archives to their Exchange mailbox.

To export a mailbox

1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.

2. Click Export Mailboxes. A table of available mailbox f iles appears.

3. Select the Export checkbox for each user's mailbox you want to export.

4. Click Export Mailboxes. The export process begins. To view the status of the export, click Refresh Status.

The exporting process creates .PST files and places them on the customer's FTP server, in a folder called MailboxExport. To

view these files, log on to the FTP server using the information that appears under FTP Login Details on the Mailbox Import

and Export Overview screen and navigate to the MailboxExport folder. Depending on the customer's configuration, mailbox

files might appear as zipped archives.

To import a mailbox

1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.

2. Click Import Mailboxes. A table of users that are provisioned with an Exchange mailbox appears.

3. Click Edit for the user whose mailbox you want to update with the imported mailbox f ile.

4. Select the mailbox f ile you want to import and then click Update.

5. Click Import Mailboxes. The import process begins. To view the status of the import, click Refresh Status.


Migrate Exchange Customers and Users to nexthighest version

Oct 05, 2016

Updated: 2013-02-05After installing a new version of Exchange, moving your customers onto the latest version is made simple with CloudPortalServices Manager. From a CloudPortal Services Manager point of view, the process involves the following steps:

Configure Service Settings

Configure new User Plans

Enable new User Plans at Reseller Level

Re-Provision Customer Services

Move Users to new User Plans

Configure Service Settings

1. From the CloudPortal Services Manager menu bar, select Conf iguration > System Manager > Service Deployment2. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.

3. Expand Hosted Exchange.

4. Click Service Settings.

5. Configure the following settings to include details of the new Servers and mailstores that you wish to include when

provisioning Customers and Users with the Hosted Exchange Service

Section Setting Description

Default Preferred Mail StoresRealistically, this should not be set, but if it is, then make sure that the appropriate

stores are selected

DefaultResource MB Mail

DatabasesAdd Mail Databases for the new version

Offline Address Book

(OAB)Public Folder Servers

Select the new server(s) appropriate for Public Folders. Not applicable for Exchange

2013 and above.

Offline Address Book

(OAB)Virtual Directory Select all appropriate Virtual Directories

Public Folders Public Folder Server Select all appropriate Public Folder servers

6. Click Apply Changes 7. Click Save

Configure new User Plans

The tendency might be to reconfigure your current user plans to remove the older Mailstores and add in the new ones.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-11-5-services-admin-exchange-migration.html#par_anchortitle_c9ed

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-11-5-services-admin-exchange-migration.html#par_anchortitle_d4dd

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-11-5-services-admin-exchange-migration.html#par_anchortitle_9483

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-11-5-services-admin-exchange-migration.html#par_anchortitle_ebdc

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-exchange/ccp-11-5-services-admin-exchange-migration.html#par_anchortitle_f732


Citrix advises against this method to move users mailboxes to new mailstores as it becomes almost impossible to control

the mailbox moves. If a customer administrator was to reprovision one of their user services, and the user plan the user was

on was the one which has been changed, then the mailbox might be moved unexpectedly.

To control the mailbox moves on a customer by customer basis, then it is best to keep all old user plans configured as they

are, and create new user plans for the users to be moved to.

Consider the following example:

The following User Plans are in use:

Bronze (2Gb) Exchange 2013

Silver (5Gb) Exchange 2013

Gold (10Gb) Exchange 2013

The idea would be to create the following NEW User Plans:Bronze (2Gb) Exchange 2016

Silver (5Gb) Exchange 2016

Gold (10Gb) Exchange 2016

Then you can use the Package Migration Wizard to move users from the old plans to the new ones.Firstly, follow these steps to create new User Plans:1. From the CloudPortal Services Manager menu bar, select Conf iguration > System Manager > Service Deployment2. Expand Hosted Exchange.

3. Click User Plans.

4. Create new User Plans

1. Type the name for a new User Plan, and click Create2. Enter all relevant settings to match one of the old User Plans.

3. Click Apply Changes5. Repeat step 4 for all User Plans

6. Click Save7. Under Service Filter, select the Active Directory Location Services radio button, and choose the appropriate Location

Filter if applicable

8. Expand Hosted Exchange9. Click User Plans

10. Update new User Plans

1. Enable the Checkbox beside the new User Plan

2. Select the new User Plan

3. Update all settings that are Location Specif ic, like ActiveSync Policy, Mailbox Storage Limit , Mail Databases and

Enabled Protocols, etc.

4. For Mail Databases, select the new version tab, and select the appropriate Mail Databases. Make sure the old

version has no databases selected


11. Repeat step 10 for all User Plans.

12. Click Save.

Enable the new User Plans at Reseller Level

New User Plans are not enabled throughout the Reseller / Customer Hierarchy automatically, so need to be enabled

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-user-package-migration.html


manually. Under normal circumstances, you would need to enable these User Plans for each customer who is going to use

them, but if you are using the Package Migration Wizard, then these User Plans will be added and enabled for the

customers automatically, provided the customer's Reseller has them available already.

Once the User Plan is enabled for the Reseller, then new customers provisioned with the Hosted Exchange Service will have

these User Plans enabled automatically by default.

To enable the new User Plans for the Reseller(s):

1. Find the Top Level Reseller (Service Provider) in the Customers List, and click the Customer to expand the

Customer Functions iFrame.

2. Select Services.

3. Click the Reseller Service.

4. Click Hosted Exchange.

5. Enable the new User Plans.


7. Click Provision.

8. Repeat for all other Resellers

Re-Provision Customer Services

Reprovisioning the Customer Services will move Customer related objects to the new servers. i.e. Public Folders, Address

books, etc, but will leave the Users Mailboxes where they currently are.

User Service Provisioning gets the version from the Customer Service, so this is important to complete before moving on to

the User Services.

To re-provision the Customer Service, simply:

1. Identify the Customer

2. From the Customers page, click the customer in question

3. Under Customer Functions, select Services.

4. Click Hosted Exchange.

5. Change the Version. This can only go up to a higher version. It cannot go down.

6. Click Provision.

Move Users to new User Plans

The Package Migration wizard will allow you to make an old to new mapping of User Plans, and will then only allow the

selection of those customers who are currently using the old User Plans. This will allow you to manage your migration of

user's mailboxes on a Customer by Customer basis, thereby allowing you to control your custoemr migrations better.

To Migrate users mailboxes on a Customer by Customer basis:

1. From the CloudPortal Services Manager menu bar, select Conf iguration > Provisioning & Debug Tools > PackageMigration Wizard.

2. Specify the default wizard behavior by:

1. Leave the Select all Customers checkbox unchecked.

2. Check the Select all Users checkbox.

3. Check the Generate missing destination packages checkbox. This is what allocates the new User Plans to

customers automatically.


4. Click Next .

3. Select the Hosted Exchange Service.

4. Click Next .

5. Select all of the OLD User Plans (Hold ctrl while selecting to select multiple User Plans.), then click add selectedpackages.

6. For each User Plan

1. Make the mappings to the new User Plans in the Destination column of the mapping table

7. Click Next .

8. Select the Customer(s) you wish the migration to be executed for

9. Click Next .

10. Under Request Details, give it a Name and Description. This is what will show up in the Provisioning Request Logs to

help identify this migration from others.

11. Click Finish.

12. Click view, to view the request activity in the Provisioning Request Logs



Jun 05, 2015

Updated: 2014-11-20Deploying Lync 2010 services involves the following tasks:

Install the web service for Lync Enterprise or Lync 2010 for Hosting

To configure the Lync Enterprise 2010 service

To configure the Lync 2010 for Hosting service

Provision the Lync Enterprise 2010 service

Provision the Lync 2010 for Hosting service

The Lync Enterprise and Lync 2010 for Hosting web services are installed on the Lync Front-End servers in your environment that you want to make available for

provisioning unified communication services to customers. You can install the Lync web services using the graphical interface of the Services Manager installer or

through the command line. After the installation process finishes, you can enable the service and continue configuration through the control panel.

For more information about requirements for deploying the Lync Enterprise 2010 and Lync Hosted 2010 services, refer to Plan to deploy Lync Enterprise and Lync

Hosted services.

To install the Lync Enterprise web service using the graphical interface

The Services Manager installer enables you to install the Lync Enterprise web service. The installation process includes preliminary configuration to create the web

service account and IIS application pool, and define the service port.






5. On the Select Web Services page, select Lync Web Service or Lync Hosted Web Service, and then click Next.

6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then click Next.

7. On the Ready to Install page, review your selection and then click Install.


9. On the Installed Services page, click Configure next to the Lync web service list item.



User name: Enter a user name for the Lync web service account. The default user name is csm_lync_svc. This f ield is unavailable when you elect to auto-


Password: Enter a password for the Lync web service account. This f ield is unavailable when you elect to auto-generate credentials.


Service port: Enter the port used by the Lync web service. The default port is 8095.

11. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the

summary contains the settings you want, click Next. The Configuration Tool configures the Lync web service and displays progress.


To install the Lync Enterprise or Lync 2010 for Hosting web services from the command line

Before installing the Lync web services, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the Lync Front-End server.

You have created the Lync web service account in Active Directory.

The Lync Front-End server allows inbound connections from the Services Manager Web server on the appropriate port. By default, this port is 8095.

When you install the Lync web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.


1. On the Lync Front-End server, log on as an administrator.


3. At the command prompt, enter one of the following commands:

CortexSetupConsole.exe /Install:LyncEnterprise

CortexSetupConsole.exe /Install:LyncHosted


4. At the command prompt, enter install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe and specify the following properties:

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-lync/ccp-10-services-config-lync.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-lync/ccp-10-services-config-lync-hosted.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-lync/ccps-lync-enterprise-prov.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-lync/ccp-10-services-admin-lync-hosted.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-lync.html



/UserName:username User name for the Lync service account. This parameter is optional if you are using /GenerateCredentials.

/Password:password Password for the Lync service account. This parameter is optional if you are using /GenerateCredentials.

/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095

/AutoCreateUser:True | False Optional. Create the service account in Active Directory.

/GenerateCredentials:True | False Optional. Generate a password for the service account.

Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.



The following command performs the initial configuration of the web service.install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe /UserName:lync_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Lync Enterprise 2010

service or To configure the Lync 2010 for Hosting service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-lync/ccp-10-services-config-lync.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-lync/ccp-10-services-config-lync-hosted.html



Jun 05, 2015

Updated: 2013-07-26Before you configure the Lync Enterprise service through the Services Manager control panel, ensure the Lync Enterprise

web service is installed on the Front-End server in your Lync deployment.

1. Enable the service (top level) and create user and customer plans:


expand Lync Enterprise.

2. Click User Plans, enter a Name such as Default for the user plan, and then click Create.

3. Click Customer Plans, enter a Name such as Default for the customer plan, click Create, and then click Save.


1. Under Service Filter, select Active Directory Location Services.

2. Choose a Location Filter, if applicable.

3. Expand Lync Enterprise and click Save.



2. Click Refresh Server List.

3. Expand the entry for the Lync server and verify that Server Enabled is selected.



entry for the Lync server.

2. Under Server Connection Components, select Lync and then click Save.



Connection, and then select or type the following information for the web service.

Server Role

Choose Lync.

Server

Defaults to the Lync server.

Credentials

Choose the credentials for the Lync server.

URL Base

For Lync Enterprise, this entry defaults to /LyncWS/Lync.asmx.

Protocol

Defaults to http.


Port


Timeout


2. Click Save.


To configure the Lync 2010 for Hosting service

Jun 05, 2015

Updated: 2013-04-03Before configuring the Lync 2010 for Hosting service, ensure you have the following items:

Your Lync 2010 topology is configured.

You have added the computer accounts for the Lync 2010 servers to the CortexAdmins security group.

The Lync 2010 for Hosting web service is installed on the Lync Front-End server.

When configuring the Lync 2010 for Hosting service, you create user and customer plans for resellers to offer their

customers. The user plans consist of Lync features (specified at the top environment level) and Lync user policies (added at

the location level). Lync user policies are initially defined for the location in which the Lync server resides. When you select

policies for a user plan, Services Manager displays the individual policies from the Lync server in the Configure User Plans

dialog box.




3. Expand the entry for the Lync server and, in Server Enabled, verify that the Enabled check box is selected.




2. Under Server Connection Components, select LyncHosted and then click Save.



Connection, and then select or type the following information for the Web service.

Server Role

Choose LyncHosted.

Server

Defaults to the Lync server.

Credentials

Choose the credentials for the Lync server.

URL Base

Defaults to /LyncHostedWS/Lync.asmx.

Protocol

Select http.

Port


Defaults to 8095. If you change the port here, change it also in the Services Manager Web service.

Timeout


2. Click Save.

4. Create user and customer plans at the top level:


2. Under Service Filter, ensure Top Environment Services is selected.

3. Under Services Overview, expand Lync 2010 for Hosting.

4. Click User Plans, enter a Name such as Default for the user plan, and then click Create.

5. In the Configure User Plans dialog box, in Telephony Options, select one of the following Lync features and click Apply

Changes:

PC-to-PC communication only

Remote call control

Enable Enterprise Voice

Audio/video disabled

6. Click Customer Plans, enter a Name such as Default for the customer plan and click Create.


5. Enable user and customer plans and assign policies at the location level:



3. Expand Lync 2010 for Hosting.

4. Click User Plans, select Enabled for the user plan, and then expand the user plan.

5. Expand Lync User Policies and select the policies you want to enable for provisioned users. To specify a configured

policy from the Lync topology, click Reload and then select the appropriate policy. Click Apply Changes.

6. Click Customer Plans and select Enabled for the customer plan.

7. In Registrar Pool, type the pool to which provisioned users will be assigned.

8. Click Save.



Jun 05, 2015

Updated: 2013-08-05

To provision Lync Enterprise 2010 to resellers




4. Select the Lync Enterprise service check box and then click the Lync Enterprise service name. The Reseller Service Setup

page appears.




8. Click Provision to enable the reseller to offer the Lync Enterprise service to its customers.

To provision Lync Enterprise 2010 to customers



3. Click the Lync Enterprise service name. The Service Plan Configuration page appears.

4. In Customer Plan, select the appropriate plan, if applicable.

5. Click Provision to enable the customer to provision the service to users.


Provision the Lync 2010 for Hosting service

Jun 05, 2015

Updated: 2013-02-11Before provisioning customers and users, ensure your Lync 2010 deployment includes the following items:

The Active Directory computer accounts for the Lync Front-End and Director servers have been added to the

CortexAdmins group. After performing this task, reboot the servers to ensure the membership changes take effect.

The domain for the customer you are provisioning is included on the certif icates that exist on the Lync Front-End and

Director servers.

A forward lookup zone has been created for the domain to which you are provisioning the customer.

The following DNS records exist on the domain controller for the customer you are provisioning:

SRV records, _sipinternal and _sipinternaltls

Host (A) record for SIP, specifying the Lync Director server's IP address

When provisioning multiple users or moving or copying users provisioned with the Lync 2010 for Hosting service, consider thefollowing:

When a user is moved to another customer, the service does not transfer with the user. Before moving the user, you

must deprovision the service.

When provisioning multiple users simultaneously or copying a user, and you select a user plan configured with the

Enterprise Voice, PC-to-PC communication, or Audio/Video Disabled option, the service's Line URI f ield remains blank.

After provisioning, you will need to supply this information for each provisioned user. However, if you select a user plan

configured with the Remote Call Control option, the provision operation might fail because the service's Line URI value is

incorrect. If this happens, you will need to re-provision the service to the user with the correct Line URI value.

To provision Lync 2010 for Hosting services to resellers




4. Select the Lync 2010 for Hosting service check box and then click the Lync 2010 for Hosting service name. The Reseller

Service Setup page appears.




8. Click Provision to enable the reseller to offer Hosted Lync services to its customers.

To provision Lync 2010 for Hosting services to customers



3. Click the Lync 2010 for Hosting service name. The Service Plan Configuration page appears.


5. Under Internal SIP Domains, select the appropriate domain.


To provision Lync 2010 for Hosting services to users



2. Under Customer Functions, click Users.

3. On the Users page, select the user you want to provision and then click Services.

4. Expand Lync 2010 for Hosting and select the user plan you want to enable for the user.

5. In Line URI, enter the user's telephone extension using the "tel: 12345" format, if applicable.

6. Click Provision to allow the user to access the Lync service.



Jun 05, 2015

Updated: 2013-10-03The Lync 2013 services provide out-of-the-box support for Microsoft's Lync Server 2013 to tenants, resellers, and users and

delivers unified communication services from the cloud.

The Lync Enterprise 2013 service is for dedicated Lync environments. The Lync Hosted 2013 service is a multi-tenanted

solution that can host multiple customers in a shared environment. Lync Hosted 2013 complies with the Microsoft Lync

Server 2013 Multitenant Hosting Pack Deployment Guide, available from the Microsoft Download Center

(http://www.microsoft.com/en-us/download/details.aspx?id=39101).

Features in Lync 2013 services

Both services provide the following features:Manage SIP domains per customer

Manage DNS records per customer

SRV records for SIP domains (Access Edge Server)

A or CNAME records for Lync clients and simple, meet, and dialin URLs (Front-End Servers)

Manage line and service URIs

Manage SIP addresses

Enable or disable Lync user accounts

Manage user policy allocation

Reporting for Lync users and account types

Supports Workflow Approval in Services Manager

Supported languages: EN, DE, FR, NL

Additional Features in Lync Enterprise 2013

Customizable user plans with telephony, registrar pools, and policy options

Allocate dial plans to users

Additional features in Lync Hosted 2013

Manage Lync tenant organizations

Manage SIP domains per customer

Manage DNS records per customer

Manage simple and meet URLs

Customizable user plans with simple URL options; for example:

https://meet.tenant.com

https://lync.tenant.com/meet

https://lync.reseller.com/tenant/meet

Manage federation: Support for SIP domain blacklist and whitelist

Partitioned address book to manage the visibility of contacts and distribution groups for Lync clients

Publish global and customer-specif ic dial plans

How do I deploy the Lync 2013 services?

Before you deploy the Lync 2013 services, review the deployment requirements in Plan to deploy Lync Enterprise and Lync

http://www.microsoft.com/en-us/download/details.aspx?id=39101



Hosted services.

Use the following topics to install, configure, and provision the services:

Install the Lync Enterprise 2013 and Lync Hosted 2013 web services


To configure the Lync Hosted 2013 service


Provision the Lync Hosted 2013 service

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-lync-2013/ccps-install-lync-2013.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-lync-2013/ccps-lync-ent-2013-config.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-lync-2013/ccps-lync-hosted-2013-config.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-lync-2013/ccps-lync-ent-2013-provision.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-lync-2013/ccps-lync-hosted-2013-provision.html


Install the Lync Enterprise 2013 and Lync Hosted 2013 web services

Jun 05, 2015

Updated: 2014-08-29Before you install the Lync 2013 web services, ensure you have a working deployment of Lync Server 2013 Enterprise Edition or Lync Server 2013 Multitenant

Hosting Pack with a published topology.

Install the Lync Enterprise 2013 or Lync Hosted 2013 web services on the Lync Front-End servers in your environment.

You can install the Lync 2013 web services using the graphical interface of the Services Manager Setup Tool or through the command line. The Setup Tool installs

the web service, any prerequisites needed, and the Configuration Tool. After installing the web service, you launch the Configuration Tool to perform the

preliminary configuration. You then continue the configuration through the control panel.

To install the Lync 2013 web services through the graphical interface

The installation process includes preliminary configuration to create the web service account and IIS application pool, and define the service port.






5. On the Select Web Services page, select Lync Enterprise 2013 Web Service or Lync Hosted 2013 Web Service. Click Next.

6. On the Review Prerequisites page, review the required items the Setup Tool will install. Click Next.

7. On the Ready to Install page, review your selections and then click Install. The Setup Tool installs the required f iles and displays the installation progress.



10. On the Installed Services page, click Configure next to the Lync web service you installed.



User name: Enter a user name for the Lync web service account. For a list of the default user names for the service accounts for all Lync versions, see Plan to

deploy Lync Enterprise and Lync Hosted services. This f ield is unavailable when you elect to auto-generate credentials.

Password: Enter a password for the Lync web service account. This f ield is unavailable when you elect to auto-generate credentials.


Service port: Enter the port used by the Lync web service. The default port is 8095.

12. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the

summary contains the settings you want, click Next. The Configuration Tool configures the Lync web service and displays progress.


After you install the web service, continue the configuration using the Services Manager control panel. For more information, see To configure the Lync Enterprise

2013 service or To configure the Lync Hosted 2013 service.

To install the Lync 2013 web services through the command line

Before installing the Lync web services, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the Lync Front-End server.

The Lync Front-End server allows inbound connections from the Services Manager web server on the appropriate port. By default, this port is 8095.

When you install the Lync web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.


1. On the Lync Front-End server, log on as an administrator.


3. At the command prompt, enter one of the following commands:

CortexSetupConsole.exe /Install:LyncEnterprise2013

CortexSetupConsole.exe /Install:LyncHosted2013


4. At the command prompt, enter install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe and specify the following properties:


/UserName:username User name for the Lync service account. This parameter is optional if you are using /GenerateCredentials.





/Password:password Password for the Lync service account. This parameter is optional if you are using /GenerateCredentials.



False


/GenerateCredentials:True

| False

Optional. Generate a password for the service account.

/SqlServer:server-address The SQL database server that hosts the Services Manager system databases.

/UseSqlAuthentication:True

| False

Whether or not to use SQL authentication to access the SQL Server. Default = Integrated authentication which

authenticates as the user running the configuration

/SqlUserName:user-name If /UseSqlAuthentication:True, the username of the SQL logon to use.

/SqlPassword:password If /UseSqlAuthentication:True, the password of the SQL logon to use.





The following command performs the initial configuration of the web service.install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe /UserName:lync_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Lync Enterprise 2013

service or To configure the Lync Hosted 2013 service.




To configure the Lync Hosted 2013 service

Jun 05, 2015

Updated: 2014-04-16Before you configure the Lync Hosted 2013 service through the control panel, ensure the Lync Hosted 2013 web service is

installed on the Front-End server in your Lync 2013 deployment. Additionally, if you intend to enable Services Manager to

provision DNS records for your Lync deployment, ensure the DNS service is configured.

1. Import the Lync Hosted 2013 service package into the control panel:

1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.

2. Under Services Management, click Import a service.

3. On the Service Import page, click Browse and locate the Lync Hosted 2013.package f ile on the installation media. Click

Open.


5. Click Import. Services Manager imports the f ile and reports Import Complete.

6. Restart the Citrix Queue Monitor Service to complete the service import: On the server hosting the Provisioning

engine, click Start > Administrative Tools > Services, select Citrix Queue Monitor Service and click Restart.

This step ensures all service components are correctly loaded and prevents errors when using the service.

2. Enable the service at the top level:


expand Lync Hosted 2013.

2. Click Save.


1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.

2. Expand Lync Hosted 2013.

3. Click Save








2. Under Server Connection Components, select LyncHosted2013 and then click Save.

6. Add credentials for the web service account:


2. In the credentials table, click Add and enter the credentials for the web service account and the account domain. The

default account is csm_lynchosted_svc. Leave the Encrypted checkbox selected.

3. Click Add to save your entries.



Connection, and then select or type the following information for the web service:

Setting Value

Server Role Select LyncHosted2013.


Server Defaults to the Lync server.

Credentials Choose the credentials for the Lync web service account.

URL Base Defaults to /LyncHostedWS/Lync.asmx. Modify the default entry to

/LyncHosted2013WS/Lync.asmx


Port Defaults to 8095. If you change the port here, change it also in the Services Manager web service.


Setting Value

2. Click Save.



expand Lync Hosted 2013.


3. Expand Lync Hosted 2013.

4. Select Dial Plans and then click Reload to retrieve a list of configured dial plans from the Lync deployment. Select the

appropriate dial plans.

5. Select Line Server Uri and change "yourdomain.com" to the service provider's SIP domain.

6. Under DNS, perform the following actions if Services Manager will provision DNS records for the Lync service:

In Access Edge Server and Front End Server, specify the IP address or FQDN of the Edge server and Front End

server in your Lync deployment. Leave these f ields blank if you want to create these DNS records manually.

In Record Type, select A Record if you specif ied IP addresses for the Edge and Front End servers. Select CNAME

Record if you specif ied FQDNs for the Edge and Front End servers.

9. Configure user and customer plans:

1. Click User Plans and expand the user plan you want to modify.

2. Expand Policies and select the policies you want to enable for provisioned users. To specify a configured policy from

the Lync deployment, click Reload and then select the appropriate policy. Click Apply Changes.

3. Click Customer Plans and expand the customer plan you want to modify.

4. In Registrar Pool, type the pool to which provisioned users will be assigned.

5. In Simple URL Provisioning, specify the Meet DNS Pattern and Meet URL Pattern to enable Services Manager to

create a meet URL and corresponding DNS record for the SIP domain. Leave these settings blank if you intend to

create the meet URL and DNS record manually.

6. Click Apply Changes

10. Click Save



Jun 05, 2015

Updated: 2014-04-16Before you configure the Lync Enterprise 2013 service through the control panel, ensure the Lync Enterprise 2013 web

service is installed on the Front-End server in your Lync 2013 deployment. Additionally, if you intend to enable Services

Manager to provision DNS records for the Edge and Front-End servers in your deployment, ensure the DNS service is

enabled and configured.

1. Import the Lync Enterprise 2013 service package into the control panel:



3. On the Service Import page, click Browse and locate the Lync Enterprise 2013.package f ile. Click Open.



6. Restart the Citrix Queue Monitor Service to complete the service import: On the server hosting the Provisioning

engine, click Start > Administrative Tools > Services, select Citrix Queue Monitor Service and click Restart.

This step ensures all service components are correctly loaded and prevents errors when using the service.



expand Lync Enterprise 2013.

2. Click Save.



2. Expand Lync Enterprise 2013.

3. Click Save








2. Under Server Connection Components, select Lync Enterprise 2013 and then click Save.

6. Add credentials for the web service account:


2. In the credentials table, click Add and enter the credentials for the web service account and the account domain. The

default account is csm_lync_svc. Leave the Encrypted checkbox selected.




Connection, and then select or type the following information for the web service:

Setting Value

Server Role Select LyncEnterprise2013.


Server Defaults to the Lync server.

Credentials Choose the credentials for the Lync web service account.

URL Base Defaults to /LyncEnterprise2013WS/Lync.asmx.




Setting Value

2. Click Save.






4. Select Dial Plans and then click Reload to retrieve a list of configured dial plans from the Lync topology. Select the

appropriate dial plans.

5. Select Line Server Uri and change "yourdomain.com" to the service provider's SIP domain.

6. Under DNS, perform the following actions if Services Manager will provision DNS records for the Lync service:

In Access Edge Server and Front End Server, specify the IP address or FQDN of the Edge server and Front End

server in your Lync deployment. Leave these f ields blank if you want to create these DNS records manually.

In Record Type, select A Record if you specif ied IP addresses for the Edge and Front End servers. Select CNAME

Record if you specif ied FQDNs for the Edge and Front End servers.

