Program Neighborhood Client Configuration

Program Neighborhood Client Configuration

In the following sections, we briefly review the configuration features for the Program Neighborhood client. We highly recommend that you take the time to familiarize yourself with the corresponding interface for each client. Hands-on practice with the configuration of each client will go a long way in preparing for the exam. As we've already mentioned, unlike the PN Agent and Web clients , the full Program Neighborhood client is not centrally managed. All configuration options must be set directly on the client, either through the interface or within the appropriate INI file before (or after) deployment.

ICA Browser Settings

An extremely important concept to understand when it comes to the ICA client is that of ICA browsing. ICA browsing is the term used to describe the process that a client follows to discover MetaFrame servers on the network and gather information about published applications and the associated server farm.

In the process of browsing, the client communicates with one of two services running on the MetaFrame server. The choice in service is dictated by the protocol chosen for use by the client:

• Citrix XML Service Provides published application information to either clients or the Web Interface, transmitting XML data using the HTTP protocol. For a client to communicate with the Citrix XML Service, it must be configured with the name of at least one MetaFrame server in the farm. If a valid server name is not provided, the client will fail to locate a server or server farm. The Citrix XML Service cannot be contacted using network broadcasts.

• ICA Browser Service Listens on User Datagram Protocol (UDP) port 1604 for published application or server requests from a client. Clients can communicate with the ICA Browser service either through directed or broadcast UDP requests. When sending a UDP broadcast, the client and server must reside on the same network for the client request to be received successfully by the server. After a client has successfully located a MetaFrame server, further communications occur through directed UDP requests to the ICA Browser service.

ICA browsing is initiated in the following situations:

• A user attempts to view a list of servers or published applications when creating or editing a custom ICA connection.

• A user views the Application Set list when running the Find New Application Set Wizard.

• A user launches a published application. As part of the launching process, the client communicates with the farm to request a server on which to launch the application.

Network Protocol Connection Options

PN allows you to specify the network protocol used to communicate with the server farm. The supported options available are

• TCP/IP+HTTP Published content is accessed using ICA over TCP/IP and ICA browsing is performed by transmitting XML data encapsulated in HTTP packets to the Citrix XML Service.

• SSL/TLS+HTTPS Published content is accessed using ICA encapsulated in SSL/TLS over TCP/IP. ICA browsing is performed by transmitting XML data encapsulated in HTTPS packets to the Citrix XML Service via the SSL Relay service. This combination provides strong encryption of ICA traffic combined with server authentication.

• TCP/IP Published content is accessed using ICA over TCP/IP. ICA browsing is performed by sending UDP packets (either broadcast or directed) to the ICA Browser service running on the MetaFrame servers.

• IPX/SPX and NetBIOS Windows 2000 Terminal Servers support client communications via IPX/SPX or NetBIOS. ICA browsing for all three protocols is done using the ICA Browser Service. Windows Server 2003 allows only TCP/IP-based Terminal Services client connections.

The network protocol to use is first set when a new application set or custom ICA connection is created and can be changed any time by editing the properties. Be certain that you are choosing the protocol supported by your target server farm. The client cannot detect during creation of the connection or application set whether the chosen protocol will be supported by the server.

Global Program Neighborhood Client Properties

PN maintains a set of properties that are global to the client, whether you are using custom ICA connections or an application set to access published resources. On the Tools menu, you will find the three options that can be configured:

• ICA Settings The first and most detailed settings are found here. Four tabs contain global settings that you can configure. The first is the General tab, containing a variety of settings. Of note are the following settings:

  • Client Name The name defaults to the choice made during installation, which is usually set to dynamically match the client name.

  • Allow Automatic Client Updates Disabling this setting prevents client updates regardless of the Update Database settings.

  • Pass-through Authentication This option can be changed only if the user has administrative privileges. Pass-through support must have been selected during the client installation for the user to be able to use this setting.

  • Use Local Credentials to Log On This setting is enabled only if pass-through authentication has been enabled.

