© 1999-2017 Citrix Systems, Inc. All rights reserved. p.1https://docs.citrix.com
About This Release
Jun 05, 2015
Updated: 2013-05-07The CloudPortal Services Manager is data-center installed software that enables you to host, sell, and resell hosted
applications and related infrastructure. Managed through a web browser, the control panel is a scalable environment for
service providers and resellers who provision and manage customer solutions.
Service providers can:Create their own Customers and Reseller Customers
Configure, provision, and assign Services to Customers and Resellers
Customers of Service Providers can assign provisioned Services to Users.
Reseller Customers can:Create Customers
Assign provisioned Services to Customers
Manage Users
View reports
Customers of Resellers can:Create and manage Users
Assign provisioned Services to Users
View reports
A Customer is a container that can consist of :
An Administrator who can manage Users, and provision and manage Services
Services that can be made available (that is, provisioned) to Users
Users who consume one or more Services assigned to them
Other Customers (known as Resellers or tenants) who can provision Services to Users
When you create a Customer, you specify the customer location (that is, customer domain) and any advanced properties.
Advanced properties can include password expiry rules, optional Active Directory organizational structure, and service
security roles. You can select one or more security roles to enable the customer to administer available services.
Understanding Services Manager Deployment
A CloudPortal Services Manager deployment includes the following core components (server roles) that you install andconfigure:
The Web Server hosts the control panel’s web interface and API services. The control panel is the primary user interface
for service providers, resellers and end-customer users. The customer administrator can manage the organization’s users
and associated services within the same system. Users can perform administrative and self-service tasks that have been
delegated to them. Provisioning requests are sent from the Web Server to the Provisioning Engine through a Microsoft
Message Queue.
The main system databases are the Microsoft SQL Server repositories for user, customer, and configuration information.
Several system databases are automatically created when you install and configure the server roles. The Services
Manager Reporting Service uses Microsoft SQL Server Reporting Services.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.2https://docs.citrix.com
The Provisioning Engine performs all provisioning tasks. It expedites requests from the Web Server and automates
managed services and resources.
The Directory Web Service provides the Web Server with function calls related to Active Directory, such as user
authentication, user account status inquiries, user enabling and disabling, and security group management.
The Data Warehouse performs scheduled storage of historical data from the main system database, and manages the
creation and sending of usage and billing reports.
The Report Mailer gathers anonymous usage data and emails usage reports to the Citrix license monitor. Customer and
user information is not transferred, only the number of customers and users-per-service.
Deployment begins with preparing your environment. Next, install and configure the server roles. Then install, configure, and
provision the Services Manager web services, such as Exchange, SharePoint, Virtual Machine, BlackBerry, and IIS.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.3https://docs.citrix.com
Known Issues Concerning CloudPortal ServicesManager 10.0
Jun 05, 2015
Updated: 2013-02-22To enable reseller and customer administrators to create brands:
1. Open Configuration > Security > Page Manager.
2. Change Page Type to Pages.
3. Select /CortexDotNet/Administration/Brands/EditBrand.aspx.
4. On the right pane scroll down to Security Roles.
5. Select Customer Administrator, Reseller Full Administrator, and Reseller Partial Administrator accounts so they have
permissions to create brands.
[#158610]
In an environment where the Exchange location is set to Exchange 2010 /Hosting, creating the first customer might be
unsuccessful if hosting plans have not yet been created. Before creating the first customer in this environment, ensure a
new service plan has been created. Also, ensure the hosting program, hosting offer, and hosting allocation have been
configured. [#259658]
When configuring Services Manager server roles, do not configure the databases and location together. Run the
Configuration Tool separately for the databases and the location. [#259761]
After importing a service package, to apply the changes, restart the Provisioning Engine. [#259782]
When you first configure a location using the graphical interface, you cannot specify a display name for the Customer
OU. Workaround: after the location is created, to specify the domain name, update from the control panel or install
using the command line interface. [#259793]
When you use the Configuration Tool to create the first administrator for a location, the username for that
administrator is cspadmin_TSP. [#260111]
For the Citrix Service, the Terminal services f ile server setting does not appear at the Active Directory level. Workaround:
Expand the setting at the top level and change the Hierarchy Permission from Hidden to Modify. [#260733]
When installing Services Manager, some functions for expiring demo customer accounts might not be installed
successfully. To ensure these functions are present in the Services Manager environment, schedule tasks on the
Provisioning server to run the following f iles:
DemoExpiredCustomersRequest.bat. This f ile deprovisions and deletes demo customer accounts.
DemoExpiryRequest.bat. This f ile sends a notif ication to the demo customer that the account will expire.
Schedule both tasks to run daily during off-peak hours using the Cortex_DirMon_Svc account. [#260825]
After installing the Windows Web Hosting service, you must manually create a user account in Active Directory in the
CortexSystem OU, and add the user to the CortexWSUsers security group. [#263209]
When using the Configuration Tool to enter service provider details for a location, specify only one UPN suffix. You can
configure additional UPN suffixes later from the control panel. [#263735]
After installing the SharePoint 2010 web service, you must manually change the IIS authentication settings for the site
and application levels, enabling both Windows and integrated authentication. [#264802]
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.4https://docs.citrix.com
Importing a large service package resets the connection to the Services Manager. This occurs with package files that
include DLL files which are copied to the Bin directory during the import process. To continue configuring the service, log
in to the Services Manager. [#267325]
For the Citrix web service to work correctly with supported XenApp versions earlier than XenApp 6, edit the
[INSTALLDIR]ServicesCitrixweb.config f ile and add:
<add key="CitrixInstall" value="MetaFrame"/>
[#270896]
After using the graphical interface to install server roles, the Deploy CloudPortal Services Manager page displays. Click
anywhere on that page to bring it into focus. [#272092]
On some SQL Server installations, the server role Configuration Tool graphical interface will not launch. Workaround:
launch CortexConfig.msi from [INSTALLDIR]Configuration. [#272653]
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.5https://docs.citrix.com
System Requirements
Jun 05, 2015
Deploying the CloudPortal Systems Manager includes installing the core components (server roles), and then installing the
web services.
For system requirements information, see:System Requirements for Server Roles
System Requirements for Web Services
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.6https://docs.citrix.com
System Requirements for Server Roles
Jun 05, 2015
Updated: 2012-11-12The sections in this topic describe supported platforms, required software, and other information that will be used when
you install and configure the core components (server roles) that comprise the Services Manager platform. The Services
Manager server role installer (Setup Tool) handles many of the prerequisites, such as installing .NET Framework 4.0, enabling
web server roles, and enabling MSMQ features. (The .NET software is also available in the Support folder of the Services
Manager installation media.) See Installing and Configuring Roles and Locations for additional preparation information.
Active Directory and Exchange
This release of Services Manager supports Active Directory Domain Services on the following platforms:Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
At a minimum, the domain functional level must be Windows Server 2003.
Before the Services Manager platform can be deployed, the Active Directory schema must be extended to include thestandard Exchange attributes. To do this, use one of the following methods:
Use the Schema Prep tool from the Microsoft Exchange installation media. Use this method if you do not plan to deploy
Exchange and you do not intend to deploy the Exchange web service. In general, to deploy the Schema Prep tool, you
execute the following command on the directory where the Exchange installation media resides:
setup /p /on:OrganizationName
Deploy Exchange. Use this method if you plan on installing the Exchange web service in your Services Manager
deployment. Extending the Active Directory schema is part of the Exchange deployment process.
The domain user account used to extend the Active Directory schema or install the Services Manager platformcomponents must belong to the following groups:
Group Name Required for Services Manager platforminstallation
Required for extending Active Directoryschema
Domain Admins Yes Yes
EnterpriseSchema
No Yes
Schema Admins No Yes
If any server (including DNS) is not in the domain, the same user account should be set up as a local user on that server with
the same password, as a member of the local Administrators group.
DNS Server
Services Manager uses DNS aliases to locate and reference the component servers during the platform install andconfiguration process, and during provisioning operations. To ensure successful deployment and operation of Services
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.7https://docs.citrix.com
Manager, create the following CNAME records for each of these components. Point the CNAME records to each server'sfully qualif ied domain name.
Platform component Alias
Database server CORTEXSQL
Provisioning server CORTEXPROVISIONING
Web server CORTEXWEB
Reporting Services CORTEXREPORTS
Database Server
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operatingsystem
Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updatesinstalled.
User AccountControl (UAC)
Disabled.
Databaseserver
Microsoft SQL Server 2008 R2, with all recommended updates installed.
Authentication Mixed mode (SQL and Windows Authentication)
SQLconnectiontypes
Local and remote connections enabled.
Installationaccount
Configure the account to be used during installation with the SysAdmin role. If you cannot do this inSQL, you can use an account with SysAdmin rights. You can remove this account after the installationfinishes.
Firewall Allow inbound TCP connections through the database instance port. For a default SQL instance, thisis port 1433.
When you install SQL Server, make note of the instance name and port. You will need this information when you configure
the server for use with Services Manager.
During platform installation, the following databases are installed:OLM - core database for customer and user information
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.8https://docs.citrix.com
OLMReports - stores legacy reporting data and some system settings
OLMReporting - stores reporting data
ExchangeLogs - stores Exchange information
The following SQL accounts are created for accessing the databases:CortexProp
OLMUser
OLMReportsUser
OLMReportingUser
ExchangeLogsUser
Two SQL jobs are installed on the database server: Gather Daily Stats Data and Gather Monthly Stats Data.
SQL Reporting Services
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operatingsystem
Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommended updatesinstalled.
User AccountControl (UAC)
Disabled.
Databaseserver
Microsoft SQL Server 2008 R2, with all recommended updates installed.
Serviceaccount
Set the SQL Reporting Services service account to Network Service.
SQLconnectiontypes
Local and remote connections enabled.
Firewall Allow inbound TCP connections through the reporting port. The default port is 80.
Authentication Verify that the Report Server configuration f ile (C:Program FilesMicrosoft SQLServerMSRS10.MSSQLSERVERReporting ServicesReportServerrsreportserver.config) contains theentry "<AuthenticationTypes><RSWindowsNTLM /> <RSWindowsNegotiate /></AuthenticationTypes>".
Administratoraccount
In Reporting Services, create a dedicated user with the System Administrator role; domainadministrator rights are not required. You will need this user information when configuring Reportingin the Services Manager configuration tool.
Provisioning Server
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.9https://docs.citrix.com
Hardwareconfiguration
Two or more server-class processors, 2.0 GHz or higher
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operatingsystem
Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with all recommendedupdates installed.
User AccountControl (UAC)
Disabled.
.NET Version .NET Framework 4.0 (Full) installed.
Firewall Allow inbound TCP connections through port 8095.
Windows Serverfeatures(installed by theSetup Tool, ifnot enabled)
Enable the following features:Message Queuing > Message Queuing Services > Message Queuing Server
Message Queuing > Message Queuing Services > HTTP Support (only if the server is not in the
domain)
Telnet client
Windows PowerShell
SQL ServerManagementObjects(installed by theSetup Tool, ifnot present)
Install the 64-bit variant of the Microsoft SQL Server 2008 Shared Management Objects (SMO).This is available in the Support folder of the Services Manager installation media.
SMTP server Required for sending email notif ications through Services Manager. Depending on the notif ication,the Provisioning server also needs a temporary directory for assembling the email. As an SMTP serveris also required for the Report Mailer, the same SMTP server can be used for both the Provisioningserver and the Report Mailer. For both roles, you supply the SMTP server details when you configureeach server role.
Domainmembership andprivileges
Server must be a member of the domain
Service account must have full domain administrator privileges
If you are installing the Provisioning server on a domain controller, give the ProvisioningUsers security group logon locally
permission. However, for security reasons, Citrix recommends installing the Provisioning server on a server other than a
domain controller.
Web Server
The Services Manager uses the DNS alias CortexWeb to refer to the server hosting the Web Server.
Hardware configuration Two or more server-class processors, 2.0 GHz or higher
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.10https://docs.citrix.com
Minimum 4 GB RAM recommended
Minimum 10 GB free disk space available for f ile growth
Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with allrecommended updates installed.
User Account Control (UAC) Disabled.
.NET version .NET Framework 4.0 (Full) installed.
Firewall Allow outbound connections to SQL Reporting Services on port 80.
Report Viewer version Microsoft Report Viewer 2008 SP1
Windows Server roles Enable the following roles:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
SQL Server Management Objects(installed by the Setup Tool, if notpresent)
Install the 32-bit variant of the Microsoft SQL Server 2008 Shared ManagementObjects (SMO). This is available in the Support folder of the Services Managerinstallation media.
Domain membership and privileges Server must be a member of the domain
Service must have full domain administrator privileges
During platform configuration, you will need to know the host header required for the web site. This is the URL used to
access the control panel. The Configuration Tool refers to this as the external address.
When you install the Web Server role, the following items are installed:CortexMgmt Application Pool - used to run the Management Site.
Cortex Management Site - contains the following web applications:
CortexDotNet - main management portal
CortexAPI - XML-based web service used to automate management
The Web Server role supports:Internet Explorer 8 and 9
Firefox 3.x and 4.x
Chrome 12.x
Safari 5.x
The Web Server role supports client operating system access from:Windows XP SP3
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.11https://docs.citrix.com
Windows 7 SP1
Windows Server 2008
Mac OS X 10.x
The Autologin tool supports Windows XP SP3, Windows 7 SP1, and Windows Server 2008.
Directory Web Service
If you are installing the Directory Web Service on a domain controller, give the CortexWSUsers and the Proxy Users groups
logon locally permission. However, for security reasons, Citrix recommends installing this role on a server other than a domain
controller.
Enable the following roles and features:Web Server > Application Development > ASP.NET
Web Server > Security > Basic Authentication
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
PowerShell 2.0
Data Warehouse (Reporting)
Operating system Windows Server 2008 R2 Standard, Enterprise, or Datacenter editions, with allrecommended updates installed.
User Account Control (UAC) Disabled.
.NET version .NET Framework 4.0 (Full) installed.
Firewall Allow outbound connections to the database server on port 1433.
Database server SQL Server 2008 R2
Database server authentication Mixed mode (SQL and Windows Authentication)
Reporting SQL Server Reporting Services 2008 R2
SQL Server ManagementObjects (installed by the SetupTool, if not present)
Services Manager installs this component automatically when the Data Warehouserole is deployed. This is available in the Support folder of the Services Managerinstallation media.
Installation account Ensure the account used for installing this role is a SysAdmin on the server.
RSReportServer modif ications In RsReportServer.config, under <RSWindowsNTLM/>, enable<RSWindowsNegotiate/>.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.12https://docs.citrix.com
SMTP server Because the Provisioning server also requires a SMTP server, you can specify thesame SMTP server when you deploy each server role. The SMTP server must allowrelays from the Reporting server.
Additional requirements:If you will be using the OCS Monitoring service, install and enable the OCS Monitoring Service on the OCS 2007 server.
If you will be using the SharePoint 3 service, most headers for all sites must be resolvable on the SharePoint 3 server
where the SharePoint service is installed and used by the data collection.
Firewall Configuration
The following table lists the default connectivity configuration between the Services Manager roles. Configure thesebefore installing the roles.
Traff ic/Port From To Purpose
TCP 8095 Web Server Provisioning Engine Authenticate users and read-time ActiveDirectory lookups
MSMQ*, HTTP, orHTTPS
Web Server Provisioning Engine Provisioning request
TCP 1433** ProvisioningEngine
SQL Server Access to provisioning rules, write statistics
TCP 1433** Web Server SQL Server Access to customer and user information
TCP 80 Web Server SQL Reporting Servicesserver
Access to SQL Reporting Services
* MSMQ comprises several ports, as specified by Microsoft.
** The supported SQL versions use TCP 1433 only for the default instance; other named instances use a dynamically
assigned port. If your installation is not the default instance and a firewall separates the SQL server from the other
Services Manager roles, you must override the dynamic behavior by allocating a specific port.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.13https://docs.citrix.com
System Requirements for Web Services
Jun 05, 2015
Updated: 2013-03-19This topic lists supported platforms and requirements for the Services Manager web services.
Group Policy requirements
If you are installing a web service on a domain controller, give the CortexWSUsers group logon locally permission.
Additionally, Proxy Users need logon locally permission if you install the Directory Web Service on the domain controller.
BlackBerry
The following table lists the supported BlackBerry and Microsoft Exchange versions. If your environment includes BlackBerry4, complete the following requirements before installing the Services Manager BlackBerry service. If your environmentcomprises only BlackBerry 5, you do not need to install a Services Manager BlackBerry service after completing thefollowing requirements.
Version Exchange 2003 Exchange 2007 Exchange 2010 Exchange 2010 Hosting
BlackBerry 4 X X X
BlackBerry 5 SP1 X X
BlackBerry 5 SP2 X X
Configure your environment according to the BlackBerry installation guidelines. The following requirements assume you
have installed the BlackBerry Enterprise Server software, the latest security updates, and the appropriate service pack for
your deployment.
Requirements for all BlackBerry deployments (all supported versions):The Services Manager requires the credentials that are used to run the BlackBerry service, in order to access the
BlackBerry Server MAPI profile. This account must be a member of the Exchange View Only Administrators group.
Additionally, the BlackBerry service account (or the Exchange View Only Administrators group) must have Open Address
List permission on the Default Global Address List.
Requirements for BlackBerry 4 (in addition to requirements for all deployments):Enable the following IIS 7+ roles:
Web Server > Application Development > ASP.NET
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility
Install Microsoft .NET Framework 4.0
Install the BlackBerry Enterprise Server Resource Kit. When you install the Services Manager BlackBerry web service, you
will need the credentials created for the resource kit.
Citrix XenApp for Windows
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.14https://docs.citrix.com
Supported XenApp versions:Citrix Presentation Server 4.5 for Windows Server 2003
Citrix XenApp 5.0 for Windows Server 2008
Citrix XenApp 6.0 for Windows Server 2008 R2
Citrix XenApp 6.5 for Windows Server 2008 R2
Requirements:Operating system: supported platforms for the XenApp version. Install all recommended operating system patches.
Enable Remote Desktop Services.
Install .NET Framework 4.0.
Installation requires that the Cortex Domain Logon account and the DomainCortexWSUsers account have full
administration rights on the XenApp farm.
For Presentation Server 4.5 for Windows Server 2003:
Apply SP2 to the Windows Server 2003.
From Add or Remove Programs, select Add/Remove Windows Components. Then select Application Server and click
Details. Ensure that ASP.NET is enabled and that Internet Information Service (IIS) is enabled and default settings are
accepted.
For XenApp 5 for Windows Server 2008, XenApp 6, and XenApp 6.5:
Disable UAC.
Enable the following roles:
Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Management Tools > IIS 6 Management Capability > IIS 6 Metabase Compatibility
The Citrix web service uses port 8095 by default.
CRM 2011
Ensure that the CRM 2011 installation is configured with claims-based authentication and an Internet-facing deployment.
For help configuring an Internet Facing Domain (IFD) CRM 2011 environment, see http://www.youtube.com/watch?
v=T9jZIxDTsBw.
For authentication to succeed, give the ADFS service user account (which is usually the Network Service) read access to the
customer's OU.
Exchange
The following table lists the supported platforms and Microsoft Exchange versions.
Version Windows Server 2003R2
Windows Server2008
Windows Server 2008 R2SP1
Exchange 2003 X
Exchange 2007 SP2 X
Exchange 2010 SP1 -Enterprise
X
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.15https://docs.citrix.com
Exchange 2010 SP1 - /Hosting X
Exchange 2010 SP2 X
Version Windows Server 2003R2
Windows Server2008
Windows Server 2008 R2SP1
Note: Although Exchange 2010 SP1 is included as a supported version in this release of Services Manager, Citrix recommendsservice providers use Exchange 2010 SP2 instead for new Services Manager deployments. Exchange 2010 SP2 includesimprovements that enable service providers to offer a richer feature set to their customers. For more information andguidance about SP2, refer to the article, "Multi-Tenant Support" on the Microsoft TechNet Web site.For environments that already include Exchange 2010 SP1 in a hosting mode (i.e., using the /hosting switch), ensure it is
installed in a separate domain forest from any other Exchange implementation. Exchange 2010 SP1 installed in a hosting
mode sets different permissions on the organization's OUs.
Follow the guidance in the Microsoft documentation for preparing and installing Exchange. The information in this section
assumes you have installed the Exchange software.
Requirements:Install all recommended operating system patches.
Enable Remote Desktop Services.
Disable UAC.
Enable the following IIS 6 and 7+ roles:
Web Server > Application Development > ASP.NET
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility
Install .NET Framework 4.0.
If you are using Exchange 2010, install Microsoft Exchange 2010 SP1 Management Tools.
Services Manager service installation requires that the Cortex Domain Logon account have full administration rights to
Microsoft Exchange.
Exchange User Level Packages are used as templates for Exchange mailboxes. Packages define which protocols are
enabled, plus mailbox limits and data storage. The installation process creates one package, which is used to test the
installation. This package specif ies the mail databases to use (Server / Storage Group). One or more storage groups are
created when Exchange is installed; select one to use for the installation test.
By default, the Exchange web service uses port 8095 to communicate with the Provisioning and Web servers.
Configuring Permissions for Exchange 2007 and Exchange 2010
Use the following steps to configure permissions in an environment that includes only an Exchange 2007 SP2 or Exchange2010 SP1 deployment. These steps are not required for Exchange 2010 SP2 or mixed Exchange deployments.1. Launch ADSledit.msc on a server in the domain.
2. Right-click ADSI Edit, select Connect to, and then select the Configuration naming context.
3. Expand CN=Configuration,DC=CustomerDomainPrefix,DC=CustomerDomainSuffix.
4. Enable the List Object permission in the directory.
1. Expand CN=Services > CN=Windows NT.
2. Right-click CN=Directory Service and select Properties.
3. Set the dsHeuristics attribute to 001.
5. Disable the Default Email-Address policy. (By default, this policy applies to all users and gives all users the primary email
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.16https://docs.citrix.com
address alias@exchangedomain.)
1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Recipient Policies.
2. From the middle pane, right-click CN=Default Policy and select Properties.
3. Edit the following properties:
msExchLastAppliedRecipientFilter: Alias -eq 'NoSuchEmail'
msExchPurportedSearchUI: Microsoft.PropertyWell_QueryString=(mailNickname=NoSuchEmail) (replace current
entry)
msExchQueryFilter: Alias -eq 'NoSuchEmail'
purportedSearch : (&(objectclass=PublicFolder)(!(extensionAttribute15=*)))
6. Lock down default global address lists.
1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container > CN=All
Global Address Lists.
2. Right-click CN=Default Global Address List and select Properties.
3. On the Security tab, click Advanced.
4. Clear the Include inheritable permissions from this object's parent check box, and then click Add.
5. Click Apply and then click Yes for each warning that appears.
6. Sort the permissions by name and remove the entries for Authenticated Users except the Deny entry that applies to
msExchAvailabilityAddressSpace objects. Click OK to close the dialog box.
7. On the Security tab, select the Everyone group and click Remove. Click OK to close the dialog box.
7. Lock down address lists.
1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container > All
Address Lists.
2. Right-click CN=All Users and select Properties.
3. On the Security tab, click Advanced. Clear the Include inheritable permissions from this object's parent check box and
then click Add.
4. Click OK and then click Yes for each warning that appears.
5. Remove the Everyone and Authenticated Users groups.
6. Add the Proxy USERS group and deny the Read permission. (If the Services Manager roles have not yet been installed,
or if this group does not exist, create a domain local group in Active Directory called Proxy USERS.)
7. Repeat Steps b-f for the All Contacts, All Groups, All Rooms, and Public Folders containers.
8. Lock down the All Address Lists container.
1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container.
2. Right-click CN=All Address Lists and select Properties.
3. On the Security tab, click Advanced and then add the Proxy USERS group with the following settings:
Apply to: This object only
List Contents: Deny
List Object: Allow
9. Delete the default off line address list.
1. Expand CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container >
CN=Offline Address Lists.
2. In Offline Address Lists, delete CN=Default Offline Address List.
10. Set permissions at the Exchange organization level.
1. Expand CN=Services > CN=Microsoft Exchange.
2. Right-click CN=ExchangeOrganization and select Properties.
3. On the Security tab, add the group Proxy USERS and allow the Read permission.
4. Click Advanced and select the Proxy USERS group. Click Edit and configure the following settings:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.17https://docs.citrix.com
Apply to: This object only
List contents: Allow
List object: Allow
Read all properties: Allow
Read permissions: Allow
Configuring Services Manager for a Mixed Exchange 2010 Environment
When using Exchange 2010 Enterprise with Exchange 2007 or 2003, to ensure correct operations, copy the
globalAddressList attribute into the globalAddressList2 attribute.
The globalAddressList2 attribute was introduced in Windows Server 2008 R2. In an environment that includes Exchange
2010, an address list must be populated into the attribute to ensure correct operation. Exchange 2010 manages the
globalAddressList2 attribute automatically, but Exchange 2007 and 2003 do not.
To populate globalAddressList2 with all entries from globalAddressList, run the following PowerShell script.
$configroot = ([adsi]"LDAP://rootdse").ConfigurationNamingContext$MSEXOU = [adsi]("LDAP://CN=Microsoft Exchange,CN=Services,$configroot")[array]$gal = $nullforeach ($dn in get-GlobalAddressList) { $gal += ($dn.distinguishedname)}$gal = '@("' + ([string]::join('","', $gal)) + '")'$MSEXOU.putEx(2, 'globalAddressList2', (invoke-expression "$gal"))$MSEXOU.setinfo()
After running this script, any systems that interact with globalAddressList must now use globalAddressList2; otherwise,
Exchange will not detect them.
Lync Enterprise and Lync 2010 for Hosting
The following assumes you have deployed the Lync Enterprise 2010 topology.
RequirementsInstall .NET Framework 4.0.
Install Lync Server Management Shell.
Add or enable the following roles and features:
IIS 6.0 (minimum)
Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools
PowerShell 2.0
MySQL
Requirements:Install MySQL version 5.0 or 5.1.
Run MySQL on the default port 3306.
On the MySQL server:
Allow local and remote connections
Open the f irewall to allow connections to the MySQL server on port 3306.
Open port 8095.
The Services Manager requires login access to administer databases and users. If you are using multiple SQL servers, use
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.18https://docs.citrix.com
the same account for all of them (suggested name: CortexMySQLHosting). This account must have DBA (grant all) global
privileges.
SharePoint
The following table lists the SharePoint and IIS version support.
Version IIS 6 IIS 7 IIS 7.5
SharePoint 3 X X
SharePoint Enterprise 2010 X X
SharePoint Foundation 2010 X X
Follow the guidance in the Microsoft documentation for hosting SharePoint. The following assumes you have installed the
SharePoint software.
Requirements for SharePoint 2010 Services deployments:Operating system: Windows Server 2008 (minimum), with all recommended operating system patches.
Enable Remote Desktop.
Disable UAC.
Add the service account used for the Services Manager SharePoint 2010 web service deployment and configurations to
the farm. Use cmdlet Get-SPShellAdmin to look up the account name.
Set the SharePoint 2010 web service to the same application pool identity as the SharePoint Central Administration site.
Identify the application (front-end) server in the farm where the SharePoint 2010 web service is to be deployed.
Install and configure Services Manager IIS Web Service (used for Windows Web Hosting Services) on the same
SharePoint 2010 server used for managing the site host headers.
Install the Services Manager DNS Service to use the full functionality of SharePoint 2010 site DNS management.
Open ports 8095-8098 and 5985 from the server hosting the SharePoint 2010 and IIS web services to the Services
Manager Web Server and provisioning server.
Enable the following roles:
Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Make the SharePoint 2010 service account a member of the local administrators group on the server hosting the
SharePoint 2010 web service and the CortexAdmins group in Active Directory.
Configure the following local policies:
Enable the Allow CredSSP Authentication option under Computer ConfigurationAdministrative templateWindows
ComponentsWindows Remote Management (WinRM)WinRM Service.
Enable the Allow CredSSP Authentication option under Computer ConfigurationAdministrative templateWindows
ComponentsWindows Remote Management (WinRM)WinRM Client.
Enable the Allow Fresh Credentials with NTLM-only Server Authentication option under Computer
ConfigurationAdministrative TemplatesSystemCredentials Delegation. Verify that it is enabled and configured with an
SPN appropriate for the target computer (select Show next to Add servers to the list). For example, for a target
computer name "myserver.domain.com" the SPN can be one of the following: WSMAN/myserver.domain.com or
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.19https://docs.citrix.com
WSMAN/*.domain.com.
Enable the Allow Delegating Fresh Credentials option under Computer ConfigurationAdministrative
TemplatesSystemCredentials DelegationAllow Delegating Fresh Credentials. Verify that it is enabled and configured
with an SPN appropriate for the target computer (click Show next to Add servers to the list). For example, for a target
computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or
WSMAN/*.domain.com.
Disable loopback check:
1. From the Registry Editor, select the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
2. Right-click Lsa, point to New, and select DWORD Value.
3. Type DisableLoopbackCheck.
4. Right-click DisableLoppbackCheck, then select Modify.
5. In the Value f ield, type 1.
6. Restart the server.
Allow WinRM to listen for requests:
1. Run the following command at the command prompt on the SharePoint 2010 server: winrm e winrm/config/listener
2. If the command prompt does not show anything, running the following command: winrm quickconfig
3. At the prompt “Make these changes?”, type y.
For more information, refer to http://msdn.microsoft.com/en-us/library/aa384372%28VS.85%29.aspx.
Increase the memory allocated for PowerShell by running the command: Set-item
WSMan:localhostShellMaxMemoryPerShellMB 1000.
Requirements for SharePoint 3 Services deployments:Operating system: Windows Server 2003 Service Pack 2 (minimum)
Enable Remote Desktop.
Set the SharePoint 3 web service to the same application pool identity as the SharePoint Central Administration site.
This should be the service account used by Services Manager for SharePoint 3 web service provisioning.
Identify the application (front-end) server in the farm where the SharePoint 3 web service is to be deployed.
Make sure the SharePoint 3 web service farm is installed using Domain Account Mode instead of Active Directory
Account Creation Mode.
Install and configure Services Manager IIS Web Service (used for Windows Web Hosting Services) on the same
SharePoint 3 server used for managing the site host headers.
Open ports 8095-8098 from the server hosting the SharePoint 3 web service and IIS web services to the Services
Manager Web Server and provisioning server.
If the application server is on Windows 2008, enable the following roles:
Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Management Tools > IIS Management Console
Management Tools > IIS Management Scripts and Tools
Make the SharePoint 3 web service account a member of the local administrators group on the server hosting the
SharePoint 3 web service and the CortexAdmins group in Active Directory.
Virtual Machine
Supported:System Center Virtual Machine Manager 2008 R2 SP1
Hyper-V Server 2008 R2
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.20https://docs.citrix.com
Requirements:Enable the following roles:
Web Server > Application Development > ASP.NET
Web Server > Security > Windows Authentication
Install Microsoft .NET 4.0.
System Center Virtual Machine Manager 2008 R2 Administrator Console
For each Hyper-V host, use SCVMM to set up network access:
Configure network adaptors.
Configure VLAN ranges for VLAN trunking.
Hyper-V hosts can be stand-alone or clustered. Services Manager supports Cluster Shared Volumes for provisioning
highly available VMs.
For each Hyper-V host Services Manager is to manage, refer to Steps Required to Add a New Hyper-V Host.
Open inbound TCP port 8095 in the Windows f irewall.
Open the following f irewall ports, by role:
Role Port Description
SCVMM servers 8100 VMM - Administrator Console to VMM server
As
installed
RDP - self-service portal website port
If using a remote VMM
database
1433 TDS - SQL Server
Virtual server 5900 VMRC - VMRC connection to virtual server host
Hyper-V hosts 80 WinRM - VMM server to VMM agent on Windows Server-based host
(control)
443 BITS - Library server > hosts
445 SMB - VMM server to VMM agent on Windows Server-based host
(data)
2179 RDP - VMConnect to Hyper-V hosts
5900 VMRC - connection to virtual server host
Virtual machines 3389 RDP - Remote desktop to VMs
An Active Directory security group is added to Hyper-V servers to enable remote connections. Your environment must
allow security groups to be added to the host from the domain containing the Services Manager components.
Remove the following folders or executables from real-time scanning by security software:
The default virtual machine configuration folder (for example, C:ProgramDataMicrosoftWindowsHyper-V) and any
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.21https://docs.citrix.com
custom virtual machine configuration folders
The default virtual machine hard disk drive folder (for example, C:UsersPublicDocumentsHyper-VVirtual Hard Disks) and
any custom virtual machine hard disk drive folders
Snapshot folders
VMMS.EXE - Virtual Machine Management Service
VMWP.EXE - Virtual Machine Worker Process
If you use Hyper-V Live Migration with Cluster Shared Volumes, remove the Cluster Storage folder (for example,
C:Clusterstorage) and all subfolders.
Windows Web Hosting
The following table lists the supported Internet Information Services (IIS) versions and platforms.
Version Windows Server2003 R2
Windows Server2008
Windows Server 2008R2 SP1
Windows Server 2008 R2 SP1Web Edition
IIS 6 X
IIS 7 X
IIS 7.5 X X
RequirementsHardware:
Processors: server class, one or more 2.0 GHz (minimum)
Memory: 2 GB (minimum) recommended
Disk space: 10 GB (minimum) free space
Install all recommended operating system patches.
Enable the following roles:
File Service > File Server
IIS > Application Development > ASP.NET
IIS > Application Development > .NET Extensibility
IIS > Application Development > CGI (required only if PHP support is required)
IIS > Application Development > ISAPI Extensions
IIS > Application Development > ISAPI Filters
IIS > Security > Basic Authentication
IIS > Security > Windows Authentication
IIS > Management Tools > IIS Management Console
IIS > Management Tools > IIS Management Scripts and Tools
IIS > Management Tools > Management Service
Ensure that the IIS FTP Server Role is not enabled.
For IIS 7.0 and higher: Set up the web server with any server certif icates needed for secure site browsing and with a
network f ile share to store site f iles and documents (typically, C:WebHosting).
Install .NET Framework 4.0.
Configure the Web Management Service (WMSvc) to run automatically at startup. By default, it is set to Manual.
Enable Remote Desktop Services.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.22https://docs.citrix.com
The Network Service account must be able to read the configuration f iles in the directory
C:WindowsSystem32inetsrvconfig.
When provisioning the customer site, the Services Manager sets permissions for the customer's Active Directory groups
on the site/folder. Additionally, the AppPool identity for the site is also a domain account under that customer's OU.
Therefore, the web hosting server must either be a member of the domain or have a trust relationship with that domain,
so that groups and accounts are accessible and have rights on the server.
Other Services
Service Requirement/Supported Version
Domain Name System (DNS) BIND version 9.x DNS Server
File Sharing Manager Supported on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2
Hosted Apps and Desktops Citrix App Studio 1.0
Office Communication Server Microsoft Office Communications Server 2007 R2
For information about the Directory Web Service, see System Requirements for Server Roles .
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.23https://docs.citrix.com
Install
Jun 05, 2015
Deploying the CloudPortal Services Manager comprises installing and configuring the core components (server roles) and
then installing the Web services.
For details, see:Installing and Configuring Roles and Locations
Installing Web Services
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.24https://docs.citrix.com
Install Roles and Locations
Jun 05, 2015
Updated: 2014-10-10Deploying the CloudPortal Services Manager (Services Manager) f irst comprises installing and configuring core components(server roles) and locations. The Setup Tool manages prerequisites and installs server roles. The Configuration Toolconfigures server roles and locations. Both tools offer a graphical wizard-driven interface and a command-line interface.
For the graphical interface, see Installing Server Roles from the Graphical Interface and Configuring Server Roles
and Locations from the Graphical Interface .
For the command-line interface, see To install server roles from the command line and Configure server roles and
locations from the command line .
After you install the server roles, and configure the roles and locations, you install and configure the web services. See
Installing Web Services for details.
Role installation and configuration summary
An initial server role deployment includes the following tasks:1. Perform environment readiness checks – You can verify the extended Active Directory schema and DNS aliases. This
procedure is available in the graphical interface; you can also perform the verif ications manually. You can run this task
from anywhere in the domain.
2. Create system databases - Microsoft SQL Server databases serve as repositories for user and service configurations in
a Services Manager deployment. All databases should be backed up and synchronized daily.
In the graphical interface, you specify database information before you install the server roles. In the command line
interface, you specify database information when you configure the server roles and location.
You run this task from the server where Microsoft SQL Server is installed.
3. Install server roles - Web Server, Provisioning Engine, Directory Web Service, Data Warehouse, and Report Mailer.
4. Conf igure server roles and locations – Specif ies configuration settings for the installed roles, and settings for primary
and remote locations.
An XML configuration file is used to maintain context across the Services Manager deployment. As you configure the
server roles, information is read and written to the configuration file. For example, the Provisioning Engine writes its own
configuration information and reads where to reach the database. When you configure the primary location, the
configuration file will already have information needed about the provisioning server.
A location is the main unit of isolation between tenants, and usually corresponds to an Active Directory domain or
forest. Customers are provisioned into a location. Configuring a server role makes that role operational, while configuring
the location ties the components together and makes the system operational.
There is one configuration file per location, although all locations can share a single database server. You configure the
primary location first, then optionally, remote locations. For example, a new customer with an existing infrastructure and
domain might be integrated as a remote location in the control panel. When you configure remote locations, you specify
connection details, which are used to generate a new configuration file. After that, configuring a remote location is
similar to configuring the primary location.
You configure locations from the server hosting the Provisioning Engine or the Web Server.
Preparing to install and configure server roles
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.25https://docs.citrix.com
See System Requirements for Server Roles for supported platforms, required software, and preparation tasks.
Plan where you will install the server roles.Typically, the Directory Web Service is installed on the same server as the Provisioning Engine.
Install Microsoft SQL Server (minimum SQL Server 2008 R2) and SQL Server Reporting Services on the server that you will
configure as the main system (OLM) database. Typically, this is a separate server from the server on which you install
other Services Manager roles. In larger deployments, you can install SQL Server Reporting Services on a separate server
from the SQL Server database.
You can use a separate SQL server to host the reporting database (OLMReporting) and billing, or you can use the main
system database for those functions. Using a separate reporting database avoids taxing the primary database, and is
recommended for larger deployments.
For best practice, install the Web role on a separate server. This server will likely have enhanced security.
Whether you use the graphical interface or the command line to configure installed roles, review the information in the
topic Configuring Server Roles and Locations from the Graphical Interface before you start the configuration. It
describes the information you will need to provide.
