This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
System Requirements for CloudPortal ServicesManager
Jun 05, 2015
Updated: 2013-02-20Deploying Services Manager includes installing the platform components (server roles), configuring firewall ports for each
component, and installing the web services.
For system and f irewall requirements for platform components, refer to the following topics:System Requirements for Server Roles
Firewall requirements for Services Manager
For each requirement, the minimum version required is stated, as well as any later versions that are supported.
For requirements for specif ic services, refer to the topics in the Plan for deploying services section. This section containstopics for each service that Services Manager supports and includes additional planning information such as:
Service deployment overviews
Changes that occur in Active Directory when the service is deployed
Additional configuration details for specif ic deployment scenarios
For system requirements information for resource components such as Exchange servers, SharePoint farms, and so on,
refer to the component's product documentation.
Important: Before using Services Manager, check for and install any available security updates for the components youwant to deploy.
Updated: 2014-08-29The sections in this topic describe supported platforms, required software, and other information that will be used when
you install and configure the core components (server roles) that comprise the Services Manager platform. The Services
Manager server role installer (Setup Tool) handles many of the prerequisites, such as installing .NET Framework 4.0, enabling
Web Server roles, and enabling MSMQ features. (The .NET software is also available in the Support folder of the Services
Manager installation media.) See Plan for deploying the Services Manager platform for additional preparation information.
Active Directory and Exchange requirements
Services Manager supports Active Directory Domain Services on the following platforms:Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
At a minimum, the domain functional level must be Windows Server 2008.
Before the Services Manager platform can be deployed, the Active Directory schema must be extended to include thestandard Exchange attributes and prepare the environment for multi-tenancy. You can extend the schema through one ofthe following methods:
Use the Schema Prep tool from the Microsoft Exchange installation media. This method applies if you do not plan to
deploy Exchange 2007 or 2010 and you do not intend to deploy the Exchange web service. In general, to deploy the
Schema Prep tool, you enter the following command in a Command Prompt window:
setup /p /on:OrganizationNameDeploy Exchange. This method applies if you plan on installing the Exchange web service in your Services Manager
deployment. Extending the Active Directory schema is part of the Exchange deployment process.
The domain user account used to extend the Active Directory schema or install the Services Manager platformcomponents must belong to the following groups:
Group Name Required for Services Manager platforminstallation
Required for extending Active Directoryschema
Domain Admins Yes Yes
EnterpriseAdmins
No Yes
Schema Admins No Yes
If any server (including DNS) is not in the domain, the same user account should be set up as a local user on that server with
the same password, as a member of the local Administrators group.
To ensure your deployment is protected from external threats, consider creating an account lockout policy that disables a
user's account for a specified period when an incorrect password is entered a specified number of times. When this policy is
set each failed logon attempt is recorded on the primary domain controller.
Before implementing an account lockout policy, consider carefully the risks and benefits of implementation to your Services
Manager deployment. For more information about configuring this policy, see the Microsoft TechNet article, "Account
Lockout Policy Technical Overview."
DNS requirements
Services Manager uses DNS aliases internally for the core components. Create CNAME records for the following roles andcomponents:
Platform component Alias
Encryption Service server CSMCORESVC
Database server CORTEXSQL
Provisioning server CORTEXPROVISIONING
Web server CORTEXWEB
Reporting Services CORTEXREPORTS
Encryption Service requirements
The Encryption Service allows the secure retrieval of encryption keys using the AES 256-bit encryption method. When youinstall the service, a new AES key is generated, encrypted, and stored in Windows Registry. For more information, see Planfor deploying the Services Manager platform.Important: Citrix strongly recommends using SSL with the Encryption Service. Because the traff ic to and from the servicecontains sensitive data, using SSL ensures this traff ic is encrypted appropriately.Citrix recommends installing the Encryption Service on a dedicated server; however, you can also install it on a server that
hosts other Services Manager components (such as the Provisioning server or Web server).
When preparing a server for installing and configuring the Encryption Service, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available for f ile growth
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
.NET version .NET Framework 4.0 installed. This software is included in the Support folder on the ServicesManager installation media.
Firewall Windows Firewall must allow inbound SSL (port 443) requests.
Windows serverroles
Enable the following roles:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Database server requirements
The database server hosts the system databases that are required for Services Manager to operate. When preparing thedatabase server, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
User AccountControl (UAC)
Disabled.
Databaseserver
Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.
Authentication Mixed mode enabled (SQL and Windows Authentication).
SQLconnectiontypes
Local and remote SQL connections enabled.
Installationaccount
Configure the account to be used during installation with the SysAdmin role. If you cannot do this inSQL, you can use an account with SysAdmin rights. You can remove this account after installationcompletes.
Firewall Windows Firewall must allow connections through the database instance port (default=1433).
When you install SQL Server, make note of the instance name (default=default) and port (default=1433). You will need this
information when you configure the server for use with Services Manager.
During platform installation, the following databases are created:OLM: The core database for customer and user information
OLMReports: Stores legacy reporting data and some system settings
Additionally, the following SQL accounts are created for accessing the databases:CortexProp
OLMUser
OLMReportsUser
OLMReportingUser
Two SQL jobs are installed on the database server: Gather Daily Stats Data and Gather Monthly Stats Data.
Provisioning server requirements
If you are installing the Provisioning server role on a domain controller, give the ProvisioningUsers security group the Allow
logon locally permission. However, for security reasons, Citrix recommends installing the Provisioning engine on a server that
does not act as a domain controller in your network environment.
When preparing a server to host the Provisioning server role, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
User AccountControl (UAC)
Disabled.
.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the ServicesManager installation media.
Firewall Windows Firewall must allow inbound TCP requests on port 80.
Windows serverfeatures (Setupinstalls thisrequirement)
Enable the following features:Message Queuing > Message Queuing Services > Message Queuing Server
Message Queuing > Message Queuing Services > HTTP Support (only if the server is not in the
domain)
Telnet client
Windows PowerShell
SQL ServerManagementObjects
Install the 64-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This software is included in the Support folder of the Services Manager installation media. TheServices Manager Setup Tool can also install this requirement when you install the Provisioningserver role.
Domainmembership andprivileges
Server must be a member of the domain.
Service must have full domain administrator privileges.
SMTP server Required. Depending on the notif ication, the Provisioning server also needs a temporary directoryfor assembling the email. The SMTP server can also be used by the Report Mailer server role. Whenconfiguring the Provisioning server role, you will need to provide the SMTP server address and portnumber.
Directory Web Service
In general, the Directory Web Service is installed on the same server that hosts the Provisioning server role. If you are
installing the Directory Web Service on a domain controller, give the CortexWSUsers and the Proxy Users groups the Allow
logon locally permission. However, for security reasons, Citrix recommends installing this role on a server that does not act
as a domain controller in your network environment.
When preparing a server to host the Directory Web Service, ensure the following server requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available
Operating system Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
User AccountControl (UAC)
Disabled.
.NET Version .NET Framework 4.0 installed. This software is included in the Support folder of the ServicesManager installation media.
Firewall Windows Firewall must allow inbound TCP requests on port 8095.
Windows serverfeatures
Enable the following features:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
PowerShell 2.0
Web server requirements
When preparing a server to host the web server, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 2 GB RAM recommended
Minimum 2 GB free disk space available
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
Firewall Open port 80 from the web server to the SQL Reporting Services server.
Report Viewerversion
Microsoft Report Viewer 2008 SP1.
Windows serverroles
Enable the following roles:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
SQL ServerManagementObjects
Install the 32-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This is available in the Support folder of the Services Manager installation media.
During platform configuration, you will need to know the host header required for the web site. This is the URL used to
access the Services Manager control panel. The Configuration Tool refers to this as the external address.
When you install the web server role, the following items are installed:CortexMgmt Application Pool: Runs the Management Site.
Cortex Management Site: Contains the CortexDotNet and CortexAPI web applications.
CortexDotNet is the service that runs the control panel. CortexAPI is the XML-based web service that automates
management tasks.
Accessing the web server is supported on the following web browsers:Internet Explorer 9, 10, and 11
Firefox 31.x
Chrome 36.x
Safari 5.x
Note: If you intend to access the web server with Internet Explorer 10 or 11, install the hotfix for .NET Framework 4.0available from Microsoft Knowledge Base article 2600088 (http://support.microsoft.com/kb/2600088) on the web server.This hotfix updates the ASP.NET browser definitions which enables the control panel to function as expected withInternet Explorer 10 and 11. If you do not want to install this hotfix, use Internet Explorer 9 or supported Firefox, Chrome,and Safari browsers to access the web server.The Autologin tool supports Windows XP SP3, Windows 7 SP1, and Windows Server 2008.
Reporting and data warehouse requirements
SQL Reporting Services is the engine for providing reporting capabilities in Services Manager. The Reporting service and datawarehouse are installed on the server hosting SQL Reporting Services. When preparing a server for installing and configuring
the Reporting service and data warehouse, ensure the following requirements are met:
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher.
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operatingsystem
Windows Server 2008 R2 (minimum) Standard, Enterprise, and Datacenter editions, with allrecommended updates installed.
Firewall Open port 1433 between the Reporting server and the database server. Allow connections throughthe reporting port (default=80).
.NET version .NET Framework 4.0 installed. This software is included in the Support folder on the Services Managerinstallation media.
Databaseserver
Microsoft SQL Server 2008 R2 or 2012, with all recommended updates installed.
DatabaseAuthentication
Windows Authentication enabled.
SSRS Serviceaccount
Set the SQL Server Reporting Services service account to Network Service.
SQLconnectiontypes
Local and remote SQL connections enabled.
SSRSAdministratoraccount
In SQL Server Reporting Services, create a dedicated user with the System Administrator role; domainadministrator rights are not required. Use this account when deploying the Reporting server role.
SQL ServerManagementObjects (SMO)
Services Manager setup installs Microsoft SQL Server Shared Management Objects automaticallywhen the Reporting server role is deployed. SMO is also available in the Support folder of the ServicesManager installation media.
Report Serverconfigurationfilemodifications
Verify that the Report Server configuration f ile (C:Program FilesMicrosoft SQLServerMSRS10.MSSQLSERVERReporting ServicesReportServerrsreportserver.config) contains theentry "<AuthenticationTypes><RSWindowsNTLM/> <RSWindowsNegotiate/></AuthenticationTypes>".
SMTP server Required for the data warehouse. You can specify the SMTP server used with the Provisioning server;however, it must allow relays from the data warehouse server.
OCSMonitoring
If you intend to use the OCS Monitoring service in your Services Manager environment, install andenable this service on the OCS 2007 server.
Updated: 2013-04-18When deploying Services Manager, you have many choices of deployment designs and features which you can tailor to theneeds of the services you want to offer and the customers you serve. A typical process of planning a Services Managerdeployment includes:
Becoming familiar with Services Manager setup by creating a one-server or two-server test deployment.
Determining the number of servers you need for your deployment, deciding which roles each server will perform, and
evaluating hardware requirements.
Deciding which services you want to offer customers and resellers, and determining the deployment requirements for
each service.
Creating the network infrastructure design.
Defining the installation processes.
Creating and testing a pre-production pilot deployment based on your design.
Releasing the deployment into production.
Deployment Overview
A typical Services Manager deployment process includes:Phase 1: Services Manager platform
Phase 2: Services deployment
Phase 3: Customer and user provisioning
Phase 1: Services Manager platform
The Services Manager platform represents a series of servers that perform provisioning tasks, authenticate and manageusers, host the control panel interface and API services, store and process data from the main database, and manage billingand usage. These servers must be fully configured before services are deployed. A Services Manager deployment includesthe following core components (or server roles) that you install and configure:Web server
The web server hosts the control panel’s web interface and API services. The control panel is the primary user interface for
service providers, resellers and end-customer users. The customer administrator can manage the organization’s users and
associated services within the same system. Users can perform administrative and self-service tasks that have been
delegated to them. Provisioning requests are sent from the web server to the Provisioning Engine through a Microsoft
Message Queue.
Databases
The main system databases are the Microsoft SQL Server repositories for user, customer, and configuration information.
Several system databases are automatically created when you install and configure the server roles. The Services Manager
Reporting Service uses Microsoft SQL Server Reporting Services.
Provisioning Engine
The Provisioning Engine performs all provisioning tasks. It expedites requests from the web server and automates managed
services and resources.
Directory web service
The Directory web service provides the web server with function calls related to Active Directory, such as user
authentication, user account status inquiries, user enabling and disabling, and security group management.
The data warehouse performs scheduled storage of historical data from the main system database, and manages the
creation and sending of usage and billing reports.
Report Mailer
The Report Mailer gathers anonymous usage data and emails usage reports to the Citrix license monitor. Customer and
user information is not transferred, only the number of customers and users-per-service.
To prepare your environment for these components, you perform the following tasks:Review the system requirements for each server role and perform any initial server configuration required.
Determine whether you will install and configure these server roles using the graphical user interface or the command
line.
Determine which server will host each server role. For example, the Directory web service is typically installed on the same
server as the Provisioning Engine. However, for a large deployment, you might consider using separate SQL servers for
hosting the reporting and billing databases.
Deploying the Services Manager platform also includes creating the first administrator user for the deployment. This user
represents the top-level administrator account and has permission to perform all control panel tasks.
Phase 2: Services deployment
Deploying services includes installing and configuring services for resources such as Microsoft Exchange, Citrix Apps and
Desktops, and Microsoft SharePoint. Before deploying any service, you must ensure the resources supporting the service
are fully deployed in your network environment. For example, to deploy the Hosted Exchange service, Services Manager
requires you have a working Exchange deployment in your environment. The Deploy services section of the Services
Manager documentation describes the configurations required to enable these resources to function successfully with the
Services Manager control panel. However, for details about deploying specific resources, you will need to refer to the
product documentation for these resources.
Phase 3: Customer and user provisioning
Provisioning customers and users represents a series of tasks for enabling resellers to sell specif ic services, making servicesavailable to end-customers, enabling customers' users to access services, and assigning security roles. To provisioncustomers and users, you perform the following tasks:1. Create the customer profile.
2. Create the customer administrator user. Some customers might require additional administrator users to manage specif ic
services. When you create these additional users, you can assign appropriate security roles.
3. Enable and configure the services that you are providing to the customer.
4. Create users for the customer and assign appropriate security roles.
Updated: 2014-09-02Before you deploy the Services Manager platform, create a deployment plan that includes the following information:
The composition of each server in your deployment. This includes the platform server role that will be hosted, the
hardware configuration of the server, the software required to host the server role, and the configurations required for
the server to function in the selected role.
The topology of the deployment including f irewalls, required ports, and required protocols.
Deployment of Services Manager locations. A location is the main unit of isolation between tenants and usually
corresponds to an Active Directory domain or forest. A Services Manager deployment includes at least one (primary)
location. Based on your requirements, you should determine whether or not your deployment will include remote
locations and, if so, the number of remote locations.
Whether server role installation and configuration will occur using the graphical user interface or the command line.
Review the topics To configure server roles using the graphical interface and Configure server roles and locations from
the command line, and document the information you will need to provide during configuration of each server role.
This topic describes the following platform components and deployments:General platform installation guidelines
Encryption Service
System databases, reporting, and the data warehouse
Provisioning server
Directory web service
Web server
eCommerce SDK
Deployment summary for the primary location
Deployment summary for remote locations
General platform installation guidelines
You can specify server addresses as an IP address, in the form server.domain.local, by environment variables, or by DNS
alias. In the Services Manager Setup Tool, you can verify the required aliases are created by selecting the Check
Environment Prerequisites task. If you use the command-line interface, verify the aliases before using them when
installing Services Manager roles.
Role configuration includes specifying credentials for several Active Directory user accounts. In most cases, you can
either specify the user name and password, or allow the Services Manager Configuration Tool to generate the
credentials. For most user account specif ications, the Configuration Tool includes the option to create the user account
if the account does not already exist.
In the command line interface, enclose option values that contain spaces in quotation marks (for example,
/LocationName:"Southeast Hub").
Encryption Service
The Encryption Service allows the secure retrieval of encryption keys using the AES 256-bit encryption method. When youinstall the service, a new AES key is generated, encrypted, and stored in Windows Registry.Important: Install and configure the Encryption Service before creating the system databases and installing any other serverroles. This ensures the Configuration Tool can access the service's encrypted key when other platform components and
services are installed.Additionally, Citrix strongly recommends using SSL with the Encryption Service. Because the traffic to and from the service
contains sensitive data, using SSL ensures this traffic is encrypted appropriately.
When you configure the Encryption Service, the Configuration Tool performs the following actions:Creates the CortexSystem organizational unit (OU) in Active Directory, as well as the CortexAdmins, CortexReadOnly, and
CortexWSUsers security groups.
Creates a service account and adds it to the CortexWSUsers group. By default, the service account name is
csm_core_svc.
Creates an application pool and web site in IIS and configures authorization rules to limit access to the Domain Admins
and the CortexWSUsers groups.
Generates an encryption key and stores it in Windows Registry.
When you install Services Manager components or services, the Configuration Tool attempts to discover the Encryption
Service's encrypted key. For successful discovery, the Encryption Service must be correctly configured and you must be a
member of the Domain Admins group or the CortexWSUsers group. If you do not belong to these groups, discovery fails
and the Configuration Tool prompts you to import the key manually. To create a key file, you must be a member of the
Domain Admins or CortexWSUsers group. For more information about creating a key file, see Generate and export keyfiles
for the Encryption Service.
System databases, reporting, and the data warehouse
Microsoft SQL Server provides the database and reporting services required for running Services Manager. The main system
database (OLM) stores configuration information for all provisioned services, as well as all customer and user details. The
database also stores logging and auditing information for all provisioning transactions that are initiated. Additionally, the
database acts as a caching mechanism for Active Directory, so customers experience better response times and slow
directory queries are minimized.
The Reporting service for Services Manager delivers usage and billing reports to your customers and application vendors. It
includes standard reports to support provisioned services and communicates directly with SQL Server Reporting Services.
The Reporting service generates reports by accessing the data stored in the data warehouse.
The data warehouse stores historical provisioning data (OLMReporting) that is used for reporting. This history consists of
snapshots of the provisioning data stored in the OLM database, which are created once per day and subsequently
transferred to the data warehouse. The data warehouse is created when you install and configure the Reporting service. As
well, the server connections required for both the Reporting service and the data warehouse are created.
The Report Mailer is a required role for sending notifications to administrators and end users, and license reporting
information to Citrix. Typically, the Report Mailer role is installed on the same server as the Reporting service. The email
server you specify for the Report Mailer can be specified for the Provisioning server, which also requires email capabilities.
The Report Mailer role is installed and configured once for the entire Services Manager deployment, typically on a server in
the primary location.
Depending on your needs, you can deploy the system databases, reporting, and data warehouse in one of the followingways:
A single SQL Server hosts the system databases, the Reporting service (SQL Reporting Services) and data warehouse.
This is best for proof-of-concept deployments where server load is not a concern.
A SQL Server hosts the system databases while a separate SQL Server hosts the Reporting service and data warehouse.
This avoids taxing the primary database with reporting and data storage loads.
If you are using clustered SQL servers in your Services Manager deployment, separating each server role is not required.
Reports are deployed by importing service packages. These services packages contain report definition f iles that are linkedto the OLM and OLMReporting databases, and configuration f iles for the data transfer process and the data warehouse.You can deploy reports using the following methods:
During Report service configuration, use the Configuration Tool to import the reports from selected service packages.
Using the control panel, import the reports manually using the service import feature.
Service packages for all supported services are located in the Services folder on the Services Manager installation media.
Provisioning server
The Provisioning engine runs as a Windows service, monitoring queues for provisioning requests. When a request is received,
it passes through a set of provisioning rules that determine which actions are required to complete the provisioning process.
These rules are designed to be easily customized using the Provisioning Manager graphical interface (Start > All Programs >
All provisioning processes in Services Manager are built using provisioning actions. This gives the service provider somevisibility into the processes that are executed within the deployment. Examples of provisioning actions include:
Directory User Create: Creates an Active Directory user
Directory Group Create: Creates a security group in Active Directory
FileSystem Create Folder: Creates a folder in a f ile system
Exchange Address List Create: Creates an address list in Microsoft Exchange
Run Command: Runs an executable within a command shell
Run Script: Runs a Visual Basic script
Services Manager includes over 100 provisioning actions.
The Provisioning engine is installed on a separate server in your Services Manager deployment. Additionally, configuration of
the Provisioning server includes specifying an email server for sending messages such as system updates to administrators,
account notifications to end users, and usage reporting to Citrix. The email server you specify for the Provisioning server can
be specified for the Report Mailer, which also requires email capabilities.
Directory web service
The Directory web service provides an interface to Active Directory. The Services Manager control panel uses this service to
perform real time tasks such as user authentication and retrieving password expiration data.
In general, the Directory web service is installed on the same server that hosts the Provisioning engine. However, if you areinstalling the Directory web service on a domain controller, add the CortexWSUsers and Proxy USERS groups to the Allowlog on locally security policy setting.Important: For production environments, Citrix recommends installing the Directory web service on a server other than adomain controller.When the Directory web service platform role is installed, the Citrix Csm Directory WS application pool is created as well as
the CortexServices web site which hosts the Directory application. The files for the web site and applications are located at
C:inetpubCortexServices.
Web server
Services Manager provides a web-based control panel for performing system administration tasks and delegating certainadministration tasks to resellers and customers. The control panel is a web application (CortexWeb) that is hosted on a
Web server, separate from the other servers in your deployment. The control panel interacts with other platformcomponents as follows:
SQL databases: When the system is configured, customers and users are provisioned, or auditing and reporting
performed, the control panel sends data to be stored in the system databases.
Web services: for real-time interaction with Active Directory and other hosted services.
Provisioning engine: When any provisioning transaction is performed, the control panel sends each request through
MSMQ.
Because the control panel has no dependency on Active Directory, it can operate outside of the managed domain. The
control panel's web site can be locked down and run with minimal administrative permissions without interfering with
administration tasks.
When the Web server platform role is installed, the CortexMgmt application pool is created as well as the Cortex
Management web site which hosts the CortexAPI and CortexDotNet applications. The files for the web site and
applications are located at C:inetpubCortex Management.
eCommerce SDK
The eCommerce SDK consists of two web services that expose APIs for configuration and querying usage. The
Configuration API enables you to perform tasks such as creating new customers or suspending a customer account. The
Usage API enables you to view historical usage data.
Install the eCommerce SDK after you have installed all other platform server roles. As with the other server roles, you install
the SDK using the Setup Tool and Configuration Tool.
By default, the eCommerce SDK files are located in the C:Program Files (x86)CitrixCortexeCommerceSDK directory. The
installation includes the eCommerce SDK User Guide, which provides an API reference, sample reports, code samples, and
troubleshooting guidance.
Deployment summary for the primary location
The following list describes the required tasks for deploying the platform servers and creating the primary location.Depending on your requirements, your deployment might include additional tasks.1. Prepare the deployment environment. This includes the following tasks:
Provision the platform servers that will be designated as the domain controller, Encryption Services server, database
server, reporting server, Provisioning server, and Web server.
Extend the Active Directory schema using the Exchange installation media.
Create DNS aliases for the Encryption Service, Provisioning, database, reporting, and web servers.
Open the required f irewall ports on all platform servers.
Install .NET Framework on all platform servers. If this component is not present, the Setup Tool installs it
automatically, prior to installing the server roles.
2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This
procedure is available in the Setup Tool graphical interface; you can also perform the verif ications manually. You can run
this task from anywhere in the domain.
3. Install and conf igure the Encryption Service. Citrix recommends performing this task on a dedicated server.
Alternatively, you can use a server that you have prepared to host other Services Manager components such as the
Provisioning Engine or the Web server.
4. Create system databases. Run this task on the server where Microsoft SQL Server is installed. In the Configuration
Tool's graphical interface, you specify database information before you install the server roles. In the command line
interface, you specify database information when you configure the server roles and location. All databases should be
5. Install and conf igure server roles. Using the Setup Tool, you install the platform server roles on the servers you
designate. With the Configuration Tool, you specify the configuration settings for the installed roles.
6. Create the primary location. Use the Configuration Tool to specify the settings for the primary location. You configure
the location from the server hosting the Provisioning engine or the web server.
An XML configuration file is used to maintain context across the Services Manager deployment. As you configure the
server roles, information is read and written to the configuration file. For example, the Provisioning engine writes its own
configuration information and reads where to reach the database. When you configure the primary location, the
configuration file will already have information needed about the Provisioning server.
There is one configuration file per location, although all locations can share a single database server. You configure the
primary location first, then optionally, remote locations. For example, a new customer with an existing infrastructure and
domain might be integrated as a remote location in the control panel. When you configure remote locations, you specify
connection details, which are used to generate a new configuration file. After that, configuring a remote location is
similar to configuring the primary location.
Deployment summary for remote locations
The following list describes the required tasks for deploying the platform servers that comprise a remote location.1. Prepare the deployment environment. This includes the following tasks:
Provision the servers that will be designated as the domain controller and Provisioning server. The remote location
uses the Encryption Service, web server, and the database server in the primary location for key encryption, control
panel administration, and reporting, respectively.
Extend the Active Directory schema using the Exchange installation media.
Create DNS aliases for the Encryption Service, Provisioning, database, and web servers. When creating the alias for the
Encryption Service, specify the Encryption Service server in the primary location. Do not install the Encryption Service in
remote locations.
Open the required f irewall ports on all servers to enable communication with the database server and web server in
the primary location.
Install .NET Framework on the platform servers, to avoid interruption when installing server roles. The Setup Tool also
installs this component automatically, if it is not present, when installing the server roles.
2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This
procedure is available in the Setup Tool graphical interface; you can also perform the verif ications manually. You can run
this task from anywhere in the domain.
3. Install and conf igure server roles. Using the Setup Tool, you select the server roles to be installed on each server. With
the Configuration Tool, you specify the configuration settings for the installed roles. As with the primary location, you
can install the Provisioning and Directory web service roles on the same server.
Note: When you install and configure server roles, the Configuration Tool discovers the Encryption Service key residing in
the primary location. If the key cannot be detected, you can export the key from the primary location as a key f ile. You
can then import the key f ile when prompted during the installation process. For more information about exporting the
encryption key, see Generate and export keyfiles for the Encryption Service.
4. Create the remote location. Use the Configuration Tool to specify the settings for the primary location. You configure
the location from the server hosting the Provisioning engine or the web server. Afterward, continue configuring the
remote location using the Services Manager control panel in the primary location.
Updated: 2013-02-27Before you begin the process of deploying services for Services Manager, create a deployment plan that includes thefollowing information:
The types of services you will offer through Services Manager. For example, hosted email, virtual machines, web hosting,
and so on.
The number of customers and users that each service will need to support. For some services, this has a signif icant
impact on the size of the resource deployment required.
The network and server resources that are required to support your service offerings. For example, if you offer Citrix
services, you will need to deploy a XenApp farm.
The location where each service will be deployed.
The topology of the deployment including f irewalls, required ports and protocols, and the servers hosting each service
offering.
Test plans for verifying the integrity and performance of resource deployments before and after deploying services.
Planning guidelines
Review the installation and configuration topics for each service carefully and make note of the information you will
need to supply for each task.
Service deployment summary
In general, deploying a service includes the following tasks:
Step 1: Deploy the network and application resources that are required to support your service offerings.
All services are based on the network and server resources in your environment. Therefore, these resources need to be fully
configured and operational prior to integration with Services Manager. For example, if you intend to offer the Hosted
Exchange service, you must first deploy Exchange with multi-tenant support in your environment. Likewise, if you intend to
offer Virtual Machines or Windows Web Hosting services, you must first deploy the network resources -- for example,
virtual networks, DNS, and web servers -- that are required for customers to use these services.
Step 2: Install the web service.
