Posts

Protect Your Hospital’s Critical Patient Information: 7 Best Practices

Great healthcare security article from our technology partner Citrix, make sure that your organization is ready to tackle the challenges that are in store.

Screen Shot 2015-11-30 at 2.13.31 PM

 

A breach of patient data can be catastrophic, not only from a PR and public image standpoint, but to a hospital’s bottom line, as well. The AMA estimates–conservatively–that the cost of breaches such as these could be in the millions. Today’s attackers have proved to be more creative than ever when it comes to obtaining sensitive patient data and it is up to the organization’s IT security team to ensure that data doesn’t fall into the wrong hands. 89% of IT decision-makers say that security technologies are critical or important to creating a business advantage.

Click here to read on and discover the 7 best practices from Citrix. 

What’s so Special About a Citrix Engineer?

This past January I had the pleasure of participating in the Citrix Partner Expert Council (PTEC) that was held in Las Vegas. Over 200 partners, myself included, were able to directly communicate and give our feedback to the different Citrix Product Managers. It’s great to know that Citrix is still on top of it’s game and gets partners involved in the product development cycle.

During one of the casual events I had a pretty interesting chat with a couple of my fellow participants. One thing we all seemed to agree on was the difficulty in finding senior level talent within our field – especially senior level talent competent in both Citrix virtualization and networking practices.

For many organizations, the Citrix engineers (Citrix/VDI/RDS) are seen as responsible for the whole of the presentation layer and all of it’s related parts. Usually this ends up meaning that when a user encounters any issue from that presentation layer (applications, the network, storage, etc.), they will first look to the Citrix engineer.

In order to adapt, Citrix engineers have needed to develop other skills to prove their innocence. They’ve now had to expand their areas of expertise to encompass other layers within the environment such as networking, applications, the database, storage, directory services, and anything else related to Citrix/VDI/RDS. Although still specialized in presentation layers, most Citrix engineers end up becoming a bit of an IT generalist due to their accumulated knowledge of the layers over time.

It’s hard to train anyone to become a subject matter expert in one area, but it’s even harder to train someone as a subject matter expert in multiple areas. This is what makes it so difficult to find experienced and competent Citrix engineers.

Here at Centrinet we are an engineer-driven company. Always striving to stay on top of the most cutting edge technologies, our engineers will delivery solutions that consistently exceed client expectations. Please contact us with any questions, we’d love to help!

Reverse Imaging a Disk Image & Updating XenTools

Purpose

Our purpose in creating this guide is to lay out a step-by-step procedure for updating XenTools on a PVS image, and to document some of the pitfalls involved with the process.

Please keep in mind that failure to follow the correct sequence can brick the image, in which case you must start over from scratch.

Scope

This procedure applies to PVS images hosted on XenServer, but a similar process can be followed if using VMware as your hosted hypervisor.

1) Reverse Image vDisk

1.1   First, we need to attach a second drive that is the same size as the disk image. Make sure the new disk is not in position 0 (please note that the cache drive can be detached as it not required):

4.1.1

1.2   Initialize the disk and format it (GPT can be used as well, and may be a better choice):

4.1.2

1.3   Create a volume and assign a drive letter to the new drive:

4.1.3

1.4   Download and install XenConvert for the OS version that you are using:

4

1.5   Launch XenConvert:

5

1.6   Select “Volume” and “Volume” for the “From” and “To” selections on the Welcome screen:

6

1.7   Select the C: drive as the source volume and the new drive (F drive) as the Destination:

7

1.8   Click “Convert” on the next screen:

8

1.9   If you see the warning below, click “Yes”:

9

1.10   Once the conversion is complete, click “Finish”.

2) Remove Target Device and VDA

2.1   Shut down the machine and detach the Cache Drive:

10

2.2   In the Provision Services console, set the machine object to boot from the Hard Disk in the Target Device Properties:

11

2.3   Also remove the vDisks from the machine object:

12

2.4   Boot up the machine with the newly created drive. You may have to set the VM to boot from the Hard Disk and uncheck the Network boot option (please note: you may need to boot the machine up with the vDisk and mark the new drive as active if the system doesn’t boot up):