9. Configure user and customer plans:




3. Expand Lync Enterprise 2013.

4. Click User Plans and expand the user plan you want to modify. Perform the following actions:

In Registrar Pool, enter the registrar pool you want to assign to users provisioned with the user plan. Leave this

f ield blank to specify the customer's registrar pool by default.

Expand Policies and select the Lync policies you want to enable for provisioned users. To specify a configured

policy from the Lync topology, click Reload and then select the appropriate policy.


6. Click Customer Plans and expand the customer plan you want to modify.

7. In Registrar Pool, enter the registrar pool you want to assign to customers provisioned with the customer plan.


9. Click Save

To enable Services Manager to provision DNS records for customers and users provisioned with the Lync Enterprise 2013


service, configure the DNS service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-dns.html



Jun 05, 2015

Updated: 2013-08-21

To provision Lync Enterprise 2013 to resellers




4. Select the Lync Enterprise 2013 service check box and then expand the service. The Reseller Service Setup page appears.

5. In the User Plan table, select the check box for each user plan the reseller can offer its customers. By default, all

configured plans are selected.

6. In the Customer Plan table, select the check box for each customer plan the reseller can offer. By default, all configured

plans are selected.


8. Click Provision to enable the reseller to offer the Lync Enterprise service to its customers.

To provision Lync Enterprise 2013 to customers



3. Click the Lync Enterprise 2013 service name. The Service Plan Configuration page appears.


5. In Internal SIP Domains, select the applicable domains. By default, all configured SIP domains are selected.


1. Under User Plans, select the check box for each user plan the customer can offer to its users.

2. Under Maximum Users, click the Enabled check box and enter the maximum number of users the customer can

provision with the service.

7. Click Service Settings and perform the following actions:

1. If applicable, select Dial Plans and then select the dial plans that will be available to the customer.

2. If applicable, select Line Server Uri and then enter the SIP URI of the SIP/CSTA gateway in your Lync deployment. This

setting applies to users provisioned with Remote Call Control user plans.




Provision the Lync Hosted 2013 service

Jun 05, 2015

Updated: 2013-08-21

To provision Lync Hosted 2013 to resellers




4. Select the Lync Hosted 2013 service check box and then click the Lync Hosted 2013 service name. The Reseller Service

Setup page appears.

5. In the User Plan table, select the check box for each user plan the reseller can offer its customers. By default, all

configured plans are selected.

6. In the Customer Plan table, select the check box for each customer plan the reseller can offer. By default, all configured

plans are selected.


8. Click Provision to enable the reseller to offer the Lync service to its customers.

To provision Lync Hosted 2013 to customers



3. Click the Lync Hosted 2013 service name. The Service Plan Configuration page appears.

4. In Customer Plan, select the appropriate plan.

5. Under Internal SIP Domains, select the applicable domains. By default, all configured SIP domains are selected.

6. Under Federation, select one of the following options:

Disable federation: Select this option to disable access to federated domains. This option is selected by default.

Federate with domains specif ied in the allowed list: Select this option to enable access to domains on the list of

allowed domains. After you select this option, click Add to create the list of allowed domains.

Federate with all domains except those listed in the block list: Select this option to enable access to all domains that

are not included on the list of blocked domains. After you select this option, click Add to create the list of blocked

domains.


1. Under User Plans, select the check box for each user plan the customer can offer to its users.

2. Under Maximum Users, click the Enabled check box and enter the maximum number of users the customer can

provision with the service.

8. Click Service Settings and perform the following actions:

1. If applicable, select Dial Plans and then select the dial plans that will be available to the customer.

2. If applicable, select Line Server Uri and then enter the SIP URI of the SIP/CSTA gateway in your Lync deployment. This

setting applies to users provisioned with Remote Call Control user plans.



To provision the Lync Hosted 2013 service to users





4. Expand Lync Hosted 2013 and, under User Service Setup, select the user plan you want to enable for the user.

5. In Line Uri, enter the user's telephone extension using the "tel: 12345" format, if applicable.

6. In Dial Plan, select the appropriate dial plan for the user, if applicable. By default, Automatic is selected.

7. Click Provision to allow the user to access the Lync service.


Mail Archiving

Jun 05, 2015

Updated: 2014-11-20For more information about the requirements for deploying the Mail Archiving service, refer to Plan to deploy the Mail

Archiving service


1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and then expand

Mail Archiving.

2. Click Save.


1. Under Service Filter, select Active Directory Location Services.

2. Choose a location f ilter, if applicable.

3. Expand the Mail Archiving service, click Service Settings, and perform either of the following actions:

If you are using internal or external archiving, leave the setting defaults.

If you are using Global Relay, enter the service URL (typically

https://controlcenter.globalrelay.com/hxapi/Service.asmx) and the customer's Global Relay email and password

information. Click Validate to confirm the settings are valid.


3. At the location level, expand the Mail Archiving service and then expand the customer plan you want to enable. Use the

following table to configure the appropriate settings.

PlanTemplate

Template Property

Internal

Relay

Archive Type: Generic Internal

Mail Databases: Specify the location of the internal journal mailbox

External

Relay

Archive Type: Generic External

Global Relay Archive Type: Global Relay

Global Relay IMAP Port: 993

Global Relay IMAP Server: Specify the external address configured to allow Global Relay to download

the customer's mail

Mail Databases: Specify the location where the Global Relay archiving mailboxes are stored


After configuration, you can provision the Mail Archiving service to customers.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-mail-archiving.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-mail-archiving/ccp-10-services-admin-mail-archiving.html


Provision the Mail Archiving service

Jun 05, 2015

Updated: 2013-04-03

To provision the Mail Archiving service to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the Mail

Archiving service.



4. Select the Mail Archiving check box and then select the Mail Archiving service name. The Reseller Service Setup page

appears.

5. Select the customer plans that the reseller can offer to customers and then click Apply Changes.

6. Click Provision.

To provision the Mail Archiving service to customers

Before provisioning this service to a customer, ensure the customer has the Hosted Exchange service provisioned. The Mail

Archiving service is supported with Exchange 2007.

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the Mail

Archiving service.

2. Under Customer Functions, select Services. The customer's Customer Services page appears.

3. In Customer Plan, select the appropriate package for the customer.

4. Depending on the package you selected, configure the following properties:

PlanTemplateName

Template Property

Internal Mailbox Password: Specify the password for the customer's archive mailbox account.

External External Email Address: Specify the external email address receiving the journal reports.

Global

Relay

Mailbox Password: Specify the password for the customer's archive mailbox account.

Primary Domain: Specify the customer's unique primary domain.

Secondary Domain: If applicable, specify the secondary domains that will be managed by Global Relay.

Under Administrator Contact Details, specify the telephone and mobile numbers and the email address

of the service administrator. These details are forwarded to Global Relay Administration.

5. Click Provision.


PDF

This document includes information and instructions to help you learn more about deploying and managing your

Microsoft ADFS service.

Microsoft ADFS

Apr 13, 2016

The deployment guide includes sections on the following topics:

How to deploy and manage service

How to prepare your ADFS infrastructure

Installation and configuration of the service

Importing and configuring the service

Common configuration problems and troubleshooting

Microsoft ADFS Service Deployment Guide

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/Microsoft_ADFS_Service.pdf

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/Microsoft_ADFS_Service.pdf



Jun 05, 2015

Updated: 2014-11-20Before configuring the Microsoft SQL Server Hosting service, review the service requirements in Plan to deploy the

Microsoft SQL Server Hosting service.

1. Enable the service (top level) and create a default customer plan:

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and expand

Microsoft SQL Server Hosting.

2. Click Customer Plans, enter a Name such as Default, click Create, and then click Save.

2. Enable and configure the service (location level):

1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Microsoft

SQL Server Hosting, and click Service Settings.

2. In Connection String Pattern, specify the connection string used to connect to SQL Server instances. If you are using

SQL authentication, use the string from the Connection String Pattern for SQL Authentication setting in this f ield. If

you are using Windows authentication, use the string from the Connection String Pattern for Windows

Authentication setting in this f ield. When editing the strings, specify the values for DatabaseName and, if using SQL

authentication, the SQL user name. For example:

SQL authentication: Data Source=[ServerInstanceName];Initial Catalog=Master;User ID=[UserName];Password=

[Password]

Windows authentication: Data Source=[ServerInstanceName];Initial Catalog=Master;Integrated Security=SSPI

3. Specify the Database File Path and the Database Log File Path. Example: C:SQLhosting

4. Specify the User Domain Name such as domain.local, click Apply changes, and then click Save.



entry for the SQL hosting server.

2. Under Server Roles, select Microsoft SQL Server 2005 Hosting and then click Save.





4. Enter a Name for the collection, such as SQLHosting.

5. From the Service list, choose Microsoft SQL Server Hosting.

6. In the Servers list, select each SQL hosting server to be managed under this server collection and then click Save.

5. Verify server settings for the default customer plan:


Directory Location Services, choose a Location Filter if applicable, expand Microsoft SQL Server Hosting, and click

Customer Plans.

2. Expand the default customer plan and verify that the correct Server Collection is selected, specify the database and

log f ile size settings, click Apply changes, and click Save.

6. Retrieve SQL server instances:

1. From the Services Manager menu bar, choose Configuration > System Manager > Server Resources > SQL Servers,

expand a SQL server entry, and click Retrieve. Repeat this step for each SQL server.

2. Verify that all required SQL Server instances appear in the list. To manually add an instance that already exists on the

SQL Server, click Add.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-msft-sql.html


To specify the default instance, enter only the server name. To specify a nonstandard instance and port, use the

following form: servernameinstance,port. Example: SQL01INST01,1450

At least one server instance must be configured per server.

Note: If you have SQL Server 2012 instances that are running on Windows Server 2012, Services Manager might not

display all instances when you attempt to retrieve them. To ensure all instances appear on the SQL Servers page,

manually add any server instances that do not appear when retrieved.

3. To restrict an instance so that it is not available in Services Manager, click Edit and then select the Reserved check

box.

After configuration, you can provision the service to customers.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccp-10-services-config-sql/ccp-10-services-admin-sql-prov.html


Provision the Microsoft SQL Server Hosting service

Jun 05, 2015

Updated: 2013-02-25Multiple SQL databases can be provisioned to a customer and the customer can then assign users to the databases. The

customer's databases can be provisioned to different SQL servers or instances, depending on the resource configuration.

Additionally, the SQL servers and instances that form resellers' SQL service offerings can be configured.

To provision the SQL service to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the

Microsoft SQL Server Hosting service.



4. Select the Microsoft SQL Server Hosting check box and then select the Microsoft SQL Server Hosting service name. The

Reseller Service Setup page appears.

5. Under Servers and Resources, expand the server collection tree and select the database servers and instances that the

Reseller can offer its customers.

6. In the Customer Plan table, select the check box for each customer plan the reseller can offer its customers.

7. Under Resource Configuration, configure the following resource limits for the reseller:

In Instance Limit, enter the number of SQL databases the reseller can offer.

In Database Disk Limit (MB), enter the total amount of database storage allotted to the reseller.


9. Click Provision to enable the reseller to offer Microsoft SQL Server hosting services.

To provision the SQL service to customers

Before provisioning the Microsoft SQL Server Hosting service, database resources must be configured for the customer. If

you attempt to provision the service without configuring resources, the following error appears:

"No SQL server instances are available for the selected customer plan. Please select a different package or contact your

service provider for server access."


2. In Customer Search, f ind the customer for whom you want to provision the Microsoft SQL Server Hosting service.

3. In the services list, select Microsoft SQL Server Hosting configure resources and perform the following actions:

1. On the Service Setup page, under Servers and Resources, expand the server collection tree and select the check boxes

for the servers and instances that can be allocated to the customer.

2. Click Save to save your selections.

4. In the services list, select Microsoft SQL Server Hosting create an instance The Microsoft SQL Server Hosting Service

Instance page appears.

5. In Instance Name, enter a name that does not contain spaces or special characters and then click Create. The Instance

Setup page appears.

6. Under Service Package Configuration, in Customer Plan, select the template to assign to the customer.

Note: The customer plan defines the initial size of the database, the database's maximum size, and the grow sizes of the

database and log f iles. The plan also specif ies the servers hosting the database.

7. Under SQL Server Hosting Configuration, in Database Server Instance, select the instance to assign to the customer. If

only one instance is enabled, this f ield appears dimmed.



1. Under User Plans, enable or disable the levels at which the customer can provision users.

2. Under Maximum Users, select the Enabled check box and enter the maximum number of users the customer can

provision.

3. Under Billing, ensure the Enabled check box is selected so the service generates charges to the customer.

9. Click Provision to enable the customer to provision users.


MySQL

Jun 05, 2015

Updated: 2014-11-20The MySQL web service is installed on all MySQL servers in your environment that you want to make available for

provisioning MySQL databases to customers. You can install the MySQL web service using either the graphical interface of

the Services Manager installer or through the command line. After the installation process finishes, you can enable the

service and continue configuration through the control panel.

After you install the MySQL web service, you can configure the MySQL service using the Services Manager control panel.

For information about the requirements for deploying the MySQL service, refer to Plan to deploy the MySQL service.

To install the MySQL web service using the graphical interface

The installation process includes preliminary configuration to create the IIS application and define the service port.






5. On the Select Web Services page, select MySQL Web Service and then click Next.


click Next.



9. On the Installed Services page, click Configure next to the MySQL Web Service item. The Configuration Tool attempts

to contact the Encryption Service to retrieve the encrypted key. If the service cannot be contacted, the Configuration

Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and export

keyfiles for the Encryption Service.




11. On the Configure IIS page, enter the port used by the MySQL web service. The default port is 8095. Click Next.



the MySQL web service, imports the Encryption Service key, and displays progress.


To install the MySQL web service from the command line

1. On the MySQL server, log on as an administrator.


3. At the command prompt, enter CortexSetupConsole.exe /Install:MySQL. The Setup Tool installs the web service and

returns the command prompt.

4. At the command prompt, enter install-locationServicesMySQLWSConfigurationMySQLConfigConsole.exe and specify


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-mysql.html



the following properties:







The following command performs the initial configuration of the web service.install-locationServicesMySQLWSConfigurationMySQLConfigConsole.exe /ServicePort:8095This web service does not require any additional properties to be passed for installation.

After installation is finished, you can configure the MySQL service. For instructions, see To configure the MySQL service.



To configure the MySQL service

Jun 05, 2015

Updated: 2013-05-141. Enable the service at the top environment and location levels:


2. Under Service Filter, ensure Top Environment Services is selected and then click MySQL

3. Click Save.


5. Click MySQL and then click Save.

2. Add credentials for the MySQL deployment and the MySQL web service:

1. From the Services Manager menu bar, select Configuration > System Manager > Credentials. The Credentials Overview

page appears.

2. In the credentials table, click Add and enter the following information:

To addcredentialsfor

Username Password Domain

MySQL

deployment

Enter the username of the MySQL

account.

Enter the password of the MySQL

account.

Enter MySQL.

MySQL

web service

Enter the username of the domain

administrator account for the

primary location.

Enter the password of the domain

administrator account for the

primary location.

Enter the domain

name for the

primary location.

3. For each entry, leave Encrypted selected to encrypt the credentials as they are displayed on the page and stored in

the database.



4. Click Add to save each credential entry.

Note: The MySQL user you specify must have all rights that are listed in the MySQL users table, including

References_priv.


1. From the Services Manager menu bar, select Configuration > System Manager > Service Roles and then click the entry

for the server hosting MySQL.

2. Under Server Connection Components, select MySQL.

3. Under Server Roles, select MySQL Hosting.

4. Click Save

4. Create a server connection:

1. From the Services Manager menu bar, select Configuration > System Manager > Server Connections.

2. Under Management, click New Connection and then enter the following information for the server hosting MySQL:

In Server Role, select MySQL.

In Server, select the server hosting the MySQL web service.

In Credentials, select the domain administrator credentials that you created in Step 2 for running the MySQL web

service.


In URL Base, enter the portion of the URL pointing to the MySQL web service. The default value is

/MySQL/MySQLService.asmx. Modify this value to /MySQLWS/MySQLService.asmx.

In Protocol, select http.

In Port, the default value is 8095. If you change the port number here, make the same change for the web service

as well.

In T imeout, the default value is 200000 milliseconds. If needed, modify this value to suit your deployment.

3. Click Save.

4. On the Server Connection Overview page, click the Test icon for the MySQL server. The icon turns green for a

successful connection. A red icon indicates an unsuccessful connection. Mouse over it for information about the

failed connection.

5. Configure the service at the location level:



3. Click MySQL and then click Service Settings.

4. Select the MySQL Credentials check box and then select the MySQL deployment credentials you created in Step 2.



1. From the Services Manager menu bar, select Configuration > System Manager > Server Collections.

2. If the Location Filter appears, select the appropriate location from the list.

3. Under Management, click New Server Collection.

4. In Name, enter a name for the collection, such as MySQLWindows.

Note: The name cannot contain spaces.

5. In Display Label, enter a friendly name that will be displayed when the service is provisioned. This name can contain

spaces.

6. In Service, select MySQL.

7. In Servers, select each server hosting MySQL to be managed under this server collection.

8. Click Save.

After configuring the MySQL service, you can provision the service to customers.


Provision the MySQL service

Jun 05, 2015

Updated: 2013-02-11

To provision MySQL services to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the MySQL

service.



4. Select the MySQL check box and then select the MySQL service name. The Reseller Service Setup page appears.

5. Under Servers, select the MySQL database server that the reseller can use for provisioning customers.

6. In the Customer Plan table, select the check boxes for each template the reseller can offer to customers.


8. Click Provision to enable the reseller to offer the MySQL service to customers.

To provision MySQL services to customers

Before provisioning the MySQL service, database resources must be configured for the customer.


2. In Customer Search, f ind the customer for whom you want to provision MySQL services.

3. In the services list, select MySQL configure resources. The Service Setup page appears.

4. Expand the server tree, select the server to use for provisioning the customer, and then click Save.

5. In the services list, select MySQL. The Service Plan Configuration page appears.

6. In Customer Plan, select the template to assign to the customer.

Note: The customer plan defines the number of databases and users that the Customer Administrator can create after

the service is provisioned.

7. In MySQL Server, select the server the customer can use to host databases and users.

8. To customize the database and user limits, under Resource Configuration, perform the following actions:

1. Clear the Auto select package resource limits check box.

2. In Database Limit, enter the maximum number of databases the customer can create.

3. In User Limit, enter the maximum number of database users the customer can provision.

9. Click Provision to provision the MySQL service to the customer.


Create MySQL databases and users

Jun 05, 2015

Updated: 2013-02-11

To create a new MySQL database

1. From the Services Manager menu bar, click Services > MySQL > Databases.

2. Under Database Management, click New MySQL Database. The Database Details box appears.

3. Enter the name of the new database.

Note: The database name consists of a default prefix (customer code) and the name you specify. The entire database

name, including prefix, cannot exceed 16 characters.

4. Click Provision to create the database.

To add new MySQL users

1. From the Services Manager menu bar, click Services > MySQL > Users.

2. Under MySQL User Management, click New MySQL User.

3. Enter the user name and password for the new user.

4. Ensure the Is Enabled check box is selected. Clearing this check box disables the user account.

5. Under Databases, select the databases to which you want to assign access.

6. To configure permissions for each database, click Edit and then select one of the following roles:

ReadOnly allows users to execute queries and view records.

DBA allows users to perform most database functions, with the exception of referencing table columns as part of

foreign key constraints.

User allows users to run queries as well as create, modify, and remove records.

Full allows users to perform all database functions.

7. Click Update to save your selection.

8. Click Provision to create the user account.


PDF

This document provides an overview of the Office 365 service architecture and includes guidance for deploying,

configuring and provisioning the service.

Office 365

Apr 12, 2016

The deployment guide includes sections on the following topics:

service architecture and deployment topology

how the service works and interacts with Office 365

service installation and deployment

adding domains in Office 365

configuring DNS requirements

Identity sync & Microsoft Azure AD Connect

provisioning the service to customers and users

troubleshooting and trace capture

Office 365 Service Deployment Guide

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/CloudPortal_Service_Manager_Office_365_Service deployment.pdf

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/CloudPortal_Service_Manager_Office_365_Service deployment.pdf



Jun 05, 2015

Updated: 2014-11-20The Services Manager installer enables you to install the OCS 2007 web service. The installation process includes preliminary

configuration to specify the SQL Server instance to use with OCS and create the SQL Server login account that is used to

integrate OCS with the Services Manager control panel.

For information about the requirements for deploying the Office Communication Server 2007 (OCS) service, refer to Plan to

deploy the Office Communication Server 2007 service.





4. On the Select Web Services page, select OCS Web Service and then click Next.

5. On the Review prerequisites page, click Next.



8. On the Installed Services page, click Configure next to the OCS web service list item.

9. On the Specify SQL Server page, enter the following information and then click Next:

Server address: Enter the server name and instance name, if applicable, of the SQL Server instance you want to use.

Server port: Click Use specif ic port and enter the port number for the database instance you want to use.

Authentication mode: Select the database authentication you want to use. By default, Integrated is selected.

Connect as: Enter the username and password of the SQL database administrator user. These f ields are not available

if Integrated authentication is selected.

10. On the Create SQL Login page, enter the username and password that will be used to create an account on the SQL

server that OCS will use. This account is used to integrate OCS with the Services Manager control panel.



the OCS web service and displays progress.


After installation, you can configure the OCS service using the Services Manager control panel.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-ocs.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-ocs-2007/ccp-10-services-config-ocs2007.html


Configure the Office Communication Server 2007service

Jun 05, 2015

Updated: 2013-04-18CloudPortal Services Manager Office Communication Server 2007 Services deliver communication services from the cloud.

To configure the Office Communication Server service

1. Enable the service (top level) and create a customer plan:

1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and expand

Office Communication Server 2007.

2. Click Customer Plans, enter a Name for the plan such as Pool1, click Create, and click Save. Repeat this step to create

a customer plan for each OCS pool.

3. Expand Office Communication Server 2007, click Customer Plans, expand a plan name, enter the distinguished name

for RTC Home Server, and click Apply changes. Repeat this step for each customer plan.

To look up the RTC Home Server name, launch AdsiEdit.msc and locate the distinguishedName attribute of the OCS

pool. Example: CN=LC Services,CN=Microsoft,CN=OCSPool,CN=Pools,CN=RTC

Service,CN=Microsoft,CN=configuration,DC=Machine1,DC=test,DC=com

4. Click Service Settings, expand SIP Address, specify the RTC Server Name, click Apply changes, and click Save. The RTC

Server Name is used for OCS reporting.

2. From the Services Manager menu bar, choose Configuration > System Manager > Credentials and add credentials for the

SQL Server logon account.

Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services

Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.

3. Enable the service (location level) and configure OCS reporting:

1. From the Services Manager menu bar, select Configuration > System Manager > Services.

2. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office

Communication Server 2007, and click Service Settings.

3. Expand Usage Reporting and then choose the SQL Server Login account credentials for RTC Database Credentials.

4. Enter the full RTC Server Name for the server that contains the OCS databases, click Apply Changes, and then click

Save.

4. Create and configure a user plan:

1. Under Service Filter, select Top Environment Services, expand Office Communication Server 2007, click User Plans,

enter a Name for the user plan such as Full, and click Create.

2. Click User Plans, expand the plan, and update the settings if needed.


4. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office

Communication Server 2007, click User Plans, and expand the user plan.

5. Select the Meetings Policy check box and then select the applicable policy.

6. Select the Unif ied Communications Policy check box, select the applicable policy, click Apply changes, and click Save.

To partition the address book by OU for a multi-tenant environment

In a hosted multi-tenant environment, user address book searches should return only the users and groups that are in the

same OU (customer) as the user.


To limit user search results, use the Address Book Service Configuration Tool (ABSConfig.exe) to partition the address book

by OU. That tool is in the Microsoft Office Communications Server 2007 R2 Resource Kit, available from the Microsoft

download site.

Note: Partitioning the address book by OU does not impact a user's ability to send an instant message to other customers'users.

To update OCSSettingsLocation values in Provisioning web.config files

By default, the CloudPortal Services Manager Provisioning Engine Web Services and Directory Web Services are installed

with the OCSSettingsLocation set to System (for example, CN=System,DC=Machine1,DC=test,DC=com).

Microsoft Office Communications Server 2007 R2 allows the service provider to install the OCS directory at either

Configuration (for example, CN=configuration,DC=server,DC=local) or System. If the OCS directory is installed at

Configuration, the OCSSettingsLocation value in the web.config files for the Provisioning server and Directory Web Service

must be updated. If the container settings for OCS and the web services do not match, Service Manager displays errors

such as the following during user plan updates or user provisioning:

Server was unable to process request. ---> Failed to load the LCS/OCS policies from path'LDAP://CN=Policies,CN=RTC Service,CN=Microsoft,CN=System,DC=Machine1,DC=local' . Error: There isno such object on the server.

This procedure describes how to change the configuration files for the Provisioning server and Directory Web Service.

1. Log on to the Provisioning server and stop the Citrix Queue Monitor service.

2. On the Provisioning server, open the appSettings.config f ile. This f ile is typically located in: C:Program Files

(x86)CitrixCortexProvisioning Engine.

3. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.

4. Restart the Citrix Queue Monitor service.

5. On the server hosting the Directory Web Service, open the web.config f ile. This f ile is typically located in: C:Program Files

(x86)CitrixCortexServicesDirectory.

6. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.

7. Repeat steps 1-6 for each Provisioning server and Directory Web Service in your Services Manager deployment.


Provision the Office Communication Server 2007service

Jun 05, 2015

Updated: 2013-02-11

To provision the Office Communication Server 2007 service to resellers

1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the OCS

service.



4. Select the Office Communication Server 2007 check box and then select the Office Communication Server 2007 service

name. The Reseller Service Setup page appears.

5. In the User Plan table, select the check boxes for each level the reseller can offer to customers.

Note: The user plan defines the Communicator features that are available to provisioned users.

6. In the Customer Plan table, select the check boxes for each template the reseller can offer.

Note: The customer plan defines the home server to which users are assigned.


8. Click Provision to enable the reseller to offer the OCS service.

To provision the Office Communication Server 2007 service to customers


2. In Customer Search, f ind the customer for whom you want to provision the OCS service.

3. In the services list, select Office Communication Server 2007. The Service Plan Configuration page appears.


Note: The customer plan defines the home server to which users are assigned.

5. Under Internal SIP Domains, select the check boxes for each domain you want to enable for handling voice and video

communication.


1. Under User Plans, select the check boxes for each user plan the customer can offer users.

Note: The user plan defines the Communicator features that are available to provisioned users.

2. In Maximum Users, select the Enabled check box and then enter the total number of users the customer can

provision.

3. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.

7. Click Provision to enable the customer to provision users with the OCS service.


ShareFile

Jun 05, 2015

Updated: 2014-08-13With the ShareFile service, you can manage customers' ShareFile accounts through the Services Manager control panel.

Features of the ShareFile service

With the ShareFile service, you can perform the following tasks from within the Services Manager control panel:Onboard customers using their existing ShareFile Enterprise account

Provision and deprovision Employee user accounts directly to ShareFile

Create, modify, and delete folders

Configure folder permissions

Grant users access to specif ic folders, either individually or using groups

Configure users' permissions for specif ic folders

Create, modify, and delete distribution groups

Maintain accurate billing data by synchronizing Services Manager customers and users with ShareFile

How do I deploy the ShareFile service?

