Use PowerShell to get the Citrix Configuration Log as well as Old and New Property Values

This is a quick tip to show you how to get the Citrix Configuration Log, plus all the old and new property values, and convert this all to JSON.

Here is a quick tip for you. I had a need to get the Citrix Configuration Log, so I dropped into PowerShell and ran Get-CtxConfigurationLogReport. That is all good and well, but you do not get all the old and new values of the changed properties. However, converting this output to JSON will do just what I want. Plus, converting to JSON is better for me anyway as I want to push this stuff over to Splunk to do some analytics. Here is what you need to do:

Step 1 – Create your UDL file to connect to the database

Add-Content C:\conflog.udl –Value $null; Start-Process C:\conflog.udl

This will prompt you for your SQL credentials. You can use Windows integrated security if you like, but I’m saving my creds for later use outside of my interactive PowerShell session later.

Citrix Config Log UDL


Step 2 – Get the things

# Load the Citrix Common Commands Snapin
Get-PSSnapin -Registered "Citrix.Common.Commands" | Add-PSSnapin

# Get the configuration log and convert to JSON
Get-CtxConfigurationLogReport -DataLinkPath C:\conflog.udl | ConvertTo-Json -Depth 10


Here is some sample output (notice the property old and new values)

    "EntryId":  "3_0_3",
    "Date":  "\/Date(1443804400000)\/",
    "Account":  "LAB\\administrator",
    "TaskType":  2,
    "ItemType":  0,
    "ItemName":  "Calc",
    "Description":  "Published application Calc was modified.",
    "Details":  [
                        "PropertyName":  "Application Description",
                        "OldValue":  "Calculator",
                        "NewValue":  "Calculator 123"
    "References":  [

Note, this requires PowerShell 3.0

Here is a Gist as well ->


Using Proximity to Start an Octoblu Workflow

This is the second part of the IoT workspace demo. This time, we will use proximity to kick off an Octoblu workflow without an iBeacon – mainly because this was a last minute add to the demo 😉

A Poor Man’s iBeacon

a.k.a. I needed a quick solution for proximity without an iBeacon

During the Citrix Geek Speak demo I previously blogged about, we needed a way to kick off everything.  Steve and I discussed a few different ways of doing this, but we landed on using proximity – meaning when Steve walked over to the IoT workspace with a particular device, everything would light up and we would be off to the races.  The correct way to do this would be an iBeacon, but this was a last minute decision and we didn’t have one.  So, we used bluetooth paring on a laptop.  The rest of this article explains that part in detail.

Proximity with a Laptop

My first thought was to write some code to accomplish starting an Octoblu workflow using bluetooth proximity.  There are some examples out there for the pieces I needed for this (bluetooth pairing, bluetooth signal strength, curl, etc.).  But then I thought that there might be something already written.  Sure enough, I found 2 solutions (for Mac) – EventScripts and Bluetooth Proximity Tasker.  EventScripts was more robust and felt more polished, but I ended up using Bluetooth Proximity Tasker for the simple fact that I could control exactly how strong of a bluetooth signal I needed to start/stop an action.  This was important as I didn’t know ahead of time what the signal strength would be like on stage at Geek Speak Tonight (especially once the room filled up with fellow Geeks).

Bluetooth Proximity Tasker

As you can see in the screenshot above, there is a slider that lets me choose the signal strength.  The green bar you see above the slider is my actual signal strength.  So, I would walk around to see what my actual strength was and set the slider appropriately.

AppleScript Kicks off the Flow

So now that we have have the bluetooth strength thing worked out, all we need is a script to kick off the Octoblu flow.  Recall from my previous post that all triggers in Octoblu have a HTTP POST URL.  I just used this URL and curl to work the magic.  Here is the script:

  say "eye oh tee, work space. activated"
  set theURL to "[your trigger URL]"
  do shell script "curl -X POST " & quoted form of theURL

The first line is a quasi-phonetic pronunciation for “IoT Workspace Activated”.  That is about as close as I could get using AppleScript.  The next two lines actually kick off the Octoblu IoT workspace in a green state.


