Chapter 14: Citrix Presentation Server 4 and Windows Terminal Services Client Configuration and Deployment | Citrix Access Suite 4 for Windows Server 2003: The Official Guide, Third Edition

As discussed throughout this text, on-demand access moves the vast majority of IT work and expertise from the client to the server environment, and simplifies the client environment to the thinnest form possible. Delivery of on-demand computing requires that the client software installation and configuration be instant and invisible to end users. The advances made by both Microsoft and Citrix over the last three years continue the trend of reducing desktop configuration, in many cases to zero. Chapter 7 detailed the client choices and discussed which client devices to use and when. This chapter, building on Chapter 7, discusses the configuration and installation of the clients .

ICA CLIENT OPTIONS FOR APPLICATION ACCESS

Windows Terminal Server with Citrix Presentation Server 4 accepts connections from the following types of clients:

– A device running a Web browser (I.E. 5.0 or Netscape 3.7 or later)
– A thin client running ICA or RDP clients
– A PC running any Windows operating system with an ICA or RDP client installed
– A PowerPC Macintosh or 68K Macintosh (for ICA) or a Macintosh running OS X for ICA and RDP
– A PC running a Linux operating system with a windowing system and an ICA client installed
– An IBM, HP, or SUN UNIX desktop running a windowing system with an ICA client installed
– Any number of tablet and handheld devices running Windows CE, Pocket PC, or CE.NET with an RDP or ICA client installed
– A Java-enabled device (anything from a cell phone to a Linux appliance) running the ICA Java client

The decision as to which of these client types an organization will use depends on their current network, client environment, security requirements, and whether or not an organization will be running all or just a few applications from the Presentation Server environment (the Hybrid environment is discussed in Chapter 7). Table 14-1 compares the features of the ICA client option choices.

Table 14-1: Presentation Server 4 ICA Client Comparison
	Win32 9.x	CE WBT 9.x	CE HPC 8.x	Java 9.x	Mac OS X 7.00	Linux X86 9.	Solaris SPARC 8.x	HP-UX 6.30	AIX 6.30	SGI 4.0	Mac OS 6.20	OS/2 6.01	Win16 6.20	FOMA 4.0	Series 80 4.0
1 Display + Graphics
Core Functionality ^[*]	X	X	X	X	X	X	X	X	X	X	X	X	X	x**	x**
Seamless Windows	X	XX		X		X	X	X	X	X
Text Entry Prediction	X	X	X	X	X	X	X	X	X	X	X		X
Panning	X		X	X	X	X	X	X	X	X				X	X
Scaling	X		X											X	X
Browser Acceleration	X	X	X	X	XX	X	X
Multimedia Acceleration	X	XX
Image Acceleration	X	X	X	X		X	X
Flash Acceleration	X	X	X	X
Dynamic Session Resizing	X	X	X	X		X	xx
Client Device Mapping
Drives	X	X	X	X	X	X	X	X	X	X	X	X	X	X	X
Printers	X	X	X	X	X	X	X	X	X	X	X	X	X
COM ports	X	X	X		X	X	X	X	X		X	X	X
Audio (server to client)	X	X	X	X	X	X	X	X	X		X	X	X		X
Audio (client to server)	X	X	X			X	X
Clipboard	X	X	X	text only	X	X	X	X	X	X	X	text only	X	X	X
USB PDA Sync	XX					XX
TWAIN Support	xx
Connectivity
PN Agent Interface	X	X	X	n/a		X	X
Multi-Farm Support	X	X	X	n/a		X	XX
Password expiration support	X	X	X	n/a		X	XX
Roaming Smart Card Support	XX
Auto Client Reconnect	X	X	X	X	XX	X	X	X	X
Roaming User Reconnect	X	X	X	X		X	X	X	X
Auto Client Update	X	n/a	X	n/a	X	X	X	X	X	X	X		X
Ext. Parameter Passing	X	X	X	X	X	X	X	X	X		X
Content Publishing	X	X	X	X		X	X						X
Content Redir. Client-Svr	PN Agent	X	X		manual	manual	manual	manual	manual		manual
Content Redir. Svr-Client	X	XX	XX	X		X	X	X	X
Auto Printer Detection	X			X		X	X					X	X
Universal Printing	X			X	xx(v2)	X	UPDv3	XX
Win ugh	XX	XX				XX
Workspace Control	X	X	X			X	XX
Session Reliability	X	X	X	X
Security/Authentication
Smart Card	X	X			XX	X	X		X
NDS Credentials	X	X	X	X	X	X	X	X	X		X
SSL (incl DNS resolution)	X	X	X	X	X	X	X	X	X		X			X	X
TLS	X	X	X	X	X	X	X	X	X					X	X
SOCKS 4 and 5 support	X	X	X	X	X	X	X	X	X	X	X		X
Auto Proxy Discovery	X	n/a	n/a	X	X	X	X	X	X
Secure Proxy	X	X	X	X	X	X	X	X	X
NTLM Proxy Authentication	X	X	X			XX
Passthrough Authentication	X			XX
Signed packages	X			X
International
Time Zone support	X	X	X		X	X	X	X	X		X
Enh Unicode Keyboard Support***	X		X	X		X	xx							X	X
Virtual Channel SDK	X	X	X	X	X	X	xx	X	X
Core Functionality		1280x1024 resolution, 24-bit color depth, Memory and Persistent Cache, International keyboard support, TCP/HTTP Browsing, Disconnect/Reconnect, up to 128-bit encryption
' The FOMA & Series 80 clients support a maximum of 256 colors, and do not support Persistent Caching
xx = denotes change from previous version
^[*] Enhanced Unicode Keyboard Support provides more versatile double byte character entry using the local IME and/or handwriting recognition functions