  Next is the Bitmap Cache tab, which manages settings for the disk-based bitmap cache. The cache size can be altered , but the default value is the recommended setting of 10MB. The default cache location is within the user's Windows profile. The minimum sized bitmap to cache is 8KB by default.

  The Hotkeys tab specifies the alternate key combinations to use to mimic the typical Windows hotkey behavior. For example, instead of pressing Ctrl+Alt+Del to bring up the Security window, you could define Ctrl+F1 as the alternate key combination within a MetaFrame session.

  The Event Logging tab controls the plaintext log file settings for the client. The file is stored in the Application Data\ICAClient folder within the user's profile and is called wfcwin32.log. The log is automatically overwritten every time a new connection is established.

• Modems The second menu option under Tools simply opens the Windows Phone and Modem Options dialog box.

• Serial Devices For a serial device to be available to the PN and in turn accessible from within the MetaFrame session, the device needs to be added from within the Serial Devices dialog box. After adding a serial device, you can modify the standard serial properties such as communications speed, data bits, parity, and stop bits.

Default Custom Configuration Settings

When you open the Custom ICA Connections view in Program Neighborhood, you manage the default options for custom connections by selecting Custom Connections Settings from the File menu.

Two tabs exist in the Custom Connections Settings: Connection and Default Options.

Connection Tab

On the Connection tab, you define the global default server location settings, which are applied by default to all custom connections that have not explicitly defined alternate settings. By adjusting the server location setting, you define how ICA browsing is performed for each of the available protocols. ICA Browsing was reviewed in the "ICA Browser Settings" section earlier in this chapter.

The available network protocols have been grouped together as HTTP/HTTPS, TCP/IP, IPX/SPX, and NetBIOS. Each protocol group maintains its own independent server list. When a custom ICA connection is created, the network protocol chosen for that connection dictates the corresponding server list that is assigned. For each protocol, up to three groups of five unique server addresses can be defined (Primary, Backup1, and Backup2). If no servers in the first group respond, the servers in the next group are contacted. If that fails, group three is used.

The default entry for TCP/IP, IPX/SPX, and NetBIOS is (Auto-Locate). This entry configures the associated protocol to attempt a UDP broadcast for the ICA Browser service. The default entry for the HTTP/HTTPS entry is "ica". Unless this entry is replaced with the name of a valid Presentation Server, the client will attempt to resolve the name "ica" to a valid IP address and use that to request farm information.

When implementing MetaFrame connections using SSL/TLS+HTTPS, you must provide the fully qualified domain name (FQDN) for all MetaFrame servers that have been properly configured with a digital certificate using the SSL Relay Configuration Tool. The SSL Relay Configuration Tool is discussed in the next chapter.

On the Connections tab, look for the Firewalls button in the lower-right corner. This button brings up the Firewall Settings dialog box (see Figure 13.7).

Figure 13.7. Default firewall settings are applied to all custom connections.

The options in the Firewall Settings dialog box include

• Use Alternate Address for Firewall Connection When this option is selected, the client requests the MetaFrame server's alternate TCP/IP address. This setting is required when the PN client is directly accessing published resources located behind a firewall and network address translation (NAT) is being used to map an external address to an internal MetaFrame server address. By default, ICA browsing returns the true address of the MetaFrame server, which is not desired in an NAT scenario. Instead, the associated external address can be returned by the ICA Browser if this option is selected. The server must be configured with an alternate address for this to work properly. Configuration of the alternate address and firewall traversal are discussed in Chapter 14.

  This option is not required when you are using the Web Interface or if you are accessing a server directly using an external NAT address and not accessing a published application.

• Use Web Browser Proxy Settings This option uses the proxy settings defined for your default web browser to access the Presentation Server environment. If the default browser is Internet Explorer and it is configured to automatically detect settings, Program Neighborhood does not assign proxy settings but instead assumes no proxy settings are defined and attempts a direct connection.

