60-second review: Provision Management Framework - Standard Edition

Rating:
Votes: 13 rating(s),  Score: 56/65
28
comments
14262 views
Provision Networks has released a software product called the Provision Management Framework that can enhance management and functionality of Citrix and Terminal Server environments. In this review, Wilco will take a look at the standard version of the framework.
Written by:
Wilco van Bragt
Publication Date:
October 18, 2005
Doc #Id: 511


Late last year, one of the top Citrix platinum resellers in the US called Emergent Online (EOL) spun off their software division into a standalone company called Provision Networks. Provision has developed several add-on software modules for Terminal Server and Citrix servers.

These add-on modules can be purchased individually or in one of two complete packages called the Provision Management Framework.

  • The standard edition, which includes the base level product mix.
  • The enterprise edition, which includes all standard modules plus application publishing, seamless windows, and a web interface.

In this article we’ll review the standard edition and take a look at how these components add to or improve Terminal Server’s out-of-the-box capabilities. (We’ll look at the Professional Edition of the Management Framework in a future review.)

Installation of Provision Management Framework

There’s a storage service associated with the profile management product that needs to be installed on a non-terminal server acting as a file server, and the printing product might need some additional components installed on some print servers depending on your configuration, but other than that everything you need to install can be done on a terminal server.

This installation itself is pretty easy—you simply pick your installation path and choose the components you want to install. Since this product is so modular, you can install just the specific components you plan to use. Silent installation of the terminal server components is possible using Orca to create your own MST file with the options you want.

After installation you can fire up the Provision Management Console. On the first run-through it will ask you to make a DSN file that points to your database. (If this database does not yet exist then it will be created and configured for the Management Framework.)

Configuration of Provision Management Framework

Apart from the initial installation, all configuration is done via the Provision Management Console. Some of the individual components have their own options tab and others share a tab. The first step in the configuration is to add your servers (via the servers tab). Then you can configure the individual components.

Let’s take a quick look at each of the modules included in the Standard Edition of the Provision Management Framework.

Manage-IT

Manage-IT is used to manage a user’s environment (via the native Explorer shell.) This can be done based on a user, group, OU, IP address, client name, or a combination therein. Manage-IT manages several aspects of the user environment, including:

  • Assigning applications to the Start Menu, quick launch bar, or desktop
  • Locking down the desktop. (Two lockdown templates are included out-of-the-box, and you can further customize your own.)
  • Assigning background images and color settings.
  • Mapping network drives
  • Connecting to shared printers
  • Configuring logon and logoff scripts
  • Management of Softricity Softgrid applications

Configuration takes a bit getting used to. You basically configure all of the particular settings that you want in the top part of the screen using the tabs. Then, you “assign” these settings to a user by selecting a user (or group or whatever) in the bottom part of the screen and then selecting the configuration from the top to make the assignment.

Block-IT

Block-IT is a utility that allows you to control access to applications and hosts. It’s configuration is integrated with the Manage-IT configuration.

To control access to applications, you select the folder or files you want to include in an application definition. Once selected, the hashes of each file is calculated. (Ordinarily Block-IT checks both hashes and full path, although this behavior can be overridden if needed.) Once you’ve defined these application objects then you can set permissions on them to allow or deny access. Unfortunately you cannot change the default message users get when they try to start a disallowed application.

The other major feature of the Block-IT module is that it can block or allow access to intranet and Internet hosts. You can define a host via a hostname or IP address and port number. You can then deny access to these hosts by user, group, OU, or client device. One of the really great uses for Block-IT is to block access to certain internal hosts from external workstations.
In both cases you can specify what the default settings for a server will be. This means that you can, for example, configure it so that unmanaged applications and hosts are denied by default.

Timezones-IT

Timezones-IT is a pretty simple little utility that’s integrated with the other modules in the Management Framework. When you’re assigning the other options, you can also specify which time zone the client should use when connecting. Most people use this based on the client IP address.

Max-IT

Max-IT is the component within the Provision Framework that controls the resource usage of the CPU and memory. Like some other vendors, provision users a “fair sharing” algorithm. First of all they calculate the "target percent CPU time" with the following formula:

(100 - Reserved CPU time[default 20%]) / (number of active processes).

This number is compared with the average percent CPU time per process. Processes which average is higher than the target percent CPU get their process priority set to "below normal." Processes with an average below the target keep their "normal" setting. Process with an average of zero get an "above normal" priority.