Before you deploy the ShareFile service, review the deployment requirements in Plan to deploy the ShareFile service.

Use the following topics to configure and provision the service:1. Configure the ShareFile service

2. Provision the ShareFile service

3. To synchronize ShareFile users with Services Manager

After deploying the ShareFile service, use the following topics to manage folders and maintain and view billing information:Manage ShareFile folders and folder access

View ShareFile billing information

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-sharefile.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharefile/ccps-sharefile-config.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharefile/ccps-sharefile-provision.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharefile/ccps-sharefile-user-sync.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharefile/ccps-sharefile-folders.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharefile/ccps-sharefile-billing.html


Configure the ShareFile service

Jun 05, 2015

Updated: 2014-01-09Configuring the ShareFile service includes importing the service package file to the control panel. To import service packages,

you must have the Service Schema or All Services Schema security role.

1. Import the ShareFile service package to the control panel:



3. On the Service Import page, click Browse and locate the ShareFile.package f ile. Click Open.




1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and expand

ShareFile.

2. Click Save.



ShareFile.

2. Click Save.


PDF

This document includes information and instructions on how to plan for your App Orchestration deployment,

prepare core components, and perform tasks such as creating offerings and subscribing tenants to those

offerings.

Configure ShareFile SAML Authentication

Apr 13, 2016

This deployment guide includes sections on the following topics:

ShareFile SAML authentication topology

How to deploy and manage the ShareFile service

Configuring the ShareFile service with SAML authentication

Provisioning the ShareFile service with SAML authentication

How to view authentication methods, Relying Party Trust, and token-signing certif icates status

Common configuration problems and trouble shooting

SAML Authentication Support in ShareFile Service 11.5.5

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-sharefile/SAML_Authentication_Support_ShareFile_Service.pdf

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-sharefile/SAML_Authentication_Support_ShareFile_Service.pdf


Provision the ShareFile service

Jun 05, 2015

Updated: 2014-01-29Before you provision customers with the ShareFile service, ensure they have an existing ShareFile account. When you

provision the service to a customer, Services Manager associates the customer's ShareFile account information with the

customer's information in Services Manager. The service does not provision new ShareFile accounts for customers on

behalf of the reseller.

Deprovisioning the service

When deprovisioning the service for a customer, the customer's users must be deprovisioned, including the ShareFile

customer administrator. Upon deprovisioning, the service data is removed immediately from the customer in Services

Manager. Additionally, you must cancel the customer's account through the ShareFile.com web site.

When a user is deprovisioned, the Employee user account associated with the Services Manager user is deleted immediately.

The user receives no notification from ShareFile.

If you want to reprovision the ShareFile service to a customer whose account has been cancelled, the customer must first

contact ShareFile to re-establish the former account or create a new one. Afterward, you can provision the ShareFile

service to the customer through Services Manager.

To provision the ShareFile service to resellers

When provisioning a customer with the ShareFile service, Services Manager suggests a subdomain based on the customer's

primary domain name (for example, mycompany.sharefile.com). However, Services Manager does not validate the subdomain

prior to account creation. If the subdomain is invalid or in use by another customer, Services Manager displays an error

message.

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the

service.

2. Click Services and then click Reseller.

3. From the services list, click ShareFile.

4. Click Provision to enable the reseller to offer the ShareFile service to customers.

To provision the ShareFile service to customers

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the

service.

2. Click Services and then click ShareFile.

3. Under Account Information, enter the following information:

ShareFile Domain: The default top-level domain. For example, sharefile.com.

ShareFile Sub-domain: The customer's ShareFile subdomain. For example, mycompany.sharefile.com.

Administrator Username: The customer administrator's ShareFile account username. The username must be a valid

email address.

Administrator Password: The customer administrator's ShareFile account password.

Employee Licenses: The number of Employee users associated with the customer's ShareFile account.

4. Click Provision.


To provision the ShareFile service to users

When you provision the ShareFile service to a user, Services Manager creates a ShareFile account with the user's First

Name, Last Name, Email Address, and Company properties. If the provisioned user already has a ShareFile account under the

same primary email address as that specified in Services Manager, Services Manager associates the existing ShareFile

account with the user and does not create a new account. After provisioning, ShareFile sends an activation email to the

user that includes a temporary password with which to log on to the ShareFile.com web site and update the account

password.

Users must have a working email address specified in Services Manager to receive the ShareFile activation email. If the user's

email address is not functioning, you must update the email address. To do this, deprovision the ShareFile service for the

user and delete the user from ShareFile. Then, update the user's email address in Services Manager. Afterward, you can

provision the service to the user again.

When provisioned, users can receive the following basic permissions:The ability to create root-level folders

The use of a personal f ile box

The ability to change their own passwords

The ability to view My Settings on the ShareFile.com web site

1. From the Services Manager menu bar, click Customers and select the customer with the users to whom you want to

provision the service.



4. Expand ShareFile.

5. Under Basic Permissions, select the default permissions to grant to the user when using ShareFile. By default, all

permissions are selected.

6. Click Provision to enable the reseller to offer the ShareFile service to customers.


To synchronize ShareFile users with Services Manager

Jun 05, 2015

Updated: 2014-01-29To ensure accurate reporting of customer activity, it is important to ensure provisioned users in Services Manager

correspond with active user accounts in ShareFile. To do this, you can synchronize user accounts between Services

Manager and ShareFile and generate bulk provisioning requests for any account additions or deletions that are detected.

To perform this synchronization, you use the command-line utility ShareFileSyncUsers.exe, included with the ShareFile

service. This utility is installed when you import the ShareFile service package and is typically located at C:Program Files

(x86)CitrixCortexProvisioning Engine.

If the synchronization detects a new ShareFile user for a customer that matches a user in Services Manager, Services

Manager provisions the ShareFile service to the user. If a user in Services Manager is no longer an Employee user in ShareFile,

Services Manager deprovisions the service for the user.

To run this utility at regular intervals, create a scheduled task on the server hosting the Provisioning Engine.

1. Launch Task Scheduler: Click Start > All Programs > Accessories > System Tools > Task Scheduler.

2. Create a new task:

1. In the left pane of the console, expand Task Scheduler Library, expand Citrix, and then select CloudPortal Services

Manager.

2. In the right pane, under Actions, click Create Task.

3. On the General tab, name the task ShareFile Sync.

4. In Security Options, under When running this task, use the following user account, click Change User or Group and

select the Provisioning Engine scheduled task user. By default, this account is cortex_dirmon_svc.

5. Select Run with highest privileges.

6. On the Triggers tab, click New and select Daily. Click OK.

7. On the Actions tab, click New, configure the following settings, and click OK:

In Action, select Start a program.

In Program/script, click Browse and select the path of the ShareFileSyncUsers utility. The default path is C:Program

Files (x86)CitrixCortexProvisioning Engine.

8. Click OK to save the task.


Manage ShareFile folders and folder access

Jun 05, 2015

Updated: 2014-01-29ShareFile customer administrators can use Services Manager to perform the following tasks:

View the users with access to a specif ic folder

Add, delete, or rename folders

Grant users access to specif ic folders

Modify users' permissions for a specif ic folder

To grant users access to a specific folder

1. From the Services Manager menu bar, click Services > ShareFile > Manage Folders.

2. Under Subfolders, select the folder you want users to access.

3. Under Folder Access, click Add Users.

4. In Edit Folder Access, select whether to Add multiple users or Add groups.

5. Enter the user name of a specif ic user or select the users or groups to whom you want to grant access.

To modify user permissions for a specific folder

1. From the Services Manager menu bar, click Services > ShareFile > Manage Folders.

2. Under Subfolders, select the folder you want to modify.

3. Under Folder Access, for each user, select or clear the check boxes for the folder permissions you want to enable or

disable.


View ShareFile billing information

Jun 05, 2015

Updated: 2014-01-29The ShareFile service includes the following billing reports:

ShareFile Customer: Displays details for all customers provisioned with the ShareFile service.

ShareFile Plan: Displays ShareFile customers and users grouped by plan at the reseller level.

ShareFile Reseller: Displays ShareFile customers and users at the reseller level.

To view these reports, click Reports > View Reports, and then expand ShareFile.

Important: To maintain accurate billing data for customers, ensure the cost and sales price values you configure for theShareFile service are updated in the event of updates to ShareFile's service pricing. Because of limitations in the ShareFileReseller API, Services Manager cannot read summary billing data directly from ShareFile.com. Therefore, you must manuallyverify with ShareFile that the cost and sale price values you have configured in Services Manager remain accurate.


SharePoint 2010

Jun 05, 2015

Updated: 2014-08-15The SharePoint 2010 web service is installed on a SharePoint 2010 server in your environment. You can install the SharePoint web service using either the graphical interface of

the Services Manager installer or through the command line. After the installation process finishes, you can enable the service and continue configuration through the control

panel.

To install the SharePoint web service using the graphical interface

The installation process creates the IIS web service, updates the web application settings, and enables PowerShell remoting.






5. On the Select Web Services page, select SharePoint 2010 Web Service and then click Next.





10. On the Installed Services page, click Configure next to the SharePoint 2010 Web Service item.

11. On the Configure Service Details page, enter the following information and then click Next:


User name: Enter a user name for the SharePoint 2010 web service account. The default user name is csm_sharepoint_svc. This f ield is unavailable when you elect to

auto-generate credentials.

Password: Enter a password for the SharePoint 2010 web service account. This f ield is unavailable when you elect to auto-generate credentials.


Service port: Enter the port used by the SharePoint web service. The default port is 8095.

12. On the Specify Remoting Credentials page, enter the Username and Password of an account with PowerShell remoting permissions and then click Next. The default

account username is csm_sharepoint_rem.

13. On the Summary page, click Next. The Configuration Tool configures the SharePoint 2010 web service and displays progress.


To install the SharePoint web service from the command line

1. On the SharePoint 2010 server, log on as an administrator.


3. At the command prompt, enter CortexSetupConsole.exe /Install:SharePoint2010. The Setup Tool installs the web service and returns the command prompt.

4. At the command prompt, enter install-locationServicesSharePoint2010WSConfigurationSharePointConfigConsole.exe and specify the following properties:


/UserName:username The application pool ID. Usually, this is SharePoint Admin User. This parameter is optional if you are using /GenerateCredentials.




/GenerateCredentials:True | False Optional. Generate the password for the service account.




The following command performs the initial configuration of the web service.install-locationServicesSharePoint2010WSConfigurationSharePointConfigConsole.exe /UserName:shpt_svc_acct /Password:password /ServicePort:8095 When the installation process is finished, log on to the control panel and configure the web service. For instructions, see Configure the SharePoint 2010 service.



Configure the SharePoint 2010 service

Jun 05, 2015

Updated: 2013-05-07The SharePoint 2010 service has one standard user plan (named Full) that is applied to all users. The standard user plan

assigns users to a specific Active Directory security group which does not affect user access within the SharePoint site. You

do not need to manage the individual users in the SharePoint application. Active Directory Domain Services manages the

users for you.

The SharePoint 2010 service includes twelve customer plans that support common configurations. You can disable the

default plans and create new ones. However, you cannot switch to a different customer plan after provisioning a customer.

For details about the default customer plan properties and patterns, see SharePoint Default Customer Plans.

To configure the SharePoint 2010 service

1. Enable the service (top level): From the Services Manager menu bar, select Configuration > System Manager > Service

Deployment, expand SharePoint 2010, and click Save.



SharePoint 2010.

2. Click Service Settings, expand Configuration, and specify an Application Pool Account. The account must be an

administrator in SharePoint and entered using the exact form as the value returned by the PowerShell cmdlet Get-

SPProcessAccount.

3. Click Apply changes and then click Save to enable the service.

3. Add the credentials for the SharePoint service account:




3. In Username and Password, enter the user name and password for the service account.







1. From the main menu, choose Configuration > System Manager > Servers.

2. If the server where the SharePoint WCF service is running is not listed, click Refresh Server List.


5. Assign server roles for each server to be added to a SharePoint farm:

1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the

server.

2. Under Server Connection Components, select SharePoint 2010.

3. Under Server Roles, select SharePoint 2010 Farm and then click Save.



Connection, and then select or type the following information for the SharePoint WCF service running on the

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-sharepoint/ccp-10-services-config-sharepoint-2010/ccp-10-services-config-sharepoint-2010-cust-plans.html


SharePoint 2010 server.

Server Role

Choose SharePoint 2010.

Server

Choose the server where the SharePoint WCF service is running.

Credentials

Choose the credentials for the SharePoint WCF service.

URL Base

Enter /sharepoint2010/sharepoint.svc.

Protocol

Defaults to http.

Port


Timeout


2. Click Save.

3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test

column for the SharePoint server. The icon turns green for a successful connection. A red icon indicates an

unsuccessful connection. Mouse over it for information about the failed connection.

To add and configure SharePoint farms

1. Add SharePoint farms:

1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farms and then choose a Location.

2. Click Add, enter a user-friendly Farm name, choose a Server for the farm, and then click Update. The farm name is

visible to customers during resource and site configuration. After a server is allocated to a farm, you cannot allocate it

to another farm.

2. Configure multi-tenancy features on SharePoint farms:

1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farm Configuration and then choose a

Location and Farm.

2. Under Managed Accounts, either choose a domain account or specify the credentials to apply the SharePoint 2010

service account to an existing user. The account specif ied is used in the next two steps.

3. If a default web application is not already created, create one. Use IIS to determine if a default web application was

created during the SharePoint 2010 installation.

4. Under Proxy Group, enter a Proxy Group Name, and then click Create. The default web application is associated with


this proxy group. This step can take several minutes to complete.

5. Under Site Subscription, complete the settings, and then click Create. The site subscription tenant service starts. This

step can take several minutes to complete.

3. To import web templates from a farm: From the SharePoint 2010 Farm Configuration page, click Retrieve Web

Templates. After web templates are stored in the Services Manager database, they can be assigned to a SharePoint site

during customer provisioning.

To add and configure SharePoint feature packs

A SharePoint feature pack is a collection of SharePoint features. The Services Manager displays the feature packs

configured on a SharePoint farm and enables you to create new feature packs from a list of the features installed on the

SharePoint server.

1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Feature Packs, choose a Location and Farm,

and then click Retrieve Feature Packs.

2. To add a feature pack, click New Feature Pack, enter a user-friendly Name, and add the features for the feature pack.

You can add the features individually or click a default feature pack (such as foundation or enterprise). The Name is

visible to customers during resource configuration. After a feature pack is added, it can be configured for a customer

account.

To enable DNS for the SharePoint 2010 service

Before you enable DNS for the SharePoint 2010 service and configure DNS provisioning, the DNS service must be enabledand configured.Important: The SharePoint 2010 service enables you to manage only one DNS record type at a time for SharePoint sites.Do not change the DNS record type after SharePoint sites have been created. Changing the DNS record type can result induplicate DNS records being created for each site.1. Enable DNS for the SharePoint 2010 service:



3. Expand SharePoint 2010 and then click Service Settings.

4. In DNS Record Type, select A Record or CNAME Record for the SharePoint server as appropriate.

5. Click Save.

2. Enable DNS provisioning:

1. From the Services Manager bar, Configuration > System Manager > Servers.

2. Select the SharePoint server from the server list and perform one of the following actions:

To enable A Record provisioning, in External IP Address, enter the IP address of the SharePoint server.

To enable CNAME Record provisioning, in External Name, enter the FQDN of the SharePoint server.

3. Click Save.


SharePoint Default Customer Plans

Jun 05, 2015

Updated: 2013-09-17

Default customer plans

The following authenticated and anonymous customer plans are installed with SharePoint 2010 and 2013 services:

Service Name Default Customer Plans

SharePoint 2010 Customer Site

Customer Site (Anonymous)

Customer SSL Site

Customer SSL Site (Anonymous)

Shared Site

Shared Site (Anonymous)

Shared SSL Site

Shared SSL Site (Anonymous)

Dedicated Site

Dedicated Site (Anonymous)

Dedicated SSL Site

Dedicated SSL Site (Anonymous)

SharePoint 2013 Customer Site

Dedicated Site

Shared Site

Patterns

The patterns in this section apply to SharePoint 2010 and 2013 services unless otherwise specif ied.Content Database

Pattern used to create content databases for the site.

Default: SP_{CustomerShortName}_{ServiceID}

Web App Host Header

Pattern used to create the host header for web applications.

Defaults:

For Customer Site: SPWebApp{CustomerShortName}

For Shared Site (2010): SPSharedWebApp{NextID}

For Shared Site (2013): SPSharedWebAppAnonymous{NextID}

For Dedicated Site: {HostHeader}

Web App Path

Pattern used to create the local IIS path for web applications.

Defaults:

For Customer Site: C:SharePoint{CustomerShortName}


For Shared Site: C:SharePoint{WebAppName}

For Dedicated Site: C:SharePoint{CustomerShortName}{ServiceID}

Web App Share Path

Pattern used to create the shared IIS path for web applications.

Defaults:

For Customer Site: \{SPServer}C$SharePoint{CustomerShortName}

For Shared Site: \{SPServer}C$SharePoint{WebAppName}

For Dedicated Site: \{SPServer}C$SharePoint{CustomerShortName}{ServiceID}

Web Application

Pattern used to create web applications.

Defaults:

For Customer Site: SPWebApp{CustomerShortName}

For Shared Site (2010): SPSharedWebApp{NextID}

For Shared Site (2013): SPSharedWebAppAnonymous{NextID}

For Dedicated Site: SPWebApp{CustomerShortName}{ServiceID}


Provision the SharePoint 2010 service to customers

Jun 05, 2015

Before provisioning the SharePoint 2010 service to a customer, at least one SharePoint Farm and Feature Pack must be

configured and assigned to the customer. When provisioning a customer, you can specify multiple, different farms with

companion feature packs. However, you cannot specify multiple instances of the same farm.

Customers are configured with SharePoint Feature Packs that determine the functionality that is available to provisioned

users.

A standard SharePoint installation includes 12 preconfigured customer plans. These plans determine how the site isconfigured and saved on the SharePoint 2010 server. Service providers configure the availability of the following templateswhen they provision the service to customers. All templates support SSL authentication.Customer Site

This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured

with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.

Additionally, a separate Customer site template is available that includes anonymous authentication.

Shared Site

This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated

content database. Additionally, a separate Shared site template is available that includes anonymous authentication.

Dedicated Site

This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool

unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content

database. Additionally, a separate Dedicated site template is available that includes anonymous authentication.


2. In Customer Search, f ind the customer for whom you want to provision SharePoint 2010.

3. In the services list, click SharePoint 2010 configure resources. The Service Setup page appears.

4. In the SharePoint Farm table, click Add and select the farms and companion feature packs to allocate to the customer.

5. Click Update to save your selections.

6. Click Save to save the resource configuration.

7. In the services list, click SharePoint 2010 create an instance. The SharePoint 2010 Service Instance page appears.

8. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.

9. Under Service Plan Configuration, in Customer Plan, select the settings package to use for the site. To customize the

template, click Edit and make the appropriate changes. When you are f inished, click Apply Changes.

10. Under Site Administrators, enter the user names for the users granted full administration rights to the site. These users

must be members of the customer's organizational unit in Active Directory.

11. In Site Template, select the SharePoint site template with which to create the site.

Note: If no template is selected, no template is configured when the site is provisioned. The Site Administrator must

access the SharePoint site directly to configure the site template and security groups manually before users can access

the site.

12. In Site Name, enter the host header for the site.


1. In Maximum Users, select the Enabled check box and enter the total number of users the customer can provision to

the site.




14. Click Provision to provision the site to the customer.


SharePoint 2013

Jun 05, 2015

Updated: 2013-10-31The SharePoint 2013 service delivers SharePoint web sites to customers for sharing documents and information from the

cloud. Services Manager integrates with SharePoint servers through a Windows Communication Foundation (WCF) service.

Features in the SharePoint 2013 service

The SharePoint 2013 service provides the following features:Manage DNS records per customer (A records only)

Reporting for SharePoint users and site types

Import existing sites to manage in the control panel

Remove sites from the control panel without affecting the farm

Licensing:

Per-site licensing for Foundation sites

Per-user licensing for Standard and Enterprise sites enables user access to site features based on the user plan

provisioned

Office Web Apps and Project Web App options enable users to work with Microsoft Office or Project f iles from

within Standard or Enterprise sites (requires licenses for Microsoft Office or Project products)

Assign certif icates to customer sites

Supports Workflow Approval, allowing users to self-provision appropriate user plans based on the customer's site

licensing

How do I deploy the SharePoint 2013 service?

Before you deploy the SharePoint 2013 service, review the deployment requirements in Plan to deploy the SharePoint

service.

Use the following topics to install, configure, and provision the service:

Install the SharePoint 2013 web service


Configure certif icates for SharePoint 2013 sites

Provision the SharePoint 2013 service

If you are migrating customers from SharePoint 2010 to SharePoint 2013, see Migrate customers to SharePoint 2013 for

information about onboarding migrated SharePoint sites to Services Manager.


http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharepoint-2013/ccps-install-sharepoint-2013.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharepoint-2013/ccps-sharepoint-2013-config.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharepoint-2013/ccps-sharepoint-2013-certs.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharepoint-2013/ccps-sharepoint-2013-provision.html



Install the SharePoint 2013 web service

Jun 05, 2015

Updated: 2014-08-15Install the SharePoint 2013 web service on the SharePoint 2013 front-end web servers in your environment.

You can install the SharePoint 2013 web service using the graphical interface of the Services Manager Setup Tool or

through the command line. After the installation process is finished, you can enable the service and continue configuration

through the control panel.

To install the SharePoint 2013 web service using the graphical interface

The installation process includes preliminary configuration to create the web service account and IIS application pool, and







5. On the Select Web Services page, select SharePoint 2013 Web Service. Click Next.


click Next.

7. On the Ready to Install page, click Install.



10. On the Installed Services page, click Configure next to the SharePoint 2013 Web Service item. The Configuration Tool

attempts to contact the Encryption Service to retrieve the encrypted key. If the service cannot be contacted, the

Configuration Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and

export keyfiles for the Encryption Service.







User name: Enter a user name for the SharePoint web service account. The default user name is csm_sp2013_svc. This

f ield is unavailable when you elect to auto-generate credentials.

Password: Enter a password for the SharePoint web service account. This f ield is unavailable when you elect to auto-


Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not


Service port: Enter the port used by the SharePoint web service. The default port is 8095.



the SharePoint web service, imports the Encryption Service key, and displays progress.




After you install the web service, continue the configuration using the Services Manager control panel. For more

information, see Configure the SharePoint 2013 service.

To install the SharePoint 2013 web service using the command line

When you install the SharePoint 2013 web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.


1. On the SharePoint 2013 server, log on as an administrator.


3. At the command prompt, enter CortexSetupConsole.exe /Install:SharePoint2013. The Setup Tool installs the web service

and returns the command prompt.

4. At the command prompt, enter install-locationServicesSharePoint2013ConfigurationSharePointConfigConsole.exe and

specify the following properties:


/UserName:username The application pool ID. Usually, this is the SharePoint administrator user. This

parameter is optional if you are using /GenerateCredentials.

/Password:password The application pool password. This parameter is optional if you are using

/GenerateCredentials.



False



| False

Optional. Generate the password for the service account.





The following command performs the initial configuration of the web service.install-locationServicesSharePoint2013ConfigurationSharePointConfigConsole.exe /UserName:shpt_svc_acct /Password:password /ServicePort:8095When the installation process is finished, configure the SharePoint 2013 service through the Services Manager control

panel. For instructions, see Configure the SharePoint 2013 service.





Jun 05, 2015

Updated: 2013-10-26Before configuring the SharePoint 2013 service, ensure the SharePoint server meets the following requirements:

The SharePoint server has a DNS A record in the domain in which it is deployed

The web service is installed

PowerShell remoting is enabled

CredSSP authentication is enabled for both Server and Client roles

You can initiate a remoting connection with CredSSP authentication from the SharePoint server to the Web and

Provisioning servers in your deployment

Note: For more information about PowerShell remoting and CredSSP authentication requirements, see Plan to deploy

the SharePoint service.

Additionally, if you want to provision DNS for customers' SharePoint 2013 sites, ensure the DNS service is enabled and

configured. By default, DNS is enabled in the SharePoint 2013 service settings.

To configure the SharePoint 2013 service

Configuring the SharePoint 2013 service includes importing the service package file to the control panel. To import service

packages, you must have the Service Schema or All Services Schema security role.

1. Import the SharePoint 2013 service package into the control panel:



3. On the Service Import page, click Browse and locate the SharePoint 2013.package f ile. Click Open.



2. Enable the service (top level): From the Services Manager menu bar, select Configuration > System Manager > Service

Deployment, expand SharePoint 2013, and click Save.



SharePoint 2013.

2. Click Service Settings, expand Configuration, and specify an Application Pool Account. The account must be an

administrator in SharePoint and entered using the exact form as the value returned by the PowerShell cmdlet Get-

SPProcessAccount.

3. Click Apply changes and then click Save to enable the service.

4. Add the credentials for the SharePoint service account:














2. If the server where the SharePoint web service is running is not listed, click Refresh Server List.


4. If you enabled CredSSP client authentication on the SharePoint server using a wildcard (for example,

WSMAN/*.domain.com), in Alias, enter the FQDN of the SharePoint server.

6. Assign server roles for each server to be added to a SharePoint farm:


entry for the server.

2. Under Server Connection Components, select SharePoint 2013.

3. Under Server Roles, select SharePoint 2013 Farm and then click Save.



Connection, and then select or type the following information for the SharePoint WCF service running on the

SharePoint 2013 server.

Server Role

Choose SharePoint 2013.

Server

Choose the server where the SharePoint WCF service is running.

Credentials

Choose the credentials for the SharePoint WCF service.

URL Base

Defaults to SharePoint2013WSManagement.asmx.

Protocol

Defaults to http.

Port


Timeout


2. Click Save.


icon in the Test column for the SharePoint server. The icon turns green for a successful connection. A red icon


To add and configure SharePoint farms


When you create a SharePoint farm through the control panel, the farm has Foundation licensing by default. You can

change the license when you configure the farm. However, after the farm is provisioned to a customer, you cannot modify

the license. For more information about SharePoint 2013 licensing, see SharePoint 2013 licensing and Web Apps.

1. Add a SharePoint farm:

1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Farms and then choose a Location.

2. In the farm table, click Add and perform the following actions:

1. Enter a user-friendly Farm name.

2. Choose a Server for the farm.

3. Select the appropriate Credentials for the farm.

4. Click Update to save your changes.

The farm name is visible to customers during resource and site configuration. After a server is allocated to a farm, you

cannot allocate it to another farm.

2. Configure multi-tenancy features on SharePoint farms:

1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Farm Configuration. Under Farm Selection,

choose a Location and Farm.

2. Under Managed Account, either choose a domain account or specify the credentials to apply the SharePoint 2013

service account to an existing user. The account specif ied is used in Steps C and D.