So, there you have it.  That is pretty much the complete IoT Workspace demo from my side of the desk.  Octoblu is a lot of fun and I’m experimenting with other ways of using this software for business, home automation, and just plain fun (like Legos).  Go experiment yourself and have fun!



Trigger an Octoblu IoT Flow from Splunk

Octoblu does some incredible stuff with physical things driven by software. Steve Greenberg and I did a demo during Geek Speak Tonight at Citrix Synergy triggering physical devices via a Splunk search. This article goes into some of the Splunk details.

An alternate title to this article might be “How Steve Greenberg and I Pulled off the Robo-Kitty Monitor Alerts at Citrix Synergy Geek Speak Tonight”.

In case you missed it, here it is below:


The Demo Scenario

Anyway, Octoblu does some incredible stuff with physical things driven by software. In the demo that Steve and I did, Steve set up an actual desk with various IoT devices on it.  We will call this the “IoT Workspace”.  The IoT Workspace had a digital picture frame, lights that can change color, a mini file cabinet (that held business cards), a maneki-neko (a.k.a. lucky cat) with several hacked features, a smoke machine, and more.  We started the IoT Workspace using proximity (look for another article about how we did that soon). Then, I had a Splunk instance monitoring a Citrix stack including network, XenApp, hypervisors (XenServer, Hyper-V, and VMware), physical hardware (in this case Cisco UCS), shared storage, NetScaler, etc. At the beginning of the demonstration, the environment was all-good so everything glowed green, the Robo-Kitty was happy, and the picture frame on the desk showed an array of our favorite pictures (see below):

IoT Workspace
IoT Workspace
Splunk Octoblu Green
Splunk Dashboard (All Good)


Then, the ICA Round Trip Time started to go up. Nothing terrible, but we used that as an indicator that our users might start seeing some lag in their sessions. This is where Splunk fired the first Octoblu trigger to go to a “yellow” state. The picture frame showed a worried Minion, lights turned yellow, and Robo-Kitty’s eyes turned yellow and started to swivel.

Next, Splunk showed problems with the XenApp servers and hypervisors in addition to the ICA Round Trip Time. So, Splunk triggered a “red” state. The Minion in the picture frame looked more worried, lights turned red, and Robo-Kitty’s eyes turned red and around faster.

Finally, the entire stack went to pot. The write latency on the storage array went through the roof, the hypervisors were not happy, the XenApp server resources were scarce, the ICA Round Trip Time was off the chart. Splunk triggered the “defcon red” state. Robo-Kitty shot lasers out of its chest, the storage cabinet on the IoT Workspace started to rattle, smoke was coming out of the desk. The culprit ended up being a write controller issue on the shared storage.  Once everything was fixed, Splunk triggered the “green” state again.


How it Works

Steve did all the physical work building the IoT Workspace by hooking up Raspberry Pi, Gateblu, servos, lights, etc. Check out his article for more info -> Steve also built the Octoblu flows to make all that stuff work.

I hooked up the Octoblu triggers in Splunk to kick off all these connected devices. A trigger generally initiates Octoblu flows. These triggers have HTTP POST URLs that can be used to remotely initiate the flows (see screen shot). This is how I had Splunk act upon the data seen in the Citrix stack.

Octoblu Trigger



I ran a Splunk real-time search and triggered a Python script that initiated the HTTP POST with data from the Splunk search to Octoblu when certain conditions happened. For example, if the ICA Round Trip Time exceeds 30ms and is less than 60ms, trigger a yellow alert condition. Here is the Splunk search:

sourcetype=ICA:RTT ICARTT > 30 ICARTT < 60 | eval url="<HTTP POST URL for the Octoblu trigger>" | eval alert_level="Yellow"

If you are interested, I have the entire Splunk/Octoblu example I used uploaded to GitHub. You can also download and use Splunk for free.  There is a data generator built in there as well that will let you trigger different conditions like I did in the demo.