Our case study company, CME, has approximately 1,500 users on the five-building campus network, has another 1,500 users at remote locations throughout the world, and supports over 600 traveling and home users. The local users have historically received a new PC every five years. In order to reduce ongoing PC costs, CME has decided to provide all applications to users utilizing on-demand access. With all applications provided through Citrix, a majority of users will be able to use a thin client. Since the lease on 600 of these PCs is up this year, CME has decided to replace the PCs with thin clients, creating a mix of thin clients and PCs throughout the organization. As discussed in Chapter 7, purchasing thin clients rather than PCs creates significant savings (about $600,000 for the first set of PCs).

The thin clients that CME has chosen are Linux-based thin clients, with a basic ICA and RDP client, and no Web browser. Additionally, these thin clients have a remote management tool that pushes the latest ICA client and ICA client configurations directly to the thin client upon boot.

Thus, for the first 600 users, the client configuration is now set. For the other 2,400 users, though, the client options need to be analyzed and a decision made on which ones to run where. The remaining sections of this chapter will complete this analysis and provide answers to the client choices.

The Push or Pull Client Debate

Although the device choice to run the ICA client is nearly limitless, the way in which we provide visibility of the applications to these devices is limited to four choices:

– Presentation Server Web Interface Client
– Presentation Server Program Neighborhood and Program Neighborhood Agent Client
– A Microsoft Terminal Server Advanced Client Web interface client
– A manually configured ICA or RDP client connection

The first three of these choices are "push-based," meaning they provide a user with the icon, configuration, client software, and updates to the client software without the user having to understand the configuration, perform it, or step through an installation. The last choice requires that a user (or administrator) perform an installation, configure the client software, and then configure a connection. In this chapter, we will focus on these four methods of client deployment and what is required for the client-side configuration. The server-side configurations, security configurations, and customization are discussed at length in Chapter 16.

All the latest Citrix ICA clients are available from Citrix's Web site (http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755). The Citrix Presentation Server Client Packager is an all-in-one client for users of either 64-bit or 32-bit Windows (Windows 95 and later) devices. It wraps the following clients into a single package:

– Program Neighborhood
– Program Neighborhood Agent
– Web client

You can customize the client packager to deploy and maintain any number and combination of clients network-wide. Based on Windows Installer technology (msi), the client packager lets you install, uninstall, modify, and repair clients as well as perform controlled client upgrades. An easy-to-use wizard guides you through the configuration step-by-step.

In order to make sense of these choices and reduce the complexity to answer the simple question of which client to use at what times, we will focus our attention back on our reference case study company CME Corporation. CME has a very wide assortment of client devices, network configurations, application requirements, and end-user skill sets.

