COMPONENTS OF AN ENTERPRISE ON-DEMAND ACCESS ARCHITECTURE

Presentation Server Farm

Application execution occurs on the servers running Microsoft 2003 Terminal Services and Citrix Access Suite 4. Because of the high demands made on these servers, it is prudent to utilize at least two load-balanced servers at all times. The Presentation Server load-balancing software is recommended over other solutions because of its ability to share server resources while providing good redundancy. If a user should be disconnected from the server, when she logs back in, Presentation Server load-balancing software will find the server in the farm where the user 's session is running and reconnect her to it. Note that data is never stored on the Presentation Server servers. Data is always stored on back-end file servers, application servers, NAS systems, or SAN systems.

File Servers

The file server or servers run a network operating system such as Windows Server 2003 or Novell. The servers feed files to the Presentation Server server farm, maintain directory services, and sometimes handle printing functions. For larger Citrix implementations , a separate high-end print server should be dedicated to handle the printing function, as described in Chapter 18.

Storage Area Networks and Network-Attached Storage Systems

A storage area network (SAN) can include clustered file servers, RAID arrays connected through a controlling server, or any storage scheme that relies on a host to pass data and control traffic. Windows Server 2003 includes links to SAN technology built into the file system, making it easier than ever to build a large-scale storage network. A network-attached storage (NAS) device is disk storage that connects directly to a network via a LAN interface such as Ethernet or FDDI. Popular SAN devices include products by companies such as Hewlett-Packard, IBM, and EMC. NAS vendors include Network Appliance and EMC. Either SAN or NAS enable very fast data access, and many models have storage capacity measured in terabytes. Since most, if not all, of the organization's data will be hosted in the data center, such a storage scheme is often essential. In some on-demand access architectures, a SAN or NAS will supplement the file servers, allowing organizations to store and access large amounts of data more efficiently . In others, the SAN or NAS may take the place of clustered back-end file servers and still provide mainframe-like reliability and redundancy along with superior performance and scalability. The best solution for your organization depends on both your application environment and your user file-sharing needs. This topic is discussed more thoroughly in Chapter 5 and in Appendix A.

Application Servers

The rule of thumb is to have your Presentation Server server farm located wherever your data is stored. Therefore, e-mail servers, SQL database servers, and all other application servers ideally should be located within the data center. At a minimum, they must be connected to the file servers and Presentation Server server farm through a very fast backbone. The Presentation Server server farm hosts virtual Windows Server 2003 desktops for users that appear just like Windows XP desktops throughout the organization. While users see only screen prints of the applications at their workstations or Windows terminals, real data is traveling back and forth between the Presentation Server server farm and the file servers and application servers. An inadequate server backbone will cause an immediate data traffic jam that will result in performance degradation for all users. Application servers, including print servers, are covered more thoroughly in Chapters 5, 12, and 18, as well as in Appendix A.

Host Systems

Mainframe and minicomputer systems should be housed in the data center, where they can be managed along with the Terminal Services hosting infrastructure. This enables organizations to leverage both their data center environmental resources and their support staffs. Citrix for Solaris, UX, and AIX is covered in Chapter 12.

Server Backbone

A very fast backbone should connect the Presentation Server server farm, the back-end file servers, and all other servers in the data center. This backbone should be either switched 100MB Ethernet, FDDI, ATM, or switched gigabit Ethernet. As with all data center components, a redundant server backbone is desirable. This topic is discussed more thoroughly in Chapter 6.

Backup System

A backup system should enable automatic backups of all servers. Tapes should be rotated off-site. Remote electronic data backups by companies such as Evault and Iron Mountain can add still another layer of redundant data protection. This topic is discussed more thoroughly in Appendix A.

Security

On-demand access enables enhanced security by centralizing data and network access. It is still essential to design and implement an enterprise security strategy. Third-party applications, firewalls, VPNs, identity management, and authentication are some of the measures to consider. This topic is discussed more thoroughly in Chapter 8.

Number of Data Centers

The number of data centers utilized depends upon many variables , including bandwidth availability and business and geographic segregation . For instance, if a corporation's European operations utilize entirely different software than the U.S. businesses, and bandwidth is expensive between the continents, separate data centers make more sense than a single, central one. In general, though, savings will be greater when data centers are fewer. This is a result of the economies of scale realized by centralizing as much on-demand access to hardware, software, and administration labor as possible. This topic is covered in Chapter 5.