Max-IT also optimizes memory by rebasing DLLs. In many environments, lots of DLLs use a hard-coded base address. Every time a DLL tries to load at this base address, the Operating System needs to relocate the DLL which requires some fix-up operations. Max-IT analyzes these colliding DLLs and permanently relocates DLL and corresponding fix-up operations. Provision claims that capacity can increase up to 30%.

Metaprofiles-IT

Metaprofiles-IT is a hybrid profile solution that combines the simplicity of mandatory profiles with the ease-of-use of letting users save their own settings. Metaprofiles can save and restore user registry keys and folders within the user profiles. You simply specify which keys and/or folders need to be saved and restored. You can specify which of these settings need to be applied to all Terminal Servers or a sub-group of Terminal Servers (called an Agent Server Group).

In addition to saving and restoring registry keys and folders, Metaprofiles also lets users save certificates, passwords, and keyboard / mouse settings. Metaprofiles works by saving settings for all users—there is no option to specify user groups for specific keys or folders (although you can specify which groups the Metaprofiles are applied to).

To get Metaprofiles-IT to work you need to configure at least one storage server (the server where the user settings are stored) within the Metaprofiles-IT options. (You can also configure multiple servers for load-balancing and redundancy purposes.)

Redirect-IT

Redirect-IT is a software product that redirects certain registry keys, files, and folders on a per-session basis for applications that insist on storing personal settings in common areas. Configuration is simple; all you have to do is specify the program, the original key, file, or folder, and the new location (and if applicable whether it should first make a copy of the current folder or file).

In some ways Redirect-IT is like the Application Isolation Environments in Citrix Presentation Server 4, although Redirect-IT cannot be used for DLL files, so it’s not meant for installing conflicting applications side-by-side on the same Terminal Server.

USB-IT

USB-IT lets you synchronize Palm and Blackberry devices plugged into a client with Microsoft Exchange or Lotus Domino via the Terminal Server session. USB-IT requires a small client agent to be installed on the workstation, while the main USB-IT software is installed on a Terminal Server. You can then add new devices via the USB-IT Control Panel. (Unfortunately I do not have such a device so I could not test this component.)

Print-IT

Print-IT is a PDF-based universal driver printing solution for terminal server environments. Print-IT support both autocreated client printers and network printers. Like all of the third-party printing tools, using autocreated client printers requires a small Print-IT client agent to be installed on the workstations.

Print-IT can be configured at the workstation or at the server. Currently this configuration must be done on a server-by-server basis, although Provision claims that the new version will also allow farm-wide configuration.

Print-IT supports compression, bandwidth management, automatic upgrading of client software, and custom naming conventions. It recognizes all options (like trays, paper sizes, margins, double-sided, color, and more) on each printer and connects these to the autocreated printer objects. Since this product is based on PDF technology it has a wonderful option called the “PDF publisher.” This allows you to print directly to a PDF file or to email a PDF of a printout file to someone.

In addition to client printers, Print-IT also works with network print servers (if you’re willing to install a small Print-IT agent on your print server). If you choose to do this, you can use the Print Management tab in the management console to create Print-IT printers that can then be assigned to users, groups, OUs, or client devices.

Managing your Provision Farm

At the moment the only way to manage or troubleshoot the Provision software is to specify a log files for each module on each server. These log files will then contain debugging and logging information about each component.

Provision is working on a component called Monitor-IT that will collect server performance and application usage statistics across the entire Terminal Server farm for reporting, troubleshooting, server sizing, accounting, and accountability purposes. This module is not yet available though.

Conclusion

Provision-IT delivers a large set of components that extend your standard server-based computing software product (whether it is from Microsoft, Citrix, or someone else). Most components are also available from other third party vendors, so be sure to comparison shop if you’re looking for a specific module. That being said, the framework also includes some clever components like USB-IT, Redirect-IT and the host access option within Block-IT that comparable products don't have. But the real strength of the Provision Management Framework standard edition is the combining of all these components in one suite.

It’s a pity that Monitor-IT is not currently available and there are no tools for troubleshooting the environment. Provision also needs to make documentation available for every component in the framework. It would also be nice if all modules were available in the Management Console (which would make all settings available on a farm-wide basis).