13

2.5   You need to exit the provisioning target device process from the system tray (you can also view the status to make sure there are no vDisks attached):

14

2.6   End the process called “BNDevice.exe” from the task manager:

15

2.7   Now, uninstall the Citrix Provisioning Services Target Device x64 application:

16

3) Update XenTools and Create New Image

3.1   Reboot the machine and then run the XenTools update installer and follow the prompts (a couple of reboots may be required) and click “Done” when it is complete:

17

18

3.2   When the windows prompt comes up, select “Restart Later” or you will brick the machine. This must be selected for Citrix to finish the tools update:

19

3.3   After the XenTools update, you may need to remove the old ghosted adapter, so set the device manager to show hidden devices (a failure to do so could prevent new image creation):

20

3.4   When Device manager comes up, select view→show hidden devices and expand the Network adapters group. Locate the ghosted adapter and uninstall it:

21

3.5   Reinstall the Citrix Provisioning Services Target Device from the ISO and run the installer PVS_Device_x64.exe. – then follow the prompts and restart the machine:

22

3.6   Before you cut a new disk make sure there is a vDisk connected (it will change it later). Make sure to set it to boot from Hard drive on the machine object in the PVS server, otherwise the process might fail:

23a

23b

3.7   Change the boot options in XenCenter to only boot from the network, and reboot the machine:

24

3.8   Now you are ready to cut a new disk. Make sure the machine is online with the provisioning server by checking the provisioning target device status in the system tray. From the start menu, launch the Provisioning Services Imagine Wizard:

25

3.9   Click “Next” to start the wizard and enter the Provisioning Server (use the IP on the same network segment). Use Windows Credentials unless you logged on with a local account, then enter them:

26

3.10   Select “Create new vDisk”:

27

3.11   Create a vDisk name and choose the store (make sure to use one you used for your Master Device Collections) where you want to place the new vDisk and click “Next”:

28

3.12   For the master image, choose “None” for the KMS setting. You will set KMS on the production image later on:

29

3.13   Make sure to set all other drives to “None” on the Configure Image Volumes page (or the image may not be usable) and click “Next”:

30

3.14   Click “Next” on the Existing Target Device page (The existing master image target device):

31

3.15   If you see the following warning, click “Yes”:

32

3.16   Click the “Optimize for Provisioning Services” button:

33

3.17   Leave all the boxes checked and click “OK” on the dialog box:

34

3.18   Now click “Finish”:

35

3.19   Click “Yes” on the dialog box that says the machine must reboot:

36

3.20   After the server reboots, log in again and you will see the following dialog box displaying the progress:

37

3.21   When the image completes, click “Finish” and then shut down the machine. Detach the drive you used to reverse image (40 GB in this case) the vDisk and reattach the original cache drive (20 GB):

38a38b

3.22   The new vDisk should be attached now, but you need to set the boot from option to “vDisk” again:

almost

3.23   Attach any other drives that are needed for the image:

last

3.24   Boot up the machine and make sure it comes up properly. If you have issues, check the boot options and make sure you have it set to network boot.

Congratulations, you have successfully completed the procedure for reverse imaging a PVS vDisk and updating XenTools.

CitrixOnline Go-To-xxxx and HeartBleed

As a follow up to my earlier post, Citrix has now released an official statement regarding their online services portfolio. The following products have been tested and confirmed safe from the Heartbleed bug. Read more

Citrix and HeartBleed

There was a major vulnerability being dubbed “HeartBleed” disclosed to the world last Monday. This vulnerability affects the popular cryptographic software library OpenSSL used in many Linux/Unix OSs. This vulnerability, If exploited, could allow an attacker to interact with these secure servers causing them to disclose the contents of their memory, in chunks. These memory chunks could possibly contain private SSL keys, user data, passwords, or other sensitive information. There is no restriction on how many times or which chunks could be ask for, and is just limited to 64k at a time. In addition, an attack of this nature would more than likely not trigger any normal alerts or alarms within those systems. Read more