Citrix Presentation Server Web Interface Clients

When applications (or full desktops) are published through Presentation Server Web Interface, users access them via a Web browser. This method is very easy for end users, as they only have to know a URL address (or have it bookmarked or linked to) to connect and run a Presentation Server-Published application. Users only see the applications that have been published to them by the administrator (using the Citrix Management Console and users and groups from Active Directory, Novell NDS, or Novell eDir). No client configuration is required by the end user. Web Interface supports Macintosh, UNIX, and Windows client types, as well as Netscape Navigator and Windows Explorer Web browsers. Figure 14-1 shows a typical Presentation Server Web Interface access site.

Figure 14-1: The Presentation Server Web Interface site

Our case study organization, CME, has over 400 home-based and traveling users who need remote access support, and it must also support up to 200 concurrent remote users from all departments who need to work from home on nights and weekends. About 300 of these remote users are road- warrior sales people, and company executives. The home users have a large variety of client and operating system configurations, including Macintosh, Windows 98, Windows 2000, and Windows XP machines. All the remote users need access to Outlook e-mail and their Microsoft Office applications and files. In addition to these applications, the sales group needs access to their Customer Relationship Management software package, Microsoft CRM, and the executives need access to their financial reporting and analysis tools (Microsoft Excel spreadsheets, FRx, and Crystal Reports applications, with links to the SQL server accounting databases). In Chapter 17, we will discuss the network configuration to support and secure these users, but for the purposes of this chapter, we will discuss what client they should use and how to deploy it in the simplest, lowest -cost model, with the smallest amount of ongoing support. For these CME users, we recommend using the Presentation Server Web Interface client.

Deploying the Presentation Server Web Interface Client

Presentation Server Web Interface provides users with four choices of client software that will be pushed to the user. The administrator can either force the use of a given client software choice or leave it to the user to choose which one to use.

– The universal Win32/64 Web client This client software is identical to the Program Neighborhood Win32 client, except that it does not include the Program Neighborhood files and does not install an icon on the desktop or in the Start menu. The full Web client is available as a self-extracting executable and as a .cab file. At approximately 1.8MB in size, this package is significantly smaller than the other ICA Win32 Clients. The smaller size allows users to more quickly download and install the client software. You can configure the ICA Win32 Web client for silent user installation. There is also a minimal installation choice for this client that has a significantly smaller footprint (about 1.01MB) and thus takes about half the time to download. Table 14-2 shows the feature differences between the minimal and regular Win32 Web client installation.

Table 14-2: Feature Comparison of the ICA Win32/64 Web Client and ICA Win32/64 Web Client Minimal Installation
Feature	ICA Win32/64 Web Client	Minimal Installation
User-to-user shadowing	X
Smart card support	X	X
Content redirection	X
Enhanced content publishing support	X	X
Roaming User Reconnect	X
Support for SSL/TLS encryption of ICA session data	X	X
Support for Presentation Server Web Interface and the Access Gateway	X	X
Support for Presentation Server Secure Gateway	X	X
Enhanced Internet proxy support	X
Auto Client Reconnect	X	X
Novel Directory Services support	X
Extended parameter passing	X
Seamless windows	X
Client device mapping	X
Client drive mapping	X	X
Client printer mapping	X	X
Sound support	X
TCP/IP + HTTP server location	X	X
Wheel mouse support	X
Multiple monitor support	X
Panning and scaling	X
Per-user time-zone support	X
Windows clipboard integration	X
Low bandwidth requirements	X	X
SpeedScreen latency reduction	X
Disk caching and data compression	X

– The Java ICA client The Java ICA client was updated significantly with Feature Release 3 to include more features and run faster. The Java client enhancements include
- – Support for SSL communication
- – Unpackaged code, which allows the administrator to select which features to not install, allowing administrators to potentially decrease the download time
- – A connection center that supports multiple published application processing
- – Seamless application look and feel
- – Improved screen rendering (cuts down on screen flashing)
  
  The Java client is the smallest and most inobtrusive of the ICA clients, intended for use on machines that are heavily locked down or that don't allow software installation (such as a kiosk). The ICA Java client will run on any operating system that has a Java Virtual Machine (JVM) installed. The Java client is not as speed-optimized as the other ICA clients for high latency or highly graphical environments, so although it is much improved, it is still generally relegated to situations where it is the only choice that will work.
– The Macintosh client Citrix has ICA client software for both the older Macintosh clients (MAC OS) and the latest MAC OS X operating systems.
– The UNIX ICA client UNIX users who connect to the Presentation Server Web Interface site must use the appropriate UNIX ICA or JAVA client. Administrators may configure Presentation Server Web Interface to automatically detect and download the appropriate UNIX client.