3. If a Default Web Application was not already created when you installed SharePoint 2013, enter a Web Application

Name and Application Pool and then click Create. The default name and application pool is "SharePoint - 80." Use IIS

to determine if a default web application was created.

4. Under Proxy Group, enter a Proxy Group Name, and then click Create. The default proxy group is TenantProxyGroup.

The default web application is associated with this proxy group. This step can take several minutes to complete.

5. Under Site Subscription, complete the settings, and then click Create. If you accept the default settings, the

SPSubscription application pool is created, the Farm_SiteSubscriptionSettingsServiceApp service is started, and the

Farm_SiteSubscriptionSettingsServiceAppDB database is created. This step can take several minutes to complete.

6. Under Licensing Configuration, select the SharePoint licensing version you want to apply to the farm and, if applicable,

enable MS Office or Project Web Apps capabilities. Click Save.

Note: Select Edit Office Web Apps or Project Web Apps only if the farm is configured to use Office Web Apps Server

or Project Web App, respectively.

3. Import web templates from a SharePoint farm:

1. Under Farm Selection, ensure the appropriate Location and Farm are selected.

2. Under Templates, click Retrieve Web Templates.

After web templates are stored in the Services Manager database, they can be assigned to a SharePoint site during

customer provisioning.

To add and configure SharePoint 2013 feature packs

A SharePoint feature pack is a collection of SharePoint features. Services Manager displays the feature packs configured

on a SharePoint farm and enables you to create new feature packs from a list of the features installed on the SharePoint

server.

1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Feature Packs, choose a Location and Farm,

and then click Retrieve Feature Packs.

2. To add a feature pack, perform the following actions:

1. Under Management, click New Feature Pack.

2. In Label, enter a user-friendly name.

3. Under Available Features, select the SharePoint features you want to include and click Add Features. To add all



features included in a SharePoint edition, click Add Foundation, Add Standard, or Add Enterprise.

4. Click Save.

The feature pack name is visible to customers during resource configuration. After a feature pack is added, it can be

configured for a customer account.


Configure certificates for SharePoint 2013 sites

Jun 05, 2015

Updated: 2013-10-18When you provision a SharePoint 2013 site to a customer, you can specify that the site be accessed using HTTPS andselect the certif icate to use for the site. To make certif icates available for provisioning customer sites, you perform thefollowing tasks:

On the SharePoint farm server, create the required IP addresses and install the required certif icates

In the control panel, assign the certif icates to the appropriate IP addresses and specify the access level of the

certif icate (available to all customers or dedicated to a single customer)

1. From the Services Manager menu bar, click Services > SharePoint 2013 > Certif icates.

2. Under Sync, click Retrieve IP Addresses, then click Retrieve Certif icates. By default, all certif icates are marked as Reserved

until they are configured.

3. In the certif icates table, click Edit for the certif icate you want to configure.

4. In IP Address, select the IP address you want to assign to the certif icate.

5. In Access, select one of the following options:

Reserved: The certif icate is unavailable for use by any customer.

Public: The certif icate is available for use by any customer.

Dedicated Customer: The certif icate is available for use only by a specif ic customer. When you select this option,

enter the Customer to whom you are allocating the certif icate.

6. Click Save.


Provision the SharePoint 2013 service

Jun 05, 2015

Updated: 2013-10-31

To provision the SharePoint 2013 service to customers

Before provisioning the SharePoint 2013 service to a customer, at least one SharePoint farm and feature pack must be

configured (see Configure the SharePoint 2013 service). Feature packs determine the functionality that is available to

provisioned users.

Additionally, to enable Services Manager to provision DNS records to the customer when provisioning SharePoint 2013 sites,

ensure the DNS service is configured. For domains that are owned by the customer, ensure the DNS service is configured

and provisioned to the customer.

Provisioning the SharePoint 2013 service to a customer consists of the following actions:Conf igure SharePoint resources: This action creates a subscription for the customer to the SharePoint farm you

specify. You can specify multiple, different farms with companion feature packs. However, you cannot specify multiple

instances of the same farm.

Conf igure SharePoint sites: This action deploys a SharePoint site for the customer using the customer plan, site

template, SSL certif icate, and URL you specify.

Customer plans determine how the site is configured and saved on the SharePoint 2013 server. Service providers configurethe availability of the following plans when they provision the service to customers. All plans support SSL and anonymousauthentication.Customer Site

This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured

with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.

Shared Site

This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated

content database.

Dedicated Site

This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool

unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content

database.


2. In Customer Search, f ind the customer for whom you want to provision the SharePoint 2013 service.

3. In the services list, click SharePoint 2013 configure resources.

4. In the SharePoint farm table, click Add and select the farm and companion feature pack to allocate to the customer.

Note: Changing the companion feature pack affects the features of all sites that are provisioned to a customer. This

change can affect the customer's billing for those sites. For example, if a customer has several sites provisioned in a farm

with the Foundation feature pack, changing the feature pack to Enterprise will cause the customer to be billed at the

Enterprise level for all provisioned sites.

5. Click Update and then click Save.

6. In the services list, click SharePoint 2013 create an instance.

7. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.



8. Under Service Plan Configuration, select the appropriate Customer Plan. To customize the plan, click Edit and make the

appropriate changes. When you are f inished, click Apply Changes.

9. Under Site Administrators, enter the user names for the users granted full administration rights to the site. These users

must be members of the customer's organizational unit in Active Directory.

10. Under Site Configuration, select the Site Template with which to create the site.

Note: If no template is selected, no template is configured when the site is provisioned. Before users can access the

SharePoint site, the Site Administrator must access the site directly to select a template and configure security groups.

11. Under Site Address, configure the following settings:

1. In Type, select the authentication method for accessing the site (HTTP or HTTPS).

2. In Certif icate, select the appropriate site certif icate for the customer. This f ield is available when you select HTTPS as

the address type.

Note: To make a certif icate available for provisioning, the certif icate must be configured for the customer's use. For

more information, see Configure certif icates for SharePoint 2013 sites

3. In Address, type the customer's site name to complete the address. If you select a certif icate that is dedicated to the

customer, this f ield is automatically completed.


1. In Maximum Users, select the Enabled check box and enter the total number of users the customer can provision to

the site.



13. Click Provision to provision the site to the customer.

To provision the SharePoint 2013 service to users

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision users.

2. Under Customer Function, click Users.


4. Expand SharePoint 2013 and select the user plan you want to enable for the user. The user plans available for

provisioning are determined by the license of the farm assigned to the customer. For example, if the customer's farm has

a Standard license, then only the Standard user plan can be provisioned. However, if the farm has an Enterprise license,

both the Standard and Enterprise user plans are available for provisioning. If the farm has a Foundation license, then no

user plans are available.

5. Under Group Membership, select the site groups you want to assign to the user.

6. Under Role Membership, select the site roles you want to assign to the user.

7. Configure any of the following settings:

Site Administrator: Confers administrator permissions for the site to which the user is being provisioned.

Edit Office Web Apps: Enables the user to modify Office documents within the SharePoint site (requires valid

Microsoft Office product licenses).

Project Web Apps: Enables the user to use Project features within the SharePoint site (requires a valid Project product

license).

Note: The Edit Office Web Apps and Project Web App settings apply to all sites to which the user is provisioned.

Therefore, if you enable or disable these settings for a single site that the user can access, these settings are also

enabled or disabled for all other sites provisioned to the user.

8. Click Provision to provision the service to the user.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-sharepoint-2013/ccps-sharepoint-2013-certs.html


Migrate customers to SharePoint 2013

Jun 05, 2015

Updated: 2013-10-31To migrate customers' SharePoint 2010 sites to SharePoint 2013, you perform the following tasks:1. Upgrade your SharePoint 2010 deployment to SharePoint 2013 as described in the article "Overview of the upgrade

process to SharePoint 2013" on the Microsoft TechNet web site.

2. In the Services Manager control panel, remove customers' SharePoint 2010 sites. This step removes sites from the

control panel, but does not delete them from the SharePoint farm.

3. Import customers' upgraded SharePoint 2013 sites into the control panel for management.

To remove SharePoint sites

Removing a SharePoint site removes the site listing from the Services Manager control panel only. The site remains intact in

the SharePoint farm.

1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Site Removal.

2. Under Farm Selection, select the SharePoint Version, Location, and Farm server where the site you want to remove

resides.

3. In the site table, select the SharePoint site you want to remove.

4. Click Delete Sites. The site table no longer displays the site entry.

To import existing SharePoint 2013 sites

Before you import an existing SharePoint site, ensure you have the following items:The customer to whom you want to assign the imported site has been added to Services Manager

The user designated as the site's Primary Administrator has been added to the customer

When you import a site, Services Manager automatically assigns it to the customer based on the user designated as the

site's Primary Administrator. If Services Manager detects that the user does not belong to a customer, you cannot import

the site.

1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Site Import.

2. Under Farm Selection, select a Location and Farm where the site you want to import resides. Services Manager

automatically detects the sites in the farm and displays them in a list.

3. From the site list, select the unassigned site you want to import and then click Import.

http://technet.microsoft.com/en-us/library/cc262483.aspx


Skype for Business service

Jul 11, 2016

The new Skype for Business service includes all the features of the Lync Enterprise 2013 service and is compatible with

Skype for Business 2015 . This document will help you plan your Skype for Business service deployment and upgrade Skype

for Business service in a standalone Lync Enterprise 2013/Skype for Business 2015 environment, in an in-place upgrade

environment, and in a co-existence migration environment.

What’s new in this release

Support for different versions of Skype for Business Servers: CloudPortal Services Manager supports Skype for Business

service in different versions of Skype for Business servers, including Lync Enterprise 2013 server and Skype for Business

2015 server.

Support for in-place upgrade of Lync Enterprise 2013 to Skype for Business 2015 : CloudPortal Services Manager

supports provision/deprovision/reprovision Skype for Business service in a Skype for Business 2015 deployment that

undrwent an in-place upgrade from Lync Enterprise 2013.

Support for co-existence migration from Lync Enterprise 2013 to Skype for Business 2015 : CloudPortal Services Manager

supports provision/deprovision/reprovision Skype for Business service in a Skype for Business 2015 deployment that was

migrated from Lync Enterprise 2013.

Wording improvement in service schema and reports: In this version, some wording improvements have been introduced in

service schema and reporting.

Known issues

When you upgrade from Lync Enterprise 2013 service, the new components of Skype for Business service will replace the

existing ones. To prevent the upgrade from creating duplicate components for Skype for Business, ensure that the

Reporting role is installed and configured in CloudPortal Service Manager.

Skype for Business topology support

In this version, Skype for Business service supports three deployment types in a location.


Figure 1: Deployment with standalone Lync Enterprise 2013

Figure 2: Deployment with standalone Skype for Business 2015


Figure 3: Deployment of Lync Enterprise 2013/Skype for Business 2015 co-existence environment


Deploy and Configure Skype for Business service

Jul 11, 2016

To configure Skype for Business service in a new instance of CloudPortal Services Manager (that has never been provisioned

with any Lync Enterprise 2013 service), follow the Lync 2013 Guide to review the deployment requirements and common

steps to deploy new Skype for Business service in a standalone Lync Enterprise 2013 or Skype for Business 2015

environment. The general configuration steps are the same as in the previous version except for the following, minor

differences:

Configure server connection

Provision Skype for Business service to customer

Skype for Business service adds a new feature to distinguish Skype servers of different versions. The following additional

steps are required in the process of Configuring Skype for Business service:

Step 1: Specify the version of Skype server when you create a server connection

1. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Connections, click NewConnection, and then select or type the following information for the web service.

Setting Value

Server Role Select Skype for Business.

Server Defaults to the Lync/Skype server.

Credentials Choose the credentials for the Lync/Skype web service account.





Version o Lync Enterprise 2013 o Skype for Business 2015

2. Click Save.

Step 2: Provision the Skype for Business service to a customer by choosing theSkype version

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-lync-2013.html#par_text_0




3. Click the Skype for Business service name. The Service Plan Configuration page appears.

4. In Skype Version, choose the corresponding Skype version in your deployment.

NoteWhen provisioning Skype for Business to a customer, Citrix recommends that the Skype version match the version of the web

service connection, otherwise when provisioning Skype for Business to a customer, a default web service connection with the latest

Skype version is chosen. For example, the Skype for Business 2015 server connection will be used for provisioning customer

service in Lync 2013 server.


Upgrade to Skype for Business service

Jul 11, 2016

This section describes how to upgrade the exsiting Lync Enterprise 2013 service to Skype for Business service in

A standalone Lync Enterprise 2013 deployment

A Skype for Business 2015 deployment that underwent an in-place upgrade from Lync Enterprise 2013

A Skype for Business 2015 deployment that coexists with Lync Enterprise 2013

Upgrade service in standalone Lync Enterprise 2013

In this scenario, Lync Enterprise 2013 server is installed and deployed with Lync Enterprise 2013 service. To upgrade the existing Lync Enterprise 2013 service to Skype for Business service, you must

perform the following steps:

Step 1: Upgrade Skype for Business package in CloudPortal Services Manager

1. Log on to Cloud Portal Services Manager as Service Provider admin.

2. Go to Conf iguration > System Manager > Service Schema, click Import a service, click Choose File button, browse to the private build, select Skype for Business package, click Preview, then

click Import .

3. If no error occurs, right click Toolbars, open Task Manager, click Details, locate CortexQueueMonitor.exe and click End task. Click Services, then locate and start CortexQueueMonitor.

NoteMake sure the CPSM reporting role is successfully installed. Otherwise some wording in the user interface, such as ‘Lync Enterprise 2013’ will not upgrade.

Step 2: Upgrade Skype for Business web service

1. Log on to Lync Enterprise 2013 web service servers.

2. Go to Control Panel and uninstall Citrix CloudPortal Services Manager Lync Enterprise 2013 Web Service.

3. Launch Setup.exe from the Skype for Business installation folders.

4. Check Skype for Business Web Service, click Next , and then follow the steps to f inish the installation.

5. Click Conf igure to configure the service.

6. Specify Service Account, keep the default Service port.

7. Click Next to f inish the configuration.

Upgrade service in Skype for Business 2015 that underwent an in-place upgrade

To upgrade Skype for Business service in an In-Place Upgrade Skype for Business 2015 environment, besides the previous steps in Upgrade service in a standalone Lync Enterprise 2013, you must

perform the following additional steps to upgrade the customer and user information.

Step 1: Upgrade Server Connections

1. Log on to Cloud Portal Services Manager as Service Provider admin.

2. Go to Conf iguration > System Manager > Server Connections, click and expand Skype for Business – Lync Enterprise 2013.

3. Under Version, Select Skype for Business 2015.

Step 2: Upgrade Registrar Pool in Customer Plan and User Plan

1. Go to Conf iguration > System Manager > Service Deployment . Under Service Filter, select Active Directory Location Services, and choose a Location Filter.2. Expand Skype for Business.

3. Expand User Plans. Then expand each user plan, select the checkbox before Registrar pool, and then click Reload. Make sure the registrar pool is the Skype for Business 2015 pool. Click Applychanges.

4. Expand Customer Plans. Then expand each customer plan, select the checkbox before Registrar pool, and then click Reload. Make sure the registrar pool is the Skype for Business 2015 pool.

Click Apply changes.

5. Click Save.

Step 3: Reprovision Skype for Business service to Reseller

To reprovision Skype for Business service to Reseller, perform the steps listed in Reprovision Skype for Business to Reseller.

Step 4: Reprovision Skype for Business service to Customer




4. Change the Skype Version to Skype for Business 2015.

5. Keep other properties unchanged and click Provision.

Step 5: Reprovision Skype for Business service to users

1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.




Upgrade service in a co-existence Lync/Skype co-existence environment

https://technet.microsoft.com/en-us/library/dn951371.aspx

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/skype-for-business-service/upgrade-to-skype-for-business-service.html#par_anchortitle_f06d

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-lync-2013/ccps-lync-ent-2013-provision.html#par_text_0


In this scenario, you can migrate Lync Enterprise 2013 servers to Skype for Business 2015 servers. The temporary environment that exists during migration still remains Lync Enterprise 2013 and Skype

for Business 2015 .

This section provide information specific to upgrading existing objects provisioned with Lync Enterprise 2013 service in CPSM. For example, migrating users from Lync Enterprise 2013 front end server

to Skype for Business 2015 front end server, updating DNS record to upgrade some simple url.

Besides the previous steps in Upgrade service in a standalone Lync Enterprise 2013, some extra steps are required.

Step 1: Install Skype for Business web service in Skype for Business 2015 front-end servers

1. Logon to Skype for Business 2015 front-end server

2. Launch the Setup.exe from the Skype for Business installation folders

3. Check Skype for Business Web Service, click Next , follow the steps to f inish the installation

4. Click the Conf igure link to configure the service

5. Specify Service Account, keep the Service port by default

6. Click Next to f inish the configuration

Step 2: Enable the Server for Skype for Business 2015 front-end servers

1. Logon to Cloud Portal Services Manager as Service Provider admin

2. From the Services Manager menu bar, choose Conf iguration > System Manager > Servers.

3. Click Refresh Server List .

4. Expand the entry for the Skype for Business 2015 server and verify that Server Enabled is selected.

Step 3: Assign server roles


2. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Roles and then expand the entry for the Skype server.

3. Under Server Connection Components, select Skype for Business and then click Save.

Step 4: Upgrade Server Connections


2. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Connections, click and expand Skype for Business – Lync Enterprise 2013, click delete to delete the

server connection for Lync Enterprise 2013 servers.

3. Click New Connection, and then select or type the following information for the web service.

Setting Value

Server Role Select Skype for Business.

Server Defaults to the Skype for Business 2015 server.

Credentials Choose the credentials for the Skype web service account.





Version o Lync Enterprise 2013 o Skype for Business 2015

4. Click Save.

Choose the credentials for the Skype web service account.

Choose the credentials for the Skype web service account.

Defaults to http.

Defaults to http.

Defaults to http.


Defaults to http.

Defaults to http.

Defaults to http.




NoteTo deploy Skype for Business service in a Lync Enterprise 2013/Skype for Business 2015 co-existence environment, only one server connection is required, while the server connection must connect to Skype for

Business 2015 web service. For in a co-exsitence environment, some Skype/Lync commands can be executed only at the top version level.

Step 5: Upgrade Registrar Pool in Customer Plan and User Plan

To upgrade Registrar pool in Customer Plan and User Plan, perform the steps listed in Upgrade Registrar Pool in Customer Plan and User Plan.

Step 6: Upgrade DNS Record

1. Go to Conf iguration > System Manager > Service Deployment . Under Service Filter, select Active Directory Location Services, and choose a Location Filter.2. Expand Skype for Business.


4. Under DNS, perform the following actions if Services Manager is to provision DNS records for the Skype for Business service:

In Front End Server, specify the IP address or FQDN of the Front End server of the newly deployed Skype for Business 2015 server. Leave these f ields blank if you want to create the DNS

records manually.

NoteCitrix recommends that you set the IP address or FQDN in Front End Server to a Skype for Business 2015 server IP or FQDN.

Step 7: Reprovision Skype for Business service to Reseller

To reprovision Skype for Business service to Reseller, perform the steps listed in Reprovision Skype for Business to Reseller.

Step 8: Reprovision Skype for Business service to Customer

The steps for reprovisioning Skype for Business service to Customer are the same as those listed under Step 4 of Upgrade service in Skype for Business 2015 that underwent an in-place upgrade.




4. Change the Skype Version to Skype for Business 2015.


Step 9: Reprovision Skype for Business service to users

The steps for reprovisioning Skype for Business service to users are the same as those listed under Step 5 of Upgrade service in Skype for Business 2015 that underwent an in-place upgrade.

1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.




http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/ccps-deploy-lync-2013/ccps-lync-ent-2013-provision.html#par_text_0

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/skype-for-business-service/upgrade-to-skype-for-business-service.html#par_anchortitle_7d7f

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-services-deploy/skype-for-business-service/upgrade-to-skype-for-business-service.html#par_anchortitle_7d7f


Virtual Machines

Jun 05, 2015

Updated: 2014-08-15The Virtual Machine web service is installed on the Microsoft SCVMM server in your environment. You can install the Virtual Machine web service using

either the graphical interface of the Services Manager installer or through the command line. After the installation process finishes, you can enable the

service and continue configuration through the control panel.

To install the Virtual Machines web service using the graphical interface

The installation process includes preliminary configuration to create the web service account and IIS application pool, and define the service port.






5. On the Select Web Services page, select Virtual Machine Web Service and then click Next.




9. On the Installed Services page, click Configure next to the Virtual Machine web service list item.

10. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When

the summary contains the settings you want, click Next. The Configuration Tool configures the Virtual Machine web service and displays progress.


To install the Virtual Machines web service through the command line

1. On the SCVMM server, log on as an administrator.


3. At the command prompt, enter CortexSetupConsole.exe /Install:VirtualMachine. The Setup Tool installs the web service and returns the command

prompt.

4. At the command prompt, enter install-locationServicesVirtualMachineWSConfigurationVMConfigConsole.exe and specify the following properties:


/UserName:vm_svc_acct Impersonation account for the Virtual Machine service. This parameter is optional if you are using





False



| False


/SkipUserRoleCreation:True

| False

Default = False

/UserRoleName:name The SCVMM user role under which the service operates. Default = CSM_SelfServiceUser. This parameter is optional

if you have set /SkipUserRoleCreation to True.

/VMHostGroups:host-

groups

A comma-delimited list of host groups to add to the SCVMM scope. This parameter is optional if you have set

/SkipUserRoleCreation to True.


/VMMServer:address:port Default = localhostProperty Description




The following command performs initial configuration of the web service:install-locationServicesCitrixWSConfigurationVMConfigConsole.exe /UserName:vm_svc_acct /Password:password /ServicePort:8095 When the installation process is finished, log on to the control panel and configure the web service. For instructions, see Configure the Virtual Machine

service.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-install-vm/ccp-10-services-config-vm.html


Configure the Virtual Machine service

Jun 05, 2015

Updated: 2014-01-06To configure the Virtual Machine service, you perform the following tasks:

Configure the Virtual Machine service using the control panel

Synchronize resources from the SCVMM server

Configure the virtual networks that customers will use

To configure the Virtual Machine service


1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment, expand Virtual

Machine, and click Save.

2. Expand Virtual Machine, click Customer Plans, and create a customer plan if one is not already created. Verify and save

the settings. Customer plan settings include per-customer machine limits and whether dynamic disks are used.

Typically, dynamic disks are disabled to avoid over-subscription of disk storage. However, some Service Providers

enable dynamic disks to increase provisioning speed.

2. Enable and configure the service (location level): Under Service Filter, select Active Directory Location Services, choose a

Location Filter if applicable, expand Virtual Machine, and click Service Settings. Verify the settings, making sure that the

following settings are configured, and then save the service:

RDP Console URL

Defaults to VMConnection.aspx.

Self Service Role

Set to SelfService, the name of the self-service user group configured in SCVMM.

Virtual Machine Path

If the customer will use clustered Hyper-V hosts, change the path from

{PreferredDrive}Images{CustomerShortName} to {PreferredDrive}{CustomerShortName}. That change helps

prevent folder creation errors in the cluster shared volume.

3. Add the credentials for the service account:













2. If the SCVMM server is not listed, click Refresh Server List.




entry for the SCVMM server.

2. Under Server Connection Components, select Virtual Machine. Virtual Machine refers to the VirtualMachineWS.

3. Under Server Roles, select Virtual Machine Manager and then click Save. Virtual Machine Manager indicates that

SCVMM is installed on the server.



Connection, and then select or type the following information for the SCVMM server.

Server Role

Choose Virtual Machine.

Server

Choose the server where the VM web service is running.

Credentials

Choose the credentials for the service.

URL Base

Defaults to /VirtualMachine/VirtualMachine.asmx.

Protocol

Defaults to http.

Port


Timeout

Citrix recommends that you change the setting from 200000 to 2000000 milliseconds. This increases the timeout

to about 35 minutes, needed for disk creation operations.

2. Click Save.


icon in the Test column for the SharePoint server. The icon turns green for a successful connection. A red icon


To synchronize resources

This procedure verifies the server role and connection configuration and retrieves information from the SCVMM server.


1. From the Services Manager menu bar, choose Services > Virtual Machine > Configuration > Virtual Resource Manager.

2. Under Environment, choose the Location and SCVMM server. Incorrect entries in those lists indicate incorrect

configuration of server roles or server connections.

3. Click Refresh. The message "The Resources were updated successfully" appears. If it does not, verify the configuration.

4. Expand the resource folders and verify their contents:

1. Provide user-friendly labels and group names. For example, you might rename "Server03x64WE-DE” to “64-bit

Windows Server 2003 – German".

2. Review assignments.

3. Assign sets of items to groups, such as "SQL Server DVDs", to speed selection of resources during provisioning.

5. (Optional) Import existing Hyper-V VMs into the Service Manager customer: Before moving a VM to a customer, verify

that it resides on a host assigned to that customer, along with the relevant VLANs.

1. Expand Virtual Machines and locate a VM not yet managed by Services Manager (their names appear dimmed).

2. Select the VM and use the right pane to search for a customer.

3. Click Provision.

To configure virtual networks

You can create the following types of VLANs:Dedicated – Can be assigned to one customer only (most commonly used).

Shared – Can be assigned to one or more customers.

Reserved – Not usable for customers. For instance, you might add an out-of-band management VLAN to ensure a

customer is not accidently placed into the same network.

Mandatory – Available to all customers.

You can assign multiple subnets to a VLAN and use Services Manager to define a default gateway, DNS servers, and range

for the subnet.

To configure virtual networks, choose Services > Virtual Machine > Configuration > Virtual Network Manager.


To provision the Virtual Machine service to customers

Jun 05, 2015

Updated: 2013-02-251. From the Services Manager menu bar, click Customers > Customer Services.

2. In Customer Search, f ind the customer for whom you want to provision the Virtual Machine service.

3. In the services list, click Virtual Machine. The Service Plan Configuration page appears.

4. In Customer Plan, select the plan you want to assign to the customer.

Note: The customer plan defines the properties of all virtual machines that are created, including CPU, memory, and the

total number of virtual machines that can be created.

5. In Management Server, select the SCVMM server to use for handling customer requests generated through Services

Manager.

Note: When the service is provisioned to the customer, this setting cannot be changed. To update the server, deprovision

the service for the customer and ensure the virtual machines are recreated on the new SCVMM server.

6. Under Virtual Resources, perform the following actions:

1. Expand the Hosts & Networks node and select the server you want to host the virtual machines and the network

under each host.

2. Expand the Machine Templates node and select the templates the customer administrator can use to create virtual

machines.

3. Expand the Guest OS Profiles node and select the operating systems the customer administrator can assign to the

machine templates.

4. Expand the DVD Images node and select the images the customer administrator can mount on virtual machines.

5. Expand the CPU Types node and select the CPUs the customer administrator can use for virtual machines.

7. Under Networking, expand the node for the type of VLAN you want to assign and select the VLAN to assign as the

customer's virtual environment.

8. Under Resource Configuration, to customize the settings assigned by the package template you selected in Step 4, clear

the Auto select package resource limits check box and make the appropriate changes.