Some services require the installation of a web service for integration with the Services Manager platform. Web services are
installed on the server that will be hosting the service, using the Services Manager Setup Tool or the command line. For
example, the Citrix web service is installed on a XenApp server in your environment. Web services are executed with specific
parameters which are explained in the installation topic for each service. After the web service is installed, you can configure
the service. For services that do not require a web service, you can skip the installation step and configure the service right
away. For more information about which services require web service installation, see Deploy services.
Step 3: Conf igure the service using the control panel.
All services require configuration through the Services Manager control panel. Configuration includes enabling the service,
specifying server resources, adding credentials, and configuring service settings. During the configuration process, you create
the customer and user plans you want to offer, assign cost values, and specify resource limits for customers and users.
After you configure the service, you can provision the service to customers.
Updated: 2014-09-16The AD Sync service for Services Manager synchronizes customer OUs in the hosted domain controller with user changes in
the external domain controllers. The service enables users to connect to hosted services with the same credentials they use
for their local domain. Additionally, Services Manager includes a server monitor that reports the connectivity status of
domain controllers on which the AD Sync client is installed.
The AD Sync service requires no installation on the hosted environment and uses the CloudPortal Services Manager API to
perform the synchronization. An AD Sync client installed on each external domain controller communicates with the API.
This interface is a one-way connection that can be customized to synchronize specific Active Directory information.
API requests are encrypted using a combination of a public/private key and a symmetric key (RSA and AES) to securely
transfer data and credentials. The data in the request is also hashed (SHA1) to prevent unauthorized changes.
The following diagram shows a typical installation scenario.
The AD Sync service is a customer-only service; by default, the service is unavailable for provisioning to users. Once
provisioned to a customer, the customer's administrator has access to download and configure the AD Sync tool to their
existing domain controller. To download the tool, the customer must be configured with the Allow passwords to Never
Expire option set to Yes. If this option is set to No, errors are recorded in the customer's event log and no users appear in
the control panel.
AD Sync server monitor
The AD Sync service monitors the connectivity status of external domain controllers on which the AD Sync client is installed
and displays a list of all monitored servers on the AD Sync Server Monitor page in the control panel.
The AD Sync client sends requests to the Services Manager API at specified intervals that are recorded in a monitoring
table. This table includes the server name, time of the last request made, and expected time interval between requests.
When the difference between the current time and the time of the last request exceeds the expected interval, the Server
Monitor page displays a red dot next to the affected server, indicating connectivity has been disrupted. When a request is
received within the expected time interval, the Server Monitor page displays a green dot next to the server, indicating
connectivity is uninterrupted.
Prerequisites for deployment
When configuring each domain controller in the external domain, perform the following tasks:If SSL is enabled for Services Manager, edit the CortexDotnetweb.config f ile to set the UserSyncAPISSL value to True.
Ensure the password complexity of the external domain controllers matches or exceeds the password complexity of the
domain controllers in the Services Manager deployment.
Disable User Account Control (UAC) on each external domain controller that will run the AD Sync client.
Obtain a list of the user groups to include in AD Sync operations.
On applicable f irewalls, perform one of the following tasks, depending on your network configuration:Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server hosting the Services Manager API and
each domain controller in the external domain.
Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server hosting the Services Manager API and the
proxy server used in the external domain.
Service deployment overview
Typically, deploying the AD Sync service involves the following tasks:1. Configure the AD Sync service using the control panel.
2. If required, customize the AD Sync client installer, such as default settings and logo images, for your Services Manager
deployment.
3. Install and test the AD Sync client on external domain controllers. If necessary, add or modify the Active Directory
attributes included in API requests by editing the request f ile on the external domain controller.
4. Provision the service to customers so they can download the AD Sync client software.
For deployment instructions, see Deploy the AD Sync service.
Updated: 2013-08-16The BlackBerry service for Services Manager hosts BlackBerry Enterprise Server (BES) 5 from the cloud, providing push-based
access to Exchange, Office Communications Server, Customer Relationship Management, and other applications from
BlackBerry devices.
The BlackBerry service includes the following features:You can perform all of BlackBerry's standard management tasks within the Services Manager control panel.
You can delegate BlackBerry user provisioning to the end-customer.
The BlackBerry service is compatible with Exchange 2007 and 2010 Enterprise.
The BlackBerry service supports multiple BlackBerry Enterprise servers.
The BlackBerry service supports moving provisioned users from one BlackBerry Enterprise server to another.
The BlackBerry service can be provisioned with the Hosted Exchange service and supports Exchange 2010 Enterprise and
Exchange 2007. Services Manager can manage multiple BESs.
Configure your environment according to the BlackBerry installation guidelines. This topic assumes you have installed the
BlackBerry Enterprise Server software, the latest security updates, and the appropriate service pack for your deployment.
Supported versions and requirements
The BlackBerry service supports the following version of BlackBerry Enterprise Server and Microsoft Exchange.
Version Exchange 2007 Exchange 2010
BlackBerry 5 SP1 X X
BlackBerry 5 SP2 X
Services Manager requires the credentials that are used to run the BlackBerry service, in order to access the BlackBerry
Server MAPI profile. This account must be a member of the Exchange View Only Administrators group. Additionally, the
BlackBerry service account must have Open Address List permission on the Default Global Address List.
Service deployment overview
Deploying the BlackBerry 5 service involves the following tasks:1. Deploy the Exchange service and provision it to customers.
Updated: 2013-05-13The Citrix service for Services Manager allows service providers to delegate end-user administration of Citrix applications to
customers.
Notable features of the Citrix service include:Managing multiple Citrix XenApp farms in a single Active Directory console.
Delivering published applications through application groups to which users are assigned.
Ability to choose pre-defined security account groups or create new security groups for application publishing.
Support for public and private applications, application groups, and resources.
Setting default applications, groups, and resources when provisioning Citrix services to customers and users.
When you provision customers with the Citrix service, the following items can be managed:Application groups that consist of application or resource collections. Service providers can use application groups to
provision several resources or applications to users more eff iciently.
Network resources, such as printers and f ile shares, that others in the organization access.
Resources that are packaged as applications such as desktops
Hosted applications that reside on XenApp servers.
Supported versions
The Citrix service supports the following XenApp versions:Citrix XenApp 5.0 for Windows Server 2008
Citrix XenApp 6.0 for Windows Server 2008 R2
Citrix XenApp 6.5 for Windows Server 2008 R2
Requirements for XenApp servers
When configuring the servers that will run any supported version of XenApp, ensure the following requirements are met:Operating system: supported platforms for the XenApp version. Install all recommended operating system patches.
Enable Remote Desktop Services.
Install .NET Framework 4.0.
Installation requires that the Cortex Domain Logon account and the DomainCortexWSUsers account have full
administration rights on the XenApp farm.
The Citrix web service uses port 8095 by default.
When configuring servers that will run XenApp 5, XenApp 6, or XenApp 6.5, perform the following actions:Disable UAC.
Enable the following roles:
Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Deploying the Citrix service involves the following tasks:1. Review the requirements in this topic and in the Prerequisites for deploying the Citrix service topic and ensure these are
met in your environment.
2. Install the Citrix web service on a server in the XenApp farm.
3. Configure the service using the control panel. This includes creating the server collection that will aggregate XenApp-
hosted applications for customers.
4. Import applications from the XenApp farm to the server collection.
5. Provision the service to customers.
For detailed deployment instructions, see Deploy the Citrix service.
Updated: 2013-02-11The DNS service for Services Manager provides Domain Name Service (DNS) hosting from the cloud. The DNS service
requires no installation and uses a WMI connection to the DNS server.
When the DNS service is provisioned to a customer, the service provider creates the DNS zone(s) that the customer can
then use to create subzones, if necessary. The DNS service is available at the customer level only. The service cannot be
provisioned to a customer's users.
Customers provisioned with the DNS service can create and manage DNS records that are attached to zones. DNS Service
Administrators can manage these records for the customer while Full Reseller Administrators can manage these records for
sub-customers.
Different types of records can be attached to a zone. When a record is created, only the Time to Live (TTL) setting can be
modified.
Supported software
The DNS service supports Windows (WMI) and BIND (UNIX) DNS.
Requirements
When configuring your DNS environment, perform the following actions:On applicable f irewalls, open DNS port (53) and RPC ports (various) bi-directionally between the DNS server(s) and both
the Services Manager web and provisioning servers. RPC uses random ports above port 1056, therefore non-stateful
inspection f irewalls might require open ports above 1056.
Add the DNS service account used for provisioning to the local administrators group.
Ensure the computer name has a DNS suff ix. If the DNS server is outside of the Services Manager domain, ensure the
DNS suff ix for the Services Manager domain is on the DNS server.
Ensure the DNS application has a zone for the DNS suff ix.
User Access Control (UAC) must be removed from each DNS server.
Ensure the DNS zone has an A record. If the DNS server is outside of the Services Manager domain, ensure the A record
is in the format dnsServerName.ServicesManagerDomain. For example, DNS01.cloudportal.com.
Supported record types
Services Manager supports the following types of DNS records:
Updated: 2013-02-07The File Sharing service for Services Manager provides file sharing services from the cloud. A service provider can host a file
server with multiple customer file shares on the system directory. Security permissions limit customer access to shared
folders.
After provisioning, customers can use their file share directory to store and transfer files to others in the organization,
manage the directory subfolders, and assign folder permissions to users. Users can access the customer's file share directory
through another mechanism. For example, the file share can be configured as a resource through the Citrix service and
accessed in a Citrix XenApp session.
The File Sharing service requires no web service to be installed on the file server. You need only to configure the service in
the Services Manager control panel.
Requirements
On applicable firewalls, open SMB (445) and RPC (various) ports bi-directionally between the DNS server(s) and both the
Services Manager web and provisioning servers. RPC uses random ports above port 1056; therefore, non-stateful inspection
firewalls might require open ports above 1056.
Service deployment overview
In general, deploying the File Sharing service involves the following tasks:1. Ensure the f ile share path exists in your environment.
2. Configure the service using the control panel.
3. Provision the service to customers.
For deployment instructions, see Deploy the File Sharing service.
File share path creation
If the required file share path does not exist when you configure the File Sharing service, Services Manager can create it
automatically. To allow Services Manager to do this, you must grant Services Manager permissions on the target file server.
If you do not want to grant these permissions to Service Manager, be sure to create the file share you wish to use before
you configure the service.
Changes in Active Directory
When a customer is provisioned with the File Sharing service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> FSS is created and all Full Service Administrator users
are added as members.
The global security group FSS <CustomerShortName> FULL is created. No members are added to this group until users
are provisioned.
The global security group FSS <CustomerShortName> NONE is created. Users that are not provisioned with the File
Sharing service are members of this group.
When a user is provisioned with the File Sharing service, the user becomes a member of the global security group FSS
Updated: 2014-11-17The Hosted Apps and Desktops web service for Services Manager allows service providers to manage and delegate end-user administration of applications, desktops, and resources. This service comprises three components:
XenApp Web Service, which you install on a controller in your XenApp farm.
XenDesktop Web Service, which you install on a controller in your XenDesktop Site.
App Orchestration Configuration Tool, which you can install on your App Orchestration configuration server, when your
XenApp and XenDesktop deployments are managed by App Orchestration.
Using this service, you can:Support public and private offerings of applications, desktops, and other resources such as printers and f ile shares to
customers and users.
Create offerings that are private for one customer.
Set default applications, desktops, and resources for customers and users.
Set price and cost controls per application, desktop, and resource.
Configure settings at several levels, thus allowing you to override one or more settings for a particular customer.
Use App Orchestration to manage offerings from multiple Citrix XenApp farms and XenDesktop sites in a single Active
Directory console.
Note: This enhanced version of the Hosted Apps and Desktops web service offers expanded support and replaces theprevious version of the service.
Service deployment overview
Deploying the Hosted Apps and Desktops web service includes the following tasks:1. Review and complete the requirements described in this topic.
2. Install the service.
3. Configure the service.
4. Configure service offerings.
5. Provision the service.
Supported versions
The Hosted Apps and Desktops web service is supported on servers running one of the following minimum versions:Citrix XenApp 6.5 FP3, 7.5, and 7.6
Citrix XenDesktop 7.1, 7.5, and 7.6
Citrix App Orchestration 2.5 and 2.6
Note: If your environment includes earlier XenApp versions that you do not want to update to a supported version, installand use the Citrix web service for Services Manager. Also, use the Citrix web service if your environment requires applicationgroups or server collections.
Requirements and considerations for all deployments
Before installing the Hosted Apps and Desktop web service, add the servers where you will install the service (XenApp
controller, XenDesktop Controller, or App Orchestration configuration server) to the built-in CortexReadOnly group. Then,
restart each server you added to the group.
When using Internet Explorer 11 to access the Services Manager control panel to configure and provision the service,
ensure the following Compatibility View Settings are cleared:Display intranet sites in Compatibility View
Use Microsoft compatibility lists
Requirements and considerations for deploying the web service on a XenApp or XenDesktop Controller
On the XenApp or XenDesktop controller, complete the following before installing the web service:Ensure the XenApp or XenDesktop server has PowerShell remoting enabled and that the execution policy is set to
RemoteSigned.
Ensure that XenApp or XenDesktop is fully installed and configured, and that the operating system has all recommended
updates.
You must be a full XenApp or XenDesktop administrator to configure the web service.
Ensure that the f irewall on the server allows communications with the web service: the default is 8095. This must be the
same port that you specify when configuring the web service.
The web service installer will install or enable the following on the XenApp or XenDesktop controller, if not already present:.NET Framework 4.0
Updated: 2014-08-29The Hosted Exchange service for CloudPortal Services Manager delivers full-featured Microsoft Exchange services from the
cloud.
Supported versions
The Exchange service supports the following versions of Windows Server and Microsoft Exchange.
VersionWindows Server
2008Windows Server
2008 R2Windows Server
2012Windows Server
2012 R2
Exchange 2007 SP3 X
Exchange 2010 SP3 X X
Exchange 2013 X X
Exchange 2016 X X
Important: For Active Directory forests and domains at the Windows Server 2012 R2 functional level, the Exchange serviceis supported on Exchange 2013 SP1 only. For more information, refer to the article "Exchange 2013 system requirements"on the Microsoft TechNet web site.
Exchange web service server requirements
When configuring the server that will run the Exchange web service, perform the following tasks:Install all recommended operating system patches.
Enable Remote Desktop Services.
Disable User Account Control (UAC).
Enable the following IIS 6 and 7+ roles:
Web Server > Application Development > ASP.NET
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
required for successful installation of the Exchange web service.
Configuration requirements
How you configure Exchange to work with CloudPortal Services Manager typically depends on whether you are deploying a
single version of Exchange or creating a mixed environment where multiple supported versions of Exchange are included.
For single-version deployments of Exchange 2007 SP3, the Services Manager Configuration Tool performs the followingtasks:
Task Action Performed
Enable the ListObjectpermission
In ADSIedit, the dsHeuristics property, located in the CN=Services > CN=Windows NT >CN=Directory Service container, is set to 001.
Disable theDefault Email-Address policy
In ADSIedit, the following properties, located in the CN=Services > CN=Microsoft Exchange >CN=ExchangeOrganization > CN=Recipient Policies > CN=Default Policy container are modif ied:
msExchLastAppliedRecipientFilter: Alias -eq 'NoSuchEmail'
msExchQueryFilter: Alias -eq 'NoSuchEmail'
Replace the current entry for msExchPurportedSearchUI: Microsoft.PropertyWell_QueryString=
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization node >CN=Address Lists Container > CN=All Global Address Lists > CN=Default Global Address Listscontainer properties, the following modif ications are performed:
Inheritable permissions are not allowed to propagate.
The Authenticated Users group has the Read permission of msExchAvailabilityAddressSpace set
to Deny. All other permissions are removed.
The Everyone group is removed.
Lock downaddress lists
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization >CN=Address Lists Container > All Address Lists > All Users contain properties, the followingmodifications are performed:
Inheritable permissions are not allowed to propagate.
The Everyone and Authenticated Users groups are removed.
The Proxy USERS group has the Read permission set to Deny.
These modifications are also performed for All Groups, All Contacts, All Rooms, and Public Folders
containers.
Lock down theAll Address Listscontainer
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization >CN=Address Lists > CN=All Address Lists container properties, the Proxy USERS group is added withthe following settings:
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization> CN=Address Lists > CN=Offline Address Lists container, the CN=Default Offline Address List
container is deleted.
Set permissionson theExchangeorganization
In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization container,the Proxy USERS group is added with the following settings:
Read: Allow
Apply to: This object only
List contents: Allow
List object: Allow
Read all properties: Allow
Read permissions: Allow
Task Action Performed
For single-version deployments of Exchange 2010 SP3 or Exchange 2013, the Configuration Tool disables the Default Email-
Address policy only.
For mixed Exchange deployments that include Exchange 2013 or Exchange 2010 SP3 servers in the same environment asExchange 2007 SP3 servers, the globalAddressList2 attribute must be populated with entries from the globalAddressListattribute. The globalAddressList2 attribute was introduced in Windows Server 2008 R2. In an environment that includesExchange 2013 or 2010 SP3, an address list must be populated into the attribute to ensure correct operation. Exchange2013 and 2010 SP3 manage the globalAddressList2 attribute automatically, but Exchange 2007 SP3 does not. To populatethis attribute, perform the following actions:1. Copy the globalAddressList attribute into the globalAddressList2 attribute.
2. To populate globalAddressList2 with all entries from globalAddressList, run the following PowerShell script:
When a customer is provisioned with the Exchange service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> HE is created and all Full Service Administrator users
are added as members.
The global security group HE <CustomerShortName> <ServiceAccessLevelName> is created for each user plan selected
for the customer. No members are added to these groups until users are provisioned with the Exchange service at the
corresponding level.
The global security group HE <CustomerShortName> NONE is created. No members are added to this group until users
are deprovisioned.
Users
When a user is provisioned with the Exchange service, the following changes occur:The user becomes a member of the HE <CustomerShortName> <ServiceAccessLevelName>.
Adding contacts
When contacts are added for a customer, the following changes occur:A Contact Type object is created under the customer organizational unit (OU) using the format
<ContactName>_<CustomerShortName>.
Creating distribution groups
When distribution groups are created for a customer, the following changes occur:A universal distribution group is created under the customer OU using the format Distribution <CustomerShortName>
When preparing your Lync deployment for provisioning to customers, ensure the domain for the customer you are
provisioning is included on the certificates that exist on the Lync Front-End and Director servers.
For provisioning the DNS records required for the Lync services, configure the DNS service. This enables Services Manager to
provision the customer's forward lookup zone, as well as create the Host (A) record for SIP, and create the SRV records
required when you provision the Lync service. You can define the Lync DNS records that Services Manager will create when
you configure the Lync service settings. For more information about configuring the DNS service, see Deploy the DNS
service.
If the DNS service is not configured, you will need to create the following DNS records manually for each customer:A forward lookup zone for the domain to which you are provisioning the customer.
SRV records, _sipinternal and _sipinternaltls
Host (A) record for SIP, specifying the Lync Director server's IP address
Deployment overview
Typically, deploying the Lync services includes the following steps:1. For Lync 2013, deploy the Distributor Report f ix according to the instructions in CTX139274, in the Citrix Knowledge
Center.
2. Install the web service on the Lync Front-End server.
3. Configure the Lync service using the control panel.
4. If you intend for Services Manager to provision DNS records for the Edge and Front-End servers in your deployment,
configure the DNS service.
5. Provision the service to customers.
For deployment instructions, see the following topics:Deploy the Lync Enterprise 2010 and Lync Hosted 2010 services
Deploy the Lync Enterprise 2013 and Lync Hosted 2013 services
Changes to the server during installation
As part of the installation process, the Configuration Tool performs several tasks when you install the Lync 2010 or 2013web services.
Tasks performed Lync 2010 Lync 2013
Web service account iscreated in ActiveDirectory
Default service account: csm_lync_svc Enterprise: csm_lync_svc
Hosted:
csm_lynchosted_svc
Web service account isadded to ActiveDirectory groups
CSAdministrator
Domain Users
RTCUniversalServerAdmins
Note: You must add the web service account manually tothe CortexWSUsers group.
CortexWSUsers
CSAdministrator
Domain Users
RTCUniversalServerAdmins
Lync Front-End serveraccount is added to
No. You must add the server accounts for the Front-Endand Director servers manually to the CortexAdmins group.
Updated: 2013-02-20The Mail Archiving service enables service providers and resellers to set up Exchange 2007 and 2010 journaling rules for their
customers. Incoming and outgoing email are included in a journal report which is sent to the customer's journaling inbox.
The journal report contains the transport envelope data of the archived message and the original message is included as an
attachment.
The Mail Archiving service requires no web service to be installed. You need only to configure the service using the Services
Manager control panel. The Mail Archiving service's customer plan defines the journaling type that is provisioned to
customers.
Supported journaling types
Services Manager supports the following journaling types:Internal journaling
External journaling
Global Relay, where mail is archived offsite through the Global Relay Message Archive service
Service deployment overview
Deploying the Mail Archiving service involves the following tasks:1. Determine the journaling types you will offer to customers.
2. Configure the service using the control panel.
3. Provision the service to customers.
For deployment instructions, see Deploy the Mail Archiving service.
Provisioning changes in Active Directory and Exchange
When users are provisioned with the Mail Archiving service, they become members of the MARCH {CustomerShortName}
FULL group.
When a customer is provisioned with the External customer plan, the following changes occur:
Changes in Active Directory Changes in Exchange 2007 and 2010
Contact {CustomerShortName} ArchiveMailbox Contact is added.
{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.
Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}
Changes in Active Directory Changes in Exchange 2007 and 2010
When a customer is provisioned with the Internal customer plan, the following changes occur:
Changes in Active Directory Changes in Exchange 2007 and 2010
User “mailarchive_{CustomerShortName}" isadded.
{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.
Updated: 2013-04-18The Office Communication Server 2007 (OCS) service for Services Manager delivers unified communication services from the
cloud. Using the Office Communicator client software, users enjoy an array of communication options, including group
chats, status updates, and video conferencing.
The OCS service uses a WMI connection to the Office Communications Server in your environment. The service requires no
web service to be installed. You need only to configure the service through the Services Manager control panel.
Supported versions
The OCS service supports the following OCS versions:Office Communication Server 2007
Office Communication Server 2007 R2
Before you deploy the OCS service, you must have a supported version of OCS deployed in your environment.
Requirements
To allow provisioned users to connect to Communicator, perform the following actions:If needed, change the scope of the CortexAdmins group from global to universal.
Include the RTCUniversalAdmins and RTCUniversalReadOnlyAdmins groups in the CortexAdmins group.
On the OCS server, restart all services that use RTC credentials.
To enable OCS reporting, configure and enable the OCS Monitoring Service on the OCS server. During configuration,perform the following actions on the OCS server:
Use both TCP/IP and named pipes for local and remote connections.
Allow SQL Server mode and Windows Authentication mode.
Add a SQL Server logon that has been granted db_datareader and db_owner permissions to the following OCS
databases: RTC, RTCDYN, and LCSCDR (this database is present only when OCS Monitoring is enabled).
Service deployment overview
Deploying the OCS service involves the following tasks:1. Configure the service using the control panel.
2. If using in a multi-tenanted environment, partition the address book by OU.
3. If OCS 2007 R2 is installed in the Configuration container instead of System, update the location on the Services
Manager Provisioning server. By default, Services Manager looks for OCS settings in the System container.
4. Provision the service to customers.
For deployment instructions, see Deploy the Office Communication Server 2007 service.
Updated: 2014-01-20The Microsoft SQL Server Hosting service for Services Manager enables you to host instances of Microsoft SQL Server
from the cloud.
The service requires no web service to be installed and uses a remote connection to Microsoft SQL Server in your
environment.
Multiple SQL Server databases can be provisioned to a customer and the customer can then assign users to the databases.
The customer's databases can be provisioned to different SQL Servers or instances, depending on the resource
configuration.
Supported versions
The Microsoft SQL Server Hosting service supports the following versions of SQL Server:Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2012
Requirements
When preparing SQL Server for your Services Manager deployment, perform the following tasks:Ensure the SQL Server is a member of a domain managed by Services Manager.
Set the Authentication mode to SQL Server and Windows Authentication.
Enable remote connections to the server.
Enable protocols for remote connection, such as TCP/IP.
Open inbound f irewall ports required for the SQL Server instance and for Services Manager. The port for default
instances of SQL Server is TCP 1433. The default port for Services Manager is TCP 8095.
Ensure the SQL Server Browser service is running and set to start automatically. This ensures Services Manager can
locate the SQL Server and enumerate the instances installed when you configure the Microsoft SQL Server Hosting
service in the control panel. If you are using named instances of SQL Server, ensure UDP port 1434 is also open for
inbound connections.
Install the SQL Native Client component on the Services Manager Provisioning server. The 32- and 64-bit clients for each
supported version of Microsoft SQL Server are available from the Microsoft downloads site.
Service deployment overview
Deploying the Microsoft SQL Server Hosting service involves the following tasks:1. Ensure the SQL Native Client component is installed on the Services Manager Provisioning server.
2. Configure the service using the control panel. This includes creating a server collection and retrieving SQL Server
instances from each SQL Server in the collection.
3. Provision the service to customers.
For deployment instructions, see Deploy the Microsoft SQL Server Hosting service.
Updated: 2014-08-29The SharePoint 2010 and 2013 services deliver SharePoint web sites to customers for sharing documents and informationfrom the cloud. Services Manager integrates with SharePoint servers through a Windows Communication Foundation(WCF) service. This topic includes the following sections:
Supported versions
Service migration
SharePoint server requirements
PowerShell remoting requirements
SharePoint account requirements
Service deployment overview
Web service deployment methods
DNS provisioning
SharePoint 2013 licensing and Web Apps
Supported versions
The SharePoint services support the following SharePoint server and IIS versions:
Service Name SharePoint Server Version SharePoint Edition IIS Version
Migrating customers from the SharePoint 2010 service to the SharePoint 2013 service includes the following tasks:Upgrade your SharePoint 2010 deployment as described in the article "Overview of the upgrade process to SharePoint
2013" on the Microsoft TechNet web site.
Provision the SharePoint 2013 service to customers, but do not configure resources or sites.
Remove the SharePoint 2010 sites from the control panel.
Import customers' migrated sites to the control panel.
SharePoint server requirements
When preparing the server that will be hosting the SharePoint web service, ensure the following requirements are met.These requirements apply to both SharePoint 2010 and SharePoint 2013 unless otherwise specif ied.
Operating system Install one of the following operating systems:SharePoint 2010: Windows Server 2008 (minimum)
SharePoint 2013:
Windows Server 2008 R2 SP1 Standard, Enterprise, or Datacenter (64-bit)
Windows Server 2012 Standard or Datacenter (64-bit)
SharePoint 2013 SP1: Windows Server 2012 R2 Standard or Datacenter
Remote DesktopServices
Enabled.
Windows Serverroles
Enable the following roles:Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
SharePoint siteDNS management
Install and configure the DNS service to enable Services Manager to manage DNS for SharePointsites.
Web hostingservice
Install and configure the Windows Web Hosting service on the same SharePoint server that hoststhe SharePoint web service.
Service ports Open ports 8095-8098 and 5985 from the server hosting the SharePoint and Windows WebHosting services to the Services Manager Web and Provisioning platform servers.
Loopback check SharePoint 2010: Disabled. To do this:1. From the Registry Editor, select the following registry key:
2. Right-click Lsa, point to New, and select DWORD Value.
3. Type DisableLoopbackCheck.
4. Right-click DisableLoopbackCheck, then select Modify.
5. In the Value f ield, type 1.
6. Restart the server.
PowerShell remoting requirements
SharePoint 2010 and 2013 use PowerShell remoting to communicate with other servers in the environment. PowerShell
remoting must be enabled on the SharePoint server as well as on the Web and Provisioning servers in your Services Manager
deployment. Additionally, Credential Security Service Provider (CredSSP) authentication must be enabled.