Advantages

  • Only product I know of which combines all of these kinds of module into one set
  • All components deliver the most used functionally to solve your challenges
  • Some clever solutiosn within the framework that other products do not have
  • Recently set-up VIP program with some well-known SBC specialists from around the world

Disadvantages

  • No documentation for the configuration of the modules in the Framework
  • Monitoring is not included yet in the product.
  • Some settings (Print-IT and USB-IT) are set on a server-by-server basis instead of on the farm level

Provision Management Framework – Standard Edition
Complete Bundle is USD $59.00 per concurrent user
Individual modules licensed per server ranging from USD $495.00 to $995.00.
http://www.provisionnetworks.com

Reader Comments
communications
Tuesday, January 17, 2006 12:47:19 PM

Guest
It would be nice if this company had a PHONE NUMBER on their web site.
 
They do not answer e-mail quickly and I need pricing.
 
What great customer service is that.  No phone and no online pricing.
 
Closest thing I found is on this web site!!!
 
If anyone cares to share the module pricing I would appreciate it, since the company that sells it doesn't seem to want to communicate with prospective customers.....
RE: communications
Tuesday, February 21, 2006 7:49:59 PM

Guest
The complete price list in on their website: www.provisionnetworks.com/PNPricelist2005.pdf
 
ORIGINAL: Guest

It would be nice if this company had a PHONE NUMBER on their web site.

They do not answer e-mail quickly and I need pricing.

What great customer service is that.  No phone and no online pricing.

Closest thing I found is on this web site!!!

If anyone cares to share the module pricing I would appreciate it, since the company that sells it doesn't seem to want to communicate with prospective customers.....

RE: communications
Tuesday, March 21, 2006 3:52:55 PM

Guest
We are the UK resellers of Provision Networks and would be more than
happy to provide any assistance or pricing.

In the installs we have done to date we have had no issues whatsoever.

www.ryba-macaulay.co.uk
EOL Plant
Friday, May 12, 2006 5:33:25 PM

Guest
Sounds like "anonymous user" above is an EOL mole.....
 
Palm Treo 650 Will not Sync Using USB-IT
Thursday, June 15, 2006 1:07:46 PM

Guest
Can anyone help? I have installed USB-IT on two different servers now and the link between USB-IT and Hotsync just doens't happen. I am running Citrix Presentation Server 4.0 and USB-IT 5.5. USB-IT sees the device and has to be added to the list of supported devices. After that is done I press the HotSync button on the device and nothing happens. When I open the HotSync menu one odd thing I see is two Local USB options both with check marks.
 
Has anyone gotten this to work? I could really use some help.
 
Thanks!
Matt
Re: Palm Treo 650 Will not Sync Using USB-IT
Sunday, August 26, 2007 1:53:12 PM

Guest
Have you had any luck with this? I am currently having the same issue.
Our take on Provision Networks
Friday, June 23, 2006 6:46:55 PM

Guest
We currently have two Provision Networks' Enterprise version, farms, with 100 users in each.  We've been running for several months now.  This product does not come close to Citrix, nor could you expect it to since it's fairly new in the scheme of things.  These are the problems we've run into:
 
**The standard XP RDP client does not map printers.  You must use the PN RDP client or Seamless client. 
**We've come across numerous "bugs" in the program.  Support's worked through most of them, however.
**For no reason PN will not "hold" the Default printer for a user, even after they set it and it's set on their workstation
 
The Pluses: The Load Balancing functionality works great and the PN Admin console is pretty straightforward.  The program uses a backend database that holds all of the settings, so reinstall, if necessary, is simplistic.
 
 
 
RE: Our take on Provision Networks
Wednesday, July 26, 2006 8:54:55 AM
Do you want my honest opinion? Provision's solution comes pretty darn close to Citrix! I ran Citrix for 5 years and grew my farm from 4 MF 1.8 servers to 13 CPS 3.0 servers. All along, I've used EOL Universal Printer from Emergent OnLine (the company that spun off their software division into Provision Networks) when Citrix didn't even have a printing solution, and continued to use it when Citrix released UPD I and II (dismal). Believe me, our printing requirements are way up there; if we can't print hundreds of loan applications to different printers and using different paper sizes on a daily basis, we might as well pack up and go home. I also used EOL's Desktop Manager and Profile Sweeper when all the Citrix user lists on the net were blogging about nothing but profile management headaches. 
 