1. In Maximum Users, select the Enable check box and enter the total number of users the customer can provision.


10. Click Provision to enable the customer to create virtual machines.


To add virtual servers

Jun 05, 2015

Updated: 2013-05-17Before adding virtual servers through the Virtual Machine service, you must ensure a host exists on the SCVMM server and

that Services Manager can communicate with the host. To do this, see the article CTX129850, "How to Add a New Hyper-V

Host to Cortex," in the Citrix Knowledge Center.

1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.

2. Under Machine Management, click New Virtual Machine. The Virtual Server Manager appears.

3. Under Virtual Machine Identity, enter a computer name and description for the new virtual machine.

4. Under Source Templates, perform one of the following actions:

Select Create a new virtual machine with a blank disk to create a virtual machine without using a source image.

Select Use an existing virtual machine template to create a virtual machine using a source image that you select from

the Machine Template drop-down box.

5. Under Guest Operating System, perform the following actions:

1. In Template, select the operating system you want to install.

2. In T ime Zone, select the time zone for the server.

3. In Product Key, enter the software product key for the selected operating system. If the product key has been

included in the operating system template, a note appears to this effect.

4. In Administrator Password, specify the password for the machine's local administrator account. If the password has

been included in the operating system template, a note appears to this effect.

6. Under Hardware, perform the following actions:

1. In CPU, specify the number and type of cores for the new virtual machine.

2. In Memory, specify the amount of available memory for the new virtual machine.

3. Configure the virtual devices associated with the machine. For example, to add a disk drive to the machine, click New

Disk. When you add devices, a configuration box appears where you can define the device's properties such as device

channel, media (for DVD devices), type, and size.

Note: After the virtual machine is provisioned, you can only increase the disk size. You cannot decrease it. To modify

the virtual machine's hardware, you must f irst stop the machine.

7. Under Network Adapters, perform the following actions:

1. Choose the network adapter to use for the virtual machine and click Add network adapter.

2. Configure the network adapter, if necessary, to connect to a specif ic network and configure the machine's MAC

address.

8. To start the virtual machine immediately after it is provisioned, select the Start the virtual machine check box.

9. Click Provision to save your selections.

After you have added the virtual servers, ensure that customers can access their virtual machines by setting up remote

connectivity. To do this, see the article CTX129846, "How to Connect to a Virtual Machine," in the Citrix Knowledge Center.




Record virtual server states with checkpoints

Jun 05, 2015

Updated: 2013-02-11Checkpoints capture the state of a virtual machine at a certain moment in time. You can then use the checkpoint torestore the virtual machine to the state it was in when the checkpoint was created.


2. Select the virtual machine for which you want to create a checkpoint.

3. On the Checkpoints tab, in the Checkpoint Management table, click Add. A blank text box appears in the Name column.

4. Type the name of the checkpoint and then click Update.


2. Select the virtual machine whose state you want to restore.

3. On the Checkpoints tab, select the checkpoint you want to use.

4. Click Restore. The restore request is sent to the host machine. To view the progress of the restore, click the Status tab.

The Most Recent Task section displays the progress of each task the host machine processes.


Windows Web Hosting

Jun 05, 2015

Updated: 2013-02-11For information about the requirements for deploying the Windows Web Hosting service, refer to Plan to deploy the

Windows Web Hosting service.

Deploying the Windows Web Hosting service involves the following tasks:Install the Windows Web Hosting web service

Configure the Windows Web Hosting service

To provision Windows Web Hosting services to resellers

Provision the Windows Web Hosting service to customers

After deploying the Windows Web Hosting service, use the following the topics to add and import web sites, manage website directories and subdomains, and install web applications:

To import existing web sites for a customer

To add default documents to a web site

Manage web site directories

To install web applications

To add or remove subdomains

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-plan-overview/ccps-plan-services/ccps-plan-win-web-hosting.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccps-install-win-web-hosting.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-config-win-web-hosting.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-admin-web-hosting-prov-reseller.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-admin-web-hosting-prov-customer.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-admin-web-hosting-import.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-admin-web-default-docs.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-admin-web-iis-directories.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-admin-web-apps.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-deploy-web-hosting/ccp-10-services-admin-web-domains.html


Install the Windows Web Hosting web service

Jun 05, 2015

Updated: 2013-02-15The Windows Web Hosting web service is installed on all web servers in your environment that you want to make available for provisioning web sites to

customers. You can install the Windows Web Hosting web service using either the graphical interface of the Services Manager installer or through the

command line. After the installation process finishes, you can enable the service and continue configuration through the control panel.

The installation process includes preliminary configuration to create the web service account, local file share, and FTP site. This process also creates an

FTP User Isolation account for accessing each customer's service OU in Active Directory.





4. On the Select Web Services page, select Windows Web Hosting Service and then click Next.



7. On the Installed Services page, click Configure next to the IIS web service list item.



User name: Enter a user name for the web service account. The default user name is csm_iis_svc. This f ield is unavailable when you elect to auto-


Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate credentials.

Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active

Directory.

Service port: Enter the port used by the web service. The default port is 8095.

9. On the Create FTP Site page, enter the following information and then click Next:

External address: Enter the name of the server that customers will access to manage their hosted content. By default, the local server name is

entered.

Binding IP: Enter the IP address through which the server receives incoming connections. By default, all IP addresses are included.

Use SSL: Select this option to secure FTP transmissions with SSL. Citrix strongly recommends this option if you are deploying the service in a

production environment.

SSL Certif icate: Specify the SSL certif icate you want to use. This item is not available if you do not elect to use SSL.

Content f ile share: Specify the f ile share that customers will access to store hosted content. The default f ile share is C:CsmWebHosting.

10. On the FTP User Isolation page, enter the following information and then click Next:

Auto-generate credentials: Leave this check box selected to allow the Configuration Tool to generate service account credentials automatically.

User name: Enter a user name for the web service account. The default user name is IISFTPUser. This f ield is unavailable when you elect to auto-


Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate credentials.

Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active

Directory.

11. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When

the summary contains the settings you want, click Next. The Configuration Tool configures the web service and displays progress.


1. On an IIS server in your environment, log on as an administrator.


3. At the command prompt, enter CortexSetupConsole.exe /Install:WinWebHosting. The Setup Tool installs the web service and returns the command

prompt.

4. At the command prompt, enter install-locationServicesWinWebHostingWSConfigurationIISConfigConsole.exe and specify the following properties:

Propert yPropert y Descript ionDescript ion


/UserName:username Impersonation account for the Windows Web Hosting service. This parameter is optional if you are using





/GenerateCredentials:True |

False


/FtpFileShare:f ile-path Optional. The location of the FTP f ile share. Default = %SystemDrive%WebHosting

/FtpSiteIp:ip-address Optional. The site binding IP address. Default = * (all assigned)

/FtpSiteName:site-name Optional. The name of the FTP site. Default = Services Mgr Web Hosting FTP

/FtpSslCertThumbprint Optional. The thumbprint of the SSL certif icate used to secure the FTP site.

/FtpUseSsl:True | False Optional. Whether or not SSL is used for the FTP site.




Sample installation command string

The following command performs the initial configuration of the web service.install-locationServicesCitrixWSConfigurationIISConfigConsole.exe /UserName:iis_svc_acct /Password:password /ServicePort:8095


Configure the Windows Web Hosting service

Jun 05, 2015

Updated: 2013-04-18Windows Web Hosting for Services Manager provides Windows-based web hosting from the cloud, with IIS support andDNS management.

1. Enable the service (top level) and create a customer plan:


expand Windows Web-Hosting.

2. Click Customer Plans, create a default customer plan, click Apply changes, and then click Save.

2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter

if applicable, expand Windows Web-Hosting, and click Save.

3. Add the credentials for the web hosting service account:












entry for the server where the Windows Web Hosting service is installed.

2. Under Server Connection Components, select IIS.

3. Under Server Roles, select Windows Web-Hosting, and then click Save.



Connection, and then select or type the following information for the web service.

Server RoleServer Role

Choose IIS.

ServerServer

Choose the server where the Windows Web Hosting Services are installed.

Credent ialsCredent ials

Choose the credentials for the Windows Web Hosting Services.

URL BaseURL Base

Defaults to /IISWS/IIS.asmx. For IIS 7, change the value to /IISWS/IIS7.asmx.


Prot ocolProt ocol

Select http.

PortPort

The port for the IIS service. Defaults to 8095. If you change this port, it must match the port for the web hosting

service.

T imeoutT imeout


VersionVersion

Select IIS7.

2. Click Save.


icon in the Test column for the web server. The icon turns green for a successful connection. A red icon indicates an

unsuccessful connection. Mouse over it for information about the failed connection.





4. Enter a Name for the collection, such as WindowsWebHosting. The name cannot contain spaces.

5. From the Service list, choose Windows Web-Hosting.

6. In the Servers list, select the server and then click Save.

7. Configure the service (location level):


Directory Location Services, choose a Location Filter if applicable, and expand Windows Web-Hosting.

2. Click Customer Plans, expand the default plan, and enable Server Collection.

3. Expand IIS Version, select the version, click Apply changes, and then click Save.

You can use Services Manager to retrieve a certificate list from the web server and manage the certificates for customers.

1. From the Services Manager menu bar, choose Configuration > System Manager > Server Resources > Web Servers,

expand the web server, and then click Retrieve.

2. Click Edit and then configure the applicable settings. The Public setting makes the certif icate available to all resellers and

customers. To make a certif icate available only to some nodes in the hierarchy, enable it only for those nodes.

You can add, change, and remove IP addresses from web servers as described in the following steps. Then, when you

provision the service, you can enable the addresses.



2. Expand the server and scroll to IP Address Management.

3. Click Retrieve and then add, edit, and delete IP addresses as needed.

4. Click Save.


To provision Windows Web Hosting services toresellers

Jun 05, 2015




4. Select the Windows Web-Hosting service check box and then click the Windows Web-Hosting service name. The

Reseller Service Setup page appears.

5. Enable the Web servers and resources the reseller can offer to customers.

6. From the Customer Plans table, select the plans the reseller can offer to customers.

7. Under Resource Configuration, to customize the resource limits for the Web site storage, clear the Auto select package

resource limits check box and make the appropriate changes.


9. Click Provision to enable the reseller to offer Web hosting services to customers.


Provision the Windows Web Hosting service tocustomers

Jun 05, 2015

Updated: 2013-02-11To provision the Windows Web Hosting service to customers, you perform the following tasks:

Configure the IIS servers and resources that the customer will use for hosting web sites

Provision a web hosting instance to the customer


2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.

3. In the services list, click Windows Web-Hosting configure resources.

4. Under Servers and Resources, in Resource View, select one of the following views to display available resources:

None displays no resources.

Customer displays the total resources currently provisioned to the customer.

Reseller displays the total resources for Web sites and customers that have been provisioned by the reseller.

All displays the total resources for Web sites that have been provisioned to the reseller's customers as well as to the

reseller itself .

5. In the resource tree, expand a server collection node. The tree displays the servers configured to host the Web Hosting

service.

6. Select the servers and resources to use when provisioning Web hosting instances for the customer.

7. Click Save to save your selections.


2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.

3. In the services list, click Windows Web-Hosting create an instance.

4. In Instance Name, type the name of the Web hosting instance and click Create.


6. In Web Host Server, select the server to host the customer's Web site.

7. Under Site Bindings, click Add and enter the site binding details for the customer's Web site.

8. Click Update to save your entry.

9. Under Resource Configuration, to customize the default service settings, clear the Auto select package resource limits

check box and make the appropriate changes.


1. In Maximum Users, select the Enabled check box and enter the total number of users that can be provisioned.


11. Click Provision to create the customer's Web site.


To import existing web sites for a customer

Jun 05, 2015

Updated: 2013-02-25The Web Site Import tool enables service providers to import and configure IIS 7 web sites for customers. After provisioning,

the customer's administrator can manage the site using the IIS Manager.

Before importing web sites, the following prerequisites must be met:The user performing the import must have Service Provider Administrator privileges.

The web server currently hosting the sites is configured with the Windows Web-Hosting server role (Configuration >

System Manager > Server Roles).

The web server currently hosting the sites is included in an applicable server collection (Configuration > System Manager

> Server Collections).

A server connection has been set up for the web server currently hosting the sites (Configuration > System Manager >

Server Connections).

The customer for whom the web sites are imported has a Services Manager account. However, the Windows Web-

Hosting service does not need to be provisioned to the customer. When the f irst web site is migrated, Services Manager

provisions the Windows Web-Hosting service and enables the server hosting the site.

1. From the Services Manager menu bar, click Services > Windows Web Hosting > Web Site Import.

2. Under Server Connection, perform the following actions:

1. In Location, select the location where the server resides.

2. In Web Service, select the server that is configured with the Windows Web-Hosting service. In Server, select the server

that is hosting the web site you want to import.

3. Click Load. A list of all the web sites that are present on the server appears.

4. From the site list, select the web site you want to import. The Site Import Manager page appears.

5. In Customer Search, type the name of the customer for whom you want to import the site.

6. Click Load. The page refreshes and displays the customer's name and primary domain.

7. Under Service Setup, in Instance Name, type the name of the instance that does not contain spaces. This name appears

as an instance in the customer's services list.

8. In Customer Plan, select the package template to which the server is assigned.

9. Click Provision to import the web site.


To add default documents to a web site

Jun 05, 2015

Updated: 2013-02-25In IIS, default documents are files that are automatically served when a user accesses the customer's web site but does

not request a specific file. A default document might be the customer's home page or a file list (if directory browsing is

enabled).

When a customer is provisioned with an instance of Windows Web Hosting, the following default documents are createdin the web site's root directory:

Index.htm

Index.html (IIS 7 only)

Index.cfm (IIS 7 only)

Default.asp

Default.aspx (IIS 7 only)

Default.htm

iisstart.htm (IIS 7 only)

Note: Index.php is created only when the Web Hosting instance is configured with PHP Framework settings.The default documents that are created in the web site root directory are automatically passed to any subdirectories that

are created.

Default documents can be modified at the root web site level or at the subdirectory level. If a document is added at the

root level, it is applied to all subdirectories.

1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager

displays the customer's available web sites.

2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder

structure appears in the Web Site pane.

3. In the Web Site pane, click the folder where you want to add the new default document.

4. On the Settings tab, under Default Documents, enter the new document name in the text box.

Note: The document names in this box appear in ranked order. If you want the new document to be the f irst one IIS

serves to users, place it at the top of the list.


Manage web site directories

Jun 05, 2015

Updated: 2013-02-11


displays the web sites available to you.

2. From the Site drop-down box, select the web site for which you want to create the subdirectory. The site's folder


3. In the Web Site pane, click the folder under which you want to create the subdirectory.

4. On the Folders tab, in New Directory, enter the name of the subdirectory you want to create.

5. Click Create. The new subdirectory appears beneath the site root directory in the Web Site pane.


displays the web sites available to you.

2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder


3. In the Web Site pane, click the folder you want to rename or remove.

4. On the Folders tab, in Current Directory, perform one of the following actions:

To rename the subdirectory, enter a new name and click Rename.

To remove the subdirectory, click Delete.

Directory browsing allows a subdirectory of your web site to display a list of the files it contains when users access it with a

web browser. You can enable directory browsing at the site root level or at the subdirectory level. If configured at the site

root level, directory browsing applies to all subdirectories in the web site.

1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.

2. In the Web Site pane, select the Web application you want to configure.

3. On the Settings tab, under Application Settings, select the Directory Browsing check box.

4. Click Update to save your selection.


To install web applications

Jun 05, 2015

Updated: 2013-02-25If a customer's web site involves serving dynamically-generated content, the subdirectories containing that content can bepublished as web applications.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.

2. In the Web Site pane, select the folder you want to publish as a web application.

3. On the Settings tab, under Install Application, click Install. The IIS Site Manager page refreshes and the selected folder is

displayed as a web application.


To add or remove subdomains

Jun 05, 2015

Customers can add or remove subdomains, or host headers, that are bound to their Web site. This allows the customer toconfigure multiple Web sites using a single Windows Web Hosting instance.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.

2. From the Site drop-down box, select the Web site for which you want to create the subdomain. The site's folder


3. On the Domains tab, under Add Site Bindings, enter the new subdomain name and then click Add. The subdomain is

added to the list of identities for the root Web site.

4. To delete a subdomain, under Remove Site Bindings, select the subdomain from the drop-down box and then click

Remove.


Export and import service packages

Jun 05, 2015

Updated: 2013-02-11Before exporting or importing service packages, ensure the following requirements are met:

Verify that the source and destination environments for the service package have the same version of Services Manager

installed.

Verify that a user is configured with the two schema administrator roles (All Services Schema Administrator and Service

Schema Administrator), required to create a custom service or import or export a service.

Create the service (Configuration > System Manager > Service Deployment) or configure the property, customer plan,

and/or user plans to be transferred.

Test and validate the service to be exported. A service that contains errors will not appear in the Services Manager

control panel.

You can export and import customer services to transfer them between different Services Manager environments. For

example, service developers can create custom services and provide them to customers to import into their environments.

Customers can customize service settings and user plans in a test environment and then migrate the settings to a

production environment by exporting and importing services.

Service export and import is available for the services provided with Services Manager as well as for customized services. A

customized service is created through the control panel, from Configuration > System Manager > Service Schema.

To transfer a service between environments, export a service to a file and then import that file into a different Services

Manager environment, as described in this topic. The import deploys and enables the service at the Top Environment

Services level.

The export package file includes service properties, customer and user plans, roles and permissions, validation controls, web

server controls and assemblies, and provisioning engine assemblies, actions, and rules. A custom service created from the

Service Schema page includes only the database records for the service settings and plan properties. Before exporting a

custom service, add to it any provisioning engine or web server assembly (.dll) files that contain the code needed to run

actions on the provisioning server or to display custom user controls when provisioning the service on the web page. On the

Service Deployment page and at the Top Environment Services level, create default plans for the base service offering and

update default service properties such as patterns for file locations.

1. Log on to the Services Manager control panel.

2. From the Services Manager menu bar, choose Configuration > System Manager > Service Schema.

3. Expand the service to be exported.

4. Click Export to view the Export service to f ile area.

5. (Optional best practice) Specify the Creator, URL, and Version for the service. The URL should be the full path to the

developer’s site.

6. In the Preview area, review the items to be included in the export f ile and update as needed.

7. To add an assembly f ile (.dll) to the export package for a custom service:

1. In the Add f ile area, click Browse, navigate to the .dll f ile, and click Open.

2. Choose the folder for the dll f ile and then click Add.

8. Click Export.

9. Save the exported f ile.


1. Log on to the Services Manager control panel. This operation requires these user roles: All Services Schema Administrator

and Service Schema Administrator.

2. From the Services Manager menu bar, choose Configuration > System Manager > Service Schema.

3. Under Service Management, click Import a service.

4. Click Browse to navigate to and select the service and then click Open.

5. To review the items included in the package f ile, click Preview and update the selections as needed. Components that

already exist on the system are highlighted.

6. Click Import. An “Import Complete” message displays, followed by a list of the actions performed during the import.

When web components are imported, Services Manager restarts and automatically logs out all users.

7. Restart all provisioning servers across all locations. The provisioning servers are updated with any new rules and f iles.

8. Use the control panel to update customer and user plans and service settings as needed.


Create and provision additional user and customerplans

Jun 05, 2015

Updated: 2013-02-11When you configure a service for the f irst time, you create the initial user and customer plans that are eventually sold toResellers and customers. However, adding more plans later does not require the same level of configuration that wasrequired during service configuration. After the service is fully configured, you can create additional user or customer plansand:

Enable Resellers to offer additional levels of service to their customers.

Migrate customers’ users to a new user plan using the Package Migration Wizard. For more information about

performing this task, refer to the topic To migrate users to different user plans in bulk with the Package Migration

Wizard in Citrix eDocs.

This topic assumes the following conditions:You have fully configured the services for which you are creating more plans.

You have at least one user plan and one customer plan enabled and available for provisioning.

Use this topic as a guide for creating more plans and making them available to Resellers and customers. For more

information about configuring service-specific settings, consult the service’s configuration instructions in the Deploy

services section of the Services Manager product documentation in Citrix eDocs.

1. Create and configure a user plan for the desired service at the Top Environment Level:

1. From the Services Manager menu bar, click Configuration > System Manager > Service Deployment.

2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.

3. Click User Plans, enter a Name for the user plan, and then click Create.

4. Perform any additional configuration required.

5. Click Apply Changes, and then click Save.

2. Enable and configure the user plan at the Location level:


2. Expand the desired service, click User Plans, and then select the Enabled check box for the new user plan.

3. Expand the new user plan and update applicable settings.


3. Provision the user plan to the top Reseller:

1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name

of the Reseller and click Search. The specif ied customer is selected.

2. Expand the Reseller service and then expand the service for which you added the new user plan.

3. Select the Enabled check box for the new user plan.

4. Click Apply Changes and then click Provision.

4. Repeat Step 3 for any other Resellers in the hierarchy.

5. Provision the user plan to the customer:


of the customer and click Search.

2. Expand the desired service and click Advanced Settings.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-services-deploy/ccps-user-package-migration.html



3. Under User Plans, select the Enabled check box for the new user plan.

4. Click Provision.

1. Create a customer plan for the desired service at the Top level:

1. From the main menu, choose Configuration > System Manager > Service Deployment.

2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.

3. Click Customer Plans, enter a Name for the customer plan, and then click Create.

4. Perform any additional configuration required.

5. Click Apply Changes, and then click Save.

2. Enable and configure the customer plan at the Location level:


2. Expand the desired service, click Customer Plans, and then select the Enabled check box for the new customer plan.

3. Expand the new customer plan and update applicable settings.


3. Provision the customer plan to the top Reseller:


of the Reseller and click Search. The specif ied customer is selected.

2. Expand the Reseller service and then expand the service for which you added the new customer plan.

3. Select the Enabled check box for the new customer plan.

4. Click Apply Changes and then click Provision.

4. Repeat Step 3 for any other Resellers in the hierarchy.

5. Verify the new customer plan is available for provisioning:

1. From the Customer Services page, expand the desired service.

2. In Customer Plan, click the drop-down box to view the available plans. The newly added customer plan is displayed and

is available for selection.


View and filter provisioning requests

Jun 05, 2015

Updated: 2013-02-11Services Manager enables administrators to review the current status of provisioning requests after they have been

submitted to the provisioning engine.

Administrators can view these requests through the Services Manager system or with an RSS feed. Administrators can also

search for a specific request.

Using the Services Manager control panel, administrators can view the following information:The type of provisioning request (e.g., Bulk Request, Object Provision, Object Deprovision, etc.)

The service and customer for whom the request is created

The date on which the request is executed

The subrequests that are executed as part of the provisioning request and their transaction logs

If all subrequests in a provisioning request execute successfully, the request displays a green status indicator. If some

subrequests do not execute successfully, the request displays a yellow triangle status indicator which, later, changes to a

red status indicator.

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.

2. To view the transaction logs and subtasks executed in a provisioning request, click the Request Type entry and then

expand the Request Logs or Sub-Requests nodes.

The Services Manager RSS feed enables administrators to receive notifications whenever a provisioning error occurs.

Because the RSS feed is secured using Windows authentication, an RSS reader that supports digest authentication is

required. You can change the authentication method through IIS, if necessary.

The URL for the RSS feed is http://YourHostHeaderName/cortexdotnet/Rss/CortexProvisioningErrorsRss.aspx.

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.

2. Under Request Filter, use the following f ilters to refine the list of provisioning requests:

Type displays requests of a specif ic type such as Object Provision.

My Requests and All Requests displays requests that you have created or all requests in the system.

Request Status displays requests of a particular status that have been recorded during the life of the system. For

example, using this f ilter to f ind requests with the Provisioned status displays requests with a green status indicator in

the Status column.

Object Status displays requests where the current status of subrequests matches the status selected.

Note: Using this f ilter to f ind subrequests with the Provisioned status might display some failed provisioning requests

in f iltered results. However, the subrequest itself is not necessarily in a failed state. For example, a provisioning request

to move a customer's user from one Hosted Exchange package to another might fail because the Services Manager

system cannot f ind the mail store for the new package. Although the provisioning request failed, the user is still

attached to the current package.


Provision services and customers in bulk

Jun 05, 2015

Updated: 2013-02-11Services Manager enables service providers to create bulk provisioning requests for existing customers and users. Serviceproviders can use this feature to apply service updates to existing customers in one operation. Service providers can use thefollowing options:

Bulk Reprovisioning creates requests for users and services of a single customer.

Bulk System Provisioning creates requests for all users and all customers

When a provisioning request is created, it is sent to the provisioning engine and a confirmation message is displayed. Any

errors in the actual provisioning transaction appear on the Customer Services page of the control panel.

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk Reprovisioning.

2. Under Customer Search, enter the name of the customer whose users you want to reprovision and click Search.

3. Select one of the following options:

Re-provision all users creates a request to reprovision all users of the specif ied customer.

Re-provision all customer services creates a request to reprovision all the services originally provisioned to the specif ied

customer.

Re-provision all user services creates a request to reprovision all the services originally provisioned to the specif ied

customer's users.

Re-provision a specif ic service to all users creates a request to reprovision a selected service to all users of the

specif ied customer, regardless of whether or not the service was originally provisioned to all users.

4. Click Provision. The provisioning request is created and sent to the provisioning engine. To view the status of the request,

click Configuration > Provisioning & Debug Tools > Provisioning Requests.

Use the Bulk System Reprovisioning feature to issue provisioning requests that affect all customers or users in the Services

Manager system. For example, you can create a request for all customers or users to be reprovisioned with services based

on whether or not the services were provisioned successfully on a previous attempt.

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk System Provisioning.

2. Under Entity, select one of the following options:

Customers creates a provisioning request for all customers in the Services Manager system.

Customer Services creates a request for a selected service to be reprovisioned to all customers in the Services

Manager system.

Users creates a provisioning request for all users in the Services Manager system.

User Services creates a request for a selected service to be reprovisioned to all users in the Service Manager system.

3. Under Current Status, select one of the following options:

Provisioned specif ies requests that have been successfully provisioned for the selected entity.

Provisioning failed specif ies requests that have been unsuccessfully provisioned for the selected entity.

Provisioning and Provisioning failed specif ies all requests submitted for the selected entity.

4. Click Provision. The request is sent to the provisioning engine. To view the status of the request, click Configuration >

Provisioning & Debug Tools > Provisioning Requests. Any resulting errors appear on the Customers or Users pages of the

control panel.


To migrate users to different user plans in bulk withthe Package Migration Wizard

Jun 05, 2015

Use the Package Migration Wizard to move multiple users from one user plan to another user plan. When you specify theservice and user plan from which to migrate, Services Manager can automatically select the customers and users whomatch the criteria. If the users you are migrating belong to customers that have not been provisioned with the target userplan, Services Manager can create the required package and complete the migration.This process creates a bulk provisioning request that you can track on the Provisioning Requests page. To make tracking

easier, you can specify a unique name and description for the request.

1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Package Migration Wizard.

2. Under Wizard Setup, select any of the following wizard options and then click Next:

Select all customers selects for migration all customers with the specif ied source plan.

Select all users selects for migration all users in the Services Manager system with the specif ied source plan.