SharePoint 2010
When you install the SharePoint 2010 web service, the Services Manager Configuration Tool configures PowerShellremoting by performing the following tasks:
Configures local policies:
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management
(WinRM) > WinRM Service > Allow CredSSP Authentication
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management
Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Specify
maximum amount of memory in MB per Shell
Checks for existing WinRM listeners. If a listener is not detected, winrm quickconfig is executed.
SharePoint 2013
Before you install the SharePoint 2013 web service, perform the following tasks to configure PowerShell remoting:Enable PowerShell remoting by running the following cmdlet on the SharePoint, Web, and Provisioning servers:
Enable-PSRemoting -ForceEnable CredSSP by running the following PowerShell cmdlets:
On the SharePoint 2013 server:
Enable-WSManCredSSP -Role ServerNote: After the script f inishes, restart the server.
On the SharePoint, Web, and Provisioning servers:
Enable-WSManCredSSP -Role Client -DelegateComputer *.domainEnable and configure the following local policies on the SharePoint 2013 server:
Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Fresh Credentials with
NTLM-only Server Authentication (SPN=WSMAN/*.domain)
Typically, deploying the SharePoint 2010 and 2013 services involve the following tasks:1. Configure the DNS service using the Services Manager control panel and provision to customers.
2. Install and configure the Windows Web Hosting web service on the SharePoint server that hosts the SharePoint web
service.
3. Install the SharePoint web service on the SharePoint farm server.
4. Configure the SharePoint web service using the control panel.
5. Add SharePoint farms to the control panel and configure for multi-tenancy.
6. Add and configure SharePoint feature packs, if applicable.
7. Configure SSL certif icates for provisioning to customer sites. (SharePoint 2013)
8. Provision the SharePoint service to customers.
The SharePoint web service is deployed on the application (front-end) server in the SharePoint farm. During the web service
installation process, the Services Manager Configuration Tool sets the SharePoint web service to the same application pool
identity as the SharePoint Central Administration site. This configuration is required for Services Manager to provision
SharePoint resources.
For deployment instructions, see Deploy the SharePoint 2010 service.
Web service deployment methods
You can deploy the SharePoint web service in the following ways:As a dedicated web service, where each SharePoint server in your deployment hosts the SharePoint web service. To
complete provisioning requests, each SharePoint server communicates directly with the Web and Provisioning servers as
appropriate.
As a shared web service, where the SharePoint web service is hosted on a single SharePoint server in your deployment.
To complete provisioning requests, this server communicates directly with the Web and Provisioning servers, and also
connects with the other SharePoint servers in the deployment as needed using PowerShell remoting.
Citrix recommends deploying the SharePoint web service as a dedicated web service. This method improves performance by
avoiding the potential for "double-hopping," where web service connections are relayed through a single point to other
SharePoint servers. Using a dedicated web service also improves reliability in the event of a server failure, as there are other
SharePoint servers that can provide web service connections.
DNS provisioning
You can enable DNS provisioning for SharePoint sites you provision through Services Manager. To do this, you must deploythe DNS service and provision it to customers. The following table describes DNS provisioning support in the SharePoint2010 and SharePoint 2013 services.
Servicename
SupportedDNS recordtypes
DNS record conf iguration DNSenabledbydefault?
SharePoint2010
Host (A)
CNAME
Control panel: Configuration > System Manager > Service Deployment >
Manages only one record type at a time. Changing the DNS record type
after sites are created is not recommended as it results in duplication of
DNS records.
SharePoint2013
Host (A) Control panel: Configuration > System Manager > Service Deployment >SharePoint 2013 > Service Settings
Yes
Servicename
SupportedDNS recordtypes
DNS record conf iguration DNSenabledbydefault?
When a SharePoint site is provisioned, a DNS record is created if the following requirements are met:A DNS record type is defined for the site.
The SharePoint site URL includes a subdomain (for example, http://site01.sharepoint-domain.com).
The DNS zone for the site is provisioned to the customer (for example, if the site URL is "site01.sharepoint-domain.com,"
the DNS zone "sharepoint-domain.com" must be provisioned to the customer before the site is provisioned.
After the DNS record is created, you can view the record using the following methods:From the control panel: Services > DNS > DNS Records
From the DNS server, using the DNS Manager snap-in, under Forward Lookup Zones for the domain
For instructions on enabling DNS provisioning for SharePoint 2010 sites, see To enable DNS for the SharePoint 2010 service.
SharePoint 2013 licensing and Web Apps
In Services Manager, SharePoint 2013 farms can have one of the following licenses: Foundation, Standard, or Enterprise.
When a SharePoint farm has only Foundation features enabled, customers are billed for each site with access to those
features. When a farm has Standard or Enterprise features enabled, customers are billed for each user provisioned to a site
with access to those features. For users of Standard or Enterprise sites, the license they are provisioned governs the set of
features that are available when they access the site. For example, if a user has a Standard license and accesses a site with
Enterprise features, the license allows the user to access only the Standard set of features on the site.
To determine whether or not per-user licensing is enabled for a farm, use the SharePoint cmdlet Get-SPUserLicensing.
When you create a SharePoint farm through the control panel, the farm has Foundation licensing by default. You can
configure the license on the Services > SharePoint 2013 > Farm Configuration page. However, after the farm is provisioned
to a customer, you cannot modify the license.
For farms with Standard or Enterprise licenses, you can also enable Microsoft Office document editing and MicrosoftProject features within SharePoint. These options have the following requirements:
To use this option... These items are required...
Edit Office Web Apps Users must have licenses to use Office applications
SharePoint farm must be configured to work with Office Web Apps Server
Project Web Apps Users must have licenses to use Project
SharePoint farm must be configured to work with Project Web App
When these options are enabled for the farm, you can choose to enable these options for users that are provisioned with
Standard or Enterprise user plans (and the appropriate product licenses). These options apply to all sites to which users are
provisioned. For example, if a user has the Edit Office Web Apps option enabled and has a Microsoft Word user license, the
An Active Directory security group is added to Hyper-V servers to enable remote connections. Yourenvironment must allow security groups to be added to the host from the domain containing theServices Manager components.
SCVMM role requirements
In SCVMM, a Self Service user role is required for integration with Services Manager. Create this role with the followingsettings:
User role name: SelfService
User role profile: Self-Service User
Role member: CortexWSUser
Select the VM host groups that Services Manager will manage
Grant permissions: All actions
Allow users to create new VMs
Do not allow users to store VMs in a library
Firewall requirements
Open inbound TCP port 8095 on the server hosting the Virtual Machines web service. Additionally, open the followingfirewall ports, by role:
Role Port Description
SCVMM servers 8100 VMM - Administrator Console to VMM server
Asinstalled
RDP - self-service portal website port
If using a remote VMMdatabase
1433 TDS - SQL Server
Virtual server 5900 VMRC - VMRC connection to virtual server host
Hyper-V hosts 80 WinRM - VMM server to VMM agent on Windows Server-based host(control)
443 BITS - Library server > hosts
445 SMB - VMM server to VMM agent on Windows Server-based host (data)
Remove the following folders or executables from real-time scanning by security software:The default virtual machine configuration folder (for example, C:ProgramDataMicrosoftWindowsHyper-V) and any
custom virtual machine configuration folders
The default virtual machine hard disk drive folder (for example, C:UsersPublicDocumentsHyper-VVirtual Hard Disks) and
any custom virtual machine hard disk drive folders
Snapshot folders
VMMS.EXE - Virtual Machine Management Service
VMWP.EXE - Virtual Machine Worker Process
If you use Hyper-V Live Migration with Cluster Shared Volumes, remove the Cluster Storage folder (for example,
C:Clusterstorage) and all subfolders.
Network access
For each Hyper-V host, use SCVMM to set up network access:Configure network adaptors.
Configure VLAN ranges for VLAN trunking.
Hyper-V hosts can be stand-alone or clustered. Services Manager supports Cluster Shared Volumes for provisioning highly
available VMs.
For each Hyper-V host Services Manager is to manage, refer to article CTX129850, "How to Add a Hyper-V Host to
Cortex," in the Citrix Knowledge Center.
Service deployment overview
Deploying the Virtual Machines service involves the following tasks:1. Install the web service on the SCVMM server.
2. Configure the service using the control panel.
3. Verify the connection to SCVMM and synchronize resources.
4. Add Hyper-V hosts to Services Manager. See article CTX129850, "How to Add a Hyper-V Host to Cortex," in the Citrix
Knowledge Center.
5. Create virtual servers and networks using the control panel.
6. Establish remote connectivity to virtual servers so that customers can access them when they are provisioned the
service. See article CTX129846, "How to Connect to a Virtual Machine," in the Citrix Knowledge Center.
Updated: 2013-05-11The Windows Web Hosting service enables service providers to host customers' web sites on Windows-based web servers.
The service also provides IIS support and DNS management.
Supported platforms
The Windows Web Hosting service supports the following IIS and Windows Server versions:
Version Windows Server 2008 Windows Server 2008 R2 SP1 Windows Server 2008 R2 SP1 Web Edition
IIS 7 X
IIS 7.5 X X
Requirements
When configuring the IIS server, perform the following tasks:Enable CloudPortal Services Manager DNS Services and enable DNS records for the Services Manager Windows Web
Hosting Service.
Install CloudPortal Services Manager Windows Web Hosting Service.
Create Web hosting root directory and shares with appropriate permissions
Create AD user and groups for FTP access and grant them appropriate permissions to the Web hosting root directory
In IIS Manager, create an FTP site with the following settings:
Setting Name Value
FTP site name Enter a name of your choosing.
Physical path Enter the path to the web hosting root directory.
IP Address Enter an IP address that is unique across all FTP sites.
Start FTP site automatically Select this option.
Enable Virtual Host Names Leave blank.
SSL Select Allow SSL.
Authentication Select Basic.
Allow access to Select Specif ied roles or user groups and enter as domainCortexIISUser
Select FTP home directory configured in Active Directory and enter the
credentials as domainCortexIISUser
FTP Authentication > Basic
Authentication
Click Edit and enter the fully qualif ied domain name for the user's default logon
domain.
Setting Name Value
Service deployment overview
Deploying the Windows Web Hosting service involves the following tasks:1. Configure the service using the control panel. This includes creating a server collection.
2. If required, retrieve the certif icate list on the web server and enable availability to customers' sites.
3. If required, retrieve the IP address list on the web server and modify as appropriate.
Updated: 2014-08-29Important: Install and configure the Encryption Service before installing any other platform server roles. This ensures theConfiguration Tool can access the service's encrypted key when other platform components and services are installed.Additionally, Citrix strongly recommends using SSL with the Encryption Service. Because the traffic to and from the service
contains sensitive data, using SSL ensures this traffic is encrypted appropriately.
When you configure the Encryption Service, the Configuration Tool performs the following actions:Creates a service account in Active Directory. By default, the service account name is csm_core_svc.
Creates an application pool and web site in IIS and configures authorization rules to limit access to the Domain Admins
group or the CortexWSUsers group.
Generates an encryption key and stores it in Windows Registry.
To install and configure the Encryption Service using the graphical interface
1. From the installation media, double-click Setup.exe and then click Get Started.
2. On the Select Deployment Task page, select Install CloudPortal Services Manager.
3. On the Install CloudPortal Services Manager page, select Configure Encryption Service.
4. On the License Agreement page, accept the license agreement and click Next.
5. On the Ready to Install page, click Install. The Deploying Server Roles page indicates the progress of installing
prerequisites, the Configuration Tool, and the Encryption Service.
6. On the Deployment Complete page, click Finish.
7. On the Configure Application Pool Identity page, enter a password for the Encryption Service's service account. By
default, the username is csm_core_svc. Click Next.
8. On the Configure Site Binding page, select Use SSL and select the SSL certif icate you want to use. Click Next.
9. On the Summary page, click Commit.
10. After the configuration is completed, click Finish to return to the Install CloudPortal Services Manager page.
To install and configure the Encryption Service using the command line
1. On the server you prepared to host the Encryption Service, log on as a domain administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /install:EncryptionService. The Setup Tool installs the service
and returns the command prompt.
4. At the command prompt, enter install-locationConfigurationCortexConfigConsole.exe and specify the following
properties:
Property Description
/ESUserName:username The application pool user for the Encryption Service.
/ESPassword:password The application pool password.
/ESPort=port The port number to use when creating a site binding for the service. Default = 443
To install server roles using the graphical interface
Jun 05, 2015
Updated: 2013-03-04Perform this task on the server that will be hosting the server role you want to install. For example, install the Provisioningserver role on the server that you have designated as the Provisioning server. Likewise, install the Web server role on theweb server.Note: Install and configure the Reporting server role after the primary location has been configured. If you install theReporting service before the primary location has been configured, configuration of the Reporting service fails.1. From the installation media, double-click Setup.exe.
2. On the Setup Tool splash page, click Get Started.
3. On the Select Deployment Task page, select Install CloudPortal Services Manager.
4. On the Install CloudPortal Services Manager page, select Deploy Server Roles & Primary Location.
5. On the Deploy Server Roles & Primary Location page, select Install Server Roles.
6. On the License Agreement page, accept the license agreement and then click Next.
7. On the Select Server Roles page, select one or more roles to install and then click Next. The Configuration Tool check
box always remains selected.
8. On the Review Prerequisites page, review the prerequisite items that will be installed and then click Next.
9. On the Ready to Install page, review the selected roles and prerequisites that will be installed. Click Install. The Deploying
Server Roles page indicates the progress of installing prerequisites and the selected roles, and the result.
10. On the Deployment Complete page, click Finish. The installer returns to the Deploy Server Roles & Primary Location page.
After you have installed the selected server role(s), run the Configuration Tool to configure the server role. For more
information, see To configure server roles using the graphical interface.
Configure server roles and locations from the command line
Jun 05, 2015
Updated: 2014-10-09This topic assumes that you have installed the Services Manager Configuration Tool on the platform servers you want to configure and on the server where you want to configure the primary
location or a remote location. When you install a platform server role, the Configuration Tool is installed automatically. To install the Configuration Tool only, see To install server roles from the
command line.
This topic includes the following sections:Command Conventions
Return Codes
Syntax
Databases options
Provisioning options
Directory Web Service options
Web options
Location options
Reporting options for deploying the Reporting service
Reporting options for deploying reports
Reporting (Data Warehouse) options
Report mailer options
Example: Configure the Provisioning and Directory Web Service server roles
Example: Configure the primary location
Example: Configure a remote location
Command Conventions
Several options use Boolean values (true or false).If you omit an option that requires a Boolean value, the default value is used. For example, if you do not include the /UseCortexSql:True | False option in the command, the default value (false) is
used; that is, the reporting database will not use the settings configured for the main system database.
If you specify an option that requires a Boolean value but you omit the value, the option value is true. For example, if you specify only /UseCortexSql (with no True or False value), the option is true;
that is, the reporting database will use the settings configured for the main system database.
You can use environment variables to represent one or more command-line options or option values (for example, /ReportingDBServer:%currentServer%, where currentServer is defined as an
environment variable).
Enclose option values that contain spaces in quotation marks (for example, /LocationName:"Southeast Hub").
Return Codes
The configuration command supports the following return codes:
Value Meaning
1 Another instance is already running.
0 Success.
-1, -2, -3 Command-line error.
-4 General failure during configuration. To debug further, review the log in %WINDIR%Temp.
Syntax
To configure the server roles and create the primary location from the command line, you execute the Services Manager Configuration Tool by typing the following at a command prompt:
Location of XML configuration f ile with read-write access for the current user. If this f ile already exists, its content will be overwritten during the configuration.
/Conf igure:tasks
Configures specif ied installed Services Manager roles and a location. Valid values are:
Databases – Creates the main Services Manager system databases.
Provisioning – Configures the Provisioning Engine.
DirectoryService - Configures the Directory Web Service.
Web – Configures the Web Server.
Location – Initializes the Services Manager instance. A location is the main unit of isolation between tenants, and usually corresponds to an Active Directory domain or forest.
Reporting – Creates the reporting database and configures the Data Warehouse feature.
ReportMailer – Configures the email environment for sending usage reports to the Citrix license monitor. Configuring the Report Mailer is required.
Required. Name of the main system database (the previously-installed Microsoft SQL Server 2008 R2 instance).
/CortexSqlAuthMode:SQL|Windows
SQL Server authentication mode: SQL or Windows. Default = Windows
/CortexSqlUsername:username
Username for the main system database user. This is optional if you specify /CortexSqlAuthMode:Windows and are using integrated security.
/CortexSqlPassword:password
Password for the user name specif ied with the /CortexSqlUsername option. This is optional if you specify /CortexSqlAuthMode:Windows and you are using integrated security.
/CortexSqlPort:port
SQL Server port. Default = 1433 if this is the default SQL Server instance.
/GenerateCortexSqlCredentials:True | False
If true, passwords for the CortexProp, ExchangeLogs, OLMReports, and OLMUser system database users are automatically generated.
/CortexPropPassword:password
Password for the CortexProp database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/ExchangeLogsUserPassword:password
Password for the ExchangeLogs database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/OlmReportsUserPassword:password
Password for the OLMReporting database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/OlmUserPassword:password
Password for the main system database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/GenerateConf igFile:f ilename
Path and f ile name for XML configuration f ile.
Provisioning options
/SmtpServer:address
Required. Address of SMTP server from which email messages are sent, including system updates for administrators and account notif ications for end users.
/SmtpServerPort:port
Port on SMTP server to be used for sending email messages about system updates for administrators and account notif ications for end users. Default = 25
/SmtpOutFolder:folder
Folder that serves as an outbox for the control panel when sending emails. Default = %WINDIR%TempCortexEmail
If true, user credentials are automatically generated for the Queue Monitor service, which processes administrative requests from the Web Server and automates other services. Default = False
/QueueMonitorUserName:username
User name for a domain account to be used by the Queue Monitor service (default = cortex_qmon_svc). The user must have full domain administrator permissions. This is optional if you specify
GenerateQueueMonitorCredentials:True.
/QueueMonitorPassword:password
Password for the user name specif ied with the /QueueMonitorUserName option. This is optional if you specify /GenerateQueueMonitorCredentials:True.
If true, user credentials for the Directory Monitoring service are generated automatically. This service monitors Active Directory, keeping account information current and sending email
notif ications for key events such as password expiry. Default = False
/DirectoryMonitoringUserName:username
User name for the account to be used by the Directory Monitoring service (default = cortex_dirmon_svc). This is optional if you specify /GenerateDirectoryMonitorCredentials:True.
Password for the user name specif ied with the /DirectoryMonitoringUserName option. This is optional if you specify /GenerateDirectoryMonitorCredentials:True.
If true, the user account to be used by the Directory Web Service is created if it does not already exist. Default = True
Web options
/ExternalAddress:address
Externally-resolvable address by which the Web Server can be reached. Default = cortexweb
/UseSsl:True | False
If true, an SSL binding is created for the management portal. Default = True (recommended)
/SslCertif icate:name
Friendly name of the SSL certif icate to use. This is required if you specify /UseSSsl:True.
/BindingIpip-address
IP address to use for the new site binding. Default = "*" (all unassigned)
Location options
When configuring locations, consider the following items:Run all configuration steps as a domain administrator.
Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.
Ensure the required f irewall ports are configured for each server in the deployment.
/PrimaryLocation:True | False
Required. If True, the /Locationx configuration option values are for the f irst Services Manager administrator. This is the top-level administrative account in the control panel; it can add customers,
assign services, and manage delegated administration.
/LocationName:name
Required. Name of the location. Default = Top Location
/LocationDescription:description
Description of the location. Default = Top-level Service Provider Location
/LocationOU:location
OU of the location.
/LocationOULabel:label
OU label of the location.
/CspAdminFirstName:f irst-name
First name of administrator (Default = CSP). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
Last name of administrator (Default = Admin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspAdminUserName:username
User name for the administrator (Default = cspadmin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspAdminPassword:password
Password for the user name specif ied with the /CspAdminUserName option. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspContact:name
Contact name of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspContactEmail:address
Email address of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspName:name
Name of service provider that will appear in displays. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspUPN:suff ixes
UPN suffixes (Default = tsp.local). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
Reporting options for deploying the Reporting service
/UseCortexSql:True | False
If true, the reporting database will use the settings configured for the main system database. Default = False
/ReportingDBCollation:True | False
Determines how string data is sorted when comparing, selecting, or manipulating values from the database.
/ReportingDBServer:address
Address of the reporting database server. This is optional if you specify /UseCortexSql:True.
/ReportingDBServerPort:port
Port to use on the database server (Default = 1433). This is optional if you specify /UserCortexSql:True.
/ReportingDBName:name
Name of reporting database. Default = OLMReporting
/ReportingDBServerAuthMode:SQL | Windows
Authentication mode of the reporting database. This is optional if you specify /UseCortexSql:True.
/ReportingDBGenerateCredentials:True | False
If true, reporting database administrator account credentials are generated automatically. Default = False
/ReportingDBServerUserName:username
User name for an administrator account to be used to create the reporting database, plus create and configure the service account specif ied with the /OlmReporting* options. This is optional if
you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.
/ReportingDBServerPassword:password
Password for the user name specif ied with the /ReportingDBServerUserName option. This is optional if you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.
/OlmReportingUserName:username
Name of service account used by the Data Warehouse process to update the reporting database. This is optional if /ReportingDBGenerateCredentials:True.
/OlmReportingPassword:password
Password for the user name specif ied with the /OlmReportingUserName option. This is optional if /ReportingDBGenerateCredentials:True.
/OlmReportingUserAuthMode:SQL| Windows
Authentication mode: SQL or Windows (Default = SQL). This is optional if /ReportingDBGenerateCredentials:True.
Required. User name of the Reporting Service administrator.
/ReportsPassword:password
Required. Password for the user name specif ied with the /ReportsUserName option.
/PublishReports:report[,report]…
Comma-separated list of reports to deploy. Valid values are: AD Sync, Billing, Citrix, Communicator, DNS, Exchange, File Sharing, FTP, Mail Archiving, Microsoft CRM, MySQL, SharePoint, SQL Server,
Windows Web Hosting.
To publish all reports, use the /PublishAllReports option.
/PublishAllReports:True | False
If true, all available reports are published (Default = False). To publish a subset of the available reports, set this option to False, and use the /PublishReports option to specify the reports.
Reporting (Data Warehouse) options
/SuccessEmailFrom:address
Required. Source email address for success notif ications.
/SuccessEmailTo:address
Required. Destination email address for success notif ications.
/FailureEmailFrom:address
Required. Source email address for failure notif ications.
/FailureEmailTo:address
Required. Destination email address for failure notif ications.
/GenerateDataTransferCredentials:True | False
If true, user credentials for the Data Transfer Service are generated automatically. Default = False
/DataTransferUserName:username
User name for the account to use for the Data Transfer Service. This is optional if you specify /GenerateDataTransferCredentials:True.
/DataTransferPassword:password
Password for the user name specif ied with the /DataTransferUserName option. This is optional if you specify /GenerateDataTransferCredentials.
/SmtpServer:address
Address of SMTP server to be used for sending email messages.
/SmtpServerPort:port
Port on the SMTP server to be used for sending email messages.
Report mailer options
/CustomerId
Required. Customer ID.
/ReportMailerEmailServer:name
Name of SMTP mail server.
/GenerateUserCredentials:True | False
If true, credentials for the SMTP mail server user account are generated automatically. Default = False
/ReportMailerTaskUserName:username
User name for the account the Report Mailer task will use. This is optional if you specify /GenerateUserCredentails:True.
/ReportMailerTaskUserPassword:password
Password for the user name specif ied with the /ReportMailerTaskUserName option. This is optional if you specify /GenerateUserCredentails:True.
User name for the user account that accesses the SMTP email server.
/ReportMailerEmailPassword:password
Password for the user name specif ied with the /ReportMailerEmailUserName option.
Example: Configure the Provisioning and Directory Web Service server roles
The following command configures the Provisioning and Directory Web Service server roles and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Provisioning,DirectoryWebService /SmtpServer:mail.takahepubs.com /DirectoryServiceUsername:cortex_dirws_svc /DirectoryServicePassword:passwordExample: Configure the primary location
The following command configures the primary location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Location /PrimaryLocation:True /LocationName:My First Location /LocationOU:Organization-Name /LocationOULabel:My Organization /CspAdminPassword:password /CspContact:CSP-Name /CspContactEmail:[email protected] /CspUPN:my-org.comExample: Configure a remote location
The following command configures a remote location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-fi le.xml /Configure:Location /PrimaryLocation:False /LocationName:My Second Location /LocationOU:Organization-Name /LocationOULabel:My Organization
top environment level setting defaults are suff icient and do not require modif ication.
For some services, a customer plan or user plan must be configured before the service is enabled at the location level.
To reset a service setting to the default value, clear the check box for the property and apply the change. The next time
the service settings are opened, the default value for the property appears.
Control access to a property setting by expanding it and setting the Hierarchy Permission.
Credentials that are in use for a specif ic web service connection cannot be deleted. To remove the credentials, you must
first remove the web service connection.
In most cases, server information is retrieved without any action from the service provider. A server that is outside of the
hosting domain must be manually added to the servers list (Conf iguration > System Manager > Servers).
Server connections enable Services Manager to connect with web services that are installed on the servers hosting the
service. If server connections are created for multiple servers hosting a particular web service, Services Manager assigns
primary and secondary status to the server connections for failover.
Server collections group multiple servers for some services, including Citrix XenApp, Microsoft SQL, MySQL, and Windows
Web Hosting Services. If a server collection and its servers should be available to all resellers, enable Automatic resellerselection. If a server collection should be enabled by default to all customers, enable Automatic customer selection.
Services and customer provisioning
After the service is configured, you can provision the service. Service provisioning typically involves the following tasks:
1. Provision the service to the root Service Provider's Reseller service.
2. Provision the service to the customer.
3. Provision the service to the customer's users.
About service provisioning
Re-provision customers after changing customer plans.
A service that is provisioned to customers cannot be disabled at the top environment level until it has been de-
provisioned from all customers and resellers and deleted from the location level.
Apply cost values to service properties
Service providers can apply a cost value to service properties at various levels (service level, customer plan, and user plan)
depending on the type of service. The values are used in monthly billing reports. Pricing values are inherited from the Top
Environment Services level and overridden at the reseller and customer levels.
The Prices properties typically appear at the end of the service, customer plan, and user plan settings. The properties include
a cost price and sales price. Cost price is the minimum price for a user plan. Sales price is the recommended purchase price,
with a recommended value that is equal or greater than the cost price. The Prices properties for the Hosted Exchange
service also include a price per mailbox value that is the unit price for mailbox usage that exceeds the agreed limit for public
Install the AD Sync client on every domain controller in the external domain. For more information on preparing thesedomain controllers for AD Sync, see Plan to deploy the AD Sync service.Important: The AD Sync client cannot decrypt users' existing passwords when installed due to Active Directory encryption.After the client is installed, users must change their passwords so the client can synchronize them with Services Manager.1. Log on to an external domain controller and then log on to the Services Manager control panel using the administrator
credentials of the customer just provisioned.
2. Download the AD Sync client installer:
1. From the Services Manager menu bar, select Services > AD Sync > AD Sync Download and then click Download.
2. Click Save to save the AD Sync client installer to a drive location so you can copy it to the other external domain
controllers.
3. Install the client:
1. Run the AD Sync Setup installer, enter the requested password, and then click Next.
2. Specify the User watch frequency, select the following settings, and then click Next:
Watch for changes to contacts
Watch for changes to groups
Watch for changes to users
Important: Perform this step for only one AD Sync client to ensure that duplicate requests are not sent to the
Services Manager API. The domain controller configured to watch for changes synchronizes user and password
changes. The other domain controllers synchronize only password changes.
3. Select the Active Directory user groups to include in AD Sync operations and then click Next twice. When the AD Sync
service detects a USN change, it performs the synchronization only if the user is in an included group. The last USN
value is stored in [INSTALLDIR]QueueSyncActiveDirectory.config.
