Vous êtes sur la page 1sur 149

®

Citrix Presentation Server 4.5: Administration


Course Overview

Topics Covered

1. Architectural Components
2. Installing Citrix
3. Configuring Farm Settings
4. Configuring Connection Settings
5. Enabling Web Access
6. Configuration and Installation of Citrix Client
7. Installing Applications to Presentation Server
8. Deploying Applications with Installation Manager
9. Publishing Applications, Desktop and Contents
10. Managing Loads & Load Balancing
11. Configuring Policies
12. Configuring Citrix Printing
13. Securing Connection
14. Server Farm monitoring
Module 1

Architectural Components
Architectural Components

Citrix Components
Citrix Clients
Citrix Services
Citrix Network Architecture
IMA, ICA and XML Protocol
Citrix Components

Versions of Citrix Editions of Citrix Citrix Management Tools


WinView Standard Edition Installation Manager
Win Frame
Advanced Edition Resource Manager
Meta Frame
Meta Frame XP Enterprise Edition Load Manager
Presentation Server
Network Manager

License Server Citrix Data Elements Farm and Server


License Console Data Store (types of data base) Collection of Servers
Data Collector - Zone Farm Elements
Managing License
Local Host Cache

Publishing
Published Application
Published Desktop
Published Content
Types of Citrix Clients
Program Neighborhood:
 Allows users to have more control to configure the connection configuration and needs a client to be installed

 Places icons for the published resources on the desktop, system tray or in the start menu of the client device

Program Neighborhood Agent:


Allows users to connect to their application set in the Web Interface without the need to open an Internet browser

Places icons for the published resources on the desktop, system tray or in the start menu of the client device

Users will have only limited control in configuring connections and needs a client to be installed

Web Client:
Is the most seamless version of the Client for Win32

Can install the first time the user logs on to the Web Interface

Requires no configurations by the user and needs a client to be installed


Java Client:
 No client is needed
 Best suited for Non-Windows Platforms
Citrix
Services

Citrix ADF Installer Service


Citrix CPU Utilization Mgmt / Resource Mgmt Service
Citrix CPU Utilization Mgmt / User- Session Sync
Citrix Licensing WMI Service
Citrix Print Manager Service
Citrix SMA Service
Citrix XTE Service
Citrix Client Network
Citrix Diagnostic Facility Com Server
Citrix Encryption Service
Citrix IMA
License Management Console for Citrix Licensing Service
Citrix MetaFrame COM Server Service
Citrix Resource Manager Mail Service
Citrix Secure Gateway
Citrix Network Architecture
LAN Architecture

LAN with Web Interface

WAN connection through Fire Wall

WAN with Web Interface and Secure Gateway


IMA, ICA Protocol & XML
Independent Management Architecture (IMA)
IMA can be defined as a SERVICE, PROTOCAL and as a DATASTORE.

IMA Service
IMA Service is the central nervous system of Presentation Servers. This service is responsible for just
about everything server-related, including tracking users, sessions, applications, licenses, and server load.

IMA Data store


Which stores Presentation server configuration information, such as published applications, total licenses,
load balancing configuration, security rights, Administrator Accounts, Printer configuration, etc.

IMA Protocol
Which is used for transferring the ever-changing background information between Presentation servers,
including server load, current users and connections, and licenses in use.

Ports used by IMA:


2512: Used for Server to Server Communication
2513: Used for CMC to Data store Communication

Note: The IMA service runs on every Presentation server in your environment. If that service stops then
your server is out of commission
ICA Protocol

Independent Client Architecture (ICA)


Citrix ICA protocol is used for remote application sessions between users and Presentation servers.
The ICA protocol supports TCP/IP, NetBIOS, or IPX/SPX. Citrix ICA protocol is responsible for
transmitting background information between the ICA clients and the Presentation servers, including the
port mappings, drive mappings, print jobs, and sound.
Only Sends Screen Updates & Mouse/Key Board Strokes
Only 30 – 35 kb/sec (Printing and File Transfer increase this)
Fat Apps VS Thin Apps
Difference between ICA and RDP

Ports used by ICA:


1494: ICA Protocol on TCP (TCP + HTTP)
1604: ICA Protocol on UDP

Note: In large environment where geographical divisions are there port 1604 should not be used as
routers don’t supports broadcast
XML Service

XML
The Citrix XML Service is the primary interface between the Presentation server and
anything else in the world that wants to get information about what services, applications, and
content are available on it. The Citrix XML Service does not figure out anything on its own.
Rather, it gathers information from the server’s IMA Service and sends that information to
whomever requested it.
As its name implies, the Citrix XML Service transmits this information via XML. XML is
a language, not a protocol. The Citrix XML Service sends XML files to client devices that need
information about the services offered. These XML files are generated by the XML Service
dynamically and contain the information that the clients need. The XML service transmits XML
files via standard protocols, usually HTTP running on TCP/ IP.
XML service is used by the servers to talk each other like the configuration information, load
Info, communication with data store and even with web interface.