• Custom Proxy Settings The PN client allows you to assign custom default proxy settings if proxy traversal is required to reach the MetaFrame server. If SOCKS or Secure (HTTPS) is chosen, you need to provide the address and port number for the associated proxy server.

• Citrix Secure Gateway Only if you will be accessing a MetaFrame environment through a Citrix Secure Gateway running in relay mode do you need to modify these settings. Provide the fully qualified domain name of the Secure Gateway along with the port. The default port is 443. Version 2.0 or later of the Secure Gateway does not support operation in relay mode.

Default Options Tab

Any of the settings configured on the Default Options tab apply to all custom ICA connections, unless the Use Custom Default check box is deselected.

These settings include

• Enable Sound Enabling this option allows published applications to play sounds on the local client. The client must be equipped with a compatible sound card. The default sound quality assigned depends on the type of connection created. A LAN connection has sound defaulting to medium quality, whereas a WAN or dial-up connection has low-quality sound as the default.

• Encryption Level This setting assigns the default ICA encryption for all custom connections. It is recommended that 128-bit encryption be employed in all situations, even if data is completely contained on a local area network.

• Window Colors Four color options are available: 16 colors, 256 colors, high color (16 bit), and true color (24 bit).

• Window Size This setting is ignored if the published application is configured to run in seamless window mode. The options are fixed size, custom size, and percentage of the screen size (75%, for example), or you can choose to run the session in full-screen mode, completely hiding the local desktop, including the Start bar.

Custom Configuration Connection Settings

To create a new custom connection, you need to use the Add ICA Connection Wizard. Figure 13.8 shows the first of four tabs containing configuration information for a custom connection.

Figure 13.8. Custom ICA connections are created using the Add ICA Connection Wizard.

Connection Tab

The Connection tab shows connection-specific information. The first option, the Connection Type setting, dictates what information appears on this tab as well as what settings are enabled by default under the Options tab. There are four connection types to choose from:

• Local Area Network Only the Use Data Compression Option is enabled.

• Wide Area Network When this setting is selected, both the Use Data Compression and Use Disk Cache for Bitmaps options are selected.

• Dial-Up Networking (PPP/RAS) If the client must be dialed into a private Microsoft network before being able to launch the MetaFrame session, you can select this option. A dial-up networking connection must already have been configured on the client before this option can be selected. Besides your having to choose a dial-up networking connection, all other options on this tab are the same as for a LAN or WAN connection. The same default options as the WAN connection are also enabled when you choose a dial-up networking connection.

• ICA Dial-In If the client will be directly dialing into the MetaFrame server, you should choose this option. When you do so, the standard settings are hidden, and you are then required to select a configured modem on the client. After choosing a valid modem, you need to provide the phone number to dial to reach the host MetaFrame server.

  Options such as the Server or Published Application setting and network protocol are not available when choosing dial-in. None of these settings are necessary as you are dialing directly into a MetaFrame server and not establishing any type of network-based connection.

The next option (unless you're using dial-in) allows you to select either a Server or Published Application as the connection target. If you know the name or IP address of the server, you can directly enter that information instead of selecting from the drop-down list. The population of the drop-down list depends on the Server Location settings.

Options Tab

On the Options tab, you configure the "behavior" of the connection. The settings that you can manage here are

• Use Data Compression This setting is always enabled by default.

• Use Disk Cache for Bitmaps Over slower connections, this setting is enabled, allowing bitmaps to be cached to the local disk. The client maintains an in-memory cache, but larger and more images can be cached when the disk is enabled. WAN and dial-up connections enable this setting by default.

• Queue Mouse Movements and Keystrokes This setting is an older latency reduction feature of the Citrix client. It remains disabled for all clients. When it is enabled, mouse and keyboard updates are set less frequently, reducing the "chatty" tendency of ICA data. Bundling more data can improve performance over low-speed connections. This setting should normally remain disabled to improve responsiveness.