4. If a proxy server is used in the external domain, enter the information for it. Using a proxy server ensures that domain
controllers are not exposed to the internet.
5. Click Next, choose a location to install the AD Sync client, click Next, and then click Install.
6. Restart the domain controller. The AD Sync service starts.
7. Copy the AD Sync client installer to all other external domain controllers and then repeat Steps 3a - 3g for each
domain controller.
4. Test the AD Sync client:
1. After a domain controller restarts, log on to Services Manager and then click Users to view the user list. The
synchronized users have a small green arrow next to the user icon.
2. To test that the synchronization works for new accounts, create a new user account in the external domain, add it
to a user group that is included in AD Sync operations, change an attribute on the account, and then verify that the
account appears on the Users screen.
To synchronize additional Active Directory attributes
To change the Active Directory attributes included in API requests, edit the request format in [INSTALLDIR]Requests.
Synchronize Exchange contacts and distributiongroups in a remote domain
Jun 05, 2015
Updated: 2013-04-30You can configure AD Sync to monitor changes to Hosted Exchange contacts and distribution groups that are created in a
remote domain through Services Manager. You can also disable AD Sync for specific contacts and distribution groups so you
can modify them through the control panel.
When a contact or distribution group is created, an object identifier is assigned automatically. For contacts, the identifier is
the objectGUID. For distribution groups, the identifier is the objectSid. The AD Sync client provides these identifiers to
Services Manager, which uses them to display synchronized items in the control panel. By default, these object identifiers
are stored in extensionAttribute12 on the primary domain. If another application is using extensionAttribute12 to store
other values, you can modify the Sync Object Id setting in the Hosted Exchange service settings to specify a different
extension attribute (Configuration > System Manager > Service Deployment > Hosted Exchange > Service Settings,
Customer category, under Extension Attributes).
To enable synchronization for specific contacts and distribution groups
To configure AD Sync to synchronize contacts and distribution groups, you add the contacts and distribution groups youwant to synchronize to appropriate groups that will be included in the AD Sync client's inclusion f ilter. The AD Sync clientmonitors the Windows Event Log for changes to these items and synchronizes the included groups accordingly.Note: When contacts are added or removed, the AD Sync client does not synchronize these changes automatically as theyare not reflected in the Windown Event Log. To ensure changes to contacts are synchronized, you must force the AD Syncclient to synchronize. For more information, see To force synchronization of changes to contacts in Active Directorygroups.
To disable synchronization for specific contacts and distribution groups
Synchronized items such as contacts and distribution groups are displayed in the control panel as read-only items. If youwant to modify a synchronized contact or distribution group, you disable AD Sync for the item and then remove the itemfrom Active Directory group being synchronized. Disabling AD Sync removes the object identif ier from the item's customattribute and makes the item editable.Important: If you disable AD Sync for a contact or distribution group and make changes through the control panel, thosechanges will be lost if you re-enable AD Sync later.1. From the Services Manager menu bar, click Services > Exchange > Contacts or Distribution Groups.
2. Select the contact or distribution group for which you want to disable synchronization.
3. Click Disable AD Sync and then click Close.
4. On the remote domain controller, launch Active Directory Users and Computers and locate the group that contains the
contacts or distribution groups that are no longer being synchronized.
5. Right-click the group and select Properties.
6. On the Members tab, select the contacts or distribution groups you want to remove and click Remove. Click OK.
To re-enable synchronization for specific contacts and distribution groups
1. In the remote domain, locate the object identif ier for the contact or distribution group.
2. On the primary domain, add the object identif ier to the item's Exchange custom attribute.
3. Add the item to the appropriate group that is included in the IncludeGroups setting in the ADSync.exe.config f ile.
Updated: 2013-04-30The following events at a customer site require changes to AD Sync service configuration:
A change has been made to the administrator account for the external domain controllers
A new contact has been added to or removed from a group that is included in AD Sync operations
To re-configure for a new administrator
If the administrator who installed the AD Sync client is no longer available, the new administrator must uninstall the AD
Sync client from all external domain controllers, re-install the client (which will be associated with the new administrator's
account), and restart the domain controllers. The AD Sync service then restarts using the new administrator's account and
synchronize all users on the remote Active Directory domains to Services Manager.
To force synchronization of changes to contacts in Active Directory groups
When a contact is added to or removed from an Active Directory group, the change is not automatically synchronized with
the AD Sync client. To force a synchronization, change a property in the contact. AD Sync detects the change and updates
the include group in Services Manager.
Note: If the contact is a member of a distribution group that is being synchronized, you do not need to force asynchronization. When the AD Sync client synchronizes the distribution group, the contact will be synchronized as well.
Use the following topics to install and configure Call Home:
Install and configure CPSM Call Home
How to trigger data uploading on demand
Install and configure CPSM Call Home
To install and configure CPSM Call Home, you must have Domain Admin permission. CPSM Call Home can only be installed
in CPSM Web Portal server.
This installation steps assume the Services Manager installer is running under the Domain Admin role.
1. Check Accept the terms of this license agreement to accept the License Agreement.
2. Click Next .
3. Select Call Home Windows Service and click Next4. Click Install.5. Click Next after the installation is complete.
6. Click Conf igure to set CPSM Call Home settings.
7. Uncheck the checkbox if you don’t want to view your customer and user information in the License Usage Insights
Service.
8. Click Next9. If you don’t uncheck View your customer and user information in the License Usage Insights Service, input your Citrix
Account Credential and click Next .
10. Click Next11. Click Finish after the configuration is complete.
You can reconfigure CPSM Call Home by running the Call Home Configuration Tool under Domain Admin role in your Web
Portal server.
How to trigger data upload on demand
Call Home uploads data automatically. Data upload needs to be manually triggered only when troubleshooting.
To trigger daily data upload on demand, perform the following steps:
1. Open Registry Editor.2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\Common3. Modify the value of StartTime as per your requirement using the date format HH:mm:ss
4. Restart CitrixCallHome service.
CPSM Call Home will now upload daily data at the StartTime every day.
To trigger historical data upload on demand, perform the following steps:
1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\.
2. Check the value for HistoryDataUploaded. If the value is 1, modify it to be 0.
3. Set the value of HistoryUploadedStartDay and HistoryUploadedEndDay in the format mm/dd/yy. Call Home will
upload data from HistoryUploadedStartDay to HistoryUploadedEndDay.
4. Open Registry Editor and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Cortex\CallHome\Common5. Set HistoryStartTime (format HH:mm:ss) create it if not exist. HistoryStartTime specify the daily start time of
historical upload.
6. Restart CitrixCallHome service.
CPSM Call Home will start to upload historical data at the time specified by HistoryStartTime.
Symptom: While configuring CPSM Call Home, the configuration fails with the error message “Validate Citrix Username andPassword: Failed” Root cause: The upload token cannot be generated with the credentials used. Solution:
Make sure your network is available.
Make sure your Citrix account credentials are correct.
Install CPSM Call Home service failed
Symptom: The installation of CPSM Call Home service fails with the error message “Install Citrix Call Home Windows
Service: Failed.”
Root cause: CPSM Call Home configuration is unable to copy files to the target folder.
Solution:
Make sure CPSM Call Home configuration runs in the CPSM Web Portal ServerMake sure CPSM Call Home configuration has the Domain Admin permission
CPSM Call Home data upload failed
Symptom: Registry key UploadFailedTimes exists and value is not 0 and increases every day in
Updated: 2013-02-11For information about requirements for deploying the Citrix service, refer to Plan to deploy the Citrix service.
Deploying the Citrix service to customers includes the following tasks:1. Install the Citrix web service
2. Configure the Citrix service
3. Provision the Citrix service to resellers
4. Provision the Citrix service to customers
After deploying the Citrix service, use the following topics to provide access to resources through the control panel:Create or remove Citrix application groups
To install the Citrix web service from the command line
Before installing the Citrix web service, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the
XenApp server.
The XenApp servers are running supported versions of Citrix XenApp.
You have created the Citrix web service account in Active Directory.
The Citrix web service account is a Citrix administrator with Full Administration permissions on the XenApp servers where
you install the Citrix web service.
The XenApp server allows inbound connections from the Web platform server on the appropriate port. The default port
is 8095.
When you install the Citrix service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the XenApp server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:Citrix. The Setup Tool installs the web service and
returns the command prompt.
4. At the command prompt, enter install-locationServicesCitrixWSConfigurationCitrixServiceConfigConsole.exe and specify
the following properties:
Property Description
/UserName:ctx_svc_acct Impersonation account for the Citrix service. This account must be a Citrix administrator.
/Password:password Password for the Citrix service account.
/ServicePort:port Inbound port to be used/added to the CortexServices web site. Default = 8095
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program
Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesCitrixWSConfigurationCitrixServiceConfigConsole.exe /UserName:ctx_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see
An application group is a collection of hosted applications, other application groups, and resources. With application groups,you can provision multiple applications and resources to customers quickly and eff iciently.You can also enable customers to create their own application groups that include the applications and resources that are
available to them. To use this feature, the customer must have a user with Citrix Service Administrator permissions, at a
minimum.
To create an application group
Before you create application groups, ensure there is a server collection configured that hosts the applications and
resources you want to include in the group.
When creating an application group, you have the option to make the group available to all customers (public group) or
make the group available to a specific customer (private group). If you choose to make the group private, be sure to click
Save & Reload. When you click Save & Reload, the group is assigned to the customer and all of the customer's private
applications and resources are available for inclusion. To modify this assignment, you first deprovision the Citrix service for
the customer through the Customer Services page. Then, you can modify the application group to assign it to a different
customer or make the group public. After you modify the application group, you can reprovision the Citrix service for the
customer.
When you assign an application group to a specific customer, you can include the group only in other application groups
that are assigned to the same customer.
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.
2. Under Citrix Server Filter, select the location and server collection you want to use for the application group. Any existing
application groups configured for the server collection appear.
3. Under Group Management, click New Application Group.
4. Type the name and description of the new group.
5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is
provisioned to customers.
6. In Access, configure the application group's availability by performing one of the following actions:
To make the application group available to all customers, select the Public Group check box.
To make the application group available to one specif ic customer, clear the Public Group check box and enter the
name of the customer you want to assign.
Note: If you make the application group private, click Save & Reload to create the group and view the customer's
other private application groups or resources. You can then include these items in the group.
7. In Directory Resource, choose one of the following options:
Generate creates and names a security group automatically (e.g., CitrixGrp 3).
Search enables you to f ind and select an existing security group within the domain.
Custom enables you to create a new security group with a unique name you specify.
8. Under Applications, select the hosted applications you want to include in the group.
9. Under Groups, select other available application groups you want to include.
10. Under Resources, select the network resources you want to include in the group.
11. In Publish, select Enabled to make the application group visible to customers.
To enable Services Manager to discover the hosted applications in your environment, you configure a server collection thatincludes the XenApp servers where the applications reside. After the server collection is created, you can use the CitrixApplications page to configure the global settings for each application.1. From the Services Manager menu bar, click Services > Citrix > Configuration > Citrix Applications.
2. Under Citrix Server Filter, select the location and server collection you want to use. All hosted applications configured for
the server collection appear.
Note: Click Refresh to ensure you are viewing all available hosted applications.
3. Under Configured Applications, select the hosted application whose settings you want to configure.
4. Under Manage Application Settings, select one of the following options to create an Active Directory group:
Generate creates and names a security group automatically (e.g., CitrixApp 3).
Custom enables you to create a new security group with a unique name you specify.
5. In Allocation, select the Default Application check box to include the hosted application in the Citrix services package
that is provisioned to customers.
6. In Access, configure the hosted application's availability by performing one of the following actions:
To make the hosted application available to all customers, select the Public Application check box.
To make the resource available to one specif ic customer, clear the Public Application check box and enter the name
of the customer you want to assign.
Note: If you make the hosted application available to one specif ic customer, the application can be added only to
application groups that belong to the same customer.
7. In Publish, select Enabled to make the hosted application visible to customers.
8. Click Save to create the Active Directory group and save your selections.
With Citrix application access, you can provision an application, resource, or application group to multiple users with a singleprovisioning request.To use application access, the Citrix service must be provisioned to the customer to whom the users belong. Additionally,
resellers who want to provision multiple users of sub-customers must have the Citrix service provisioned.
1. From the Services Manager menu bar, click Customers and select a customer for whom you want to provision
applications.
2. In Customer Functions, click Services. This ensures the customer is selected.
3. From the Services Manager menu bar, click Services > Citrix > Application Access.
4. In Type, select the type of application or resource you want to provision.
5. Select the application or resource you want to provision.
6. Under Citrix Application Management, select the users you want to provision.
7. Click Provision to send provisioning requests for all users selected. The selected users are added to the Active Directory
To provision the Dynamics CRM service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.4. Select the Customer Relationship Management check box and then click the service name. The Reseller Service
Setup page appears.
5. Select the customer plans that the reseller can offer to customers.
Note: The customer plans selected determine the CRM servers that are allocated to the reseller for provisioning
customers. Because Customer Plans are used to configure the CRM Servers to provision to (among other properties), use
customer plans to configure different versions of CRM to offer to customers.
6. To customize the customer plan, click the plan name to display the Conf igure Service Settings page and make the
appropriate changes.
Note: Changes you make to the customer plan are applied to all customers within this Reseller subsequently provisioned
with the plan.
7. Click Apply Changes to save your changes to the customer plan.
8. Click Apply Changes to save your changes to the service.
9. Click Provision to enable the reseller to offer the CRM service to customers.
To provision the Dynamics CRM service to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision
services.
2. Select Services. The Customer Services page appears.
3. Click Customer Relationship Management to create an instance. Enter an instance name and a display name and then
click Create. The Instance Setup page appears.
4. Under Service Conf iguration, select the customer plan to provision to the customer.
Note: The customer plan determines the servers on which the customer's user data is stored and how Services Manager
sets up the database. The plan selection also determines any additional service options that require configuration before
the service can be provisioned to customers.
5. Under CRM Conf iguration, perform the following actions:
1. In CRM Server, select the CRM server that hosts the customer's instance.
2. Ensure the following settings are selected and that the correct values have been entered:
SQL CollationCurrency CodeCurrency NameCurrency Symbol
The Currency Code setting cannot be changed after the CRM service is provisioned to the customer.
6. Click Provision to provision the customer with the CRM service.
To import CRM organizations created outside Services Manager
The CRM Import Tool for Dynamics CRM enables service providers to import CRM organizations that were not initially
created through Services Manager. Service providers can link the organization to a customer in Services Manager and, where
possible, match the organization's users to the domain user ID of the customer's users in Services Manager.
1. From the Services Manager menu bar, click Services > Dynamics CRM > CRM Import . The CRM Customer Allocationpage displays a list of the organizations configured on the CRM server. If an organization is allocated to a customer, the
customer's name appears in the list.
2. Select the CRM organization you want to import. The Customer Import Manager page displays.
3. Under Customer Details, perform the following actions:
1. In CRM Description, enter the name of the CRM site.
2. In Customer Search, enter the name of the CRM customer you want to import and select the customer name.
4. Click Provision. The Customer Import Manager page displays a table of the users that match the domain user IDs of
the customer's CRM users. By default, these users are selected for provisioning.
5. Click Provision Users to provision the selected users with the CRM service. Services Manager updates the selected users'
When you upgrade the web service on web service servers without uninstalling the previous version of Hosted Apps and
Desktops web service in advance, you need to launch the Hosted Apps and Desktops Conf iguration Tool to
complete the configuration.
Duplication of XenApp applications in XenApp farm is not supported. This is to prevent the duplicated offering from
sharing the same CitrixAppId with its parent application, which will lead to confusion in the new Hosted Apps and
Desktops Service.
The Type value for delivery groups created in XenDesktop 7.8 and 7.9 can be inconsistent with the Type value in
CloudPortal Services Manager. For example, when creating a delivery group in XenDesktop 7.8 or 7.9 without any type,
the Type value displayed in Citrix Studio is “-”, and the Type value displayed on the delivery group management page of
CloudPortal Service Manager is “Desktop and Applications”.
When you have multiple web service server connections in your CloudPortal Services Manger deployment, once a server
connection is tested with errors, you must reconfigure the server connection and make it successful, otherwise the
failed server connection can result in sites, delivery groups, and offerings retrieving errors for other server connections.
Changing the value of HAAD Subscription Group Type propertyis not supported if you want CloudPortal Services
Manger to manage offerings of App Orchestration.
When you create a delivery group with type Desktops and Applications, you must not create any applications that have
the same name as the delivery group.
FAQ
Q: How do I change the group type created on the Domain Controller while provisioning a service to a customer?
A: A new property named HAAD Subscription Group Type is added in Service Settings to determine the types of security
groups that are created while provisioning a service to a customer.
You can set the group type for security groups by performing the following steps:
1. Log on to CloudPortal Services Manager as a service provider admin.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.
3. From the Services Manager menu bar, choose Conf iguration > System Manager > Service Deployment .
4. Expand Hosted Apps and Desktops and click Service Settings.
5. Select the HAAD Subscription Group Type checkbox.
6. Select the appropriate group type for the security groups created while provisioning Hosted Apps and Desktops Service
to customers.
7. Click Apply Changes.
8. Click Save.
NoteThe property of HAAD Subscription Group Type should be set only at the top level or location level by a service provider. The
properties will not work if they are set at the reseller or customer levels.
Once a security group is generated, the group type cannot be changed by changing the value of HAAD Subscription GroupType at the location level and taking a customer service reprovision in CloudPortal Services Manager.
Use the CloudPortal Services Manager Discussion Forum to ask questions and contribute your knowledge about
It’s allowed to manage offerings from XenDesktop, XenApp and App Orchestration simultaneously, which means you can
install Hosted Apps and Desktops web service for multiple Desktop Delivery Controllers (from different Delivery Sites), one
XenApp farm server and one App Orchestration configuration server at the same time if you want to connect to all the
servers by CloudPortal Services Manager.
NoteWhen you upgrade the web service on the web service servers, it is recommended that you uninstall the previous version of
Hosted Apps and Desktops service in advance and then reinstall this new version. This ensures that the Hosted Apps andDesktops Conf iguration Tool is automatically launched and gets CloudPortal Services Manager configured correctly. If you
upgrade the web service without uninstalling the previous version of Hosted Apps and Desktops web service in advance, you
need to manually launch the Hosted Apps and Desktops Conf iguration Tool to complete the configuration. Configuring the
service correctly is necessary for this version to work properly.
For XenDesktop, multiple server connections are supported, but for XenApp or App Orchestration, only one server connection is
supported.
In the new version of Hosted Apps and Desktops Service, creating multiple server connections to a XenDesktop site is not
supported. If you have multiple Delivery Controllers within a XenDesktop site, only one Delivery Controller is required to install the
Hosted Apps and Desktops web service.
To install the Hosted Apps and Desktops Service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS applicationpool, and
define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next .
5. On the Select Web Services page, select one of the following options, depending on the product installed on the
server, and then click Next :
If you are installing the web service on a XenApp server, select Hosted Apps and Desktop Web Service (XenApp).If you are installing the web service on a XenDesktop server, select Hosted Apps and Desktops Web Service(XenDesktop).If you are preparing an App Orchestration configuration server to work with the Hosted Apps and Desktops service
through the control panel, select App Orchestration Conf iguration Tool.6. On the Review Prerequisites page, review the list of software that will be installed to support the component and then
click Next . Setup will install any prerequisites that are not already present.
7. On the Ready to Install page, review your selection and then click Install.8. After the installation f inishes, click Finish.
9. On the Add Services page, select Conf igure Services.
10. On the Conf igure Installed Components page, click Conf igure next to the component you want to configure.
Updated: 2014-08-10Configure the Hosted Apps and Desktops service after you install it .
To import the service package, you must have the Service Schema Administrator security role. To configure the service, you
must have the Service Provider Administrator security role.
If you intend to use the CloudPortal Services Manager API to access the service that is deployed with App Orchestration,
ensure you have created the datacenter you want to use through the App Orchestration web management console
before you configure the service. You can then specify the datacenter when you configure the service at the location level.
This is required because the API cannot use the default datacenter registered in App Orchestration. For more information
about this requirement, see Plan to deploy the Hosted Apps and Desktops service.
To configure the Hosted Apps and Desktops service
1. Import the service package into the control panel:1. From the Services Manager menu bar, click Configuration > System Manager > Service Schema.2. Under Services Management, click Import a service.3. On the Service Import page, click Browse and locate the Hosted Apps and Desktops.package file. Click Open.4. Click Preview. Services Manager displays the contents of the file for your review.5. Click Import at the bottom of the page. Services Manager imports the file and reports Import Complete.
2. On the Services Manager provisioning server, either restart the CortexQueueMonitor service or restart the machine.3. Clear your browser cache before logging into the control panel. 4. In the control panel, enable the service at the top level:
1. From the Services Manager menu bar in the control panel, choose Configuration > System Manager > Service Deployment and thenexpand Hosted Apps and Desktops. Click Save
5. Enable the service at the location level:1. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.2. Click Apply Changes and then click Save.
6. Verify credentials:1. From the Services Manager menu bar, choose Configuration > System Manager > Credentials.2. Create the administrative impersonation account for the Hosted Apps and Desktops service by clicking Add, and then entering a
username, password, and domain (preferably in Fully Qualified Domain Name form).Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services Manager isdeployed in a production environment. Use plain-text credentials only for debugging.
7. Enable the server:1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.2. If the server on which you installed the service is not listed, click Refresh Server List.3. Expand the entry for the server and verify that Server Enabled is selected.
8. Assign server roles:1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles, and then expand the entry for the
server.2. Under Server Connection Components, select Hosted Apps and Desktops, and then click Save.
9. Add a server connection:1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, select a Location Filter if
applicable, click New Connection, and then select or type the following information for the web service.
Server RoleSelect or type Hosted Apps and Desktops.
ServerSelect the server where the web service is installed.
CredentialsSelect or type the credentials for the server.
URL BaseSelect or type /CSMXenAppWS/v1 for XenApp, /CSMXenDesktopWS/v1 for XenDesktop, and /cam/api for the App OrchestrationConfiguration Tool.
ProtocolSelect http for XenApp and XenDesktop, https for App Orchestration.
PortType 8095 for XenApp or XenDesktop, 443 (default) for App Orchestration.
T imeoutDefaults to 200000 milliseconds.
VersionSelect the installed service component: App Orchestration for the App Orchestration Configuration Tool, XenDesktop Direct for theXenDesktop web service, or XenApp Direct for the XenApp web service.
2. Click Save.3. On the Server Connections page, click the icon in the Test column for the server. The icon turns green for a successful connection. A red
icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.10. If you intend to use the CloudPortal Services Manager API to access the service that is deployed with App Orchestration, then now you can
go back and configure the default datacenter.1. From the Services Manager menu bar in the control panel, choose Conf iguration > System Manager > Service Deployment2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.3. Expand Hosted Apps and Desktops, click Service Settings, and then expand App Orchestration.4. Select the App Orchestration Datacenter check box and click Reload to populate the setting's list with the datacenters that are
registered in App Orchestration. From the list, select the datacenter you want to use with the Hosted Apps and Desktops service. 5. Click Apply Changes and then click Save.
You should now configure the rest of the properties associated with this service. The Service Settings properties all have appropriate'default' values, but the Customer and User Plans will need attention.
11. Configure the Customer Plan properties1. Expand Hosted Apps and Desktops again, and click Customer Plans, and expand the App Orchestration Customer Plan.2. Expand the App Orchestration section3. Select the App Orchestration Private Network Name checkbox, and enter a Network pattern if required. Note: this property now
accepts {variable} notation seen in other areas of the CloudPortal Services Manager control panel. A sample value might be{CustomerShortName} - Network.
4. Select the App Orchestration Store Front Isolation check box and select a default isolation mode. NOTE: this value, as well asthe Private Network Name can be altered on a per tenant basis when provisioning the Service to the tenant.
5. Click Apply Changes, and then click Save.12. Configure the User Plan properties:
1. Expand Hosted Apps and Desktops again, and click User Plans, and expand the Default User Plan.2. User the following table as a guide to setting these values.
The Site Management page lists the information related to the XenDesktop sites, App Orchestration configuration server,
and the XenApp farm connected to CloudPortal Services Manager. Service providers can also view customer usage and
offerings usage of the sites from this page.
The following table shows the information that is displayed on the Site Management page.
Property Description
Site NameThe display name of the site. For XenDesktop sites, this is the site name. For XenApp, this is XenApp farm name. For App
Orchestration, this is server name of the App Orchestration configuration server with a suffix “_AO”.
Type The type of each server. It can be: XenApp, XenDesktop and App Orchestration.
ServerName
The name of the HAaD web service server.
ServerVersion
The version of the XenDesktop, XenApp, App Orchestration server.
ConfiguredOfferings
The number of configured offerings within a site. If the value is greater than 0, it is clickable and links to a page that shows
the details of the configured offerings.
Used By
The customer usage of each offering in a site.
If only one customer is provisioned offerings of a site, the value is the customer name. It is clickable and linked to the
customer service page.
If more than one customer is provisioned offerings of a site, the value is a number with a link that represents the total
number of customers being provisioned with offerings of this site. When you click the number, a dialog box appears,
listing all the customers being provisioned with the offerings from this site.
NoteThe term site in this context is a CloudPortal Services Manager term. It can be a XenDesktop site, a XenApp farm, or an App
Orchestration configuration server.
To update the Hosted App and Desktops sites
After the server connections have been created and configured, update the site information on the Site Managementpage by performing the following steps:
1. On the Services Manager menu bar, click Services > Hosted Apps and Desktops > Site Management .
2. Click Discover.3. Make sure all the sites connected by server connection are listed.
Configure Hosted Apps and Desktops delivery groups
Jul 18 , 2016
In the new version of Hosted Apps and Desktops Service, a new page has been added to support delivery group
management and delivery group isolation mode configuration. Delivery groups created in XenDesktop after the new version
of Hosted Apps and Desktops is deployed are displayed and isolation mode is configurable. Clicking Discover provides a
realtime status of delivery groups in your XenDesktop site. From the delivery group management page, service providers can
get customer usage and offerings usage of their delivery groups.
NoteFor XenDesktop legacy delivery group (applications or desktops of the delivery group managed by previous versions of Hosted
Apps and Desktops Service), the delivery group is not visible and configurable on this page, with the exception that the delivery
group and its applications do not start with naming prefixes such as “_Offer”, “_Offer_Shared” or “_Offer_Isolated.”
Delivery groups generated by App Orchestration are not displayed and cannot be managed by CloudPortal Services Manager.
The following table shows the information displayed on the Delivery Group Management page.
Property Description
Conf iguredThis property indicates whether the delivery group is configured. Only after the delivery group isconfigured, offerings belonging to that delivery group are visible and configurable on the OfferingManagement page , and vice versa.
DeliveryGroupName
The name of the delivery group.
Site The name of the XenDesktop site that the delivery group belongs to.
IsolationMode
Indicates the isolation mode of offerings from this delivery group. Two isolation modes can be
configured: Shared and Private.
Shared: The delivery group can be shared by multiple customers, and all offerings from the delivery
group have shared isolation mode;
Private: The delivery group can be used by one customer. All offerings from the delivery group have
private isolation mode and can be assigned to the same customer only.
TypeIndicates the type of the delivery group. It can be either Desktop, Desktop and Applications,Applications, or N/A.
Conf iguredOfferings
The number of configured offerings of a delivery group. If the value is greater than 0, it is clickable andlinks to a page that shows the details of the configured offerings.
NoteA customer name must be selected for private offerings before configuration, otherwise the offering can not be configured.
For private offerings, to assign a customer to the offering, the customer must be provisioned with Hosted Apps and Desktops
Service in advance.