Port Used by XML: 80 (Default)


Module 2

Installing Citrix
Installing Citrix
Presentation Server, Enterprise Edition includes:
Resource Manager
Network Manager
Load Manager
Installation Manager
Web Interface
Secure Gateway
Document Center

Preparing Windows Server


a) Fresh installation

Installing Terminal Servicing


a) Terminal server modes
b) Application installation modes

Licensing Terminal Services


Installing Citrix Prerequisites
a) Terminal Services
b) Java Runtime Environment
c) Windows Installer
d) .NET
Drive Mapping

Client connects

Server running Client


MetaFrame Presentation Server
No Drive Remapping
Drive C: remains C: Drive C: appears as V:
Drive D: remains D: Drive D: appears as U:

Drive Remapping
Drive C: reassigned to M: Drive C: appears as C:
Drive D: reassigned to N: Drive D: appears as D:
Licensing Citrix
Installing Citrix Presentation Server

Licensing Citrix
My Citrix.com (WXY33-76QGK-XYWR3-Q9Q94-GH4QW)
Best Guide for theory
License Management Console
Presentation Toolbar
Module 3

Configuring Farm Settings


Configuring Farm Settings

Managing Presentation Server Administrator Accounts and Folders


Adding Administrator Accounts


Configuring Administrator Privileges


Using Folders to Manage Applications and Servers


Configuring Server and Server Farm Settings


Specifying a License Server


Configuring Server and Server Farm Communication Options


Configuring the Presentation Server Farm


Configuring Data Collectors (Zone)


Optimizing CPU Utilization


Optimizing Virtual Memory Utilization


Configuring Virtual IP Addresses for Applications and Sessions


Configuring Connection Limits


Configuring ICA Keep-Alive Settings


Configuring ICA Settings



Configuring Connection Limits
Configuring Health Monitoring and Recovery
Configuration Logging

Configuration logging allows an organization to track:


 What administrative changes were made to the server farm
 When the changes were made
 By whom the changes were made

Configuration logging can facilitate the tracking of changes that have an


adverse effect on the server farm
Configuring Configuration
Logging
Creating Configuration Logging Database
Configuring Shadow Settings
Specifying the License Server
Performance Settings

The performance of Presentation Server and the applications


installed in the Presentation Server can be improved by:

 Optimizing CPU utilization among the sessions on the server


 Optimizing the handling of .DLLs in virtual memory
 Configuring isolation environment settings to resolve application compatibility
issues
 Rebooting the servers once in a while
Optimizing CPU Utilization
Implementing Virtual Memory Management
Administration Settings

Presentation Server can be configured to:


 Monitor the health of the servers in a server farm and take steps to recover
from issues
 Allow remote connections to the console of a server running Presentation
Server
 Preserve server resources by limiting the number of connections each user
can make to the servers
 Log shadowing sessions for tracking purposes
 Merge shadow policies so shadowing can be delegated to users
Configuring Remote Console Connections
Farm Privileges

When a new Presentation Server administrator account is added, the account can be granted
one of the following privilege levels:
 View Only
 Full Administration
 Custom

Citrix recommends that the administrator configure the server farm for best performance within the
specific environment. These settings include:
 Configuration Logging
 Configuring data collectors
 License Server
 Configuring CPU & Memory utilization
 Health Monitoring and Recovery
 Configuring connection limits
 Remote Connections & Shadow Settings
Citrix Administrator Accounts and Permissions
Data Collectors and License Servers

Data collectors:
Store dynamic data for the servers in the server farm can be specified
by the administrator and are elected based on the following criteria

Software version number. (The newest version will always win.)


Manually configured election preference. (As configured in the CMC.)

Host ID. (The highest host ID will win.)