Look, here's the deal: I now have all of these features that I need in a single product: app pulbishing, seamless windows, load balancing, single sign-on, universal print driver, built-in flex profile solution, CPU management, desktop management, session lockdown, and more. You know what else? In 2004, we had to start using an app named Calix. The only way they would support Citrix is by installing the app once for each user (to the home folder). This was necessary because Calix's main install folder contains user-specific data that can't be shared. The app cannot be configured to create an instance of the data folder in a user-specific target such as the home folder, for example. Well, guess what? Before Citrix even had AIE, EOL already had Redirect-IT! I installed Calix once on the Citrix server and EOL's engineering team worked with me to create two redirection rules that made the application behave the way the ISV should have written it in the first place. Yes, each user finally got their own copy of the data, and Calix was magically reading and writing to the user's instance of the data folder. So, when Brian Madden questions Citrix's "thought leadership", he's got a point!!! These features that have slowly but surely been integrated into MF and CPS over the years didn't necessarily come out of Citrix's imaginative mind.
 
Now to the issues you raised:
 
1. The standard XP RDP client does not map printers.  You must use the PN RDP client or Seamless client.
 
Ok, so what? Proivision openly tells you that you have to install their enhanced RDP client in order to get all the extra features (published apps, seamless windows, LB, SSP, printing, etc). Otherwise, if the MS RDP client already supported these features, what use would you have for Provision's solution??? Think about it: even wich Citrix, you actually have to upgrade to a certain version of the ICA client in order to get the latest features of CPS. Isn't that the case with Citrix's UPD? I'm sure we can cite even more Citrix features that would necessitate the use of the latest ICA client.
 
2. We've come across numerous "bugs" in the program.  Support's worked through most of them, however.
 
Of course. No software is bug-free. But as long as the vendor manages to fix the bugs in a timely manner, you should be satisfied. You mean you've never had to install a new Citrix hotfix every other day, not to mention hotfixes that fix things that previous hotfixes had managed to break? Come on!!!
 
3. For no reason PN will not "hold" the Default printer for a user, even after they set it and it's set on their workstation.
 
You must not know enough about printers. Once a printer has been set to be the default, a user could easily change their default printer in a gazillion of ways. For example, in Microsoft Word you can choose File > Print, select any printer and cick Close, and this will effectively change your defualt printer. Neither Citrix nor Provision nor any third-party printing software is responsible for preventing this from happening, and neither should they!!! I suggest you roll up your sleeves and do some real admin work to find out what process, script, or whatever, is causing your default printer to change.
 
Anyway, if someone would like get my honest opinion on Provision's solution, please let me know and I'd more than happy to give you my email address. You can then email me and I'll give you my phone number if you want to discuss further. If someone's product is making my job easier and my users' lives easier, the least I can do is let everyone know.
 
Jaime
 
"If the going is real easy, beware! You may be going down hill." Greg Taunt
RE: Our take on Provision Networks
Thursday, August 24, 2006 4:27:39 PM

Guest
Provison, in short has been a life saver.  I ran a 8 server farm of Citrix for 4 years.  Great enterprise solution.  Now, I am at a new company and have begun introducing them to the wonderful world of TS servers.  Centralized, simplified management, etc.  Problem was, trying to get management to buy it, $$$$$!  We have been using Provision-IT now for almost a year.  Since our beta test (we were one of the first installs) it has been deployed to almost every department.  Now that we have contractors out of India, we are using it to deploy our internal applications to them via the Apportal Secure-IT going direclty across the Internet.  No VPN software, no issues with security, they get what we give them and nothing else.  They have encountered little to no latency and the install is so straightforward and reliable, i just gave them basic instructions and away they went.
 
As far as support, I've never had an issue remaine unaddressed and I've never been sent to a knowledge base to dig it up.  I call they help, problem solved.
 
I was skeptical initially about stability, bugs, support, etc.  Well, I've been proven wrong and am very happy about it.  FYI, if you haven't tested this product take the little bit of time it requires and discover an admin interface that couldn't be more intuitive.
 
If you have any questions about my installation, drop me a line at jeff.brown@investools.com.
RE: Our take on Provision Networks
Monday, October 16, 2006 11:49:10 AM

Guest
I am testing Provison Networks Print-IT, everything seems to work fine except for when I print from an ICA session to one of the UPD printers that have been autocreated from my local printers. I can't seem to get the local Print-IT Client to pop up the local printers properties so I can select printer specific features like stapling. I have set the option Apply additional printer properties, but still no joy.
 
Does this only work with particular versions of the ICA clients?
 
I am running v9.150 pnagent.
PROVISIONING
Friday, April 04, 2008 6:40:29 PM

Guest

is this anything to do with provisioning, inventory mgmt, SAP?