Since most of CME's remote users are on Windows laptops and home PCs, we recommend that CME configure Web Interface to detect and push to the users the appropriate ICA client (or ICA client update) for their machine. In order to support users from hotels, trade shows, and airport kiosks , we recommend that CME allow users to customize their Web Interface login session to select the Java client and only those modules required to improve load speeds. We will use the full installation of the Win32 Web client (ica32t) in order to take advantage of the additional features and performance.

The Web Interface client does not require any user or client-side configuration for CME users. There is a fair amount of server-side configuration and optimization for Web Interface though, which will be covered step-by-step in Chapter 16. ICA client-side optimization settings are covered later in this chapter.

A larger question should be raised at this pointwhy not use this client for all 3,000 users at CME? Although the Web Interface client is simple and sufficiently powerful for use throughout the organization, for cases where the client machine type is fully known and controlled, there are some advantages to fully integrating the Program Neighborhood client discussed next for instance, it needs fewer clicks from the user, since it doesn't require opening a Web browser and going to a URLmeanwhile, it allows for more user configuration. A more obvious point for thin-client users though is that, as discussed in Chapter 7, many thin clients do not have a Web browser.

Microsoft Terminal Server Advanced Client

Terminal Server Advanced Client (TSAC, now called Remote Desktop Web Connection for Windows Server 2003) was released in October 2000 and as of this writing is essentially unchanged (other than the name change). Remote Desktop Web Connection (RDWC) is a Win32-based ActiveX control (COM object) that can be used to run Terminal Services sessions within Microsoft Internet Explorer 5.0 and later. This tool is similar in form and function to Presentation Server Web Interface, but RDWC only supports Win32-based clients running Internet Explorer. Additionally, RDWC is limited to one application or server connection per URL. Figure 14-2 shows a basic Remote Desktop Web Connection site.

Figure 14-2: Remote Desktop Web Connection for Windows Server 2003

The Remote Desktop Web Connection for Windows Server 2003 Web package can be installed from the Add/Remove programs in Windows Server 2003. The ActiveX control and sample Web pages can be used as a starting point for delivering Terminal Server applications through Internet Explorer. Developers can also use the RDWC to develop client-side applications that interact with applications running on a terminal server. RDWC is a great tool for smaller organizations, or for smaller deployments of one or two applications where Presentation Server is not being used, since it is the only RDP client that does not require desktop setup, configuration, and manual updates.

Although the RDP clients have improved dramatically over the last three years, they are still missing some critical features necessary for enterprise deployments. Chapter 3 went into more detail, but as a quick example, here are several reasons why our case study, CME Corporation, will be using the ICA client rather than the RDP client:

– ICA supports non-Windows machines with full-featured , full-color client connections. Since CME has over 400 UNIX, Linux, and MAC machines, this support is critical.
– ICA supports enterprise application load balancing rather than just the round- robin approach utilized by RDP. This feature is critical when supporting thousands of users across nearly 100 servers.
– ICA is a nonstreaming protocol. When compared with the streaming nature of RDP, ICA will support 30 to 50 percent more users on a given WAN link. Since CME has many WAN links worldwide, optimal use of these expensive links is critical.
– The Presentation Server Web Interface and integration with Secure Gateway/ Access Gateway provide a powerful secured access method without firewall reconfiguration or port opening. This solution is not available with RDP.

Citrix Program Neighborhood Agent Client

Several versions back, Citrix introduced a new Win32 client choice called Program Neighborhood Agent (PN Agent). PN Agent is a Windows 32 desktop client that utilizes a Web Interface server for its configuration. For local PCs, this ICA client provides a best-of-both- worlds solution, including a robust set of desktop-integrated features, yet requires little to no client-side configuration.

Note	PN Agent is only supported for use with Presentation Server Web Interface servers located inside the firewall. Clients external to the firewall cannot utilize PN Agent.