License servers:
Are responsible for providing licenses to user sessions must contain
valid licenses in order for users to connect to Presentation Server. An
Administrator can configure License on a Farm level or on per Server basis.
Configuring Data Collectors
Module 4

Configuring Connection
Settings
Configuring Connection Settings

 Security Settings
 Remote Desktop Users
 Setting Security Permissions Procedure
 ICA Connection Configurations
 Configuring ICA-TCP Connections
 Protocol Settings
 Configuring ICA Connection Advanced Settings
 Configuring Client Settings
 Client Session Timeout
 Configuring ICA Settings
 Inherit User Configuration
Advanced Settings
Client Settings
Module 5

Enabling Web Access


Enabling Web Access

WEB Interface
Configuring the Web Interface
Customizing Site Appearance for the User
Configuring Authentication
Workspace Control Functionality
Configuring Server Settings
Configuring DMZ Settings
Configuring Client-Site Proxy Settings
Configuring Client Connection Settings
Configuring Client Deployment Settings

Program Neighborhood Agent


Configuring PNA
WEB Interface
Program Neighborhood Agent
Module 6

Citrix Clients
Client Types
Program Neighborhood:
Allows users to have more control to configure the connection configuration

Needs a client to be installed


With Program Neighborhood, no Load Balancing is possible in server


Program Neighborhood Agent:


Allows users to connect their application set in the Web Interface without the need to open an Internet browser

Places icons for the published resources on the desktop, system tray or in the start menu of the client device

Users will have only limited control in configuring connections and needs a client to be installed

Load balancing is possible


Web Client:
Is the most seamless version of the Client for Win32

Can install the first time the user logs on to the Web Interface

No configurations by the user and needs a client to be installed


Load Balancing is Possible



Installation & Configuration

Downloading client form WEB


Individual Download
Package Download

Installing The Clients

Configuring the clients to connect to the server

Deploying Clients through Network


Manual
Packaging clients with msiexec /a switch
Web
Module 7

Installing Applications
on Presentation Server
Installing Applications

Application Installation Modes


Install
Execute

Ways of Changing Modes for installing applications


Manual
Add New Programs

Registry Entry
HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\Terminal Server\Install
(Current User \ Local Machine)

Types of Applications
Installing Easy Applications
Vendor knows environment

Installing Hard Applications


Not environment Friendly
Recoding needed
Mid Reboots (Auto run)
Six step process

Virtual IP Applications
Isolation Environments
Installation of Applications

Configuring Applications

What is Isolation Environment?


Isolation environments enable you to isolate a published application within a virtual
environment. The isolation environment protects the operating system and applications from
conflicts and other complications that frequently occur between incompatible or legacy
applications.

When is this environment used?


Used when multiple versions of applications has to be published on a single server
Module 8

Deploying Applications
with Installation Manager
Installation Manager
What is Software Packaging?
Why Use it?
Using Installation Manager
Installation Manager is used to perform an unattended installation by:
Creating an unattended installation of the application
Adding the answer text file to the ADF package

Components of Installation Manager


Package Management Server
Packager
File Share
Network Account
ADF Installer Service

Package Format supported


Application Deployment File (ADF)
Microsoft Windows Installer Patch (MSP)
Microsoft Software Installer (MSI)

Package Types supported


Applications
Hot fixes
Folders
Files
Packaging Application

Packaging Application
An application is packaged by:
 Monitoring the installation of an application and recording the changes made to the Packager to create an
ADF file
 Packaging the ADF file, application files and supported files in an ADF package

Deploying Packages to Servers


When deploying a package, an administrator can:
 Specify the servers to which the package is deployed
 Schedule the package to deploy immediately or at a later time

Rolling Back the Packager


 Returns the Packager to a clean state
 Must be performed after a package containing a recording has been created using the Packager
 Does not have to be performed after creating a package that does not contain a recording of an application
installation
Installation Manager Properties

Configuring Installation Manager Properties


An administrator can configure Installation Manager to:
 Remove or expire jobs

 Force users to log off

 Restart the server

 Send messages to prompt users to log off

 Send warning message announcing a server restart

 Set up a network account

 Change the default file share location

Creating Server Groups


Server Groups:
 Simplify package installation

 Are created based on platform, functional group or load-managed groups

Creating Package Groups


Package groups are:
 Logical groupings of applications to be installed on target servers

 Useful when an administrator deploys several packages to the same servers in a specific order
Installing Packages

Scheduling and Installing a Package


After a package is created and added to the Installation Manager database, the package is:
 Scheduled for installation

 Installed on target servers according to the package schedule

Viewing Package Status


An administrator can view the status of a scheduled job. Valid package statuses include:
 Pending

 Started

 Paused

 Success

 Failure
Module 9

Publishing Applications,
Desktop and Contents
Publishing

Through Citrix an Administrator will be able to publish:


 Applications
 Desktops
 Content

Application publishing allows an administrator to:


 Increase application deployment controls
 Bring powerful server resources to the client device
 Centralize the application, desktop or content
Publishing Applications, Desktop and Contents

Publishing Applications
By publishing an application the administrator gives users permission to access
applications through Citrix. Here users have only control to use the applications.
Administrator have options to disable various features in the applications to increase the
performance of the application.
eg: Word, Acrobat, WinZip etc.