Note: During configuration, you must specify license reporting information by configuring the Report Mailer.General conventions:
You can specify server addresses as an IP address, in the form server.domain.local, by environment variables, or by DNS
alias. In the graphical interface, you can check the aliases by selecting the Perform Readiness Checks task. If you use the
command-line interface, verify the aliases before using them when installing Services Manager roles.
Role configuration includes specifying credentials for several Active Directory user accounts. In most cases, you can
either specify the user name and password, or select the option that instructs the Configuration Tool to generate the
credentials. This option is generally disabled by default. Some user account specif ications also provide an option that
instructs the Configuration Tool to create the user account if the account does not already exist. This option is
generally enabled by default.
In the command line interface, enclose option values that contain spaces in quotation marks (for example,
/LocationName:"Southeast Hub").
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.26https://docs.citrix.com
Installing Server Roles from the Graphical Interface
Jun 05, 2015
Installing Services Manager server roles using the graphical interface comprises three procedures:Perform readiness checks
Create system databases
Deploy (install) server roles
To perform readiness checks
Typically, environment readiness checks are done infrequently.1. From the Autorun folder on the installation media, double-click Autorun.exe.
2. On the Select Deployment Task page, select Perform Readiness Checks.
3. On the Prepare Environment page:
Select Extend Active Directory Schema. This verif ication queries Active Directory to determine if the schema has the
expected custom extension attributes. If you plan to install the Exchange Web Service later, you can perform this
verif ication at that time.
If the verification cannot be completed, a message is provided (such as, the computer is not in a domain, the current
user is not a domain user or does not have permission to query the schema).
Select Create DNS Aliases. The control panel uses DNS aliases to locate the servers where its components will be
deployed. This verif ication ensures the aliases have been configured.
CORTEXSQL - the database server hosting the system databases
CORTEXPROVISIONING - the computer where the Provisioning server role will be installed
CORTEXWEB - the computer where the Web server role will be installed
To create system databases
This procedure assumes you have already installed the Microsoft SQL Server database software (minimum SQL Server 2008R2) and SQL Server Reporting Services.1. Double-click Setup.exe.
2. On the Select Deployment Task page, select Deploy CloudPortal Services Manager.
3. On the Deploy CloudPortal Services Manager page, select Create System Databases.
4. On the Create Deployment Configuration File page, browse to the directory where you want to store the XML
deployment configuration f ile, then enter a f ile name.
5. On the Create Primary Databases page, configure the following information about the SQL Server that will store system
configuration information:
Specify the server address.
Specify the port number. Default = 1433
Select the authentication mode: Windows or SQL. Default = Windows
Specify login credentials. (Optional if using Windows authentication and integrated security)
Select the Auto-create SQL logins checkbox if you want the SQL Server user accounts on the next page to be
created.
You can test the connection to the database.
6. Enter passwords for the SQL Server logins required to ensure cross-domain access to the databases: OLM, OLMReports,
CortexProp, and ExchangeLogs. This is optional if you selected the Auto-create SQL logins checkbox on the previous
page.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.27https://docs.citrix.com
7. Review the Summary page. If you want to change anything, return to the appropriate configuration page. When the
summary contains the settings you want, click Commit.
8. The Applying Configuration page displays progress. After the system databases are successfully configured, the Deploy
CloudPortal Services Manager page displays.
To deploy (install) server roles
On the server where you are installing a server role:1. Double-click Setup.exe.
2. On the Select Deployment Task page, select Deploy CloudPortal Services Manager.
3. On the Deploy CloudPortal Services Manager page, select Deploy Server Roles.
4. Accept the License Agreement.
5. On the Select Server Roles page, select one or more roles to install: Provisioning, Directory Web Service, Web, Reporting,
or Report Mailer.
Note: The Configuration Tool entry should always remain selected.
6. Review the prerequisites.
7. On the Ready to Install page, review the summary. After you click Install, the display indicates the progress of installing
prerequisites and the selected roles, and the result.
8. After the installation result displays and you click Finish, the Deploy CloudPortal Services Manager page displays.
After you complete the role installation, configure the roles and location.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.28https://docs.citrix.com
To install server roles from the command line
Jun 05, 2015
Updated: 2014-09-02Perform this task on the server that will be hosting the server role you want to install. For example, install the Provisioning
server role on the server that you have designated as the Provisioning server.
From the CortexSetup directory on the installation media, type the following at a command prompt:
CortexSetupConsole.exe /install:items [/Help]
/install:items
Comma-delimited list of Services Manager roles to install. Valid values are:
ConfigTool
Note: The Configuration Tool is automatically installed when you specify any other server roles to install. You must
specify it if you are not installing any other server roles with this command, but plan to later use a script to configure the
system databases.
Provisioning
DirectoryWebService
Web
Reporting
eCommerce
ReportMailer
/Help
Displays command help.
After you install the server role, run the Configuration Tool to configure the server role. After the Provisioning, Directory
Web Service, and Web server roles are installed and configured, you can configure the primary location. After configuring the
primary location, you can install and configure the Reporting server role.
Example
The following command installs the Provisioning Engine and Directory Web Service.CortexSetupConsole.exe /install:Provisioning,DirectoryWebService
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.29https://docs.citrix.com
Configuring Server Roles and Locations from theGraphical Interface
Jun 05, 2015
The following procedures assume you have already installed the Services Manager roles.
To configure server roles
1. From the Autorun folder on the installation media, double-click Autorun.exe.
2. On the Select Deployment Task page, select Deploy CloudPortal Services Manager.
3. On the Deploy CloudPortal Services Manager page, select Configure Server Roles.
4. On the Load Deployment Configuration File page, browse to the XML f ile you previously created (see the— To create system databases
procedure in Installing Server Roles from the Graphical Interface ).
5. On the Select Configuration Task page, select one or more items to configure.
Reporting – creates the reporting database, configures data transfer services, and publishes billing and usage reports
Provisioning – configures the Provisioning Engine server role, including the Queue Monitor and Directory Monitoring
services.
Report Mailer – configures reporting for Citrix licensing and usage.
Web - specif ies an address or host name for accessing the Web Server.
Directory Web Service – configures the server role credentials and IIS settings.
6. The following table describes the pages that display for each of the roles you selected.
Role Page Description
Reporting Configure
Reporting
Database
Either configure a separate secondary database to handle system reporting and billing
or use the main database for those functions.
To configure the reporting database, specify the following:
Server address
Port number (default = 1433)
Authentication mode: Windows or SQL(default = Windows)
Connection username and password (optional for Windows authentication
mode)
You can test the connection to the database.
To use the main system database for system reporting and billing, select the Use
primary database settings checkbox.
Reporting
Database
Credentials
Displays only if you configured a separate secondary database on the Configure
Reporting Database page. A SQL Server login for the reporting database ensures
cross-domain accessibility.
Either specify the user name (default = OLMReportingUser) and password for the user
account or select the Auto-generate credentials checkbox.
Configure The Data Transfer Service is a scheduled task of the Data Warehouse feature that
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.30https://docs.citrix.com
Data
Transfer
Service
migrates and adapts data from the primary database to facilitate building reports
with Microsoft SQL Server Reporting Services. Either specify the user name (default =
cortex_dataw_svc) and password for the account this service will use, or select the
Auto-generate credentials checkbox. If you select the Create if doesn’t exist
checkbox (default = enabled), the domain account will be created.
Data
Transfer
Notifications
The Data Transfer task sends email notifications with the results of Data Warehouse
operations. This enables administrators to respond quickly to interruptions in reporting
functionality. Specify the source and destination email addresses for sending success
and failure notifications.
Specify
Reporting
Services
Details
Specify the URL of the reporting server instance as it appears in the Microsoft SQL
Server Reporting Services Configuration Manager. Enter the Reporting Services
administrator user name and password for a domain account with administrative
privileges. The password for this user account should never expire, in order to avoid
potential service interruption.
You can test the connection to the URL.
Select
Reports to
Deploy
Select one or more reports to deploy. To deploy all reports, enable the Select All
checkbox. You can skip this page and deploy reports later.
Provisioning Configure
Queue
Monitor
Service
The Queue Monitor service processes administrative requests from the Web Server
and automates other internal services. The user must have full domain administrator
permissions. Either specify the user name (default = cortex_qmon_svc) and password
for the domain user account this service will use, or select the Auto-generate
credentials checkbox. If you select the Create if doesn’t exist checkbox (default =
enabled), the domain account will be created.
Configure
Directory
Monitoring
Services
The Provisioning Engine hosts scheduled tasks that monitor Active Directory, keeping
user account information current, and sending email notifications for events such as
password expiry. Either specify the user name (default = cortex_dirmon_svc) and
password for the user account these tasks will use, or select the Auto-generate
credentials checkbox. If you select the Create if doesn’t exist checkbox (default =
enabled), the account will be created.
Configure
Mail Server
Specify the SMTP server address and port number the Provisioning Engine will use to
send email messages, such as system updates to administrators, account notifications
to end users, plus usage reporting to Citrix.
If you also selected Report Mailer on the Select Configuration Task page, you can
also specify the SMTP server address and port number for email sent by the Report
Mailer on this Configure Mail Server page. (To configure the Report Mailer to use the
Role Page Description
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.31https://docs.citrix.com
same SMTP server as the Provisioning Engine, specify that on the Configure License
Reporting page.)
You can test the connection to the SMTP server.
Report
Mailer
Configure
License
Reporting
Configuring the Report Mailer is required. Licensing data is reported to Citrix through
emailed reports.
Specify your customer ID; a lookup link is provided.
You can share the SMTP mail server that the Provisioning Engine uses or designate
another mail service user account.
To share the SMTP mail server that the Provisioning Engine uses, select the Share
SMTP Mail server with Provisioning Server checkbox.
To designate another account, specify the user name and password, or select the
Auto-generate credentials checkbox. If you select the Create if doesn’t exist
checkbox, the account will be created.
Configure
Mail Server
Specify the address and port number of the SMTP server that the Report Mailer
server will use to send email messages to administrators, end users and Citrix.
If you also selected Provisioning on the Select Configuration Task page, the Configure
Mail Server page allows you to specify the SMTP server address and port number for
email sent by the Provisioning Engine and the Report Mailer.
Web Configure
Web Server
Specify an externally-resolvable host name or address by which the Web Server can be
reached (default = cortexweb). You can skip this step and configure it later.
Directory
Web
Service
Configure
Directory
Web Service
Either specify the user name (default = cortex_dirws_svc) and password for the user
account these tasks will use, or select the Auto-generate credentials checkbox. If you
select the Create if doesn’t exist checkbox (default = enabled), the user account will
be created.
Specify the service port (default = 8095).
Role Page Description
7. Review the Summary page, which lists all the information you configured, or the defaults. If you want to change
anything, return to the appropriate configuration page. When the summary contains the settings you want, click
Commit.
To configure locations
The primary location initializes the control panel, specif ies service provider details, and provisions the f irst administrator.Configure the primary location once per deployment.Caution: Configuring the primary location with the Configuration Tool makes irreversible changes to the system database.If an error occurs during this step, it is not possible to retry configuration without f irst recreating the system databases,reconfiguring all server roles, and restarting the process. To minimize the risk of configuration errors, perform the followingactions:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.32https://docs.citrix.com
Back up the system databases so that, in the event of configuration errors, you can recover easily and restart this
process.
Run all configuration steps as a domain administrator.
Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.
1. If the Setup and Configuration Tools are not already launched, double-click Autorun.exe from the Autorun folder on the
installation media.
2. On the Select Deployment Task page, select Deploy CloudPortal Services Manager.
3. On the Deploy CloudPortal Services Manager page, select Configure Location..
4. On the Load Deployment Configuration File page, browse to the XML f ile you previously created (see the— To create system databases
procedure in Installing Server Roles from the Graphical Interface ).
5. On the Specify Location Name and Description page, specify the location name (default = Top Location), container
organizational unit (default = CortexCSP), and description (default = Top-level Service Provider Location).
6. On the Enter Service Provider Details page, specify basic information about your company: display name (default = Top
Service Provider), short name, UPN suffixes (default = tsp.local), contact name, and contact email.
7. On the Create First Administrator page, specify the user name (default = cspadmin), full name (default = CSP Admin),
display name (default = CSP Admin), password, and password expiration (default = password never expires). This
information configures the top-level administrator account within the control panel, with the ability to add customers,
assign services, and manage delegated administration.
8. Review the Summary page, which lists the location settings and f irst administrator information you specif ied, or the
defaults. If you want to change anything, return to the appropriate page. When the summary contains the settings you
want, click Commit.
In addition to the primary location, you can configure a remote location. This procedure associates the new location withan existing Services Manager instance. To configure a remote location:1. If the Setup and Configuration Tools are not already launched, double-click Autorun.exe from the Autorun folder on the
installation media.
2. On the Select Deployment Task page, select Manage Existing Deployment.
3. On the Manage Existing Deployment page, select Add Remote Location..
4. On the Configure Remote Location page, select Configure Location.
5. On the Load Deployment Configuration File page, browse to the XML f ile you previously created (see the— To create system databases
procedure in Installing Server Roles from the Graphical Interface ).
6. On the Specify Location Name and Description page, specify the location name (default = Top Location), container
organizational unit (default = CortexCSP), and description (default = Top-level Service Provider Location).
7. Review the Summary page, which lists the location settings you specif ied, or the defaults. If you want to change
anything, return to the appropriate page. When the summary contains the settings you want, click Commit.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.33https://docs.citrix.com
Configure server roles and locations from the command line
Jun 05, 2015
Updated: 2014-10-09This topic assumes that you have installed the Services Manager Configuration Tool on the platform servers you want to configure and on the server where you want to configure the primary
location or a remote location. When you install a platform server role, the Configuration Tool is installed automatically. To install the Configuration Tool only, see To install server roles from the
command line .
This topic includes the following sections:Command Conventions
Return Codes
Syntax
Databases options
Provisioning options
Directory Web Service options
Web options
Location options
Reporting options for deploying the Reporting service
Reporting options for deploying reports
Reporting (Data Warehouse) options
Report mailer options
Example: Configure the Provisioning and Directory Web Service server roles
Example: Configure the primary location
Example: Configure a remote location
Command Conventions
Several options use Boolean values (true or false).If you omit an option that requires a Boolean value, the default value is used. For example, if you do not include the /UseCortexSql:True | False option in the command, the default value (false) is
used; that is, the reporting database will not use the settings configured for the main system database.
If you specify an option that requires a Boolean value but you omit the value, the option value is true. For example, if you specify only /UseCortexSql (with no True or False value), the option is true;
that is, the reporting database will use the settings configured for the main system database.
You can use environment variables to represent one or more command-line options or option values (for example, /ReportingDBServer:%currentServer%, where currentServer is defined as an
environment variable).
Enclose option values that contain spaces in quotation marks (for example, /LocationName:"Southeast Hub").
Return Codes
The configuration command supports the following return codes:
Value Meaning
1 Another instance is already running.
0 Success.
-1, -2, -3 Command-line error.
-4 General failure during configuration. To debug further, review the log in %WINDIR%Temp.
Syntax
To configure the server roles and create the primary location from the command line, you execute the Services Manager Configuration Tool by typing the following at a command prompt:
CortexConfigConsole.exe /ConfigFile:config-file /Configure:tasks /task-options [/Help]
/Conf igFile:conf ig-f ile
Location of XML configuration f ile with read-write access for the current user. If this f ile already exists, its content will be overwritten during the configuration.
/Conf igure:tasks
Configures specif ied installed Services Manager roles and a location. Valid values are:
Databases – Creates the main Services Manager system databases.
Provisioning – Configures the Provisioning Engine.
DirectoryService - Configures the Directory Web Service.
Web – Configures the Web Server.
Location – Initializes the Services Manager instance. A location is the main unit of isolation between tenants, and usually corresponds to an Active Directory domain or forest.
Reporting – Creates the reporting database and configures the Data Warehouse feature.
ReportMailer – Configures the email environment for sending usage reports to the Citrix license monitor. Configuring the Report Mailer is required.
/Help
Displays command help.
Databases options
/CortexSql:name
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.34https://docs.citrix.com
Required. Name of the main system database (the previously-installed Microsoft SQL Server 2008 R2 instance).
/CortexSqlAuthMode:SQL|Windows
SQL Server authentication mode: SQL or Windows. Default = Windows
/CortexSqlUsername:username
Username for the main system database user. This is optional if you specify /CortexSqlAuthMode:Windows and are using integrated security.
/CortexSqlPassword:password
Password for the user name specif ied with the /CortexSqlUsername option. This is optional if you specify /CortexSqlAuthMode:Windows and you are using integrated security.
/CortexSqlPort:port
SQL Server port. Default = 1433 if this is the default SQL Server instance.
/GenerateCortexSqlCredentials:True | False
If true, passwords for the CortexProp, ExchangeLogs, OLMReports, and OLMUser system database users are automatically generated.
/CortexPropPassword:password
Password for the CortexProp database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/ExchangeLogsUserPassword:password
Password for the ExchangeLogs database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/OlmReportsUserPassword:password
Password for the OLMReporting database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/OlmUserPassword:password
Password for the main system database user. This is optional if you specify /GenerateCortexSqlCredentials:True.
/GenerateConf igFile:f ilename
Path and f ile name for XML configuration f ile.
Provisioning options
/SmtpServer:address
Required. Address of SMTP server from which email messages are sent, including system updates for administrators and account notif ications for end users.
/SmtpServerPort:port
Port on SMTP server to be used for sending email messages about system updates for administrators and account notif ications for end users. Default = 25
/SmtpOutFolder:folder
Folder that serves as an outbox for the control panel when sending emails. Default = %WINDIR%TempCortexEmail
/GenerateQueueMonitorCredentials (or GenQMonCreds):True | False
If true, user credentials are automatically generated for the Queue Monitor service, which processes administrative requests from the Web Server and automates other services. Default = False
/QueueMonitorUserName:username
User name for a domain account to be used by the Queue Monitor service (default = cortex_qmon_svc). The user must have full domain administrator permissions. This is optional if you specify
GenerateQueueMonitorCredentials:True.
/QueueMonitorPassword:password
Password for the user name specif ied with the /QueueMonitorUserName option. This is optional if you specify /GenerateQueueMonitorCredentials:True.
/AutoCreateQueueMonitorCredentials:True | False (or /AutoCreateQMon:True | False)
If true, the domain user account to be used by the Queue Monitor service is created if it does not already exist. Default = True
/GenerateDirectoryMonitoringCredentials:True | False (or GenDirMonCreds:True | False)
If true, user credentials for the Directory Monitoring service are generated automatically. This service monitors Active Directory, keeping account information current and sending email
notif ications for key events such as password expiry. Default = False
/DirectoryMonitoringUserName:username
User name for the account to be used by the Directory Monitoring service (default = cortex_dirmon_svc). This is optional if you specify /GenerateDirectoryMonitorCredentials:True.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.35https://docs.citrix.com
/DirectoryMonitoringPassword:password
Password for the user name specif ied with the /DirectoryMonitoringUserName option. This is optional if you specify /GenerateDirectoryMonitorCredentials:True.
/AutoCreateDirectoryMonitoringCredentials:True | False (or /AutoCreateDirMon:True | False)
If True, the user account to be used by the Directory Monitor service is created if it does not already exist. Default = True
Directory Web Service options
/DirectoryServicePort:port
Port used by the Directory Web Service. Default = 8095
/GenerateDirectoryServiceUserCredentials:True | False (or GenDirWSCreds:True | False)
If true, user credentials for the Directory Web Service are generated automatically. Default = False
/DirectoryServiceUserName:username
User name for an account to be used by the Directory Web Service. This is optional if you specify /GenerateDirectoryServiceUserCredentials.
/DirectoryServicePassword:password
Password for the user name specif ied with the /DirectoryServiceUserName option. This is optional if you specify /GenerateDirectoryServiceCredentials.
/AutoCreateDirectoryServiceUser:True | False (or /AutoCreateDirWS:True | False)
If true, the user account to be used by the Directory Web Service is created if it does not already exist. Default = True
Web options
/ExternalAddress:address
Externally-resolvable address by which the Web Server can be reached. Default = cortexweb
/UseSsl:True | False
If true, an SSL binding is created for the management portal. Default = True (recommended)
/SslCertif icate:name
Friendly name of the SSL certif icate to use. This is required if you specify /UseSSsl:True.
/BindingIpip-address
IP address to use for the new site binding. Default = "*" (all unassigned)
Location options
When configuring locations, consider the following items:Run all configuration steps as a domain administrator.
Ensure user account settings conform to any domain policies, such as minimum password complexity, and are valid.
Ensure the required f irewall ports are configured for each server in the deployment.
/PrimaryLocation:True | False
Required. If True, the /Locationx configuration option values are for the f irst Services Manager administrator. This is the top-level administrative account in the control panel; it can add customers,
assign services, and manage delegated administration.
/LocationName:name
Required. Name of the location. Default = Top Location
/LocationDescription:description
Description of the location. Default = Top-level Service Provider Location
/LocationOU:location
OU of the location.
/LocationOULabel:label
OU label of the location.
/CspAdminFirstName:f irst-name
First name of administrator (Default = CSP). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.36https://docs.citrix.com
/CspAdminLastName:last-name
Last name of administrator (Default = Admin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspAdminUserName:username
User name for the administrator (Default = cspadmin). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspAdminPassword:password
Password for the user name specif ied with the /CspAdminUserName option. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspContact:name
Contact name of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspContactEmail:address
Email address of the service provider. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspName:name
Name of service provider that will appear in displays. This is optional if you are configuring a secondary location (/PrimaryLocation:False).
/CspUPN:suff ixes
UPN suffixes (Default = tsp.local). This is optional if you are configuring a secondary location (/PrimaryLocation:False).
Reporting options for deploying the Reporting service
/UseCortexSql:True | False
If true, the reporting database will use the settings configured for the main system database. Default = False
/ReportingDBCollation:True | False
Determines how string data is sorted when comparing, selecting, or manipulating values from the database.
/ReportingDBServer:address
Address of the reporting database server. This is optional if you specify /UseCortexSql:True.
/ReportingDBServerPort:port
Port to use on the database server (Default = 1433). This is optional if you specify /UserCortexSql:True.
/ReportingDBName:name
Name of reporting database. Default = OLMReporting
/ReportingDBServerAuthMode:SQL | Windows
Authentication mode of the reporting database. This is optional if you specify /UseCortexSql:True.
/ReportingDBGenerateCredentials:True | False
If true, reporting database administrator account credentials are generated automatically. Default = False
/ReportingDBServerUserName:username
User name for an administrator account to be used to create the reporting database, plus create and configure the service account specif ied with the /OlmReporting* options. This is optional if
you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.
/ReportingDBServerPassword:password
Password for the user name specif ied with the /ReportingDBServerUserName option. This is optional if you specify /UseCortexSql:True and /ReportingDBServerAuthMode:Windows.
/OlmReportingUserName:username
Name of service account used by the Data Warehouse process to update the reporting database. This is optional if /ReportingDBGenerateCredentials:True.
/OlmReportingPassword:password
Password for the user name specif ied with the /OlmReportingUserName option. This is optional if /ReportingDBGenerateCredentials:True.
/OlmReportingUserAuthMode:SQL| Windows
Authentication mode: SQL or Windows (Default = SQL). This is optional if /ReportingDBGenerateCredentials:True.
Reporting options for deploying reports
/ReportingServer:url
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.37https://docs.citrix.com
Required. URL of the report server.
/ReportsUserName:username
Required. User name of the Reporting Service administrator.
/ReportsPassword:password
Required. Password for the user name specif ied with the /ReportsUserName option.
/PublishReports:report[,report]…
Comma-separated list of reports to deploy. Valid values are: AD Sync, Billing, Citrix, Communicator, DNS, Exchange, File Sharing, FTP, Mail Archiving, Microsoft CRM, MySQL, SharePoint, SQL Server,
Windows Web Hosting.
To publish all reports, use the /PublishAllReports option.
/PublishAllReports:True | False
If true, all available reports are published (Default = False). To publish a subset of the available reports, set this option to False, and use the /PublishReports option to specify the reports.
Reporting (Data Warehouse) options
/SuccessEmailFrom:address
Required. Source email address for success notif ications.
/SuccessEmailTo:address
Required. Destination email address for success notif ications.
/FailureEmailFrom:address
Required. Source email address for failure notif ications.
/FailureEmailTo:address
Required. Destination email address for failure notif ications.
/GenerateDataTransferCredentials:True | False
If true, user credentials for the Data Transfer Service are generated automatically. Default = False
/DataTransferUserName:username
User name for the account to use for the Data Transfer Service. This is optional if you specify /GenerateDataTransferCredentials:True.
/DataTransferPassword:password
Password for the user name specif ied with the /DataTransferUserName option. This is optional if you specify /GenerateDataTransferCredentials.
/SmtpServer:address
Address of SMTP server to be used for sending email messages.
/SmtpServerPort:port
Port on the SMTP server to be used for sending email messages.
Report mailer options
/CustomerId
Required. Customer ID.
/ReportMailerEmailServer:name
Name of SMTP mail server.
/GenerateUserCredentials:True | False
If true, credentials for the SMTP mail server user account are generated automatically. Default = False
/ReportMailerTaskUserName:username
User name for the account the Report Mailer task will use. This is optional if you specify /GenerateUserCredentails:True.
/ReportMailerTaskUserPassword:password
Password for the user name specif ied with the /ReportMailerTaskUserName option. This is optional if you specify /GenerateUserCredentails:True.
/ReportMailerEmailServerPort:port
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.38https://docs.citrix.com
Port number on SMTP server. Default = 25
/ReportMailerEmailUserName:username
User name for the user account that accesses the SMTP email server.
/ReportMailerEmailPassword:password
Password for the user name specif ied with the /ReportMailerEmailUserName option.
Example: Configure the Provisioning and Directory Web Service server roles
The following command configures the Provisioning and Directory Web Service server roles and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-file.xml /Configure:Provisioning,DirectoryWebService /SmtpServer:mail.takahepubs.com /DirectoryServiceUsername:cortex_dirws_svc /DirectoryServicePassword:password
Example: Configure the primary location
The following command configures the primary location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-file.xml /Configure:Location /PrimaryLocation:True /LocationName:My First Location /LocationOU:Organization-Name /LocationOULabel:My Organization /CspAdminPassword:password /CspContact:CSP-Name /CspContactEmail:[email protected] /CspUPN:my-org.com
Example: Configure a remote location
The following command configures a remote location and uses default values for most options:CortexConfigConsole.exe /ConfigFile:\server-nameconfig-file.xml /Configure:Location /PrimaryLocation:False /LocationName:My Second Location /LocationOU:Organization-Name /LocationOULabel:My Organization
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.39https://docs.citrix.com
Install Web Services
Jun 05, 2015
The topics in this section describe how to install CloudPortal Services Manager Web Services. Before you install any services:Install and configure the server roles and the location; for details, see Installing and Configuring Roles and Locations .
Meet the requirements for the services you will install; see System Requirements for Web Services .
Install a service by running the appropriate MSI with properties.
All services are hosted on a web site called CortexServices.
The following table lists the installation media folders containing the services.
Service Folder
BlackBerry CortexBlackBerryWS
Citrix XenApp for Windows CortexCitrixWS
Exchange CortexExchangeWS
MySQL CortexMySQLWS
SharePoint 2010 CortexSharepoint2010WS
SharePoint 3.0 CortexSharepointWS
Virtual Machine CortexVirtualMachineWS
Windows Web Hosting CortexIISWS
Lync Services
After you install a web service, configure it. See Configuring and Managing Services .
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.40https://docs.citrix.com
Installing the BlackBerry 4.0 Web Service
Jun 05, 2015
To install the service
Run CortexBlackBerryWS.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
BESADMINCLIENT_PATH=path
Full path to the BESAdminClient executable.
BESADMINCLIENT_PASSWORD=password
Password for BESAdminClient.
CORTEXWS_USERNAME=username
Typically the BES enterprise admin account.
CORTEXWS_PASSWORD=password
Typically the BES enterprise admin account.
CORTEXWS_PORT=port
Inbound port to be used/added to the CortexServices web site. Default = 8097
Sample installation command string
msiexec /I CortexBlackBerryWS.msi BESADMINCLIENT_PATH="C:Program FilesCitrixCortexBESUserAdminClientBESUserAdminClient.exe" BESADMINCLIENT_PASSWORD="Password" CORTEXWS_USERNAME="BESENTADMIN" CORTEXWS_PASSWORD="Password"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.41https://docs.citrix.com
Installing the Citrix Web Service
Jun 05, 2015
To install the service
Run CortexCitrixWS.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
CORTEXWS_USERNAME=username
Impersonation account for the Citrix service. Must be a Citrix administrator.
CORTEXWS_PASSWORD=password
Password for CORTEXWS_USERNAME.
CORTEXWS_PORT=port
Inbound port to be used/added to the CortexServices web site. Default = 8095
Sample installation command string
msiexec /I CortexCitrixWS.msi CORTEXWS_USERNAME="CITRIXADMIN" CORTEXWS_PASSWORD="Password"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.42https://docs.citrix.com
Installing the Exchange 2010 Web Service
Jun 05, 2015
To install the service
Run CortexExchangeWS.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
HASLEGACYSERVERS=True | False
Whether or not the environment contains servers running multiple versions of Exchange. For example, servers running Exchange 2010 in the same environment as Exchange 2007 servers.
Alternatively, servers running Exchange 2010 or 2007 in the same environment as Exchange 2003 servers.
PREFERREDDC=dc
Optional. Preferred domain controller.
EXCHWS_USERNAME=username
Impersonation account for the Exchange service (will be created by the install).
EXCHWS_PASSWORD=password
App Pool password.
CORTEXWS_PORT=port
Inbound port to be used and added to the CortexServices web site. Default = 8095
EXCHANGEVERSION=2007 | 2010
Exchange version: 2007 or 2010.
Sample installation command string
msiexec /I CortexExchangeWS.msi HASLEGACYSERVERS="False" PREFERREDDC="" EXCHWS_USERNAME="CPSM01_EXWS" EXCHWS_PASSWORD="Password" EXCHANGEVERSION="2010"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.43https://docs.citrix.com
Installing the Lync Enterprise and Lync 2010 for Hosting Web Services
Jun 05, 2015
Use this procedure to install the Lync Enterprise or the Lync 2010 for Hosting Web services on the Lync Front-End server.
To install the service
Run LyncEnterpriseWS.msi or LyncHostedWS.msi with the following properties:
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (86)CitrixCortex"
DNSSERVER_DOMAIN=domain
Domain name of DNS server.
LYNCWS_USERNAME=username
Lync service user name. Default = "cortex_LYNCWS_svc"
LYNCWS_PASSWORD=password
Password for LYNCWS_USERNAME. Default = "citrix"
CORTEXWS_PORT=port
Port to be used and added to the CortexServices web site. Default = 8095
Sample installation command string
msiexec /I LyncEnterpriseWS.msi DNSSERVER_DOMAIN="myDomain.local" LYNCWS_USERNAME="CORTEX_LYNCWS_SVC" LYNCWS_PASSWORD="Password"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.44https://docs.citrix.com
Installing the MySQL Web Service
Jun 05, 2015
To install the service
Run MySQL.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
CORTEXWS_PORT=port
Inbound port to be used/added to the CortexServices web site. Default = 8095
Sample installation command string
msiexec /I MySQL.msi
This service does not require additional properties to be passed for installation.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.45https://docs.citrix.com
Installing the SharePoint 3 Web Service
Jun 05, 2015
To install the service
Run CortexSharepointWS.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
CORTEXWS_USERNAME=username
App Pool ID.
CORTEXWS_PASSWORD=password
App Pool password.
CORTEXWS_PORT=port
Inbound port to be used and added to the CortexServices web site. Default = 8095
PREREQUISITES_PASSED=1
Required to enable installation of the SharePoint 3 Web Service by ignoring pre-requisite checking. Allows service installation without the presence
of .NET 4 on the Windows 2008 server.
Sample installation command string
msiexec /I CortexSharepointWS.msi CORTEXWS_USERNAME="WSSAdmin" CORTEXWS_PASSWORD="Password" PREREQUISITES_PASSED="1"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.46https://docs.citrix.com
Installing the SharePoint 2010 Web Service
Jun 05, 2015
To install the service
Run CortexSharePoint2010WS.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
PSREMOTING_USERNAME=username
PowerShell Remoting user name.
PSREMOTING_PASSWORD=password
PowerShell Remoting password.
PSREMOTING_URL=url
PowerShell Remoting URL. Usually, this is http://{0}:5985/.
CORTEXWS_USERNAME=username
App Pool ID. Usually, this is SharePoint Admin User.
CORTEXWS_PASSWORD=password
App Pool password.
CORTEXWS_PORT=port
Inbound port to be used/added to the CortexServices web site. Default = 8095
Sample installation command string
msiexec /I CortexSharepoint2010WS.msi PSREMOTING_USERNAME="SPFarmAdmin" PSREMOTING_PASSWORD="Password" PSREMOTING_URL="http://{0}:5985/" CORTEXWS_USERNAME="SPFarmAdmin" CORTEXWS_PASSWORD="Password"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.47https://docs.citrix.com
Installing the Virtual Machine Web Service
Jun 05, 2015
To install the service
Run VM.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
WMIDOMAIN=domain
Domain of the WMIUSER that is used to connect ISOs to virtual machines.
WMUSERID=username
User name of the WMIUSER.
WMIPW=password
Password of the WMIUSER.
SCOMSERVER=server
SCOM server, if advanced virtual machine reporting is required.
APPPOOLUSERID=id
App Pool ID (DOMAINCortexWSUser) of the user to run the application pool for the Web service.
APPPOOLPW=password
App Pool password.
CORTEXWS_PORT=port
Inbound port to be used and added to the CortexServices web site. Default = 8095
Sample installation command string
msiexec /I VM.msi WMIDOMAIN="myDomain.local" WMUSERID="CORTEXWSUSER" WMPW="Password" SCOMSERVER="SCOM01.mydomain.local" APPPOOLUSERID="myDomain.localCORTEXWSUSER" APPPOOLPW="Password"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.48https://docs.citrix.com
Installing the Windows Web Hosting Service
Jun 05, 2015
To install the service
Run CortexIISWS.msi with the following properties.
INSTALLDIR=install-directory
Installation directory. Default = "C:Program Files (x86)CitrixCortex"
CORTEXWS_USERNAME=username
Typically, this property and CORTEXWS_PASSWORD use the CortexWSUser credentials. This is the user to run the
application pool for the Web service.
CORTEXWS_PASSWORD=password
Typically, this property and CORTEXWS_USERNAME use the CortexWSUser credentials.
CORTEXWS_PORT=port
Inbound port to be used/added to the CortexServices web site. Default = 8095
Sample installation command string
msiexec /I CortexIISWS.msi CORTEXWS_USERNAME="CORTEXWSUSER" CORTEXWS_PASSWORD="Password"
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.49https://docs.citrix.com
Provision
Jun 05, 2015
The CloudPortal Services Manager provisioning engine is a Microsoft .NET service and is a key part of the Services Manager
system. Each provisioning request is processed by a set of provisioning rules that determine the actions required to fulfill the
request.
The provisioning engine receives requests from the Services Manager web application through Microsoft Message Queue.
This allows lengthy provisioning tasks to be executed out-of-process improving the end-user experience.
As the provisioning engine performs many administrative tasks it runs in the context of the user ServerName_qmon, where
ServerName is the name of the computer running the provisioning engine. This user must have full domain administrator
permissions.
Citrix CloudPortal Services Manager supports a variety of services that service providers can provision to resellers andcustomers. When provisioned, the following services provide administrative interfaces that allow resellers and customers toperform tasks such as managing users and service resources:
Service Tasks
Citrix Manage application groups
Manage network and application resources
Manage hosted applications
DNS Manage DNS zones
Exchange Create, modify, delete public folders
Manage contacts
Manage distribution groups
Create resource mailboxes
Import and export mailboxes
File Sharing Create f ile shares
Manage security groups
MySQL Once provisioned, customers can manage MySQL databases through a separate Web-basedadministration console.
Virtual Machines Add virtual servers
Create server restore checkpoints
Restore servers with checkpoints
Windows WebHosting
Create security groups
Manage Web sites
Install Web applications
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.50https://docs.citrix.com
Manage subdomainsService Tasks
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.51https://docs.citrix.com
Citrix Services
Jun 05, 2015
The Citrix service allows service providers to delegate end-user administration of Citrix applications to customers.
Notable features of the Citrix service include:Managing multiple Citrix XenApp farms in a single Active Directory console.
Delivering published applications through application groups to which users are assigned.
Ability to choose pre-defined security account groups or create new security groups for application publishing.
Support for public and private applications, application groups, and resources.
Setting default applications, groups, and resources when provisioning Citrix services to customers and users.
When you provision customers with Citrix services, the following items can be managed:Application groups
Resources, such as printers and f ile shares
Resources that are packaged as applications such as desktops
Hosted applications
Application Groups
Application groups consist of application or resource collections. Service providers can use application groups to provision
several resources or applications to users more efficiently.
Resources
Resources consist of network resources, such as printers or file shares, that others in the organization access.
Applications
Applications consist of network resources that are deployed as applications, such as desktops.
Hosted applications
Hosted applications consist of applications that reside on XenApp servers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.52https://docs.citrix.com
Creating and Removing Application Resources
Jun 05, 2015
To create an application
Before you create applications, ensure there is a server collection configured that hosts the resource.
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.
2. Under Management, click New Application.
3. Type the name and description for the application.
4. In Allocation, select the Default Application check box to include the application in the Citrix services package that is
provisioned to customers.
5. In Access, configure the application's availability by performing one of the following actions:
To make the application available to all customers, select the Public Group check box.
To make the application available to one specif ic customer, clear the Public Group check box and enter the name of
the customer you want to assign.
6. In Directory Resource, choose one of the following options:
Generate creates and names a security group automatically (e.g., CitrixRes 3).
Search enables you to f ind and select an existing security group within the domain.
Custom enables you to create a new security group with a unique name you specify.
7. In Publish, select Enabled to make the application visible to customers.
8. Click Save to create the application.
To delete an application
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Applications.
2. Select the application you want to remove.
3. In Manage Applications, click Delete and then click OK to confirm. The option to delete the corresponding Active
Directory object appears.
4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory
check box selected. To keep the Active Directory object, clear this check box.
5. Click Delete to remove the application. The application entry and Active Directory object, if selected, are removed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.53https://docs.citrix.com
To configure hosted application settings
Jun 05, 2015
To enable Services Manager to discover the hosted applications in your environment, you configure a server collection thatincludes the XenApp servers where the applications reside. After the server collection is created, you can use the CitrixApplications page to configure the global settings for each application.1. From the Services Manager menu bar, click Services > Citrix > Configuration > Citrix Applications.