Configure offerings of App Orchestration, XenApp, and XenDesktop managed by earlier versions of HostedApps and Desktops Service
App Orchestration, XenApp, and legacy XenDesktop are configure the same way as earlier versions of Hosted Apps and
Desktops Service. For more information, see To configure Citrix application and desktop offerings.
To configure non-Citrix application or resource offerings
To configure non-Citrix application or resource offerings, perform the following steps:1. From the Services Manager menu bar, click Services > Hosted Apps and Desktops > Offering Management.
2. Select the tab for the offering type: Non-Citrix Apps or Resources. Use the Search offerings and Filter by f ields to tailor
the display of available offerings.
3. To add an offering, click New.
4. Under New offering, you can:
Provide directory name guidance: allow Services Manager to generate a directory name (default), specify a custom
directory name, or specify an existing directory.
Specify a display name (to replace 'New offering'), description, price, cost, and code (for integration with third party
billing systems).
Indicate if this offering will be allocated as a default - When this option is enabled, the offering appears in the list of
available applications and is selected by default for provisioning to a new user, customer, or reseller.
Marked as private - When this option is enabled, the offering can be assigned to a single customer; it does not appear
in the list of available applications unless the customer is the owner. If the offering is already in use, this option is not
available.
5. Click Save.
To edit an offering, select it and then click Edit. You can edit all the configured items except the directory. If you select
more than one offering, you cannot configure the display name or description.
To remove an offering, select it and then click Delete. When prompted, confirm the deletion.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click Hosted Apps and Desktops. The Service Plan Configuration page appears.
4. Select the appropriate customer plan.
5. Click Edit, in order to override the Customer Plan settings. This displays the following settings for App Orchestration only:
1. The tenant's Storefront Insolation Level. Choose between shared, private or a private server group.
2. The tenant's private network name: a management network to which a customer's privately-allocated machines are
connected. If a network is not specif ied, the configured shared management network is used.
6. Select the applications, desktops, and resources that the customer can offer. To specify a default application, select the
offering, click Edit, enable Allocate as default application and then click Save.
7. Click Advanced Settings to:
Select a user plan.
Specify the maximum number of users that the customer can provision with this service.
Enable or disable billing.
Specify service message information. Click Service Settings. If you change settings, click Apply changes.
If you have the Service Schema Administrator role, you can also specify display name and Active Directory information.
You can specify the datacenter address if you are using App Orchestration.
8. Click Provision.
For App Orchestration, the Provisioning process performs the following actions:Creates the customer as a tenant
Creates offering subscriptions for the tenant. When you enable an offering for the customer, Services Manager creates
an Active Directory user group and associates the group with the offering subscription.
Creates a StoreFront site for the tenant at the selected isolation level.
NoteOfferings of App Orchestration, XenApp, and of XenDesktop managed by earlier versions of Hosted Apps and Desktops Service
can be subscribed and unsubscribed to customers. The behavior is the same as in earlier versions of Hosted Apps and Desktops
Service.
The differences in provisioning compared with earlier versions are as follows:
If the offering is picked up after the new version of Hosted Apps and Desktops has been deployed, CloudPortal Services
Manager creates an Active Directory security group and associates the group with the desktop or application on the
Desktop Delivery Controller.
If the offering is a legacy private offering, when you enable an offering for a customer, an extra delivery group with the
related applications is duplicated for the private offering on the Desktop Delivery Controller, and CloudPortal Services
Manager creates an Active Directory security group and associates the group with the duplicated delivery group.
To provision the Hosted Apps and Desktops service to users
You can add selected offerings to a single user or multiple users. You can also remove selected offerings from a single useror multiple users when provisioning the Hosted Apps and Desktops Service to users.1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.
2. Select Services. The User Services page appears.
When upgrading to a new version of the Hosted Apps and Desktops Service, there could be more than one component to
upgrade, depending on the architecture and approach being used. In all upgrade scenarios, administrators will need to
import the new Hosted Apps and Desktops Service Package.
When using the Hosted Apps and Desktops Service with App Orchestration, the web service is not using during service
operations or provisioning, and does not need to be updated. When using the Hosted Apps and Desktops service directly
with XenDesktop, it is required to update the web service residing on the XenApp or XenDesktop delivery controller.
Re-install the Hosted Apps and Desktops Web Service
To upgrade the web service, it is required to re-install the Hosted Apps and Desktops web service in the backend servers.
During the process of upgrading the web service, the Hosted Apps and Desktops service will fetch all the delivery groups
from Desktop Delivery Controller (for XenDesktop backends), and specify the delivery groups previously managed by
CloudPortal Services Manager as legacy delivery groups. The delivery groups that were notmanaged by CloudPortal Services
Manager are imported as as newly created delivery groups.
1. On the server where the web service is installed, log on as administrator.
2. Navigate to the unzipped folder and double-click the Setup f ile.
3. On the Select Web Services page, select the specif ied service (XenApp Web Service, XenDesktop Web Service, App
Orchestration Configuration Tool) that you want to install.
4. On the Review Prerequisites Page review the information and click Next .
5. On the Ready to install page, click Install to install the service, and then click Next .
6. On the Conf igure Installed Components page, click Conf igure to configure the hosted apps and desktops Web
Service.
7. On the Conf igure IIS page, configure the web service account; keep the original credentials and the service port during
the configuration. If you changed the credentials and the service port, be sure to configure the Server Connections
again on CPSM web console
8. Click Next , and then click Finish.
NoteIt is recommended to uninstall the previous version of the web service before re-installing the new version of the web service.
When upgrading the web service directly from the previous version, make sure to run the Hosted Apps and Desktops WebService Conf iguration Tool to configure the web service.
Import the service package into the control panel
After the packge has been updated. It is required to restart the CitrixQueueMonitor service, and then configure the site,
delivery group and offering before using them:
1. Download the latest Hosted Apps and Desktops service package and unzip it to a local folder.
2. Import the service package into the control panel:
What's new in version 11.5.8 (Cumulative Update 4)
The Exchange service is now officially supported on Windows Server 2016.
What's new in version 11.5.6
Exchange 2016: This release has added support for Exchange 2016, and simplif ies the migration of Exchange objects
from Exchange 2013 to Exchange 2016.
Performance optimization:� Performance improvements related to the handling and use of the Powershell Remoting
URL. Instantiating new (remote) sessions is costly to performance, so new ways to manage remote sessions has been
developed to improve the overall performance of User and Customer Service provisioning.
Bug f ixes: All Exchange related bug f ixes since version 11.5 have been included in this release. This includes bug f ixes
not yet release since Cumulative Update 3 for v11.5
Deployment
Depending on the installation media that you have available, there may be a couple of ways to install the Hosted Exchangecomponents. Main Release Install Media:If the media you have is the complete CloudPortal Services Manager installation media, then you should apply the followingsteps to complete the installation of the Exchange Web Service:
Install the Hosted Exchange web service
Specif ic Service Release Only:If the media you have only includes binaries specif ic to the Hosted Exchange Service. i.e. The service was released on itsown, outside of a main product release of CloudPortal Services Manager. Then you shouold apply the following the stepsto complete the installation or upgrade of the Exchange components
Install or upgrade to the latest version of the Hosted Exchange Web Service
Conf iguration:Regardless of the install media, the configuration of the Web Service Components is the same. Apply the step in thefollowing topic to complete this configuration:
To configure the Hosted Exchange service (Applies to all new Web Service components)
Provision the Hosted Exchange service to resellers and customers
For information about requirements for deploying the Hosted Exchange service, refer to Plan to deploy the Hosted
Exchange service.
Management
Use the following topics to configure mail archiving, PST Import/Export, and Unif ied Messaging for Hosted Exchange users:Configure personal archives for Exchange 2010
Updated: 2014-08-14The Hosted Exchange web service is installed on a server in your environment that hosts the Exchange Management Console. You can install the Exchange web service using either the graphical
interface of the CloudPortal Services Manager installer or through the command line.
To install the Exchange web service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, define the Exchange deployment environment, and add multi-tenancy
permissions to Active Directory. After installation, you can enable the service and continue configuration through the control panel.
This task assumes the CloudPortal Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Exchange Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service. Click Next.
7. On the Ready to Install page, click Install. The Deploying Server Roles page displays the installation progress.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the Exchange Web Service item. The Configuration Tool attempts to contact the Encryption Service to retrieve the encrypted key. If the
service cannot be contacted, the Configuration Tool prompts you to import the encrypted key using a key f ile. To generate the key f ile, see Generate and export keyfiles for the Encryption
Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was specif ied when the key f ile was generated. Click Next.
12. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the Exchange web service account. The default user name is csm_exchange_svc. This f ield is unavailable when you elect to auto-generate credentials.
Password: Enter a password for the Exchange web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the Exchange web service. The default port is 8095.
13. On the Exchange Deployment Details page, enter the following information and then click Next:
Exchange version: Select the version of Exchange that is deployed in your environment.
Mixed-mode deployment: Select this check box if your Exchange deployment includes servers running different versions of Exchange. For example, your deployment includes Exchange 2010
servers as well as Exchange 2007 servers.
Preferred domain controller: Leave this blank. CloudPortal Services Manager will f ind an available domain controller to use for each provisioning request automatically.
14. On the Configure Exchange for Multi-Tenancy page, select Apply multi-tenancy permissions to ensure customers will be isolated appropriately when the Exchange service is provisioned to them.
Click Next.
15. On the Create Scheduled Tasks page, select Create sync scheduled tasks to synchronize Exchange data with CloudPortal Services Manager. This option is selected by default; however, you only
need to create these tasks on one Exchange server in your deployment. If these tasks have been created already, clear this option.
16. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the summary contains the settings you want,
click Next. The Configuration Tool configures the Exchange web service, imports the Encryption Service key, and displays progress.
17. Click Finish and then click Exit to close the Configuration Tool.
To install the Exchange web service from the command line
Before installing the Exchange web service, ensure the following pre-requisites are met:The server on which you are installing the web service has the Exchange Management Console installed.
The Exchange servers are running supported versions of Microsoft Exchange.
You have installed .NET Framework 4, located in the Support folder of the CloudPortal Services Manager installation media, on the server hosting the Exchange web service.
You have created the Exchange web service account in Active Directory.
The Exchange server allows inbound connections from the web server on the appropriate port. The default port is 8095.
1. On the Exchange server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the CloudPortal Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:Exchange. The Setup Tool installs the web service and returns the command prompt.
4. At the command prompt, enter install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe and specify the following properties:
Property Description
/UserName:username Impersonation account for the Exchange service. This parameter is optional if you are using /GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort=port Inbound port to be used and added to the CortexServices web site. Default = 8095
/ExchangeOrganization:org-
name
Optional. The name of the Exchange organization.
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
Optional. Generate password for the service account.
/HasLegacyServers:True |
False
Optional. Whether or not the environment contains servers running multiple versions of Exchange. For example, servers running Exchange 2010 in the same
environment as Exchange 2007 servers. Default = False
Optional. The version of Exchange to use with CloudPortal Services Manager. Supported versions: 2007, 2010, or 2013.
NOTE: If installing the Web Service for Exchange 2016, then choose 2013, then change the version within the web.config file after the install is complete
Property Description
Install-location denotes the web service installation directory on the local computer. The default directory is C:\Program Files (x86)\Citrix\Cortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample installation command string
The following command performs the initial configuration of the web service.install-location\Services\ExchangeWS\Configuration\ExchangeConfigConsole.exe /UserName:exch_svc_acct /ExchangePassword:password /ServicePort:8095 /TargetVersion:2013When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Hosted Exchange service.
Install or Upgrade the Hosted Exchange web servicefrom a Service Only Release
Oct 05, 2016
Updated: 2014-08-14When all you have in the way of install media is simply the Hosted Exchange Service, then the installation or upgrade
instructions for this is different to the normal install instructions as the CloudPortal Services Manager installer is not
present.
To install or update the Exchange web service
The installation of the Hosted Exchange Web Service will be performed on a domain joined server that has the Exchange
Management tools installed. These tools should be the same version as the highest version of Exchange that you are
offering in this environment.
1. On the sected server, logon as a Domain Administrator
2. Launch the Setup.exe from the Hosted Exchange installation folders
3. Check Exchange Web Service, click Next, follow the steps to f inish the installation
4. Click the Configure link to configure the service
5. Specify Service Account, keep the Service port by default
6. Specify Exchange version, choose the appropriate version that matches the version of the Exchange Management Tools
installed on this server
7. Click Next to f inish the configuration
To import the Hosted Exchange Service definition (.package file)
The install media will have a "Hosted Exchange.package" f ile within the Hosted Exchange folder. This should be importedto update the Service Schema with the latest web pages, provisioning rules, permissions, reports, etc.1. Follow the instructions according to the "To Import as Service Package" section in the following topic:
Export and Import Service Packages
2. Restart the "Citrix Queue Monitor Service" on the Provisioning Server to ensure the latest rules are loaded
Configure the Service
Follow the instructions "To configure the Hosted Exchange Service" to complete the configuring of the Web Service and to
include any new Exchange Mailstores or Servers to be used when provisioning Exchange to Customers or Users
Updated: 2013-04-03Personal archives are a feature made available from Exchange 2010 and beyond that allow users to store older messages in
a server-side mailbox instead of in a .pst file that is stored locally. Users can access their personal archive mailbox through
their Outlook Client or the Outlook Web App.
Enabling personal archives includes the following tasks:Enable support in CloudPortal Services Manager. Because support for personal archives is not enabled by default, you
must enable it for each applicable Hosted Exchange user plan you intend to provision. If support is not enabled, personal
archives are not available to the user when the Hosted Exchange service is provisioned.
Enable personal archives for each user in Exchange. If personal archives are not enabled in Exchange for the user when
the Hosted Exchange service is provisioned, CloudPortal Services Manager enables the feature automatically. If no
mailbox database is specif ied when the user plan is configured, Services Manager selects the appropriate mailbox
database automatically when the user is provisioned.
To configure mail archiving for Exchange 2007, refer to the topic To configure the Mail Archiving service.
To enable support for personal archives
1. From the CloudPortal Services Manager menu bar, click Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable
3. Expand Hosted Exchange and then click User Plans.
4. Select an existing user plan for which you want enable support for personal archives.
5. Expand the Mail Archiving Exchange 2010 / 2013 category and select the Enabled checkbox.
6. In Mailbox Database, select the mailbox database that CloudPortal Services Manager will use for personal archives. If no
database is selected, one will be automatically chosen when the user is provisioned.
Updated: 2014-02-04Configure PST file import and export to enable CloudPortal Services Manager to import and export Exchange personal
store mailboxes using a network share or an FTP server.
To store the PST f iles, use one of the following methods:Create a shared folder called "WebHosting" on a f ile server in your environment. Security for the shared folder is
described in Steps 2b-2d of To configure the FTP server for PST import and export.
Set up an FTP server to enable customers to upload PST f iles without service provider assistance. Access to a customer's
folder on the FTP server is limited to the customer's users who have the Hosted Exchange Service Administrator security
role.
If you choose to set up an FTP server, install the following items:FTP Server role service components
Exchange Management Tools
Microsoft Outlook
.NET Framework 4
To configure the FTP server for PST import and export
1. In Active Directory, perform the following actions:
1. Create a new user account called servername_pst in the CortexSystem OU.
2. Grant Full Control permissions of the servername_pst account to the Customers OU.
3. Add the servername_pst account to the CortexAdmins group.
2. For the FTP server, perform the following actions:
1. On the FTP server, create a new folder for use by CloudPortal Services Manager. The default path is C:\CortexFTP.
2. Share the folder as Webhosting and grant Full Control of the share to Everyone.
3. In the folder properties, on the Security tab, verify that inheritance is disabled and, when prompted, click Add to copy
the current permissions to the folder.
4. Add the domain security group ServiceAdmins HE to the ACL of the folder and grant List Folder Contents permissions.
5. Add the servername_pst account to the ACL of the folder and grant it Full Control.
3. Add and configure the FTP site in IIS:
1. On the FTP server, open the IIS Management Console and then navigate to the Sites container.
2. Right-click the Sites container, choose Add FTP Site, and configure it.
FTP site name: A name such as "CloudPortal Services Manager PST FTP Site"
Physical path: The path configured in step 2a above
Binding IP Address: An IP address and port or All Unassigned
SSL: Allow SSL
Authentication: Basic
Authorization: Allow access to: Specif ied roles or user groups
Authorization (credentials):domainServiceAdmins HE
Authorization: Permissions: Read and Write
3. Select the FTP site node in the console's left pane and, in the Features view, perform the following actions:
1. Double-click FTP User Isolation and choose FTP home directory configured in Active Directory.
2. Click Set to specify the credentials in DomainUsername format for the new AD user account set up in Step 1a.
4. Select the FTP site node in the console's left pane and, in the Features view, perform the following actions:
1. Double-click FTP Authentication.
2. Disable Anonymous Authentication and enable Basic Authentication.
3. With Basic Authentication selected, click Edit and set the Default domain to the fully-qualif ied domain name.
4. Restart the FTP site.
5. Restart the Microsoft FTP Service.
To configure PST file import and export in CloudPortal Services Manager
Important: For Exchange 2007, use all steps in this procedure to configure PST f ile import and export through theCloudPortal Services Manager control panel. For Exchange 2010 and above, use only Steps 3 and 4 in this procedure.1. Assign server roles:
1. From the CloudPortal Services Manager menu bar, choose Configuration > System Manager > Server Roles and then
expand the server to be used for PST import and export. If the server is not listed, go to Configuration > System
Manager > Servers and refresh the list.
2. Under Server Connection Components select Hosted Exchange.
2. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and select a
Location Filter if applicable.
2. Click New Connection and then specify the following information for the Exchange web service:
Server Role
Choose Hosted Exchange.
Server
Choose the server where the Exchange web service is installed.
Credentials
Choose the impersonation account for the Exchange service.
URL Base
Defaults to /ExchangeWS/HostedExchange.asmx.
Protocol
Select http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Updated: 2013-02-05When the Hosted Exchange service is provisioned to customers, users can view their company's Global Address Lists, sendemail to contacts in the list from Microsoft Outlook, add and modify contacts, and assign contacts to distribution groups.Full Customer Service Administrators can add, modify, and delete contacts as well as prevent contacts from displaying in the
Global Address List.
To add new contacts
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Contacts.
2. Under Contact Management, click New Contact. A blank Contact Details form appears.
3. Enter the details of the contact. Fields marked with an asterisk (*) are required.
4. Click Save.
To prevent contacts from appearing in the Global Address List
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Contacts.
2. Select the contact you want to hide.
3. On the Contact Details form, select the Hide From Address List checkbox.
Updated: 2013-02-05Exchange distribution groups are collections of users, contacts, and other distribution groups that are represented with asingle email address in the Global Address List. When a user sends an email to the group email address, all members of thegroup receive the email.When the Hosted Exchange service is provisioned to customers, users can view distribution groups through the Global
Address List using Outlook, as well as create and manage distribution groups.
Users who create distribution groups are known as owners. Additionally, group ownership can be assigned to a group of
Exchange users or a security group. Group owners can add and remove members through Outlook.
Full Customer Service Administrators can create and delete groups, manage group members, and configure group email alias
permissions and member email restrictions.
To create distribution groups
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Under Group Management, type a name for the group you want to create and ensure the Distribution option is
selected.
3. Click New Group. The distribution group is created and the group properties screen appears.
4. Click Save.
To add members to a distribution group
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to add members.
3. Click the Members tab.
4. In Member Search, type the name of the contact you want to add and click Find.
5. Select the contact's checkbox and click Add.
6. Click Save.
To create an email alias for a distribution group
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group for which you want to create an email alias.
3. Click the Email tab.
4. In the Group Email Addresses table, click Add. A blank alias table entry appears.
5. Under Name, type the email alias you want users to specify when sending emails to the group.
6. Click Update to save your entries.
7. Click Save.
To restrict incoming email to distribution groups
To prevent external "spam" emails from flooding the group, you can configure distribution groups to accept email only from
users within the customer's organization.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to restrict email.
Mail disclaimers are legal notices or warnings that are automatically attached to all outgoing email. The Exchange ServiceAdministrator can create, modify, and remove the company's mail disclaimer.1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Configuration > Mail Disclaimer.
2. Type a name for the mail disclaimer and then type the body of the message.
3. Choose whether to append or prepend the disclaimer to outgoing email messages.
4. Choose whether email to which the disclaimer cannot be directly attached is ignored, rejected, or wrapped in an
Exchange envelope before sending.
5. Choose whether the disclaimer is attached to email sent to external contacts only.
To create mailboxes for managing meeting resources
Oct 05, 2016
Resources consist of spaces or equipment that are used for holding meetings and need to be reserved when a meeting isorganized. Exchange provides mailboxes for these resources so that users can include them in meeting requests madethrough Outlook.Exchange Service Administrators can create, modify, and remove resources from the customer's organizational unit.
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Resource Mailboxes.
2. Under Resource Management, click New resource mailbox.
3. Type a name for the resource and select whether it is a meeting room or equipment (e.g., projector, f lip chart, etc.).
Note: Resource types cannot be amended after the resource mailbox has been provisioned. To change the resource
Updated: 2013-02-05Importing and exporting mailboxes are important tasks for managing the Hosted Exchange service. Exporting mailboxesfacilitates disaster recovery and compliance efforts. Importing mailboxes helps with migrating users from old versions ofExchange and enabling users to add off line mail archives to their Exchange mailbox.
To export a mailbox
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.
2. Click Export Mailboxes. A table of available mailbox f iles appears.
3. Select the Export checkbox for each user's mailbox you want to export.
4. Click Export Mailboxes. The export process begins. To view the status of the export, click Refresh Status.
The exporting process creates .PST files and places them on the customer's FTP server, in a folder called MailboxExport. To
view these files, log on to the FTP server using the information that appears under FTP Login Details on the Mailbox Import
and Export Overview screen and navigate to the MailboxExport folder. Depending on the customer's configuration, mailbox
files might appear as zipped archives.
To import a mailbox
1. From the CloudPortal Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.
2. Click Import Mailboxes. A table of users that are provisioned with an Exchange mailbox appears.
3. Click Edit for the user whose mailbox you want to update with the imported mailbox f ile.
4. Select the mailbox f ile you want to import and then click Update.
5. Click Import Mailboxes. The import process begins. To view the status of the import, click Refresh Status.
Migrate Exchange Customers and Users to nexthighest version
Oct 05, 2016
Updated: 2013-02-05After installing a new version of Exchange, moving your customers onto the latest version is made simple with CloudPortalServices Manager. From a CloudPortal Services Manager point of view, the process involves the following steps:
Configure Service Settings
Configure new User Plans
Enable new User Plans at Reseller Level
Re-Provision Customer Services
Move Users to new User Plans
Configure Service Settings
1. From the CloudPortal Services Manager menu bar, select Conf iguration > System Manager > Service Deployment2. Under Service Filter, select Active Directory Location Services and choose a Location Filter if applicable.
3. Expand Hosted Exchange.
4. Click Service Settings.
5. Configure the following settings to include details of the new Servers and mailstores that you wish to include when
provisioning Customers and Users with the Hosted Exchange Service
Section Setting Description
Default Preferred Mail StoresRealistically, this should not be set, but if it is, then make sure that the appropriate
stores are selected
DefaultResource MB Mail
DatabasesAdd Mail Databases for the new version
Offline Address Book
(OAB)Public Folder Servers
Select the new server(s) appropriate for Public Folders. Not applicable for Exchange
2013 and above.
Offline Address Book
(OAB)Virtual Directory Select all appropriate Virtual Directories
Public Folders Public Folder Server Select all appropriate Public Folder servers
6. Click Apply Changes 7. Click Save
Configure new User Plans
The tendency might be to reconfigure your current user plans to remove the older Mailstores and add in the new ones.
Citrix advises against this method to move users mailboxes to new mailstores as it becomes almost impossible to control
the mailbox moves. If a customer administrator was to reprovision one of their user services, and the user plan the user was
on was the one which has been changed, then the mailbox might be moved unexpectedly.
To control the mailbox moves on a customer by customer basis, then it is best to keep all old user plans configured as they
are, and create new user plans for the users to be moved to.
Consider the following example:
The following User Plans are in use:
Bronze (2Gb) Exchange 2013
Silver (5Gb) Exchange 2013
Gold (10Gb) Exchange 2013
The idea would be to create the following NEW User Plans:Bronze (2Gb) Exchange 2016
Silver (5Gb) Exchange 2016
Gold (10Gb) Exchange 2016
Then you can use the Package Migration Wizard to move users from the old plans to the new ones.Firstly, follow these steps to create new User Plans:1. From the CloudPortal Services Manager menu bar, select Conf iguration > System Manager > Service Deployment2. Expand Hosted Exchange.
3. Click User Plans.
4. Create new User Plans
1. Type the name for a new User Plan, and click Create2. Enter all relevant settings to match one of the old User Plans.
3. Click Apply Changes5. Repeat step 4 for all User Plans
6. Click Save7. Under Service Filter, select the Active Directory Location Services radio button, and choose the appropriate Location
Filter if applicable
8. Expand Hosted Exchange9. Click User Plans
10. Update new User Plans
1. Enable the Checkbox beside the new User Plan
2. Select the new User Plan
3. Update all settings that are Location Specif ic, like ActiveSync Policy, Mailbox Storage Limit , Mail Databases and
Enabled Protocols, etc.
4. For Mail Databases, select the new version tab, and select the appropriate Mail Databases. Make sure the old
version has no databases selected
5. Click Apply Changes.
11. Repeat step 10 for all User Plans.
12. Click Save.
Enable the new User Plans at Reseller Level
New User Plans are not enabled throughout the Reseller / Customer Hierarchy automatically, so need to be enabled
Updated: 2014-11-20Deploying Lync 2010 services involves the following tasks:
Install the web service for Lync Enterprise or Lync 2010 for Hosting
To configure the Lync Enterprise 2010 service
To configure the Lync 2010 for Hosting service
Provision the Lync Enterprise 2010 service
Provision the Lync 2010 for Hosting service
The Lync Enterprise and Lync 2010 for Hosting web services are installed on the Lync Front-End servers in your environment that you want to make available for
provisioning unified communication services to customers. You can install the Lync web services using the graphical interface of the Services Manager installer or
through the command line. After the installation process finishes, you can enable the service and continue configuration through the control panel.
For more information about requirements for deploying the Lync Enterprise 2010 and Lync Hosted 2010 services, refer to Plan to deploy Lync Enterprise and Lync
Hosted services.
To install the Lync Enterprise web service using the graphical interface
The Services Manager installer enables you to install the Lync Enterprise web service. The installation process includes preliminary configuration to create the web
service account and IIS application pool, and define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Lync Web Service or Lync Hosted Web Service, and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then click Next.
7. On the Ready to Install page, review your selection and then click Install.
8. After the installation f inishes, click Finish.
9. On the Installed Services page, click Configure next to the Lync web service list item.
10. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the Lync web service account. The default user name is csm_lync_svc. This f ield is unavailable when you elect to auto-
generate credentials.
Password: Enter a password for the Lync web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the Lync web service. The default port is 8095.
11. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the
summary contains the settings you want, click Next. The Configuration Tool configures the Lync web service and displays progress.
12. Click Finish and then click Exit to close the Configuration Tool.
To install the Lync Enterprise or Lync 2010 for Hosting web services from the command line
Before installing the Lync web services, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the Lync Front-End server.
You have created the Lync web service account in Active Directory.
The Lync Front-End server allows inbound connections from the Services Manager Web server on the appropriate port. By default, this port is 8095.
When you install the Lync web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the Lync Front-End server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter one of the following commands:
CortexSetupConsole.exe /Install:LyncEnterprise
CortexSetupConsole.exe /Install:LyncHosted
The Setup Tool installs the web service and returns the command prompt.
4. At the command prompt, enter install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe and specify the following properties:
/UserName:username User name for the Lync service account. This parameter is optional if you are using /GenerateCredentials.
/Password:password Password for the Lync service account. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True | False Optional. Create the service account in Active Directory.