The magic happens in the saved search and a python scripted named  The saved search contains the HTTP POST url and the condition.  The python script takes those parameters from the search and sends it over to Octoblu.  If you want to play around with this on your own system, be sure to edit the saved search by opening the Octoblu app in Splunk and clicking Settings -> Searches, reports, and alerts:

Splunk Octoblu Search SettingsClick on the example alert and change the URL to your Octoblu trigger URL.


Anyway, there you go. It may look kind of complicated at first, but really it is quite easy to trigger any Octoblu workflow given a variety of trigger situations.



Citrix Synergy 2015 Day 2 Keynote Live Blog

The day 2 keynote this year is focused on things that are yet to come.  Traditionally, the first day keynote intermingled the “what’s available now” stuff with the “what’s coming in the next 6, 12, 18, n” months.  By breaking these things up into 2 days, it is a little more clear that what is shown today isn’t readily available, but is more of the direction of Citrix. Continue reading “Citrix Synergy 2015 Day 2 Keynote Live Blog”

Citrix Synergy 2015 Day 1 Keynote Live Blog

Here we are again at Citrix Synergy. I will be live blogging the keynote here. Content will scroll up as I post it. Also, you can follow me on Twitter (@JasonConger) for updates.

Here we are again at Citrix Synergy. I will be live blogging the keynote here. Content will scroll up as I post it. Also, you can follow me on Twitter (@JasonConger) for updates. Continue reading “Citrix Synergy 2015 Day 1 Keynote Live Blog”

Mobile Application Development Theorems

Mobility is so ubiquitous that it is almost not even a separate thing anymore. I have had some experience building mobile apps and wanted to ponder some self-proclaimed theorems which are outlined in this article.

Mobility is so ubiquitous that it is almost not even a separate thing anymore. This creates a challenge for enterprises that offer BYOD mobile devices and corporate data access. How do you enable the mobile workforce with enterprise applications? One way is to roll your own mobile application to get the necessary data into the mobile user’s hands. I have had some experience with this and wanted to ponder some self-proclaimed theorems which are outlined below.

Theorem #1

Mobile applications developed for native devices with native code are superior.

The following is an example of what you might need to build native mobile applications for various mobile devices:

Platform Development Framework Language IDE
iOS iOS SDK Objective-C Cocoa, Xcode
Android Android SDK, Android NDK Java, C/C++ Eclipse, NetBeans, IntelliJ IDEA
Windows Phone .NET C# and others Visual Studio
Window 8 Metro Style Apps WinRT C++ / C# / VB.NET / Javascript Visual Studio
Blackberry Java ME + Optional Packages + API extensions Java Eclipse
ChromeOS Webkit HTML / CSS / Javascript Many

Unfortunately, BYOD makes Theorem #1 hard. If you are going to go the native code route, you have to maintain a separate code base (with separate IDE’s) for all possible devices your users will bring in. There are some other frameworks that I’ll talk about in another article that help with this, but there is always a tradeoff.

Theorem #2

Apps that Look Better are Perceived to be Better.

Looks matter. Period. If you give an application to a user that has limited functionality but looks sexy, that application will be perceived as better than an application that has more functionality but is ugly. You know it’s true.

Therefore, do yourself a favor and use a framework like one of the following:

These frameworks make it easy to make it look like you know what you are doing (at lease design-wise)

Theorem #3

Inverse Proportions are Everywhere.

inverse proportions

There is always a tradeoff somewhere. Referencing the picture above, think about painting a room. I can paint a room with a paintbrush and not waste too much paint. However, to speed things up, I use a paint roller and waste more paint. Therefore, the ease/speed in which I paint a room is inversely proportional to how much paint I waste.

The same thing is true for security. If everyone in the world had a public IP address with wide open ports, things would be pretty easy if there were not bad guys/girls out here. In the real world, there are bad guys/girls out there, so we have to attempt to keep them out. The security measures can be a burden on the user. Therefore, security is inversely proportional to usability.