2. Under Citrix Server Filter, select the location and server collection you want to use. All hosted applications configured for
the server collection appear.
Note: Click Refresh to ensure you are viewing all available hosted applications.
3. Under Configured Applications, select the hosted application whose settings you want to configure.
4. Under Manage Application Settings, select one of the following options to create an Active Directory group:
Generate creates and names a security group automatically (e.g., CitrixApp 3).
Custom enables you to create a new security group with a unique name you specify.
5. In Allocation, select the Default Application check box to include the hosted application in the Citrix services package
that is provisioned to customers.
6. In Access, configure the hosted application's availability by performing one of the following actions:
To make the hosted application available to all customers, select the Public Application check box.
To make the resource available to one specif ic customer, clear the Public Application check box and enter the name
of the customer you want to assign.
Note: If you make the hosted application available to one specif ic customer, the application can be added only to
application groups that belong to the same customer.
7. In Publish, select Enabled to make the hosted application visible to customers.
8. Click Save to create the Active Directory group and save your selections.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.54https://docs.citrix.com
To provision Citrix services to customers
Jun 05, 2015
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Citrix service name. The Grant access to Citrix applications page appears.
4. Select the server collection that the customer can use to access resources.
Note: If only one server collection is available, only the collection's resources appear. If multiple server collections are
available, you can configure only one collection for the customer.
5. Select the application groups, applications, and resources that the customer can access.
6. Click Provision to enable the customer to provision Citrix services to users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.55https://docs.citrix.com
To provision applications to multiple users
Jun 05, 2015
With Citrix application access, you can provision an application, resource, or application group to multiple users with a singleprovisioning request.To use application access, the Citrix service must be provisioned to the customer to whom the users belong. Additionally,
resellers who want to provision multiple users of sub-customers must have the Citrix service provisioned.
1. From the Services Manager menu bar, click Customers and select a customer for whom you want to provision
applications.
2. In Customer Functions, click Services. This ensures the customer is selected.
3. From the Services Manager menu bar, click Services > Citrix > Application Access.
4. In Type, select the type of application or resource you want to provision.
5. Select the application or resource you want to provision.
6. Under Citrix Application Management, select the users you want to provision.
7. Click Provision to send provisioning requests for all users selected. The selected users are added to the Active Directory
group for the application or resource.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.56https://docs.citrix.com
Provisioning Citrix Services to Resellers
Jun 05, 2015
To provision the Citrix service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Citrix service check box and then click the Citrix service name. The Reseller Service Setup page appears.
5. Select the server collection that the reseller can use to offer resources to customers.
6. Enable or disable the application groups, applications, and resources the reseller can offer to customers.
Note: If more than one server collection is available, you can select resources from these collections for the reseller.
After you make selections from one collection, select another collection and make additional resource selections.
7. Under User Plan, ensure Full is selected.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Citrix services to customers.
To enable resellers to offer resources from specified collections
By default, a reseller provisioned with the Citrix service can offer to a customer resources available on all configured Citrix
server collections. However, service providers can limit these offerings by specifying the collections available to resellers
when provisioning the Citrix service.
1. From the Services Manager menu bar, click Customers and select the reseller or customer for whom you want to
provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Click the Citrix service name. The Reseller Service Setup page appears.
5. Click Service Settings. The Configure Service Settings page appears.
6. Select the Server Collections check box to enable setting changes.
7. Clear the Use all server collections check box and then select the server collections to make available to the reseller.
8. Click Apply Changes to save your selections.
9. Click Apply Changes to save your changes to the Citrix service offering.
Note: To verify your changes, click Citrix to view the Reseller Service Setup page. If you specif ied only one server
collection for the reseller, only the collection's resources appear. If you specif ied more than one server collection, only
those you specif ied appear in the Server Collections box.
10. Click Provision to update the Reseller service with your changes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.57https://docs.citrix.com
Creating and Removing Resources
Jun 05, 2015
To create a resource
When creating a resource, you have the option to make the resource available to all customers (public resource) or make
the resource available to a specific customer (private resource). If you choose to make the resource private, the resource is
assigned only to the customer you specify and can be included in application groups only for the same customer. To modify
this assignment, you first deprovision the Citrix service for the customer through the Customer Services page. Then, you can
modify the resource to assign it to a different customer or make the resource public. After you modify the resource, you
can reprovision the Citrix service for the customer.
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.
2. Under Citrix Server Filter, select the location and server collection you want to use for the resource. Any existing
resources configured for the server collection appear.
3. Under Management, click New Resource.
4. Type the name and description of the new resource
5. In Allocation, select the Default Resource check box to include the resource in the Citrix services package that is
provisioned to customers.
6. In Access, configure the resource's availability by performing one of the following actions:
To make the resource available to all customers, select the Public Group check box.
To make the resource available to one specif ic customer, clear the Public Group check box and enter the name of the
customer you want to assign.
7. In Directory Resource, choose one of the following options:
Generate creates and names a security group automatically (e.g., CitrixGrp 3).
Search enables you to f ind and select an existing security group within the domain.
Custom enables you to create a new security group with a unique name you specify.
8. In Publish, select Enabled to make the application group visible to customers.
9. Click Save to create the application group.
To delete a resource
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Resources.
2. Select the resource you want to remove.
3. Under Manage Resources, click Delete and then click OK to confirm. The option to delete the corresponding Active
Directory object appears.
4. To remove the corresponding Active Directory object, leave the Delete the resource group from Active Directory check
box selected. To keep the Active Directory object, clear this check box.
5. Click Delete to remove the resource. The resource entry and Active Directory object, if selected, are removed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.58https://docs.citrix.com
Creating and Removing Application Groups
Jun 05, 2015
An application group is a collection of hosted applications, other application groups, and resources. With application groups,you can provision multiple applications and resources to customers quickly and eff iciently.You can also enable customers to create their own application groups that include the applications and resources that are
available to them. To use this feature, the customer must have a user with Citrix Service Administrator permissions, at a
minimum.
To create an application group
Before you create application groups, ensure there is a server collection configured that hosts the applications and
resources you want to include in the group.
When creating an application group, you have the option to make the group available to all customers (public group) or
make the group available to a specific customer (private group). If you choose to make the group private, be sure to click
Save & Reload. When you click Save & Reload, the group is assigned to the customer and all of the customer's private
applications and resources are available for inclusion. To modify this assignment, you first deprovision the Citrix service for
the customer through the Customer Services page. Then, you can modify the application group to assign it to a different
customer or make the group public. After you modify the application group, you can reprovision the Citrix service for the
customer.
When you assign an application group to a specific customer, you can include the group only in other application groups
that are assigned to the same customer.
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.
2. Under Citrix Server Filter, select the location and server collection you want to use for the application group. Any existing
application groups configured for the server collection appear.
3. Under Group Management, click New Application Group.
4. Type the name and description of the new group.
5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is
provisioned to customers.
6. In Access, configure the application group's availability by performing one of the following actions:
To make the application group available to all customers, select the Public Group check box.
To make the application group available to one specif ic customer, clear the Public Group check box and enter the
name of the customer you want to assign.
Note: If you make the application group private, click Save & Reload to create the group and view the customer's
other private application groups or resources. You can then include these items in the group.
7. In Directory Resource, choose one of the following options:
Generate creates and names a security group automatically (e.g., CitrixGrp 3).
Search enables you to f ind and select an existing security group within the domain.
Custom enables you to create a new security group with a unique name you specify.
8. Under Applications, select the hosted applications you want to include in the group.
9. Under Groups, select other available application groups you want to include.
10. Under Resources, select the network resources you want to include in the group.
11. In Publish, select Enabled to make the application group visible to customers.
12. Click Save to create the application group.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.59https://docs.citrix.com
To delete an application group
1. From the Services Manager menu bar, click Services > Citrix > Configuration > Application Groups.
2. Select the application group you want to remove.
3. Under Manage Application Groups, click Delete and then click OK to confirm. The option to delete the corresponding
Active Directory object appears.
4. To remove the corresponding Active Directory object, leave the Delete the application group from Active Directory
check box selected. To keep the Active Directory object, clear this check box.
5. Click Delete to remove the application group. The application group entry and Active Directory object, if selected, are
removed.
To create a customer-level application group
1. From the Services Manager menu bar, click Services > Citrix > Customer Application Groups.
2. Under Customer Management, search for and select the customer for whom you want to create the application group.
3. Under Group Management, click New Application Group.
4. Type the name and description of the new group.
5. In Allocation, select the Default Group check box to include the application group in the Citrix services package that is
provisioned to the customer's users.
6. Under Applications, select the application resources and hosted applications you want to include in the group.
7. Under Groups, select other available application groups you want to include.
8. Under Resources, select the network resources you want to include in the group.
9. Click Save to create the application group.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.60https://docs.citrix.com
DNS Services
Jun 05, 2015
When the DNS service is provisioned to a customer, the service provider creates the DNS zone(s) that the customer can
then use to create subzones, if necessary. The DNS service is available at the customer level only. The service cannot be
provisioned to a customer's users.
Customers provisioned with DNS services can create and manage DNS records that are attached to zones. DNS Service
Administrators can manage these records for the customer while Full Reseller Administrators can manage these records for
sub-customers.
Different types of records can be attached to a zone. When a record is created, only the Time to Live (TTL) setting can bemodified. Citrix CloudPortal Services Manager supports the following types of records:
Record Type Record Name Parameters
A IPv4 Host Record Host name
IPv4 Address
TTL
AAAA IPv6 Host Record Host name
IPv4 Address
TTL
CNAME Alias Alias
Host name
TTL
MX Mail Exchanger Host name
Target
Priority
TTL
NS Name Server Host name
Target
TTL
SRV Service Record Host name
Target
Service
Protocol
Priority
Weight
Port
TTL
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.61https://docs.citrix.com
TXT Generic Text Record Host name
Text
TTL
Record Type Record Name Parameters
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.62https://docs.citrix.com
To create DNS templates
Jun 05, 2015
DNS templates define the DNS records that are created when a customer domain is added or a service is provisioned to the
customer's account.
Templates can be created at any level in the customer hierarchy. Templates can also be overridden. For example, a Service
Provider has five domain templates configured. For Reseller A, two new templates are created at the reseller level. When
Reseller A provisions a customer, the Service Provider templates will be ignored and the two reseller templates will be
configured for the customer.
If you delete a DNS template, the template is not used for new domains or services that are provisioned to a customer.
However, existing customers' DNS records that were generated with the template are not removed. You can remove these
records manually through the DNS Records menu item.
By default, only the Service Provider Administrator role has permission to manage DNS templates. To enable this permission
for other security roles, click Security > Security Roles from the Services Manager menu bar and then select a security role.
Ensure the security role is a member of the DNS Service Administrator role group. The DNS Templates permission is located
on the Menus tab, under Services > DNS
1. From the Services Manager menu bar, click Services > DNS > DNS Templates. The DNS Overview page displays all the
templates that have been created for the selected customer.
2. Under DNS Management, click New DNS Template.
3. In Template Service, select the service for which the template is being configured. When the service is provisioned to the
customer, the DNS template is created. Leave this f ield blank if the template is created when a domain is added to the
customer.
4. In Record Type, select a record type and configure the options that are created when the DNS record is created. A
default {Domain} value is displayed for all DNS templates. This value refers to the customer's domain.
5. Click Save to create the template. The new template appears in the DNS template table.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.63https://docs.citrix.com
To provision DNS services to customers
Jun 05, 2015
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision DNS services.
3. In the services list, select DNS. The service configuration page appears. Domains that have been entered in the
customer's Domain Management section appear under Available Domains.
4. To add a new domain as a DNS zone, under Add Domain, enter the domain and click Add Domain. The domain appears in
a table under DNS Zones. You can add only one domain in this manner. If you enter another domain, the newly entered
domain replaces the previously entered domain in the DNS Zones table.
5. To add an existing domain as a DNS zone, under Available Domains, select the check box of the domain you want to add
and then click Add Zone. The domain appears in the DNS Zones table.
6. Click Provision. The Forward Lookup Zones folder on the DNS server is updated with the defined zones. Each zone has
the following records attached:
Start of Authority (SOA) record
Name of Server (NS) record
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.64https://docs.citrix.com
Creating DNS Zones and Records
Jun 05, 2015
To create DNS subzones
DNS zones are created when customers are initially provisioned with DNS services. Additional zones are created when
domains are added to the DNS service. Customers with DNS Service Administrator permissions can create DNS subzones to
which they can also add DNS records.
1. From the Services Manager menu bar, click Services > DNS > DNS Records.
2. Under Zone Management, enter the name of the new subzone and then select the zone to which it belongs.
3. Click New Sub-Zone. When the DSN page refreshes, the new subzone appears under DNS Filter, in the Zone drop-down
box.
To create DNS records
When you create a DNS record, only the Time to Live (TTL) setting can be modified. To change other record settings, you
must first deprovision the record. When you have finished making changes, you provision the record again.
1. From the Services Manager menu bar, click Services > DNS > DNS Records.
2. Under DNS Filter, perform the following actions:
1. In Zone, select the DNS zone to which you want to add the new record.
2. In Type, select the type of DNS record you want to create.
3. Under DNS Management, click New DNS Entry. The DNS Record screen appears.
4. Enter the record details and then click Provision to create the record.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.65https://docs.citrix.com
Hosted Apps and Desktops
Jun 05, 2015
The Hosted Apps and Desktops service allows service providers to provision customers, including resellers, with XenAppresources managed by Citrix App Studio. Using Services Manager to provision a customer with the Hosted Apps andDesktops service results in the following operations in Citrix App Studio:
Creates the customer as a tenant in Citrix App Studio.
Creates advertisement subscriptions for the tenant in Citrix App Studio.
Configuration of the Hosted Apps and Desktops service includes creating user plans containing App Studio
advertisements, which are the published apps and desktops available to a tenant. When you enable a user plan for a
customer, Services Manager creates an Active Directory user group for the customer and associates the group to the
subscription in Citrix App Studio.
Creates a Web Interface site for the tenant at the isolation level selected.
The Hosted Apps and Desktops service includes three pre-configured customer plans that correspond to the shared,
private site, and private server isolation levels for Web Interface sites. For information about tenant Web Interface site
isolation, refer to the Citrix App Studio product documentation located in Citrix eDocs.
Provisioning a user with the Hosted Apps and Desktops service results in the following operation in Citrix App Studio:Adds the user to a group that corresponds to the user plans chosen for the user. (The group is a subscription member in
Citrix App Studio, created during customer provisioning.)
Services Manager displays a list of advertisements included in each user plan to help customers choose a user plan for
users.
Deleting a user plan results in the following operations in Citrix App Studio:If the advertisements in the user plan are unique to the plan, the Hosted Apps and Desktops service removes from App
Studio subscriptions that map to the user plan.
If an advertisement in the user plan is provisioned to the customer as part of another user plan, the Hosted Apps and
Desktops service retains the subscription and removes from it the user group that corresponds to the deleted user plan.
To provision the Hosted Apps and Desktops service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Hosted Apps and Desktops service check box and then click the Hosted Apps and Desktops service name. The
Reseller Service Setup page appears.
5. Enable or disable the user plans that define the advertisements the reseller can offer to customers. Expand a user plan
to view its advertisements.
6. Enable or disable the customer plans that define the Web interface site isolation levels the reseller can offer to
customers.
7. Click Apply changes to save your changes to the Hosted Apps and Desktops service.
8. Click Provision to update the Reseller service with your changes.
To provision the Hosted Apps and Desktops service to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.66https://docs.citrix.com
3. Click the Hosted Apps and Desktops service name. The Service Plan Configuration page appears.
4. Choose a customer plan that defines the Web interface site isolation level for the customer.
5. Select user plans that define the advertisements that the customer can offer to users. Expand a user plan to view its
advertisements.
6. To specify a limit for the number of users that the customer can provision with the Hosted Apps and Desktops service,
select the Enabled check box and enter a value. Use the Citrix App Studio console to manage workload capacity.
7. If you made service changes, click Apply changes.
8. Click Provision to enable the customer to provision the service to users. Provisioning is complete when workflows are
created in App Studio to create or update tenant information and subscriptions. To check the status of the workflows,
use the App Studio console.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.67https://docs.citrix.com
Mail Archiving Services
Jun 05, 2015
To provision the Mail Archiving service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the Mail
Archiving service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Mail Archiving check box and then select the Mail Archiving service name. The Reseller Service Setup page
appears.
5. Select the customer plans that the reseller can offer to customers and then click Apply Changes.
6. Click Provision.
To provision the Mail Archiving service to customers
Before provisioning this service to a customer, ensure the customer has the Hosted Exchange service provisioned. Mail
archiving is supported with Exchange 2007 and 2010.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision the Mail
Archiving service.
2. Under Customer Functions, select Services. The customer's Customer Services page appears.
3. In Customer Plan, select the appropriate package for the customer.
4. Depending on the package you selected, configure the following properties:
PlanTemplateName
Template Property
Internal Mailbox Password: Specify the password for the customer's archive mailbox account.
External External Email Address: Specify the external email address receiving the journal reports.
Global
Relay
Mailbox Password: Specify the password for the customer's archive mailbox account.
Primary Domain: Specify the customer's unique primary domain.
Secondary Domain: If applicable, specify the secondary domains that will be managed by Global Relay.
Under Administrator Contact Details, specify the telephone and mobile numbers and the email address
of the service administrator. These details are forwarded to Global Relay Administration.
5. Click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.68https://docs.citrix.com
Mail Archiving Provisioning Changes in ActiveDirectory and Exchange
Jun 05, 2015
Changes When Provisioning External Archiving
When a customer is provisioned with the External customer plan, the following changes occur:
Changes in Active Directory Changes in Exchange 2007 and 2010
Contact {CustomerShortName} ArchiveMailbox Contact is added.
{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.
Universal Security Group{CustomerShortName} Archive Mailboxesare added.
{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].
Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.
{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).
Journal Reports are sent to {CustomerShortName} Archive MailboxContact.
Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}
When users are provisioned with the Mail Archiving service, they become members of the MARCH {CustomerShortName}
FULL group.
Changes When Provisioning Internal Archiving
When a customer is provisioned with the Internal customer plan, the following changes occur:
Changes in Active Directory Changes in Exchange 2007 and 2010
User “mailarchive_{CustomerShortName}" isadded.
{CustomerShortName} Archive Mailbox Contact is added to MailContact folder. The External contact email address specif ied duringcustomer provisioning is attached to this contact.
Universal Security Group{CustomerShortName} Archive Mailboxes isadded.
{CustomerShortName} Archive Mailboxes are added to DistributionGroup Folder. SMTP address is set as [email protected].
Global Security Groups MARCH{CustomerShortName} FULL and MARCH{CustomerShortName} NONE are added.
{CustomerShortName} Journal is added to Journaling (OrganizationConfiguration >> Hub Transport).
Journal Reports are sent to {CustomerShortName} Archive MailboxContact.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.69https://docs.citrix.com
Journal messages for the recipient are configured asarchivemailboxes@{primarydomain}
Changes in Active Directory Changes in Exchange 2007 and 2010
When users are provisioned with the Mail Archiving service, they become members of the MARCH {CustomerShortName}
FULL group.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.70https://docs.citrix.com
Provisioning Services and Customers in Bulk
Jun 05, 2015
CloudPortal Services Manager enables service providers to create bulk provisioning requests for existing customers andusers. Service providers can use this feature to apply service updates to existing customers in one operation. Serviceproviders can use the following options:
Bulk Reprovisioning creates requests for users and services of a single customer.
Bulk System Provisioning creates requests for all users and all customers
When a provisioning request is created, it is sent to the provisioning engine and a confirmation message is displayed. Any
errors in the actual provisioning transaction appear on the Customer Services page of Services Manager.
To create requests for users and services of a single customer
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk Reprovisioning.
2. Under Customer Search, enter the name of the customer whose users you want to reprovision and click Search.
3. Select one of the following options:
Re-provision all users creates a request to reprovision all users of the specif ied customer.
Re-provision all customer services creates a request to reprovision all the services originally provisioned to the specif ied
customer.
Re-provision all user services creates a request to reprovision all the services originally provisioned to the specif ied
customer's users.
Re-provision a specif ic service to all users creates a request to reprovision a selected service to all users of the
specif ied customer, regardless of whether or not the service was originally provisioned to all users.
4. Click Provision. The provisioning request is created and sent to the provisioning engine. To view the status of the request,
click Configuration > Provisioning & Debug Tools > Provisioning Requests.
To create requests for all users and services of all customers
Use the Bulk System Reprovisioning feature to issue provisioning requests that affect all customers or users in the Services
Manager system. For example, you can create a request for all customers or users to be reprovisioned with services based
on whether or not the services were provisioned successfully on a previous attempt.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Bulk System Provisioning.
2. Under Entity, select one of the following options:
Customers creates a provisioning request for all customers in the Services Manager system.
Customer Services creates a request for a selected service to be reprovisioned to all customers in the Services
Manager system.
Users creates a provisioning request for all users in the Services Manager system.
User Services creates a request for a selected service to be reprovisioned to all users in the Service Manager system.
3. Under Current Status, select one of the following options:
Provisioned specif ies requests that have been successfully provisioned for the selected entity.
Provisioning failed specif ies requests that have been unsuccessfully provisioned for the selected entity.
Provisioning and Provisioning failed specif ies all requests submitted for the selected entity.
4. Click Provision. The request is sent to the provisioning engine. To view the status of the request, click Configuration >
Provisioning & Debug Tools > Provisioning Requests. Any resulting errors appear on the Customers or Users pages of
CloudPortal Services Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.71https://docs.citrix.com
To create security groups and add users
Jun 05, 2015
Customers who are Full Customer Service Administrators can create security groups and add users. After the security groupis created, customers can use the group to assign resource permissions to all members of the group.Security groups are available for customers who are provisioned with File Sharing and Web Hosting services.
1. From the Services Manager menu bar, click Customers > Configuration > Security > Security Groups.
2. Under Management, perform the following actions:
1. In Name, enter the name of the group you want to create.
2. In Type, ensure Security is selected.
3. Click New Group to create the security group. Services Manager creates the security group and displays the group
configuration screen.
3. To add users to the security group, click the Members tab.
4. In Member Search, enter the name of the user you want to add and click Find.
5. In the results table, select the check box for the user you want to add and click Add.
6. Click Save to save your selections.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.72https://docs.citrix.com
Office Communicator 2007 Services
Jun 05, 2015
To provision Office Communicator services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the Office
Communicator service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Office Communication Server 2007 check box and then select the Office Communication Server 2007 service
name. The Reseller Service Setup page appears.
5. In the User Plan table, select the check boxes for each level the reseller can offer to customers.
Note: The user plan defines the Communicator features that are available to provisioned users.
6. In the Customer Plan table, select the check boxes for each template the reseller can offer.
Note: The customer plan defines the home server to which users are assigned.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer the Office Communicator service.
To provision Office Communicator services to customers
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision Office Communicator services.
3. In the services list, select Office Communication Server 2007. The Service Plan Configuration page appears.
4. In Customer Plan, select the template to assign to the customer.
Note: The customer plan defines the home server to which users are assigned.
5. Under Internal SIP Domains, select the check boxes for each domain you want to enable for handling voice and video
communication.
6. Click Advanced Settings and perform the following actions:
1. Under User Plans, select the check boxes for each user plan the customer can offer users.
Note: The user plan defines the Communicator features that are available to provisioned users.
2. In Maximum Users, select the Enabled check box and then enter the total number of users the customer can
provision.
3. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
7. Click Provision to enable the customer to provision users with the Office Communicator service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.73https://docs.citrix.com
Viewing and Filtering Provisioning Requests
Jun 05, 2015
Citrix CloudPortal Services Manager enables administrators to review the current status of provisioning requests after they
have been submitted to the provisioning engine.
Administrators can view these requests through the Services Manager system or with an RSS feed. Administrators can also
search for a specific request.
Using the Services Manager Web-based interface, administrators can view the following information:The type of provisioning request (e.g., Bulk Request, Object Provision, Object Deprovision, etc.)
The service and customer for whom the request is created
The date on which the request is executed
The subrequests that are executed as part of the provisioning request and their transaction logs
If all subrequests in a provisioning request execute successfully, the request displays a green status indicator. If some
subrequests do not execute successfully, the request displays a yellow triangle status indicator which, later, changes to a
red status indicator.
To view provisioning information through the Services Manager system
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
2. To view the transaction logs and subtasks executed in a provisioning request, click the Request Type entry and then
expand the Request Logs or Sub-Requests nodes.
To view provisioning errors with RSS
The CloudPortal Services Manager RSS feed enables administrators to receive notifications whenever a provisioning error
occurs. Because the RSS feed is secured using Windows authentication, an RSS reader that supports digest authentication
is required. You can change the authentication method through IIS, if necessary.
The URL for the RSS feed is http://YourHostHeaderName/cortexdotnet/Rss/CortexProvisioningErrorsRss.aspx.
To search for a specific provisioning request
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
2. Under Request Filter, use the following f ilters to refine the list of provisioning requests:
Type displays requests of a specif ic type such as Object Provision.
My Requests and All Requests displays requests that you have created or all requests in the system.
Request Status displays requests of a particular status that have been recorded during the life of the system. For
example, using this f ilter to f ind requests with the Provisioned status displays requests with a green status indicator in
the Status column.
Object Status displays requests where the current status of subrequests matches the status selected.
Note: Using this f ilter to f ind subrequests with the Provisioned status might display some failed provisioning requests
in f iltered results. However, the subrequest itself is not necessarily in a failed state. For example, a provisioning request
to move a customer's user from one Hosted Exchange package to another might fail because the Services Manager
system cannot f ind the mail store for the new package. Although the provisioning request failed, the user is still
attached to the current package.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.74https://docs.citrix.com
To migrate users to different user plans in bulk withthe Package Migration Wizard
Jun 05, 2015
Use the Package Migration Wizard to move multiple users from one user plan to another user plan. When you specify theservice and user plan from which to migrate, Services Manager can automatically select the customers and users whomatch the criteria. If the users you are migrating belong to customers that have not been provisioned with the target userplan, Services Manager can create the required package and complete the migration.This process creates a bulk provisioning request that you can track on the Provisioning Requests page. To make tracking
easier, you can specify a unique name and description for the request.
1. From the Services Manager menu bar, click Configuration > Provisioning & Debug Tools > Package Migration Wizard.
2. Under Wizard Setup, select any of the following wizard options and then click Next:
Select all customers selects for migration all customers with the specif ied source plan.
Select all users selects for migration all users in the Services Manager system with the specif ied source plan.
Generate missing destination packages enables Services Manager to create the target user plan for users belonging
to customers who are not provisioned with the target user plan.
3. Under Service Selection, in Service, select the service containing the user plan from which you want to migrate and then
click Next.
4. Select the user plan from which you want to migrate and click Add selected packages. The selected user plan appears in
a table, in the Source column.
5. From the package table, in the Destination column, select the plan to which you want to migrate and then click Next. A
table displays the customers that match the selected service and source user plans.
6. Ensure the customers you want to migrate are selected and then click Next. The source and destination user plans are
displayed.
7. To verify the appropriate users are selected, perform the following actions:
1. Click the source user plan and then click the customer name.
2. On the Users screen, select or clear the Selected check box as required for any users that you do or do not want
migrated.
3. Click Save and then click Save again to save your changes.
8. Under Request Details, enter a name and description for the provisioning request so it can be easily tracked on the
Provisioning Requests page.
9. Click Finish. Services Manager creates the provisioning request and sends it to the provisioning engine. To view the status
of the request, click Configuration > Provisioning & Debug Tools > Provisioning Requests.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.75https://docs.citrix.com
BlackBerry Services
Jun 05, 2015
The Citrix CloudPortal Services Manager offers a BlackBerry service that simplifies the BlackBerry user management
processes. Services Manager integrates with BlackBerry® Enterprise Servers to manage, add, modify, and delete user
accounts.
To ensure that the BlackBerry service works successfully, the customer and user must be provisioned with the Hosted
Exchange service before they are provisioned with the BlackBerry service.
The BlackBerry service includes the following features:All of BlackBerry's standard management tasks can be performed within the Services Manager control panel.
BlackBerry user provisioning can be delegated to the end-customer.
The BlackBerry service is compatible with Exchange 2003, 2007, and 2010 Enterprise.
Multiple BlackBerry Enterprise servers can be supported.
The movement of provisioned users from one BlackBerry Enterprise server to another is supported.
To provision BlackBerry services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the BlackBerry service and then select the BlackBerry service name with which to configure the service.
5. Enable the customer plans (BlackBerry 5) and user plans (BlackBerry 4) that the reseller can sell to its customers.
Note: The plans determine the BlackBerry server that is used to store users' BlackBerry accounts.
6. Click the plan to display the Configure Service Settings page.
7. For user plans, under User Package Limit, enter the maximum number of users that can be provisioned with the selected
user plan.
8. Click Apply Changes to save your changes to the selected plan.
9. Click Apply Changes to save your changes to the BlackBerry service.
10. Click Provision to provision the BlackBerry service to the reseller.
To provision BlackBerry services to customers
Before provisioning the BlackBerry service, customers must first be provisioned with Hosted Exchange services.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Select the BlackBerry service. The Service Package Configuration page appears.
4. Under Advanced Settings, enable the user plans that the customer can use to provision the service to its users.
5. Click the service access level to display the Configure Service Settings page.
6. Under User Package Limit, enter the maximum number of users that can be provisioned at the selected user plan.
7. Click Apply Changes to save your changes.
8. In Maximum Users, if required, click Enabled and then specify the maximum total number of users that can be provisioned
with the service.
9. In Billing, click Enabled to indicate the service generates charges to the customer.
10. Click Apply Changes to save your changes to the BlackBerry service.
11. Click Provision to provision the BlackBerry service to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.76https://docs.citrix.com
Virtual Machines Services
Jun 05, 2015
Customers provisioned with Virtual Machine services can create and manage the virtual servers in their organizations.
Customers can add and configure new virtual servers, create checkpoints that enable restoring virtual servers to a previous
state, and add or remove servers from available networks.
Resource Pools
Customers can be assigned resource pools which include limits on total disk storage, memory, processors, and number of
virtual machines. When a resource pool is assigned, the customer can create, manage, stop, start, upgrade, and downgrade
their virtual servers through the Services Manager control panel. If more resources are needed, the customer's reseller can
add the required resources.
Virtual Networks
Customers can be assigned one or more virtual networks and Services Manager can automatically assign a VLAN tag or
allow the customer to assign the tag manually.
After the network is set up, the customer can add or remove virtual servers from the virtual network. Virtual networks can
span across multiple physical hosts managed by the same SCVMM server. This means that customers' virtual servers can be
distributed across hosts.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.77https://docs.citrix.com
To provision Virtual Machine services to customers
Jun 05, 2015
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the Virtual Machine service.
3. In the services list, click Virtual Machine. The Service Package Configuration page appears.
4. In Package Template, select the template you want to assign to the customer.
Note: The package template defines the properties of all virtual machines that are created, including CPU, memory, and
the total number of virtual machines that can be created.
5. In Management Server, select the SCVMM server to use for handling customer requests generated through CloudPortal
Services Manager.
Note: When the service is provisioned to the customer, this setting cannot be changed. To update the server, deprovision
the service for the customer and ensure the virtual machines are recreated on the new SCVMM server.
6. Under Virtual Resources, perform the following actions:
1. Expand the Hosts & Networks node and select the server you want to host the virtual machines and the network
under each host.
2. Expand the Machine Templates node and select the templates the Customer Administrator can use to create virtual
machines.
3. Expand the Guest OS Profiles node and select the operating systems the Customer Administrator can assign to the
machine templates.
4. Expand the DVD Images node and select the images the Customer Administrator can mount on virtual machines.
5. Expand the CPU Types node and select the CPUs the Customer Administrator can use for virtual machines.
7. Under Networking, expand the node for the type of VLAN you want to assign and select the VLAN to assign as the
customer's virtual environment.
8. Under Resource Configuration, to customize the settings assigned by the package template you selected in Step 4, clear
the Auto select package resource limits check box and make the appropriate changes.
9. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enable check box and enter the total number of users the customer can provision.
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
10. Click Provision to enable the customer to create virtual machines.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.78https://docs.citrix.com
To add virtual servers
Jun 05, 2015
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Under Machine Management, click New Virtual Machine. The Virtual Server Manager appears.
3. Under Virtual Machine Identity, enter a computer name and description for the new virtual machine.
4. Under Source Templates, perform one of the following actions:
Select Create a new virtual machine with a blank disk to create a virtual machine without using a source image.
Select Use an existing virtual machine template to create a virtual machine using a source image that you select from
the Machine Template drop-down box.
5. Under Guest Operating System, perform the following actions:
1. In Template, select the operating system you want to install.
2. In T ime Zone, select the time zone for the server.
3. In Product Key, enter the software product key for the selected operating system. If the product key has been
included in the operating system template, a note appears to this effect.
4. In Administrator Password, specify the password for the machine's local administrator account. If the password has
been included in the operating system template, a note appears to this effect.
6. Under Hardware, perform the following actions:
1. In CPU, specify the number and type of cores for the new virtual machine.
2. In Memory, specify the amount of available memory for the new virtual machine.
3. Configure the virtual devices associated with the machine. For example, to add a disk drive to the machine, click New
Disk. When you add devices, a configuration box appears where you can define the device's properties such as device
channel, media (for DVD devices), type, and size.
Note: After the virtual machine is provisioned, you can only increase the disk size. You cannot decrease it. To modify
the virtual machine's hardware, you must f irst stop the machine.
7. Under Network Adapters, perform the following actions:
1. Choose the network adapter to use for the virtual machine and click Add network adapter.
2. Configure the network adapter, if necessary, to connect to a specif ic network and configure the machine's MAC
address.
8. To start the virtual machine immediately after it is provisioned, select the Start the virtual machine check box.
9. Click Provision to save your selections.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.79https://docs.citrix.com
Recording Server States with Checkpoints
Jun 05, 2015
Checkpoints capture the state of a virtual machine at a certain moment in time. You can then use the checkpoint torestore the virtual machine to the state it was in when the checkpoint was created.
To create a checkpoint
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Select the virtual machine for which you want to create a checkpoint.
3. On the Checkpoints tab, in the Checkpoint Management table, click Add. A blank text box appears in the Name column.
4. Type the name of the checkpoint and then click Update.
To restore a virtual machine to a previous state
1. From the Services Manager menu bar, click Services > Virtual Machine > Virtual Machines.
2. Select the virtual machine whose state you want to restore.
3. On the Checkpoints tab, select the checkpoint you want to use.
4. Click Restore. The restore request is sent to the host machine. To view the progress of the restore, click the Status tab.
The Most Recent Task section displays the progress of each task the host machine processes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.80https://docs.citrix.com
MySQL Services
Jun 05, 2015
CloudPortal Services Manager enables customers with Customer Administrator permissions to create and remove new
MySQL databases. The number of databases that customers can create is configured when the MySQL service is
provisioned.
MySQL User Roles and Permissions
User roles are comprised of MySQL permissions. The following table describes the permissions that are included in each role.
MySQL Permissions ReadOnly Role DBA Role User Role Full Role
SELECT X X X X
INSERT X X X
UPDATE X X X
DELETE X X X
EXECUTE X X X X
SHOW VIEW X X
CREATE X X
ALTER X X
REFERENCES X
INDEX X X
CREATE VIEW X X
CREATE ROUTINE X X
ALTER ROUTINE X X
DROP X X
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.81https://docs.citrix.com
CREATE TEMPORARY TABLES X X X
LOCK TABLES X X X
MySQL Permissions ReadOnly Role DBA Role User Role Full Role
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.82https://docs.citrix.com
Creating MySQL Databases and Users
Jun 05, 2015
To create a new MySQL database
1. From the Services Manager menu bar, click Services > MySQL > Databases.
2. Under Database Management, click New MySQL Database. The Database Details box appears.
3. Enter the name of the new database.
Note: The database name consists of a default prefix (customer code) and the name you specify. The entire database
name, including prefix, cannot exceed 16 characters.
4. Click Provision to create the database.
To add new MySQL users
1. From the Services Manager menu bar, click Services > MySQL > Users.
2. Under MySQL User Management, click New MySQL User.
3. Enter the user name and password for the new user.
4. Ensure the Is Enabled check box is selected. Clearing this check box disables the user account.
5. Under Databases, select the databases to which you want to assign access.
6. To configure permissions for each database, click Edit and then select one of the following roles:
ReadOnly allows users to execute queries and view records.
DBA allows users to perform most database functions, with the exception of referencing table columns as part of
foreign key constraints.
User allows users to run queries as well as create, modify, and remove records.
Full allows users to perform all database functions.
7. Click Update to save your selection.
8. Click Provision to create the user account.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.83https://docs.citrix.com
Provisioning MySQL Services
Jun 05, 2015
To provision MySQL services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the MySQL
service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the MySQL check box and then select the MySQL service name. The Reseller Service Setup page appears.
5. Under Servers, select the MySQL database server that the reseller can use for provisioning customers.
6. In the Customer Plan table, select the check boxes for each template the reseller can offer to customers.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer the MySQL service to customers.
To provision MySQL services to customers
Before provisioning the MySQL service, database resources must be configured for the customer.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision MySQL services.
3. In the services list, select MySQL configure resources. The Service Setup page appears.
4. Expand the server tree, select the server to use for provisioning the customer, and then click Save.
5. In the services list, select MySQL. The Service Plan Configuration page appears.
6. In Customer Plan, select the template to assign to the customer.
Note: The customer plan defines the number of databases and users that the Customer Administrator can create after
the service is provisioned.
7. In MySQL Server, select the server the customer can use to host databases and users.
8. To customize the database and user limits, under Resource Configuration, perform the following actions:
1. Clear the Auto select package resource limits check box.
2. In Database Limit, enter the maximum number of databases the customer can create.
3. In User Limit, enter the maximum number of database users the customer can provision.
9. Click Provision to provision the MySQL service to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.84https://docs.citrix.com
File Sharing Services
Jun 05, 2015
Citrix CloudPortal Services Manager enables customers to provide f ile sharing services to their users. Once provisioned, userscan access the customer's f ile share directory through another mechanism. For example, the f ile share can be configured asa Citrix resource and accessed in a Citrix XenApp session. Customers can use the directory to store and transfer f iles toothers in the organization as well as manage the directory subfolders. Customers can also assign folder permissions tousers.
To provision file sharing to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the File Sharing service check box and then click the File Sharing service name. The Reseller Service Setup page
appears.
5. In the User Plan table, enable any of the following service access levels:
Full allows users to read, modify, and delete f iles.
