Place all objects in a RES Workspace

Author: Ingmar Verheij

RES Workspace ElementsAfter an upgrade from RES PowerFuse 7 to RES Workspace Manager 2011 all objects where not bound to a workspace. One of the benefits of Workspace Manager 2011 is the ability to control multiple environments (like mobile workers with laptops and central workers on terminal servers) from the same database.

These different environments are collected in a workspace, hence the name Workspace Manager.

After the migration of the first PowerFuse 7 database (in my case the terminal server database), another database has to be migrated to Workspace Manager 2011 and consolidated in the same database. The environments are then separated using the workspaces.

Context - Worspace ContainersThis required me to reconfigure all objects to apply only for the ‘Terminal Server’ workspace.

After creating the workspace in the Context > Workspace-containers node, the objects had to be reconfigured. Reconfiguring the objects can be done in three ways:

  1. Manually filtering the access-control per objects (which are thousands);
  2. Using building blocks.

Since I’m not a monk, I‘d rather not change each object individually. Most objects can easily be altered using an automated process using building blocks. There is only a little

 

Building blocks

From the RES Workspace Manager Administration Guide:

LEGO Building Block“Building Block stores information about the configuration settings of a RES Workspace Manager site. A Building Block can be imported back into its original site to recreate these settings as a backup solution. A Building Block can also be imported into a different environment in order to copy the settings. This makes Building Blocks useful for change management, and data exchange.

A Building Block is an XML file that can be edited manually. This makes it possible to use a Building Block as a template: before importing a Building Block into another site, you can replace site-specific information such as server names with the information applicable in the target environment”

 

First step : Exporting

So the first step is to export all objects in the database that are specific for the terminal servers to a building block. Objects that are specific to terminal servers are for instance the applications, printers, user registry or global authorized files.

Exporting to a building block can only be done from the RES Workspace Manager Console. If you right click on any position in the left pane you can select the option ‘Select items for Building Blocks’. This will enable you to (de)select the nodes in the treeview you want to export to a building block. After selecting the nodes to export, right click again in the left pane and select ‘Create Building Blocks of selected items’.

You can export the building blocks in multiple files (one for each object) or in a single file. In this case it’s best to export into a single file (easier to edit multiple objects).

RES Workspace Manager Console - Root NodeRES Workspace Manager Console - Select items for Building BlocksRES Workspace Manager Console - Create Building Blocks of selected itemsBuilding Blocks - Single file

Create Building Block - Workspace ManagerBuilding Blocks successfully exported

 

Second step : Importing into workspace

Now import the building block you’ve just exported. The objects can merge with existing objects (based on the GUIDs). During the import you’ll be able to import all objects in a specific workspace, for instance ‘Terminal Servers’.

RES Workspace Manager Console - Import Building BlocksImport Building Blocks 1Import Building Blocks 2Import Building Blocks 3Import Building Blocks 4

Most objects (like applications, printers and user registry) are now placed in a workspace. Other objects, like security management settings, are not. One of the objects that wasn’t places in a workspace where the ‘Global Authorized files’. Although these are ‘global’, they are specific for the terminal server workspace.

 

Third step: Edit building blocks

Building Blocks are saved as a XML file and can easily be edited. Binding an object to a specific workspace is relatively easy, if you know what option needs to be set. Fortunately RES is very consequent in naming settings in the XML file, so assigning an object to a workspace is done in the same way for each object.

A building block for a ‘Global Authorized File’ that is not linked to a workspace has the following structure:

<respowerfuse>
<version>9.5.1.10</version>
<buildingblock>
<appguardauthorizedfiles>
<item>
<authorizedfile>c:\windows\system32\cmd.exe</authorizedfile>
<process>explorer.exe</process>
<operation>rx</operation>
<guid>{D87C6D37-F314-445F-BC53-08A0B7A94706}</guid>
<enabled>yes</enabled>
</item>

</appguardauthorizedfiles>

</buildingblock>
</respowerfuse>

A workspace can be linked to the object by adding the following lines in the <item>  section.

<workspacecontrol>      <workspace>{A427D917-15B7-44B7-9F83-1413DDE40E7E}</workspace>

</workspacecontrol>

The GUID of the workspace can not be found in the RES Workspace Manager Console. By exporting a workspace to a building block, or a object linked to the workspace, the GUID can be easily be found in the XML file.

So all you have to do is add the three lines to each item. Doing this manually is a tedious job, I’d rather choose an automate solution. For this I’ve used InfoRapid Search & Replace using the following settings:

Search for : </item>

In files:  security_global_authorized_files.xml (the building block you’ve exported)

Search Method : Exact phrase matching

Replace with : <workspacecontrol>\n<workspace>{A427D917-15B7-44B7-9F83-1413DDE40E7E}</workspace>\n</workspacecontrol>\n</item>

Search and Replace - Global Authorized Files - SearchSearch and Replace - Managed Application - Replace TabSearch and Replace - Global Authorized Files - ConfirmSearch and Replace - Result

After the changes are made, and the file is saved, the building block needs to be imported (as described in the previous step).

 

If you want to edit other objects in the XML file (the building block), here are some object names:

Composition \ Applications \ Managed Applications : </application>

Composition \ Applications \ E-mail Settings : </instantmapi>

Composition \ Applications \ Data Sources : </instantdatasource>

Composition \ Files and Folders \ Drive and Port Mappings : </mapping>

Composition \ Files and Folders \ Drive Substitutes : </substitute>

Composition \ Files and Folders \ Folder Synchronization : </foldersync>

Composition \ Files and Folders \ User Home Directory : </advhomedir>

Composition \ Files and Folders \ User Profile Directory : </profilemaintenance>

Composition \ Printer : </printermapping>

Composition \ User Settings : </profile>

Composition \ Other \ User Registry : </registry>

Composition \ Other \ Execute Commands : </exttask>

Composition \ Other \ Environment Variables : </variable>

Security \ Global Authorized Files : </item>

Was once an enthusiastic PepperByte employee but is now working at Citrix. His blogs are still valuable to us and we hope to you too.