PN Agent supports Client-to-Server Content Redirection, which utilizes the Presentation Server Web Interface server to recognize applications and automatically update a user's MIME type associations to call ICA applications rather than local applications. For example, if a user clicks on a Microsoft Word file in Windows Explorer, the Microsoft Word Published Application from the Presentation Server farm will be called rather than a local copy of Microsoft Word. When a user disconnects from the Presentation Server farm, the MIME types are returned to their original associations.

Program Neighborhood Agent employs a simplified user interface (compared with the Full PN client), which removes complexity and features. For example, because all connection information is pushed down from a Web Interface site, the Program Neighborhood Agent does not require (or allow) a user to specify a farm to connect to, or to create a custom ICA connection.

Program Neighborhood Agent is a separate Win32 client downloadable from the Citrix Web site and is only available for Windows 32-bit clients. It is installed using the ica32a.exe or ica32a.msi files.

Program Neighborhood Agent icons can be accessed from icons placed directly on the user's Windows desktop, Start menu, or system tray by the user, or done remotely by the administrator.

Of the 1200 local campus users at CME who won't be receiving a new thin client, about 900 are on Windows-based machines (the other 300 are on Macintosh and UNIX/ Linux PCs). The Program Neighborhood Agent client makes an excellent client choice for these 900 users.

An example of how a Presentation Serverbased Great Plains installation appears to a user running from a Windows 2000 client with Program Neighborhood Agent installed is shown here. Notice that it looks identical to the user, as if it were installed locally.

Installing the ICA Win32 Program Neighborhood Agent with the Windows Installer Package

The PN Agent Windows Installer package (ica32a.msi) can be distributed with Microsoft Systems Management Server or Windows 2003 Active Directory Services. This package can be downloaded as a part of the Citrix Access Client package.

Note

To install the ICA client software using the Windows Installer package, the Windows Installer Service must be installed on the client device. This service is present by default on Windows 2000 and Windows XP systems. To install ICA clients on client devices running earlier versions of the Windows operating system, you must use the self-extracting executable or install the Windows Installer 2.0 Redistributable for Windows, available at http://www.microsoft.com/.

Since our case study, CME, has over 900 local campus machines and another 1,500 PCs at remote campus locations to install the PN Agent client on, it is obvious that an automated choice for this installation is required. Since CME will be using Web Interface to provide the configuration information for the PN Agent client, CME will leverage Presentation Server Web Interface to also distribute this client software to all 2,400 users.

Configuring the Windows Installer Package for Silent User Installation

The PN Agent Windows Installer package can be configured for "silent" user installation to ensure users don't see the installation options or attempt to interrupt or make the wrong installation option choices. Windows Installer informs the user when the client software is successfully installed. The user must clear the Windows Installer message box.

To configure the Program Neighborhood Agent Windows Installer package for silent user installation:

– At a command prompt, type: msiexec /I MSI_Package /qn+ [Key=Value] , where < MSI_Package > is the name of the installer package.

– The following keys can be set:

– PROGRAM_FOLDER_NAME=<Start Menu Program Folder Name>, where <Start Menu Program Folder Name> is the name of the Programs folder on the Start menu containing the shortcut to the Program Neighborhood Agent software. The default value is Citrix Program Neighborhood Agent. This function is not supported during client upgrades.
– ENABLE_DYNAMIC_CLIENT_NAME={Yes No}. To enable dynamic client name support during silent installation, the value of the property ENABLE_ DYNAMIC_CLIENT_NAME in the installer file must be set to Yes. To disable dynamic client name support, set this property to No.
– CLIENT_ALLOW_DOWNGRADE={Yes No}. By default, this property is set to No. This prevents an installation of an earlier version of the client. Set it to Yes to allow the installation of an earlier version of the client.
– ENABLE_SSON={Yes No}. The default value is No. If you enable the SSON (Passthrough authentication) property, set the ALLOW_REBOOT property to No to avoid automatic rebooting of the client system.

– SERVER_LOCATION=<Server_URL>. The default value is PNAgent. Enter the URL of the Web Interface that hosts the configuration file. The format must be in the format http://www.< servername > or https ://www.<servername>.

Note	The Program Neighborhood Agent appends the default path and filename of the configuration file to the server URL. If you change the default location of the configuration file, you must enter the entire new path in the SERVER_LOCATION key.