Read includes List permissions and allows users to traverse folders and run program files.
List allows users to view file and subfolder names, read data in the f iles, and to view file and folder attributes, including
extended attributes.
6. In the Customer Plan table, enable the package templates that the reseller can offer to customers.
7. Under Resource Configuration, in Disk Limit, enter the maximum amount of storage in megabytes (MB) to allocate to the
reseller.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer the service to customers.
To provision file sharing to customers
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision File Sharing services.
3. In the services list, select File Sharing. The Service Plan Configuration page appears.
4. In Customer Plan, select the package template with which to provision the customer. To customize the package, click
Edit.
5. In File Share Server, select the server hosting the customer's f ile share directory.
Note: This f ield appears when the selected customer plan does not have the Automatic Server Selection property
enabled and has more than one server configured. If the selected package has this property enabled, this f ield does not
appear and a f ile server is chosen automatically when the File Sharing service is provisioned to the customer.
6. To customize the storage limit for the customer, under Resource Configuration, clear the Auto select package resource
limits check box and, in Disk Limit, enter a new value.
7. Click Advanced Settings and perform the following actions:
1. Under User Plans, select the check box for each service access level to which the customer can assign users.
2. To limit the number of users the customer can provision, under Maximum Users, select the Enabled check box and
enter the number of users allowed.
3. To ensure the service generates charges to the customer when provisioned, under Billing, ensure the Enabled check
box is selected.
8. Click Provision to save your selections and provision the service to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.85https://docs.citrix.com
File Sharing Provisioning Changes in Active Directory
Jun 05, 2015
Changes When Provisioning Customers
When a customer is provisioned with the File Sharing service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> FSS is created and all Full Service Administrator users
are added as members.
The global security group FSS <CustomerShortName> FULL is created. No members are added to this group until users
are provisioned.
The global security group FSS <CustomerShortName> NONE is created. Users that are not provisioned with the File
Sharing service are members of this group.
Changes When Provisioning Users
When a user is provisioned with the File Sharing service, the user becomes a member of the global security group FSS
<CustomerShortName> FULL.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.86https://docs.citrix.com
Managing File Sharing Services
Jun 05, 2015
To create a subfolder in the file sharing directory
1. From the Services Manager menu bar, click Services > File Sharing Manager.
2. In the Folders pane, select the folder under which you want to create the subfolder.
3. On the Folders tab, in New Directory, enter the name of the subfolder you want to create.
4. Click Create. The new subfolder appears in the Folders pane.
To assign folder permissions to users
1. From the Services Manager menu bar, click Services > File Sharing Manager.
2. In the Folders pane, select the folder for which you want to assign permissions.
3. On the Permissions tab, search for the user or security group to whom you want to assign folder permissions. After
locating the user, click Add. The user appears in the Members table.
4. From the Members table, select the users to whom you want to assign folder permissions and click Manage Permissions.
5. Under Permissions, select the permission level you want to assign and click Save.
6. To apply the permissions only to the selected folder, clear the Apply the permissions to subfolders and f iles check box.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.87https://docs.citrix.com
CRM 4 and CRM 2011 Services
Jun 05, 2015
To provision CRM 4.0 and CRM 2011 services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Depending on the CRM version you are provisioning, select the Customer Relationship Management 4 or the Customer
Relationship Management 2011 check box and then click the service name. The Reseller Service Setup page appears.
5. Select the customer plans that the reseller can offer to customers.
Note: The customer plans selected determine the CRM servers that are allocated to the reseller for provisioning
customers.
6. To customize the customer plan, click the plan name to display the Configure Service Settings page.
Note: Changes you make to the customer plan are applied to all customers subsequently provisioned with the plan.
7. Click Apply Changes to save your changes to the customer plan.
8. Click Apply Changes to save your changes to the service.
9. Click Provision to enable the reseller to offer the CRM service to customers.
To provision CRM 4.0 services to customers
When provisioning a customer with the CRM 4.0 service, additional configuration might be required, depending on whether
or not the customer plan is configured to allow organizations. The Organizations feature in CRM 4.0 allows service
providers to host multiple customer databases on a single CRM server. To maintain data integrity, only one customer is
assigned to an organization. If multiple customers are assigned to a single organization, the data is shared among the
assigned customers.
Service providers configure CRM customer plans to automatically enable or disable the Organizations feature. When
enabled, Services Manager creates a CRM organization for the customer when the service is provisioned. The organization's
name appears in the format {CustomerLongName} {InstanceName}. When disabled, the reseller can assign an organization
to the customer when the service is provisioned.
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click Customer Relationship Management 4 create an instance. Enter an instance name and a display name and then
click Create. The Instance Setup page appears.
4. Under Service Configuration, select the customer plan to provision to the customer.
Note: The customer plan determines the servers on which the customer's user data is stored and how Services Manager
sets up the database. The plan selection also determines any additional service options that require configuration before
the service can be provisioned to customers.
5. If the selected plan includes the ability to create an organization for the customer, perform the following actions:
1. Under CRM Configuration, in CRM Server, select the CRM server that hosts the customer's instance.
2. Click Service Settings to view the Configure Service Settings page and then select the Customer category.
3. Ensure the following settings are selected and that the correct values have been entered:
SQL Collation
Currency Code
Currency Name
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.88https://docs.citrix.com
Currency Symbol
The Currency Code setting cannot be changed after the CRM service is provisioned to the customer.
4. Click Apply Changes to save any changes you made.
6. If the selected plan does not include the ability to create an organization for the customer, perform the following
actions:
1. Under CRM Configuration, in CRM Server, select the CRM server that hosts the customer's instance.
2. In Organization, select the organization to which the customer is assigned.
Note: This selection cannot be changed after the customer is provisioned.
7. Click Provision to provision the customer with the CRM service.
To provision CRM 2011 services to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click Customer Relationship Management 2011 create an instance. Enter an instance name and a display name and then
click Create. The Instance Setup page appears.
4. Under Service Configuration, select the customer plan to provision to the customer.
Note: The customer plan determines the servers on which the customer's user data is stored and how Services Manager
sets up the database. The plan selection also determines any additional service options that require configuration before
the service can be provisioned to customers.
5. Under CRM Configuration, perform the following actions:
1. In CRM Server, select the CRM server that hosts the customer's instance.
2. Ensure the following settings are selected and that the correct values have been entered:
SQL Collation
Currency Code
Currency Name
Currency Symbol
Currency Precision
The Currency Code setting cannot be changed after the CRM service is provisioned to the customer.
6. Click Provision to provision the customer with the CRM service.
To import CRM organizations created outside Services Manager
The CRM Import Tool for CRM 4.0 and CRM 2011 enables service providers to import CRM organizations that were not
initially created through Services Manager. Service providers can link the organization to a customer in Services Manager
and, where possible, match the organization's users to the domain user ID of the customer's users in Services Manager.
1. From the Services Manager menu bar, click Services > CRM 4 > CRM Import. The CRM Customer Allocation page displays
a list of the organizations configured on the CRM server. If an organization is allocated to a customer, the customer's
name appears in the list.
2. Select the CRM organization you want to import. The Customer Import Manager page displays.
3. Under Customer Details, perform the following actions:
1. In CRM Description, enter the name of the CRM site.
2. In Customer Search, enter the name of the CRM customer you want to import and select the customer name.
4. Click Provision. The Customer Import Manager page displays a table of the users that match the domain user IDs of the
customer's CRM users. By default, these users are selected for provisioning.
5. Click Provision Users to provision the selected users with the CRM service. Services Manager updates the selected users'
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.89https://docs.citrix.com
services with the provisioned CRM organization.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.90https://docs.citrix.com
Exchange Services
Jun 05, 2015
The Exchange service allows customers to provide a suite of robust communication tools to users. The Exchange service
supports Microsoft Exchange 2003, 2007, and 2010.
When customers are provisioned with the Exchange service, they can manage the following items:Contacts
Distribution Groups
Mailbox Import/Export
Outlook Mail Disclaimer
Public Folders
Resource Mailboxes
Contacts
Customers can add external contacts to their company's Global Address Lists as well as amend contact details and assign
contacts to distribution groups. Customers can use Microsoft Outlook to view the contacts in the Global Address List and
send email to them.
Distribution Groups
Distribution groups enable a collection of users, contacts, and other distribution groups to be represented with one email
address. Users can send email to the group email address and all users included in the group receive the email.
Users can access distribution groups through the Global Address List in Outlook. Global Address Lists can include multiple
distribution groups and users can be assigned to multiple groups.
When distribution groups are created, owners are assigned. The owner of a distribution group can be another user or a
security group. The group owner can add or remove group members through Outlook.
Mailbox Import/Export
Mailbox Import/Export enables Exchange Service Administrators to export the contents of individual Exchange mailboxes
to a format suitable for offline use in Outlook. Importing and exporting mailboxes involves saving the mailbox as a PST file
and saving it on an FTP server.
Outlook Mail Disclaimer
Mail disclaimers are legal notices, disclaimers, warnings that are automatically appended to all outgoing email. The Exchange
Service Administrator can create and manage these disclaimers.
Public Folders
When Exchange services are enabled, a root public folder is created for the customer. Although the naming format of the
folder is subject to the Service Provider's configuration settings, the format typically includes the primary domain name or
the short name of the customer's organization.
Full Customer Service Administrators can create, manage, and delete public folders, as well as enable them to receive email
from users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.91https://docs.citrix.com
Resource Mailboxes
Resources are items that are reserved for use in meetings, such as meeting rooms and projectors. By allocating mailboxes to
these resources, users can include them in meeting requests so they can be reserved. When a meeting is booked, the
meeting organizer receives an acceptance notice from the resource.
Exchange Service Administrators can create, modify, and remove resources from the customer's organizational unit.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.92https://docs.citrix.com
Managing Public Folders
Jun 05, 2015
When Exchange services are provisioned to customers, a root public folder is automatically created. New public folders are
created as subfolders under the root folder.
To create a public folder
1. From the Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the root public folder. In general, the root public folder is
represented with the customer's short name.
3. On the Folders tab, in New Public Folder, type the name of the subfolder you want to create.
4. Click Create. The new public folder appears under the root folder.
To rename a public folder
1. From the Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder you want to rename.
Note: You can rename subfolders only. You cannot rename root public folders.
3. On the Folders tab, in Existing Public Folder, type the new name for the public folder.
4. Click Rename. The renamed folder appears after the public folder tree refreshes.
To enable a public folder to receive email
1. From the Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder you want to enable for email.
3. On the Mail tab, click Enable Mail. The Public Folder Emails table appears and a primary email address for the folder is
automatically generated.
4. To add an email to the Public Folder Emails table, click Add.
5. Type the email alias for the folder and select the appropriate domain.
6. Click Update. The new email address appears in the Public Folder Emails table.
7. Click Save Emails to save your entries.
To remove a public folder from the Global Address List
When a public folder is removed from the Global Address List, users can still send email to the folder even though it no
longer appears in the list. Public folder permissions are available with Exchange 2007 or Exchange 2010 only.
1. From the Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder you want to remove.
3. On the Permissions tab, select the Hide from Address List checkbox.
4. Click Save Permissions to save your changes. The public folder is no longer visible to users through the Global Address List.
To restrict incoming email to public folders
To prevent external "spam" emails from flooding the customer's environment, you can configure public folders to accept
email only from users within the customer's organization. This task is available for customers with Exchange 2007 or
Exchange 2010 only.
1. From the Services Manager menu bar, click Services > Exchange > Public Folders.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.93https://docs.citrix.com
2. In the left pane of the Public Folders Overview page, select the public folder to which you want to restrict email.
3. On the Permissions tab, select the Senders require authentication checkbox.
4. Click Save Permissions to save your changes.
To enable users to send email through public folders
You can assign certain users permission to send email using a public folder alias. To recipients, the sender appears as the
name of the public folder instead of the individual user. Public folder permissions are available with Exchange 2007 or
Exchange 2010 only.
1. From the Services Manager menu bar, click Services > Exchange > Public Folders.
2. In the left pane of the Public Folders Overview page, select the public folder to which you want to enable users to send
email.
3. On the Permissions tab, under Send As Permissions, search for the users you want to add. Search results appear in a
table under the Member Search box.
4. Select the checkbox for each user you want to enable to send email.
5. Click Add. The selected users appear in the Existing Send As Permissions table.
6. Click Save Permissions to save your changes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.94https://docs.citrix.com
Managing Distribution Groups
Jun 05, 2015
Exchange distribution groups are collections of users, contacts, and other distribution groups that are represented with asingle email address in the Global Address List. When a user sends an email to the group email address, all members of thegroup receive the email.When Exchange services are provisioned to customers, users can view distribution groups through the Global Address List
using Outlook, as well as create and manage distribution groups.
Users who create distribution groups are known as owners. Additionally, group ownership can be assigned to a group of
Exchange users or a security group. Group owners can add and remove members through Outlook.
Full Customer Service Administrators can create and delete groups, manage group members, and configure group email alias
permissions and member email restrictions.
To create distribution groups
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Under Group Management, type a name for the group you want to create and ensure the Distribution option is
selected.
3. Click New Group. The distribution group is created and the group properties screen appears.
4. Click Save.
To add members to a distribution group
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to add members.
3. Click the Members tab.
4. In Member Search, type the name of the contact you want to add and click Find.
5. Select the contact's checkbox and click Add.
6. Click Save.
To create an email alias for a distribution group
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group for which you want to create an email alias.
3. Click the Email tab.
4. In the Group Email Addresses table, click Add. A blank alias table entry appears.
5. Under Name, type the email alias you want users to specify when sending emails to the group.
6. Click Update to save your entries.
7. Click Save.
To restrict incoming email to distribution groups
To prevent external "spam" emails from flooding the group, you can configure distribution groups to accept email only from
users within the customer's organization.
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to restrict email.
3. Click the Email tab.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.95https://docs.citrix.com
4. Select the Senders require authentication checkbox.
5. Click Save.
To designate group owners
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group for which you want to assign an owner.
3. Click the Management tab.
4. In Owner Search, type the name of the contact to whom you want to assign group ownership and click Find.
5. Select the contact's checkbox and click Add.
6. Under Membership Approval, choose whether owner approval is required for joining or leaving the group.
7. Click Save.
To enable users to send email through distribution groups
You can assign certain users to send email using the distribution group alias. To recipients, the sender appears as the name
of the distribution group instead of the individual user.
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group through which you want users to send email.
3. Click the Permissions tab.
4. Under Send-As Permissions, search for the users you want to add.
5. Select the checkbox for each user you want to add and click Add.
6. Click Save.
To restrict group access to specific users
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want to restrict access.
3. Click the Permissions tab.
4. Under Accepted Senders, select the Only users in the following list option.
5. Search for the users you want to add and select the checkbox for each user.
6. Click Add.
7. Click Save.
To block group emails from specific users
1. From the Services Manager menu bar, click Services > Exchange > Distribution Groups.
2. Select the group to which you want block users.
3. Click the Permissions tab.
4. Under Rejected Senders, select the Only users in the following list option.
5. Search for the users you want to add and select the checkbox for each user.
6. Click Add.
7. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.96https://docs.citrix.com
Importing and Exporting Mailbox Files
Jun 05, 2015
Importing and exporting mailboxes are important tasks for managing Exchange services. Exporting mailboxes facilitatesdisaster recovery and compliance efforts. Importing mailboxes helps with migrating users from old versions of Exchange andenabling users to add off line mail archives to their Exchange mailbox.
To export a mailbox
1. From the Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.
2. Click Export Mailboxes. A table of available mailbox f iles appears.
3. Select the Export checkbox for each user's mailbox you want to export.
4. Click Export Mailboxes. The export process begins. To view the status of the export, click Refresh Status.
The exporting process creates .PST files and places them on the customer's FTP server, in a folder called MailboxExport. To
view these files, log on to the FTP server using the information that appears under FTP Login Details on the Mailbox Import
and Export Overview screen and navigate to the MailboxExport folder. Depending on the customer's configuration, mailbox
files might appear as zipped archives.
To import a mailbox
1. From the Services Manager menu bar, click Services > Exchange > Mailbox Import/Export.
2. Click Import Mailboxes. A table of users that are provisioned with an Exchange mailbox appears.
3. Click Edit for the user whose mailbox you want to update with the imported mailbox f ile.
4. Select the mailbox f ile you want to import and then click Update.
5. Click Import Mailboxes. The import process begins. To view the status of the import, click Refresh Status.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.97https://docs.citrix.com
To create mailboxes for managing meeting resources
Jun 05, 2015
Resources consist of spaces or equipment that are used for holding meetings and need to be reserved when a meeting isorganized. Exchange provides mailboxes for these resources so that users can include them in meeting requests madethrough Outlook.Exchange Service Administrators can create, modify, and remove resources from the customer's organizational unit.
1. From the Services Manager menu bar, click Services > Exchange > Resource Mailboxes.
2. Under Resource Management, click New resource mailbox.
3. Type a name for the resource and select whether it is a meeting room or equipment (e.g., projector, f lip chart, etc.).
Note: Resource types cannot be amended after the resource mailbox has been provisioned. To change the resource
type, the mailbox must be deprovisioned f irst.
4. Click Provision to create the mailbox.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.98https://docs.citrix.com
Provisioning Exchange Services
Jun 05, 2015
To provision Exchange services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the
Exchange service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Hosted Exchange check box and then select the Hosted Exchange service name. The Reseller Service Setup
page appears.
5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.
7. Under Resource Configuration, enter the maximum amount of space allotted for mailbox and public folder storage.
Note: When this limit is reached, the reseller cannot provision Exchange services to new customers.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Exchange services to its customers.
To provision Exchange services to customers
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision Exchange services.
3. In the services list, select Hosted Exchange. The Service Package Configuration page appears.
4. In Customer Plan, select the package you want to provision to the customer.
Note: The package you select determines whether or not public folders are enabled and the available disk space for the
customer's mailboxes.
5. Under Exchange Domains, select the domain type to be used for inbound email routing.
Note: By default, domains are set to Authoritative when the Exchange service is f irst provisioned to a customer. Domains
that are added after Exchange has been provisioned default to External Relay. To change this, the Customer
Administrator can modify the type and reprovision the Exchange service.
6. Under Email Patterns, select one of the following options:
Select Force customer wide primary address to ensure all users' email addresses adhere to a specif ied format. In the
email format table, select the formats you want to use. Select the Primary Email option to designate one format as
the primary format. When the service is provisioned, any manually configured addresses are overwritten with
addresses in the specif ied format.
Select Manage individual user primary e-mail addresses to allow different formats for users' email addresses.
Note: If the address format is changed after provisioning the Exchange service, select the Apply email policy check box
to ensure the email format selected in the format table is applied to all provisioned users. To ensure the change is
applied only to newly provisioned users, leave this box unselected.
7. If the location is configured to host Exchange 2007, and the customer is being hosted on Exchange 2007, ensure the
Exchange 2007 Customer option is selected.
8. Under Public Folders, perform the following actions if the selected customer plan includes public folders and you want to
customize storage limits:
1. Clear the Auto select a public folder package check box.
2. Select the Create Public Folders check box.
3. To specify unlimited storage, leave the Public Folder Storage Limit box blank.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.99https://docs.citrix.com
When the Exchange service is provisioned, a root public folder is created for the customer. Exchange Service
Administrators become owners of the root folder and the customer's users are granted Author permissions.
9. Under Resource Configuration, to customize the total amount of mailbox storage for all users provisioned with the
Exchange service, perform the following actions:
1. Clear the Auto select package resource limits check box.
2. In Mailbox Storage (MB), enter the total amount of storage allocated to user mailboxes. To specify unlimited storage,
leave this f ield blank.
10. To restrict the number of users assigned to a user plan, perform the following actions:
1. Click Advanced Settings and then select the user plan you want to configure.
2. In User Limit, enter the total number of users that can be assigned to the selected user plan.
3. Click Apply Changes to save your selections.
11. In Billing, ensure the Enabled check box is selected so the appropriate charges are generated for the customer.
12. Click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.100https://docs.citrix.com
Exchange Provisioning Changes in Active Directory
Jun 05, 2015
Changes When Provisioning Customers
When a customer is provisioned with the Exchange service, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> HE is created and all Full Service Administrator users
are added as members.
The global security group HE <CustomerShortName> <ServiceAccessLevelName> is created for each user plan selected
for the customer. No members are added to these groups until users are provisioned with the Exchange service at the
corresponding level.
The global security group HE <CustomerShortName> NONE is created. No members are added to this group until users
are deprovisioned.
If public folders are enabled, the public folder is saved in Exchange Management Shell. To view folder details, use the
Get-PublicFolder cmdlet.
Changes When Provisioning Users
When a user is provisioned with the Exchange service, the following changes occur:The user becomes a member of the HE <CustomerShortName> <ServiceAccessLevelName>.
For customers provisioned with Exchange 2007 services, user mailboxes are created and saved in the Exchange
Management Console under Recipient Configuration > Mailbox.
Changes When Adding Contacts
When contacts are added for a customer, the following changes occur:A Contact Type object is created under the customer organizational unit (OU) using the format
<ContactName>_<CustomerShortName>.
For customers provisioned with Exchange 2007 services, a contact record is created and saved in the Exchange
Management Console under Recipient Configuration > Mail Contact.
Changes When Creating Distribution Groups
When distribution groups are created for a customer, the following changes occur:A universal distribution group is created under the customer OU using the format Distribution <CustomerShortName>
<DistributionGroupName>
For customers provisioned with Exchange 2007 services, a distribution group record is created and saved in the Exchange
Management Console under Recipient Configuration > Distribution Group.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.101https://docs.citrix.com
Managing Exchange Contacts
Jun 05, 2015
When Exchange services are provisioned to customers, users can view their company's Global Address Lists, send email tocontacts in the list from Microsoft Outlook, add and modify contacts, and assign contacts to distribution groups.Full Customer Service Administrators can add, modify, and delete contacts as well as prevent contacts from displaying in the
Global Address List.
To add new contacts
1. From the Services Manager menu bar, click Services > Exchange > Contacts.
2. Under Contact Management, click New Contact. A blank Contact Details form appears.
3. Enter the details of the contact. Fields marked with an asterisk (*) are required.
4. Click Save.
To prevent contacts from appearing in the Global Address List
1. From the Services Manager menu bar, click Services > Exchange > Contacts.
2. Select the contact you want to hide.
3. On the Contact Details form, select the Hide From Address List checkbox.
4. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.102https://docs.citrix.com
To create mail disclaimers
Jun 05, 2015
Mail disclaimers are legal notices or warnings that are automatically attached to all outgoing email. The Exchange ServiceAdministrator can create, modify, and remove the company's mail disclaimer.Note: Mail disclaimers are available to customers with Exchange 2007 or 2010 only.1. From the Services Manager menu bar, click Services > Exchange > Configuration > Mail Disclaimer.
2. Type a name for the mail disclaimer and then type the body of the message.
3. Choose whether to append or prepend the disclaimer to outgoing email messages.
4. Choose whether email to which the disclaimer cannot be directly attached is ignored, rejected, or wrapped in an
Exchange envelope before sending.
5. Choose whether the disclaimer is attached to email sent to external contacts only.
6. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.103https://docs.citrix.com
AD Sync Services
Jun 05, 2015
The AD Sync service enables customers to synchronize their own localized domain controller to the hosted domain
controller. The customer's organizational unit (OU) in the hosted domain controller is regularly updated with any user
changes that have been saved in the customer's domain controller. All hosted services that are provisioned to the users are
configured directly to the user objects that are saved in the hosted domain controller.
The AD Sync service is a customer-only service. Once provisioned to a customer, the customer's administrator has access to
download and configure the AD Sync tool to their existing domain controller. To download the tool, the customer must be
configured with the Allow passwords to Never Expire option set to Yes. If this option is set to No, errors are recorded in the
customer's event log and no users appear in CloudPortal Services Manager.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the AD Sync service.
3. In the services list, click AD Sync. The Advanced Settings page appears.
4. Click Provision to enable the customer to download the AD Sync tool.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.104https://docs.citrix.com
SharePoint 3 and SharePoint 2010 Services
Jun 05, 2015
CloudPortal Services Manager supports SharePoint Services 3.0 and SharePoint 2010 environments.
SharePoint 3.0
IIS virtual servers are created through SharePoint Manager. These virtual servers are available for selection when setting up
the SharePoint packages. All customer sites provisioned with a particular package and virtual server are child sites of the
same virtual server. CloudPortal Services Manager configures the appropriate host header on the virtual server for each
customer and SharePoint's authentication and authorization handles the segmentation of the sites so that customers see
only appropriate content.
SharePoint 2010
Customers are configured with SharePoint Feature Packs that determine the functionality that is available to provisioned
users.
A standard SharePoint installation includes 12 preconfigured customer plans. These plans determine how the site isconfigured and saved on the SharePoint 2010 server. Service providers configure the availability of the following templateswhen they provision the service to customers. All templates support SSL authentication.Customer Site
This site is attached to a Web application that is configured specif ically for the customer. If additional sites are configured
with the same package, these sites are assigned to the same Web application. This site uses a dedicated content database.
Additionally, a separate Customer site template is available that includes anonymous authentication.
Shared Site
This site is attached to a shared Web application where other customers' SharePoint sites reside. This site uses a dedicated
content database. Additionally, a separate Shared site template is available that includes anonymous authentication.
Dedicated Site
This site is attached to its own Web application. No other SharePoint sites are configure for the Web application pool
unless the Web application is manually overridden with the Web application's name. This site uses a dedicated content
database. Additionally, a separate Dedicated site template is available that includes anonymous authentication.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.105https://docs.citrix.com
Configuring SharePoint 2010 Resources andProvisioning to Customers
Jun 05, 2015
Before provisioning the SharePoint 2010 service to a customer, at least one SharePoint Farm and Feature Pack must be
configured and assigned to the customer. When provisioning a customer, you can specify multiple, different farms with
companion feature packs. However, you cannot specify multiple instances of the same farm.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision SharePoint 2010.
3. In the services list, click SharePoint 2010 configure resources. The Service Setup page appears.
4. In the SharePoint Farm table, click Add and select the farms and companion feature packs to allocate to the customer.
5. Click Update to save your selections.
6. Click Save to save the resource configuration.
7. In the services list, click SharePoint 2010 create an instance. The SharePoint 2010 Service Instance page appears.
8. Type an instance name that contains no spaces or special characters and click Create. The Instance Setup page appears.
9. Under Service Plan Configuration, in Customer Plan, select the settings package to use for the site. To customize the
template, click Edit and make the appropriate changes. When you are f inished, click Apply Changes.
10. Under Site Administrators, enter the user names for the users granted full administration rights to the site. These users
must be members of the customer's organizational unit in Active Directory.
11. In Site Template, select the SharePoint site template with which to create the site.
Note: If no template is selected, no template is configured when the site is provisioned. The Site Administrator must
access the SharePoint site directly to configure the site template and security groups manually before users can access
the site.
12. In Site Name, enter the host header for the site.
13. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enabled check box and enter the total number of users the customer can provision to
the site.
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
3. Click Apply Changes to save your selections.
14. Click Provision to provision the site to the customer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.106https://docs.citrix.com
Configuring SharePoint Instances and Provisioning toCustomers
Jun 05, 2015
To provision SharePoint Services (version 3.0) to a customer, you f irst create an instance. You can provision the followingtypes of sites:
A root site
A child site of the root site
The type of instance is determined by the SharePoint customer plan you select. You can provision multiple instances to a
customer. For a SQL-authenticated SharePoint site, a Site Administrator is created. This user has permissions to add users
to the site who are not authentication through Active Directory and do not have access to CloudPortal Services Manager.
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision SharePoint Services.
3. In the services list, select SharePoint Services create an instance. The Instance Setup page appears.
4. In Customer Plan, select the template you want to assign to the customer. To customize the template's configuration
settings, click Edit. When you are f inished, click Apply Changes to save your selections.
5. Depending on the customer plan selected in Step 4, configure the following options:
In Site Language, select the language for the site.
In Site Name, enter a host header for the site. This comprises the URL for accessing the site.
In Quota Template, to override the default values in the SharePoint quota template, select the Override the default
package value check box and select a different template.
In Site Owner, enter the name, email address, and credentials for the user account granted Full Control rights to the
site. This user can add users to the site who do not have access to CloudPortal Services Manager. These f ields apply
to SQL-authenticated sites only.
6. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enabled check box and enter the total amount of users the customer can add to the
site.
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
To override the default settings for the site, click Service Settings and make the appropriate changes. When you are
finished, click Apply Changes.
7. Click Provision to enable the customer to provide access to the SharePoint site.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.107https://docs.citrix.com
SharePoint 3.0 Provisioning Changes in ActiveDirectory
Jun 05, 2015
Changes When Provisioning Customers
When a customer is provisioned with a SharePoint instance, the following changes occur:The global security group SERVICEADMINS <CustomerShortName> WSS is created and all Full Service Administrators are
added as members. This group is created when the f irst instance is provisioned.
The global security groups WSS_<InstanceName> <CustomerShortName> USERS and WSS_<InstanceName>
<CustomerShortName> ADMINS are created. No members are added to these groups until users are added to the
SharePoint instance. If the USERS user plan is selected when a user is provisioned with the instance, the user becomes a
member of this group.
The global security group WSS_<InstanceName> <CustomerShortName> NONE is created. No members are added to
this group until users are deprovisioned from the SharePoint instance.
On the front-end Web server, a new host header (InstanceName) is added to the selected Web application.
Changes When Provisioning Users
When a user is provisioned with a SharePoint instance, the user becomes a member of one of the following global securitygroups:
WSS_<InstanceName> <CustomerShortName> ADMINS
WSS_<InstanceName> <CustomerShortName> USERS
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.108https://docs.citrix.com
Lync 2010 for Hosting Services
Jun 05, 2015
Before provisioning customers and users, ensure your Lync 2010 deployment includes the following items:The Active Directory computer accounts for the Lync Front-End and Director servers have been added to the
CortexAdmins group. After performing this task, reboot the servers to ensure the membership changes take effect.
The domain for the customer you are provisioning is included on the certif icates that exist on the Lync Front-End and
Director servers.
A forward lookup zone has been created for the domain to which you are provisioning the customer.
The following DNS records exist on the domain controller for the customer you are provisioning:
SRV records, _sipinternal and _sipinternaltls
Host (A) record for SIP, specifying the Lync Director server's IP address
When provisioning multiple users or moving or copying users provisioned with the Lync 2010 for Hosting service, consider thefollowing:
When a user is moved to another customer, the service does not transfer with the user. Before moving the user, you
must deprovision the service.
When provisioning multiple users simultaneously or copying a user, and you select a user plan configured with the
Enterprise Voice, PC-to-PC communication, or Audio/Video Disabled option, the service's Line URI f ield remains blank.
After provisioning, you will need to supply this information for each provisioned user. However, if you select a user plan
configured with the Remote Call Control option, the provision operation might fail because the service's Line URI value is
incorrect. If this happens, you will need to re-provision the service to the user with the correct Line URI value.
To provision Lync 2010 for Hosting services to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Lync 2010 for Hosting service check box and then click the Lync 2010 for Hosting service name. The Reseller
Service Setup page appears.
5. In the User Plan table, select the check box for each user plan the reseller can offer its customers.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer.
7. Click Apply Changes to save your selections.
8. Click Provision to enable the reseller to offer Hosted Lync services to its customers.
To provision Lync 2010 for Hosting services to customers
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. Click the Lync 2010 for Hosting service name. The Service Plan Configuration page appears.
4. In Customer Plan, select the appropriate plan, if applicable.
5. Under Internal SIP Domains, select the appropriate domain.
6. Click Provision to enable the customer to provision the service to users.
To provision Lync 2010 for Hosting services to users
1. From the Services Manager menu bar, click Customers and select the customer for whom you want to provision services.
2. Under Customer Functions, click Users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.109https://docs.citrix.com
3. On the Users page, select the user you want to provision and then click Services.
4. Expand Lync 2010 for Hosting and select the user plan you want to enable for the user.
5. In Line URI, enter the user's telephone extension using the "tel: 12345" format, if applicable.
6. Click Provision to allow the user to access the Lync service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.110https://docs.citrix.com
Microsoft SQL Services
Jun 05, 2015
Citrix CloudPortal Services Manager supports hosting Microsoft SQL Server 2005 and 2008. Multiple SQL databases can beprovisioned to a customer and the customer can then assign users to the databases.The customer's databases can be provisioned to different SQL servers or instances, depending on the resource
configuration. Additionally, the SQL servers and instances that form resellers' SQL service offerings can be configured.
To provision the SQL service to resellers
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision the
Microsoft SQL Server Hosting service.
2. Under Customer Functions, select Services. The reseller's Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Microsoft SQL Server Hosting check box and then select the Microsoft SQL Server Hosting service name. The
Reseller Service Setup page appears.
5. Under Servers and Resources, expand the server collection tree and select the database servers and instances that the
Reseller can offer its customers.
Note: When you expand the database server node, the available instances appear. If an instance has been provisioned
already to a customer, the instance cannot be selected for provisioning.
6. In the Customer Plan table, select the check box for each customer plan the reseller can offer its customers.
7. Under Resource Configuration, configure the following resource limits for the reseller:
In Instance Limit, enter the number of SQL databases the reseller can offer.
In Database Disk Limit (MB), enter the total amount of database storage allotted to the reseller.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Microsoft SQL Server hosting services.
To provision the SQL service to customers
Before provisioning the Microsoft SQL Server Hosting service, database resources must be configured for the customer. If
you attempt to provision the service without configuring resources, the following error appears:
"No SQL server instances are available for the selected customer plan. Please select a different package or contact your
service provider for server access."
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision the Microsoft SQL Server Hosting service.
3. In the services list, select Microsoft SQL Server Hosting configure resources and perform the following actions:
1. On the Service Setup page, under Servers and Resources, expand the server collection tree and select the check boxes
for the servers and instances that can be allocated to the customer.
2. Click Save to save your selections.
4. In the services list, select Microsoft SQL Server Hosting create an instance The Microsoft SQL Server Hosting Service
Instance page appears.
5. In Instance Name, enter a name that does not contain spaces or special characters and then click Create. The Instance
Setup page appears.
6. Under Service Package Configuration, in Customer Plan, select the template to assign to the customer.
Note: The customer plan defines the initial size of the database, the database's maximum size, and the grow sizes of the
database and log f iles. The plan also specif ies the servers hosting the database.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.111https://docs.citrix.com
7. Under SQL Server Hosting Configuration, in Database Server Instance, select the instance to assign to the customer. If
only one instance is enabled, this f ield appears dimmed.
8. Click Advanced Settings and perform the following actions:
1. Under User Plans, enable or disable the levels at which the customer can provision users.
2. Under Maximum Users, select the Enabled check box and enter the maximum number of users the customer can
provision.
3. Under Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
9. Click Provision to enable the customer to provision users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.112https://docs.citrix.com
Windows Web Hosting Services
Jun 05, 2015
Citrix CloudPortal Services Manager enables customers provisioned with Windows Web Hosting services to manage Websites and applications. When you provision customers with Windows Web Hosting services, the following items can bemanaged:Security groups and users
Customers can assign users to security groups and apply Web site security permissions that affect all members of the
group.
Web site content and structure
Customers can use the virtual IIS Site Manager to perform common Web site administration tasks. Customers can manage
multiple Web sites through a single interface and live Web sites are updated in real-time as changes are made. Customers
can also recycle application pools to optimize performance.
Web applications
Customers can install and configure subdirectories and publish them as Web applications.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.113https://docs.citrix.com
To import existing Web sites for a customer
Jun 05, 2015
The Web Site Import tool enables service providers to import and configure IIS 6 and IIS 7 Web sites for CloudPortal
Services Manager customers. After provisioning, the customer's Administrator can manage the site using the IIS Manager.
Before importing Web sites, the following prerequisites must be met:The user performing the import must have Service Provider Administrator privileges.
The Web server currently hosting the sites is configured with the Windows Web-Hosting server role (Configuration >
System Manager > Server Roles).
The Web server currently hosting the sites is included in an applicable server collection (Configuration > System Manager
> Server Collections).
A server connection has been set up for the Web server currently hosting the sites (Configuration > System Manager >
Server Connections).
The customer for whom the Web sites are imported has a CloudPortal Services Manager account. However, the
Windows Web-Hosting service does not need to be provisioned to the customer. When the f irst Web site is migrated,
CloudPortal Services Manager provisions the Windows Web-Hosting service and enables the server hosting the site.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > Web Site Import.
2. Under Server Connection, perform the following actions:
1. In Location, select the location where the server resides.
2. In Web Service, select the server that is configured with the Windows Web-Hosting service. In Server, select the server
that is hosting the Web site you want to import.
3. Click Load. A list of all the Web sites that are present on the server appears.
4. From the site list, select the Web site you want to import. The Site Import Manager page appears.
5. In Customer Search, type the name of the customer for whom you want to import the site.
6. Click Load. The page refreshes and displays the customer's name and primary domain.
7. Under Service Setup, in Instance Name, type the name of the instance that does not contain spaces. This name appears
as an instance in the customer's services list.
8. In Customer Plan, select the package template to which the server is assigned.
9. Click Provision to import the Web site.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.114https://docs.citrix.com
To add default documents to a Web site
Jun 05, 2015
In IIS, default documents are files that are automatically served when a user accesses the customer's Web site but does
not request a specific file. A default document might be the customer's home page or a file list (if directory browsing is
enabled).
When a customer is provisioned with an instance of Windows Web Hosting, the following default documents are createdin the Web site's root directory:
Index.htm
Index.html (IIS 7 only)
Index.cfm (IIS7 only)
Default.asp
Default.aspx (IIS 7 only)
Default.htm
iisstart.htm (IIS 7 only)
Note: Index.php is created only when the Web Hosting instance is configured with PHP Framework settings.The default documents that are created in the Web site root directory are automatically passed to any subdirectories that
are created.
Default documents can be modified at the root Web site level or at the subdirectory level. If a document is added at the
root level, it is applied to all subdirectories.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager
displays the customer's available Web sites.
2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder
structure appears in the Web Site pane.
3. In the Web Site pane, click the folder where you want to add the new default document.
4. On the Settings tab, under Default Documents, enter the new document name in the text box.
Note: The document names in this box appear in ranked order. If you want the new document to be the f irst one IIS
serves to users, place it at the top of the list.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.115https://docs.citrix.com
Provisioning Windows Web Hosting Services toCustomers
Jun 05, 2015
To configure IIS servers and resources
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.
3. In the services list, click Windows Web-Hosting configure resources.
4. Under Servers and Resources, in Resource View, select one of the following views to display available resources:
None displays no resources.
Customer displays the total resources currently provisioned to the customer.