Publishing Desktop
By publishing desktop the administrator gives users permission to access the whole
server to the end user. The risk is more when a publishing a desktop as users are able to
perform all kind of actions in the server. The resource taken by the server when
publishing a desktop will be high when comparing to publishing applications or content.

Publishing Content
Through publishing content users will be able to access files from the citrix server.
Content Redirection
An administrator can enable the following types of content redirection:
 Client-to-server, in which a connection to a published application is made when accessing files on the client
device
 Server-to-client, in which accessing URL links in a server session redirects information back to an
application on the client device

Configuring Client-to-Server Redirection


Client-to-Server Redirection Process
Administrator needs to enable needs two things to activate Server-to-Client :
 Needs to enable Server-to-Client Redirection in Server / Farm Properties
 Needs to enable Server-to-Client Redirection in Policies under User Workspace

Client Device

Server

ICA session
Microsoft Word
User clicks local text file

Program Neighborhood Agent launches


Microsoft Word session
Enabling Server-to-Client Redirection in Farm
Enabling Server-to-Client Redirection in Policy
Server-to-Client Redirection Process

Client Device
Local Internet Explorer
is launched with selected
URL displayed

Server

http://training.company.com
ICA Control
Virtual Channel

ICA session
Microsoft Outlook
Module 10

Managing Loads &


Load Balancing
Load Management Process

3,5
Data
Collector

2 4
Application
Request

Client Device
Servers running
MetaFrame Presentation Server
Configuring Rules
Managing Load Evaluators

When configuring load evaluators, a Citrix administrator can:


Implement the Citrix provided Default or Advanced load evaluators
Attach load evaluators to servers or applications
Create custom load evaluators

When to uses each of these Evaluators?

Creating a Custom Load Evaluator


Attaching Load Evaluators to Servers or Applications

Logging and Monitoring Load Evaluators


After load evaluators are created and attached to servers or
applications, an administrator can:
View load evaluators in use

View load evaluator rule activity

Log and monitor access attempts

Command Line Tools


Viewing Load Evaluators in Use
Viewing Load Evaluator Rule Activity
Logging and Monitoring Access Attempts
Module 11

Configuring Policies
Presentation Server Policies
Presentation Server policies are created by adding policy rules. Policy rules are broken
down into the following categories:
 Bandwidth
 Client Devices
 Printing
 Security
 User Workspace

Creating Presentation Server Policies


Applying Policies Using Filters
An administrator can apply policies by filtering:
 Client IP address
 Users and user groups
 Client names
 Servers
 Access Control
Prioritizing Policies
Once a policy is created it has to be prioritized for effective functioning.
Following options are available for prioritizing a policy
 Make Highest priority
 Increase Priority
 Decrease Priority
 Make Lowest Priority
Module 12

Configuring Citrix Printing


Configuring Printers for Users

An administrator can configure the following types of printers for use in an ICA session:
 Client local printer
 Network printer
 Server Local printer

Client Printers:
The definition of a client printer depends on the ICA Client platform. On DOS-based and WinCE
client devices, a client printer is physically connected by a cable to a port on the client device. On 32-bit
Windows platforms (Windows 9x, Windows NT, and Windows 2000), any printer that is set up in Windows
(these printers appear in the Printers folder on the client device) is a client printer.

Network Printers:
Printers that are connected to print servers and shared on a Windows network are referred to as
network printers. In Windows network environments, users can set up a network printer on their
computers if they have permission to connect to the print server. When a network printer is set up for use
on an individual Windows computer, the printer is a client printer on the client device.
Local Printers

Local Printers:
Printers that are connected directly to Citrix servers are local printers within a particular server farm.
This definition includes a printer that is connected to the Citrix server that hosts a user’s ICA session, as
well as printers that are connected to other Citrix servers in the same server farm. If a printer is connected
to a Citrix server outside of a server farm (either the server is not a member of a server farm or is a
member of a different server farm), the server farm considers the printer a network printer, not a local
printer.
Printer Types

Printer Server
Network Printers

Client Local Printer

Server Local
Printer

Network
Client
Presentation
Server
Importing Print Servers
Managing Print Drivers
An administrator can manage print drivers in a server farm by:
 Replicating print drivers
 Using universal printing
 Maintaining print driver compatibility lists
 Configuring print driver mappings

Replicating print drivers


Using Universal Driver Printing Policies
Maintaining Print Driver Compatibility Lists