/GenerateCredentials:True | False Optional. Generate a password for the service account.
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe /UserName:lync_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Lync Enterprise 2010
service or To configure the Lync 2010 for Hosting service.
Install the Lync Enterprise 2013 and Lync Hosted 2013 web services
Jun 05, 2015
Updated: 2014-08-29Before you install the Lync 2013 web services, ensure you have a working deployment of Lync Server 2013 Enterprise Edition or Lync Server 2013 Multitenant
Hosting Pack with a published topology.
Install the Lync Enterprise 2013 or Lync Hosted 2013 web services on the Lync Front-End servers in your environment.
You can install the Lync 2013 web services using the graphical interface of the Services Manager Setup Tool or through the command line. The Setup Tool installs
the web service, any prerequisites needed, and the Configuration Tool. After installing the web service, you launch the Configuration Tool to perform the
preliminary configuration. You then continue the configuration through the control panel.
To install the Lync 2013 web services through the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, and define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Lync Enterprise 2013 Web Service or Lync Hosted 2013 Web Service. Click Next.
6. On the Review Prerequisites page, review the required items the Setup Tool will install. Click Next.
7. On the Ready to Install page, review your selections and then click Install. The Setup Tool installs the required f iles and displays the installation progress.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the Lync web service you installed.
11. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the Lync web service account. For a list of the default user names for the service accounts for all Lync versions, see Plan to
deploy Lync Enterprise and Lync Hosted services. This f ield is unavailable when you elect to auto-generate credentials.
Password: Enter a password for the Lync web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the Lync web service. The default port is 8095.
12. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When the
summary contains the settings you want, click Next. The Configuration Tool configures the Lync web service and displays progress.
13. Click Finish and then click Exit to close the Configuration Tool.
After you install the web service, continue the configuration using the Services Manager control panel. For more information, see To configure the Lync Enterprise
2013 service or To configure the Lync Hosted 2013 service.
To install the Lync 2013 web services through the command line
Before installing the Lync web services, ensure the following pre-requisites are met:You have installed .NET Framework 4, located in the Support folder of the Services Manager installation media, on the Lync Front-End server.
The Lync Front-End server allows inbound connections from the Services Manager web server on the appropriate port. By default, this port is 8095.
When you install the Lync web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the Lync Front-End server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter one of the following commands:
/Password:password Password for the Lync service account. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
/GenerateCredentials:True
| False
Optional. Generate a password for the service account.
/SqlServer:server-address The SQL database server that hosts the Services Manager system databases.
/UseSqlAuthentication:True
| False
Whether or not to use SQL authentication to access the SQL Server. Default = Integrated authentication which
authenticates as the user running the configuration
/SqlUserName:user-name If /UseSqlAuthentication:True, the username of the SQL logon to use.
/SqlPassword:password If /UseSqlAuthentication:True, the password of the SQL logon to use.
Property Description
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesLyncWSConfigurationLyncServiceConfigConsole.exe /UserName:lync_svc_acct /Password:password /ServicePort:8095When the installation process is finished, log on to the control panel and configure the web service. For instructions, see To configure the Lync Enterprise 2013
service or To configure the Lync Hosted 2013 service.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program
Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesMySQLWSConfigurationMySQLConfigConsole.exe /ServicePort:8095This web service does not require any additional properties to be passed for installation.
After installation is finished, you can configure the MySQL service. For instructions, see To configure the MySQL service.
To limit user search results, use the Address Book Service Configuration Tool (ABSConfig.exe) to partition the address book
by OU. That tool is in the Microsoft Office Communications Server 2007 R2 Resource Kit, available from the Microsoft
download site.
Note: Partitioning the address book by OU does not impact a user's ability to send an instant message to other customers'users.
To update OCSSettingsLocation values in Provisioning web.config files
By default, the CloudPortal Services Manager Provisioning Engine Web Services and Directory Web Services are installed
with the OCSSettingsLocation set to System (for example, CN=System,DC=Machine1,DC=test,DC=com).
Microsoft Office Communications Server 2007 R2 allows the service provider to install the OCS directory at either
Configuration (for example, CN=configuration,DC=server,DC=local) or System. If the OCS directory is installed at
Configuration, the OCSSettingsLocation value in the web.config files for the Provisioning server and Directory Web Service
must be updated. If the container settings for OCS and the web services do not match, Service Manager displays errors
such as the following during user plan updates or user provisioning:
Server was unable to process request. ---> Failed to load the LCS/OCS policies from path'LDAP://CN=Policies,CN=RTC Service,CN=Microsoft,CN=System,DC=Machine1,DC=local' . Error: There isno such object on the server.
This procedure describes how to change the configuration files for the Provisioning server and Directory Web Service.
1. Log on to the Provisioning server and stop the Citrix Queue Monitor service.
2. On the Provisioning server, open the appSettings.config f ile. This f ile is typically located in: C:Program Files
(x86)CitrixCortexProvisioning Engine.
3. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.
4. Restart the Citrix Queue Monitor service.
5. On the server hosting the Directory Web Service, open the web.config f ile. This f ile is typically located in: C:Program Files
(x86)CitrixCortexServicesDirectory.
6. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.
7. Repeat steps 1-6 for each Provisioning server and Directory Web Service in your Services Manager deployment.
Updated: 2014-08-13With the ShareFile service, you can manage customers' ShareFile accounts through the Services Manager control panel.
Features of the ShareFile service
With the ShareFile service, you can perform the following tasks from within the Services Manager control panel:Onboard customers using their existing ShareFile Enterprise account
Provision and deprovision Employee user accounts directly to ShareFile
Create, modify, and delete folders
Configure folder permissions
Grant users access to specif ic folders, either individually or using groups
Configure users' permissions for specif ic folders
Create, modify, and delete distribution groups
Maintain accurate billing data by synchronizing Services Manager customers and users with ShareFile
How do I deploy the ShareFile service?
Before you deploy the ShareFile service, review the deployment requirements in Plan to deploy the ShareFile service.
Use the following topics to configure and provision the service:1. Configure the ShareFile service
2. Provision the ShareFile service
3. To synchronize ShareFile users with Services Manager
After deploying the ShareFile service, use the following topics to manage folders and maintain and view billing information:Manage ShareFile folders and folder access
Updated: 2014-01-29The ShareFile service includes the following billing reports:
ShareFile Customer: Displays details for all customers provisioned with the ShareFile service.
ShareFile Plan: Displays ShareFile customers and users grouped by plan at the reseller level.
ShareFile Reseller: Displays ShareFile customers and users at the reseller level.
To view these reports, click Reports > View Reports, and then expand ShareFile.
Important: To maintain accurate billing data for customers, ensure the cost and sales price values you configure for theShareFile service are updated in the event of updates to ShareFile's service pricing. Because of limitations in the ShareFileReseller API, Services Manager cannot read summary billing data directly from ShareFile.com. Therefore, you must manuallyverify with ShareFile that the cost and sale price values you have configured in Services Manager remain accurate.
Updated: 2014-08-15The SharePoint 2010 web service is installed on a SharePoint 2010 server in your environment. You can install the SharePoint web service using either the graphical interface of
the Services Manager installer or through the command line. After the installation process finishes, you can enable the service and continue configuration through the control
panel.
To install the SharePoint web service using the graphical interface
The installation process creates the IIS web service, updates the web application settings, and enables PowerShell remoting.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select SharePoint 2010 Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then click Next.
7. On the Ready to Install page, review your selection and then click Install.
8. After the installation f inishes, click Finish.
9. On the Add Services page, select Configure Services.
10. On the Installed Services page, click Configure next to the SharePoint 2010 Web Service item.
11. On the Configure Service Details page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the SharePoint 2010 web service account. The default user name is csm_sharepoint_svc. This f ield is unavailable when you elect to
auto-generate credentials.
Password: Enter a password for the SharePoint 2010 web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active Directory.
Service port: Enter the port used by the SharePoint web service. The default port is 8095.
12. On the Specify Remoting Credentials page, enter the Username and Password of an account with PowerShell remoting permissions and then click Next. The default
account username is csm_sharepoint_rem.
13. On the Summary page, click Next. The Configuration Tool configures the SharePoint 2010 web service and displays progress.
14. Click Finish and then click Exit to close the Configuration Tool.
To install the SharePoint web service from the command line
1. On the SharePoint 2010 server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:SharePoint2010. The Setup Tool installs the web service and returns the command prompt.
4. At the command prompt, enter install-locationServicesSharePoint2010WSConfigurationSharePointConfigConsole.exe and specify the following properties:
Property Description
/UserName:username The application pool ID. Usually, this is SharePoint Admin User. This parameter is optional if you are using /GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True | False Optional. Create the service account in Active Directory.
/GenerateCredentials:True | False Optional. Generate the password for the service account.
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesSharePoint2010WSConfigurationSharePointConfigConsole.exe /UserName:shpt_svc_acct /Password:password /ServicePort:8095 When the installation process is finished, log on to the control panel and configure the web service. For instructions, see Configure the SharePoint 2010 service.
this proxy group. This step can take several minutes to complete.
5. Under Site Subscription, complete the settings, and then click Create. The site subscription tenant service starts. This
step can take several minutes to complete.
3. To import web templates from a farm: From the SharePoint 2010 Farm Configuration page, click Retrieve Web
Templates. After web templates are stored in the Services Manager database, they can be assigned to a SharePoint site
during customer provisioning.
To add and configure SharePoint feature packs
A SharePoint feature pack is a collection of SharePoint features. The Services Manager displays the feature packs
configured on a SharePoint farm and enables you to create new feature packs from a list of the features installed on the
SharePoint server.
1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Feature Packs, choose a Location and Farm,
and then click Retrieve Feature Packs.
2. To add a feature pack, click New Feature Pack, enter a user-friendly Name, and add the features for the feature pack.
You can add the features individually or click a default feature pack (such as foundation or enterprise). The Name is
visible to customers during resource configuration. After a feature pack is added, it can be configured for a customer
account.
To enable DNS for the SharePoint 2010 service
Before you enable DNS for the SharePoint 2010 service and configure DNS provisioning, the DNS service must be enabledand configured.Important: The SharePoint 2010 service enables you to manage only one DNS record type at a time for SharePoint sites.Do not change the DNS record type after SharePoint sites have been created. Changing the DNS record type can result induplicate DNS records being created for each site.1. Enable DNS for the SharePoint 2010 service:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Expand SharePoint 2010 and then click Service Settings.
4. In DNS Record Type, select A Record or CNAME Record for the SharePoint server as appropriate.
5. Click Save.
2. Enable DNS provisioning:
1. From the Services Manager bar, Configuration > System Manager > Servers.
2. Select the SharePoint server from the server list and perform one of the following actions:
To enable A Record provisioning, in External IP Address, enter the IP address of the SharePoint server.
To enable CNAME Record provisioning, in External Name, enter the FQDN of the SharePoint server.
Provision the SharePoint 2010 service to customers
Jun 05, 2015
Before provisioning the SharePoint 2010 service to a customer, at least one SharePoint Farm and Feature Pack must be
configured and assigned to the customer. When provisioning a customer, you can specify multiple, different farms with
companion feature packs. However, you cannot specify multiple instances of the same farm.
Customers are configured with SharePoint Feature Packs that determine the functionality that is available to provisioned
users.
A standard SharePoint installation includes 12 preconfigured customer plans. These plans determine how the site isconfigured and saved on the SharePoint 2010 server. Service providers configure the availability of the following templateswhen they provision the service to customers. All templates support SSL authentication.Customer Site
This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured
with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.
Additionally, a separate Customer site template is available that includes anonymous authentication.
Shared Site
This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated
content database. Additionally, a separate Shared site template is available that includes anonymous authentication.
Dedicated Site
This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool
unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content
database. Additionally, a separate Dedicated site template is available that includes anonymous authentication.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision SharePoint 2010.
3. In the services list, click SharePoint 2010 configure resources. The Service Setup page appears.
4. In the SharePoint Farm table, click Add and select the farms and companion feature packs to allocate to the customer.
5. Click Update to save your selections.
6. Click Save to save the resource configuration.
7. In the services list, click SharePoint 2010 create an instance. The SharePoint 2010 Service Instance page appears.
8. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.
9. Under Service Plan Configuration, in Customer Plan, select the settings package to use for the site. To customize the
template, click Edit and make the appropriate changes. When you are f inished, click Apply Changes.
10. Under Site Administrators, enter the user names for the users granted full administration rights to the site. These users
must be members of the customer's organizational unit in Active Directory.
11. In Site Template, select the SharePoint site template with which to create the site.
Note: If no template is selected, no template is configured when the site is provisioned. The Site Administrator must
access the SharePoint site directly to configure the site template and security groups manually before users can access
the site.
12. In Site Name, enter the host header for the site.
13. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enabled check box and enter the total number of users the customer can provision to
14. Click Finish and then click Exit to close the Configuration Tool.
After you install the web service, continue the configuration using the Services Manager control panel. For more
information, see Configure the SharePoint 2013 service.
To install the SharePoint 2013 web service using the command line
When you install the SharePoint 2013 web service from the command line, you perform two actions:Install the web service and create the required Services Manager directory where the web service resides.
Perform initial configuration of the web service using the Configuration Tool.
1. On the SharePoint 2013 server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:SharePoint2013. The Setup Tool installs the web service
and returns the command prompt.
4. At the command prompt, enter install-locationServicesSharePoint2013ConfigurationSharePointConfigConsole.exe and
specify the following properties:
Property Description
/UserName:username The application pool ID. Usually, this is the SharePoint administrator user. This
parameter is optional if you are using /GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using
/GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
/GenerateCredentials:True
| False
Optional. Generate the password for the service account.
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program
Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs the initial configuration of the web service.install-locationServicesSharePoint2013ConfigurationSharePointConfigConsole.exe /UserName:shpt_svc_acct /Password:password /ServicePort:8095When the installation process is finished, configure the SharePoint 2013 service through the Services Manager control
panel. For instructions, see Configure the SharePoint 2013 service.
Updated: 2013-10-18When you provision a SharePoint 2013 site to a customer, you can specify that the site be accessed using HTTPS andselect the certif icate to use for the site. To make certif icates available for provisioning customer sites, you perform thefollowing tasks:
On the SharePoint farm server, create the required IP addresses and install the required certif icates
In the control panel, assign the certif icates to the appropriate IP addresses and specify the access level of the
certif icate (available to all customers or dedicated to a single customer)
1. From the Services Manager menu bar, click Services > SharePoint 2013 > Certif icates.
2. Under Sync, click Retrieve IP Addresses, then click Retrieve Certif icates. By default, all certif icates are marked as Reserved
until they are configured.
3. In the certif icates table, click Edit for the certif icate you want to configure.
4. In IP Address, select the IP address you want to assign to the certif icate.
5. In Access, select one of the following options:
Reserved: The certif icate is unavailable for use by any customer.
Public: The certif icate is available for use by any customer.
Dedicated Customer: The certif icate is available for use only by a specif ic customer. When you select this option,
enter the Customer to whom you are allocating the certif icate.
To provision the SharePoint 2013 service to customers
Before provisioning the SharePoint 2013 service to a customer, at least one SharePoint farm and feature pack must be
configured (see Configure the SharePoint 2013 service). Feature packs determine the functionality that is available to
provisioned users.
Additionally, to enable Services Manager to provision DNS records to the customer when provisioning SharePoint 2013 sites,
ensure the DNS service is configured. For domains that are owned by the customer, ensure the DNS service is configured
and provisioned to the customer.
Provisioning the SharePoint 2013 service to a customer consists of the following actions:Conf igure SharePoint resources: This action creates a subscription for the customer to the SharePoint farm you
specify. You can specify multiple, different farms with companion feature packs. However, you cannot specify multiple
instances of the same farm.
Conf igure SharePoint sites: This action deploys a SharePoint site for the customer using the customer plan, site
template, SSL certif icate, and URL you specify.
Customer plans determine how the site is configured and saved on the SharePoint 2013 server. Service providers configurethe availability of the following plans when they provision the service to customers. All plans support SSL and anonymousauthentication.Customer Site
This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured
with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.
Shared Site
This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated
content database.
Dedicated Site
This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool
unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content
database.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the SharePoint 2013 service.
3. In the services list, click SharePoint 2013 configure resources.
4. In the SharePoint farm table, click Add and select the farm and companion feature pack to allocate to the customer.
Note: Changing the companion feature pack affects the features of all sites that are provisioned to a customer. This
change can affect the customer's billing for those sites. For example, if a customer has several sites provisioned in a farm
with the Foundation feature pack, changing the feature pack to Enterprise will cause the customer to be billed at the
Enterprise level for all provisioned sites.
5. Click Update and then click Save.
6. In the services list, click SharePoint 2013 create an instance.
7. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.
Updated: 2013-10-31To migrate customers' SharePoint 2010 sites to SharePoint 2013, you perform the following tasks:1. Upgrade your SharePoint 2010 deployment to SharePoint 2013 as described in the article "Overview of the upgrade
process to SharePoint 2013" on the Microsoft TechNet web site.
2. In the Services Manager control panel, remove customers' SharePoint 2010 sites. This step removes sites from the
control panel, but does not delete them from the SharePoint farm.
3. Import customers' upgraded SharePoint 2013 sites into the control panel for management.
To remove SharePoint sites
Removing a SharePoint site removes the site listing from the Services Manager control panel only. The site remains intact in
the SharePoint farm.
1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Site Removal.
2. Under Farm Selection, select the SharePoint Version, Location, and Farm server where the site you want to remove
resides.
3. In the site table, select the SharePoint site you want to remove.
4. Click Delete Sites. The site table no longer displays the site entry.
To import existing SharePoint 2013 sites
Before you import an existing SharePoint site, ensure you have the following items:The customer to whom you want to assign the imported site has been added to Services Manager
The user designated as the site's Primary Administrator has been added to the customer
When you import a site, Services Manager automatically assigns it to the customer based on the user designated as the
site's Primary Administrator. If Services Manager detects that the user does not belong to a customer, you cannot import
the site.
1. From the Services Manager menu bar, choose Services > SharePoint 2013 > Site Import.
2. Under Farm Selection, select a Location and Farm where the site you want to import resides. Services Manager
automatically detects the sites in the farm and displays them in a list.
3. From the site list, select the unassigned site you want to import and then click Import.
To configure Skype for Business service in a new instance of CloudPortal Services Manager (that has never been provisioned
with any Lync Enterprise 2013 service), follow the Lync 2013 Guide to review the deployment requirements and common
steps to deploy new Skype for Business service in a standalone Lync Enterprise 2013 or Skype for Business 2015
environment. The general configuration steps are the same as in the previous version except for the following, minor
differences:
Configure server connection
Provision Skype for Business service to customer
Skype for Business service adds a new feature to distinguish Skype servers of different versions. The following additional
steps are required in the process of Configuring Skype for Business service:
Step 1: Specify the version of Skype server when you create a server connection
1. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Connections, click NewConnection, and then select or type the following information for the web service.
Setting Value
Server Role Select Skype for Business.
Server Defaults to the Lync/Skype server.
Credentials Choose the credentials for the Lync/Skype web service account.
URL Base Defaults to /LyncEnterprise2013WS/Lync.asmx.
Protocol Defaults to http.
Port Defaults to 8095. If you change the port here, change it also in the Services Manager web service.
T imeout Defaults to 200000 milliseconds.
Version o Lync Enterprise 2013 o Skype for Business 2015
2. Click Save.
Step 2: Provision the Skype for Business service to a customer by choosing theSkype version
This section describes how to upgrade the exsiting Lync Enterprise 2013 service to Skype for Business service in
A standalone Lync Enterprise 2013 deployment
A Skype for Business 2015 deployment that underwent an in-place upgrade from Lync Enterprise 2013
A Skype for Business 2015 deployment that coexists with Lync Enterprise 2013
Upgrade service in standalone Lync Enterprise 2013
In this scenario, Lync Enterprise 2013 server is installed and deployed with Lync Enterprise 2013 service. To upgrade the existing Lync Enterprise 2013 service to Skype for Business service, you must
perform the following steps:
Step 1: Upgrade Skype for Business package in CloudPortal Services Manager
1. Log on to Cloud Portal Services Manager as Service Provider admin.
2. Go to Conf iguration > System Manager > Service Schema, click Import a service, click Choose File button, browse to the private build, select Skype for Business package, click Preview, then
click Import .
3. If no error occurs, right click Toolbars, open Task Manager, click Details, locate CortexQueueMonitor.exe and click End task. Click Services, then locate and start CortexQueueMonitor.
NoteMake sure the CPSM reporting role is successfully installed. Otherwise some wording in the user interface, such as ‘Lync Enterprise 2013’ will not upgrade.
Step 2: Upgrade Skype for Business web service
1. Log on to Lync Enterprise 2013 web service servers.
2. Go to Control Panel and uninstall Citrix CloudPortal Services Manager Lync Enterprise 2013 Web Service.
3. Launch Setup.exe from the Skype for Business installation folders.
4. Check Skype for Business Web Service, click Next , and then follow the steps to f inish the installation.
5. Click Conf igure to configure the service.
6. Specify Service Account, keep the default Service port.
7. Click Next to f inish the configuration.
Upgrade service in Skype for Business 2015 that underwent an in-place upgrade
To upgrade Skype for Business service in an In-Place Upgrade Skype for Business 2015 environment, besides the previous steps in Upgrade service in a standalone Lync Enterprise 2013, you must
perform the following additional steps to upgrade the customer and user information.
Step 1: Upgrade Server Connections
1. Log on to Cloud Portal Services Manager as Service Provider admin.
2. Go to Conf iguration > System Manager > Server Connections, click and expand Skype for Business – Lync Enterprise 2013.
3. Under Version, Select Skype for Business 2015.
Step 2: Upgrade Registrar Pool in Customer Plan and User Plan
1. Go to Conf iguration > System Manager > Service Deployment . Under Service Filter, select Active Directory Location Services, and choose a Location Filter.2. Expand Skype for Business.
3. Expand User Plans. Then expand each user plan, select the checkbox before Registrar pool, and then click Reload. Make sure the registrar pool is the Skype for Business 2015 pool. Click Applychanges.
4. Expand Customer Plans. Then expand each customer plan, select the checkbox before Registrar pool, and then click Reload. Make sure the registrar pool is the Skype for Business 2015 pool.
Click Apply changes.
5. Click Save.
Step 3: Reprovision Skype for Business service to Reseller
To reprovision Skype for Business service to Reseller, perform the steps listed in Reprovision Skype for Business to Reseller.
Step 4: Reprovision Skype for Business service to Customer
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Change the Skype Version to Skype for Business 2015.
5. Keep other properties unchanged and click Provision.
Step 5: Reprovision Skype for Business service to users
1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.
2. Select Services. The User Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Keep other properties unchanged and click Provision.
Upgrade service in a co-existence Lync/Skype co-existence environment
In this scenario, you can migrate Lync Enterprise 2013 servers to Skype for Business 2015 servers. The temporary environment that exists during migration still remains Lync Enterprise 2013 and Skype
for Business 2015 .
This section provide information specific to upgrading existing objects provisioned with Lync Enterprise 2013 service in CPSM. For example, migrating users from Lync Enterprise 2013 front end server
to Skype for Business 2015 front end server, updating DNS record to upgrade some simple url.
Besides the previous steps in Upgrade service in a standalone Lync Enterprise 2013, some extra steps are required.
Step 1: Install Skype for Business web service in Skype for Business 2015 front-end servers
1. Logon to Skype for Business 2015 front-end server
2. Launch the Setup.exe from the Skype for Business installation folders
3. Check Skype for Business Web Service, click Next , follow the steps to f inish the installation
4. Click the Conf igure link to configure the service
5. Specify Service Account, keep the Service port by default
6. Click Next to f inish the configuration
Step 2: Enable the Server for Skype for Business 2015 front-end servers
1. Logon to Cloud Portal Services Manager as Service Provider admin
2. From the Services Manager menu bar, choose Conf iguration > System Manager > Servers.
3. Click Refresh Server List .
4. Expand the entry for the Skype for Business 2015 server and verify that Server Enabled is selected.
Step 3: Assign server roles
1. Logon to Cloud Portal Services Manager as Service Provider admin
2. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Roles and then expand the entry for the Skype server.
3. Under Server Connection Components, select Skype for Business and then click Save.
Step 4: Upgrade Server Connections
1. Logon to Cloud Portal Services Manager as Service Provider admin
2. From the Services Manager menu bar, choose Conf iguration > System Manager > Server Connections, click and expand Skype for Business – Lync Enterprise 2013, click delete to delete the
server connection for Lync Enterprise 2013 servers.
3. Click New Connection, and then select or type the following information for the web service.
Setting Value
Server Role Select Skype for Business.
Server Defaults to the Skype for Business 2015 server.
Credentials Choose the credentials for the Skype web service account.
URL Base Defaults to /LyncEnterprise2013WS/Lync.asmx.
Protocol Defaults to http.
Port Defaults to 8095. If you change the port here, change it also in the Services Manager web service.
T imeout Defaults to 200000 milliseconds.
Version o Lync Enterprise 2013 o Skype for Business 2015
4. Click Save.
Choose the credentials for the Skype web service account.
Choose the credentials for the Skype web service account.
NoteTo deploy Skype for Business service in a Lync Enterprise 2013/Skype for Business 2015 co-existence environment, only one server connection is required, while the server connection must connect to Skype for
Business 2015 web service. For in a co-exsitence environment, some Skype/Lync commands can be executed only at the top version level.
Step 5: Upgrade Registrar Pool in Customer Plan and User Plan
To upgrade Registrar pool in Customer Plan and User Plan, perform the steps listed in Upgrade Registrar Pool in Customer Plan and User Plan.
Step 6: Upgrade DNS Record
1. Go to Conf iguration > System Manager > Service Deployment . Under Service Filter, select Active Directory Location Services, and choose a Location Filter.2. Expand Skype for Business.
3. Click Service Settings.
4. Under DNS, perform the following actions if Services Manager is to provision DNS records for the Skype for Business service:
In Front End Server, specify the IP address or FQDN of the Front End server of the newly deployed Skype for Business 2015 server. Leave these f ields blank if you want to create the DNS
records manually.
NoteCitrix recommends that you set the IP address or FQDN in Front End Server to a Skype for Business 2015 server IP or FQDN.
Step 7: Reprovision Skype for Business service to Reseller
To reprovision Skype for Business service to Reseller, perform the steps listed in Reprovision Skype for Business to Reseller.
Step 8: Reprovision Skype for Business service to Customer
The steps for reprovisioning Skype for Business service to Customer are the same as those listed under Step 4 of Upgrade service in Skype for Business 2015 that underwent an in-place upgrade.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Change the Skype Version to Skype for Business 2015.
5. Keep other properties unchanged and click Provision.
Step 9: Reprovision Skype for Business service to users
The steps for reprovisioning Skype for Business service to users are the same as those listed under Step 5 of Upgrade service in Skype for Business 2015 that underwent an in-place upgrade.
1. From the Services Manager menu bar, click Users and select the user for whom you want to provision services.
2. Select Services. The User Services page appears.
3. Click the Skype for Business service name. The Service Plan Configuration page appears.
4. Keep other properties unchanged and click Provision.
Updated: 2014-08-15The Virtual Machine web service is installed on the Microsoft SCVMM server in your environment. You can install the Virtual Machine web service using
either the graphical interface of the Services Manager installer or through the command line. After the installation process finishes, you can enable the
service and continue configuration through the control panel.
To install the Virtual Machines web service using the graphical interface
The installation process includes preliminary configuration to create the web service account and IIS application pool, and define the service port.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Install CloudPortal Services Manager.
2. On the Install CloudPortal Services Manager page, select Add Services.
3. On the Add Services page, select Install Services.
4. Accept the License Agreement and then click Next.
5. On the Select Web Services page, select Virtual Machine Web Service and then click Next.
6. On the Review Prerequisites page, review the list of software that will be installed to support the web service and then click Next.