– ALLOW_REBOOT={Yes No}. The default value is Yes.
– DEFAULT_NDSCONTEXT=<Context1 [, ]>. Include this parameter to set a default context for NDS. If you are including more than one context, place the entire value in quotation marks and separate the contexts by a comma. The following are examples of correct parameters:
```
 DEFAULT_NDSCONTEXT=Context1 DEFAULT_NDSCONTEXT="Context1,Context2" 
```

The following represents an incorrect parameter:

 DEFAULT_NDSCONTEXT=Context1,Context2

Central Configuration of the Program Neighborhood Agent Client

The advantage of PN Agent over the other ICA clients (other than the Web client) is that it is configured centrally via the Program Neighborhood Agent Admin Tool (which changes an XML file on the Web Interface server) rather than via configuration files on the local devices.

To access the Program Neighborhood Agent Admin tool, connect to http://www.servername/Citrix/PNAgentAdmin/ with an administrator account on the server running Presentation Server Web Interface.

Users' logon methods, shortcuts, and access to the user interface are determined by the options set using the Program Neighborhood Agent Admin tool. Users' ability to determine their own logon method, audio settings, shortcut placement, and display settings can all be allowed or denied using the PN Agent Admin Tool, depending on an organization's needs.

The custom options for all users running the Program Neighborhood Agent on a network are defined in a configuration file stored on the server running the Presentation Server Web Interface. The client reads the configuration data from the server when a user launches the PN Agent, and updates at specified intervals. This allows the client to dynamically display the options the administrator wants the users to see based on the data received. The settings configured using the Admin tool affect all users who read from this configuration file.

A default configuration file, config.xml, is installed with default settings and is ready for use without modification in most network environments. However, this file can be edited, or multiple configuration files created, using the Program Neighborhood Agent Admin tool. This allows an administrator to add or remove a particular option for users quickly and to easily manage and control users' displays from a single location.

The default configuration file, config.xml, is placed in the \Inetpub\ wwwroot \ Citrix\PNAgent directory on the server running the Web Interface during the installation process. New and backup configuration files created using the PN Agent Admin tool are stored in the same folder as the default configuration file. The data configuration files serve two purposes:

– To point clients to the servers that run users' published resources
– To control the properties on users' local desktops, thereby defining what tabs and options users can customize

A configuration file controls the range of parameters that appear as options in the user's Properties dialog box. Users can choose from available options to set preferences for their ICA sessions, including logon mode, screen size, audio quality, and the locations of links to published resources.

Multiple configuration files can be created to fill all of an organization's needs using the Program Neighborhood Agent Admin tool. After creating a configuration file and saving it on the server running the new Web Interface, you will need to give users the new server URL that points to the new file.

Note

SSL/TLS-secured communications between the client and the server running the new Web Interface and smart card logon are not enabled by default. These features can be activated in the Server Settings section of the Program Neighborhood Agent Admin tool. In addition, SSL must be enabled on the Presentation Server server to utilize SSL/TLS-secured communications.

As discussed at length in Chapter 10, it is important to test all enterprise-wide applications in the test environment prior to full deployment. The PN Agent deployment should be tested by installing a copy of the client on a single client device, then on five devices (preferably with different Windows operating systems and environments). The test installations will allow a full evaluation of the default settings and determine whether or not adjustments are required to fit your particular network needs. Comparing between the configuration file and the client, you can monitor the effects of your changes on the client behavior.

Caution

The settings in the configuration file are global, thus affecting all users connecting to that instance of the file. The Program Neighborhood Agent Admin tool automatically creates a backup file (with the extension .bak) when a configuration file is loaded into the tool.

Configuring Farm-Wide Settings The Program Neighborhood Agent Admin tool is divided into several sections, allowing control and definition of different aspects of the user experience. These sections include

– Client Tab Control
– Server Settings
– Logon Methods
– Application Display
– Application Refresh
– Session Options

Administrators can define whether users see any tabs in the Properties dialog box of the Program Neighborhood Agent, and also what options they can and cannot customize. Each tab, and the settings that can be customized, are detailed next.

By default, users can access the Program Neighborhood Agent Properties dialog box from the Windows system tray. Administrators may choose to hide or display tabs in the Client Tab Control section of the Program Neighborhood Agent Admin tool, including the Server, Application Display, Application Refresh, and Session Options tabs.