Generate missing destination packages enables Services Manager to create the target user plan for users belonging

to customers who are not provisioned with the target user plan.

3. Under Service Selection, in Service, select the service containing the user plan from which you want to migrate and then

click Next.

4. Select the user plan from which you want to migrate and click Add selected packages. The selected user plan appears in

a table, in the Source column.

5. From the package table, in the Destination column, select the plan to which you want to migrate and then click Next. A

table displays the customers that match the selected service and source user plans.

6. Ensure the customers you want to migrate are selected and then click Next. The source and destination user plans are

displayed.

7. To verify the appropriate users are selected, perform the following actions:

1. Click the source user plan and then click the customer name.

2. On the Users screen, select or clear the Selected check box as required for any users that you do or do not want

migrated.

3. Click Save and then click Save again to save your changes.

8. Under Request Details, enter a name and description for the provisioning request so it can be easily tracked on the

Provisioning Requests page.

9. Click Finish. Services Manager creates the provisioning request and sends it to the provisioning engine. To view the status

of the request, click Configuration > Provisioning & Debug Tools > Provisioning Requests.


Upgrade

Oct 05, 2016

Updated: 2014-10-09CloudPortal Services Manager 11.5 supports in-place upgrading from CloudPortal Services Manager 11.0.1, including

Cumulative Update 1 and Cumulative Update 2.

If you are using CloudPortal Services Manager 10, you must upgrade to Version 11.0.1 first, before you can upgrade to

Version 11.5. For more information, refer to the topic Upgrade from CloudPortal Services Manager 10.

If you are using CloudPortal Services Manager 11, ensure you are using Version 11.0.1. For more information about upgrading

your deployment to Version 11.0.1, refer to CTX138867, "Upgrading CloudPortal Services Manager 11.0 to Version 11.0.1."

Upgrading your CloudPortal Services Manager 11.0.1 deployment to version 11.5 involves several steps that you perform insequence. To prepare your deployment for upgrading, perform the following tasks:1. If required, deprovision the Hosted Apps and Desktops service from customers.

2. Disable all locations in your deployment by stopping the Directory Web Service, Provisioning Engine, and Web platform

components.

3. Back up all Services Manager databases (OLM, OLMReports, OLMReporting).

If you have customers who are provisioned with the Hosted Apps and Desktops service that was included in CloudPortal

Services Manager 11.0.1, you must deprovision the service from these customers before performing the upgrade. The

Hosted Apps and Desktops service in version 11.5 includes a new service schema that is incompatible with this version of the

service. Deprovisioning the service ensures the upgrade occurs smoothly and affects only the customer entitlements in

CloudPortal Services Manager; it does not affect the hosted application and desktop resources that you have allocated to

these customers.

If you have customers who are provisioned with the Hosted Apps and Desktops 11.2 service, which was released after

CloudPortal Services Manager 11.0.1, you do not need to take any action. The upgrade occurs as it would for any other

web service.

During the upgrade process, the Configuration Tool removes the Hosted Apps and Desktops service and installs the new

version. After the upgrade is complete, you can reprovision the service to customers.

After you have completed the preparation steps, you can perform the upgrade. The following table lists the required stepsand the instructions for performing them. Perform these steps in the order shown.

St ep #St ep # T o perf orm t his t ask...T o perf orm t his t ask... ...ref er t o t his t opic....ref er t o t his t opic.

1. Deploy the Encryption Service Install and configure the Encryption Service

2. Upgrade the system databases Upgrade system databases



http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-11/ccps-upgrade-cpsm10.html


http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccp-10-install-wrapper/ccps-install-encryption.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-db.html


3. Upgrade and reconfigure platform server roles Upgrade platform server roles

4. Upgrade and reconfigure web services in use Upgrade web components

5. Upgrade the Reporting service Upgrade the Reporting service

St ep #St ep # T o perf orm t his t ask...T o perf orm t his t ask... ...ref er t o t his t opic....ref er t o t his t opic.

After you have finished all the upgrade steps, re-enable all locations in your deployment by starting the Directory Web

Service, Provisioning Engine, and Web platform components.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-roles.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-web-svcs.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-reporting.html


Upgrade system databases

Oct 05, 2016

Updated: 2014-08-29Before upgrading the system databases, perform the following tasks:

Ensure you have installed and configured the Encryption Service on a server in your deployment

Ensure you have backed up all databases in your CloudPortal Services Manager deployment: OLM, OLMReports, and

OLMReporting

Important: The upgrade process makes irreversible changes to these databases. Creating backups ensures you can

recover and restart the upgrade process in the event of a failure.

This topic provides instructions for upgrading the system databases in CloudPortal Services Manager 11.0.1 to system

databases compatible with version 11.5.

You can perform this upgrade on the database server for the primary location or on a server that can connect to the

database server. When you perform the upgrade, the Configuration Tool imports the key from the Encryption Service and

then deploys a set of SQL scripts that are included on the CloudPortal Services Manager installation media. These scripts

prepare the system databases for upgrading the other components.

1. From the installation media, double-click setup.exe and click Get Started.

2. On the Select Deployment Task page, select Upgrade Existing Deployment.

3. On the Upgrade Existing Deployment page, select Upgrade System Databases and then click Install.

4. When prompted, accept the End User Licensing Agreement and then click Next.

5. Click Install. The Setup Tool installs the Configuration Tool and displays progress.

6. Click Finish to continue with the upgrade process.

7. On the Specify Primary Database Settings page, perform the following actions and then click Next:

1. Enter the following database details for the primary location:

In Server address, specify the database server for the primary location using the DNS alias, IP address, or FQDN.

In Server Port, select Use specif ic port and enter the port number used by the SQL Server. The port for the default

instance of SQL Server is 1433.

In Authentication Mode, select whether to use Integrated (Windows) or SQL authentication. By default,

Integrated is selected.

In Connect as, specify the username and password of the SQL administrator user. These f ields are available when

select the SQL authentication mode.

2. Click Test Connection to ensure the Configuration Tool can contact the SQL Server.

8. On the Confirm Databases Are Backed Up page, select This step has been completed and then click Next.

9. On the Summary page, review the database configuration information. If you want to change anything, click Back to

return to the appropriate configuration page.

10. Click Commit. The Configuration Tool imports the Encryption Service's key, launches the database upgrade scripts and

displays the upgrade progress.

11. When the upgrade is completed, click Finish. The Configuration Tool returns you to the Upgrade Existing Deployment

page.

Open the Command Prompt window and enter the following command:


CortexConfigConsole.exe /Upgrade:DatabasesThe Configuration Tool launches the upgrade database scripts that perform the upgrade. When the upgrade is completed,

the command prompt is returned.

After upgrading the system databases, continue the upgrade process by upgrading the CloudPortal Services Manager

platform server roles. For more information, refer to the topic Upgrade platform server roles using the graphical interface or

command line.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-roles/ccps-upgrade-roles-task.html


Upgrade platform server roles

Jun 05, 2015

Updated: 2014-08-13For upgrades, the term platform server roles applies to the Directory Web Service, Provisioning, and Web server roles only.

When you upgrade the Provisioning role, the Configuration Tool performs the following tasks:1. Back up the configuration f iles.

2. Stop the Queue Monitor service.

3. Disable all scheduled tasks.

4. Upgrade product f iles and applicable registry settings.

5. Import and save the Encryption Service key.

6. Restore configuration f iles and apply any XML updates.

7. Restart the Queue Monitor service.

8. Re-enable all scheduled tasks.

When you upgrade the Web server role, the Configuration Tool imports service package components such as service schema

and properties, and imports the Encryption Service key. For components that will be updated with newer versions, the

Configuration Tool gives you the option of overwriting the current version or ignoring the component.

The following customer data f iles are preserved during the upgrade process:

Upgraded server roleUpgraded server role Locat ion of preserved f ilesLocat ion of preserved f iles

Provisioning INSTALLDIR\Provisioning Engine\appSettings.config

INSTALLDIR\Provisioning Engine\CortexCommand.exe.config

INSTALLDIR\Provisioning Engine\CortexEventLogMonitor.exe.config

INSTALLDIR\Provisioning Engine\CortexQueueMonitor.exe.config

INSTALLDIR\Provisioning Engine\ProvisioningManager.exe.config

INSTALLDIR\Provisioning Engine\RequestGenerator.exe.config

INSTALLDIR\Provisioning Engine\RulesEditor.exe.config

Web INSTALLDIR\CortexWeb\Web.config

INSTALLDIR\CortexWeb\CortexDotNetWeb.config

INSTALLDIR\CortexWeb\CortexDotNetDownloads*

INSTALLDIR\CortexWeb\CortexDotNetpics*

INSTALLDIR\CortexWeb\CortexDotNetStylesheets*

INSTALLDIR\CortexWeb\CortexAPIWeb.config

Note: I f your deployment of CloudPort al Services Manager 11.0.1 includes cust omizat ions, be aware t hat youIf your deployment of CloudPort al Services Manager 11.0.1 includes cust omizat ions, be aware t hat youmight need t o updat e t hese cust omizat ions manually when you upgrade t o CloudPort al Services Managermight need t o updat e t hese cust omizat ions manually when you upgrade t o CloudPort al Services Manager11.5. For example, you might need t o updat e cust om st ylesheet s t o accommodat e changes in t he sit e11.5. For example, you might need t o updat e cust om st ylesheet s t o accommodat e changes in t he sit est ruct ure.st ruct ure.For instructions to upgrade the platform server roles, see Upgrade platform server roles using the graphical interface or

command line.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-roles/ccps-upgrade-roles-task.html


Oct 05, 2016

Updated: 2014-08-29Use this topic to upgrade CloudPortal Services Manager platform servers from version 11.0.1 to version 11.5. Perform theupgrade on the servers hosting the following platform components:

Directory Web Service

Provisioning

Web

The upgrade process involves the following tasks:Upgrade the platform roles installed on each server in your deployment.

Reconfigure each role to f inalize the upgrade.



3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database

version. If the correct database version is not detected, the Setup Tool prompts you to manually verify the version and

click Next.


5. On the Select Components page, select the components you want to upgrade. By default, installed components for

which upgrades are available are selected.

6. On the Ready to upgrade page, click Upgrade. The Setup Tool installs the Configuration Tool, upgrades the selected

roles or services, and displays progress.

7. On the Upgrade Complete page, click Finish.

8. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services.

9. On the Re-configure Upgraded Components page, select the component you want to reconfigure and click Finish

Upgrade.

10. Use the following table to configure the settings for each server role:

RoleRole PagePage Descript ionDescript ion

Directory

Web

Service

Enter

Directory

Service

Credentials

Enter the user name and password for the Queue Monitor service account. The

default user name is cortex_dirws_svc.

Provisioning Enter Queue

Monitor

Credentials

Enter the user name and password for the Queue Monitor service account. The

default user name is cortex_qmon_svc.

Report

Mailer

No configuration needed. Proceed to Step 11.


Web Preview

Service

Package

Import

Review the service components that will be imported when the Web server role is

configured. Other service components, such as reports, are imported when the

Reporting service is reconfigured.

RoleRole PagePage Descript ionDescript ion


12. When the reconfiguration is complete, click Finish.

13. Repeat Steps 1-12 for each server role you want to upgrade.

To upgrade platform components, you perform the following tasks:Upgrade the platform server roles using the Setup Tool

Reconfigure the platform server roles using the Configuration Tool

When running the Setup and Configuration Tools, use the following role names to specify the platform server roles youwant to upgrade:

Provisioning

DirectoryWebService

Web


2. At the command prompt, enter CortexSetupConsole.exe /Install:role-name /Upgrade . To specify multiple

components, use a comma-delimited list. The Setup Tool upgrades the specif ied role and returns the command prompt.

3. At the command prompt, enter CortexConfigConsole.exe /Upgrade:role-name. The Configuration Tool

reconfigures the specif ied role and returns the command prompt.

The following command upgrades the Provisioning server and Directory Web Service.CortexSetupConsole.exe /Install:Provisioning,DirectoryWebService /UpgradeAfter upgrading the platform server roles, continue the upgrade process by upgrading Services Manager web services. For

more information, refer to the topic Upgrade web components.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-web-svcs.html


Oct 05, 2016

Updated: 2014-08-14This topic describes the upgrade process of web components from CloudPortal Services Manager 11 to version 11.5. For

upgrades, the term web components refers to the control panel web site, the API web service, and all service related web

services.

During the upgrade process, the CloudPortal Services Manager Setup Tool updates all sites to run from the backup andputs all associated sites and application pools in a stopped state. Therefore, if the names of any of the sites or applicationpools in your deployment have been changed from the default, you must specify those changes in an XML f ile before youinitiate the upgrade. To create this f ile, use the following format:<Configuration> <Property Name="<service-id>.ApplicationPool" Value="MyAppPool" /> <Property Name="<service-id>.Application" Value="MyAppName" /> <Property Name="<service-id>.Site" Value="MySite" /></Configuration>The service-id property is the web service's deployment identifier used in the Configuration Tool.

After creating the XML f ile, you can initiate the upgrade using the following command:CortexSetup.exe /ConfigFile:path-to-XML-fi le /Upgrade

When you upgrade the web components, the Configuration Tool performs the following tasks:1. Stop the site and applicable web services in IIS.

2. Back up the site. The default f ile path for this backup is %ProgramData%\Citrix\CloudPortal Services Manager

Setup\Backups\Legacy\component-name.

3. Update physical paths in IIS to point to the site backup.

4. Update the site f iles in the %ProgramFiles% directory.

5. Copy updated site f iles from %ProgramFiles% to C:\Inetpub\site-name.

6. Restore customer content from site backup (for example, downloads, images, stylesheets, or scripts).

7. Restore web.config f ile from site backup and apply updates.

8. Imports and saves the Encryption Service key.

9. Update physical paths in IIS.

10. Restart site in IIS.

In the event a conflict arises during the upgrade, the sites remain in a stopped state and reference the backup created

earlier in the process. Site files in the %ProgramFiles% directory are updated and site content in C:\Inetpub\component-

name are reverted to the previous version. You can then review the configuration update file located in %ProgramFiles% and

make any necessary changes to the deployed web.config file.

For instructions to upgrade web components, see Upgrade web services using the graphical interface or command line.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-web-svcs/ccps-upgrade-web-svcs-task.html


Oct 05, 2016

Updated: 2014-08-29Use this task to upgrade CloudPortal Services Manager web services from version 11.0.1 to version 11.5. Perform this task onthe servers hosting the following components:

Citrix

Hosted Exchange

Lync Enterprise 2010 and 2013

Lync Hosted 2010 and 2013

MySQL

SharePoint 2010 and 2013

Virtual Machine

Windows Web Hosting

The upgrade process involves the following tasks:Upgrade the web services installed on each server in your deployment

Reconfigure the web services to f inalize the upgrade



3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database

version. If the correct database version is not detected, the Setup Tool prompts you to manually verify that the system

databases have been upgraded and click Next.


5. On the Select Components page, the Configuration Tool automatically selects the web services that are installed on the

server. Click Next.

6. On the Review Prerequisites page, the Configuration Tool displays the required software that will be installed to support

the upgraded web service. Click Next.

7. On the Ready to upgrade page, click Upgrade. The Configuration Tool upgrades the selected services and displays

progress.


9. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services. The Configuration Tool

attempts to retrieve the Encryption Service key.

10. On the Re-configure Upgraded Components page, click Finish Upgrade for the web service you want to upgrade. The

Configuration Tool attempts to contact the Encryption Service to retrieve the service's encrypted key. If the Encryption

Service cannot be contacted, the Configuration Tool prompts you to import the encrypted key manually using a key f ile.

To generate the key f ile, see Generate and export keyfiles for the Encryption Service.



2. In Password, enter the password that was created when the key f ile was generated and then click Next.

12. On the Enter Service Credentials page, enter the User Name and Password for the web service's service account and

then click Next. By default, the Configuration Tool displays the default user name of the web service you are upgrading.



13. On the Summary page, review the settings that will be reconfigured and click Next. The Configuration Tool restores and

upgrades the IIS site for the web service, imports the Encryption Service key, and displays progress.

14. When the reconfiguration is complete, click Finish and then click Exit.

When running the Setup and Configuration Tools, use the following information to specify the web service you want toupgrade and the location of its configuration console:

Web service nameWeb service name Conf igurat ion console locat ionConf igurat ion console locat ion

Citrix install-location\Services\CitrixWS\Configuration\CitrixServiceConfigConsole.exe

Exchange install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe

LyncEnterprise install-location\Services\LyncWS\Configuration\LyncConfigConsole.exe

LyncEnterprise2013 install-location\Services\LyncWS\Configuration\LyncConfigConsole.exe

LyncHosted install-location\Services\LyncHostedWS\Configuration\LyncHostedConfigConsole.exe

LyncHosted2013 install-location\Services\LyncWS\Configuration\LyncConfigConsole.exe

MySQL install-location\Services\MySQLWS\Configuration\MySQLConfigConsole.exe

SharePoint2010 install-location\Services\SharePoint2010WS\Configuration\SharePointConfigConsole.exe

SharePoint2013 install-location\Services\SharePoint2013WS\Configuration\SharePointConfigConsole.exe

VirtualMachine install-location\Services\VirtualMachineWS\Configuration\VMConfigConsole.exe

WinWebHosting install-location\Services\IISWS\Configuration\IISConfigConsole.exe

Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files

(x86)CitrixCortex.

1. On the server hosting the web service, log on as an administrator.


3. At the command prompt, enter CortexSetupConsole.exe /upgrade:web-service-name. The Setup Tool upgrades

the service and returns the command prompt.

4. At the command prompt, enter path-to-service-configuration-console /Upgrade. The Configuration Tool

reconfigures the web service and returns the command prompt.


The following command upgrades the Citrix web service.CortexSetupConsole.exe /Upgrade:CitrixThe following command reconfigures the Citrix web service.install-location\Services\CitrixWS\Configuration\CitrixServiceConfigConsole.exe /UpgradeAfter upgrading all web services, continue the upgrade process by upgrading the Reporting service and data warehouse. For

more information, refer to the topic Upgrade the Reporting service.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-reporting.html


Oct 05, 2016

Updated: 2014-08-15Migrating the data warehouse uses the public API of the Data Warehouse service and a Data Transfer configuration file to

update the required schema in the OLMReporting database and reprocess historical data. This process might run for an

extended period of time due to data reprocessing. You can monitor this process through the Data Warehouse logs located

at %PROGRAMDATA%\Citrix\CloudPortal Services Manager Setup\Logs\Data Warehouse Migration\timestamp.log.

Additionally, the %PROGRAMFILES%\Citrix\Cortex\Data Warehouse Service\log folder contains logs of errors that occur

while upgrading the OLMReporting database schema and data to the Version 11.5 format.

To initiate the upgrade, you can use the CloudPortal Services Manager graphical interface or the command line.Important: The user initiating the upgrade must be logged on as a domain administrator.When you upgrade the Reporting service, the Configuration Tool performs the following tasks:1. Back up the CloudPortal Services Manager 11 config.xml f ile, report definitions, and data sources.

2. Upgrade product f iles for the Reporting service.

3. Finalize the upgrade.

After the DataWarehouseMigrator.exe utility is f inished running, you manually restore any reporting customizations. Forexample:1. Redeploy any custom views or stored procedures to accommodate schema changes.

2. Migrate any custom commands in the Version 11 config.xml f ile to the Version 11.5 config.xml f ile to accommodate

schema changes.

3. Redeploy any report definition customizations.

For instructions to upgrade the Reporting service, see Upgrade the Reporting service using the graphical interface or

command line.

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-upgrade-cpsm11/ccps-upgrade-reporting/ccps-upgrade-reporting-task.html


Oct 05, 2016

Updated: 2014-08-29Upgrading the Reporting service involves backing up the config.xml file, RDL files, and data sources. The config.xml file is located at %PROGRAMFILES%\Citrix\Cortex\Data Warehouse\Data

Warehouse Service\config\config.xml. You can find the RDL files and data sources through the Report Manager web site for SQL Server Reporting Services. I f t he report ing definit ions and dat aIf t he report ing definit ions and dat a

sources have been moved t o anot her locat ion, you must back up t hese component s manually .sources have been moved t o anot her locat ion, you must back up t hese component s manually .

The user performing the upgrade must be logged on as a domain administrator.



3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database version. If the correct database version is not detected, the Setup Tool

prompts you to manually verify the version and click Next.


5. On the Select Components page, select Reporting. By default, installed components for which upgrades are available are selected.

6. On the Review Prerequisites page, the Configuration Tool displays the required software that will be installed to support the upgraded component. Click Next.

7. On the Ready to upgrade page, click Upgrade. The Setup Tool installs the Configuration Tool, upgrades the selected components, and displays progress.


9. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services.

10. On the Re-configure Upgraded Components page, click Finish Upgrade. The Configuration Tool attempts to contact the Encryption Service and retrieve the encrypted key. If the Encryption Service

cannot be contacted, the Configuration Tool prompts you to import the encrypted key manually using a key f ile. To generate the key f ile, see Generate and export keyfiles for the Encryption

Service.



2. In Password, enter the password that was created when the key f ile was generated. Click Next.

12. On the Preview Service Package page, review the service components that will be imported when the Reporting service is reconfigured. By default, only the Reporting service components are

selected. Other components, such as roles and assemblies, are imported when the Web server role is configured. Click Next.


14. When the reconfiguration is complete, click Finish.


2. At the command prompt, enter CortexSetup.exe /Upgrade:Reporting. The Setup Tool upgrades the Reporting service and returns the command prompt.

3. At the command prompt, enter CortexConfigConsole.exe /Upgrade:Reporting and specify the following properties:


/OlmPassword The password for the OLM database.

/OlmReportingPassword The password for the OLMReporting database.

/DwsUserName The user name for the data warehouse service account.

/DwsPassword The password for the data warehouse service account.

/AutoCreateDwsUser:True|False Optional. Create the data warehouse user account. Default = True

/DwsServer:hostname Optional. The hostname of the server hosting the data warehouse. Default = the name of the local computer

/DwsPort:port Optional. Inbound port to be used with the data warehouse. Default = 8095

/PackageFolder:path-to-service-packages Optional. The location of the Services folder on the Services Manager installation media, which contains the service packages.

/IgnoreErrors:True|False Optional. Whether or not to ignore service import errors. Default = True

/PurgeAgeInMonths Optional. The number of months after which older historical data is deleted. For example, specify 84 to delete data that is older than seven years.

The following command reconfigures the Reporting service and migrates the data warehouse.CortexConfigConsole.exe /Upgrade:Reporting /OlmPassword:password /OlmReportingPassword:password /DwsUserName:user-name /DwsPassword:password /IgnoreErrors:False



Oct 05, 2016

Updated: 2013-05-17Management tasks in CloudPortal Services Manager include creating and managing customers and users, assigning security

roles, using Workflow Approval to manage provisioning changes, and using reports.

Use the following topics to learn more about these tasks:Create and manage customers

Create and manage users



Manage reports

Manage deployment

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-manage/ccps-customer-manage.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-manage/ccps-user-manage.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-manage/ccps-security-roles.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-manage/ccps-workflow.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-manage/ccps-reports.html

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-manage/manage-deployment.html


Sep 17, 2015

Updated: 2013-02-12A common task for a service provider or reseller to perform after logging on to the Services Manager control panel is tocreate a customer. A customer is a container that can consist of :

Hosted services that can be configured and made available (that is, provisioned) to the customer's users

A customer administrator who can create and manage users, and provision services to them

Users who access one or more services with which they have been provisioned

Additional customers (known as resellers) who, in turn, can create and manage customers and users of their own, and

provision services to them

To create a reseller, the service provider provisions a customer with the Reseller service. Resellers can, in turn, create their

own customers and enable them to be resellers as well. Service providers have access to advanced system configuration

functions, such as service configuration, which resellers do not.

As you create a customer through the control panel, you specify the customer location (that is, the hosted domain), its

Active Directory organizational structure (optionally), and any advanced properties. Advanced properties can include

password expiry rules, additional organizational structure, and service security roles. You can select one or more security

roles to enable the customer to administer available services. As a final step, the Provisioning engine creates an organization

structure and security groups in Active Directory for the defined customer.

Creating a customer consists of these initial steps:1. Create a new customer by selecting Customers > New Customer from the Services Manager menu bar.

You can quickly create a customer with minimal details: name, email contact information, and a domain name. Services

Manager assigns a default set of restricted and allowed security roles in this case. Alternately, you can add more detailed

information and choose roles for the customer and any inherited customers and users.

2. Create a customer administrator user to manage users and administer services in the customer's organization.

After creating a customer, Services Manager automatically prompts you to create an administrator user. You can cancel

this operation, but this first user created for a customer is always an administrator user.

3. Provision available services to a customer, an action performed by a service provider or reseller.

4. Create users to whom services are later provisioned, an action performed by a customer administrator.

5. Provision services to users, an action performed by the customer administrator.


Yikes! 404 ... We feel your pain.The page you are trying to view is not here. The link might be misspelled or outdated.

Some things to try:

Go to Docs.citrix.com and search or navigate for the content

Clear your browser cache and retry the link

Report the problem and we'll investigate

Copy the address & use the FeedbackFeedback link at the bottom of Docs.citrix.com to tell us about it

AppDNA

Citrix Cloud

Citrix Receiver

CloudBridge

CloudPortal Services Manager

NetScaler

NetScaler Gateway

NetScaler SD-WAN

ShareFile

VDI-in-a-Box

XenApp and XenDesktop

XenMobile

XenServer

Advanced Concepts

Developer

Legacy Documentation

/

http://10.57.13.146/

http://10.57.13.146/en-us/dna.html

http://10.57.13.146/en-us/citrix-cloud.html

http://10.57.13.146/en-us/receiver.html

http://10.57.13.146/en-us/cloudbridge.html

http://10.57.13.146/en-us/cloudportal-services-manager.html

http://10.57.13.146/en-us/netscaler.html

http://10.57.13.146/en-us/netscaler-gateway.html

http://10.57.13.146/en-us/netscaler-sd-wan.html

http://10.57.13.146/en-us/sharefile.html

http://10.57.13.146/en-us/vdi.html

http://10.57.13.146/en-us/xenapp-and-xendesktop.html

http://10.57.13.146/en-us/xenmobile.html

http://10.57.13.146/en-us/xenserver.html

http://10.57.13.146/en-us/categories/solution_content.html

http://10.57.13.146/en-us/categories/developer.html

http://10.57.13.146/en-us/categories/legacy-archive.html

http://docs.citrix.com/



Some things to try:





AppDNA

Citrix Cloud

Citrix Receiver

CloudBridge


NetScaler

NetScaler Gateway

NetScaler SD-WAN

ShareFile

VDI-in-a-Box


XenMobile

XenServer

Advanced Concepts

Developer


/

http://10.57.13.146/



















Jun 05, 2015

Updated: 2013-02-12You can create users in the following ways:

Create a new user with the New User Wizard

Import many users by using the Bulk User Import feature, with user information defined in a Microsoft Excel spreadsheet

Move users from one customer to another customer

Creating a user through the Services Manager control panel consists of these initial steps:1. Create a new user by clicking Users > New User from the Services Manager menu bar. You can quickly create a user with a

minimum of information: name, user name and password, and display name.