That last picture up there is the icon for PhoneGap. PhoneGap is one of many frameworks that attempt to make Theorem #1 easier. You can read an introduction to PhoneGap here.

There, of course, is a tradeoff. Building mobile apps with abstraction layers like PhoneGap introduce translation. You may not have access to all mobile device features immediately, there can be a performance tax, and apps will tend to be bigger. Not all mobile frameworks are created equal and I will talk about some pros and cons of different frameworks (like Xamarin, Citrix Mobile SDK for Windows Apps, Intel XDK, etc.) in a separate article.


Wrapping Up

So, there you have it. My self-proclaimed theorems for mobile app development. Agree? Disagree? Or, have something else to add? Just leave a comment below.


Citrix Workspace Services – Friend or Foe for the Citrix Service Providers (CSP)?

At Citrix Synergy this year, the “one more thing” at the end of the keynote was a new offering called Citrix Workspace Services. There was immediate debate on Twitter as to how this impacts certain market segments. This article covers ways in which Citrix Workspace Services could help or hinder the Citrix Service Provider Market.

At Citrix Synergy this year, the “one more thing” at the end of the keynote was a new offering called Citrix Workspace Services.  Brian Madden wrote an article explaining what CWS is and isn’t, but I wanted to take a look at this from a Citrix Service Provider’s perspective.

Where Citrix Workspace Services Fit

Automation and self-service are two major factors for CSPs.  Citrix Workspace Services potentially helps with both of these factors.  Since CWS isn’t a real thing yet that we can get our hands on, I’m not quite sure to what extent we can automate things.  This is important because CSPs have to automate in order to keep costs down and still maintain enough margin to remain profitable.  Automation is also key because CSPs are not merely delivering just a remote desktop; they are delivering a suite of services, apps, data, backup, etc. and Citrix is a portion of the overall offering.  Self-service is also important for CSPs because people are expensive.  The more you can offload to the tenant via self-service (which relies on automation) the less man power you need.


How Citrix Workspace Services Work

XenApp and XenDesktop environments need five basic things to work:

  1. Database
  2. License Server
  3. Controller(s)
  4. VDA(s)
  5. StoreFront

Citrix Workspace Services can move 4 out of 5 of those things to the cloud (Azure for now).  Basically, all you need is the workloads (VDAs) on your premises.  Then, you just point those VDAs to the provisioned Citrix Workspace Service instance in Azure and off you go.  Since a picture is worth a thousand words, here ya go:

Citrix Workspace Services


Does this help or hurt the CSP?

So the question is, “is Citrix Workspace Services a slap in the face to CSPs”?  I personally believe CWS could be a huge help to CSPs.  When I was the Director of Technology for Xcentric (a CSP), I would have loved to have this.  There are less moving parts for me to manage and on-boarding new clients could potentially be sped up as there is less work for the CSP to do.  Keep in mind that a lot of my opinion hinges on the automation aspects of CWS (which is still unknown at the time of this writing).  There could be some inherent risk in potential down time, but a CSP tenant is already prepared for a risk like this by the shear nature that they signed up for a hosted service the CSP provides in the first place.

On the converse, stealing a line from @Shawn Bass, CWS could potentially cause a CSP market saturation as CWS lowers the bar of entry.  You no longer need a significant capital expenditure to get started as a CSP.  I personally do not see this happening, but time will tell.


What is lacking (potentially)?

The automation question is still up in the air.  I believe Citrix will make this a solution that can be automated with APIs, but how easily CSP can hook into whatever Citrix offers could potentially hinder the CSPs workflow.

Compliance (SAS, HIPPA, PCI, etc.).  In most cases, data is still kept with the CSP, but potential identifiable information could flow from CSP to Azure and back (although this is yet to be determined).  This could be a show stopper for certain markets.

Moving from Citrix Workspace Services to on premises.  Since CWS was built using Azure services like Azure App Services, Azure Active Directory and Azure Virtual Network, it would be nearly impossible to move from CWS back to on premises.  It’s kind of like the Mob – once you’re in you’re in, and you’re not getting out.