• Enable Session Reliability This setting is enabled by default, but is not available when you are performing an ICA dial-in connection. Session reliability is enabled by default for all other connection types.

• Enable Sound If you want to use high sound quality, you have to override the Use Custom Default and explicitly select High. High consumes substantially more network bandwidth. Medium is adequate for most LAN environments.

• Encryption Level This setting uses the custom default unless overridden.

• SpeedScreen Latency Reduction The client-side portion of the SpeedScreen Latency Reduction Manager, discussed in Chapter 6, "Configuring and Administering MetaFrame Presentation Server" is configured on a per-connection basis, and the Auto setting is enabled by default, meaning that PN enables or disables SpeedScreen Latency Reduction based on the estimated network slowness. The Mouse Click Feedback option always defaults to being enabled, whereas Local Text Echo is always disabled by default.

  Note

  Enabling or disabling SpeedScreen Latency Reduction on the client does not affect the other SpeedScreen optimization settings (also discussed in Chapter 6), such as SpeedScreen Browser or Multimedia Acceleration.

  
  

• Window Colors and Window Size This setting manages the size and color depth of the session. When connecting to a server, you have the Window Size settings that were discussed earlier when looking at window size defaults. If the connection is to a published application, an additional entry, Seamless Window, is added to the drop-down list box.

Logon Information Tab

On the third tab, Logon Information, the logon configuration for the ICA connection is maintained . You must choose one of three configurations:

• Local User Select this setting to ensure users are prompted for logon information. If pass-through authentication has been enabled, the associated check box can be selected, eliminating the need for users to provide their credentials every time they log on to the server or published application.

• SmartCard This setting configures the client to require a SmartCard and associated PIN to authenticate against the server. The pass-through configuration is identical to the configuration that would be used when Local User was selected.

• User-specified Credentials PN can authenticate using the credentials that you provide here. If the Save Password option has not been disabled, you can cache the credentials for future use. If the farm is performing authentication using Novell Directory Services (NDS), the User Name field should be used for the NDS distinguished name, the password should be provided normally, and the Windows domain name field should be omitted.

Application Tab

From the Application tab, you see one of two possible dialog boxes. When a server connection has been established you have the option of populating the Application field with the full path to an executable that resides on the server along with an associated Working Directory. This information is used to automatically launch the application after logging on to the server. This option provides legacy support for application launching but is not recommended as a substitute for using a published application. You also can modify the default icon if desired.

If the custom connection is a published application instead of a server, this tab provides a read-only view of the published application name. You still have the option to change the icon if you want.

Application Set Settings

Application sets and custom ICA connections share the same ICA Settings defaults, but application sets themselves do not have an additional set of global defaults. Each application set that is created must be configured with the necessary settings to be able to function.

You add application sets to PN by running the Find New Application Set Wizard. When finding an application set, you are defining the parameters required to find the associated server farm and retrieve the applications for users based on the logon credentials they provide. With an application set, unlike a custom ICA connection, you are not creating a shortcut to a specific server or published application. Instead, all the published application shortcuts available to you are automatically created based on your user credentials.

Figure 13.9 shows the properties for an application set. When comparing properties for an application set and a custom ICA connection, you will find that these settings are nearly identical.

Figure 13.9. Application set properties are nearly identical to those belonging to a custom connection.

The properties that differ are as follows:

• The Connection tab supports a setting called Auto-Detect Network Protocol. This setting allows PN to attempt to auto-detect the appropriate protocol to use to find the application set.

• Under the firewall settings, the option to connect through a Citrix Secure Gateway operating in relay mode is not supported for an application set.

• Under the Options tab is a setting called Turn Off Desktop Integration for This Application Set. It disables the creation of desktop or Start menu shortcuts for applications in this application set, overriding the options defined within a published application.

• ICA dial-up connections are not available for use with application sets.

Multiple application sets can be created for a PN client, but a single application set can consist of applications drawn from only one server farm. You cannot have applications from different farms appear within one application set.