Note	Changing these parameters directly affects the contents of the Properties dialog box for all users affected by the configuration file you are modifying. If you remove a tab from the Client view, users cannot customize any options on that tab.

Enabling and Disabling User-Customizable Options This section contains an overview of the options available in the Properties dialog box. The instructions are presented in the order of the tabs on which each option appears.

– Server tab options The Server tab options can be modified using the Program Neighborhood Agent Admin tool, located on the options pages for Server Settings and Logon Methods.
– Server Settings This allows you to configure server connection and configuration refresh settings, such as the redirection of users to a server running the Web Interface using its Fully Qualified Domain Name (FQDN) or a user-provided server URL. In addition, you can define how often the client should refresh its configuration settings. Other options allow you to define when users are redirected to a different serverat connection time or at a scheduled client refresh. Enable SSL/TLS communication here as well, changing URLs to use the HTTPS protocol automatically.

– Logon Methods Providing a choice of multiple logon modes may be necessary in environments where multiple users employ the same client device but different logon modes. This allows you to determine what logon methods are available to users, to force a default logon method, and to allow a user to save his password. The definable logon methods include Anonymous, Smart card, Smart card with Passthrough authentication, User prompt, and Passthrough authentication. If multiple logon methods are selected, users can choose their preferred logon method from a drop-down list. Novell Directory Services (NDS) credentials from the specified tree can be required from users who are prompted for a logon or who select Passthrough authentication. If you do not want users to have access to any of these options, use the Client Tab Control section of the Program Neighborhood Agent Admin tool to hide the Server tab altogether. You can show or hide the tab at any time.

Note

By default, users who are prompted for credentials can save their password. To disable this function, clear the Allow User To Save Password check box in the Logon Methods section of the Program Neighborhood Agent Admin tool. If you did not enable the Passthrough authentication feature when you first installed the Program Neighborhood Agent, you must reinstall the client software before you can use the Passthrough authentication logon mode.

– Application Display tab options The options available on the Application Display tab let users place links to published resources in various locations of the client device, including the Windows desktop, the Start menu, the Windows system tray, and any combination thereof. Using the Application Display options in the Program Neighborhood Agent Admin tool, you can define which settings users are allowed to customize. The client queries the configuration file at connection time to validate each user preference against its controlling element in the file. If you do not want users to have access to any of these options, you can use the Client Tab Control section of the Program Neighborhood Agent Admin tool to hide the Application Display tab altogether. You can show or hide the tab at any time.
– Session Options tab options The options available on the Session Options tab let users set preferences for the window size, color depth, and sound quality of ICA sessions. Using the Session Options section of the Program Neighborhood Agent Admin tool, you can define what settings are available to the user. Users can choose each available option from a list. The preferences users set for color depth and sound quality affect the amount of bandwidth the ICA session consumes. To limit bandwidth consumption, you can force the server default for some or all of the options on this tab. Forcing the server default removes all settings for the corresponding option, other than Default, from the interface. The settings configured on the server running the new Web Interface apply. If you do not want users to have access to any of these options, you can use the Client Tab Control section of the Program Neighborhood Agent Admin tool to hide the Session Options tab altogether. You can show or hide the tab at any time.
– Application Refresh tab options The options available on the Application Refresh tab let users customize the rate at which the ICA client queries the server running the new Web Interface to obtain an up-to-date list of their published resources. The Application Refresh tab is hidden from the Properties dialog box by default. If you want to give users control over the refresh rate, you need to enable the tab first. Enabling the Application Refresh tab makes all options on it user-customizable, unless you modify each option in the Application Refresh section of the PN Agent Admin tool.

Customizing the ICA Win32/64 Program Neighborhood Agent This section presents general information about customizing user preferences on the client device running the Program Neighborhood Agent. To customize user preferences for the Program Neighborhood Agent,

In the Windows system tray, right-click the Program Neighborhood Agent icon and choose Properties from the menu that appears.
Select the Session Options tab.
Make the desired configuration changes.
Click OK to save your changes.

For more detailed information, see the online Help for the Program Neighborhood Agent.

Configuring the Server URL The Program Neighborhood Agent client requires input of the URL pointing to a configuration file (config.xml is the default configuration file) on the server running Presentation Server Web Interface.

