resone workspace - automate administration
TRANSCRIPT
RESONE Workspace - Automation
Automate AdministrationMarcel Venema
November 2016
Who is Marcel Venema ?
Architect, consultant and trainer
Citrix XenDesktop/XenApp, Microsoft App-V,RESONE Workspace, Automation & Service Store
Personal website : www.marcelvenema.com
RESONE Workspace – Automate Administration
Some tips to automate administration processes within RESONE Workspace.
Although RESONE Workspace has granular control with Administrative Roles functionality, you can also automate some tasks with RESONE Automation.
When using RESONE Automation, you can add workflow capability, automated checks, preset settings, etc.Administrators use RunBooks instead of RESONE Workspace console.
Applications
‒ Add application from development/test environment to acceptance/production.Applications are ready to test or ready to move to production. RunBook will move application between different environments. RunBook will check application rules, create backup and import application to selected environment.
‒ Delete applicationDelete application from selected environment. This RunBook will archive the application and delete it from the selected environment.
‒ Move application from Acceptance environment to production.When an application is approved, it can be moved from Acceptance to Production. This RunBook will archive the application, create a backup of the Production environment, check application rules and move the application to the Production environment.
Application
‒ Enable/Disable application.Enable, disable or hide application. Enter notification text. This RunBook will enable, disable or hide an application in the selected environment. Also the notification text can be set.
‒ Add users to application.This RunBook will add/delete selected test accounts to the application.
Administration
‒ Backup RESONE Workspace environmentRunBook to create a full backup of RESONE Workspace configuration.
‒ Check UserSettings sizeGet filesize of UserSettings from user and store on central location. These nformation can be used for central reporting, troubleshooting, storage requirements, etc.
User Self Service:
‒ Request ApplicationsUser can request access to specific application.
‒ Delete UserSettings specific applicationUser can delete UserSettings of specific application via Workspace Preferences.
‒ Delete all UserSettingsUser can delete all UserSettings via Wizard.
‒ Password ResetSelf-Service Password Reset.
Example: Move application to ACC/PRD
Application Packager creates RESONE Workspace application and wants to move this to the Acceptance environment to approve it by the application administrator.
Tasks:‒ Enter application GUID‒ Create application building block‒ Check application validation rules‒ Backup application‒ Backup RESONE Workspace environment‒ Import application
Example: Workflow
Application TEST to ACCEPTANCE WorkflowCreate
BuildingBlock file of
applicationEnter GUID
Enter Description
Create BuildingBloc
k of DWR Shared
Check BuildingBloc
k
Not OK. Wrong GUID. Terminate
Process
Import BuildingBloc
k in DWR SHARED
Ready. Terminate Process
Check not OK. Terminate Process
Backup BuildingBloc
k to FileServer
Example: Check validation rules
Check application building block:‒ Application Learning mode set to disabled
Be sure Application Learning Mode is off, all AppGuard messages must be shown in Acceptance environment.
‒ Application paths mapped to associated environment variablesCheck if application path uses associated environment variables.
‒ Remove unwanted workspacesAcceptance environment uses different workspaces. Remove all workspaces in application.
‒ Add descriptionAdd given referral description to Administrative Notes. This van be change ID from TopDesk, Application ID from App-V, etc.
‒ Check device zonesEnvironment uses zones to run on specific devices, for example zone VDI-NonPersistent, VDIPersistent, Laptop, etc. Be sure at least one zone is selected.
Example: Check validation rules
‒ Check security rulesCheck Authorized Files- and Authorized Connections rules in application. These rules must comply to these rules:- Check if authorized file path uses associated environment
variables.- Check if authorized file and authorized process do not use
wildcards (*) at the same time. This will make the RESONE Workspace security settings useless.
- If authorized process is any (*), then no wildcards (*) in path for authorized files are allowed.
- No modify authorized operations are allowed on .EXE, .COM, .DLL, .BAT, .CMD, .PS1, PSM files.
- Check if file hashes are used.- If Dynamic Privileges is used, check if application is on the
allowed dynamic privileges list. This prevents adding a application with unauthorized dynamic privileges and exposing a security risk.
- …
RESONE Automation
Use RESONE Automation to automate RESONE Workspace workflow.
Use a trick to edit/read RESONE Workspace application:‒ You can export an application to a RESONE
BuildingBlock.‒ RESONE Workspace BuildingBlock is an XML file.‒ XML files can be read, edited and modified.‒ You can import a RESONE BuildingBlock.
Be sure to include scenario’s like : no PWRTECH.EXE available, wrong GUID, error processing BuildingBlock, etc.
RESONE Workspace commandline
‒ RESONE Workspace commandline parameters:
PWRTECH.EXE /export <xml file> Create BuildingBlock of entire RESONE Workspace environment.
PWRTECH.EXE /export <xml file> /guid= <application guid>
Create Buildingblock of specific application based on application GUID.
PWRTECH.EXE /del <xml file> Delete object in RESONE Workspace environment based on object in BuildingBlock. Only one object per BuildingBlock is allowed.
PWRTECH.EXE /add <xml file> Add object(s) to RESONE Workspace environment specified in BuildingBlock. Existing objects will be overwritten.
Next steps….
‒ Define which RESONE Workspace parts or workflows you want to automate.
‒ Create a (quick) workflow design.‒ Build.‒ Test.‒ Use.