7. On the Ready to Install page, review your selection and then click Install.
8. After the installation f inishes, click Finish.
9. On the Installed Services page, click Configure next to the Virtual Machine web service list item.
10. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When
the summary contains the settings you want, click Next. The Configuration Tool configures the Virtual Machine web service and displays progress.
11. Click Finish and then click Exit to close the Configuration Tool.
To install the Virtual Machines web service through the command line
1. On the SCVMM server, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:VirtualMachine. The Setup Tool installs the web service and returns the command
prompt.
4. At the command prompt, enter install-locationServicesVirtualMachineWSConfigurationVMConfigConsole.exe and specify the following properties:
Property Description
/UserName:vm_svc_acct Impersonation account for the Virtual Machine service. This parameter is optional if you are using
/GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True |
False
Optional. Create the service account in Active Directory.
/GenerateCredentials:True
| False
Optional. Generate password for the service account.
/SkipUserRoleCreation:True
| False
Default = False
/UserRoleName:name The SCVMM user role under which the service operates. Default = CSM_SelfServiceUser. This parameter is optional
if you have set /SkipUserRoleCreation to True.
/VMHostGroups:host-
groups
A comma-delimited list of host groups to add to the SCVMM scope. This parameter is optional if you have set
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample command string
The following command performs initial configuration of the web service:install-locationServicesCitrixWSConfigurationVMConfigConsole.exe /UserName:vm_svc_acct /Password:password /ServicePort:8095 When the installation process is finished, log on to the control panel and configure the web service. For instructions, see Configure the Virtual Machine
Updated: 2013-02-11Checkpoints capture the state of a virtual machine at a certain moment in time. You can then use the checkpoint torestore the virtual machine to the state it was in when the checkpoint was created.
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Select the virtual machine for which you want to create a checkpoint.
3. On the Checkpoints tab, in the Checkpoint Management table, click Add. A blank text box appears in the Name column.
4. Type the name of the checkpoint and then click Update.
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Select the virtual machine whose state you want to restore.
3. On the Checkpoints tab, select the checkpoint you want to use.
4. Click Restore. The restore request is sent to the host machine. To view the progress of the restore, click the Status tab.
The Most Recent Task section displays the progress of each task the host machine processes.
Updated: 2013-02-11For information about the requirements for deploying the Windows Web Hosting service, refer to Plan to deploy the
Windows Web Hosting service.
Deploying the Windows Web Hosting service involves the following tasks:Install the Windows Web Hosting web service
Configure the Windows Web Hosting service
To provision Windows Web Hosting services to resellers
Provision the Windows Web Hosting service to customers
After deploying the Windows Web Hosting service, use the following the topics to add and import web sites, manage website directories and subdomains, and install web applications:
Updated: 2013-02-15The Windows Web Hosting web service is installed on all web servers in your environment that you want to make available for provisioning web sites to
customers. You can install the Windows Web Hosting web service using either the graphical interface of the Services Manager installer or through the
command line. After the installation process finishes, you can enable the service and continue configuration through the control panel.
The installation process includes preliminary configuration to create the web service account, local file share, and FTP site. This process also creates an
FTP User Isolation account for accessing each customer's service OU in Active Directory.
This task assumes the Services Manager installer is running and the Select Deployment Task page is displayed.
1. On the Select Deployment Task page, select Add Services & Locations.
2. On the Add Services & Locations page, select Install Services.
3. Accept the License Agreement and then click Next.
4. On the Select Web Services page, select Windows Web Hosting Service and then click Next.
5. On the Ready to Install page, review your selection and then click Install.
6. After the installation f inishes, click Finish.
7. On the Installed Services page, click Configure next to the IIS web service list item.
8. On the Configure IIS page, enter the following information and then click Next:
Auto-generate credentials: Select this check box to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the web service account. The default user name is csm_iis_svc. This f ield is unavailable when you elect to auto-
generate credentials.
Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active
Directory.
Service port: Enter the port used by the web service. The default port is 8095.
9. On the Create FTP Site page, enter the following information and then click Next:
External address: Enter the name of the server that customers will access to manage their hosted content. By default, the local server name is
entered.
Binding IP: Enter the IP address through which the server receives incoming connections. By default, all IP addresses are included.
Use SSL: Select this option to secure FTP transmissions with SSL. Citrix strongly recommends this option if you are deploying the service in a
production environment.
SSL Certif icate: Specify the SSL certif icate you want to use. This item is not available if you do not elect to use SSL.
Content f ile share: Specify the f ile share that customers will access to store hosted content. The default f ile share is C:CsmWebHosting.
10. On the FTP User Isolation page, enter the following information and then click Next:
Auto-generate credentials: Leave this check box selected to allow the Configuration Tool to generate service account credentials automatically.
User name: Enter a user name for the web service account. The default user name is IISFTPUser. This f ield is unavailable when you elect to auto-
generate credentials.
Password: Enter a password for the web service account. This f ield is unavailable when you elect to auto-generate credentials.
Create if doesn't exist: Leave this check box selected to allow the web service account to be created if it does not already exist in Active
Directory.
11. On the Summary page, review the configuration information. If you want to change anything, return to the appropriate configuration page. When
the summary contains the settings you want, click Next. The Configuration Tool configures the web service and displays progress.
12. Click Finish and then click Exit to close the Configuration Tool.
1. On an IIS server in your environment, log on as an administrator.
2. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
3. At the command prompt, enter CortexSetupConsole.exe /Install:WinWebHosting. The Setup Tool installs the web service and returns the command
prompt.
4. At the command prompt, enter install-locationServicesWinWebHostingWSConfigurationIISConfigConsole.exe and specify the following properties:
/UserName:username Impersonation account for the Windows Web Hosting service. This parameter is optional if you are using
/GenerateCredentials.
/Password:password The application pool password. This parameter is optional if you are using /GenerateCredentials.
/ServicePort:port Inbound port to be used and added to the CortexServices web site. Default = 8095
/AutoCreateUser:True | False Optional. Create the service account in Active Directory.
/GenerateCredentials:True |
False
Optional. Generate password for the service account.
/FtpFileShare:f ile-path Optional. The location of the FTP f ile share. Default = %SystemDrive%WebHosting
/FtpSiteIp:ip-address Optional. The site binding IP address. Default = * (all assigned)
/FtpSiteName:site-name Optional. The name of the FTP site. Default = Services Mgr Web Hosting FTP
/FtpSslCertThumbprint Optional. The thumbprint of the SSL certif icate used to secure the FTP site.
/FtpUseSsl:True | False Optional. Whether or not SSL is used for the FTP site.
Propert yPropert y Descript ionDescript ion
Install-location denotes the web service installation directory on the local computer. The default directory is C:Program Files (x86)CitrixCortex.
The Configuration Tool performs initial configuration of the web service and returns the command prompt.
Sample installation command string
The following command performs the initial configuration of the web service.install-locationServicesCitrixWSConfigurationIISConfigConsole.exe /UserName:iis_svc_acct /Password:password /ServicePort:8095
Updated: 2013-02-25The Web Site Import tool enables service providers to import and configure IIS 7 web sites for customers. After provisioning,
the customer's administrator can manage the site using the IIS Manager.
Before importing web sites, the following prerequisites must be met:The user performing the import must have Service Provider Administrator privileges.
The web server currently hosting the sites is configured with the Windows Web-Hosting server role (Configuration >
System Manager > Server Roles).
The web server currently hosting the sites is included in an applicable server collection (Configuration > System Manager
> Server Collections).
A server connection has been set up for the web server currently hosting the sites (Configuration > System Manager >
Server Connections).
The customer for whom the web sites are imported has a Services Manager account. However, the Windows Web-
Hosting service does not need to be provisioned to the customer. When the f irst web site is migrated, Services Manager
provisions the Windows Web-Hosting service and enables the server hosting the site.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > Web Site Import.
2. Under Server Connection, perform the following actions:
1. In Location, select the location where the server resides.
2. In Web Service, select the server that is configured with the Windows Web-Hosting service. In Server, select the server
that is hosting the web site you want to import.
3. Click Load. A list of all the web sites that are present on the server appears.
4. From the site list, select the web site you want to import. The Site Import Manager page appears.
5. In Customer Search, type the name of the customer for whom you want to import the site.
6. Click Load. The page refreshes and displays the customer's name and primary domain.
7. Under Service Setup, in Instance Name, type the name of the instance that does not contain spaces. This name appears
as an instance in the customer's services list.
8. In Customer Plan, select the package template to which the server is assigned.
Updated: 2013-02-25In IIS, default documents are files that are automatically served when a user accesses the customer's web site but does
not request a specific file. A default document might be the customer's home page or a file list (if directory browsing is
enabled).
When a customer is provisioned with an instance of Windows Web Hosting, the following default documents are createdin the web site's root directory:
Index.htm
Index.html (IIS 7 only)
Index.cfm (IIS 7 only)
Default.asp
Default.aspx (IIS 7 only)
Default.htm
iisstart.htm (IIS 7 only)
Note: Index.php is created only when the Web Hosting instance is configured with PHP Framework settings.The default documents that are created in the web site root directory are automatically passed to any subdirectories that
are created.
Default documents can be modified at the root web site level or at the subdirectory level. If a document is added at the
root level, it is applied to all subdirectories.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager
displays the customer's available web sites.
2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder
structure appears in the Web Site pane.
3. In the Web Site pane, click the folder where you want to add the new default document.
4. On the Settings tab, under Default Documents, enter the new document name in the text box.
Note: The document names in this box appear in ranked order. If you want the new document to be the f irst one IIS
Updated: 2013-02-25If a customer's web site involves serving dynamically-generated content, the subdirectories containing that content can bepublished as web applications.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. In the Web Site pane, select the folder you want to publish as a web application.
3. On the Settings tab, under Install Application, click Install. The IIS Site Manager page refreshes and the selected folder is
Customers can add or remove subdomains, or host headers, that are bound to their Web site. This allows the customer toconfigure multiple Web sites using a single Windows Web Hosting instance.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. From the Site drop-down box, select the Web site for which you want to create the subdomain. The site's folder
structure appears in the Web Site pane.
3. On the Domains tab, under Add Site Bindings, enter the new subdomain name and then click Add. The subdomain is
added to the list of identities for the root Web site.
4. To delete a subdomain, under Remove Site Bindings, select the subdomain from the drop-down box and then click
Create and provision additional user and customerplans
Jun 05, 2015
Updated: 2013-02-11When you configure a service for the f irst time, you create the initial user and customer plans that are eventually sold toResellers and customers. However, adding more plans later does not require the same level of configuration that wasrequired during service configuration. After the service is fully configured, you can create additional user or customer plansand:
Enable Resellers to offer additional levels of service to their customers.
Migrate customers’ users to a new user plan using the Package Migration Wizard. For more information about
performing this task, refer to the topic To migrate users to different user plans in bulk with the Package Migration
Wizard in Citrix eDocs.
This topic assumes the following conditions:You have fully configured the services for which you are creating more plans.
You have at least one user plan and one customer plan enabled and available for provisioning.
Use this topic as a guide for creating more plans and making them available to Resellers and customers. For more
information about configuring service-specific settings, consult the service’s configuration instructions in the Deploy
services section of the Services Manager product documentation in Citrix eDocs.
1. Create and configure a user plan for the desired service at the Top Environment Level:
1. From the Services Manager menu bar, click Configuration > System Manager > Service Deployment.
2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.
3. Click User Plans, enter a Name for the user plan, and then click Create.
4. Perform any additional configuration required.
5. Click Apply Changes, and then click Save.
2. Enable and configure the user plan at the Location level:
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
2. Expand the desired service, click User Plans, and then select the Enabled check box for the new user plan.
3. Expand the new user plan and update applicable settings.
4. Click Apply Changes and then click Save.
3. Provision the user plan to the top Reseller:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the Reseller and click Search. The specif ied customer is selected.
2. Expand the Reseller service and then expand the service for which you added the new user plan.
3. Select the Enabled check box for the new user plan.
4. Click Apply Changes and then click Provision.
4. Repeat Step 3 for any other Resellers in the hierarchy.
5. Provision the user plan to the customer:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the customer and click Search.
2. Expand the desired service and click Advanced Settings.
Updated: 2013-02-11Services Manager enables administrators to review the current status of provisioning requests after they have been
submitted to the provisioning engine.
Administrators can view these requests through the Services Manager system or with an RSS feed. Administrators can also
search for a specific request.
Using the Services Manager control panel, administrators can view the following information:The type of provisioning request (e.g., Bulk Request, Object Provision, Object Deprovision, etc.)
The service and customer for whom the request is created
The date on which the request is executed
The subrequests that are executed as part of the provisioning request and their transaction logs
If all subrequests in a provisioning request execute successfully, the request displays a green status indicator. If some
subrequests do not execute successfully, the request displays a yellow triangle status indicator which, later, changes to a
red status indicator.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
2. To view the transaction logs and subtasks executed in a provisioning request, click the Request Type entry and then
expand the Request Logs or Sub-Requests nodes.
The Services Manager RSS feed enables administrators to receive notifications whenever a provisioning error occurs.
Because the RSS feed is secured using Windows authentication, an RSS reader that supports digest authentication is
required. You can change the authentication method through IIS, if necessary.
The URL for the RSS feed is http://YourHostHeaderName/cortexdotnet/Rss/CortexProvisioningErrorsRss.aspx.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
2. Under Request Filter, use the following f ilters to refine the list of provisioning requests:
Type displays requests of a specif ic type such as Object Provision.
My Requests and All Requests displays requests that you have created or all requests in the system.
Request Status displays requests of a particular status that have been recorded during the life of the system. For
example, using this f ilter to f ind requests with the Provisioned status displays requests with a green status indicator in
the Status column.
Object Status displays requests where the current status of subrequests matches the status selected.
Note: Using this f ilter to f ind subrequests with the Provisioned status might display some failed provisioning requests
in f iltered results. However, the subrequest itself is not necessarily in a failed state. For example, a provisioning request
to move a customer's user from one Hosted Exchange package to another might fail because the Services Manager
system cannot f ind the mail store for the new package. Although the provisioning request failed, the user is still
Updated: 2013-02-11Services Manager enables service providers to create bulk provisioning requests for existing customers and users. Serviceproviders can use this feature to apply service updates to existing customers in one operation. Service providers can use thefollowing options:
Bulk Reprovisioning creates requests for users and services of a single customer.
Bulk System Provisioning creates requests for all users and all customers
When a provisioning request is created, it is sent to the provisioning engine and a confirmation message is displayed. Any
errors in the actual provisioning transaction appear on the Customer Services page of the control panel.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk Reprovisioning.
2. Under Customer Search, enter the name of the customer whose users you want to reprovision and click Search.
3. Select one of the following options:
Re-provision all users creates a request to reprovision all users of the specif ied customer.
Re-provision all customer services creates a request to reprovision all the services originally provisioned to the specif ied
customer.
Re-provision all user services creates a request to reprovision all the services originally provisioned to the specif ied
customer's users.
Re-provision a specif ic service to all users creates a request to reprovision a selected service to all users of the
specif ied customer, regardless of whether or not the service was originally provisioned to all users.
4. Click Provision. The provisioning request is created and sent to the provisioning engine. To view the status of the request,
To migrate users to different user plans in bulk withthe Package Migration Wizard
Jun 05, 2015
Use the Package Migration Wizard to move multiple users from one user plan to another user plan. When you specify theservice and user plan from which to migrate, Services Manager can automatically select the customers and users whomatch the criteria. If the users you are migrating belong to customers that have not been provisioned with the target userplan, Services Manager can create the required package and complete the migration.This process creates a bulk provisioning request that you can track on the Provisioning Requests page. To make tracking
easier, you can specify a unique name and description for the request.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Package Migration Wizard.
2. Under Wizard Setup, select any of the following wizard options and then click Next:
Select all customers selects for migration all customers with the specif ied source plan.
Select all users selects for migration all users in the Services Manager system with the specif ied source plan.
Generate missing destination packages enables Services Manager to create the target user plan for users belonging
to customers who are not provisioned with the target user plan.
3. Under Service Selection, in Service, select the service containing the user plan from which you want to migrate and then
click Next.
4. Select the user plan from which you want to migrate and click Add selected packages. The selected user plan appears in
a table, in the Source column.
5. From the package table, in the Destination column, select the plan to which you want to migrate and then click Next. A
table displays the customers that match the selected service and source user plans.
6. Ensure the customers you want to migrate are selected and then click Next. The source and destination user plans are
displayed.
7. To verify the appropriate users are selected, perform the following actions:
1. Click the source user plan and then click the customer name.
2. On the Users screen, select or clear the Selected check box as required for any users that you do or do not want
migrated.
3. Click Save and then click Save again to save your changes.
8. Under Request Details, enter a name and description for the provisioning request so it can be easily tracked on the
Provisioning Requests page.
9. Click Finish. Services Manager creates the provisioning request and sends it to the provisioning engine. To view the status
of the request, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
Updated: 2014-10-09CloudPortal Services Manager 11.5 supports in-place upgrading from CloudPortal Services Manager 11.0.1, including
Cumulative Update 1 and Cumulative Update 2.
If you are using CloudPortal Services Manager 10, you must upgrade to Version 11.0.1 first, before you can upgrade to
Version 11.5. For more information, refer to the topic Upgrade from CloudPortal Services Manager 10.
If you are using CloudPortal Services Manager 11, ensure you are using Version 11.0.1. For more information about upgrading
your deployment to Version 11.0.1, refer to CTX138867, "Upgrading CloudPortal Services Manager 11.0 to Version 11.0.1."
Upgrading your CloudPortal Services Manager 11.0.1 deployment to version 11.5 involves several steps that you perform insequence. To prepare your deployment for upgrading, perform the following tasks:1. If required, deprovision the Hosted Apps and Desktops service from customers.
2. Disable all locations in your deployment by stopping the Directory Web Service, Provisioning Engine, and Web platform
components.
3. Back up all Services Manager databases (OLM, OLMReports, OLMReporting).
If you have customers who are provisioned with the Hosted Apps and Desktops service that was included in CloudPortal
Services Manager 11.0.1, you must deprovision the service from these customers before performing the upgrade. The
Hosted Apps and Desktops service in version 11.5 includes a new service schema that is incompatible with this version of the
service. Deprovisioning the service ensures the upgrade occurs smoothly and affects only the customer entitlements in
CloudPortal Services Manager; it does not affect the hosted application and desktop resources that you have allocated to
these customers.
If you have customers who are provisioned with the Hosted Apps and Desktops 11.2 service, which was released after
CloudPortal Services Manager 11.0.1, you do not need to take any action. The upgrade occurs as it would for any other
web service.
During the upgrade process, the Configuration Tool removes the Hosted Apps and Desktops service and installs the new
version. After the upgrade is complete, you can reprovision the service to customers.
After you have completed the preparation steps, you can perform the upgrade. The following table lists the required stepsand the instructions for performing them. Perform these steps in the order shown.
St ep #St ep # T o perf orm t his t ask...T o perf orm t his t ask... ...ref er t o t his t opic....ref er t o t his t opic.
1. Deploy the Encryption Service Install and configure the Encryption Service
2. Upgrade the system databases Upgrade system databases
CortexConfigConsole.exe /Upgrade:DatabasesThe Configuration Tool launches the upgrade database scripts that perform the upgrade. When the upgrade is completed,
the command prompt is returned.
After upgrading the system databases, continue the upgrade process by upgrading the CloudPortal Services Manager
platform server roles. For more information, refer to the topic Upgrade platform server roles using the graphical interface or
Note: I f your deployment of CloudPort al Services Manager 11.0.1 includes cust omizat ions, be aware t hat youIf your deployment of CloudPort al Services Manager 11.0.1 includes cust omizat ions, be aware t hat youmight need t o updat e t hese cust omizat ions manually when you upgrade t o CloudPort al Services Managermight need t o updat e t hese cust omizat ions manually when you upgrade t o CloudPort al Services Manager11.5. For example, you might need t o updat e cust om st ylesheet s t o accommodat e changes in t he sit e11.5. For example, you might need t o updat e cust om st ylesheet s t o accommodat e changes in t he sit est ruct ure.st ruct ure.For instructions to upgrade the platform server roles, see Upgrade platform server roles using the graphical interface or
Updated: 2014-08-29Use this topic to upgrade CloudPortal Services Manager platform servers from version 11.0.1 to version 11.5. Perform theupgrade on the servers hosting the following platform components:
Directory Web Service
Provisioning
Web
The upgrade process involves the following tasks:Upgrade the platform roles installed on each server in your deployment.
Reconfigure each role to f inalize the upgrade.
1. From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database
version. If the correct database version is not detected, the Setup Tool prompts you to manually verify the version and
click Next.
4. When prompted, accept the End User Licensing Agreement and then click Next.
5. On the Select Components page, select the components you want to upgrade. By default, installed components for
which upgrades are available are selected.
6. On the Ready to upgrade page, click Upgrade. The Setup Tool installs the Configuration Tool, upgrades the selected
roles or services, and displays progress.
7. On the Upgrade Complete page, click Finish.
8. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services.
9. On the Re-configure Upgraded Components page, select the component you want to reconfigure and click Finish
Upgrade.
10. Use the following table to configure the settings for each server role:
RoleRole PagePage Descript ionDescript ion
Directory
Web
Service
Enter
Directory
Service
Credentials
Enter the user name and password for the Queue Monitor service account. The
default user name is cortex_dirws_svc.
Provisioning Enter Queue
Monitor
Credentials
Enter the user name and password for the Queue Monitor service account. The
Review the service components that will be imported when the Web server role is
configured. Other service components, such as reports, are imported when the
Reporting service is reconfigured.
RoleRole PagePage Descript ionDescript ion
11. On the Summary page, click Commit.
12. When the reconfiguration is complete, click Finish.
13. Repeat Steps 1-12 for each server role you want to upgrade.
To upgrade platform components, you perform the following tasks:Upgrade the platform server roles using the Setup Tool
Reconfigure the platform server roles using the Configuration Tool
When running the Setup and Configuration Tools, use the following role names to specify the platform server roles youwant to upgrade:
Provisioning
DirectoryWebService
Web
1. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
2. At the command prompt, enter CortexSetupConsole.exe /Install:role-name /Upgrade . To specify multiple
components, use a comma-delimited list. The Setup Tool upgrades the specif ied role and returns the command prompt.
3. At the command prompt, enter CortexConfigConsole.exe /Upgrade:role-name. The Configuration Tool
reconfigures the specif ied role and returns the command prompt.
The following command upgrades the Provisioning server and Directory Web Service.CortexSetupConsole.exe /Install:Provisioning,DirectoryWebService /UpgradeAfter upgrading the platform server roles, continue the upgrade process by upgrading Services Manager web services. For
more information, refer to the topic Upgrade web components.
Updated: 2014-08-14This topic describes the upgrade process of web components from CloudPortal Services Manager 11 to version 11.5. For
upgrades, the term web components refers to the control panel web site, the API web service, and all service related web
services.
During the upgrade process, the CloudPortal Services Manager Setup Tool updates all sites to run from the backup andputs all associated sites and application pools in a stopped state. Therefore, if the names of any of the sites or applicationpools in your deployment have been changed from the default, you must specify those changes in an XML f ile before youinitiate the upgrade. To create this f ile, use the following format:<Configuration> <Property Name="<service-id>.ApplicationPool" Value="MyAppPool" /> <Property Name="<service-id>.Application" Value="MyAppName" /> <Property Name="<service-id>.Site" Value="MySite" /></Configuration>The service-id property is the web service's deployment identifier used in the Configuration Tool.
After creating the XML f ile, you can initiate the upgrade using the following command:CortexSetup.exe /ConfigFile:path-to-XML-fi le /Upgrade
When you upgrade the web components, the Configuration Tool performs the following tasks:1. Stop the site and applicable web services in IIS.
2. Back up the site. The default f ile path for this backup is %ProgramData%\Citrix\CloudPortal Services Manager
Setup\Backups\Legacy\component-name.
3. Update physical paths in IIS to point to the site backup.
4. Update the site f iles in the %ProgramFiles% directory.
5. Copy updated site f iles from %ProgramFiles% to C:\Inetpub\site-name.
6. Restore customer content from site backup (for example, downloads, images, stylesheets, or scripts).
7. Restore web.config f ile from site backup and apply updates.
8. Imports and saves the Encryption Service key.
9. Update physical paths in IIS.
10. Restart site in IIS.
In the event a conflict arises during the upgrade, the sites remain in a stopped state and reference the backup created
earlier in the process. Site files in the %ProgramFiles% directory are updated and site content in C:\Inetpub\component-
name are reverted to the previous version. You can then review the configuration update file located in %ProgramFiles% and
make any necessary changes to the deployed web.config file.
For instructions to upgrade web components, see Upgrade web services using the graphical interface or command line.
Updated: 2014-08-29Use this task to upgrade CloudPortal Services Manager web services from version 11.0.1 to version 11.5. Perform this task onthe servers hosting the following components:
Citrix
Hosted Exchange
Lync Enterprise 2010 and 2013
Lync Hosted 2010 and 2013
MySQL
SharePoint 2010 and 2013
Virtual Machine
Windows Web Hosting
The upgrade process involves the following tasks:Upgrade the web services installed on each server in your deployment
Reconfigure the web services to f inalize the upgrade
1. From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database
version. If the correct database version is not detected, the Setup Tool prompts you to manually verify that the system
databases have been upgraded and click Next.
4. When prompted, accept the End User Licensing Agreement and then click Next.
5. On the Select Components page, the Configuration Tool automatically selects the web services that are installed on the
server. Click Next.
6. On the Review Prerequisites page, the Configuration Tool displays the required software that will be installed to support
the upgraded web service. Click Next.
7. On the Ready to upgrade page, click Upgrade. The Configuration Tool upgrades the selected services and displays
progress.
8. On the Upgrade Complete page, click Finish.
9. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services. The Configuration Tool
attempts to retrieve the Encryption Service key.
10. On the Re-configure Upgraded Components page, click Finish Upgrade for the web service you want to upgrade. The
Configuration Tool attempts to contact the Encryption Service to retrieve the service's encrypted key. If the Encryption
Service cannot be contacted, the Configuration Tool prompts you to import the encrypted key manually using a key f ile.
To generate the key f ile, see Generate and export keyfiles for the Encryption Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was created when the key f ile was generated and then click Next.
12. On the Enter Service Credentials page, enter the User Name and Password for the web service's service account and
then click Next. By default, the Configuration Tool displays the default user name of the web service you are upgrading.
13. On the Summary page, review the settings that will be reconfigured and click Next. The Configuration Tool restores and
upgrades the IIS site for the web service, imports the Encryption Service key, and displays progress.
14. When the reconfiguration is complete, click Finish and then click Exit.
When running the Setup and Configuration Tools, use the following information to specify the web service you want toupgrade and the location of its configuration console:
Web service nameWeb service name Conf igurat ion console locat ionConf igurat ion console locat ion
The following command upgrades the Citrix web service.CortexSetupConsole.exe /Upgrade:CitrixThe following command reconfigures the Citrix web service.install-location\Services\CitrixWS\Configuration\CitrixServiceConfigConsole.exe /UpgradeAfter upgrading all web services, continue the upgrade process by upgrading the Reporting service and data warehouse. For
more information, refer to the topic Upgrade the Reporting service.
Updated: 2014-08-15Migrating the data warehouse uses the public API of the Data Warehouse service and a Data Transfer configuration file to
update the required schema in the OLMReporting database and reprocess historical data. This process might run for an
extended period of time due to data reprocessing. You can monitor this process through the Data Warehouse logs located
at %PROGRAMDATA%\Citrix\CloudPortal Services Manager Setup\Logs\Data Warehouse Migration\timestamp.log.
Additionally, the %PROGRAMFILES%\Citrix\Cortex\Data Warehouse Service\log folder contains logs of errors that occur
while upgrading the OLMReporting database schema and data to the Version 11.5 format.