2. Provision available services to the user.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-creating.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-bulk-import.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-moving.html


Create users and configure account settings

Jun 05, 2015

Updated: 2013-01-04Service providers, resellers, and customer administrators with the User Administrator security role can create users for the

services provisioned to a customer. You can assign one or more security roles to the user you create. For more information

about the security roles available, see Assign user security roles.

To create a user

1. From the Services Manager menu bar, click Customers and select the customer for whom you want to create a new

user. Under Customer Functions, click Users.

2. On the Users page, under Management, click New User.

3. Select or type the following information:

In UPN, type a user name that will be appended to the domain name that you select from the drop-down list. The

user name is automatically populated in the Username field. You can edit the Username field.

4. In First Names and Last Name, type the f irst and last name of the user. The Display Name field is automatically

populated with the f irst and last name of the user. You can edit the Display Name field.

5. Click Additional User Properties to add more information about the user.

6. To designate the user a test user, select the Test User check box.

Note: Test users are user accounts that are not added to billing reports. You can later edit this user and clear this check

box.

7. If you do not want to add more details, under Password Configuration, add a password for the user.

8. Click Provision to create the user.

To configure account settings for a new user

1. Click Additional User Properties to add more information about the user.

2. Expand Account Settings to configure the following options:

In Change password at next logon, select Yes to require the user to create a password when f irst logging on. Select

No to disable the change password feature.

In Set passwords to Never Expire, select Yes to prevent user passwords from expiring. Select No to allow the user

password to expire at regular intervals.

In Account Disabled, select Yes or No to enable or disable the user account. If you provision a user with its account

disabled, that user cannot log on to use services until you enable them by clicking Enable in User Functions.

In Account Locked, No is the only option and is selected by default.

In Account Expires, select Never to prevent account expiration. Select End of to choose the date when the account

expires.

Note: If an end date is selected, the Services Manager will automatically disable the user's account on the next

calendar day and they will not be able to access the Services Manager or any related services. Leave this setting as

Never if the user's account does not need to expire. This setting does not define the Password Expiry date as

configured by the Service Provider for the Active Directory domain's Group Policy.

3. Click Advanced Options to select security roles for the user. The Configure a custom role collection check box and all

security roles are selected by default. You can clear or select one or more roles for the user.

4. Clear Configure a custom role collection to select and assign one pre-configured role from the drop-down list.

5. (Optional) Expand Email Addresses to configure one or email addresses for the user. Otherwise, the Services Manager

automatically assigns an email address constructed from the UPN.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-roles.html


6. When you are f inished, click Provision to create the user.


Create users with templates

Jun 05, 2015

Updated: 2013-05-07If you need to create users that have similar settings, you can use a template to create these users quickly. When you

create the template, you specify the user settings, including security roles, and the services to be provisioned when the

template is used. To create a new user, you select the template you want to use and then click New User from the User

Functions dialog box. The user details from the template are copied to the new user.

Templates are customer-specific; that is, they are accessible only to the administrator of a particular customer's account.

For example, a customer administrator cannot view or use the templates of a parent reseller, and the reseller cannot view

or use the templates of any of their customers.

Templates are stored in the system database as users. You can access existing templates from the Users page of the

control panel. Under Advanced Search, enter search criteria and select the Template user type.

To create a new template

1. From the Services Manager menu bar, click Users.

2. Under Management, click New Template User. The Create User page appears.

3. In Display Name, enter a name for the template user.

4. Click Additional Properties to add address and organizational details.

5. Click Account Settings to configure password change and expiration settings.

6. Click Advanced Options to select a security role for the template user. To customize the security role, select Configure a

custom role collection.

7. Click Save. The Provision Services page appears.

8. Select the services you want to provision when the template is used to create a new user.

9. Click Save.

To create a new user based on a template

1. From the Services Manager menu bar, click Users.

2. Find and select the template you want to use:

1. Under Advanced Search, in User Types, select Template.

2. Click Search. A list of all existing templates appears.

3. Select the template you want to use. The Create User page appears.

3. Under User Details, perform the following actions:

1. Enter the user's UPN and name information.

2. (Optional) Click Additional Properties and enter any additional location or organization details for the user.

4. Under Password Configuration, enter the user's password and confirm the entry.

5. (Optional) Under Account Settings, review the password settings and security role, and make any required changes.

6. Under Email Addresses, add email addresses as required.

7. Under Copy Services, select the services you want to provision to the new user.

8. Click Provision.

After the new user is provisioned, ensure the user's provisioning status appears with a green indicator for all services.

Services that appear with a blue indicator require additional configuration.


Create multiple users with Bulk User Import

Jun 05, 2015

Updated: 2013-02-12You can import new or edit existing users in a customer hierarchy by using the Bulk User Import feature. This featureenables you to create new or modify existing multiple users as specif ied in a Microsoft Excel 97-2003 format workbook(.xls). You can download a new blank template or a workbook populated with existing user information from the portal. Ineither scenario, you perform the following actions:

Download the appropriate template

Create new or edit existing users

Upload the template to the portal

Select users to add or update

Provision services to the users and then provision the users

After uploading the template, Services Manager gives you the opportunity to perform the following actions:Resend the f ile process request to upload the template again

Import the users from the template you uploaded

Download the template you uploaded

Cancel the bulk user import process

Delete the f ile from the imported f ile list

Bulk User Import Template Settings describes the template's workbook headings and settings.

Consider the following when you create or edit a Bulk User Import template:Do not rename the column headings in the templates.

Do not leave blank rows between users.

The templates do not support provisioning new services to users. You must provision services to users through the

Services Manager by using the User Functions or Multi User Selection features.

To download a template

1. Click Users > Bulk User Import.

2. Click one of the following options, then click Save when prompted to save a copy of the template on your PC:

Click New Users Template to download a blank workbook template with column headings.

Click Existing Users Template to download a workbook with column headings and cells populated with user data.

Click Generate Template to create a new template with column headings and cells populated with current user data.

When the workbook template is ready, click Existing Users Template to download it.

Note: This selection exists depending on how Services Manager was installed. The workbook is not generated

immediately. The speed at which the workbook is generated depends on how many users exist in the customer

hierarchy.

To import users

1. Click Users > Bulk User Import.

2. Under Upload User Import File, click Browse, navigate to your new or edited workbook, and select it.

3. Add a description for the workbook and click Upload. The Bulk Import File List displays the f ile details as the f ile is verif ied.

4. From the f ile list, click the upload date of the f ile you uploaded and, under Import File Management, click Import. The

User Import page appears.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-bulk-import/ccp-10-user-bulk-import-settings.html


5. Click New Users or Existing Users to view the uploaded users. The list of users is shown, including any users who might

have errors in their entries. You can select verif ied users to import at this time, and f ix invalid users to upload at a later

date.

6. (Optional) Expand a user to view account properties associated with the user.

7. Click Save to import the selected users.

Note: You cannot import users that have errors in their entries. With your mouse pointer, hover over any error to reveal

the source.

8. Provision one or more services to the users and provision the users to activate them in the customer hierarchy.


Bulk User Import Template Settings

Jun 05, 2015

The Bulk User Import Template workbook is a Microsoft Excel 97-2003 compatible .xls format file that can be blank or

contain information about one or more users in a customer hierarchy. It contains a header row that indicates all possible

fields associated with a user.

First Name

First name of the user

Surname

Surname or last name of the user

Display Name

First name and last name of the user. If left blank, the Display Name is automatically created from the First Name and

Surname fields.

UPN

User principal name in the format of username@domain. The domain is the customer's domain. A user can log on using the

UPN. If you specify an email pattern such as %g.%s@domain, the resulting email address is in the form of

firstname.lastname@domain.

Username

If blank, the software automatically creates a username for the user, using the UPN username appended with a

_CustomerShortName. The _CustomerShortName is derived from the customer's ShortName. You can edit this f ield in the

template or Edit User dialog.

Password

An alphanumeric user password. If blank for an existing user, the user's password is preserved. A password is required for a

new user. Passwords must be at least eight characters long and contain at least three of the following four character

types:

Lower case alpha character

Upper case alpha character

Numeric character

Symbol character, such as !, @, #, $, %

Location

The Active Directory Location of the user's customer. If blank, the default location is Unassigned.

Department

The user's assigned department. If blank, the default department is Unassigned.

Phone Number

Telephone number associated with the user.

Custom Field

One or more for customized information associated with the user.

Roles

Specify one or more comma-separated security roles for the user. For example: Customer Administrator, Exchange Service

Administrator. Each column is limited to 250 characters. Use the Roles 2 through Roles 4 f ields for additional roles.

Account Disabled

This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user account is disabled


and the user cannot log on to access services. FALSE specif ies that the account is enabled upon import.

Change Password at Logon

This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user must change its

password when f irst logging on. FALSE specif ies that the user does not need to change the user account password at f irst

logon.

Password Never Expires

Select TRUE to set the user password to Never Expire. You must select TRUE if you want to use the AD Sync tool. Select

FALSE to allow the user password to expire at regular intervals.

Email Addresses

Specify one or more email addresses for the user. If blank, the software automatically assigns an email address constructed

from the UPN.

City/ZipPostal/Title/Street

Specify physical address information for the user. You can specify a user's organizational title; for example, Manager of

Engineering Services


Find users

Jun 05, 2015

Updated: 2013-05-11You can f ind users by using one of the following search methods:

The User Search feature available from the control panel Home page, located under User Management

The search criteria available from the Users page

Note: User search is limited to the users of a specif ic customer. Before searching for users, f ind and select the customer towhom the target users belong.

To search for users from the Home page

1. From the Services Manager menu bar, click Home and expand User Management.

2. Select a f ilter of Name, UPN, or Email.

3. In User Search, type a user name, email, or User Principal Name (UPN) and click Search.

You can use the percent (%) character as a leading wildcard to perform partial searches. For example, type %citrix to find

all users with "citrix" as part of the user name.

To search for users from the Users page

1. From the Services Manager menu bar, click Users. The Users page appears, listing all the users for the current customer.

2. To search for users alphabetically:

1. Expand Filter Fields and select one of the following criteria:

User ID

UPN

Firstname

Surname

Location

Department

2. Click the letter with which the selected criteria begins.

For example, to f ind users with UPNs beginning with F, you select UPN and then click the letter F.

3. To search for users using several different criteria:

1. Expand Advanced Search and enter any of the following information:

In User ID, UPN, First Name, Surname, or Email, type at least one letter in any of these f ields to f ind users whose

information begins with the letter or letters.

In Role, select a security role from the drop-down list. For example, select User Administrator to f ind users assigned

the User Administrator role.

Under User Types, select Standard to f ind a customer's user. Select Template to f ind any user templates in the

Services Manager. Typically, a template user is the defined user template you can download for Create multiple

users with Bulk User Import.

2. Under Service Filter, enter any of the following information:

In Service, select a service from the drop-down list. Only services that are currently provisioned to the customer

appear in this f ield.

In Access Level, select a user plan, if applicable.

In Status, select the service provisioning status for the users you want to f ind.

3. Under Account Status, select Yes or No to f ind users according to the associated account status. By default, Ignore is

selected to prevent the account status options from being considered in searching.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-bulk-import.html


4. Under Password Status, select Yes or No to f ind users according to the associated password expiration status. By

default, Ignore is selected to prevent the password status options from being considered in searching.

5. Under Additional Options, enter criteria found in the custom fields, location, or department specif ied in the user

properties.

4. Click Search.


Move and copy users

Jun 05, 2015

Updated: 2013-02-12You can move a user from one customer to another customer, migrating the user information and provisioned services tothe new customer, with the following conditions:

Both customers must belong to the same Services Manager location (that is, Active Directory domain).

Provisioned services that will transfer with the user are limited to Hosted Exchange and Office Communications Server

(OCS). If the user is provisioned with any other service, deprovision that service before attempting the migration.

You can also make a copy of an existing user within the customer hierarchy. The copied user resides in the original user's

customer hierarchy and possesses the original user's provisioned services.

To move a user to a different customer

Ensure that you perform the following procedure as a Service Provider or Reseller administrator.

1. From the Service Manager menu bar, select Users > Configuration > User Move.

2. In Customer Search, type a source customer name and click Next. Services Manager returns the source customer name,

if found.

3. In User Search, type a user name and click Next. Services Manager returns the user name, if found.

4. In Customer Search, type a destination customer name and click Next. Services Manager returns the customer name, if

found, and displays the User Mapping table to enable you to change the moving user's new UPN and email address.

5. Accept or edit the defaults and click Next.

6. Click Finish to move the user.

When complete, Services Manager prompts you to review the customer and user. Citrix recommends that you review both

and edit each as required. To move another user, click Move another user to a new customer.

To copy a user in the same customer hierarchy

Ensure that you perform the following procedure as a user administrator, at a minimum.

When performing this procedure, consider the following items:Some services might appear in the User Services dialog box with a blue provisioning status. Blue indicates that the user's

services require additional configuration. After configuring the service, manually provision it.

When the Hosted Exchange service is provisioned to the copied user, the default primary email address is the new copied

user's address.

If populated, the Title and Web Page f ields in Additional User Properties are copied to the new user.

1. Click Users to display all users for a customer, then click a user to access the User Functions dialog box.

2. Click Copy User. The Create User page appears.

3. Enter user details and password for the new user and configure account settings as described in Create users and

configure account settings.

4. Click Copy Services and clear the check boxes for any provisioned services you do not want to be copied to the new user.

5. Click Provision. The Provision Services page displays all provisioned and unprovisioned services.

6. Provision any additional services from the list to the copied user.

7. Click Provision for each service you want to provision to the user. The copied user is now created and provisioned in the

customer hierarchy.



Assign user security roles

Jun 05, 2015

Updated: 2013-02-12Each user can be assigned a specif ic security role in the Services Manager control panel. A security role provides a user withselected access permissions in the Services Manager. The following roles are the standard or default administrator rolesavailable when creating or editing a user.

SecurityRole

Description

Customeradministrator

The f irst user created by default after creating a customer inherits this role. The customeradministrator can create, provision, and edit users, then provision users to services. This role can alsomanage services provisioned to the customer. This role includes all permissions of the user and serviceadministrator.

Partial useradministrator

This role can reset passwords for a customer's user.

Useradministrator

This role can create, provision, and edit users for a customer.

Serviceadministrator

This role can manage services provisioned to the customer. It can access any editable administrationinterface associated with a service.

User andserviceadministrator

This role is identical to the customer administrator. Assign this role to a user when you require morethan one customer administrator user in your organization or hierarchy.

Services Manager also includes three security roles to enable end-users (that is, consumers of customer services) to managetheir accounts and provisioned services. These roles are disabled by default and need to be enabled and provisioned to thetop-level customer by a service provider or reseller administrator before they can be provisioned to a user account. Onceprovisioned, users can manage their accounts through My Account, available from the Services Manager menu bar afterlogon.

Security Role Description

My AccountManagement

Enables the end user to change the user information details, account password, and manageemail addresses associated with the user account.

My ServicesManagement

Enables the end user to select, edit, and re-provision the services provisioned to the end useraccount.

My Account & ServicesManagement

Combines the above management capabilities in a single role.

To enable and provision user security roles

Ensure that you are logged on to the Services Manager as a customer administrator user to perform these steps.


1. Select a user by performing one of the following steps:

Create a user as described in Create users and configure account settings.

From the Services Manager menu bar, click Users to display all users, then expand a user to access User Functions. Click

Edit User.

2. Expand Account Settings and click Advanced Options.

3. In Security Roles, perform one of the following actions: select a role from the drop-down list to assign a default

administrator security role to the user.

Assign a default security role: Clear the Configure a custom role collection check box and select a default security role

from the drop-down list.

Assign a custom security role: Select the Configure a custom role collection check box and select any of the service

and system roles that appear.

4. Click Provision.



Modify users

Jun 05, 2015

Updated: 2013-02-12

To modify an individual user

The User Functions dialog box enables you, as the administrator, to manage an individual user in your organization. To

manage multiple users with User Functions, use the Multi User Selection dialog box.

1. Find a user by using one of the following methods in Find users.

2. Click the user name to display the User Functions dialog box.

3. Select any of the following options:

Option Description

Edit User Modify user contact information and email addresses, change the user password, add or remove

security roles, and modify account settings.

Copy User Make a copy of an existing user within a customer hierarchy. The copied user resides in the original

customer hierarchy and possesses the original user's provisioned services. See Move and copy users.

Delete Permanently delete a deprovisioned user account from the Services Manager and Active Directory.

This function is only available after you deprovision a user.

Deprovision Deactivate the user account in Active Directory but keep the account information in the Services

Manager database.

Disable Disable the user account in the Services Manager database and Active Directory. The user cannot log

in to the Services Manager while disabled and the administrator cannot modify any services previously

provisioned to the user.

To reinstate the user, click Enable and then Provision.

To delete the user, click Delete. This action deletes the user account from the Services Manager

and Active Directory and also deletes any data associated with the user (such as Exchange

mailboxes).

Note: You can modify user settings by using Edit User while the user is disabled. Click Provision in

the Edit User dialog box to apply the changes to the user.

Enable Reinstates the user account in the Services Manager and Active Directory. Next, click Provision to

provide the user with full access to its provisioned services.

Provision Activate the user account after updating or modifying account settings. If a user had been disabled,

Enable the user before performing a Provision operation.

Services Select and configure service settings and provision one or more services to the user.

To modify multiple users

1. Perform one of the following steps:

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-search.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-user-manage/ccp-10-user-moving.html


If you are a Service Provider administrator, search for and select a customer, then click Users to display that

customer's users.

If you are a customer administrator, click Users from the Services Manager menu bar to display your users.

2. Under Multi User Selection, click Select All Users to select every user in the customer hierarchy. Otherwise, select the

users on which to perform the operation.

3. Click one of the following options:

Services

Disable

Enable

Provision

Deprovision

Delete


To impersonate a user

Jun 05, 2015

Updated: 2013-05-13Impersonating a user allows you to see what the user can access and view within the Services Manager control panel. Youcan do this, for example, when troubleshooting a system problem that a user is experiencing. To impersonate a user, youmust have the User Administrator security role assigned to you.While you are impersonating a user, you cannot impersonate another user, even if the user you are impersonating has the

User Administrator security role assigned.

1. From the Services Manager menu bar, select Customers.

2. Select the customer whose user you want to impersonate and then, under Customer Functions, click Users.

3. Select the user you want to impersonate and then, under User Functions, click Impersonate. The impersonation takes

immediate effect and the top of the control panel page indicates you are impersonating the selected user. The control

panel displays all the menus and functions that are allowed for the selected user.

4. To return to your own user account, click your username near the top of the control panel. The control panel displays

the customer's Users page.


Manage user password expiration email notificationsand reports

Jun 05, 2015

Updated: 2013-02-12Services Manager enables a customer administrator to configure, enable, and report on user password expiry andnotif ication. As described in Create users and configure account settings, you can allow passwords in user accounts toexpire. Creating and configuring password expiration email notif ication is the f irst step of a two-step process: f irst create amessage, then enable the message to be sent. To do this, you perform the following tasks:

Create and configure a password expiration email notif ication to all users within a customer hierarchy.

Enable the password expiration notif ication email.

Generate a user email expiry report to be sent to a customer administrator.

Note: The Password Expiry date is set by the service provider or domain administrator for the domain's Group Policy.

To create and configure a password expiration email notification to users

If you intend to include a file attachment with the notification, upload the file before creating the new notification

message.

1. From the Services Manager menu bar, click Customers > Configuration > Email Notif ication.

2. (Optional) If you intend to include a f ile attachment with the notif ication, click Attachments and then select and upload

the f ile you want to include. To return to the email notif ication page, click Notif ication.

3. Under Create Messages, select the following options:

In Event, select User Password Expiry.

In Recipient, User.

In Customer Type, select Full Customer.

4. Click New Message. The Email Content dialog box appears.

5. Configure the following email notif ication settings and then click Save:

Under Settings, select the status, frequency, modif ication settings for the notif ication. By default, notif ications have

an Enabled status and are sent once.

Under Recipients, select one of the following f ilters by which to search for or select recipients and then click Add:

Select Custom and, in E-mail, type a common email pattern or customized email address. For example, the common

email pattern {UserExternalEmail} sends email to the address specif ied in the user's External Email Address property.

Select User or Customer and, in Search, type a name or search by specifying a partial name prepended with the

percent (%) character.

Select Role and choose a role from the drop-down list. All users provisioned with that role will receive a notif ication

email.

Select Reseller Role and choose a role from the drop-down list. All users provisioned with that role will receive a

notif ication email.

In From Address and From Display, type the reply-to address and a display name of the email sender.

Under Message, perform the following actions:

In Language, select a language from the drop-down list.

In Subject, type a subject for the notif ication.

(Optional) In Attachments, select a f ile that you uploaded using the Attachments feature.

In the message box, type the text of your message.

In Message Type, select Html or Text.



To enable the password expiration notification email and email expiry report

1. From the Services Manager menu bar, click Users > Configuration > Email Configuration.

2. Configure the following email notif ication and report settings and then click Save:

In Email Expiry Report, select Yes to generate a daily report about user accounts to be sent to the specif ied customer

administrator, based on the conditions selected on this page. Selecting No disables all selections except Email

Notif ication Report.

In Email Notif ication Report, select Yes to send an email to user accounts where the password is due to expire in the

time specif ied on this page. The Services Manager also sends a summary report to the customer administrator email

specif ied in this dialog. The report includes all users to whom the notif ication email was sent successfully and any

users to whom the notif ication was not sent because an email address was not configured for their account.

Selecting No disables all selections except Email Expiry Report.

In Include users with passwords that expire in blank days, Select Yes and type the number of days in which user

passwords expire. Selecting No disables the remaining choices labeled with "Filter."

In Filter never expire, select Yes to report users whose passwords are set to Never Expire.

In Filter expired passwords, select Yes to report users whose passwords have expired.

In Filter accounts locked, select Yes to report users whose accounts are locked.

In Filter accounts disabled, select Yes to report users whose accounts are disabled.

In Email Address, specify the customer administrator email address and select the location from the drop-down list. To

send the report to more than one customer administrator, create a Microsoft Exchange Distribution Group and type

the Distribution Group's email address.

In Language, select a language from the drop-down list.



Jun 05, 2015

Updated: 2013-05-11A security role is a set of permissions that defines customer, administrator, and user access to specific tasks in the services

manager. For example, the first or default user created for a customer is a customer administrator. The customer

administrator is automatically assigned the Customer Administrator security role (and can also be assigned other security

roles). The customer administrator can then assign one or more security roles to users in the customer hierarchy. A security

role can also consist of multiple security roles; for example, the My Account and Services Management role consists of the

My Account Management and My Services Management roles.

Services Manager includes a default set of security roles. A service provider can manage security roles associated with:Customer, user, and service tasks

User services

Reports and reporting

Dialog boxes, menus, or pages in the control panel

This topic lists the default security roles available and describes how to:Create or copy security roles

Export and import security roles, enabling you to design, test, and configure a customized role before implementing it in a

production environment

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-security-roles/ccp-10-security-roles-default.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-security-roles/ccps-security-roles-create.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-security-roles/ccps-security-roles-import-export.html


Default Security Roles

Jul 22, 2016

Updated: 2014-01-06Services Manager includes a default set of security roles. The default roles cannot be deleted or modified but can be copied

and used as a template for a new role. A role can consist of one or more roles. In the case of a role consisting of multiple

roles, the role inherits the permission levels of the component roles.

Security Roles Installed by Default

Role Description Component Roles

AD Sync

Administrator

Advanced User View Enables access to Advanced section of the Create

User dialog box.

All Services Schema

Administrator

Manage the schema and configuration for all services. Service Schema Administrator

API User Enables access to the Services Manager API.

Authenticated Users Permission to perform generic user functions and view

related dialogs. Access any service-related user dialog

when the user is provisioned with that specific service.

Mandatory role assigned to all authenticated users.

Exchange User

Office Communication Server (OCS)

User

SharePoint User

SQL Users

Citrix Service

Administrator

Create customized Citrix Application Groups for the

administrator's customer.

Content

Management

Service

Administrator

Update or modify the services manager interface.

Customer

Administrator

The first user created by default after creating a

customer inherits this role. The customer administrator

can create, provision, and edit users, then provision

User Administrator

Service Administrator


users to services. This role can also manage services

provisioned to the customer. This role includes all

permissions of the user and service administrator.

DNS Service

Administrator

Allowed access to the Domain Name Service (DNS)

Records and DNS Templates dialogs. Can manage DNS

zones and create DNS entries.

Dynamics CRM

Administrator

Manage the service, including all pages.

Dynamics CRM User Allowed access to the service as a user.

Everyone Permission for authenticated and non-authenticated

users to view generic pages in the services manager.

Exchange Service

Administrator

Create and manage Microsoft Exchange Distribution

Groups, Contacts, and Public Folders.

Exchange Users Access to Exchange Summary dialog and can

download Outlook Account settings.

File Sharing Service

Administrator

Create folders and add specific user permissions to

folders. Create user security groups.

Hosted Apps and

Desktops Service

Administrator


Hosted Apps and

Desktops User

Enables users to access the service.

Lync 2010 for

Hosters Service

Administrator


Lync 2010 for

Hosters User

Enables users to access the service.

Lync Enterprise

Service



Administrator

Lync Enterprise User Enables users to access the service.

Mail Archiving

Service

Administrator


My Account and

Services

Management

Combines My Account Management and My Services

Management roles. Enables end users to manage their

own accounts, edit services provisioned to them, and

select new available services.

My Account Management

My Services Management

My Account

Management

Enables the end user to change the user information

details, account password, and manage email

addresses associated with the user account.

My Exchange

Service

Enables the customer to manage Hosted Exchange

resources such as public folders and distribution lists.

My Hosted Apps

and Desktops

Service

Enables the user to access subscriptions provisioned

through the service.

My Services

Management

Enables the end user to select, edit, and re-provision

the services provisioned to the end user account.

MySQL

Administrator


OCS Service

Administrator


OCS User Allowed access to the service as a user.

Partial User

Administrator (Reset

Passwords)

Reset passwords for a customer's user. Cannot create

or delete users.

Reporting Users Access to the front-end reporting system.


Reseller Full

Administrator

Create, provision, and edit its own customers, then

provision services to its customers. Create, provision,

and edit users, then provision users to services.

Reseller Partial

Administrator

Manage reseller customer services and users.

Service

Administrator

Manage administration tasks for services. Access any

editable service-related administration dialog when the

customer is provisioned with that specific service.

BlackBerry Service Administrator

Citrix Service Administrator

Content Management Service

Administrator

DNS Service Administrator

Dynamics CRM Administrator

Exchange Service Administrator

File Sharing Service Administrator

OCS Service Administrator

Office 365 Service Administrator

ShareFile Service Administrator

SharePoint 2010 Service Administrator

SharePoint 2013 Service Administrator

SQL 2000 Service Administrator

SQL 2005 Service Administrator

User Sync Administrator

Virtual Machine Administrator

Windows Web-Hosting Service

Administrator

Service Provider

Administrator

Allowed full services manager access, all security role

permissions, and service access levels.