Reseller displays the total resources for Web sites and customers that have been provisioned by the reseller.
All displays the total resources for Web sites that have been provisioned to the reseller's customers as well as to the
reseller itself .
5. In the resource tree, expand a server collection node. The tree displays the servers configured to host the Web Hosting
service.
6. Select the servers and resources to use when provisioning Web hosting instances for the customer.
7. Click Save to save your selections.
To provision a Web hosting instance to a customer
1. From the Services Manager menu bar, click Customers > Customer Services.
2. In Customer Search, f ind the customer for whom you want to provision Web hosting services.
3. In the services list, click Windows Web-Hosting create an instance.
4. In Instance Name, type the name of the Web hosting instance and click Create.
5. In Customer Plan, select the template to assign to the customer.
6. In Web Host Server, select the server to host the customer's Web site.
7. Under Site Bindings, click Add and enter the site binding details for the customer's Web site.
Note: For Web sites hosted on IIS 6, only HTTP and FTP binding types are available. For Web sites hosted in IIS 7, the
HTTPS binding type is available in addition to HTTP and FTP types.
8. Click Update to save your entry.
9. Under Resource Configuration, to customize the default service settings, clear the Auto select package resource limits
check box and make the appropriate changes.
10. Click Advanced Settings and perform the following actions:
1. In Maximum Users, select the Enabled check box and enter the total number of users that can be provisioned.
2. In Billing, ensure the Enabled check box is selected so the service generates charges to the customer.
11. Click Provision to create the customer's Web site.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.116https://docs.citrix.com
To provision Windows Web Hosting services toresellers
Jun 05, 2015
1. From the Services Manager menu bar, click Customers and select the reseller for whom you want to provision services.
2. Select Services. The Customer Services page appears.
3. From the services list, select Reseller.
4. Select the Windows Web-Hosting service check box and then click the Windows Web-Hosting service name. The
Reseller Service Setup page appears.
5. Enable the Web servers and resources the reseller can offer to customers.
6. From the Customer Plans table, select the plans the reseller can offer to customers.
7. Under Resource Configuration, to customize the resource limits for the Web site storage, clear the Auto select package
resource limits check box and make the appropriate changes.
8. Click Apply Changes to save your selections.
9. Click Provision to enable the reseller to offer Web hosting services to customers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.117https://docs.citrix.com
To add or remove subdomains
Jun 05, 2015
Customers can add or remove subdomains, or host headers, that are bound to their Web site. This allows the customer toconfigure multiple Web sites using a single Windows Web Hosting instance.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. From the Site drop-down box, select the Web site for which you want to create the subdomain. The site's folder
structure appears in the Web Site pane.
3. On the Domains tab, under Add Site Bindings, enter the new subdomain name and then click Add. The subdomain is
added to the list of identities for the root Web site.
4. To delete a subdomain, under Remove Site Bindings, select the subdomain from the drop-down box and then click
Remove.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.118https://docs.citrix.com
To install Web applications
Jun 05, 2015
If a customer's Web site involves serving dynamically-generated content, the subdirectories containing that content can bepublished as Web applications.1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. In the Web Site pane, select the folder you want to publish as a Web application.
3. On the Settings tab, under Install Application, click Install. The IIS Site Manager page refreshes and the selected folder is
displayed as a Web application.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.119https://docs.citrix.com
Managing Web Site Directories
Jun 05, 2015
To create subdirectories
Customers can create and manage subdirectories under their root Web site directory folder.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager
displays the customer's available Web sites.
2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder
structure appears in the Web Site pane.
3. In the Web Site pane, click the folder under which you want to create the subdirectory.
4. On the Folders tab, in New Directory, enter the name of the subdirectory you want to create.
5. Click Create. The new subdirectory appears beneath the site root directory in the Web Site pane.
To rename or remove subdirectories
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager. The IIS Site Manager
displays the customer's available Web sites.
2. From the Site drop-down box, select the Web site for which you want to create the subdirectory. The site's folder
structure appears in the Web Site pane.
3. In the Web Site pane, click the folder you want to rename or remove.
4. On the Folders tab, in Current Directory, perform one of the following actions:
To rename the subdirectory, enter a new name and click Rename.
To remove the subdirectory, click Delete.
To configure directory browsing for subdirectories
Customers can enable directory browsing for certain subdirectories in their Web sites. This allows the subdirectory to display
a list of the files it contains when users access it with a Web browser. Customers can enable directory browsing at the site
root level or at the subdirectory level. If configured at the site root level, directory browsing applies to all subdirectories in
the Web site.
1. From the Services Manager menu bar, click Services > Windows Web Hosting > IIS Site Manager.
2. In the Web Site pane, select the Web application you want to configure.
3. On the Settings tab, under Application Settings, select the Directory Browsing check box.
4. Click Update to save your selection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.120https://docs.citrix.com
Manage
Jun 05, 2015
Managing the CloudPortal Services Manager comprises administering customers, users, roles, and services .
For details, see:Creating and Managing Customers
Creating and Managing Users
Managing Security Roles
Configuring and Managing Services
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.121https://docs.citrix.com
Manage Roles
Jun 05, 2015
A security role is a set of permissions that defines customer, administrator, and user access to specific tasks in the services
manager. For example, the first or default user created for a customer is a customer administrator. The customer
administrator is automatically assigned the Customer Administrator security role (and can also be assigned other security
roles). The customer administrator can then assign one or more security roles to users in the customer hierarchy. A security
role can also consist of multiple security roles; for example, the My Account and Services Management role consists of the
My Account Management and My Services Management roles.
The services manager is installed with a default set of security roles. A service provider can manage security roles associatedwith:
Customer, user, and service tasks
User services
Reports and reporting
Dialogs, menus, or pages in the services manager
This topic lists the default security roles available and describes how to:Create a new role
Copy an existing role to use as a template to create a new custom role
Export and import a role , enabling you to design, test, and configure a customized role before implementing it in a
production environment
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.122https://docs.citrix.com
Role Permissions: Customers, Services, User Services,Users
Jun 05, 2015
The Role Permissions area of the Role Management dialog box enables you to set the access permissions for the role. This
topic describes permissions for Customers, Services, User Services, and Users. See also Role Permissions: Menus, Pages,
Reports .
Available from the Services and User Services tabs only, the Filter drop-down list enables you to permit access to a specific
selected service or all services for a security role. The drop-down list shows all available services. The Read and Update
settings in the Services tab enable you to apply more detailed security permissions to the selected service.
You set permissions for each function by clicking the radio button next to the function:None
No access to the function.
Customer
The function is permitted for the specif ic customer. For example, the User Services permissions of Read, Update, and
Provision for the My Services Management security role are set as Customer. This setting indicates that the administrator
user with the My Services Management role can perform that function on its customer only.
Sub Customer
The function is permitted for the subcustomer of the customer. For example, if the User Services permissions of Read,
Update, and Provision for a security role are set as Sub Customer, the administrator user with this role can perform that
function on the customer's subcustomer (but not on the customer).
Customer and Sub Customer
The function is permitted for the customer and its specif ic subcustomer(s). For example, if the User Services permissions of
Read, Update, and Provision for a security role are set as Customer and Sub Customer, the administrator user with this role
can perform that function on the customer and its subcustomer(s).
If you have finished modifying the security role, click Save.
Available Function Customers Services User Services Users
Filter X X
Create X X
Read X X X X
Update X X X X
Delete X X
Enable/Disable X X
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.123https://docs.citrix.com
Provision X X X X
Deprovision X X X X
Reset X X X X
Reports X X X
Email Content X
API Access X
System Content X
Full Logging X
Change Domain Ownership X
Manage Brands X
Manage System Brands X
Copy X
Impersonate X
Account Management X
Credential Management X
Password Management X
Manage Security Questions X
Email Management X
Role Management X
Available Function Customers Services User Services Users
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.124https://docs.citrix.com
Administrator Management X
Service Provider X X X
Available Function Customers Services User Services Users
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.125https://docs.citrix.com
Default Security Roles
Jun 05, 2015
Updated: 2014-01-06The services manager includes a default set of security roles. The default roles cannot be deleted or modified but can be
copied and used as a template for a new role. A role can consist of one or more roles. In the case of a role consisting of
multiple roles, the role inherits the permission levels of the component roles.
Security Roles Installed by Default
Role Description ComponentRoles
AD SyncAdministrator
All ServicesSchemaAdministrator
Manage the schema and configuration for all services Service SchemaAdministrator
AuthenticatedUsers
Permission to perform generic user functions and view related dialogs. Access anyservice-related user dialog when the user is provisioned with that specif ic service.Mandatory role assigned to all authenticated users.
Exchange User
Office
Communication
Server (OCS)
User
SharePoint
User
SQL Users
BlackBerryServiceAdministrator
Administer the BlackBerry mobile device service.
Citrix ServiceAdministrator
Create customized Citrix Application Groups for the administrator's customer.
ContentManagementServiceAdministrator
Update or modify the services manager interface.
CRM 4 ServiceAdministrator
Manage the service, including all pages.
CRM 4 User Allowed access to the service as a user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.126https://docs.citrix.com
CRM 2011Administrator
Manage the service, including all pages.
CRM 2011User
Allowed access to the service as a user.
CRM ServiceAdministrator
Manage the service, including all pages.
CustomerAdministrator
The f irst user created by default after creating a customer inherits this role. Thecustomer administrator can create, provision, and edit users, then provision users toservices. This role can also manage services provisioned to the customer. This roleincludes all permissions of the user and service administrator.
UserAdministratorService
Administrator
DNS ServiceAdministrator
Allowed access to the Domain Name Service (DNS) Records and DNS Templatesdialogs. Can manage DNS zones and create DNS entries.
Everyone Permission for authenticated and non-authenticated users to view generic pages inthe services manager.
ExchangeMulti-tenantedServiceAdministrator
Create and manage Microsoft Exchange 2010 SP1 Hosting service DistributionGroups, Contacts, and Public Folders.
ExchangeMulti-tenantedUsers
Access to Exchange Summary dialog and can download Outlook Account settings.
ExchangeServiceAdministrator
Create and manage Microsoft Exchange Distribution Groups, Contacts, and PublicFolders.
ExchangeUsers
Access to Exchange Summary dialog and can download Outlook Account settings.
File SharingServiceAdministrator
Create folders and add specif ic user permissions to folders. Create user securitygroups.
My Accountand ServicesManagement
Combines My Account Management and My Services Management roles. Enablesend users to manage their own accounts, edit services provisioned to them, andselect new available services.
My AccountManagementMy Services
Management
My Account Enables the end user to change the user information details, account password,
Role Description ComponentRoles
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.127https://docs.citrix.com
Management and manage email addresses associated with the user account.
My ServicesManagement
Enables the end user to select, edit, and re-provision the services provisioned to theend user account.
MySQLAdministrator
Manage the service, including all pages.
OCS ServiceAdministrator
Manage the service, including all pages.
OCS User Allowed access to the service as a user.
Partial UserAdministrator
Reset passwords for a customer's user. Cannot create or delete users.
ReportingUsers
Access to the front-end reporting system.
Reseller FullAdministrator
Create, provision, and edit its own customers, then provision services to itscustomers. Create, provision, and edit users, then provision users to services.
Reseller PartialAdministrator
Manage reseller customer services and users.
ServiceAdministrator
Manage administration tasks for services. Access any editable service-relatedadministration dialog when the customer is provisioned with that specif ic service.
BlackBerry
Service
Administrator
Citrix Service
Administrator
Content
Management
Service
Administrator
CRM Service
Administrator
CRM 4.0
Service
Administrator
CRM 2011
Service
Administrator
DNS Service
Administrator
Role Description ComponentRoles
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.128https://docs.citrix.com
Exchange
Service
Administrator
File Sharing
Service
Administrator
OCS Service
Administrator
SharePoint
Portal Service
Administrator
SQL 2000
Service
Administrator
SQL 2005
Service
Administrator
User Sync
Administrator
Virtual Machine
Administrator
Windows Web-
Hosting Service
Administrator
ServiceProviderAdministrator
Allowed full services manager access, all security role permissions, and service accesslevels.
Citrix Service
Administrator
Content
Management
Service
Administrator
DNS Service
Administrator
Exchange
Service
Administrator
File Sharing
Service
Role Description ComponentRoles
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.129https://docs.citrix.com
Administrator
SharePoint
Portal Service
Administrator
Windows Web-
Hosting Service
Administrator
Reseller Full
Administrator
Store Manager
ServiceSchemaAdministrator
Allowed access to common service schema page and menu permissions.
SQL ServiceAdministrator
Manage the service, including all pages.
SQL User Allowed access to the summary details dialog.
StoreManager
Manage the web store dialogs, products, and bundles.
Store User Allowed online access to the web store and able to purchase services.
Template Userand ServiceAdministrator
Create user templates and configure services to them. This administrator cancreate a new user by using a default template.
UserAdministrator
Create, provision, and edit users for a customer.
User SyncAdministrator
Download and configure the AD Sync Tool to a domain controller.
User andServiceAdministrator
Enable the user to create and administer users and provision services for acustomer.This role is identical to the customer administrator. Assign this role to a user when
you require more than one customer administrator user in your organization or
hierarchy.
UserAdministratorService
Administrator
VirtualMachineAdministrator
Access the Virtual Machine Management pages.
Role Description ComponentRoles
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.130https://docs.citrix.com
Windows WebHostingServiceAdministrator
Create and configure web sites, add user permissions to web sites, and create usersecurity groups.
Role Description ComponentRoles
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.131https://docs.citrix.com
Copying or Creating a Security Role
Jun 05, 2015
The default roles in services manager cannot be deleted or modified but can be copied and used as a template for a new
role. You can also create a completely new role through the New Role dialog.
A security role consists of Role Setup and Role Permissions information and settings.
See:Role Setup
Role Permissions: Customers, Services, User Services, Users
Role Permissions: Menus, Pages, Reports
Copying a Security Role
When you copy an existing security role:The Role Setup area is blank.
The Role Permissions area contains the access settings of the copied security role.
1. Select Configuration > Security > Security Roles to display the list of security roles.
2. Click a role from the list to expand the role properties.
3. Click Copy at the bottom of the Role Management dialog.
A new Role Management dialog is displayed.
4. Complete the f ields and selections in the Role Setup area and modify the Role Permissions area as required, then click
Save.
Creating a Security Role
When you create a new security role:The Role Setup area is blank.
The Role Permissions access settings are set to a default value of None and all Menus, Pages, and Reports selections are
cleared.
1. Select Configuration > Security > Security Roles.
2. Click New Role.
A new Role Management dialog is displayed.
3. Complete the f ields and selections in the Role Setup area and modify the Role Permissions area as required, then click
Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.132https://docs.citrix.com
Role Setup
Jun 05, 2015
The Role Setup area of the Role Management dialog enables you to specify the service to which the role is applied, any
associated role groups (such as Exchange Users), administrator type, and other settings and information.
Name
Provide a descriptive name for the security role, using alphanumeric characters, including spaces.
Directory Name
Specify the name of an Active Directory security group to associate with the security role. Leave this value blank if you do
not want to create a group. Specify the name in the form of a pattern. For example, specify "HE [CustomerShortName}
USERS" for Hosted Exchange Users of a particular customer.
Description
Optionally describe the new security role.
Filter on Service
Select an existing service from the drop-down list. If a service f ilter is selected and the customer has been provisioned with
that service, the security role is available in the user or customer Account Settings dialog. Selecting this option enables the
Service Filter Scope setting.
Service Filter Scope
This setting is enabled if you selected a service from the Filter on Service drop-down list.
Select Customer to make the security role available if the customer is provisioned with the service. For example, an
administrator can view service administration dialogs when the service is provisioned to a customer.
Select User to activate the role to users provisioned with the associated service.
Mandatory
Select Enabled to automatically assign the security role to all users. The security role is not displayed on the user
Account Settings dialog.
Clear Enabled to make the security role selectable on the user Account Settings dialog.
Hidden
Select Enabled to hide the security role; that is, the security role is not visible to users other than the service
administrator. Use this option until the security role is ready to be applied to users or customers.
Clear Enabled to make the security role visible in the services manager.
Role Groups
Attach existing security roles to the new or edited security role. When assigned, the user or customer inherits the
permissions of the new or edited security role and the selected security roles.
Administration Role
Select Enabled to include this security role as common role to all users. The security role is displayed on the user Account
Settings dialog.
Select Clear to make this security role available to users through the Configure a custom role collection option displayed
on the user Account Settings dialog.
User role type
Select one of the following user role types. A related icon will appear next to the user when the security role is assigned:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.133https://docs.citrix.com
None
Service Administrator
User Administrator
User and Service Administrator
Available to all customers
Select Enabled to make the security role available to all customers. The role can be assigned to any user unless explicitly
denied to a customer when creating or editing the customer properties.
Clear Enabled to enable you to explicitly assign the role to a customer or reseller customer (which can then be assigned
to a user) from the Allowed Roles list available from the customer's Advanced Properties.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.134https://docs.citrix.com
Role Permissions: Menus, Pages, Reports
Jun 05, 2015
Note: This topic describes how to permit access to menus, pages, and reports for an individual security role as part of therole's definition. The topic PAGE MGT conf ig>security>page manager describes how to permit access to menus andpages for one or more security roles.The Role Permissions area of the Role Management dialog enables you to set the access permissions for the role. This
topic describes access permissions for Menus, Pages, and Reports. See also Role Permissions: Customers, Services, User
Services, Users .
You permit access to menus, pages, and reports by selecting the relevant item. Access to items not selected or cleared are
denied for the security role.
Managing Menus
Clicking the Menus tab enables you to view the top-level menus and other level submenus for the services manager.Submenus might have additional menus in their hierarchy and are not listed here.
Select a menu or submenu checkbox to permit access to the functions available from the menu.
Clear a menu or submenu checkbox to deny access to the functions available from the menu.
If you have f inished modifying the security role, click Save.
Top-level Menu Second-level Submenu
Customer CustomersNew Customers
Customer Services
Customer Hierarchy
Configuration
Users New UserUsers
Bulk User Import
Configuration
Services Any installed or provisioned services are listed here
Configuration Content ManagementProvisioning & Debug Tools
Security
System Manage
Shop
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.135https://docs.citrix.com
Reports License ReporterConfiguration
View Reports
My Account Personal DetailsSummary for any provisioned service, if configured
Password Change PasswordSecurity Questions
Logout None
Top-level Menu Second-level Submenu
Managing Pages
Clicking the Pages tab enables you to control the page view for the users associated with the security role.
Managing Reports
Clicking the Reports tab enables you to control the page view for the users associated with the security role.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.136https://docs.citrix.com
Exporting and Importing a Security Role
Jun 05, 2015
The services manager enables you to import and export roles between services manager environments. For example, you
can design and test security roles in a test or staging environment, then import the roles into one or more of your
production environments through an XML formatted file.
Before you begin
Before you import or export a role, consider the following:You cannot import a security role that already exists in the services manager.
Make any changes to security roles through the services manager, not by editing the XML f ile created by exporting a
security role. Importing an edited security role XML f ile guarantees that the import operation will fail.
To export a security role
1. Click Configuration > Security > Security Roles.
2. Expand the security role to export and click Export.
3. In the File Download dialog, save the XML f ile.
To import a security role
1. Click Configuration > Security > Security Roles.
2. In the Role Import area, click Browse to navigate to the exported security role XML f ile.
3. Click Import Role.
The security role is imported, as indicated by the message Role import completed. If any errors occur, try exporting the role,
then import it again.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.137https://docs.citrix.com
Exporting and Importing Services
Jun 05, 2015
Export and import customer services to transfer them between different CloudPortal Services Manager environments. For
example, service developers can create custom services and provide them to customers to import into their environments.
Customers can customize service settings and user plans in a test environment and then migrate the settings to a
production environment by exporting and importing services.
Service export and import is available for the services provided with CloudPortal Services Manager as well as for customized
services. A customized service is created through the CloudPortal Services Manager from Configuration > System Manager
> Service Schema.
To transfer a service between environments, export a service to a file and then import that file into a different CloudPortal
environment, as described in this topic. The import deploys and enables the service at the Top Environment Services level.
The export package file includes service properties, customer and user plans, roles and permissions, validation controls, web
server controls and assemblies, and provisioning engine assemblies, actions, and rules. A custom service created from the
Service Schema page includes only the database records for the service settings and plan properties. Before exporting a
custom service, add to it any provisioning engine or web server assembly (.dll) files that contain the code needed to run
actions on the provisioning server or to display custom user controls when provisioning the service on the web page. On the
Service Deployment page and at the Top Environment Services level, create default plans for the base service offering and
update default service properties such as patterns for file locations.
Prerequisites
Verify that the source and destination environments for the service have the same version of CloudPortal Services
Manager installed.
Verify that a user is configured with the two schema administrator roles (All Services Schema Administrator and Service
Schema Administrator), required to create a custom service or import or export a service.
Create the service (Configuration > System Manager > Service Deployment) or configure the property, customer plan,
and/or user plans to be transferred.
Test and validate the service to be exported. A service that contains errors will not appear in the CloudPortal Services
Manager interface.
To export a service
1. Log on to CloudPortal Services Manager.
2. From the main menu, choose Configuration > System Manager > Service Schema.
3. Expand the service to be exported.
4. Click Export to view the Export service to f ile area.
5. (Optional best practice) Specify the Creator, URL, and Version for the service. The URL should be the full path to the
developer’s site.
6. In the Preview area, review the items to be included in the export f ile and update as needed.
7. To add an assembly f ile (.dll) to the export package for a custom service:
1. In the Add f ile area, click Browse, navigate to the .dll f ile, and click Open.
2. Choose the folder for the dll f ile and then click Add.
8. Click Export.
9. Save the exported f ile.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.138https://docs.citrix.com
To import a service
1. Log on to CloudPortal Services Manager. This operation requires these user roles: All Services Schema Administrator and
Service Schema Administrator.
2. From the main menu, choose Configuration > System Manager > Service Schema.
3. Under Service Management, click Import a service.
4. Click Browse to navigate to and select the service and then click Open.
5. To review the items included in the package f ile, click Preview and update the selections as needed. Components that
already exist on the system are highlighted.
6. Click Import. An “Import Complete” message displays, followed by a list of the actions performed during the import.
When web components are imported, the CloudPortal Services Manager restarts and automatically logs out all users
from Services Manager.
7. Restart all provisioning servers across all locations. The provisioning servers are updated with any new rules and f iles.
8. Use the Services Manager interface to update customer and user plans and service settings as needed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.139https://docs.citrix.com
Configuring and Managing Services
Jun 05, 2015
Updated: 2012-11-06CloudPortal Services Manager supports a variety of services that service providers can provision to resellers and customers.Service configuration typically involves the following tasks:
Enable the service
Add credentials for accessing the servers and management tools
Add the servers associated with the service
Assign service roles to the servers
Add service connections to integrate the servers into the CloudPortal Services Manager
Assign servers to a collection (does not apply to many services)
Configure the service settings
The configuration steps differ for each service and are described in detail in the topics dedicated to each service.
About Service Configuration
Service property settings:
All services are enabled at both the Top Environment Services level and the Active Directory Location Services level.
The service settings at the Top Environment Services level are inherited by all locations configured in the Services
Manager. Typically the top level service setting defaults are suff icient and do not require modif ication.
For some services, a customer plan and/or user plan must be configured before the service is enabled at the Active
Directory Location Services level.
To reset a service setting to the default value, clear the check box for the property and apply the change. The next
time the service settings are opened, the default value for the property appears.
Control access to a property setting by expanding it and setting the Hierarchy Permission.
Credentials: You cannot remove a credential after it is assigned to a Web Service connection.
Servers: In most cases, server information is retrieved without any action from the service provider. A server that is
outside of the hosting domain must be manually added to the servers list (Configuration > System Manager > Servers).
Note: When servers that are not joined to the hosting domain are added to the servers list, the server appears in the list
with a yellow indicator to denote the Directory web service cannot retrieve the server. The server can still be used for
managing server roles and creating new server connections. When the server is joined to the hosting domain, this
indicator changes to green. When adding a server that is not joined to the hosting domain to the server list, ensure the
Alias f ield, under Server Setup, points to the server's IP address, FQDN, or DNS alias, as appropriate.
Server Connections: Server connections configure Services Manager with a web service that is installed on the server. If
multiple web services are configured for a Web Service component, Services Manager assigns a primary and secondary
web service for failover.
Server Collections: Server collections group multiple servers for some services, including Citrix Services, Microsoft SQL
Services, MySQL Services, and Windows Web Hosting Services. If a server collection and its servers should be available to
all resellers, enable Automatic reseller selection. If a server collection should be enabled by default to all customers,
enable Automatic customer selection.
Services and Customer Provisioning
Enable customer and user plans on the root Service Provider customer's reseller service after enabling them at the Top
Environment Services level and the Active Directory Location Services level. After that, the customer and user plans can
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.140https://docs.citrix.com
be provisioned to a customer.
Re-provision customers after changing customer plans.
A service that is provisioned to customers cannot be disabled at the Top Environment Services level until it has been de-
provisioned from all customers/resellers and deleted from the Active Directory Location Services level.
Applying Cost Values to Service Properties
Service providers can apply a cost value to service properties at various levels (service level, customer plan, and user plan)
depending on the type of service. The values are used in monthly billing reports. Pricing values are inherited from the Top
Environment Services level and overridden at the reseller and customer levels.
The Prices properties typically appear at the end of the service, customer plan, and user plan settings. The properties include
a cost price and sales price. Cost price is the minimum price for a user plan. Sales price is the recommended purchase price,
with a recommended value that is equal or greater than the cost price. The Prices properties for Exchange Services also
include a price per mailbox value that is the unit price for mailbox usage that exceeds the agreed limit for public folders.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.141https://docs.citrix.com
Virtual Machine Services
Jun 05, 2015
Updated: 2014-01-06CloudPortal Services Manager Virtual Machine Services deliver virtual datacenters from the cloud. Virtual Machine Servicesintegrate with Microsoft System Center Virtual Machine Manager (SCVMM) for VM management and support MicrosoftHyper-V Server.
Prerequisites
Install CloudPortal Services Manager Virtual Machine Web Services.
Create a self-service user role in SCVMM, with the following settings:
User role name: SelfService
User role profile: Self-Service User
Role member: CortexWSUser
Select the VM host groups that Services Manager will manage
Grant permissions: All actions
Allow users to create new VMs
Do not allow users to store VMs in a library
To configure Virtual Machine Services
1. Enable the service (top level): From the main menu, choose Configuration > System Manager > Service Deployment,
expand Virtual Machine, and click Save.
2. Expand Virtual Machine, click Customer Plans, create a customer plan if one is not already created, and then verify and
save the settings. Customer plan settings include per-customer machine limits and whether dynamic disks are used.
Typically, dynamic disks are disabled to avoid over-subscription of disk storage. However, some Service Providers enable
dynamic disks to increase provisioning speed.
3. Enable and configure the service (location level): Under Service Filter, select Active Directory Location Services, choose a
Location Filter if applicable, expand Virtual Machine, and click Service Settings. Verify the settings, making sure that the
following settings are configured, and then save the service:
RDP Console URL
Defaults to VMConnection.aspx.
Self Service Role
Set to SelfService, the name of the self-service user group configured in SCVMM.
Virtual Machine Path
If the customer will use clustered Hyper-V hosts, change the path from
{PreferredDrive}Images{CustomerShortName} to {PreferredDrive}{CustomerShortName}. That change helps
prevent folder creation errors in the cluster shared volume.
4. Add the credentials for the service account: From the main menu, choose Configuration > System Manager > Credentials
and create the account, using the fully-qualif ied domain name.
5. Enable the server:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.142https://docs.citrix.com
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the SCVMM server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
6. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the
SCVMM server.
2. Under Server Connection Components, select Virtual Machine. Virtual Machine refers to the VirtualMachineWS.
3. Under Server Roles, select Virtual Machine Manager and then click Save. Virtual Machine Manager indicates that
SCVMM is installed on the server.
7. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information for the SCVMM server.
Server Role
Choose Virtual Machine.
Server
Choose the server where the VM web service is running.
Credentials
Choose the credentials for the service.
URL Base
Defaults to /VirtualMachine/VirtualMachine.asmx.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Citrix recommends that you change the setting from 200000 to 2000000 milliseconds. This increases the timeout
to about 35 minutes, needed for disk creation operations.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
column for the SharePoint server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
To synchronize resources
This procedure verifies the server role and connection configuration and retrieves information from the SCVMM server.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.143https://docs.citrix.com
1. From the main menu, choose Services > Virtual Machine > Configuration > Virtual Resource Manager.
2. Under Environment, choose the Location and SCVMM server. Incorrect entries in those lists indicate incorrect
configuration of server roles or server connections.
3. Click Refresh. The message "The Resources were updated successfully" appears. If it does not, verify the configuration.
4. Expand the resource folders and verify their contents:
1. Provide user-friendly labels and group names. For example, you might rename "Server03x64WE-DE” to “64-bit
Windows Server 2003 – German".
2. Review assignments.
3. Assign sets of items to groups, such as "SQL Server DVDs", to speed selection of resources during provisioning.
5. (Optional) Import existing Hyper-V VMs into CloudPortal tenants: Before moving a VM to a tenant, verify that it resides
on a host assigned to that tenant, along with the relevant VLANs.
1. Expand Virtual Machines and locate a VM not yet managed by CloudPortal (their names appear dimmed).
2. Select the VM and use the right pane to search for a tenant.
3. Click Provision to put the VM under CloudPortal management.
To configure virtual networks
You can create the following types of VLANs using CloudPortal Services Manager:Dedicated – Can be assigned to one tenant only (most commonly used).
Shared – Can be assigned to one or more tenants.
Reserved – Not usable for tenants. For instance, you might add an out-of-band management VLAN to ensure a tenant
is not accidently placed into the same network.
Mandatory – Available to all tenants.
You can assign multiple subnets to a VLAN and use CloudPortal Services Manager to define a default gateway, DNS servers,
and range for the subnet.
To configure virtual networks, choose Services > Virtual Machine > Configuration > Virtual Network Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.144https://docs.citrix.com
CRM 4 Services
Jun 05, 2015
The Services Manager CRM service enables you to deliver Microsoft Dynamics CRM 4.0. This service supports Internet-
Facing Deployments (IFDs), which makes CRM 4.0 organizations available from the Internet. To configure IFD support, use
the procedure "To configure support for Internet-facing deployments" included in this topic.
PrerequisitesA CRM administrator account (used for CRM administration only):
Add to the PrivUserGroup in Active Directory Users and Computers.
If there is a GUID after the group name, choose the correct group for the CRM instance.
Add to the local Administrator group in Computer Management for the SQL server(s).
Add to the local Administrator group in Computer Management for the CRM server(s) to be managed through Services
Manager.
Grant full control permissions to the CRM security groups and that OU that contains those groups.
Add the CRM service account to the CortexAdmins group.
Add as a Deployment Administrator in CRM Deployment Manager.
Add as a System Administrator in the CRM 4.0 default organization under User Settings.
Grant Content Manager permissions in SQL Server Reporting Services used by CRM.
Configure the Service Principal Name (SPN) of the CRM administrator account with the name of the CRM server.
On a domain controller, run the following command:
setspn -A http/CRM_SERVER_FQDN "LAB1CRMAdmin"
where CRM_SERVER_FQDN is the fully-qualified domain name of the CRM server and CRMAdmin is the CRM
Administrator account.
Change the CRM Application Pool identity to use the CRM administrator account. For IIS 7:
1. Open IIS Manager on the CRM server.
2. Navigate to CRMAppPool, select it, and in the Actions pane click Advanced Settings.
3. In the Process Model section, select Identity, click Browse, click Custom account, and then click Set.
4. Enter the credentials for the CRM administrator account.
In crmlocationMSCRMServicesweb.config, set the impersonate value to true: <identity impersonate="true"/>
Configure Windows Authentication on the CRM site:
This requirement does not apply to IIS 6 or IIS 7 if Forms Authentication is used.
Disable Ensure Anonymous authentication.
Enable Windows Authentication.
Disable user creation in CRM 4. Use the procedure "To disable user creation" included in this topic.
To disable user creation
Perform this procedure on each CRM 4 server to be managed by Services Manager.
1. Download and install the Microsoft Dynamics CRM 4 deployment configuration tool for your 32-bit or 64-bit operating
system. This tool is available to download from the Microsoft Download Center Web site.
2. Extract the deployment f iles to a directory of your choosing. For example, C:crmdeploy.
3. Copy the folder and contents of the Services Manager CRM 4 Web service and paste it to the default CRM 4 Web site
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.145https://docs.citrix.com
location. For example, C:Program FilesMicrosoft Dynamics CRMCRMWebMSCRMServices.
The CRM Web service folder contains the following f iles:
Web service f ile: crmdeploy.asmx
Config f ile: web.config
4. Edit the web.config f ile and configure the DeploymentPath setting to use the full path to the deployment tool
executable you extracted in Step 2. For example, C:crmdeploymicrosoft.crm.deploymentconfigtool.exe.
To configure the CRM 4 service
1. Enable the service (top level) and create a customer plan:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Top Environment Services.
3. Expand Customer Relationship Management 4, click Customer Plans, and create a customer plan.
4. Click Apply Service, and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter if applicable.
2. Expand Customer Relationship Management 4, and click Save.
3. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. If the CRM server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
4. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the CRM server where both the Microsoft Dynamics CRM Web service and the Services Manager CRM Web
service are installed.
2. Under Server Connection Components, select CRM 4 and then click Save.
3. Under Server Roles, select CRM 4 Application Server and then click Save.
4. Expand the entry for the SQL server hosting the CRM instances.
5. Under Server Roles, select CRM 4 SQL Server, and then click Save.
5. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the web service.
Server Role
Choose CRM 4.
Server
Choose the server where CRM is installed.
Credentials
Choose the credentials for CRM. This should match the credentials of the CRM service account.
URL Base
Defaults to /MSCRMServices/2007/CRMService.asmx.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.146https://docs.citrix.com
Protocol
Defaults to http.
Port
Specify the port used by the CRM web service.
Timeout
Set this value to -1 (unlimited).
2. Click Save.
3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the
icon in the Test column for the CRM server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
6. Configure the customer plan at the Active Directory level:
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment, select Active
Directory Location Services, choose a Location Filter if applicable, expand Customer Relationship Management 4 , and
then click Customer Plans.
2. For CRM Servers and SQL Server, select the check box to enable the servers, click Reload, and then select the check
box for the applicable servers.
3. If you are not using the default SQL instance, select the check box for Report Server SRS URL and enter the URL.
4. Click Apply changes and then click Save.
To configure support for Internet-facing deployments
Before configuring IFD support in Services Manager, ensure the CRM 4 server is configured as an IFD. For additional details
and guidance, refer to the guide "Microsoft Dynamics 4.0 Internet Facing Deployment Scenarios," available for download
from the Microsoft Web site.
Use this procedure to enable the Services Manager CRM service to support IFDs.
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Top Environment Services.
3. Expand Customer Relationship Management 4, click Customer Plans, and then create a new customer plan or modify an
existing one.
4. Click Apply Service and then click Save.
5. Under Service Filter, select Active Directory Location Services, and choose a Location Filter if applicable.
6. Expand Customer Relationship Management 4 and expand the customer plan you created or modif ied at the top
environment level.
7. Configure the following settings:
Add Host Header: Select this option to add a host header to the "Microsoft Dynamics CRM" IIS site hosted on the
CRM 4 server.
Create Customer Organizations: Select this option.
IFD domain pattern: To specify a domain pattern, use the default prefix value {ServiceProperties}("UniqueOrgName).
For example, "{ServiceProperties}(UniqueOrgName).crm.domain.com, where crm.domain.com is the value configured
for the server's "IFD App Root Domain" using the IFD configuration tool.
Report server SRS URL: This is the same URL that is required when a new CRM 4 site is created manually using the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.147https://docs.citrix.com
Deployment Manager.
SQL Server: Select a SQL Server to be used for hosting the CRM 4 organization database.
User login URL: Specify the URL to the organization Web site. This property can be used for email notif ications to
provisioned users, instructing them how to access the CRM 4 site. This property is not used during the provisioning
process.
8. Click Apply changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.148https://docs.citrix.com
Microsoft Lync 2010 for Hosting Services
Jun 05, 2015
Before configuring the Lync 2010 for Hosting service, ensure you have the following items:Your Lync 2010 topology is configured.
You have added the computer accounts for the Lync 2010 servers to the CortexAdmins security group.
The Lync 2010 for Hosting Web service is installed on the Lync Front-End server.
You have obtained the Lync 2010 for Hosting service package (/Services/LyncHosted/LyncHosted.package).
CloudPortal Services Manager Lync Services deliver unified communication services from the cloud. Installation of Lync
Services creates a Web site on the Lync Front-End server. Both the CloudPortal Web Server and CloudPortal Provisioning
Server issue commands on the Lync Front-End Server using a Web service.
When configuring the Lync 2010 for Hosting service, you create user and customer plans for resellers to offer their
customers. The user plans consist of Lync features (specified at the top level) and Lync user policies (added at the location
level). Lync user policies are initially defined for the location in which the Lync server resides. When you select policies for a
user plan, Services Manager displays the individual policies from the Lync server in the Configure User Plans dialog box.
To import the Lync 2010 for Hosting service package
The Lync 2010 for Hosting service needs additional properties, rules, and actions to support billing features. Import the Lync
2010 for Hosting service package to update the Lync service with those required items before configuring the Lync service.
To perform this task, ensure your security role includes the All Services Schema Administrator and Service Schema
Administrator roles.
1. From the Services Manager menu bar, select Configuration > System Manager > Service Schema.
2. Under Service Management, click Import a service.
3. Click Browse to navigate to and select LyncHosted.package, click Open, and click Import. An “Import Complete” message
displays, followed by a list of the actions performed during the import. The connection to CloudPortal Services Manager
might reset.
4. Restart all provisioning servers across all locations. The provisioning servers are updated with any new rules and f iles.
5. Log on to Services Manager.
To configure the Lync 2010 for Hosting service
1. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. Click Refresh Server List.
3. Expand the entry for the Lync server and, in Server Enabled, verify that the Enabled check box is selected.
2. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the Lync server.
2. Under Server Connection Components, select LyncHosted and then click Save.
3. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the Web service.
Server Role
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.149https://docs.citrix.com
Choose LyncHosted.
Server
Defaults to the Lync server.
Credentials
Choose the credentials for the Lync server.
URL Base
Defaults to /LyncHostedWS/Lync.asmx.
Protocol
Select http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
4. Create user and customer plans at the top level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, ensure Top Environment Services is selected.