Reporting is yet to be seen, but I sure hope Citrix builds this in for SPLA-like reporting.  All CSPs have to report to at least Microsoft and Citrix on a monthly basis about usage and pay up as you go/grow.  I used to rely on home-grown tools to do this, but it would be better to have this from the vendor.



So, I think CWS will be a major help to CSPs as long as there is a strong and extensible automation engine involved.  Could there be downtime that has nothing to do with the CSP-owned infrastructure?  Sure, but that is the nature of the business in the first place.  There are still lots of unknowns, but I’m hopeful as this just seems to make sense to me.

What do you think?



Citrix Synergy 2014 Live Blog

Citrix Synergy is back in Anaheim, California this year and I will be live-blogging the keynote. You can watch the keynote live at as well. I am sure there will be a focus on mobility, but with the release of XenDesktop and XenApp 7.5, I am excited to see Citrix getting back to the future (again).

It is time for Citrix Synergy, and I will be live-blogging the keynote. You can watch the keynote live at as well. I am sure there will be a focus on mobility, but with the release of XenDesktop and XenApp 7.5, I am excited to see Citrix getting back to the future (again). You can also follow me on Twitter for more updates throughout the conference. Continue reading “Citrix Synergy 2014 Live Blog”

From WIRM to Splunk – Translating the Past to the Present

I get to do a lot of cool things at Splunk.  One of the things I have been wanting to do is incorporate the visualizations I built a long time ago for Web Interface for Resource Manger in Splunk applications.  All of those past visualizations were built using Microsoft ASP.NET and Flash.  So, I have had to use alternate methods to accomplish what I want.


Calendar Visualization

One of the first things I tackled was the calendar visualization that shows how many users log in each day in a month.  Here is the old calendar from WIRM:

WIRM Calendar

Here is what the calendar looks like in Splunk:

Splunk Calendar

If you want to see how to use this calendar visualization in your own Splunk environment, check out my Splunk blog post.

The cool thing about having this available in Splunk is that it is reusable for various types of data including security, XenDesktop/XenApp, Microsoft Windows, Unix, etc.

Using PowerShell to Retrieve Citrix Monitor Data via OData

Starting with XenDesktop 7, Citrix stores the data the Desktop Director displays in a SQL database. Citrix opened up this data via a Monitor Service API that uses OData.  I’m not going to go deep into the details of the API as it is fairly well documented at the eDocs site.  The examples in the documentation show you how to access this data via web browser, Microsoft Excel, and LinqPad.  What I want to do in this article is show you how to use PowerShell with this API.

To start out, let’s take a look at the Citrix Monitor Service schema (click to enlarge):



Suppose we want to get all sessions as well as the all the connection/disconnections to the session.  The following URL will return the data we want in XML format.


The trick to get this working with PowerShell is to transform all this information into a nice hierarchical structure.  In the example code below, we use the Invoke-ODataTransform function to do this.

function Global:Invoke-ODataTransform ($records) {

    $propertyNames = ($records | Select -First 1) |
        Get-Member -MemberType Properties |
        Select -ExpandProperty name

    foreach($record in $records) {

        $h = @{}
        $h.ID = $record.ID
        $properties = $

        foreach($propertyName in $propertyNames) {
            $targetProperty = $properties.$propertyName
            if($targetProperty -is [System.Xml.XmlElement]) {
                $h.$propertyName = $targetProperty.'#text'
            } else {
                $h.$propertyName = $targetProperty


$connections = ""
$uri = "http://localhost/Citrix/Monitor/OData/v1/Data/Sessions?`$expand=Connections"
$connections = Invoke-ODataTransform(Invoke-RestMethod -Uri $uri -UseDefaultCredentials)

foreach($connection in $connections)
    $output = $connection | Get-Member -MemberType Properties | ForEach-Object {
        $key = $_.Name
        $value = $connection.$key
        '{0}="{1}"' -f $key,$value

    Write-Host $output