Citrix Service Administrator

Content Management Service

Administrator

DNS Service Administrator

Exchange Service Administrator

File Sharing Service Administrator


SharePoint Portal Service

Administrator

Windows Web-Hosting Service

Administrator

Reseller Full Administrator

Store Manager

Service Schema

Administrator

Allowed access to common service schema page and

menu permissions.

SharePoint 2010

Administrator


SQL Service

Administrator


SQL Users Allowed access to the summary details dialog.

Template User and

Service

Administrator

Create user templates and configure services to them.

This administrator can create a new user by using a

default template.

User Administrator Create, provision, and edit users for a customer.

User and Service

Administrator

Enable the user to create and administer users and

provision services for a customer.

This role is identical to the customer administrator.

Assign this role to a user when you require more than

one customer administrator user in your organization

or hierarchy.

User Administrator


Virtual Machine

Administrator

Access the Virtual Machine Management pages.

Windows Web

Hosting Service

Administrator

Create and configure web sites, add user permissions

to web sites, and create user security groups.

Workflow Approval Allowed to define approval subscriptions.


Administrator

Workflow Approval

User


Create or copy security roles

Jun 05, 2015

Updated: 2013-02-12The default roles in Services Manager cannot be deleted or modified but can be copied and used as a template for a new

role. You can also create a completely new role through the New Role dialog box.

A security role consists of Role Setup information and Role Permissions settings.

For detailed information about Role Setup fields, see Role Setup.

For detailed information about Role Permissions settings, see the following topics:Role Permissions: Customers, Services, User Services, Users

Role Permissions: Menus, Pages, Reports

To create a new security role

When you create a new security role, the Role Setup section is blank and the Role Permissions access settings are set to a

default value of None and all Menus, Pages, and Reports selections are cleared.

1. From the Services Manager menu bar, select Configuration > Security > Security Roles.

2. Click New Role. A new Role Management dialog box is displayed.

3. Complete the f ields and selections in the Role Setup section and modify the Role Permissions section as required, then

click Save.

To copy an existing security role

When you create a new security role, the Role Setup section is blank and the Role Permissions area contains the access

settings of the copied security role.

1. Select Configuration > Security > Security Roles to display the list of security roles.

2. Click a role from the list to expand the role properties.

3. Click Copy at the bottom of the Role Management dialog box. A new Role Management dialog box is displayed.

4. Complete the f ields and selections in the Role Setup section and modify the Role Permissions section as required, then

click Save.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-security-roles/ccps-security-roles-create/ccp-10-security-roles-setup.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-security-roles/ccps-security-roles-create/ccp-10-security-roles-permissions.html

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-security-roles/ccps-security-roles-create/ccp-10-security-roles-permissions-menus.html


Role Setup

Jun 05, 2015

Updated: 2013-03-06The Role Setup section of the Role Management dialog box enables you to specify the service to which the role is applied,

any associated role groups (such as Exchange Users), administrator type, and other settings and information.

Name

Provide a descriptive name for the security role, using alphanumeric characters, including spaces.

Directory Name

Specify the name of an Active Directory security group to associate with the security role. Leave this value blank if you do

not want to create a group. Specify the name in the form of a pattern. For example, specify "HE {CustomerShortName}

USERS" for Hosted Exchange Users of a particular customer.

Description

Optionally describe the new security role.

Filter on Service

Select an existing service from the drop-down list. If a service f ilter is selected and the customer has been provisioned with

that service, the security role is available in the user or customer Account Settings dialog box. Selecting this option enables

the Service Filter Scope setting.

Service Filter Scope

This setting is enabled if you selected a service from the Filter on Service drop-down list.

Select Customer to make the security role available if the customer is provisioned with the service. For example, an

administrator can view service administration dialog boxes when the service is provisioned to a customer.

Select User to activate the role to users provisioned with the associated service.

Mandatory

Select Enabled to automatically assign the security role to all users. The security role is not displayed on the user

Account Settings dialog box.

Clear Enabled to make the security role selectable on the user Account Settings dialog box.

Hidden

Select Enabled to hide the security role; that is, the security role is not visible to users other than the service

administrator. Use this option until the security role is ready to be applied to users or customers.

Clear Enabled to make the security role visible in the services manager.

Role Groups

Attach existing security roles to the new or edited security role. When assigned, the user or customer inherits the

permissions of the new or edited security role and the selected security roles.

Administration Role

Select Enabled to include this security role as common role to all users. The security role is displayed on the user Account

Settings dialog box.

Select Clear to make this security role available to users through the Configure a custom role collection option displayed

on the user Account Settings dialog box.

User role type


Select one of the following user role types. A related icon will appear next to the user when the security role is assigned:

None


User Administrator

User and Service Administrator

Available to all customers

Select Enabled to make the security role available to all customers. The role can be assigned to any user unless explicitly

denied to a customer when creating or editing the customer properties.

Clear Enabled to enable you to explicitly assign the role to a customer or reseller customer (which can then be assigned

to a user) from the Allowed Roles list available from the customer's Advanced Properties.


Role Permissions: Customers, Services, User Services,Users

Jun 05, 2015

Updated: 2013-05-11This topic describes the settings used for defining a security role's access to customers, services, and users in the control

panel. These settings appear in the Role Permissions section of the Role Management screen. To access the Role

Management screen, select Configuration > Security > Security Roles and then create or select the security role you want

to configure.

For information about role settings for accessing menus, pages, and reports, see Role Permissions: Menus, Pages, Reports.

On the Customer, Services, User Services, and Users tabs, you can expand certain permissions and apply more detailed

permissions. For example, on the Customers tab, you can expand the Read permission and select additional permissions such

as Name, Contact Detail, and Billing Identifier. On the Services and User Services tabs only, you can use the Filter drop-down

list to apply selected permissions to a specific service or to all services in your deployment.

You set permissions for each function by clicking the Access selector next to the function. The Access selector changes todenote one of the following permission levels:

AccessType

Accessselectorsymbol

Access description

Noneselected

No access to the function.

Customer The function is permitted for the selected customer. For example, the User Services permissionsof Read, Update, and Provision for the My Services Management security role are set asCustomer. This setting indicates that the administrator user with the My Services Managementrole can perform that function on its customer only.

SubCustomer

The function is permitted for the subcustomer of the selected customer. For example, if theUser Services permissions of Read, Update, and Provision for a security role are set as SubCustomer, users with this role can perform the function on the customer's subcustomer (butnot on the customer).

Customerand SubCustomer

The function is permitted for the selected customer and related subcustomer(s). For example, ifthe User Services permissions of Read, Update, and Provision for a security role are set toCustomer and Sub Customer, users with this role can perform the function on the customerand its subcustomer(s).

After you finish modifying the security role, click Save.

Permission reference

Available Function Customers Services User Services Users

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-security-roles/ccps-security-roles-create/ccp-10-security-roles-permissions-menus.html


Filter X X

Create X X

Read X X X X

Update X X X X

Delete X X

Enable/Disable X X

Provision X X X X

Deprovision X X X X

Reset X X X X

Reports X X X

Email Content X

API Access X

System Content X

Full Logging X

Change Domain Ownership X

Manage Brands X

Manage System Brands X

Copy X

Impersonate X

Account Management X



Credential Management X

Password Management X

Manage Security Questions X

Email Management X

Role Management X

Administrator Management X

Service Provider X X X



Role Permissions: Menus, Pages, Reports

Jul 22, 2016

Updated: 2013-05-11This topic describes the settings used for defining a security role's access to menus, pages, and reports in the control panel.

These settings appear in the Role Permissions section of the Role Management screen. To access the RoleManagement screen, select Configuration > Security > Security Roles and then create or select the security role you

want to configure.

For information about role settings for accessing customers, services, and users, see Role Permissions: Customers, Services,

User Services, Users.

To permit a security role to access specific menus, pages, or reports, you select the appropriate check box. To deny access,

clear the appropriate check box.

NoteWhen granting access to submenus, you must also enable access to all parent menus. If you do not enable access to the parent

menus, the submenu item is not visible to applicable users when they are logged on to the control panel. For example, if you enable

access to the Customer Brand submenu item, but do not enable access to Customers, Configuration, and Branding, the

Customer Brand menu item does not appear in the menu bar to applicable users.

After you have finished modifying the security role, click Save.

Menu reference

Top-level Menu Second-level Submenus Third-level Submenus Fourth-levelSubmenus

Customers New Customer

Customers

Customer Services

Customer Hierarchy

Configuration Branding Brands

Customer Brand

Customer List Customer List

Types

Customer Lists

http://docs.citrix.com/en-us/cloudportal-services-manager/11-5/ccps-manage/ccps-security-roles/ccps-security-roles-create/ccp-10-security-roles-permissions.html


Table Schema

Table Data

Display Properties

Customer Move

Email Notif ication

Organizational Structure Departments

Locations

User Specif ied

Groups

Restricted Domains

Security Security Groups

User Groups

Users New User

Users

Bulk User Import

Configuration Email Configuration

User Move

Services (All installed services arelisted here)

Group Management

SQL Hosting Summary

AD Sync AD Sync Download

AD Sync Server

Monitor

Backup Agent Client

Citrix Application Access

Customer Application



Groups

Configuration Applications

Application Groups

Citrix Applications

Resources

Dynamics CRM CRM Summary

CRM Import

DNS DNS Records

DNS Templates

Downloads

Exchange Exchange Summary

Device Settings

Contacts

Distribution Groups

Public Folders

Resource Mailboxes

Mailbox

Import/Export

File Sharing Manager

Hosted Apps and Desktops Advertisement

Management

Resources

MySQL Databases

Users

SharePoint 2010 Farms

Farm Configuration

Feature Packs

Virtual Machine Virtual Machines

Networks

Resource Summary



Configuration Virtual Resource

Manager

Virtual Network

Manager

Windows Web Hosting IIS Site Manager

Web Site Import

Configuration Content Management Content Translation

Language

Import/Export

Supported Languages

URL Branding

Provisioning & Debug Tools Recorded Errors

Provisioning Requests

Bulk Reprovisioning

Package Migration

Wizard

Bulk Exchange Mobile

SMS

Security Security Roles

Page Manager

System Manager Locations

Credentials

Service Schema

Service Deployment

Servers

Server Roles

Server Collections

Server Connections



Server Resources SQL Servers

Web Servers

Validation

Workflow Setup

Control Panel Properties

Workflow Approval Responses

Approval Requests

Approval Status

Configuration Workflow Groups

Workflow Managers

Approval Emails

Approval Providers

Reports View Reports

Configuration Data Warehouse

Help Version and CopyrightInformation

My Account Personal Details

Exchange Summary

SQL Hosting Summary

Services

Password Change Password

Security Questions

Logout None



Export and import security roles

Jun 05, 2015

Updated: 2013-02-12Before you import or export a role, consider the following:

You cannot import a security role that already exists in the control panel.

Make any changes to security roles through the control panel, not by editing the XML f ile created by exporting a

security role. Importing an edited security role XML f ile causes the import operation to fail.

Services Manager enables you to import and export roles between Services Manager environments. For example, you can

design and test security roles in a test or staging environment, then import the roles into one or more of your production

environments through an XML formatted file.

To export a security role

1. Click Configuration > Security > Security Roles.

2. Expand the security role to export and click Export.

3. In the File Download dialog box, save the XML f ile.

To import a security role

1. Click Configuration > Security > Security Roles.

2. In the Role Import area, click Browse to navigate to the exported security role XML f ile.

3. Click Import Role.

The security role is imported, as indicated by the message Role import completed. If any errors occur, try exporting the

role, then import it again.



Jun 05, 2015

Updated: 2013-03-04During the course of business, resellers or customers might need to change services that are provisioned, the number of

provisioned users, or the level at which a service is provisioned. These changes affect the pricing and billing of services, so

service providers, resellers, and customers need a mechanism for managing these requests in a timely manner.

Using Workflow Approval, you can approve or reject provisioning requests such as deprovisioning a service from a customer,

updating user details, or adding users to an existing service. Approvers can be managers in an organization or members of a

group that is notified whenever a specific type of request is made. All requests move through an approval chain before they

are enacted in the system.

Enabling and disabling workflow approvals

Workflow Approval is not enabled by default in Services Manager. You can enable this feature through the Feature Setup

menu item (Configuration > System Manager > Workflow Setup). Only Service Provider Administrators can enable workflow

approvals and customize notification messages by default. After this feature is enabled, users logging on to the control

panel see the Workflow menu bar item which enables them to view provisioning requests. Additionally, you can configure

approval requirements and create approval chains.

When Workflow Approval is enabled, the following events occur:All users are assigned the Workflow Approval User security role and can view approval requests and responses.

The Workflow Approval Administrator security role is available for assigning to appropriate users.

The My Account Management, My Services Management, and My Account and Service Management security roles are

enabled for all customers. These roles allow users to modify their own account or provision services to themselves which

can be approved by managers or groups you define.

For Service Provider Administrators, a Workflow Approval preview link appears on the Customer Details, User Details,

customer service, and user service pages. When clicked, this link displays a preview of the approval notif ication message

that will be sent when information on these pages is modif ied.

When Workflow Approval is disabled, the following events occur:The Workflow Approval Administrator and Workflow Approval User security roles are disabled for all customers and users.

Workflow Approval role membership is removed from other security roles in which it was included.

For Service Provider Administrators, the Workflow Approval preview link is removed from all control panel pages.

The Bypass workflow approval role permission is enabled for the Authenticated Users security role and applies to all

control panel items governing customers, users, and services. This disables workflow approvals for all customers.

Workflow approval security roles

When enabling workflow approval, you can also enable security roles that allow users to modify their own account orprovision services to themselves without additional approval. When these security roles are enabled for selected users,those users can log on to the control panel and perform the following tasks:

The My Account Management security role allows users to modify their own User Details page. Clicking My Account >

Personal Details displays the User Functions dialog box, enabling the user to click Edit User and make changes to the User

Details page.

The My Services Management security role allows users to manage their own service provisioning. Clicking My Account >

Services displays the User Services page for the logged in user. From this page, the user can provision available services,


change the user plan for a provisioned service, and modify the service settings.

The My Account and Service Management security role confers both account and service management permissions to

specif ic users.

Manager Approval chains

The Manager Approval chain is comprised of users who are designated as managers. You specify a user's manager using the

Manager field on the User Details page in the control panel. In this chain, actions are approved at successive levels in the

customer's organization. For example, provisioning a user with a new service might require approvals from the user's

immediate manager and the director of the user's department.

When a request a generated, only the first member in the chain is notified. The next member in the chain is not notified of

the request until the first member has approved it. If the first member rejects the request, the next member in the chain is

never notified of it. For a request to be approved, all members of the chain must approve it. A request is rejected if any

member in the chain rejects it.

Group Approval chains

The Group Approval chain is comprised of users who elect to receive notifications of specific types of requests. In this chain,

actions are approved by users who perform specific functions within the customer's organization. For example, provisioning

a user with a new service might require approvals from users in the organization's Accounting department.

When a request is generated, all of the group members are notified. The group members can approve or reject the request

at any time. For a request to be approved, a certain number of group members must approve it. A request is rejected if the

required number of members do not approve it. You configure the number of members required from the Workflow Group

Management dialog box. For more information, see Configure workflow approval chains.

http://docs.citrix.com/en-us0/cloudportal-wrapper/ccps-services-manager/ccps-115/ccps-manage/ccps-workflow/ccps-workflow-approval-chain-config.html


To enable workflow approvals

Jun 05, 2015

Updated: 2013-03-04The Workflow Approval feature is not enabled by default in the control panel. To enable workflow approvals, you must

have the Service Provider Administrator security role enabled for your account.

1. From the Services Manager menu bar, select Configuration > System Manager > Workflow Setup.

2. On the Workflow Setup page, click Enable. The Workflow Setup page displays configuration options for Workflow

Approval.

3. Under Components, select the workflow approval chain types to enable in the control panel. By default, Manager

Approval and Group Approval are selected.

4. Under Email, configure the following items:

Reply Email Address: Enter the email address you want to use for approval notif ications.

Reply Email From: Enter the display text that appears in the notif ication email's From field.

Web Url: Enter the external URL for the Services Manager control panel.

5. Under Maintenance, in Retention Days, enter the number of days to keep resolved approval requests in the system

database. By default, requests are kept for 30 days.

6. To enable self-service security roles for Workflow Approval, select Allows users to manage their own account and

services. After these roles are enabled, customers can assign them to specif ic users as appropriate.

7. If needed, select Reset to default role settings to reapply the security role changes that were effected when the

feature was originally enabled.


Configure workflow approval chains

Jun 05, 2015

Updated: 2013-03-04The Workflow Approval feature includes two types of approval chains: Group Approval and Manager Approval.

In the Group Approval chain, actions are approved by members performing a specific function in the customer's

organization. In the Manager Approval chain, actions are approved at successive levels in the customer's organization.

When you configure each approval chain, you select the services you want to enable for approval and the actions that will

generate approval notifications. For group approvals, you also select the group members who can approve these actions.

For manager approvals, you define the manager levels required for approval.

To configure group approvals

1. From the Services Manager menu bar, select Workflow > Configuration > Workflow Groups.

2. Under Management, click New Group. The Workflow Group Management page appears.

3. In Name and Description, enter a group name and brief description.

4. Click Advanced Options and configure the following options:

All users must approve the request: This option is selected by default. If you want to specify that a request is

approved only when a certain number of members approve it, clear this option and enter the required number of

members in the Member(s) of this group must approve the request f ield.

Automatically reject unresolved requests after a week: This option is selected by default. If you want to specify the

number of days before a request is rejected automatically, clear this option and enter the required number of days in

the Day(s) before an unresolved request will be rejected automatically f ield.

Send a reminder notice to all users who have responded yet: By default, this option is selected and configured to send

reminders after three days have elapsed. If you don't want to send reminders, clear this option.

5. In Member Search, type the name of the member you want to add to the group and then click Add.

6. Under Subscription, perform the following actions:

1. Select the appropriate tab for the item you want to designate for approval. For example, click the User Services tab

for actions that affect users' access to specif ic services.

2. In Filter, select the service for which you want to enable approvals. By default, All is selected. This f ield is available on

the Services and User Services tabs.

3. In Provision and Deprovision, click the Subscription symbol to select each action for notif ication.

7. Repeat Step 6 for each item you want to designate for approval (for example, Customers, Services, and so on).

8. Click Save.

To configure manager approvals

1. From the Services Manager menu bar, select Workflow > Configuration > Workflow Managers.

2. Click Advanced Options and configure the following settings:

Manager(s) must approve the request: Enter the number of managers required to approve provisioning requests.

Day(s) before an unresolved request will be rejected automatically: Enter the number of days allowed before a

pending request is rejected without input from members of the chain.

Send a reminder notice to all users who haven't responded yet: Select this check box to send reminder notices to

managers who have not approved or rejected the request.

Day(s) after the request was submitted: Enter the number of days after a request is generated to send reminder

notices.


Make the manager f ield mandatory for all users: Select this check box to require that the Manager f ield on the User

Details page is f illed in for all users.

3. To enable approvals for service provisioning or deprovisioning, perform the following actions:

1. On the User Services tab, in Filter, select the service for which actions should be approved. By default, All is selected.

2. In Provision and Deprovision, click the Subscription symbol to select each action for approval.

3. Repeat Steps A and B for each service you want to add for manager approval.

4. To enable approvals for user provisioning or deprovisioning, click the Users tab and, in Provision and Deprovision, click the

Subscription symbol to select each action for notif ication.

5. Click Save.


View workflow approvals

Jun 05, 2015

When the Workflow Approval feature is enabled, all users can view approval requests and responses. However, onlyWorkflow Approval Administrators can view the current status of approvals.

To view approval requests

Use this procedure to view approval requests that you have generated.

1. From the Services Manager menu bar, select Workflow > Approval Requests.

2. In Filter, select the response status of requests you want to view (for example, Pending, Accepted, and so on).

The Approval Request page displays the requests you selected.

To view approval responses

1. From the Services Manager menu bar, select Workflow > Approval Responses.

2. In Filter, select the response status of requests you want to view (for example, Pending, Accepted, and so on).

3. Select whether you want to view responses to requests you generated or to all requests in the system.

The Approval Response page displays the requests you selected.

To view the status of approval requests

1. From the Services Manager menu bar, select Workflow > Approval Status.

2. In Status, select the status of requests you want to view (for example, Pending, Accepted, and so on).

3. To refine your search by date, select Request Date or Resolved Date and then select the appropriate date.

The Approval Status page displays the requests you selected.


Customize workflow approval notifications

Jun 05, 2015

Updated: 2013-03-04The Workflow Approval feature includes a set of XSL templates that are used to create the notification emails that are

sent when approval requests are generated. Service Provider Administrators can customize these templates according to

their needs or create new templates for specific services.

Notification emails are composed of the Header and Footer template and an Email Content template. The Header and

Footer template defines the overall look and feel of all notification messages. Email Content templates define the text

used for specific actions and services.

Services Manager includes Email Content templates for the following actions:Provisioning and deprovisioning customers or users

Provisioning and deprovisioning services for a customer or user

Provisioning the DNS service for a customer

Provisioning the Reseller service for a customer

Each Email Content template includes text for approval requests and approval responses.

After you customize a template, you can preview your changes by clicking the Workflow Approval preview link located on

the Customer Details, User Details, customer services, and user services pages.

To customize an existing workflow notification template

1. From the Services Manager menu bar, select Workflow > Configuration > Approval Emails.

2. From the template list, click the template you want to customize. The XSL editor page appears.

3. If you are customizing an Email Content template, click the Request or Response tab to select the content you want to

customize.

4. Make the appropriate changes using well-formed XSL tags.

5. Click Save.

To create a new Email Content template

You can create new Email Content templates for notif ications about customer and user actions or about specif ic servicesin your deployment.Note: If you attempt to create a new template for an action or service that already exists in the template list, a newtemplate is not created and the existing template is not overwritten. Instead, the existing template opens so you cancustomize it.1. From the Services Manager menu bar, select Workflow > Configuration > Approval Emails.

2. Under Create Notif ications, perform the following actions:

1. In Category, select the type of notif ication you want to create. For example, select User Service for notif ications

about a user's access to a service.

2. In Event, select the action about which you want to notify approvers.

3. In Service, select the service for which you want to create the notif ication. This f ield is available when you select the

Customer Service or User Service categories.

4. Click New Message. An empty XSL editor page appears.

3. Click the Request or Response tab to select the type of content you want to insert. For example, click the Request tab

to add text for an approval request notif ication.


4. When you are f inished, click Save.


Manage reports

Feb 10 , 2017

Updated: 2013-03-18

What's new in release 11.58.(Cumulative Update 4)

This release has updated for the Distributor Summary Report. Now it can show the service usage by specifying the start

and end time, and more services are supported.

Report for Service report displays the usage count of service for all locations by services.

Report for Customer report displays the usage count of service for all locations by customers.

Services unit redef inition different SKUs for SharePoint, Skype for Business, Hosted Exchange services are merged into

one. And also support the new services like Microsoft ADFS, File Sharing and Office 365.

Paid and Free count newly added f ield to indicate the customer is paid or free.

Reporting for Services Manager delivers usage and billing reports to your customers and application vendors. It includes

standard reports to support standard provisioned services and a data warehouse. The Reporting service communicates

directly with the SQL Server Reporting Services web service.

The View Reports page of the control panel (Reports > View Reports) displays the reports available for each service as wellas billing reports. The service reports include the following report types:

Customer reports list users provisioned with the service at the customer level.

Plan reports list user counts grouped by the service's plans, at the reseller level.

Depending on the service, Reseller reports list varied information at the reseller level. For some services, this information is

limited to customers and users provisioned with the service. For other services, this information includes items such as

usage limits, f ile transfers and instant messages, memory and disk usage, or f ile counts.

Services Manager includes the following billing reports:Customer Detail displays the billing detail for services at the customer level.

Distributor Summary displays usage data for reporting to the CSP distributor.

Reseller Detail displays the billing detail for services at the reseller level.

To generate a report, click a report link on the View Reports page. A separate window appears, displaying the report. After

you generate a report, you can export it in several formats, including XML, CSV, and Excel. You can also customize the

parameters of the report, including starting and ending dates and whether or not to include certain types of records. After

you modify the parameters, click Generate to regenerate the report.

To generate reporting views

Reporting views are used as a source for data transferred to the data warehouse. When you generate reporting views,

issues related to missing source views during data transfer are described in error messages to help you with troubleshooting.

1. From the Services Manager menu bar, click Reports > Configuration > Data Warehouse.

2. Under Refresh, click Refresh report views from reporting services.


Note: If a "401 Unauthorized error appears, verify which service account is configured for SQL Server Reporting Services.

If it is Network Service or Local System, try adding http/SQLReportingServiceFQDN to the servicePrincipalName

attribute of the service account.

3. Under Filter, select the service for which you want to generate views, if applicable.

4. Under Generate, click one of the following options:

Views for all services. Click this option to generate views for all deployed services.

Views for selected service. Click this option to generate views for the service you selected in Step 3.

To create a new reporting view

When creating a new reporting view for a service, you will also need to ensure it can transfer data to the data warehouse.

To do this, add a transfer command for the service to the data warehouse configuration file.

1. From the Services Manager menu bar, click Reports > Configuration > Data Warehouse.

2. Under Filter, select the service for which you want to create a new view.

3. Under Management, click New Reporting View.

4. Under Reporting View Configuration, configure the following settings:

In Description and Base View, enter a friendly name and select an existing template on which to base the new view.

Under View Name, select the options you want for creating a unique view name. If you want to further differentiate

the view name, in Include Descriptor, enter a descriptive tag.

5. Under Data Set, click Keys or Filters to define the data included in the new view. Select Optimize for Large Datasets to

improve performance when a large number of records will be processed.

6. Under Properties, click Properties and select whether to include properties from the selected base view or from the

reporting object ID.

7. Under Property & Counter Aggregation, specify aggregate and non-aggregate properties and counters.


9. Click Save.

To add billing units to service plans

You can associate a billing unit with a specific plan type and include it in service billing reports. The settings with which to

configure the billing unit vary with the service you select. To add billing units, you must have the Service Schema

Administrator security role assigned to your account.

1. From the Services Manager menu bar, select Configuration > System Manager > Service Schema.

2. Click the service name to expand the service settings.

3. Expand Billing Units and perform the following actions:

1. Click New Billing Unit.

2. In Plan, select the plan type.

3. In Unit, select the unit type.

4. Click Advanced Properties and configure the Quantity and Price for the unit. If you are creating multiple billing units

for the same service, you can add a Unit Code to differentiate each billing unit.

4. Click Save.


PDF

This document is intended to be used by Citrix Service Providers as a guide to configure their CloudPortal

Services Manager environment and to assist with troubleshooting issues.

Manage deployment

Apr 19, 2016

The operations guide includes sections on the following topics:

Architecture

Deployment Scenarios

Monitoring and Maintenance

Troubleshooting

CloudPortal Services Manager Operations Guide V2.0

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-manage/CloudPortal_Services_Manager_Operations_Guide .pdf

http://10.57.13.146/content/docs/en-us/cloudportal-services-manager/11-5/ccps-manage/CloudPortal_Services_Manager_Operations_Guide .pdf