3. Under Services Overview, expand Lync 2010 for Hosting.
4. Click User Plans, enter a Name such as Default for the user plan, and then click Create.
5. In the Configure User Plans dialog box, in Telephony Options, select one of the following Lync features and click Apply
Changes:
PC-to-PC communication only
Remote call control
Enable Enterprise Voice
Audio/video disabled
6. Click Customer Plans, enter a Name such as Default for the customer plan and click Create.
7. Click Apply Changes and then click Save.
5. Enable user and customer plans and assign policies at the location level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Expand Lync 2010 for Hosting.
4. Click User Plans, select Enabled for the user plan, and then expand the user plan.
5. Expand Lync User Policies and select the policies you want to enable for provisioned users. To specify a configured
policy from the Lync topology, click Reload and then select the appropriate policy. Click Apply Changes.
6. Click Customer Plans and select Enabled for the customer plan.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.150https://docs.citrix.com
7. In Registrar Pool, type the pool to which provisioned users will be assigned.
8. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.151https://docs.citrix.com
MySQL Services
Jun 05, 2015
CloudPortal Services Manager MySQL Services host MySQL databases from the cloud.
Prerequisites
Install the MySQL ODBC connector (http://www.mysql.com/downloads/connector/odbc/5.1.html) on the server that will
be installed with the MySQL Web Service.
Install CloudPortal Services Manager MySQL Web Service.
To configure MySQL Services
1. Enable the service (top level) and create a default customer plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand MySQL.
2. Click Customer Plans, enter a Name such as Full, click Create, and then click Save.
2. Add MySQL credentials: From the main menu, choose Configuration > System Manager > Credentials, click Add, and
specify the credentials (using MySQL as the Domain), and then click Add. The MySQL user must have all rights that are
listed in the MySQL users table, including References_priv.
3. Enable and configure the service (location level):
1. From the main menu, choose Configuration > System Manager > Service Deployment, under Service Filter select Active
Directory Location Services, and choose a Location Filter if applicable.
2. Expand MySQL and then click Service Settings.
3. Select the MySQL Credentials check box, choose the credentials you created in Step 3, click Apply changes, and then
click Save.
4. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the
server hosting MySQL.
2. Under Server Connection Components, select My SQL.
3. Under Server Roles, select MySQL Hosting and then click Save.
5. Create a server collection:
1. From the main menu, choose Configuration > System Manager > Server Collections.
2. If the Location Filter appears, select the relevant location from the list.
3. Click New Server Collection.
4. Enter a Name for the collection, such as MySQLWindows. The name cannot contain spaces.
5. From the Service list, choose MySQL.
6. In the Servers list, select each server hosting MySQL to be managed under this server collection and then click Save.
6. Create a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information for the server hosting MySQL.
Server Role
Choose MySQL.
Server
Choose the server where the MySQL service is running.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.152https://docs.citrix.com
Credentials
Choose the credentials for the MySQL service.
URL Base
If needed, change the default value for the service.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
column for the SharePoint server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.153https://docs.citrix.com
Microsoft Lync Enterprise Services
Jun 05, 2015
Updated: 2013-02-22CloudPortal Services Manager Lync Services deliver unif ied communication services from the cloud. Installation of LyncServices creates a web site on the Lync Front-End server. Both the Services Manager Web server and Provisioning serverissue commands on the Lync Front-End Server using a web service.
Prerequisites
Install CloudPortal Services Manager Lync Enterprise web service on the Lync Front End server.
Obtain the Lync Enterprise (/Services/LyncEnterprise/LyncEnterprise.package) service package from the CloudPortal
Services Manager 10.0 installation media.
To import the Lync Enterprise service package
The Lync Enterprise service provided with CloudPortal Services Manager needs additional properties, rules, and actions to
support billing features. Import the Lync Enterprise service package to update the Lync Enterprise service with those
required items before configuration.
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Schema.
2. Under Service Management, click Import a service.
3. Click Browse to navigate to and select LyncEnterprise.package, click Open, and then click Import. An “Import Complete”
message displays, followed by a list of the actions performed during the import. The connection to CloudPortal Services
Manager might reset.
4. Restart all provisioning servers across all locations. The provisioning servers are updated with any new rules and f iles.
5. Log on to Services Manager.
To configure the Lync Enterprise service
1. Enable the service (top level) and create user and customer plans:
1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand Lync
Enterprise.
2. Click User Plans, enter a Name such as Default for the user plan, and then click Create.
3. Click Customer Plans, enter a Name such as Default for the customer plan, click Create, and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services.
2. Choose a Location Filter, if applicable.
3. Expand Lync Enterprise and click Save.
3. Enable the server:
1. From the main menu, choose Configuration > System Manager > Servers.
2. Click Refresh Server List.
3. Expand the entry for the Lync server and verify that Server Enabled is selected.
4. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the Lync
server.
2. Under Server Connection Components, select Lync and then click Save.
5. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.154https://docs.citrix.com
select or type the following information for the web service.
Server Role
Choose Lync.
Server
Defaults to the Lync server.
Credentials
Choose the credentials for the Lync server.
URL Base
For Lync Enterprise, this entry defaults to /LyncWS/Lync.asmx.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.155https://docs.citrix.com
BlackBerry 5 Services
Jun 05, 2015
CloudPortal Services Manager BlackBerry 5 Services host BlackBerry Enterprise Server (BES) 5 from the cloud, providing push-based access to Exchange, Office Communications Server, Customer Relationship Management, and other applicationsfrom BlackBerry devices.BlackBerry Services can be provisioned with Services Manager Hosted Exchange services and support Exchange 2010
Enterprise and Exchange 2007. Services Manager can manage multiple BESs.
Prerequisites
Provision customers and users with CloudPortal Services Manager Hosted Exchange Services.
To configure BlackBerry 5 Services
1. Enable the service (top level) and create a default customer plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand BlackBerry 5.
2. Click Customer Plans, create a customer plan named Default, click Apply Service, and then click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand BlackBerry 5, and click Save.
3. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the BES
5.
2. Under Server Connection Components, select BlackBerry 5 API and then click Save.
4. Add credentials: From the main menu, choose Configuration > System Manager > Credentials and add the BES5 service
account. If the account is not an AD account (that is, it is an internal BES account), set Domain to CortexBESInternal.
5. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information for the connection.
Server Role
Choose BlackBerry 5 API.
Server
Choose the BES 5 server.
Credentials
Choose the credentials for the BES.
URL Bases
Defaults to /.
Protocol
Defaults to http.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.156https://docs.citrix.com
Port
Defaults to 443. If you change the port here, change it also in the BES.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
column for the server with the BlackBerry 5 API installed. The icon turns green for a successful connection. A red icon
indicates an unsuccessful connection. Mouse over it for information about the failed connection.
6. Configure service settings:
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
BlackBerry 5.
2. Click Service Settings, update the settings as needed, click Apply changes and then click Save.
7. Configure the customer plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment, select Active Directory Location
Services, choose a Location Filter if applicable, expand BlackBerry 5, click Customer Plans, and then expand the
Default customer plan.
2. Select the Instance check box, click Reload if needed to load the BlackBerry instance data, and then select the check
boxes for all applicable instances.
3. Select the IT Policies check box, click Reload if needed to load the BlackBerry policies data, and then select the check
boxes for all applicable policies.
4. Click Apply changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.157https://docs.citrix.com
BlackBerry 4 Services
Jun 05, 2015
CloudPortal Services Manager BlackBerry 4 Services host BlackBerry Enterprise Server (BES) 4 from the cloud, providingpush-based access to Exchange, Office Communications Server, Customer Relationship Management, and otherapplications from BlackBerry devices.BlackBerry 4 Services support Exchange 2007 and 2003. Services Manager can manage multiple BESs.
Prerequisites
Provision customers and users with CloudPortal Services Manager Exchange Services.
Install CloudPortal Services Manager BlackBerry Web Service.
Install BESUserAdminService on the BES 4 server (and start the service) and install BESUserAdminClient on the server
where the Services Manager BlackBerry Web Service is installed.
Those components are included in the BES User Administration Tool that is available for download from the BES
Resource Kit site.
Configure BESAdmin user (the user that runs the BlackBerry 4 Web Service) as an Enterprise Admin in BlackBerry Manager
and add BESAdmin to the CortexAdmins group in Active Directory.
To customize BES to look up user addresses using LDAP
If you host a BES for multiple subscribers, you must customize address lookup to restrict users from accessing contact
information from another organization.
1. Log on to a BES 4 server, start the registry editor, and browse to HKEY_LOCAL_MACHINESoftwareResearch In
MotionBlackBerry Enterprise ServerAgents.
2. Create the following keys:
Key type Name Value
DWORD Value AllowAddressLookup 1
DWORD Value HostedServer 1
DWORD Value LDAPSearch 1
DWORD Value LDAPALPSearch 1
String Value LDAPCompanyField ExtensionAttribute15
3. From the Services window (on the BES server), restart the BlackBerry Controller service.
4. Repeat this procedure for each BES.
To configure BlackBerry 4 Services
1. Enable the service (top level) and create a user plan:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.158https://docs.citrix.com
1. From the main menu, choose Configuration > System Manager > Service Deployment, and expand BlackBerry.
2. Click User Plans, enter a name such as Default, click Create, click Apply Changes, and then click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand BlackBerry, and click Save.
3. Add credentials: From the main menu, choose Configuration > System Manager > Credentials and add the Services
Manager Web Services credentials.
4. Enable the server:
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the BES servers are not listed, click Refresh Server List.
3. Expand the entry for each BES and verify that Server Enabled is selected.
5. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand an entry for BES 4.
2. Under Server Roles, select BlackBerry Enterprise Server, and click Save.
3. Expand the server where the BlackBerry Web Service is installed and under Server Connection Components, select
BlackBerry, and then click Save.
6. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information for the connection.
Server Role
Choose BlackBerry.
Server
Choose the server where the BlackBerry Web Service is installed.
Credentials
Choose the credentials for the BlackBerry Web Service.
URL Base
Enter /BlackBerryWS/BlackBerry.asmx.
Protocol
Select http.
Port
Defaults to 8097. If you change the port here, change it also in the web service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.159https://docs.citrix.com
column for the server where the BlackBerry Web Service is installed. The icon turns green for a successful connection.
A red icon indicates an unsuccessful connection. Mouse over it for information about the failed connection.
7. Configure service settings:
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
BlackBerry.
2. Click Service Settings, update the settings as needed, click Apply changes and then click Save.
8. Configure user plans:
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
BlackBerry.
2. Click User Plans, expand a user plan, and specify the BESAdminClient Password, BESAdminClient Path, and BlackBerry
Servers. The BESAdminClient Path must match the path set in the BlackBerry web.config f ile (AppSettings tab).
3. Click Apply changes and then click Save.
To complete the configuration
1. Log on to the server running the Services Manager BlackBerry Web Service.
2. Open the BlackBerry web.config f ile, typically in C:Program
FilesCitrixCortexCortexBlackBerryWSCortexBlackBerryWSRoot, and verify the BESAdminClient path and password under
AppSettings:
<add key="BESAdminClientPath" value="C:Program FilesCitrixCortexBESUserAdminClientBESUserAdminClient.exe"/>
<add key="BESAdminClientPassword" value="password"/>
The BESAdminClientPath is the path where BESAdminClient.exe and CE.dll are installed.
3. Restart the BES 4 servers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.160https://docs.citrix.com
DNS Services
Jun 05, 2015
CloudPortal Services Manager DNS Services provide Domain Name Service (DNS) hosting from the cloud. DNS Servicesrequire no installation and use a WMI connection to the DNS server. DNS Services support Windows (WMI) and BIND(UNIX) DNS.
Prerequisites
Firewalls: Open DNS port (53) and RPC ports (various) bi-directionally between the DNS server(s) and both the
CortexWeb and Provisioning servers.
RPC uses random ports above port 1056, therefore non-stateful inspection firewalls might require open ports above
1056.
DNS service account used for provisioning: Add to the local administrators group.
DNS environment:
Computer name must have a DNS suff ix.
If the DNS server is outside of the CloudPortal domain, the DNS suffix for the CloudPortal domain must be on the
DNS server.
DNS application must have a zone for the DNS suff ix.
DNS zone must have an "A" DNS record.
If the DNS server is outside of the CloudPortal domain, the DNS "A" record must be in the format
dnsServerName.CloudPortalDomain.
Example: Suppose an external DNS (DNS01) is in a workgroup and the CloudPortal Services Manager is in the domain
cloudportal.com. In that case, a DNS record DNS01.cloudportal.com must be on the external DNS.
User Access Control (UAC) must be removed from each DNS server.
To configure DNS Services
1. Enable the service (top level): From the main menu, choose Configuration > System Manager > Service Deployment,
expand DNS, and click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand DNS, and click Save.
3. Add the credentials for the DNS service account: From the main menu, choose Configuration > System Manager >
Credentials and create the account, using the fully-qualif ied domain name.
4. Enable the server:
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the DNS server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles to each DNS server:
1. From the main menu, choose Configuration > System Manager > Server Roles, choose a Location Filter if applicable,
and then expand the entry for a server that will host the DNS zones.
2. Under Server Roles, select DNS, and then click Save. The DNS role is used for both Windows DNS and BIND DNS.
6. Update service settings as needed: From the main menu, choose Configuration > System Manager > Service Deployment,
select Active Directory Location Services, choose a Location Filter if applicable, expand DNS, and then click Service
Settings. Required settings:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.161https://docs.citrix.com
DNS Credentials
Required credentials that have read and write access to the DNS server.
Is Server 2008 Provisioning
Select the check box if you use Microsoft Server 2008 for provisioning.
Primary DNS Server
Choose the server that hosts the DNS service.
(Optional) Secondary DNS Server
Select the check box for each secondary DNS server to be used. All secondary servers regularly perform zone
transfers from the primary server to provide redundancy and load balancing.
SOA Responsible Person
Enter the email address of the person responsible for administering the domain's Start of Authority (SOA) record.
Update Method
Choose WMI (Windows) or UNIX (BIND).
Zone Credentials
Choose the credentials for managing DNS zones.
7. To verify the configuration: Provision the DNS service to a customer and then go to Services > DNS > DNS Records to
create test records. The service is working correctly if no errors occur during record creation.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.162https://docs.citrix.com
Mail Archiving
Jun 05, 2015
The Mail Archiving service enables CSPs and resellers to set up Exchange 2007 and 2010 journaling rules for their customers.
Incoming and outgoing email are included in a journal report which is sent to the customer's journaling inbox. The journal
report contains the transport envelope data of the archived message and the original message is included as an
attachment.
Services Manager supports the following journaling types:Internal journaling
External journaling
Global Relay, where mail is archived offsite through the Global Relay Message Archive service
The Mail Archiving service's customer plan defines the journaling type that is provisioned to customers.
1. Enable the service at the top level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment and then expand
Mail Archiving.
2. Click Save.
2. Enable the service at the location level:
1. Under Service Filter, select Active Directory Location Services.
2. Choose a location f ilter, if applicable.
3. Expand the Mail Archiving service, click Service Settings, and perform either of the following actions:
If you are using internal or external archiving, leave the setting defaults.
If you are using Global Relay, enter the service URL (typically
https://controlcenter.globalrelay.com/hxapi/Service.asmx) and the customer's Global Relay email and password
information. Click Validate to confirm the settings are valid.
4. Click Apply Changes.
3. At the location level, expand the Mail Archiving service and then expand the customer plan you want to enable. Use the
following table to configure the appropriate settings.
PlanTemplate
Template Property
Internal
Relay
Archive Type: Generic Internal
Mail Databases: Specify the location of the internal journal mailbox
External
Relay
Archive Type: Generic External
Global Relay Archive Type: Global Relay
Global Relay IMAP Port: 993
Global Relay IMAP Server: Specify the external address configured to allow Global Relay to download
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.163https://docs.citrix.com
the customer's mail
Mail Databases: Specify the location where the Global Relay archiving mailboxes are stored
PlanTemplate
Template Property
4. Click Apply Changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.164https://docs.citrix.com
SharePoint 2010 Services
Jun 05, 2015
Updated: 2013-05-03The SharePoint 2010 service for Services Manager delivers a SharePoint web site to share documents and information fromthe cloud. CloudPortal Service Manager integrates with SharePoint servers through a Windows Communication Foundation(WCF) service.The SharePoint 2010 service has one standard user plan (named Full) applied to all users. The standard user plan assigns
users to a specific Active Directory (AD) security group which does not affect user access within the SharePoint site. You do
not need to manage the individual users in the SharePoint application. AD Domain Services (ADDS) manages the users for
you.
The SharePoint 2010 service includes twelve customer plans that support common configurations. You can disable the
default plans and create new ones. However, you cannot switch to a different customer plan after provisioning. For details
about the default customer plan properties and patterns, see SharePoint 2010 Default Customer Plans .
Prerequisites
Install the SharePoint 2010 web service on SharePoint servers in your environment.
Enable the DNS service and enable DNS records for SharePoint 2010 Services.
Install and configure the Windows Web Hosting service on the SharePoint 2010 server.
To configure the SharePoint 2010 service
1. Enable the service (top level): From the Services Manager menu bar, choose Configuration > System Manager > Service
Deployment, expand SharePoint 2010, and click Save.
2. Enable and configure the service (location level):
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
SharePoint 2010.
2. Click Service Settings, expand Configuration, and specify an Application Pool Account. The account must be an
administrator in SharePoint and entered using the exact form as the value returned by the PowerShell cmdlet Get-
SPProcessAccount.
3. Click Apply changes and then click Save to enable the service.
3. Add the credentials for the SharePoint service account: From the Services Manager menu bar, choose Configuration >
System Manager > Credentials and create the account, using the fully-qualif ied domain name.
4. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. If the server where the SharePoint WCF service is running is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles for each server to be added to a SharePoint farm:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the server.
2. Under Server Connection Components, select SharePoint 2010.
3. Under Server Roles, select SharePoint 2010 Farm and then click Save.
6. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, click New
Connection, and then select or type the following information for the SharePoint WCF service running on the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.165https://docs.citrix.com
SharePoint 2010 server.
Server Role
Choose SharePoint 2010.
Server
Choose the server where the SharePoint WCF service is running.
Credentials
Choose the credentials for the SharePoint WCF service.
URL Base
Enter /sharepoint2010/sharepoint.svc.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections and click the
icon in the Test column for the SharePoint server. The icon turns green for a successful connection. A red icon
indicates an unsuccessful connection. Mouse over it for information about the failed connection.
To add and configure SharePoint farms
1. Add SharePoint farms:
1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farms and then choose a Location.
2. Click Add, enter a user-friendly Farm name, choose a Server for the farm, and then click Update. The farm name is
visible to customers during resource and site configuration. After a server is allocated to a farm, you cannot allocate it
to another farm.
2. Configure multi-tenancy features on SharePoint farms:
1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Farm Configuration and then choose a
Location and Farm.
2. Under Managed Accounts, either choose a domain account or specify the credentials to apply the SharePoint 2010
service account to an existing user. The account specif ied is used in the next two steps.
3. If a default web application is not already created, create one. Use IIS to determine if a default web application was
created during the SharePoint 2010 installation.
4. Under Proxy Group, enter a Proxy Group Name, and then click Create. The default web application is associated with
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.166https://docs.citrix.com
this proxy group. This step can take several minutes to complete.
5. Under Site Subscription, complete the settings, and then click Create. The site subscription tenant service starts. This
step can take several minutes to complete.
3. To import web templates from a farm: From the SharePoint 2010 Farm Configuration page, click Retrieve Web
Templates. After web templates are stored in the CloudPortal database, they can be assigned to a SharePoint site
during customer provisioning.
To add and configure SharePoint feature packs
A SharePoint feature pack is a collection of SharePoint features. The Services Manager displays the feature packs
configured on a SharePoint farm and enables you to create new feature packs from a list of the features installed on the
SharePoint server.
1. From the Services Manager menu bar, choose Services > SharePoint 2010 > Feature Packs, choose a Location and Farm,
and then click Retrieve Feature Packs.
2. To add a feature pack, click New Feature Pack, enter a user-friendly Name, and add the features for the feature pack.
You can add the features individually or click a default feature pack (such as foundation or enterprise). The Name is
visible to customers during resource configuration. After a feature pack is added, it can be configured for a customer
account.
To enable DNS for SharePoint 2010
DNS records for SharePoint 2010 can be types "A" or "CNAME."
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
3. Expand SharePoint 2010 and then click Service Settings.
4. Expand DNS and then select the Managed DNS check box.
5. Select the Internal DNS Server checkbox and specify the fully-qualif ied domain name (FQDN).
6. Optional: Select the External DNS Server checkbox and specify the FQDN.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.167https://docs.citrix.com
SharePoint 2010 Default Customer Plans
Jun 05, 2015
Default Customer Plans
The following authenticated and anonymous customer plans are installed with SharePoint 2010 Services:
Customer Site
Customer Site (Anonymous)
Customer SSL Site
Customer SSL Site (Anonymous)
Shared Site
Shared Site (Anonymous)
Shared SSL Site
Shared SSL Site (Anonymous)
Dedicated Site
Dedicated Site (Anonymous)
Dedicated SSL Site
Dedicated SSL Site (Anonymous)
Patterns
Content Database
Pattern used to create content databases for the site.
Default: SP_{CustomerShortName}_{ServiceID}
Web App Host Header
Pattern used to create the host header for web applications.
Defaults:
For Customer Site: SPWebApp{CustomerShortName}
For Shared Site: SPSharedWebApp{NextID}
For Dedicated Site: {HostHeader}
Web App Path
Pattern used to create the local IIS path for web applications.
Defaults:
For Customer Site: C:SharePoint{CustomerShortName}
For Shared Site: C:SharePoint{WebAppName}
For Dedicated Site: C:SharePoint{CustomerShortName}{ServiceID}
Web App Share Path
Pattern used to create the shared IIS path for web applications.
Defaults:
For Customer Site: \{SPServer}C$SharePoint{CustomerShortName}
For Shared Site: \{SPServer}C$SharePoint{WebAppName}
For Dedicated Site: \{SPServer}C$SharePoint{CustomerShortName}{ServiceID}
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.168https://docs.citrix.com
Web Application
Pattern used to create web applications.
Defaults:
For Customer Site: SPWebApp{CustomerShortName}
For Shared Site: SPSharedWebApp{NextID}
For Dedicated Site: SPWebApp{CustomerShortName}{ServiceID}
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.169https://docs.citrix.com
Hosted Apps and Desktops
Jun 05, 2015
Updated: 2014-10-09For more information about App Studio concepts such as advertisements and isolation levels, refer to the Citrix App Studio
product documentation located in the Archive section of Citrix eDocs.
1. Enable the service (top level) and create user plans: The user plans you create are required placeholders that you will
configure at the location level. A user plan is required for each unique advertisement listing.
1. From the Services Manager menu bar, choose Configuration > System Manager > Service Deployment and then
expand Hosted Apps and Desktops.
2. Click User Plans, enter a Name for the user plan (such as Default, Common Apps, Health Care Apps), click Create, and
then click Apply changes.
3. Create additional user plans as needed and then click Save.
2. Enable the service (location level):
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
2. Expand Hosted Apps and Desktops and then click Save.
3. Enable the server:
1. From the Services Manager menu bar, choose Configuration > System Manager > Servers.
2. If the App Studio configuration server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
4. Add credentials: From the Services Manager menu bar, choose Configuration > System Manager > Credentials and add
the credentials for the App Studio Global Domain Administrator account.
Note: When adding credentials, encryption is enabled by default. Citrix recommends encrypting credentials when Services
Manager is deployed in a production environment. Use plain-text credentials only for debugging purposes.
5. Assign server roles:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Roles and then expand the
entry for the App Studio configuration server.
2. Under Server Connection Components, select Hosted Apps and Desktops and then click Save.
6. Add a server connection:
1. From the Services Manager menu bar, choose Configuration > System Manager > Server Connections, select a
Location Filter if applicable, click New Connection, and then specify the following information for the App Studio
configuration server.
Server Role
Choose Hosted Apps and Desktops.
Server
Choose the App Studio configuration server.
Credentials
Choose the credentials for the connection to the App Studio configuration server.
URL Base
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.170https://docs.citrix.com
Defaults to /cam/v1.
Protocol
Defaults to http.
Port
Defaults to 80.
Timeout
Defaults to 200000 milliseconds. If a large number of applications are published in the XenApp farm, set this value
to -1 (unlimited).
2. Click Save.
7. Enable the service provider to manage advertisements:
1. From the Services Manager menu bar, choose Configuration > Security > Page Manager and set Page Type to Menu.
2. Under Menu, expand Services and then select Hosted Apps and Desktops.
3. In the Management Panel under Security Roles, select Service Provider Administrator.
4. Under Menu, expand Services, expand Hosted Apps and Desktops, and then select Advertisement Management.
5. In the Management Panel under Security Roles, select Service Provider Administrator.
6. Log off and then log on to apply the permission changes.
8. Specify advertisements for each user plan:
1. From the Services Manager menu bar, choose Services > Hosted Apps and Desktops > Advertisement Management.
2. From Location, choose a location and then select the check box for each user plan to be enabled for that location.
3. For each user plan enabled, expand the user plan and select the advertisements for the plan. To f ilter the
advertisement list, select an Advertisement Isolation Mode, which refers to whether (in the App Studio deployment)
the farm and workload machines used for the advertisement are shared with other tenants or allocated only to the
subscribing tenant.
Select Shared workload machines to use farm and workload machines that are allocated as shared among other
tenants.
Select Shared farm & isolated workload machine to use farm machines that are shared with other tenants and
workload machines that are allocated only to the subscribing tenant.
Select Isolated farm & isolated workload machine to use farm and workload machines that are allocated only to
the subscribing tenant.
The user plans are enabled at the location level.
4. Click Apply changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.171https://docs.citrix.com
AD Sync Services
Jun 05, 2015
CloudPortal Services Manager AD Sync Services synchronize customer OUs in the hosted domain controller with userchanges in the external domain controllers. The service enables users to connect to hosted services with the samecredentials they use for their local domain.The AD Sync service requires no installation on the hosted environment and uses the CloudPortal Services Manager API to
perform the synchronization. An AD Sync client installed on each external domain controller communicates with the API.
This interface is a one-way connection that can be customized to synchronize specific Active Directory information.
API requests are encrypted using a combination of a public/private key and a symmetric key (RSA and AES) to securely
transfer data and credentials. The data in the request is also hashed (SHA1) to prevent unauthorized changes.
The following diagram shows a typical installation scenario.
Prerequisites
For each domain controller in the external domain:
If SSL is enabled for Services Manager, edit the CortexDotnetweb.config f ile to set the UserSyncAPISSL value to
True.
Disable User Account Control (UAC) on each external domain controller that will run the AD Sync client.
Obtain a list of the user groups to include in AD Sync operations.
If applicable, obtain proxy server information.
Firewalls: Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server where the Services Manager API
is installed and each domain controller in the external domain.
Alternative: Open HTTP and HTTPS ports (80 and 443) bi-directionally between the server where the Services Manager
API is installed and the proxy server used in the external domain.
To configure AD Sync Services
1. Enable the service (top level): From the main menu, choose Configuration > System Manager > Service Deployment,
expand AD Sync, and click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand AD Sync, and click Save.
3. Enable the service (top reseller level): From the main menu, choose Customers > Customer Hierarchy, expand Services,
expand the Reseller, select the AD Sync check box, and then click Provision.
4. Configure and provision the service to the customer: From the main menu, choose Customers > Customers, expand the
customer, click Services, expand AD Sync, and click Provision.
To customize the AD Sync client installer
You can customize the following characteristics of the AD Sync client installer for a CloudPortal Services Manager site:
Product settings shown in the Windows Add or Remove Programs or Programs and Features panel. Settings include
name, manufacturer, and links to help and support.
Product name used as the default installation folder, service name, and source name of errors in the Event Log.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.172https://docs.citrix.com
Banner and dialog images (.bmp or .jpg) used in the installer. The default sizes of those images are:
Banner (493 x 58 pixels)
Dialog (493 x 312 pixels)
1. Log on to the CloudPortal Web Server and navigate to the [INSTALLDIR]CortexDotNetServicesSync directory.
2. Open sync.config in a text editor and customize the settings as needed. If you change a commented item, remove the
comment markup.
3. After completing the changes, direct your customers to download the AD Sync installer from the CloudPortal Services
Manager web site.
To install the AD Sync client on external domain controllers
Install the AD Sync client on every domain controller in the external domain.
1. Log on to an external domain controller and then log on to the Services Manager web console using the administrator
credentials of the customer just provisioned.
2. Download the AD Sync client installer:
1. From the main menu, choose Services > AD Sync Download and then click Download.
2. Click Save to save the AD Sync client installer to a drive location so you can copy it to the other external domain
controllers.
3. Install the client:
1. Run the AD Sync Setup installer, enter the password, and then click Next.
2. Select the Watch for changes to users check box, specify the User watch frequency, and then click Next.
Important: Perform this step for only one AD Sync client to ensure that duplicate requests are not sent to the
Services Manager API. The domain controller configured to “Watch for user changes” synchronizes user and password
changes. The other domain controllers synchronize only password changes.
3. Choose the Active Directory user groups to include in AD Sync operations and then click Next twice. When the AD
Sync service detects a USN change, it performs the synchronization only if the user is in an included group. The last
USN value is stored in [INSTALLDIR]QueueSyncActiveDirectory.config.
4. If a proxy server is used in the external domain, enter the information for it. Using a proxy server ensures that domain
controllers are not exposed to the internet.
5. Click Next, choose a location to install the AD Sync client, click Next, and then click Install.
6. Restart the domain controller. The AD Sync service starts.
7. Copy the AD Sync client installer to all other external domain controllers and then repeat Steps 3a - 3g for each
domain controller.
4. Test the AD Sync client:
1. After a domain controller restarts, log on to Services Manager and then click Users to view the user list. The
synchronized users have a small green arrow next to the user icon.
2. To test that the synchronization works for new accounts, create a new user account in the external domain, add it
to a user group that is included in AD Sync operations, change an attribute on the account, and then verify that the
account appears on the Users screen.
To synchronize additional Active Directory attributes
To change the Active Directory attributes included in API requests, edit the request format in [INSTALLDIR]Requests.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.173https://docs.citrix.com
Re-configuring for Customer Changes
Jun 05, 2015
The following events at a customer site require changes to AD Sync Services configuration:A change to the administrator account for the external domain controllers
A new user added to a group that is included in AD Sync operations
To re-configure for a new administrator
If the administrator who installed the AD Sync client is no longer available, the new administrator must uninstall the AD
Sync client from all external domain controllers, re-install the client (which will be associated with the new administrator's
account), and restart the domain controllers. The AD Sync service then restarts using the new administrator's account and
synchronize all users on the remote Active Directories to Services Manager.
To handle Active Directory group changes
When a user is added to an Active Directory group, the change is not automatically synchronized with the AD Sync client.
To force a synchronization, change a property in the user account, such as the password. AD Sync then detects the
change, prompts the user to log on, and updates the include group in Services Manager.
Note: A user that belongs to both included and excluded groups is not listed in Services Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.174https://docs.citrix.com
CRM 2011 Services
Jun 05, 2015
This topic describes configuring the CRM 2011 service with Active Directory Federation Services (ADFS).
Prerequisites
Before configuring the CRM 2011 service, ensure the following items are present:CRM 2011 is deployed in your environment. For more information, refer to the CRM product documentation.
The Internet-facing Deployment (IFD) feature of CRM 2011 has been configured. This enables integration of ADFS with
CRM 2011.
User connections to CRM 2011 are successful. Verify there are no certif icate errors. Test the environment by creating an
organization using CRM 2011 Deployment Manager and, afterward, browsing to the site.
Ensure the CortexAdmins group has been added to the CRM Deployment Administrators group.
Ensure all CRM service accounts have been added to the CortexAdmins group.
Ensure a service account called CRMadfsSVC has been created. This account must have Read permissions to all user objects
in AD. Ensure the account has been added to the Local Administrators group on the ADFS server.
To deploy the ADFS Web service
Use this procedure to install the ADFS Web service on the ADFS server in your environment and enable the server to execute
PowerShell commands.
1. Copy the ADFS Web service to the ADFS server:
1. From the CloudPortal Services Manager 10 installation media, navigate to SupportCRM2011 and copy the
ADFSWebService.asmx f ile.
2. On the ADFS server, open IIS Manager (Start > Administrative Tools > Internet Information Services (IIS) Manager and
navigate to the Default Web Site.
3. Expand the Default Web Site node, right-click ADFS, and then select Explore.
4. Double-click the LS directory and paste the ADFSWebService.asmx f ile.
2. Install the System.Management.Automation.dll on the ADFS server:
1. Locate and copy the System.Management.Automation.dll f ile. Typically, this f ile is located at
C:Windowswinsxsmsil_system.management.automation_31bf3856ad364e35_6.1.7601.17514_none_236c706c3e93d144.
2. On the ADFS server, in IIS Manager, navigate to the ADFSLSbin directory and paste the
System.Management.Automation.dll f ile.
Note: Create the bin directory if it does not exist on the server.
3. To verify the Web service is installed correctly, launch a Web browser and enter the URL of the ADFSWebService.asmx f ile in
the address bar. For example, https://fqdn.cpsm.citrix.com/adfs/ls/ADFSWebService.asmx. The URL returns the ADFSService
definition page.
To configure the CRM 2011 service
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.175https://docs.citrix.com
Windows Web Hosting Services
Jun 05, 2015
CloudPortal Services Manager Windows Web Hosting Services provide Windows-based web hosting from the cloud, with IISsupport and DNS management.
Prerequisites
IIS 7 server:
Enable CloudPortal Services Manager DNS Services and enable DNS records for the Services Manager Windows Web
Hosting Service.
Install CloudPortal Services Manager Windows Web Hosting Service.
Create Web hosting root directory and shares with appropriate permissions
Create AD user and groups for FTP access and grant them appropriate permissions to the Web hosting root directory
Create an FTP site in IIS Manager with the following settings:
Site name: Any name
Physical path: Path to the Web hosting root directory
IP address: Must be unique to this FTP site
Enable Virtual Host Names: Do not select
Start FTP site automatically
Allow SSL
Basic authentication:
Set authorization access to specif ied roles or user groups.
Set the user to domainCortexIISUser.
Set read and write permissions.
FTP user isolation:
Restrict users to the FTP home directory configured in Active Directory.
Set the user to domainCortexIISUser.
FTP authentication: Configure Basic authentication with the fully-qualif ied domain name for the user's default logon
domain.
To configure Windows Web Hosting Services
1. Enable the service (top level) and create a customer plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand Windows
Web-Hosting.
2. Click Customer Plans, create a default customer plan, click Apply changes, and then click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand Windows Web-Hosting, and click Save.
3. Add the credentials for the web hosting service account: From the main menu, choose Configuration > System Manager
> Credentials and create the account, using the fully-qualif ied domain name.
4. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the
server where the Windows Web Hosting Services are installed.
2. Under Server Connection Components, select IIS.
3. Under Server Roles, select Windows Web-Hosting, and then click Save.
5. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.176https://docs.citrix.com
select or type the following information for the web service.
Server Role
Choose IIS.
Server
Choose the server where the Windows Web Hosting Services are installed.
Credentials
Choose the credentials for the Windows Web Hosting Services.
URL Base
Defaults to /IISWS/IIS.asmx. For IIS 7, change the value to /IISWS/IIS7.asmx.
Protocol
Select http.
Port
The port for the IIS service. Defaults to 8095. If you change this port, it must match the port for the web hosting
service.
Timeout
Defaults to 200000 milliseconds.
Version
Select IIS7.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
column for the web server. The icon turns green for a successful connection. A red icon indicates an unsuccessful
connection. Mouse over it for information about the failed connection.
6. Create a server collection:
1. From the main menu, choose Configuration > System Manager > Server Collections.
2. If the Location Filter appears, select the relevant location from the list.
3. Click New Server Collection.
4. Enter a Name for the collection, such as WindowsWebHosting. The name cannot contain spaces.
5. From the Service list, choose Windows Web-Hosting.
6. In the Servers list, select the server and then click Save.
7. Configure the service (location level):
1. From the main menu, choose Configuration > System Manager > Service Deployment, select Active Directory Location
Services, choose a Location Filter if applicable, and expand Windows Web-Hosting.
2. Click Customer Plans, expand the default plan, and enable Server Collection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.177https://docs.citrix.com
3. Expand IIS Version, select the version, click Apply changes, and then click Save.
To manage certificates for web servers (IIS 7 only)
You can use the Services Manager to retrieve a certificate list from the web server and manage the certificates for
customers.
1. From the main menu, choose Configuration > System Manager > Server Resources > Web Servers, expand the web
server, and then click Retrieve.
2. Click Edit and then configure the applicable settings. The Public setting makes the certif icate available to all resellers and
customers. To make a certif icate available only to some nodes in the hierarchy, enable it only for those nodes.
To manage IP addresses for web servers
You can add, change, and remove IP addresses from web servers as described in the following steps. Then, when you
provision the service, you can enable the addresses.
1. From the main menu, choose Configuration > System Manager > Servers.
2. Expand the server and scroll to IP Address Management.
3. Click Retrieve and then add, edit, and delete IP addresses as needed.
4. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.178https://docs.citrix.com
Citrix Services
Jun 05, 2015
CloudPortal Services Manager Citrix Services deliver on-demand apps and hosted desktops from the cloud.
Prerequisites
Install CloudPortal Services Manager Citrix Web Service on a server in a Citrix XenApp farm.
Create and configure a new security group:
Create the security group "Cortex Service Computers" on the domain. You can create this group within the
CortexSystem OU.
Add all XenApp controllers to the security group.
Assign the security group to any Services Manager root customer OUs and any existing customers created in the
location.
Assign read permissions to the security group on the OU.
In the Advanced Security Settings for the OU, f ind the security group "Cortex Service Computers" and edit the
permissions to apply to "this object and all descendant objects."
Restart all computers added to the security group.
Set up a f ile server to be used by the Citrix Service to create f ile shares with permissions, store profiles, and so on. You
can use the same server for Citrix Services and File Sharing Services.
To configure Citrix Services
1. Enable the service (top level): From the main menu, choose Configuration > System Manager > Service Deployment,
expand Citrix, and click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand Citrix, and click Save.
3. Verify credentials: From the main menu, choose Configuration > System Manager > Credentials and verify that the
administrative impersonation account for the Citrix service exists. If it does not, create the account.
4. Enable the server:
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the XenApp server is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the
server.
2. Under Server Connection Components, select Citrix App and then click Save.
6. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information for the web service.
Server Role
Choose Citrix App.