Disaster Recovery/Business Continuity

A single data center, despite internal redundancy, leaves a corporation's headquarters and remote operations vulnerable to a single point of failure. One strategy for mitigating this risk is to utilize multiple data centers with fail-over capabilities. Another strategy is to use one corporate data center, and then contract with a disaster recovery provider to maintain a geographically distant facility that mirrors the Presentation Server farm and other crucial components of the corporate data center. This topic is discussed more thoroughly in Chapter 19.

Personal Computers

PC users can access applications hosted at the data center in multiple ways. When PCs have a full-time connection to the data center (through Ethernet frame relay or the Internet), Presentation Server enables application publishing. Employees see icons of both local applications (if any) and applications hosted on the Presentation Server server farm to which they have access. These icons can be part of their start-up file, and it is not obvious whether they represent local applications or applications hosted by the server farm. Users who run all applications from the server farm may receive their entire desktop as a published application. The lower the number of local applications accessed by a PC user, the less administration costs are borne by the IT staff. This topic is discussed more thoroughly in Chapters 4 and 15.

Laptops

Laptops typically run local applications when disconnected from the network. When connected to the network by a dial-up connection, laptop users will commonly launch a Presentation Server desktop. Extra training will help ensure that laptop users do not confuse local applications with hosted applications. We have found that many employees of companies with on-demand access environments end up abandoning laptops except when on planes or in motels. They find it less cumbersome to simply use a PC or Windows terminal both at the office and at home.

Windows Terminals

Nearly every major PC manufacturer, including IBM, Hewlett-Packard, and Dell, now makes Windows terminals. Many specialty companies, including Maxspeed, Neoware, and market leader Wyse Technology, focus on building Windows terminals. Figure 1-5 shows one of the many models of Wyse Windows terminals. Windows terminals are typically display devices with no moving parts of any kind. Some models, such as one manufactured by Wyse, have no local operating system and boot right to the Citrix ICA client. Others utilize Windows CE, a version of Windows NT, or even Linux. Some models such as those by Wyse and Maxspeed include a version of embedded Windows XP for running local browsers. Windows terminals typically have built-in local host emulation and, sometimes, browsing in order to offload these character display functions from the Presentation Server server farm. Some manufacturers, such as Maxspeed, also have wireless devices that enable users to access their complete desktop remotely.

Figure 1-5: Wireless Neoware Windows terminal

Because Windows terminals often have mean times between failure measured in decades, their maintenance expense is extremely low. If a Windows terminal does fail, IT simply delivers a replacement unit to the user. The user plugs in the Windows terminal, turns it on, and sees his or her desktop. Windows terminals significantly reduce the cost of supporting telecommuters. Unlike PCs, Windows terminals do not allow users to destroy their unit configuration by loading games or screen savers or other potentially damaging software. This makes the Windows terminal a particularly ideal device for telecommuters who may have families that like to share any personal computers in the home. Windows terminals are discussed more thoroughly in Chapter 7.

Other ICA Clients

Most UNIX workstations and Macintoshes can access Presentation Server servers by running the Citrix ICA client. Many handheld units such as Compaq's IPAC and Symbol System's modified Palm Pilot are capable of running an ICA client.

Increasingly, expect to see manufacturers come up with specialty ICA devices. For instance, a time clock system could be built as a Windows terminal using buttons instead of a keyboard. Employee time stamping could then be directly entered into the corporation's Windows-based time and billing system. Client configuration is covered in Chapter 14.

Application Access Through the Internet

As the Internet's pervasiveness continues to grow, more organizations prefer to utilize browser interfaces. The Citrix Access Gateway component of the Citrix Access Suite provides a secure, always-on, single point-of-access to all applications and protocols. It has all of the advantages of both IPsec and SSL VPNs, without their costly and cumbersome implementation and management. With the Advanced Access Control option, Citrix Access Gateway finely controls both what enterprise resource can be accessed and what actions can be performed. This topic is discussed more thoroughly in Chapter 16.