To initiate the upgrade, you can use the CloudPortal Services Manager graphical interface or the command line.Important: The user initiating the upgrade must be logged on as a domain administrator.When you upgrade the Reporting service, the Configuration Tool performs the following tasks:1. Back up the CloudPortal Services Manager 11 config.xml f ile, report definitions, and data sources.
2. Upgrade product f iles for the Reporting service.
3. Finalize the upgrade.
After the DataWarehouseMigrator.exe utility is f inished running, you manually restore any reporting customizations. Forexample:1. Redeploy any custom views or stored procedures to accommodate schema changes.
2. Migrate any custom commands in the Version 11 config.xml f ile to the Version 11.5 config.xml f ile to accommodate
schema changes.
3. Redeploy any report definition customizations.
For instructions to upgrade the Reporting service, see Upgrade the Reporting service using the graphical interface or
Updated: 2014-08-29Upgrading the Reporting service involves backing up the config.xml file, RDL files, and data sources. The config.xml file is located at %PROGRAMFILES%\Citrix\Cortex\Data Warehouse\Data
Warehouse Service\config\config.xml. You can find the RDL files and data sources through the Report Manager web site for SQL Server Reporting Services. I f t he report ing definit ions and dat aIf t he report ing definit ions and dat a
sources have been moved t o anot her locat ion, you must back up t hese component s manually .sources have been moved t o anot her locat ion, you must back up t hese component s manually .
The user performing the upgrade must be logged on as a domain administrator.
1. From the installation media, double-click setup.exe and click Get Started.
2. On the Select Deployment Task page, select Upgrade Existing Deployment.
3. On the Upgrade Existing Deployment page, select Upgrade Roles and Services. The Setup Tool verif ies the database version. If the correct database version is not detected, the Setup Tool
prompts you to manually verify the version and click Next.
4. When prompted, accept the End User Licensing Agreement and then click Next.
5. On the Select Components page, select Reporting. By default, installed components for which upgrades are available are selected.
6. On the Review Prerequisites page, the Configuration Tool displays the required software that will be installed to support the upgraded component. Click Next.
7. On the Ready to upgrade page, click Upgrade. The Setup Tool installs the Configuration Tool, upgrades the selected components, and displays progress.
8. On the Upgrade Complete page, click Finish.
9. From the Upgrade Existing Deployment page, select Re-configure Upgraded Roles and Services.
10. On the Re-configure Upgraded Components page, click Finish Upgrade. The Configuration Tool attempts to contact the Encryption Service and retrieve the encrypted key. If the Encryption Service
cannot be contacted, the Configuration Tool prompts you to import the encrypted key manually using a key f ile. To generate the key f ile, see Generate and export keyfiles for the Encryption
Service.
11. If required, import the Encryption Service key f ile:
1. In Key File Path, click Browse and locate the key f ile you generated from the Encryption Service web site.
2. In Password, enter the password that was created when the key f ile was generated. Click Next.
12. On the Preview Service Package page, review the service components that will be imported when the Reporting service is reconfigured. By default, only the Reporting service components are
selected. Other components, such as roles and assemblies, are imported when the Web server role is configured. Click Next.
13. On the Summary page, click Commit.
14. When the reconfiguration is complete, click Finish.
1. Open a command line window and navigate to the CortexSetup directory on the Services Manager installation media.
2. At the command prompt, enter CortexSetup.exe /Upgrade:Reporting. The Setup Tool upgrades the Reporting service and returns the command prompt.
3. At the command prompt, enter CortexConfigConsole.exe /Upgrade:Reporting and specify the following properties:
Propert yPropert y Descript ionDescript ion
/OlmPassword The password for the OLM database.
/OlmReportingPassword The password for the OLMReporting database.
/DwsUserName The user name for the data warehouse service account.
/DwsPassword The password for the data warehouse service account.
/AutoCreateDwsUser:True|False Optional. Create the data warehouse user account. Default = True
/DwsServer:hostname Optional. The hostname of the server hosting the data warehouse. Default = the name of the local computer
/DwsPort:port Optional. Inbound port to be used with the data warehouse. Default = 8095
/PackageFolder:path-to-service-packages Optional. The location of the Services folder on the Services Manager installation media, which contains the service packages.
/IgnoreErrors:True|False Optional. Whether or not to ignore service import errors. Default = True
/PurgeAgeInMonths Optional. The number of months after which older historical data is deleted. For example, specify 84 to delete data that is older than seven years.
The following command reconfigures the Reporting service and migrates the data warehouse.CortexConfigConsole.exe /Upgrade:Reporting /OlmPassword:password /OlmReportingPassword:password /DwsUserName:user-name /DwsPassword:password /IgnoreErrors:False
Updated: 2013-02-12A common task for a service provider or reseller to perform after logging on to the Services Manager control panel is tocreate a customer. A customer is a container that can consist of :
Hosted services that can be configured and made available (that is, provisioned) to the customer's users
A customer administrator who can create and manage users, and provision services to them
Users who access one or more services with which they have been provisioned
Additional customers (known as resellers) who, in turn, can create and manage customers and users of their own, and
provision services to them
To create a reseller, the service provider provisions a customer with the Reseller service. Resellers can, in turn, create their
own customers and enable them to be resellers as well. Service providers have access to advanced system configuration
functions, such as service configuration, which resellers do not.
As you create a customer through the control panel, you specify the customer location (that is, the hosted domain), its
Active Directory organizational structure (optionally), and any advanced properties. Advanced properties can include
password expiry rules, additional organizational structure, and service security roles. You can select one or more security
roles to enable the customer to administer available services. As a final step, the Provisioning engine creates an organization
structure and security groups in Active Directory for the defined customer.
Creating a customer consists of these initial steps:1. Create a new customer by selecting Customers > New Customer from the Services Manager menu bar.
You can quickly create a customer with minimal details: name, email contact information, and a domain name. Services
Manager assigns a default set of restricted and allowed security roles in this case. Alternately, you can add more detailed
information and choose roles for the customer and any inherited customers and users.
2. Create a customer administrator user to manage users and administer services in the customer's organization.
After creating a customer, Services Manager automatically prompts you to create an administrator user. You can cancel
this operation, but this first user created for a customer is always an administrator user.
3. Provision available services to a customer, an action performed by a service provider or reseller.
4. Create users to whom services are later provisioned, an action performed by a customer administrator.
5. Provision services to users, an action performed by the customer administrator.
Updated: 2013-02-12You can create users in the following ways:
Create a new user with the New User Wizard
Import many users by using the Bulk User Import feature, with user information defined in a Microsoft Excel spreadsheet
Move users from one customer to another customer
Creating a user through the Services Manager control panel consists of these initial steps:1. Create a new user by clicking Users > New User from the Services Manager menu bar. You can quickly create a user with a
minimum of information: name, user name and password, and display name.
Updated: 2013-02-12You can import new or edit existing users in a customer hierarchy by using the Bulk User Import feature. This featureenables you to create new or modify existing multiple users as specif ied in a Microsoft Excel 97-2003 format workbook(.xls). You can download a new blank template or a workbook populated with existing user information from the portal. Ineither scenario, you perform the following actions:
Download the appropriate template
Create new or edit existing users
Upload the template to the portal
Select users to add or update
Provision services to the users and then provision the users
After uploading the template, Services Manager gives you the opportunity to perform the following actions:Resend the f ile process request to upload the template again
Import the users from the template you uploaded
Download the template you uploaded
Cancel the bulk user import process
Delete the f ile from the imported f ile list
Bulk User Import Template Settings describes the template's workbook headings and settings.
Consider the following when you create or edit a Bulk User Import template:Do not rename the column headings in the templates.
Do not leave blank rows between users.
The templates do not support provisioning new services to users. You must provision services to users through the
Services Manager by using the User Functions or Multi User Selection features.
To download a template
1. Click Users > Bulk User Import.
2. Click one of the following options, then click Save when prompted to save a copy of the template on your PC:
Click New Users Template to download a blank workbook template with column headings.
Click Existing Users Template to download a workbook with column headings and cells populated with user data.
Click Generate Template to create a new template with column headings and cells populated with current user data.
When the workbook template is ready, click Existing Users Template to download it.
Note: This selection exists depending on how Services Manager was installed. The workbook is not generated
immediately. The speed at which the workbook is generated depends on how many users exist in the customer
hierarchy.
To import users
1. Click Users > Bulk User Import.
2. Under Upload User Import File, click Browse, navigate to your new or edited workbook, and select it.
3. Add a description for the workbook and click Upload. The Bulk Import File List displays the f ile details as the f ile is verif ied.
4. From the f ile list, click the upload date of the f ile you uploaded and, under Import File Management, click Import. The
Updated: 2013-05-11You can f ind users by using one of the following search methods:
The User Search feature available from the control panel Home page, located under User Management
The search criteria available from the Users page
Note: User search is limited to the users of a specif ic customer. Before searching for users, f ind and select the customer towhom the target users belong.
To search for users from the Home page
1. From the Services Manager menu bar, click Home and expand User Management.
2. Select a f ilter of Name, UPN, or Email.
3. In User Search, type a user name, email, or User Principal Name (UPN) and click Search.
You can use the percent (%) character as a leading wildcard to perform partial searches. For example, type %citrix to find
all users with "citrix" as part of the user name.
To search for users from the Users page
1. From the Services Manager menu bar, click Users. The Users page appears, listing all the users for the current customer.
2. To search for users alphabetically:
1. Expand Filter Fields and select one of the following criteria:
User ID
UPN
Firstname
Surname
Location
Department
2. Click the letter with which the selected criteria begins.
For example, to f ind users with UPNs beginning with F, you select UPN and then click the letter F.
3. To search for users using several different criteria:
1. Expand Advanced Search and enter any of the following information:
In User ID, UPN, First Name, Surname, or Email, type at least one letter in any of these f ields to f ind users whose
information begins with the letter or letters.
In Role, select a security role from the drop-down list. For example, select User Administrator to f ind users assigned
the User Administrator role.
Under User Types, select Standard to f ind a customer's user. Select Template to f ind any user templates in the
Services Manager. Typically, a template user is the defined user template you can download for Create multiple
users with Bulk User Import.
2. Under Service Filter, enter any of the following information:
In Service, select a service from the drop-down list. Only services that are currently provisioned to the customer
appear in this f ield.
In Access Level, select a user plan, if applicable.
In Status, select the service provisioning status for the users you want to f ind.
3. Under Account Status, select Yes or No to f ind users according to the associated account status. By default, Ignore is
selected to prevent the account status options from being considered in searching.
Updated: 2013-02-12You can move a user from one customer to another customer, migrating the user information and provisioned services tothe new customer, with the following conditions:
Both customers must belong to the same Services Manager location (that is, Active Directory domain).
Provisioned services that will transfer with the user are limited to Hosted Exchange and Office Communications Server
(OCS). If the user is provisioned with any other service, deprovision that service before attempting the migration.
You can also make a copy of an existing user within the customer hierarchy. The copied user resides in the original user's
customer hierarchy and possesses the original user's provisioned services.
To move a user to a different customer
Ensure that you perform the following procedure as a Service Provider or Reseller administrator.
1. From the Service Manager menu bar, select Users > Configuration > User Move.
2. In Customer Search, type a source customer name and click Next. Services Manager returns the source customer name,
if found.
3. In User Search, type a user name and click Next. Services Manager returns the user name, if found.
4. In Customer Search, type a destination customer name and click Next. Services Manager returns the customer name, if
found, and displays the User Mapping table to enable you to change the moving user's new UPN and email address.
5. Accept or edit the defaults and click Next.
6. Click Finish to move the user.
When complete, Services Manager prompts you to review the customer and user. Citrix recommends that you review both
and edit each as required. To move another user, click Move another user to a new customer.
To copy a user in the same customer hierarchy
Ensure that you perform the following procedure as a user administrator, at a minimum.
When performing this procedure, consider the following items:Some services might appear in the User Services dialog box with a blue provisioning status. Blue indicates that the user's
services require additional configuration. After configuring the service, manually provision it.
When the Hosted Exchange service is provisioned to the copied user, the default primary email address is the new copied
user's address.
If populated, the Title and Web Page f ields in Additional User Properties are copied to the new user.
1. Click Users to display all users for a customer, then click a user to access the User Functions dialog box.
2. Click Copy User. The Create User page appears.
3. Enter user details and password for the new user and configure account settings as described in Create users and
configure account settings.
4. Click Copy Services and clear the check boxes for any provisioned services you do not want to be copied to the new user.
5. Click Provision. The Provision Services page displays all provisioned and unprovisioned services.
6. Provision any additional services from the list to the copied user.
7. Click Provision for each service you want to provision to the user. The copied user is now created and provisioned in the
Updated: 2013-02-12Each user can be assigned a specif ic security role in the Services Manager control panel. A security role provides a user withselected access permissions in the Services Manager. The following roles are the standard or default administrator rolesavailable when creating or editing a user.
SecurityRole
Description
Customeradministrator
The f irst user created by default after creating a customer inherits this role. The customeradministrator can create, provision, and edit users, then provision users to services. This role can alsomanage services provisioned to the customer. This role includes all permissions of the user and serviceadministrator.
Partial useradministrator
This role can reset passwords for a customer's user.
Useradministrator
This role can create, provision, and edit users for a customer.
Serviceadministrator
This role can manage services provisioned to the customer. It can access any editable administrationinterface associated with a service.
User andserviceadministrator
This role is identical to the customer administrator. Assign this role to a user when you require morethan one customer administrator user in your organization or hierarchy.
Services Manager also includes three security roles to enable end-users (that is, consumers of customer services) to managetheir accounts and provisioned services. These roles are disabled by default and need to be enabled and provisioned to thetop-level customer by a service provider or reseller administrator before they can be provisioned to a user account. Onceprovisioned, users can manage their accounts through My Account, available from the Services Manager menu bar afterlogon.
Security Role Description
My AccountManagement
Enables the end user to change the user information details, account password, and manageemail addresses associated with the user account.
My ServicesManagement
Enables the end user to select, edit, and re-provision the services provisioned to the end useraccount.
My Account & ServicesManagement
Combines the above management capabilities in a single role.
To enable and provision user security roles
Ensure that you are logged on to the Services Manager as a customer administrator user to perform these steps.
Updated: 2013-05-13Impersonating a user allows you to see what the user can access and view within the Services Manager control panel. Youcan do this, for example, when troubleshooting a system problem that a user is experiencing. To impersonate a user, youmust have the User Administrator security role assigned to you.While you are impersonating a user, you cannot impersonate another user, even if the user you are impersonating has the
User Administrator security role assigned.
1. From the Services Manager menu bar, select Customers.
2. Select the customer whose user you want to impersonate and then, under Customer Functions, click Users.
3. Select the user you want to impersonate and then, under User Functions, click Impersonate. The impersonation takes
immediate effect and the top of the control panel page indicates you are impersonating the selected user. The control
panel displays all the menus and functions that are allowed for the selected user.
4. To return to your own user account, click your username near the top of the control panel. The control panel displays
Manage user password expiration email notificationsand reports
Jun 05, 2015
Updated: 2013-02-12Services Manager enables a customer administrator to configure, enable, and report on user password expiry andnotif ication. As described in Create users and configure account settings, you can allow passwords in user accounts toexpire. Creating and configuring password expiration email notif ication is the f irst step of a two-step process: f irst create amessage, then enable the message to be sent. To do this, you perform the following tasks:
Create and configure a password expiration email notif ication to all users within a customer hierarchy.
Enable the password expiration notif ication email.
Generate a user email expiry report to be sent to a customer administrator.
Note: The Password Expiry date is set by the service provider or domain administrator for the domain's Group Policy.
To create and configure a password expiration email notification to users
If you intend to include a file attachment with the notification, upload the file before creating the new notification
message.
1. From the Services Manager menu bar, click Customers > Configuration > Email Notif ication.
2. (Optional) If you intend to include a f ile attachment with the notif ication, click Attachments and then select and upload
the f ile you want to include. To return to the email notif ication page, click Notif ication.
3. Under Create Messages, select the following options:
In Event, select User Password Expiry.
In Recipient, User.
In Customer Type, select Full Customer.
4. Click New Message. The Email Content dialog box appears.
5. Configure the following email notif ication settings and then click Save:
Under Settings, select the status, frequency, modif ication settings for the notif ication. By default, notif ications have
an Enabled status and are sent once.
Under Recipients, select one of the following f ilters by which to search for or select recipients and then click Add:
Select Custom and, in E-mail, type a common email pattern or customized email address. For example, the common
email pattern {UserExternalEmail} sends email to the address specif ied in the user's External Email Address property.
Select User or Customer and, in Search, type a name or search by specifying a partial name prepended with the
percent (%) character.
Select Role and choose a role from the drop-down list. All users provisioned with that role will receive a notif ication
email.
Select Reseller Role and choose a role from the drop-down list. All users provisioned with that role will receive a
notif ication email.
In From Address and From Display, type the reply-to address and a display name of the email sender.
Under Message, perform the following actions:
In Language, select a language from the drop-down list.
In Subject, type a subject for the notif ication.
(Optional) In Attachments, select a f ile that you uploaded using the Attachments feature.
In the message box, type the text of your message.
Updated: 2013-05-11A security role is a set of permissions that defines customer, administrator, and user access to specific tasks in the services
manager. For example, the first or default user created for a customer is a customer administrator. The customer
administrator is automatically assigned the Customer Administrator security role (and can also be assigned other security
roles). The customer administrator can then assign one or more security roles to users in the customer hierarchy. A security
role can also consist of multiple security roles; for example, the My Account and Services Management role consists of the
My Account Management and My Services Management roles.
Services Manager includes a default set of security roles. A service provider can manage security roles associated with:Customer, user, and service tasks
User services
Reports and reporting
Dialog boxes, menus, or pages in the control panel
This topic lists the default security roles available and describes how to:Create or copy security roles
Export and import security roles, enabling you to design, test, and configure a customized role before implementing it in a
Role Permissions: Customers, Services, User Services,Users
Jun 05, 2015
Updated: 2013-05-11This topic describes the settings used for defining a security role's access to customers, services, and users in the control
panel. These settings appear in the Role Permissions section of the Role Management screen. To access the Role
Management screen, select Configuration > Security > Security Roles and then create or select the security role you want
to configure.
For information about role settings for accessing menus, pages, and reports, see Role Permissions: Menus, Pages, Reports.
On the Customer, Services, User Services, and Users tabs, you can expand certain permissions and apply more detailed
permissions. For example, on the Customers tab, you can expand the Read permission and select additional permissions such
as Name, Contact Detail, and Billing Identifier. On the Services and User Services tabs only, you can use the Filter drop-down
list to apply selected permissions to a specific service or to all services in your deployment.
You set permissions for each function by clicking the Access selector next to the function. The Access selector changes todenote one of the following permission levels:
AccessType
Accessselectorsymbol
Access description
Noneselected
No access to the function.
Customer The function is permitted for the selected customer. For example, the User Services permissionsof Read, Update, and Provision for the My Services Management security role are set asCustomer. This setting indicates that the administrator user with the My Services Managementrole can perform that function on its customer only.
SubCustomer
The function is permitted for the subcustomer of the selected customer. For example, if theUser Services permissions of Read, Update, and Provision for a security role are set as SubCustomer, users with this role can perform the function on the customer's subcustomer (butnot on the customer).
Customerand SubCustomer
The function is permitted for the selected customer and related subcustomer(s). For example, ifthe User Services permissions of Read, Update, and Provision for a security role are set toCustomer and Sub Customer, users with this role can perform the function on the customerand its subcustomer(s).
After you finish modifying the security role, click Save.
Permission reference
Available Function Customers Services User Services Users
Updated: 2013-05-11This topic describes the settings used for defining a security role's access to menus, pages, and reports in the control panel.
These settings appear in the Role Permissions section of the Role Management screen. To access the RoleManagement screen, select Configuration > Security > Security Roles and then create or select the security role you
want to configure.
For information about role settings for accessing customers, services, and users, see Role Permissions: Customers, Services,
User Services, Users.
To permit a security role to access specific menus, pages, or reports, you select the appropriate check box. To deny access,
clear the appropriate check box.
NoteWhen granting access to submenus, you must also enable access to all parent menus. If you do not enable access to the parent
menus, the submenu item is not visible to applicable users when they are logged on to the control panel. For example, if you enable
access to the Customer Brand submenu item, but do not enable access to Customers, Configuration, and Branding, the
Customer Brand menu item does not appear in the menu bar to applicable users.
After you have finished modifying the security role, click Save.
Menu reference
Top-level Menu Second-level Submenus Third-level Submenus Fourth-levelSubmenus
Updated: 2013-03-04During the course of business, resellers or customers might need to change services that are provisioned, the number of
provisioned users, or the level at which a service is provisioned. These changes affect the pricing and billing of services, so
service providers, resellers, and customers need a mechanism for managing these requests in a timely manner.
Using Workflow Approval, you can approve or reject provisioning requests such as deprovisioning a service from a customer,
updating user details, or adding users to an existing service. Approvers can be managers in an organization or members of a
group that is notified whenever a specific type of request is made. All requests move through an approval chain before they
are enacted in the system.
Enabling and disabling workflow approvals
Workflow Approval is not enabled by default in Services Manager. You can enable this feature through the Feature Setup
menu item (Configuration > System Manager > Workflow Setup). Only Service Provider Administrators can enable workflow
approvals and customize notification messages by default. After this feature is enabled, users logging on to the control
panel see the Workflow menu bar item which enables them to view provisioning requests. Additionally, you can configure
approval requirements and create approval chains.
When Workflow Approval is enabled, the following events occur:All users are assigned the Workflow Approval User security role and can view approval requests and responses.
The Workflow Approval Administrator security role is available for assigning to appropriate users.
The My Account Management, My Services Management, and My Account and Service Management security roles are
enabled for all customers. These roles allow users to modify their own account or provision services to themselves which
can be approved by managers or groups you define.
For Service Provider Administrators, a Workflow Approval preview link appears on the Customer Details, User Details,
customer service, and user service pages. When clicked, this link displays a preview of the approval notif ication message
that will be sent when information on these pages is modif ied.
When Workflow Approval is disabled, the following events occur:The Workflow Approval Administrator and Workflow Approval User security roles are disabled for all customers and users.
Workflow Approval role membership is removed from other security roles in which it was included.
For Service Provider Administrators, the Workflow Approval preview link is removed from all control panel pages.
The Bypass workflow approval role permission is enabled for the Authenticated Users security role and applies to all
control panel items governing customers, users, and services. This disables workflow approvals for all customers.
Workflow approval security roles
When enabling workflow approval, you can also enable security roles that allow users to modify their own account orprovision services to themselves without additional approval. When these security roles are enabled for selected users,those users can log on to the control panel and perform the following tasks:
The My Account Management security role allows users to modify their own User Details page. Clicking My Account >
Personal Details displays the User Functions dialog box, enabling the user to click Edit User and make changes to the User
Details page.
The My Services Management security role allows users to manage their own service provisioning. Clicking My Account >
Services displays the User Services page for the logged in user. From this page, the user can provision available services,
When the Workflow Approval feature is enabled, all users can view approval requests and responses. However, onlyWorkflow Approval Administrators can view the current status of approvals.
To view approval requests
Use this procedure to view approval requests that you have generated.
1. From the Services Manager menu bar, select Workflow > Approval Requests.
2. In Filter, select the response status of requests you want to view (for example, Pending, Accepted, and so on).
The Approval Request page displays the requests you selected.
To view approval responses
1. From the Services Manager menu bar, select Workflow > Approval Responses.
2. In Filter, select the response status of requests you want to view (for example, Pending, Accepted, and so on).
3. Select whether you want to view responses to requests you generated or to all requests in the system.
The Approval Response page displays the requests you selected.
To view the status of approval requests
1. From the Services Manager menu bar, select Workflow > Approval Status.
2. In Status, select the status of requests you want to view (for example, Pending, Accepted, and so on).
3. To refine your search by date, select Request Date or Resolved Date and then select the appropriate date.
The Approval Status page displays the requests you selected.
Updated: 2013-03-04The Workflow Approval feature includes a set of XSL templates that are used to create the notification emails that are
sent when approval requests are generated. Service Provider Administrators can customize these templates according to
their needs or create new templates for specific services.
Notification emails are composed of the Header and Footer template and an Email Content template. The Header and
Footer template defines the overall look and feel of all notification messages. Email Content templates define the text
used for specific actions and services.
Services Manager includes Email Content templates for the following actions:Provisioning and deprovisioning customers or users
Provisioning and deprovisioning services for a customer or user
Provisioning the DNS service for a customer
Provisioning the Reseller service for a customer
Each Email Content template includes text for approval requests and approval responses.
After you customize a template, you can preview your changes by clicking the Workflow Approval preview link located on
the Customer Details, User Details, customer services, and user services pages.
To customize an existing workflow notification template
1. From the Services Manager menu bar, select Workflow > Configuration > Approval Emails.
2. From the template list, click the template you want to customize. The XSL editor page appears.
3. If you are customizing an Email Content template, click the Request or Response tab to select the content you want to
customize.
4. Make the appropriate changes using well-formed XSL tags.
5. Click Save.
To create a new Email Content template
You can create new Email Content templates for notif ications about customer and user actions or about specif ic servicesin your deployment.Note: If you attempt to create a new template for an action or service that already exists in the template list, a newtemplate is not created and the existing template is not overwritten. Instead, the existing template opens so you cancustomize it.1. From the Services Manager menu bar, select Workflow > Configuration > Approval Emails.
2. Under Create Notif ications, perform the following actions:
1. In Category, select the type of notif ication you want to create. For example, select User Service for notif ications
about a user's access to a service.
2. In Event, select the action about which you want to notify approvers.
3. In Service, select the service for which you want to create the notif ication. This f ield is available when you select the
Customer Service or User Service categories.
4. Click New Message. An empty XSL editor page appears.
3. Click the Request or Response tab to select the type of content you want to insert. For example, click the Request tab
to add text for an approval request notif ication.
This release has updated for the Distributor Summary Report. Now it can show the service usage by specifying the start
and end time, and more services are supported.
Report for Service report displays the usage count of service for all locations by services.
Report for Customer report displays the usage count of service for all locations by customers.
Services unit redef inition different SKUs for SharePoint, Skype for Business, Hosted Exchange services are merged into
one. And also support the new services like Microsoft ADFS, File Sharing and Office 365.
Paid and Free count newly added f ield to indicate the customer is paid or free.
Reporting for Services Manager delivers usage and billing reports to your customers and application vendors. It includes
standard reports to support standard provisioned services and a data warehouse. The Reporting service communicates
directly with the SQL Server Reporting Services web service.
The View Reports page of the control panel (Reports > View Reports) displays the reports available for each service as wellas billing reports. The service reports include the following report types:
Customer reports list users provisioned with the service at the customer level.
Plan reports list user counts grouped by the service's plans, at the reseller level.
Depending on the service, Reseller reports list varied information at the reseller level. For some services, this information is
limited to customers and users provisioned with the service. For other services, this information includes items such as
usage limits, f ile transfers and instant messages, memory and disk usage, or f ile counts.
Services Manager includes the following billing reports:Customer Detail displays the billing detail for services at the customer level.
Distributor Summary displays usage data for reporting to the CSP distributor.
Reseller Detail displays the billing detail for services at the reseller level.
To generate a report, click a report link on the View Reports page. A separate window appears, displaying the report. After
you generate a report, you can export it in several formats, including XML, CSV, and Excel. You can also customize the
parameters of the report, including starting and ending dates and whether or not to include certain types of records. After
you modify the parameters, click Generate to regenerate the report.
To generate reporting views
Reporting views are used as a source for data transferred to the data warehouse. When you generate reporting views,
issues related to missing source views during data transfer are described in error messages to help you with troubleshooting.
1. From the Services Manager menu bar, click Reports > Configuration > Data Warehouse.
2. Under Refresh, click Refresh report views from reporting services.