Server
Choose the XenApp server where the Services Manager Web Service is installed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.179https://docs.citrix.com
Credentials
Choose the credentials for the XenApp server.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds. If a large number of applications are published on the Citrix farm, set this value to
-1 (unlimited).
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
column for the XenApp server. The icon turns green for a successful connection. A red icon indicates an unsuccessful
connection. Mouse over it for information about the failed connection.
7. Create a server collection: A server collection can be assigned to a customer before applications are installed on the
servers.
1. From the main menu, choose Configuration > System Manager > Server Collections.
2. If the Location Filter appears, select the relevant location from the list.
3. Click New Server Collection.
4. Enter a Name for the collection, such as CitrixFarm01. You cannot change or delete a collection name after
provisioning the server collection to a customer or after saving applications, application groups, or resources on the
server collection.
5. From the Service list, choose Citrix.
6. In the Servers list, select each XenApp server to be managed under this server collection and then click Save.
8. Update service properties as needed: From the main menu, choose Configuration > System Manager > Service
Deployment, select Active Directory Location Services, choose a Location Filter if applicable, expand Citrix, and then click
Service Settings.
To import applications from a XenApp farm to a server collection
1. From the main menu, choose Services > Citrix > Configuration > Citrix Applications, choose a Location (if applicable), and
choose a Server Collection.
2. Change the New Application Settings as needed for the server collection.
Set new applications to 'default' for customer selection – Select this option to automatically select it for provisioning
to customers and users. You can override this setting at the reseller level.
Make new applications public to all customers – Select this option to provision all new applications for public access.
Generate missing application groups – Select this option to automatically create a security group in Active Directory
for applications. The application group name is in the form of CitrixApp {DatabaseID} or CitrixApp {Name}, based on
the Application Group Name service setting.
3. Click Refresh to start the import operation.
4. If a timeout occurs during the import operation, change the Timeout value on the connection (Configuration > System
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.180https://docs.citrix.com
Manager > Server Connections).
5. Repeat steps 1 - 3 for each server collection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.181https://docs.citrix.com
SharePoint 3 Services
Jun 05, 2015
CloudPortal Services Manager SharePoint 3 Services deliver a Windows SharePoint 3 web site to share documents and
information from the cloud.
Prerequisites
Windows SharePoint Services 3:
Create SharePoint 3.0 quota templates.
Create SharePoint 3.0 application pool and add web applications.
For SQL-authenticated web applications:
Configure to the SQL database (Membership Provider Name).
Update the Membership Provider Name in the application's web.config f ile.
Update the Membership Provider Name under the application's security settings on the SharePoint Central
Administration site.
Install CloudPortal Services Manager SharePoint 3 Web Service on each SharePoint Services 3.0 Server.
Install and configure CloudPortal Services Manager Windows Web Hosting Services on each SharePoint Services 3 Server.
(Windows Web Hosting Services require configuration only at the top and location levels. You do not need to enable
Windows Web Hosting Services at the customer level for selling.)
To configure SharePoint 3 Services
1. Enable the service (top level): From the main menu, choose Configuration > System Manager > Service Deployment,
expand SharePoint Service, and click Save.
2. Expand SharePoint Service, click Service Settings, and clear the check box for Manage DNS Records.
3. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand SharePoint Service, and click Save.
4. With Active Directory Location Services selected, expand SharePoint Service, click Service Settings, specify the Site
Owner and Site Owner Email, click Apply changes, and then click Save. The site owner of a provisioned SharePoint site is
a Full Administrator of the site irrespective of the administrator's SharePoint provisioned status in CloudPortal Service
Manager. Services Manager assumes that the site owner is a Services Manager user with an active account. You can
configure the SharePoint site owner at the location level, reseller, or customer hierarchies. Multiple locations require for
each location a site owner who exists within the location's domain.
5. Add the credentials for the SharePoint 3 service account: From the main menu, choose Configuration > System Manager
> Credentials and create the account, using the fully-qualif ied domain name.
6. Enable the servers:
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the servers where the SharePoint 3 service is running are not listed, click Refresh Server List.
3. Expand the entry for each server running SharePoint 3 and verify that Server Enabled is selected.
7. Assign server roles for each server where the SharePoint 3 Web Service is installed:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for a
SharePoint server.
2. Under Server Connection Components, select WSS and then click Save.
8. Add a server connection for each SharePoint 3 server:
1. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.182https://docs.citrix.com
Server Role
Choose WSS.
Server
Choose the server where the SharePoint 3 Web Service is running.
Credentials
Choose the credentials for the SharePoint 3 Web Service.
URL Base
Enter /.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the SharePoint Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and click the icon in the Test
column for the SharePoint server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
4. Repeat these steps for each SharePoint 3 server.
9. Configure the IIS web service:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for a
SharePoint server.
2. Under Server Connection Components, select IIS and then click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections, click New Connection, and then
select or type the following information.
Server Role
Choose IIS.
Server
Choose the server where the SharePoint 3 Web Service is running.
Credentials
Choose the credentials for the SharePoint 3 Web Service.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.183https://docs.citrix.com
URL Base
Enter /IIS.asmx (for IIS 6) or IIS7.asmx (for IIS 7).
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the IIS Web Service.
Timeout
Defaults to 200000 milliseconds.
Version
Select the IIS version.
To create and configure customer plans
You can configure a customer plan to only one SharePoint web application pool.
1. Top level:
1. From the main menu, choose Configuration > System Manager > Service Deployment, select Top Environment
Services, and expand SharePoint Service.
2. Click Customer Plans, enter a plan name such as Default, click Create, and then click Save. For information about
configuring a customer plan to support the provisioning of sub-sites to customers, see "To configure sub-sites" later
in this topic.
2. Location level:
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, and expand
SharePoint Service.
2. Click Customer Plans and then expand the customer plan.
3. For Server Configuration: Enable the setting and, if the farm has multiple front end servers, select the Load Balanced
Server check box, and select additional servers from the list.
4. Select a Quota Template.
5. Select the WSS 3 Service check box. After the available web applications for the selected SharePoint server display,
select the web application for the customer plan.
6. Click Apply changes and then click Save.
To configure sub-sites
CloudPortal Services Manager allows customers to be provisioned to either a single top level site or to a SharePoint sub-site
that is located under a top level site. Provisioning customers to SharePoint sub-sites reduces the need of creating a DNS
per customer, as the site will share the Root Site Domain. Users provisioned to a sub-site can access only that site.
Sub-sites are defined in customer plans. Before configuring sub-sites in Services Manager, the following SharePoint 3.0Central Administration setup is required:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.184https://docs.citrix.com
Create a web application for the root site.
Delete the default root path for the root site (under Define Managed Paths).
Add a new root path (/) and select Type - Wildcard inclusion.
To configure sub-sites in Services Manager:
1. From the main menu, choose Configuration > System Manager > Service Deployment, select Active Directory Location
Services, choose a Location Filter if applicable, and expand SharePoint Service.
2. Click Customer Plans, expand a customer plan, select Create a sub-site to retrieve all available root sites for the web
application, and then select the Root Site to host the customer's sub-sites.
To handle post-configuration SharePoint changes
If you add web applications to SharePoint 3 after configuring and provisioning SharePoint 3 Services in CloudPortal Services
Manager, you must reset IIS. Doing so will impact customer web sites, so let all hosted sites know about the temporary
disruption to their web sites. After you reset IIS, Services Manager detects the added web applications.
If you update a quota template, you must re-provision the SharePoint instance. You can also specify individual quotas for a
site, using SharePoint Central Administration. These values override the quota template settings used to create the web
site. Alternatively, base the quotas for individual sites on the number of users who can access the site.
To add quota templates, you create them on any SharePoint 3 server within a server farm (the same configuration
database is used for all servers in the farm) and then configure customer plans with the new quota templates.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.185https://docs.citrix.com
File Sharing Services
Jun 05, 2015
Updated: 2013-05-07CloudPortal Services Manager File Sharing Services provide file sharing services from the cloud. A service provider can host a
file server with multiple customer file shares on the system directory. Security permissions limit customer access to shared
folders. File Sharing Services work with the Services Manager Citrix Service, enabling file shares to be configured as Citrix
resources and accessed in a Citrix XenApp session.
Prerequisites
Firewalls: Open SMB (445) and RPC (various) ports bi-directionally between the DNS server(s) and both the CortexWeb
and Provisioning servers.
RPC uses random ports above port 1056, therefore non-stateful inspection firewalls might require open ports above
1056.
When configuring the File Sharing customer plan, Services Manager can create the f ile share path you specify, if it does
not exist already, provided Services Manager has permissions on the server. If not, be sure to create the f ile share you
wish to use with Services Manager prior to configuring the customer plan.
To configure the File Sharing service
1. Enable the service at the top environment level and create a default customer plan:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Expand File Sharing and then click Customer Plans.
3. Under New Customer Plan, in Name, type Default.
4. Click Create.
5. In File Share Path, enter the path of the f ile share you wish to use.
Note: If the specif ied path does not exist, Services Manager can create it, provided it has permissions on the specif ied
server. Otherwise, be sure the path exists before configuring the customer plan.
6. Click Apply Changes.
7. Click Save.
2. Enable the service at the location level:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment, under Service
Filter select Active Directory Location Services, and then choose a Location Filter if applicable.
2. Expand File Sharing and then click Save.
3. Assign server roles:
1. From the Services Manager menu bar, select Configuration > System Manager > Server Roles and then expand the
entry for the server hosting f ile sharing.
2. Under Server Roles, select File Sharing and then click Save.
4. Create a server collection:
1. From the Services Manager menu bar, select Configuration > System Manager > Server Collections.
2. Click New Server Collection and complete the following f ields:
In Name, enter a unique name for the server collection.
In Display Label, enter a friendly name for the server collection.
In Service, select File Sharing.
In Servers, select the servers you want to add to the collection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.186https://docs.citrix.com
Select Automatic reseller selection to make this collection the default for resellers that are provisioned with the
service.
Select Automatic customer selection to make this collection the default for customers that are provisioned with
the service.
3. Click Save.
5. Select f ile share servers for the default customer plan:
1. From the Services Manager menu bar, select Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Active Directory Location Services and then choose a Location Filter, if applicable.
3. Expand the File Sharing service, click Customer Plans, and then expand the Default plan.
4. Under Configure Service Settings, select the File Share Servers check box and then select the servers you want
customers to use when they are provisioned with the Default plan.
5. Click Apply Changes.
6. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.187https://docs.citrix.com
Reporting Services
Jun 05, 2015
Reporting for CloudPortal Services Manager delivers usage and billing reports to your customers and application vendors. It
includes standard reports to support standard provisioned services and a data warehouse.
CloudPortal Reporting communicates directly with the SQL Server Reporting Services web service.
Installation of the CloudPortal Services Manager Data Warehouse configures the CloudPortal Reporting service and the
data warehouse connection. To complete the setup, configure the CloudPortal Reports Manager and security roles, as
described in this section.
Prerequisites
Install Microsoft SQL Server 2008 R2 with the following:
CloudPortal Services Manager Data Warehouse
The data warehouse installation creates the OLMReporting database, data transfer application, and scheduled tasks
that collect usage data and transfer the online transaction processing (OLTP) data to the warehouse.
SQL Server Reporting Services 2008 R2, with data warehouse reports deployed.
Install CloudPortal Services Manager Data Warehouse.
To configure the CloudPortal Reports Manager
For each report type, such as customer, package, and reseller, you can override the following configurations:
The report type, to enable permissions to be assigned in security roles
The default report types for standard reports are as follows:
Billing Reports: Customer Detail (report type is Customer)
Billing Reports: Reseller Detail (report type is Reseller)
Service Reports: Customer (report type is Customer)
Service Reports: Reseller (report type is Reseller)
Service Reports: Package (report type is Reseller)
Report names and descriptions displayed and the parameter names that appear on the reports display for end users
1. Refresh the reports from a SQL server: From the main menu, choose Reports > Configuration > Reports Manager,
choose the Server, and then click Refresh.
2. Expand a service and click a report type.
3. In the Settings tab, change the Report Type as needed.
4. Before changing report names, descriptions, and parameter names, plan any translations needed in Configuration >
Content Management > Content Translation (content space is Reports/ReportsViewer). Be aware that the parameter
label is used as the content message code in content management, therefore a change to the translation for one
report on the Content Translation page impacts the translation for all reports. To translate a parameter label for an
individual report, edit the label in Reports > Configuration > Reports Manager and then use the Content Translation page
to translate the label.
The Test, Active, Enabled, and Billable parameters have default translations that convert non-active to inactive and so
on.
Use the content space report path/name to translate report content.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.188https://docs.citrix.com
To generate reporting views
Reporting views are used as a source for data transferred to the data warehouse. When you generate reporting views,
issues related to missing source views during data transfer are described in error messages to help you with troubleshooting.
1. Refresh the ports from SQL: From the main menu, choose Reports > Configuration > Reports Manager, choose a Server,
and click Refresh. All reports from the defined SQL Server Reporting Services are imported into the services manager.
Note: If a "401 Unauthorized" error appears, verify which service account is configured for SQL Server Reporting Services.
If it is not Network Service or Local System, try adding http/{SQLReportingServiceFQND} to the servicePrincipalName of
the service account.
2. Near the bottom of the page, click Generate Reporting Views.
To set permissions in Security Roles
Security role permissions control which reports are visible in the Reports menu. The default roles for standard reports are asfollows.
Billing Reports: Customer Detail
Service Provider Administrator
Reseller Full Administrator
Reseller Partial Administrator
Customer Administrator
Billing Reports: Reseller Detail
Service Provider Administrator
Reseller Full Administrator
Reseller Partial Administrator
Service Reports
Service Provider Administrator
Service Administrator (such as AD Sync administrator)
1. From the main menu, choose Configuration > Security > Security Roles and then expand a role.
2. Under Role Permissions, click the Reports tab. For information about working with security roles, refer to Managing
Security Roles .
To verify the reports
After the scheduled data transfer job runs, verify the data populated in the reports as follows.
1. Log out of Services Manager, log on again, choose Reports > Configuration > Reports Manager, and choose the Server.
2. Click Generate Reporting Views and then choose Reports > View Reports to verify the reports.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.189https://docs.citrix.com
Exchange Services
Jun 05, 2015
CloudPortal Services Manager Exchange Services provide single or multi-tenanted Microsoft Exchange from the cloud.
Hosted Exchange Services support Microsoft Exchange 2003, 2007, and 2010
Hosted Exchange Multi-tenanted Services support Microsoft Exchange 2010 Service Pack 1
Note: If you installed Exchange using the /hosting option, configure Hosted Exchange Multi-tenanted Services for
Services Manager. If you did not install Exchange using the /hosting option, configure Hosted Exchange Services for
Service Manager.
CloudPortal Services Manager concurrently supports Exchange 2007 and 2010 or Exchange 2003 and 2007.
Prerequisites
Install CloudPortal Services Manager Exchange Web Service.
To configure Hosted Exchange Services
1. Enable the service (top level) and create user and customer plans:
1. From the main menu, choose Configuration > System Manager > Service Deployment and then expand Hosted
Exchange.
2. Click User Plans, enter a Name for the user plan, and then click Create.
3. Click Customer Plans, create a customer plan, click Create, and then click Save.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand Hosted Exchange, and click Save.
3. Verify credentials: From the main menu, choose Configuration > System Manager > Credentials and verify that the
impersonation account (EXCHWS_USERNAME) for the Exchange service exists. If it does not, create the account.
4. Enable the server:
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the server where the Exchange web service is installed is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the
server.
2. Under Server Connection Components, select Hosted Exchange and then click Save.
6. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, select a Location Filter if
applicable, click New Connection, and then specify the following information for the Exchange Web Service.
Server Role
Choose Hosted Exchange.
Server
Choose the server where the Exchange Web Service is installed.
Credentials
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.190https://docs.citrix.com
Choose the credentials for the Exchange Web Service.
URL Base
Defaults to /ExchangeWS/HostedExchange.asmx.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
Version
Select the Exchange version that you are configuring.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and then click the icon in the
Test column for the Exchange server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
7. Update service settings as needed: From the main menu, choose Configuration > System Manager > Service Deployment,
select Active Directory Location Services, choose a Location Filter if applicable, expand Hosted Exchange, and then click
Service Settings. The following settings are required:
Any setting that includes the value [ExchangeServer]
Replace with the Exchange server's name.
System Domain
If this is not set to the correct domain, provisioning will fail.
Preferred Mail Stores
Select this check box, select the tab for your version of Exchange, click Reload, and then select the checkbox for at
least one mail database.
Public Folders > Public Folders Enabled
Select the check box to provision Public Folders.
Public Folders > Public Folder Server
Select this check box, click Reload to replace the default public folder server, and then select the check box for the
public folder server.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.191https://docs.citrix.com
Off line Address Book (OAB)
OABs can be distributed using public folders (for Exchange 2003, 2007, or 2010) or web-based virtual directories
(Exchange 2007 or 2010).
To distribute OABs using public folders:
1. Expand Offline Address Book (OAB) and then select the Public Folder Distribution check box.
2. Select the Public Folder Servers check box and the check box for the server (if the correct server is not listed, click
Reload).
3. Click the Server check box and the check box for the server (click Reload if needed).
To distribute OABs using virtual directories:
1. Expand Offline Address Book (OAB) and verify that the Public Folder Distribution and Public Folder Servers check
boxes are cleared.
2. Click the Server check box and the check box for the server (click Reload if needed).
3. Select the Virtual Directory check box, click Reload, select the check box for the server, and then click Enable web-
based distribution.
For more information about advanced properties, refer to Exchange Services Advanced Properties.
8. Enable mailbox creation during user provisioning:
1. With Active Directory Location Services still selected, expand Hosted Exchange, click User Plans, and then expand a
plan.
2. Select the Mail Databases check box, click Reload, and then select the check box for at least one mail database.
3. Select the Mailbox storage limit check box and enter the maximum amount of storage allocated to each provisioned
user.
Important: Configure this setting before provisioning users with the Hosted Exchange service. After the Hosted
Exchange service has been provisioned, you cannot modify this setting.
4. Click Apply changes and then click Save.
To configure Hosted Exchange Multi-tenanted Services
1. Enable the service (top level) and create a default user plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment and expand Hosted Exchange
Multi-tenanted.
2. Click User Plans, enter a Name such as Default for the user plan, and then click Create. This plan is a required
placeholder that will not be used.
3. Click User Plans, expand the Default plan, click Apply changes, and then click Save. The user plan is saved at the top
level.
2. Enable the service (location level): Under Service Filter, select Active Directory Location Services, choose a Location Filter
if applicable, expand Hosted Exchange Multi-tenanted, and click Save.
3. Verify credentials: From the main menu, choose Configuration > System Manager > Credentials and verify that the
impersonation account for the Exchange service exists. If it does not, create the account.
4. Enable the server:
1. From the main menu, choose Configuration > System Manager > Servers.
2. If the server where the Exchange web service is installed is not listed, click Refresh Server List.
3. Expand the entry for the server and verify that Server Enabled is selected.
5. Assign server roles:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.192https://docs.citrix.com
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the
server.
2. Under Server Connection Components, select Exchange Multi-tenanted, and then click Save.
6. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, select a Location Filter if
applicable, click New Connection, and then specify the following information for the Exchange web service.
Server Role
Choose Exchange Multi-tenanted.
Server
Choose the server where the Exchange Web Service is installed.
Credentials
Choose the credentials for the Exchange Web Service.
URL Base
Defaults to /ExchangeWS/HostedExchange.asmx.
Protocol
Defaults to http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and then click the icon in the
Test column for the Exchange server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
7. Configure service plans:
1. From the main menu, choose Services > Exchange > Configuration > Exchange 2010 Multi-Tenant and then click New
service plan.
2. Specify the System Name (service plan name), Description, and select the Default Plan check box if applicable.
3. Under Organizational Configuration, expand each container and change the options for the service plan if needed.
Click Apply changes for each container, even if you do not change the settings.
4. Under Mailbox Plans, click New mailbox plan and create at least one mailbox plan.
Important: You must create all of the mailbox plans that will be needed before you perform the hosting plan
allocation. After you allocate a hosting plan, you cannot create more mailbox plans.
5. Under Mailbox Configuration, expand each container and choose the options for the service plan. Click Apply Changes
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.193https://docs.citrix.com
for each container, even if you do not change the settings, and then click Save.
8. Add hosting programs: Under Related Pages, click Hosting Programs. Use the default programs or create your own.
9. Add hosting offers: Under Related Pages, click Hosting Offers. Use the default offer or create your own.
10. Add hosting plan allocations:
1. Under Related Pages, click Hosting Plan Allocation.
2. After you create a hosting plan, click the icon under the Validate column. If the plan fails validation, f ix it before
proceeding. Hosting plan allocation links the hosting programs, hosting offers, and service plans.
11. Update service settings:
1. From the main menu, choose Configuration > System Manager > Service Deployment, select Active Directory Location
Services, choose a Location Filter if applicable, expand Hosted Exchange Multi-tenanted, and then click Service
Settings and update settings as needed.
2. Click Apply changes, expand User Plans, and then expand the plan.
3. Select the Mail Databases check box, click Reload if needed, select the server check box, and then click Apply changes
and Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.194https://docs.citrix.com
Configuring Unified Messaging
Jun 05, 2015
1. From the main menu, choose Configuration > System Manager > Service Deployment, expand Hosted Exchange or
Hosted Exchange Multi-tenanted, and then click Service Settings.
2. Expand Unif ied Messaging and complete the settings. Use the Exchange Management Console to look up the Mailbox
Policy name under Organizational Configuration > Unif ied Messaging > UM Mailbox Policies.
3. From Category Filter, choose User and then expand Unif ied Messaging.
4. In Extensions, enter the starting point for the auto-generated extensions. Use the same number of digits configured in
Exchange for extensions.
5. Click Apply Changes and then click User Plans.
6. Expand the user, expand Unif ied Messaging, and then complete the applicable settings. Required: Select the Unif ied
Messaging check box to enable the feature for a mailbox.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.195https://docs.citrix.com
Configuring PST File Import and Export for Exchange2007
Jun 05, 2015
Updated: 2012-11-27Configure PST file import and export to enable Services Manager to import and export Exchange 2007 personal store
mailboxes using an FTP server.
Prerequisites
Install the Services Manager Exchange service.
FTP server:
Running 32-bit Windows Server 2008, with current service packs.
Member of a Services Manager domain.
Open Exchange ports to the rest of the Exchange organization.
Install these components:
Exchange Management Tools
Microsoft Outlook
.NET Framework
FTP components and roles of IIS
To configure the FTP server for PST import and export
Important: This procedure applies only to Exchange 2007. The Exchange 2010 server connection that you configure inServices Manager has built-in support for mailbox import and export. Services Manager does not support PST f ile importand export for Exchange 2003.1. In Active Directory, perform the following actions:
1. Create a new AD user account in the Services Manager system OU called servername_pst.
2. Grant Full Control permissions of the servername_pst account to the Customers OU.
3. Add the servername_pst account to the CortexAdmins group.
2. For the FTP server, perform the following actions:
1. On the FTP server, create a new folder for use by Services Manager. The default path is C:CortexFTP.
2. Share the folder as Webhosting and grant Full Control of the share to Everyone.
3. In the folder properties, on the Security tab, verify that inheritance is disabled and, when prompted, click Add to copy
the current permissions to the folder.
4. Add the domain security group ServiceAdmins HE to the ACL of the folder and grant List Folder Contents permissions.
5. Add the servername_pst account to the ACL of the folder and grant it Full Control.
3. Add and configure the FTP site in IIS:
1. On the FTP server, open the IIS Management Console and then navigate to the Sites container.
2. Right-click the Sites container, choose Add FTP Site, and configure it.
FTP site name: A name such as "CloudPortal Services Manager PST FTP Site"
Physical path: The path configured in step 2a above
Binding IP Address: An IP address and port or All Available
SSL: Allow SSL
Authentication: Basic
Authorization: Allow access to: Specif ied roles or user groups
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.196https://docs.citrix.com
Authorization (credentials):domainServiceAdmins HE
Authorization: Permissions: Read and Write
3. Under the Features view, double-click FTP User Isolation, choose FTP home directory configured in Active Directory,
and then click Set to specify the credentials for the new AD user account set up in Step 1a. Include the domain with
the user name: domainservername_pst
4. Under the Features view, double-click FTP Authentication, enable Basic Authentication, disable Anonymous
Authentication, and then click Edit and set Default domain to the fully-qualif ied domain name.
4. Restart the FTP site.
To configure PST file import and export
1. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the server to be used
for PST import and export. If the server is not listed, go to Configuration > System Manager > Servers and refresh the
list.
2. Under Server Connection Components select Hosted Exchange.
2. Add a server connection:
1. From the main menu, choose Configuration > System Manager > Server Connections, select a Location Filter if
applicable, click New Connection, and then specify the following information for the Exchange web service.
Server Role
Choose Hosted Exchange or Exchange Multi-tenanted.
Server
Choose the server where the Exchange Web Service is installed.
Credentials
Choose the impersonation account for the Exchange service.
URL Base
Defaults to /ExchangeWS/HostedExchange.asmx.
Protocol
Select http.
Port
Defaults to 8095. If you change the port here, change it also in the Services Manager Web Service.
Timeout
Defaults to 200000 milliseconds.
Version
Select Mailbox Import/Export.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.197https://docs.citrix.com
2. Click Save.
3. From the main menu, choose Configuration > System Manager > Server Connections and then click the icon in the
Test column for the Exchange server. The icon turns green for a successful connection. A red icon indicates an
unsuccessful connection. Mouse over it for information about the failed connection.
3. Configure service settings:
1. From the main menu, choose Configuration > System Manager > Service Deployment.
2. Under Service Filter, select Top Environment Services, and expand Hosted Exchange or Hosted Exchange Multi-
tenanted.
3. Click Service Settings, expand Mailbox Import/Export, and then select the Enabled check box. You can use the default
settings for the other properties.
4. Click Save.
4. Create a task on the FTP server to start PowerShell for use with PST import and export:
1. In Windows Server Task Scheduler on the FTP server, create a task with the following settings.
Name: CloudPortal PST Import Export PowerShell Start
Description: This task automatically starts PowerShell for use with CloudPortal PST Import Export.
Security options: Use an account with appropriate privileges, such as an Exchange administrator account who is
also a local admin on the PST import/export server. Select Run whether user is logged on or not.
2. On the Triggers tab, click New and use the default settings.
3. On the Actions tab, create a new action with the following settings.
Action: Start Program
Program/script: C:WindowsSystem32WindowsPowerShellversionpowershell.exe
Add arguments: -PSConsoleFile "C:Program FilesMicrosoftExchange Serverbinexshell.psc1" -noexit -command ".
'C:Program FilesMicrosoftExchange ServerbinExchange.ps1'"
4. On the Settings tab, select Allow task to be run on demand, select If the task fails, restart every, and choose 1 minute.
Clear any other check boxes and set If the task is already running to Do not start a new instance.
5. Verify in Task Manager that the PowerShell process started.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.198https://docs.citrix.com
Microsoft SQL Services
Jun 05, 2015
Updated: 2012-11-07CloudPortal Services Manager Microsoft SQL Services host SQL servers from the cloud. Microsoft SQL Services require noinstallation and use a remote connection (typically TCP/IP) to Microsoft SQL Server 2005 and 2008.
Prerequisites
Microsoft SQL Server 2008 SP2, Microsoft SQL Server 2008, or Microsoft SQL Server 2005:
Member of a CloudPortal-managed domain.
Set Authentication mode to SQL Server and Windows Authentication.
Enable remote connection.
Enable protocols for remote connection (for example, TCP/IP).
Ensure the SQL Server Browser service is running and set to start automatically. This ensures Services Manager can
locate the SQL Server and enumerate the instances installed when you configure the SQL service in the control panel.
Install the SQL Native Client component on the CloudPortal Services Manager Provisioning server.
The 32- and 64-bit clients for each supported version of Microsoft SQL Server are available from the Microsoft
downloads site.
To configure Microsoft SQL Services
1. Enable the service (top level) and create a default customer plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment and expand Microsoft SQL
Server Hosting.
2. Click Customer Plans, enter a Name such as Default, click Create, and then click Save.
2. Enable and configure the service (location level):
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Microsoft
SQL Server Hosting, and click Service Settings.
2. In Connection String Pattern, specify the connection string used to connect to SQL Server instances. If you are using
SQL authentication, use the string from the Connection String Pattern for SQL Authentication setting in this f ield. If
you are using Windows authentication, use the string from the Connection String Pattern for Windows
Authentication setting in this f ield. When editing the strings, specify the values for DatabaseName and, if using SQL
authentication, the SQL user name and password.
For example:
SQL authentication: Data Source={ServerInstanceName};Initial Catalog=Master;User ID=sa;Password=secret
Windows authentication: Data Source={ServerInstanceName};Initial Catalog=Master;Integrated Security=SSPI
Note: Services Manager automatically supplies the value for {ServerInstanceName} when the database is provisioned.
Therefore, this value does not require editing.
3. Specify the Database File Path and the Database Log File Path. Example: C:SQLhosting
4. Specify the User Domain Name such as lab4, click Apply changes, and then click Save.
3. Assign server roles:
1. From the main menu, choose Configuration > System Manager > Server Roles and then expand the entry for the SQL
hosting server.
2. Under Server Roles, select Microsoft SQL Server 2005 Hosting and then click Save.
4. Create a server collection:
1. From the main menu, choose Configuration > System Manager > Server Collections.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.199https://docs.citrix.com
2. If the Location Filter appears, select the relevant location from the list.
3. Click New Server Collection.
4. Enter a Name for the collection, such as SQLHosting.
5. From the Service list, choose Microsoft SQL Server Hosting.
6. In the Servers list, select each SQL hosting server to be managed under this server collection and then click Save.
5. Verify server settings for the default customer plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment, select Active Directory Location
Services, choose a Location Filter if applicable, expand Microsoft SQL Server Hosting, and click Customer Plans.
2. Expand the default customer plan and verify that the correct Server Collection is selected, specify the database and
log f ile size settings, click Apply changes, and click Save.
6. Retrieve SQL server instances:
1. From the main menu, choose Configuration > System Manager > Server Resources > SQL Servers, expand a SQL server
entry, and click Retrieve. Repeat this step for each SQL server.
2. Verify that all required SQL server instances appear in the list. To manually add a server instance that already exists on
the SQL server, click Add. To specify the default instance, enter only the server name. To specify a nonstandard
instance and port, use the following form: servernameinstance,port. Example: lab4-SQL01INST01,1450
At least one server instance must be configured per server.
3. To restrict an instance so that it is not available in the Services Manager, click Edit and then select the Reserved check
box.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.200https://docs.citrix.com
Office Communication Server 2007 Services
Jun 05, 2015
CloudPortal Services Manager Office Communication Server 2007 Services deliver communication services from the cloud.Office Communication Server 2007 Services require no installation and use a WMI connection to the OfficeCommunications Server (OCS).
Prerequisites
Install Microsoft Office Communications Server 2007 R2.
Update user access permissions to allow users to connect to Communicator:
If needed, change the CortexAdmins group from global to universal scope.
Include the RTCUniversalAdmins and RTCUniversalReadOnlyAdmins groups in the CortexAdmins group.
On the OCS server restart all services that use RTC credentials.
For OCS reports: Configure and enable the OCS Monitoring Service on the OCS server. On that server:
Use both TCP/IP and named pipes for local and remote connections.
Allow SQL Server mode and Windows Authentication mode.
Add a SQL Server Login that has been granted db_datareader and db_owner permissions to the following OCS
databases: RTC, RTCDYN, and LCSCDR (this database is present only when OCS Monitoring is enabled).
To configure Office Communication Server Services
1. Enable the service (top level) and create a customer plan:
1. From the main menu, choose Configuration > System Manager > Service Deployment, and expand Office
Communication Server 2007.
2. Click Customer Plans, enter a Name for the plan such as Pool1, click Create, and click Save. Repeat this step to create
a customer plan for each OCS pool.
3. Expand Office Communication Server 2007, click Customer Plans, expand a plan name, enter the distinguished name
for RTC Home Server, and click Apply changes. Repeat this step for each customer plan.
To look up the RTC Home Server name, open the Active Directory file AdsiEdut.msc and locate the distinguishedName
attribute of the OCS pool. Example: CN=LC Services,CN=Microsoft,CN=Lab1OCSPool,CN=Pools,CN=RTC
Service,CN=Microsoft,CN=configuration,DC=lab1,DC=test,DC=com
4. Click Service Settings, expand SIP Address, specify the RTC Server Name, click Apply changes, and click Save. The RTC
Server Name is used for OCS reporting.
2. From the main menu, choose Configuration > System Manager > Credentials and add credentials for the SQL Server
Login account.
3. Enable the service (location level) and configure OCS reporting:
1. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office
Communication Server 2007, and click Service Settings.
2. Expand Usage Reporting and then choose the SQL Server Login account credentials for RTC Database Credentials.
3. Enter the full RTC Server Name for the server that contains the OCS databases, click Apply Changes, and then click
Save.
4. Create and configure a user plan:
1. Under Service Filter, select Top Environment Services, expand Office Communication Server 2007, click User Plans,
enter a Name for the user plan such as Full, and click Create.
2. Click User Plans, expand the plan, and update the settings if needed.
3. Click Apply changes and then click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.201https://docs.citrix.com
4. Under Service Filter, select Active Directory Location Services, choose a Location Filter if applicable, expand Office
Communication Server 2007, click User Plans, and expand the user plan.
5. Select the Meetings Policy check box and then select the applicable policy.
6. Select the Unif ied Communications Policy check box, select the applicable policy, click Apply changes, and click Save.
To partition the address book by OU for a multi-tenant environment
In a hosted multi-tenant environment, user address book searches should return only the users and groups that are in the
same OU (customer) as the user.
To limit user search results, use the Address Book Service Configuration Tool (ABSConfig.exe) to partition the address book
by OU. That tool is in the Microsoft Office Communications Server 2007 R2 Resource Kit, available from the Microsoft
download site.
Note: Partitioning the address book by OU does not impact a user's ability to send an instant message to other customers'users.
To update OCSSettingsLocation values in Web Services web.config files
By default, the CloudPortal Services Manager Provisioning Engine Web Services and Directory Web Services are installed
with the OCSSettingsLocation set to System (for example, CN=System,DC=lab1,DC=local).
Microsoft Office Communications Server 2007 R2 allows the Service Provider to install the OCS directory at either
Configuration (for example, CN=configuration,DC=server,DC=local) or System. If the OCS directory is installed at
Configuration, the OCSSettingsLocation value in the web.config files for the Provisioning Engine and Directory Web Services
must be updated. If the container settings for OCS and the web services do not match, Service Manager displays errors
such as the following during user plan updates or user provisioning:
Server was unable to process request. ---> Failed to load the LCS/OCS policies from path 'LDAP://CN=Policies,CN=RTC
Service,CN=Microsoft,CN=System,DC=lab1,DC=local'. Error: There is no such object on the server.
This procedure describes how to change the configuration files for the Services Manager Provisioning Engine Web Services
and Directory Web Services.
1. Stop the Services Manager Queue Monitor service.
2. Log on to the Provisioning server and then open the appSettings.config f ile. That f ile is typically located in: C:Program
Files (x86)CitrixCortexProvisioning Engine.
3. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.
4. Restart the Queue Monitor service.
5. Log on to the server, usually the Provisioning server, where the Services Manager Directory Web Service is saved and then
open the web.config f ile. That f ile is typically located in: C:Program Files (x86)CitrixCortexServicesDirectory.
6. Change the OCSSettingsLocation key value to CONFIGURATION and then save the f ile.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.202https://docs.citrix.com
Creating and Provisioning Additional User andCustomer Plans
Jun 05, 2015
When you configure a service for the f irst time, you create the initial user and customer plans that are eventually sold toResellers and customers. However, adding more plans later does not require the same level of configuration that wasrequired during service configuration. After the service is fully configured, you can create additional user or customer plansand:
Enable Resellers to offer additional levels of service to their customers.
Migrate customers’ users to a new user plan using the Package Migration Wizard. For more information about
performing this task, refer to the topic To migrate users to different user plans in bulk with the Package Migration
Wizard in Citrix eDocs.
This topic assumes the following conditions:You have fully configured the services for which you are creating more plans.
You have at least one user plan and one customer plan enabled and available for provisioning.
Use this topic as a guide for creating more plans and making them available to Resellers and customers. For more
information about configuring service-specific settings, consult the service’s configuration instructions in the Configuring
and Managing Services section of the Services Manager product documentation in Citrix eDocs.
To create additional user plans
1. Create and configure a user plan for the desired service at the Top level:
1. From the Services Manager menu bar, click Configuration > System Manager > Service Deployment.
2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.
3. Click User Plans, enter a Name for the user plan, and then click Create.
4. Perform any additional configuration required.
5. Click Apply Changes, and then click Save.
2. Enable and configure the user plan at the Location level:
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
2. Expand the desired service, click User Plans, and then select the Enabled check box for the new user plan.
3. Expand the new user plan and update applicable settings.
4. Click Apply Changes and then click Save.
3. Provision the user plan to the top Reseller:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the Reseller and click Search. The specif ied customer is selected.
2. Expand the Reseller service and then expand the service for which you added the new user plan.
3. Select the Enabled check box for the new user plan.
4. Click Apply Changes and then click Provision.
4. Repeat Step 3 for any other Resellers in the hierarchy.
5. Provision the user plan to the customer:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the customer and click Search.
2. Expand the desired service and click Advanced Settings.
3. Under User Plans, select the Enabled check box for the new user plan.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.203https://docs.citrix.com
4. Click Provision.
To create additional customer plans
1. Create a customer plan for the desired service at the Top level:
1. From the main menu, choose Configuration > System Manager > Service Deployment.
2. Under Service Filter (at left), select Top Environment Services and then expand the desired service.
3. Click Customer Plans, enter a Name for the customer plan, and then click Create.
4. Perform any additional configuration required.
5. Click Apply Changes, and then click Save.
2. Enable and configure the customer plan at the Location level:
1. Under Service Filter, select Active Directory Location Services, and choose a Location Filter, if applicable.
2. Expand the desired service, click Customer Plans, and then select the Enabled check box for the new customer plan.
3. Expand the new customer plan and update applicable settings.
4. Click Apply Changes and then click Save.
3. Provision the customer plan to the top Reseller:
1. From the Services Manager menu bar, click Customers > Customer Services. Under Customer Search, enter the name
of the Reseller and click Search. The specif ied customer is selected.