Print driver compatibility lists:


 Ensure tighter control of the drivers introduced to the printing
environment
 Can be used to designate which drivers are explicitly allowed or
denied for client printers
 Can be created for each server operating system
Configuring Print Driver Mapping

Print driver mappings:


Provide compatibility between print driver names on the server and the client
device
 Are configured and managed using the Presentation Server Console
 Are retained in the data store database and available to all member servers in
the server farm
Printer Creation Settings to Published Applications
Managing Printer Bandwidth
Module 13

Securing Connection
Securing Citrix Presentation Server

Methods of security include:


ICA encryption
Citrix SSL Relay
Citrix Secure Gateway

Securing Access with ICA Encryption


Options for ICA encryption include:
Configuring policies
Configuring published applications
Using the Citrix Connection Configuration tool
Configuring ICA Encryption Policy Process
Configuring Application Security Process
Citrix Connection Configuration Security Process
Securing Access with the Citrix SSL Relay
Server running
Client Device Web Interface Server
Citrix Presentation Server

ICA in SSL

HTTP(S) XML in SSL

SSL Relay
Citrix XML Service

Server running
Client Device
Citrix Presentation Server

ICA in SSL

SSL Relay

Citrix XML Service


Configuring Citrix SSL Relay
Connection Tab
Ciphersuites Tab
Module 14

Streaming Applications
Application Streaming Components Overview
Application Streaming Communications

3 .RAD

Web Interface
Citrix
Server
Presentation
Server
1
3 Applications 5
.RAD
Adobe Acrobat

File
Server
6
4
4 6

Device Isolation
Environment
Citrix Streaming Client

 The Citrix Streaming Client works with:


 The Program Neighborhood Agent
 A web browser with a web client
 The Citrix Streaming Client is:
 Invisible to users
 Runs as a service
 Streams the files necessary to run the application
 Manages the cache size
Installing the Streaming Client
Citrix Streaming Profiler
Installing the Citrix Streaming Profiler
Setting Profiler Preferences
Profile Configuration

 Profiles consist of applications with one or more targets


 Targets consist of the following criteria to determine which client
devices can run the applications in the profile:
 Operating System
 Service Pack Level
 System Drive Letter
 Operating System Language
Configuring Profiles
Viewing and Changing Profile Properties

An administrator can:
 View the properties of a profile using the tabs in the profile information
pane of the profiler
 Change the properties of a profile using the tabs in the Profile
Properties screen of the profiler
The following property tabs are available for a profile:
 General
 Applications
 File Types
 User Profile Security
 Pre-launch Analysis
 Pre-launch and Post-Exit Scripts
General Properties
Application Properties
File Type Properties
User Profile Security Properties
Pre-Launch Analysis Properties
Pre-Launch and Post-Exit Scripts Properties
Changing Target Properties

 An administrator can:
 View the properties of a target using the tabs in the profile
information pane of the profiler
 Change the properties of a target using the tabs in the Target
Properties screen of the profiler
 The following property tabs are available for a target:
 General
 Applications
 Target Operating System & Language
 Rules
 Pre-launch and Post-Exit Scripts
 Pre-launch Analysis
 The properties in individual targets with a profile can be used to
override the properties set for the entire profile
General Properties
Application Properties
Target Operating System and Language Properties
Rules Properties
Pre-Launch and Post-Exit Scripts Properties
Pre-Launch Analysis Properties
Adding a Target to a Profile
Deleting a Target from a Profile
Upgrading an Application in a Target
Deleting an Obsolete Version of a Target
Streaming Application Configuration

An administrator can:
 Deliver published applications to users using the following application
delivery methods:
 Accessed from server
 Streamed if possible, otherwise accessed from a server
 Streamed to client
 Specify one of the following application delivery methods for use when
the primary delivery method is not available:
 Installed application
 Installation Manager packaged application
 Streamed to server
 Configure published applications for streaming to servers running
Presentation Server
 Configure published applications for offline access
Publishing a Streaming Application
Changing the Application Type
Specifying an Alternate Profile for Application
Enabling the Least-Privileged User Account
Using a Policy for Application Delivery
Configuring Sites for Streaming Applications
Offline Access Management

Users can access and use published applications when:


 A Program Neighborhood Agent Services site is configured for
streaming or dual mode
 The application is accessed through the Program Neighborhood Agent
 Offline access is enabled in the published application
 The user is granted offline access permission
 An offline access license is available
Providing Offline Access
Customizing the Offline License Setting
Caching Applications for Offline Access

Vous aimerez peut-être aussi