Should the Web Interface server IP address need to be changed, the PN Agent client will also have to be updated with the new address. To change the URL of the Web Interface server from the PN Agent Client,

In the Windows system tray, right-click the Program Neighborhood Agent icon and choose Properties from the menu that appears.
The Server tab displays the currently configured URL. Click Change and enter the server URL as directed in the dialog box that appears. Enter the URL in the format http://www.<servername>, or https://www.<servername>, to encrypt the configuration data using SSL.
Click Update to apply the change and return to the Server tab, or click Cancel to cancel the operation.
Click OK to close the Properties dialog box.

To delete memorized server URLs,

In the Windows system tray, right-click the Program Neighborhood Agent icon and choose Properties from the menu that appears.
Select the Server tab.
Click Change.
Click the down arrow to view the entire list of memorized server URLs.
Right-click the URL to be deleted and select Delete from the menu that appears.
Click Update.
Click OK.

Presentation Server Program Neighborhood Client

The big brother to the Program Neighborhood Agent client is the Win32/64 Program Neighborhood (PN) client, which provides users access to server farms, application sets, and published applications. The primary benefit of Program Neighborhood over the Web client or the PN Agent client is that the user has a nearly infinite number of settings that can be changed to customize the client. The disadvantage is that it is more complex, must be configured at the client (rather than through the Web Interface server), and does not automatically change the MIME types on the client. Similar to PN Agent, PN allows an administrator to push the ICA application icons and configurations (that a user has been granted permission to) to the end users' desktops (and Start menu) as soon as they start the Citrix PN client.

Program Neighborhood icons can be accessed from the PN client, or the icons can be placed directly on the user's Windows desktop or Start menu by the user, or be done remotely by the administrator.

Program Neighborhood with some custom ICA connection folders is shown next.

Program Neighborhood vs. Program Neighborhood Agent

Because the configuration options must be configured (either remotely or locally) via the configuration files of Program Neighborhood, rather than centrally via the Web Interface server, Program Neighborhood is more client-configuration intensive .

There are a few instances in which the Full Program Neighborhood Client should be used rather than PN Agent:

– When there is no Web Interface server in the environment
– When the users require detailed configuration of the client
– In disparate user environments, where each user has very different client settings requirements, thus making the central administration and configuration of the client software of little value

In our case study, CME, none of these instances exist, so CME will use the PN Agent client for all LAN campus PC users.

UNIX and Linux ICA Clients

Previous Table 14-1 shows how the UNIX and Linux ICA clients stack up to the Win32 ICA clients. The Linux 9.x client is comparable in its features and speed to the Win32 clients, with the exception of image and multimedia acceleration. The only significant missing feature of the Linux 9.x client is the Program Neighborhood feature set, which isn't applicable to Linux. The UNIX clients remain one or more versions behind the Linux and Win32 clients but are still mature, fast, and feature-rich.

Although the normal deployment methods used in a Windows environment are not applicable (for instance, Active Directory, SMS, and so on), a Presentation Server Web Interface site can still be utilized to deploy the UNIX/Linux ICA client. Another option is a centrally run, and stored, script. Many UNIX and Linux environments utilize centrally stored and executed scripts for most applications in the environment, and the ICA client will deploy effectively using this method.

Our case study, CME, has 200 local and remote UNIX desktops used by engineers for Computer Aided Design and Manufacturing, as well as 100 Linux desktops utilized by the software development teams . CME utilizes both a Presentation Server Web Interface site and several C-shell scripts stored on the main file server, pathed from the UNIX and Linux machines, to run a full desktop-published application. The published desktop provides Microsoft Office applications, Microsoft Outlook, MathCAD, and other PC-based engineering and mathematical applications needed by the engineers and developers.

Macintosh Clients

ICA and RDP clients are available for Macintosh OS X users, both of which are fast and full-featured. For users running older Macintoshes, the ICA client is the only choice available, although it is three full revisions behind the Win32, Linux, and Mac OS X clients. The legacy Mac client is supported for both PowerPC and 68K versions. The ICA Macintosh clients come in .HQX and .DMG (for OS X) formats. The configuration is very similar to the Win32 configuration (without the Program Neighborhood features). As Table 14-1 earlier showed, features such as local drive and printer mapping are fully supported on the Macintosh ICA clients.