2. Expand the Reseller service and then expand the service for which you added the new customer plan.
3. Select the Enabled check box for the new customer plan.
4. Click Apply Changes and then click Provision.
4. Repeat Step 3 for any other Resellers in the hierarchy.
5. Verify the new customer plan is available for provisioning:
1. From the Customer Services page, expand the desired service.
2. In Customer Plan, click the drop-down box to view the available plans. The newly added customer plan is displayed and
is available for selection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.204https://docs.citrix.com
Manage Customers
Jun 05, 2015
A common task for a service provider or reseller to perform after logging on to the CloudPortal Services Manager is tocreate a customer. A customer is a container that can consist of :
Hosted services that can be configured and made available (that is, provisioned) to the customer's users
A customer administrator who can create and manage users, and provision services to them
Users who access one or more services with which they have been provisioned
Additional customers (known as resellers or tenants) who, in turn, can create and manage customers and users of their
own, and provision services to them
To create a reseller, the service provider provisions a customer with the reseller service. Reseller-customers can, in turn,
create their own customers and enable them to be resellers as well. Service providers have access to advanced system
configuration functions, such as service configuration, which resellers do not.
As you create a customer through the Services Manager, you specify the customer location (that is, the hosted domain), its
Active Directory organizational structure (optionally), and any advanced properties. Advanced properties can include
password expiry rules, additional organizational structure, and service security roles. You can select one or more security
roles to enable the customer to administer available services. As a final step, the provisioning engine creates an organization
structure and security groups in Active Directory for the defined customer.
Getting Started
Creating a customer consists of these initial steps:1. Create a new customer by selecting Customers > New Customer from the main menu.
You can quickly create a customer with minimal details: name, email contact information, and a domain name. The
Services Manager assigns a default set of restricted and allowed security roles in this case. Alternately, you can add more
detailed information and choose roles for the customer and any inherited customers and users.
2. Create a customer administrator user to manage users and administer services in the customer's organization.
After creating a customer, the Services Manager automatically prompts you to create an administrator user. You can
cancel this operation, but this first user created for a customer is always an administrator user.
3. Provision available services to a customer, an action performed by a service provider or reseller.
4. Create users to whom services are later provisioned, an action performed by a customer administrator.
5. Provision services to users, an action performed by the customer administrator.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.205https://docs.citrix.com
Creating Customer Administrators
Jun 05, 2015
After you create and initially provision a customer, the Services Manager will automatically prompt you to create the f irstuser for the customer: the customer administrator. If you do not create an administrator at this time, when you attempt tocreate the f irst user for the customer, it is created as an administrator.
Before you create a customer administrator, gather all contact information and determine a password for this user. You
can choose to provide more detailed contact information when you create the user.
After you create (that is, provision) this user, the Services Manager will automatically prompt you to provision services.
To find and select customers
1. From the main menu, click Home.
2. Expand Customer Management.
3. In Customer Search, perform one of the following steps. You can use the percent sign (%) as a wildcard prefix for text
searches:
Select Name/Billing ID and type the customer name or customer billing ID code in the search text f ield.
Select Domain and type the customer's domain name.
4. Press Enter or click Search.
5. In the search results table, click the customer name to expand the Customer Functions menu.
The customer is now selected. Perform the following procedures to create an administrator user for a customer.
To create an administrator user
1. After the customer is selected, from the Services Manager menu bar, click Users > New Users.
2. If not expanded, expand User Details, then select or type the following information:
In UPN, type a user name that will be added to the appended domain name that you select from the drop-down list.
This entry is automatically populated in the Username field. You can edit this f ield.
In First Names and Last Name, type the user's f irst and last name. These entries are automatically populated in the
Display Name field. You can edit this f ield.
3. Click Additional User Properties to add more details about the user.
4. Under Address, General, Organization, and Telephones, add information as appropriate.
5. Under Password Configuration, add a password for the user.
6. Click Account Settings and configure the following options:
Change Password at Logon
Account Disabled
Account Locked
Account Expires
7. Click Advanced Options to select security roles for the customer administrator.
8. Ensure the Configure a custom role collection check box is cleared and then select one of the following administrator
roles from the drop-down list:
Customer Administrator
Partial User Administrator (Reset Passwords)
Service Administrator
User Administrator
User and Service Administrator
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.206https://docs.citrix.com
9. (Optional) Expand Email Addresses to configure one or more email addresses for the customer administrator.
Note: If no email address is specif ied, the Services Manager automatically assigns an email address constructed from the
UPN.
10. Click Provision to create the user. The Services Manager automatically prompts you to provision services.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.207https://docs.citrix.com
To modify customers
Jun 05, 2015
1. Find a customer by using one of the methods described in Finding Customers .
2. Click the customer name to expand the customer to display the Customer Functions dialog box.
3. Select any of the following options:
Option Description
EditCustomer
Modify contact and domain information and email addresses, change password requirements, and
other details.
Users View and manage user accounts within the selected customer hierarchy.
Delete Permanently delete the deprovisioned customer from the Services Manager and Active Directory. This
function is only available after you deprovision the customer.
Deprovision Deactivate the customer and its users in Active Directory but keep the account information in the
Services Manager database. Users cannot log on or use services.
Disable Disable the customer and all its user accounts in the Services Manager database and Active Directory.
To reinstate the customer, click Enable and then Provision.
To delete the customer, click Delete. This action deletes the customer from the Services Manager
and Active Directory and also deletes any data associated with the customer.
Note: You can modify customer settings by using Edit Customer while the customer is disabled. Click
Provision in the Edit Customer dialog box to apply the changes to the customer.
Enable Reinstates the customer and its user accounts in the Services Manager and Active Directory. Next,
click Provision to provide the customer with full access to its provisioned services.
Provision Activate the customer after updating or modifying settings. If the customer had been disabled,
Enable the customer before performing a Provision operation.
Services Manage services associated with the customer.
ResetStatus
Reset the provisioning status if the request appears to have timed out.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.208https://docs.citrix.com
To move a customer to a different reseller customer
Jun 05, 2015
You can move an existing customer to a different reseller customer with the following conditions:A reseller customer cannot be moved.
The customer can be moved to a reseller customer in the same location only.
The reseller must be able to provision all services that the moved customer has provisioned. That is, the reseller must
already have the same services provisioned to it as the customer to be moved.
As part of the customer move process, the Services Manager detects matching access levels for each service (known as the
service access level or SAL). Any SAL that cannot be matched is displayed as an editable or selectable field. If the SAL
changes as a result of this selection and no service properties are overridden, the moved customer's users inherit the new
SAL properties. If service properties are changed or overridden, the moved customer's users inherit the new, changed service
properties.
1. Click Customers > Configuration > Customer Move.
2. From the Customer Move page, perform the following actions:
1. In Customer Search, type the name of the customer to be moved and select the customer.
2. In Reseller Search, type the name of the destination reseller that will receive the customer and select the reseller.
3. Click Load Customers.
4. From the drop-down list, ensure the correct location is selected. The destination reseller's location must match the
customer's current location.
Important: If multiple locations are available from the drop-down list and you select a location that is different from the
customer's current location, the move operation will fail. Moving customers to resellers in other locations is not
supported.
5. Under Package Selection, if available, select the source and destination customer service plan and service access level.
6. Click Move.
The Services Manager displays a message that changes are complete and the customer is being provisioned. You can checkthe status of move by clicking Configuration > Provisioning & Debug Tools > Provisioning Requests.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.209https://docs.citrix.com
Creating Reseller Customers
Jun 05, 2015
By default, the Service Provider Administrator and Reseller Full Administrator roles can create customers. However, only the
Service Provider can create a Reseller customer (known as the reseller). In this case, the reseller resides in the Service
Provider's customer hierarchy and the reseller can then create one or more customers within its own hierarchy.
The general steps to create a reseller are as follows:1. Create a customer; see Creating Customers .
2. Create a Customer Administrator; see Creating Customer Administrators .
3. Select the Reseller service (and other desired services) and provision the selected services to the customer.
4. Add the Reseller Administrator role to a user.
To create a new reseller customer
1. From the Services Manager menu bar, click Customers > New Customer.
2. Follow all steps described in Creating Customers and Creating Customer Administrators . The Services Manager
automatically prompts you to provision services to the customer after you create the customer administrator.
3. Select Services and expand Reseller.
Note: If more than one location is configured, multiple Reseller services are listed, one per location. Select the Reseller
service instance for the desired location.
4. Select the check box for each service that the reseller can provision.
5. (Optional) Click the service name and then click Service Settings to configure additional settings for the reseller.
6. If you have configured service settings, click Apply Changes.
7. When you are f inished, click Provision to create the reseller customer.
When you create a reseller customer, the Reseller administrator roles are added automatically to the list of available usersecurity roles.
To add the Reseller administrator role to a user
1. From the Services Manager menu bar, click Customers and select a customer from Customer Hierarchy or search for a
customer from the Advanced Customer Search dialog box.
2. Click the customer name, click Users, and then select the user to whom you want to assign the Reseller administrator
role.
3. Click Edit User, click Account Settings, and then click Advanced Options.
4. Select the Configure a custom role collection check box, expand the Service - Administration node, and then select one
of the following roles:
Select Reseller - Reseller Full Administrator if you want to grant to the user full rights to create, modify, and delete
sub-customers.
Note: Before the reseller customer can create sub-customers, a user must be assigned the Reseller Full Administrator
role.
Select Reseller - Reseller Partial Administrator if you want to designate a user with the ability to update sub-customer
details and to reset passwords.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.210https://docs.citrix.com
Finding Customers
Jun 05, 2015
You can f ind a customer by using one of the following search methods:The Customer Search feature available from the services manager Home page, located under the Customer
Management dialog.
The search features available from the Customers page.
To search for a customer from the Services Manager Home page
1. Click Home and expand Customer Management.
2. Select a f ilter of Name/Billing ID or Domain.
3. Type a customer or domain name, then click Search.
Note: You can use the percent (%) character as a leading wildcard to perform partial searches. For example, type %citrix
to f ind all customers with citrix as part of their customer name.
To search for a customer from the Services Manager Customer page
1. From the Services Manager menu bar, click Customers. The Customers page appears, listing all customers in the current
location.
2. Select a customer from the list or use the following criteria to search for customers:
Under Filter Fields, select a search criteria item from the drop-down list and then click the letter with which the criteria
item should begin. For example, select Domain and F to f ind all customers with domain names beginning with F.
Under Advanced Search, enter any of the following information:
In Full Name, enter the complete customer name.
In Code, enter the administrative code that was assigned when the customer was originally created.
In Domain, enter the domain name for the customer you want to f ind.
In Service, select a service to f ind all customers provisioned with that service.
Under Additional Options, use any of the following options:
In No. of users less than, enter a value to f ind customers with fewer users than that value.
In No. of users greater than, enter a value to f ind customers with more users than that value.
In Location, select a location to f ind all customers hosted in that location.
3. Click Search.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.211https://docs.citrix.com
Creating Customers
Jun 05, 2015
Updated: 2013-02-22By default, the Service Provider Administrator and Reseller Full Administrator roles can create a Customer, the first step in
using the Services Manager. Perform the following procedures by selecting New Customer from the main menu.
To create a basic Customer with default settings, gather the customer name, email contact information, and primarydomain name. You can choose to provide more detail when you create a customer, specifying additional information suchas:
Detailed customer contact information
Language (locale) for users
Password and email management specif ications
Security roles to assign or disable for the customer
After you create and initially provision a customer, the Services Manager will automatically prompt you to create the initialadministrator for the customer as described in Creating Customer Administrators . If you do not create an administratorat this time, the f irst user created for the customer is an administrator.Note: After you create a Customer, you can edit the customer properties as described in To modify customers .
To create customers with all restricted security roles
1. From the main menu, click Customers > New Customer.
2. If not expanded, expand Customer Details, then select or type the following information:
Location
Synonymous with an Active Directory forest. Standard Services Manager installations consist of one location. This
selection is displayed if more than one location has been configured. Select the location where this customer and
related users will reside. The location cannot be changed after this customer is created and saved.
Full name
Full name of the customer.
Code
Customer code automatically generated from the customer Full Name. You can optionally edit this f ield to replace the
generated code.
Contact Name
Name of the person or entity to contact and associated with the customer.
Email Address
Contact email address in the format of username@domain-name.
3. If not expanded, expand Domain Management and type the new customer's domain name.
4. Select Primary to select this domain as the primary domain for this customer.
Note: The customer is limited to a single primary domain. If you add another domain and select Primary, the added
domain becomes the primary domain.
5. Select the DNS Zone check box to create a DNS zone for each domain entered and click Update.
Note: This option is displayed if the DNS service is installed and configured in the Services Manager, with the Manage
DNS customer setting enabled. Only domains owned by the customer can become a DNS zone. When the customer is
provisioned, this domain will be added to the DNS service.
6. Click Add to add more domains.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.212https://docs.citrix.com
7. When you are f inished, click Provision to create the customer. Otherwise, click Additional Options or expand Advanced
Properties to add more detail about the customer.
To add more customer details (Additional Options)
1. On the Customer Details page, click Additional Options.
2. Under Address, add complete address information. Services Manager will automatically populate the required Country
property f ields in Active Directory (co, c, and countryCode) from the country you select from the Country drop-down list.
3. Under Phone, add the following information:
In Phone Number and Fax Number, add complete telephone and fax information.
In Billing Identif ier, type a unique identif ier that is used to link the customer to a billing system.
In Language Code, if multiple languages have been configured or installed, select a language for the Services Manager
interface, email messages, and so on.
In Minimum Password Length, the value is automatically populated with the Active Directory Group Security Policy
setting. This setting defines the minimum password length for this customer or user. You can manually update this
f ield with a length greater than that defined by the Active Directory policy.
In Password Banner Display Days, define the number of days before a password expiration notif ication is displayed to
the user. For example, if this f ield's value is 89, the password expiration notice is displayed on day 90. The length of
time that a password is valid is defined by an Active Directory policy.
In Prepay Customer, select whether the customer has pre-pay or post-pay billing. Select Yes to indicate that the
customer will pre-pay for service. Select No to indicate that the customer will be billed later in the month for services
rendered (post-pay). After you select post-pay billing, it cannot be changed later to pre-pay.
4. When you are f inished, click Provision to create the customer. Otherwise, expand Advanced Properties to add more
detail about the customer.
To specify advanced properties for a customer (Password, Roles, Email Management)
1. On the Customer Details page, click Advanced Properties to manage basic password policy, assign or disable roles,
manage email address patterns.
2. Configure the following options:
In Change password at next logon, select Yes to require the customer's users to create a password the f irst time they
log on. Select No to disable the change password feature. Default setting for new users. When you create a new
user, you can still specify whether the user needs to change their password when they f irst log on.
In Allow passwords to Never Expire, select Yes to give the User Administrator the ability to set user passwords to
Never Expire. You must select Yes if you want to use the AD Sync tool. Select No to allow user passwords to expire at
regular intervals.
Note: You must select Yes if you want to enable AD Sync services for the customer. This ensures the remote domain,
not the hosting domain, controls the interval at which passwords are reset. If this setting is not configured when
provisioning the AD Sync service to the customer, Services Manager automatically configures this setting to Yes.
In Organizational Structure, select from the drop-down list how users are grouped in an Active Directory User OU
(organizational unit). You can choose to leave users ungrouped, group by department or location, or place them in a
user specif ied group.
3. In Brand, choose one of the following options to specify the branding applied to the customer and that users see when
logging on to the Services Manager:
Select URL (selected by default) to use the branding associated with the customer's URL. Customers of the service
provider or reseller customers log on to the Services Manager using the URL provided by the service provider or reseller.
Select Default to use the branding associated with the reseller. That is, the sub-customer of a reseller inherits the
reseller branding and all users see that branding when logged on.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.213https://docs.citrix.com
Select Custom to use the custom branding selected from the drop-down list. This setting overrides the URL setting
after users log on to the Services Manager.
4. In Restricted Roles, select a role to deny that role to the customer's sub customers and users. In general, all user or
administrator security roles are enabled for the customer by default. For more information about security roles, see
Managing Security Roles .
5. In Allowed Roles, select one or more security roles in the list to assign to the customer. Afterward, the customer can
assign that role to its customers and users.
6. In Patterns, specify how the user display name and email address are displayed to new users. Patterns updated here are
for new users, not existing users.
7. When you are f inished, click Provision to create the customer with advanced properties.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.214https://docs.citrix.com
Manage Users
Jun 05, 2015
As a customer administrator user, you can create one or more users associated with that customer (that is, residing in thecustomer's hierarchy). You can create a user by choosing any one of the following ways:
Create a new user with the New User Wizard
Import many users by using the Bulk Import User feature, with user information defined in a Microsoft Excel
spreadsheet
Move users from one customer to another customer
Getting Started
Creating a user from the Services Manager consists of these initial steps:1. Create a new user by clicking Users > New User from the Services Manager menu bar. You can quickly create a user with a
minimum of information: name, user name and password, and display name.
2. Provision available services to the user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.215https://docs.citrix.com
Bulk User Import Template Settings
Jun 05, 2015
The Bulk User Import Template workbook is a Microsoft Excel 97-2003 compatible .xls format file that can be blank or
contain information about one or more users in a customer hierarchy. It contains a header row that indicates all possible
fields associated with a user.
First Name
First name of the user
Surname
Surname or last name of the user
Display Name
First name and last name of the user. If left blank, the Display Name is automatically created from the First Name and
Surname fields.
UPN
User principal name in the format of username@domain. The domain is the customer's domain. A user can log on using the
UPN. If you specify an email pattern such as %g.%s@domain, the resulting email address is in the form of
firstname.lastname@domain.
Username
If blank, the software automatically creates a username for the user, using the UPN username appended with a
_CustomerShortName. The _CustomerShortName is derived from the customer's ShortName. You can edit this f ield in the
template or Edit User dialog.
Password
An alphanumeric user password. If blank for an existing user, the user's password is preserved. A password is required for a
new user. Passwords must be at least eight characters long and contain at least three of the following four character
types:
Lower case alpha character
Upper case alpha character
Numeric character
Symbol character, such as !, @, #, $, %
Location
The Active Directory Location of the user's customer. If blank, the default location is Unassigned.
Department
The user's assigned department. If blank, the default department is Unassigned.
Phone Number
Telephone number associated with the user.
Custom Field
One or more for customized information associated with the user.
Roles
Specify one or more comma-separated security roles for the user. For example: Customer Administrator, Exchange Service
Administrator. Each column is limited to 250 characters. Use the Roles 2 through Roles 4 f ields for additional roles.
Account Disabled
This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user account is disabled
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.216https://docs.citrix.com
and the user cannot log on to access services. FALSE specif ies that the account is enabled upon import.
Change Password at Logon
This f ield allows you to select one of the following from the drop-down: TRUE specif ies that the user must change its
password when f irst logging on. FALSE specif ies that the user does not need to change the user account password at f irst
logon.
Password Never Expires
Select TRUE to set the user password to Never Expire. You must select TRUE if you want to use the AD Sync tool. Select
FALSE to allow the user password to expire at regular intervals.
Email Addresses
Specify one or more email addresses for the user. If blank, the software automatically assigns an email address constructed
from the UPN.
City/ZipPostal/Title/Street
Specify physical address information for the user. You can specify a user's organizational title; for example, Manager of
Engineering Services
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.217https://docs.citrix.com
Managing User Password Expiration EmailNotifications and Reports
Jun 05, 2015
The Services Manager enables a customer administrator to configure, enable, and report on user password expiry andnotif ication. As described in Creating Users , you can allow passwords in user accounts to expire. Creating and configuringpassword expiration email notif ication is the f irst step of a two-step process: f irst create a message, then enable themessage to be sent. To do this, you perform the following tasks:
Create and configure a password expiration email notif ication to all users within a customer hierarchy.
Enable the password expiration notif ication email.
Generate a user email expiry report to be sent to a customer administrator.
Note: The Password Expiry date is set by the service provider or domain administrator for the Active Directory domain's
Group Policy.
To create and configure a password expiration email notification to users
If you intend to include a file attachment with the notification, upload the file before creating the new notification
message.
1. From the Services Manager menu bar, click Customers > Configuration > Email Notif ication.
2. (Optional) If you intend to include a f ile attachment with the notif ication, click Attachments and then select and upload
the f ile you want to include. To return to the email notif ication page, click Notif ication.
3. Under Create Messages, select the following options:
In Event, select User Password Expiry.
In Recipient, User.
In Customer Type, select Full Customer.
4. Click New Message. The Email Content dialog box appears.
5. Configure the following email notif ication settings and then click Save:
Under Settings, select the status, frequency, modif ication settings for the notif ication. By default, notif ications have
an Enabled status and are sent once.
Under Recipients, select one of the following f ilters by which to search for or select recipients and then click Add:
Select Custom and, in E-mail, type a common email pattern or customized email address. For example, the common
email pattern {UserExternalEmail} sends email to the address specif ied in the user's External Email Address property.
Select User or Customer and, in Search, type a name or search by specifying a partial name prepended with the
percent (%) character.
Select Role and choose a role from the drop-down list. All users provisioned with that role will receive a notif ication
email.
Select Reseller Role and choose a role from the drop-down list. All users provisioned with that role will receive a
notif ication email.
In From Address and From Display, type the reply-to address and a display name of the email sender.
Under Message, perform the following actions:
In Language, select a language from the drop-down list.
In Subject, type a subject for the notif ication.
(Optional) In Attachments, select a f ile that you uploaded using the Attachments feature.
In the message box, type the text of your message.
In Message Type, select Html or Text.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.218https://docs.citrix.com
To enable the password expiration notification email and email expiry report
1. From the Services Manager menu bar, click Users > Configuration > Email Configuration.
2. Configure the following email notif ication and report settings and then click Save:
In Email Expiry Report, select Yes to generate a daily report about user accounts to be sent to the specif ied customer
administrator, based on the conditions selected on this page. Selecting No disables all selections except Email
Notif ication Report.
In Email Notif ication Report, select Yes to send an email to user accounts where the password is due to expire in the
time specif ied on this page. The Services Manager also sends a summary report to the customer administrator email
specif ied in this dialog. The report includes all users to whom the notif ication email was sent successfully and any
users to whom the notif ication was not sent because an email address was not configured for their account.
Selecting No disables all selections except Email Expiry Report.
In Include users with passwords that expire in blank days, Select Yes and type the number of days in which user
passwords expire. Selecting No disables the remaining choices labeled with "Filter."
In Filter never expire, select Yes to report users whose passwords are set to Never Expire.
In Filter expired passwords, select Yes to report users whose passwords have expired.
In Filter accounts locked, select Yes to report users whose accounts are locked.
In Filter accounts disabled, select Yes to report users whose accounts are disabled.
In Email Address, specify the customer administrator email address and select the location from the drop-down list. To
send the report to more than one customer administrator, create a Microsoft Exchange Distribution Group and type
the Distribution Group's email address.
In Language, select a language from the drop-down list.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.219https://docs.citrix.com
Creating users with templates
Jun 05, 2015
Updated: 2013-05-07If you need to create users that have similar settings, you can use a template to create these users quickly. When you
create the template, you specify the user settings, including security roles, and the services to be provisioned when the
template is used. To create a new user, you select the template you want to use and then click New User from the User
Functions dialog box. The user details from the template are copied to the new user.
Templates are customer-specific; that is, they are accessible only to the administrator of a particular customer's account.
For example, a customer administrator cannot view or use the templates of a parent reseller, and the reseller cannot view
or use the templates of any of their customers.
Templates are stored in the system database as users. You can access existing templates from the Users page of the
control panel. Under Advanced Search, enter search criteria and select the Template user type.
To create a new template
1. From the Services Manager menu bar, click Users.
2. Under Management, click New Template User. The Create User page appears.
3. In Display Name, enter a name for the template user.
4. Click Additional Properties to add address and organizational details.
5. Click Account Settings to configure password change and expiration settings.
6. Click Advanced Options to select a security role for the template user. To customize the security role, select Configure a
custom role collection.
7. Click Save. The Provision Services page appears.
8. Select the services you want to provision when the template is used to create a new user.
9. Click Save.
To create a new user based on a template
1. From the Services Manager menu bar, click Users.
2. Find and select the template you want to use:
1. Under Advanced Search, in User Types, select Template.
2. Click Search. A list of all existing templates appears.
3. Select the template you want to use. The Create User page appears.
3. Under User Details, perform the following actions:
1. Enter the user's UPN and name information.
2. (Optional) Click Additional Properties and enter any additional location or organization details for the user.
4. Under Password Configuration, enter the user's password and confirm the entry.
5. (Optional) Under Account Settings, review the password settings and security role, and make any required changes.
6. Under Email Addresses, add email addresses as required.
7. Under Copy Services, select the services you want to provision to the new user.
8. Click Provision.
After the new user is provisioned, ensure the user's provisioning status appears with a green indicator for all services.
Services that appear with a blue indicator require additional configuration.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.220https://docs.citrix.com
Modifying Users
Jun 05, 2015
To modify an individual user
The User Functions dialog box enables you, as the administrator, to manage an individual user in your organization. To
manage multiple users with User Functions, use the Multi User Selection dialog box.
1. Find a user by using one of the following methods in Finding Users .
2. Click the user name to display the User Functions dialog box.
3. Select any of the following options:
Option Description
Edit User Modify user contact information and email addresses, change the user password, add or remove
security roles, and modify account settings.
Copy User Make a copy of an existing user within a customer hierarchy. The copied user resides in the original
customer hierarchy and possesses the original user's provisioned services. See Moving and Copying
Users .
Delete Permanently delete a deprovisioned user account from the Services Manager and Active Directory.
This function is only available after you deprovision a user.
Deprovision Deactivate the user account in Active Directory but keep the account information in the Services
Manager database.
Disable Disable the user account in the Services Manager database and Active Directory. The user cannot log
in to the Services Manager while disabled and the administrator cannot modify any services previously
provisioned to the user.
To reinstate the user, click Enable and then Provision.
To delete the user, click Delete. This action deletes the user account from the Services Manager
and Active Directory and also deletes any data associated with the user (such as Exchange
mailboxes).
Note: You can modify user settings by using Edit User while the user is disabled. Click Provision in
the Edit User dialog box to apply the changes to the user.
Enable Reinstates the user account in the Services Manager and Active Directory. Next, click Provision to
provide the user with full access to its provisioned services.
Provision Activate the user account after updating or modifying account settings. If a user had been disabled,
Enable the user before performing a Provision operation.
Services Select and configure service settings and provision one or more services to the user.
To modify multiple users
1. Perform one of the following steps:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.221https://docs.citrix.com
If you are a Service Provider administrator, search for and select a customer, then click Users to display that
customer's users.
If you are a customer administrator, click Users from the Services Manager menu bar to display your users.
2. Under Multi User Selection, click Select All Users to select every user in the customer hierarchy. Otherwise, select the
users on which to perform the operation.
3. Click one of the following options:
Services
Disable
Enable
Provision
Deprovision
Delete
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.222https://docs.citrix.com
Moving and Copying Users
Jun 05, 2015
You can move a user from one customer to another customer, migrating the user information and provisioned services tothe new customer, with the following conditions:
Both customers must belong to the same Services Manager location (that is, Active Directory domain).
Provisioned services that will transfer with the user are limited to Blackberry, Hosted Exchange, and Office
Communications Server (OCS). If the user is provisioned with any other service, deprovision that service before
attempting the migration.
You can also make a copy of an existing user within a customer hierarchy. The copied user resides in the original user's
customer hierarchy and possesses the original user's provisioned services.
To move a user to a different customer
Ensure that you perform the following procedure as a Service Provider or Reseller administrator.
1. From the Service Manager menu bar, select Users > Configuration > User Move.
2. In Customer Search, type a source customer name and click Next. Services Manager returns the source customer name,
if found.
3. In User Search, type a user name and click Next. Services Manager returns the user name, if found.
4. In Customer Search, type a destination customer name and click Next. Services Manager returns the customer name, if
found, and displays the User Mapping table to enable you to change the moving user's new UPN and email address.
5. Accept or edit the defaults and click Next.
6. Click Finish to move the user.
When complete, Services Manager prompts you to review the customer and user. Citrix recommends that you review both
and edit each as required. To move another user, click Move another user to a new customer.
To copy a user in the same customer hierarchy
Ensure that you perform the following procedure as a user administrator, at a minimum.
When performing this procedure, consider the following items:Some services might appear in the User Services dialog with a provisioning status of blue. Blue indicates that the user's
services require additional configuration. After configuring the service, manually provision it.
When the Hosted Exchange service is provisioned to the copied user, the default primary email address is the new copied
user's address.
If populated, the Title and Web Page f ields in Additional User Properties are copied to the new user.
1. Click Users to display all users for a customer, then click a user to access the User Functions dialog box.
2. Click Copy User. The Create User page appears.
3. Enter user details and password for the new user and configure account settings as described in Creating Users .
4. Click Copy Services and clear the check boxes for any provisioned services you do not want to be copied to the new user.
5. Click Provision. The Provision Services page displays all provisioned and unprovisioned services.
6. Provision any additional services from the list to the copied user.
7. Click Provision for each service you want to provision to the user. The copied user is now created and provisioned in the
customer hierarchy.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.223https://docs.citrix.com
Creating Multiple Users with Bulk User Import
Jun 05, 2015
You can import new or edit existing users in a customer hierarchy by using the Bulk User Import feature. This featureenables you to create new or modify existing multiple users as specif ied in a Microsoft Excel 97-2003 format workbook(.xls). You can download a new blank template or a workbook populated with existing user information from the portal. Ineither scenario, you:
Download the appropriate template
Create new or edit existing users
Upload the template to the portal
Select users to add or update
Provision services to the users and then provision the users
After uploading the template, Services Manager gives you the opportunity to perform the following actions:Resend the f ile process request to upload the template again
Import the users from the template you uploaded
Download the template you uploaded
Cancel the bulk user import process
Delete the f ile from the imported f ile list
Bulk User Import Template Settings describes the template's workbook headings and settings.
Consider the following when you create or edit a Bulk User Import template:Do not rename the column headings in the templates.
Do not leave blank rows between users.
The templates do not support provisioning new services to users. You must provision services to users through the
Services Manager by using the User Functions or Multi User Selection features.
To download a template
1. Click Users > Bulk User Import.
2. Click one of the following options, then click Save when prompted to save a copy of the template on your PC:
Click New Users Template to download a blank workbook template with column headings.
Click Existing Users Template to download a workbook with column headings and cells populated with user data.
Click Generate Template to create a new template with column headings and cells populated with current user data.
When the workbook template is ready, click Existing Users Template to download it.
Note: This selection exists depending on how the CloudPortal software was installed. The workbook is not generated
immediately. The speed at which the workbook is generated depends on how many users exist in the customer
hierarchy.
To import users
1. Click Users > Bulk User Import.
2. Click Browse in the Upload User Import File dialog, navigate to your new or edited workbook, and select it.
3. Add a description for the workbook and click Upload. The Bulk Import File List displays the f ile details as the f ile is verif ied.
4. From the f ile list, click the upload date of the f ile you uploaded and, under Import File Management, click Import. The
User Import page appears.
5. Click New Users or Existing Users to view the uploaded users. The list of users is shown, including any users who might
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.224https://docs.citrix.com
have errors in their entries. You can select verif ied users to import at this time, and f ix invalid users to upload at a later
date.
6. (Optional) Expand a user to view account properties associated with the user.
7. Click Save to import the selected users.
Note: You cannot import users that have errors in their entries. With your mouse pointer, hover over any error to reveal
the source.
8. Provision one or more services to the users and provision the users to activate them in the customer hierarchy.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.225https://docs.citrix.com
Finding Users
Jun 05, 2015
You can f ind a user by using one of the following methods:The User Search feature available from the Services Manager Home page, located under User Management
The search features available from the Users page
To search for users from the Services Manager Home page
1. From the Services Manager menu bar, click Home and expand User Management.
2. Select a f ilter of Name, UPN, or Email.
3. In User Search, type a user name, email, or User Principal Name (UPN) and click Search.
You can use the percent (%) character as a leading wildcard to perform partial searches. For example, type %citrix to find
all users with "citrix" as part of the user name.
To search for users from the Services Manager Users page
1. From the Services Manager menu bar, click Users. The Users page appears, listing all the users in the customer hierarchy.
2. Select a customer from the list or use the following criteria to search for users:
Under Filter Fields, select a search criteria item from the drop-down list and then click the letter with which the criteria
item begins. For example, select User ID and then click F to f ind all users with user IDs beginning with F.
Under Advanced Search, enter any of the following information:
In User ID, UPN, First Name, Surname, or Email, type at least one letter in any of these f ields to f ind users whose
information begins with the letter or letters.
In Role, select a security role from the drop-down list. For example, select User Administrator to f ind users assigned
the User Administrator role.
Under User Types, select Standard to f ind a customer's user. Select Template to f ind any user templates in the
Services Manager. Typically, a template user is the defined user template you can download for Creating
Multiple Users with Bulk User Import .
Under Service Filter, enter any of the following information:
In Service, select an installed service from the drop-down list.
In Access Level, if available, select a service access level security group.
In Status, select the status of the service associated with the users.
Under Account Status, select Yes for each status option to f ind users according to the associated account status.
Select No to f ind users with accounts that are not locked, disabled, or expired. Select Ignore to remove the account
status option from consideration in searching.
Under Password Status, select Yes for each status option to f ind users according to the associated password
expiration status. Select No to f ind users whose passwords are not expired or are not set to Never Expire. Select
Ignore to remove the password status option from considering in searching.
Under Additional Options, f ind users according to custom fields, location, or department specif ied in the user
properties.
3. Click Search.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.226https://docs.citrix.com
Creating Users
Jun 05, 2015
To create a user
As a customer administrator user, you can create users for the services provisioned to your customer. When creating a user,consider the following:
Users with the User Administrator role, at a minimum, can create users.
A user can be created with a one or more permissions in the Services Manager; each permission is known as a security
role. See Assigning User Security Roles .
1. Click Users > New Users.
2. If not expanded, expand User Details , then select or type the following information:
In UPN, type a user name that will be added to the appended domain name that you select from the drop-down list.
The user name is automatically populated in the Username field. You can edit the Username field.
3. In First Names and Last Name, type the f irst and last name of the user. The Display Name field is automatically
populated with the f irst and last name of the user. You can edit the Display Name field.
4. Click Additional User Properties to add more information about the user.
5. To designate the user a test user, select the Test User check box.
Note: Test users are user accounts that are not added to billing reports. You can later edit this user and clear this check
box.
6. If you do not want to add more details, under Password Configuration, add a password for the user.
7. Click Provision to create the user.
To configure account settings for a new user
1. Click Additional User Properties to add more information about the user.
2. Expand Account Settings to configure the following options:
In Change password at next logon, select Yes to require the user to create a password when f irst logging on. Select
No to disable the change password feature.
In Set passwords to Never Expire, select Yes to prevent user passwords from expiring. Select No to allow the user
password to expire at regular intervals.
In Account Disabled, select Yes or No to enable or disable the user account. If you provision a user with its account
disabled, that user cannot log on to use services until you enable them by clicking Enable in User Functions.
In Account Locked, No is the only option and is selected by default.
In Account Expires, select Never to prevent account expiration. Select End of to choose the date when the account
expires.
Note: If an end date is selected, the Services Manager will automatically disable the user's account on the next
calendar day and they will not be able to access the Services Manager or any related services. Leave this setting as
Never if the user's account does not need to expire. This setting does not define the Password Expiry date as
configured by the Service Provider for the Active Directory domain's Group Policy.
3. Click Advanced Options to select security roles for the user. The Configure a custom role collection check box and all
security roles are selected by default. You can clear or select one or more roles for the user.
4. Clear Configure a custom role collection to select and assign one pre-configured role from the drop-down list.
5. (Optional) Expand Email Addresses to configure one or email addresses for the user. Otherwise, the Services Manager
automatically assigns an email address constructed from the UPN.
6. When you are f inished, click Provision to create the user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.227https://docs.citrix.com
Assigning User Security Roles
Jun 05, 2015
Each user can be assigned a specif ic security role in the Services Manager. A security role provides a user with selectedaccess permissions in the Services Manager. The following roles are the standard or default administrator roles availablewhen creating or editing a user.
SecurityRole
Description
Customeradministrator
The f irst user created by default after creating a customer inherits this role. The customeradministrator can create, provision, and edit users, then provision users to services. This role can alsomanage services provisioned to the customer. This role includes all permissions of the user and serviceadministrator.
Partial useradministrator
This role can reset passwords for a customer's user.
Useradministrator
This role can create, provision, and edit users for a customer.
Serviceadministrator
This role can manage services provisioned to the customer. It can access any editable administrationinterface associated with a service.
User andserviceadministrator
This role is identical to the customer administrator. Assign this role to a user when you require morethan one customer administrator user in your organization or hierarchy.
The Services Manager also includes three security roles to enable end-users (that is, consumers of customer services) tomanage their accounts and provisioned services. These roles are disabled by default and need to be enabled and provisionedto the top-level customer by a Service Provider or Reseller Full Administrator before they can be provisioned to a useraccount. Once provisioned, users can manage their accounts through My Account, available from the Services Managermenu bar after logon.
Security Role Description
My AccountManagement
Enables the end user to change the user information details, account password, and manageemail addresses associated with the user account.
My ServicesManagement
Enables the end user to select, edit, and re-provision the services provisioned to the end useraccount.
My Account & ServicesManagement
Combines the above management capabilities in a single role.
To enable and provision user security roles
Ensure that you are logged on to the Services Manager as a customer administrator user to perform these steps.
1. Select a user by performing one of the following steps:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.228https://docs.citrix.com
Create a user as described in Creating and Managing Users .
From the Services Manager menu bar, click Users to display all users, then expand a user to access User Functions. Click
Edit User.
2. Expand Account Settings and click Advanced Options.
3. In Security Roles, perform one of the following actions: select a role from the drop-down list to assign a default
administrator security role to the user.
Assign a default security role: Clear the Configure a custom role collection check box and select a default security role
from the drop-down list.
Assign a custom security role: Select the Configure a custom role collection check box and select any of the service
and system roles that appear.
4. Click Provision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.229https://docs.citrix.com
To enable and provision Account and ServiceManagement roles
Jun 05, 2015
To perform this procedure, ensure that you are logged on to the Services Manager as a Service Provider or as a user or
customer with the Reseller Full Administrator security role enabled.
1. Select a customer by performing one of the following steps:
Create a customer as described in Creating Customers .
From the Services Manager menu bar, click Customers to display all customers, then expand a customer to access
Customer Functions. Click Edit Customer.
2. Expand Advanced Properties.
3. In Allowed Roles, select one or more of the account and service management security roles.
4. Click Provision. The customer can now provision these security roles to one or more of the customer's users.