14. Web Access to the MetaFrame Server Farm Terms you'll need to understand: -
Web Interface -
Citrix XML Service -
ICA template file -
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) -
Secure Gateway -
Session ticketing -
Client-side proxy -
WebInterface.conf -
Network address translation (NAT) -
Citrix SSL Relay -
Secure Ticket Authority (STA) -
Secure Gateway Proxy -
Double-hop demilitarized zone (DMZ) Concepts and techniques you'll need to master: -
Identifying components of the Web Interface -
Identifying steps in the authenticating and launching of client applications through the Web Interface -
Understanding and identifying features of the Web Interface -
Identifying security features of the Web Interface -
Configuring the Web Interface -
Managing network address translation with the Web Interface -
Identifying Secure Gateway Components -
Choosing appropriate deployment configuration given a specific scenario Citrix's Web Interface provides users with access to the suite of applications to which they have been assigned. The Web Interface itself is made up of three components (as depicted in Figure 14.1): -
One or more server farms The Web Interface acts as a form of the Program Neighborhood interface to collect and display application set information for a user. Unlike the full PN client, the Web Interface can query multiple server farms using the provided user credentials and create a consolidated view of applications from these farms in a single application set dynamically displayed in an HTML page. The Web Interface communicates with the servers in the different server farms via the Citrix XML Service. The Web Interface must be able to communicate with a minimum of one server running the XML Service in each farm from which it is required to retrieve application set information. -
A web server The Web Interface itself is installed on a web server. Although the web server can run Presentation Server, it is not required to do so, and a dedicated web server is recommended in most production implementations . The Web Interface can operate as a standalone website dedicated for application access or can be integrated into a new or existing corporate web portal. -
Presentation Server client device Any device that can support a Presentation Server client and web browser can be used with the Web Interface. The browser and client work in tandem to provide users with application access. The web browser requests user credentials and displays the corresponding list of applications the user can access. When an application hyperlink is clicked, the Presentation Server client comes into play, providing the mechanism for actually connecting to the published application. Figure 14.1. A Web Interface deployment requires three network components. 
Figure 14.1 also summarizes the steps involved in generating an application set for a user. The steps are as follows : | 1. | The user accesses the Web Interface and provides the requested credentials. The information is passed from the client to the Web Interface.
| | 2. | The Web Interface receives the user's credentials and forwards this information to a Citrix XML Service in each of the defined server farms.
| | 3. | The XML Service then builds the application set for the user based on the information it receives from the IMA and Program Neighborhood services. Once generated, the application set information is returned to the Web Interface.
| | 4. | Based on this application set information, the Web Interface then generates an HTML page containing links to each of these applications.
| The next stage of interaction between the client, the Web Interface, and the server farm occurs when a user clicks an application link. Figure 14.2 demonstrates the steps followed to launch the application requested by the user. Figure 14.2. The client, Web Interface, and specific servers in the server farm interact when a user clicks an application hyperlink. 
The specific steps are as follows: | 1. | Clicking an application hyperlink initiates a request on the web server to retrieve an ICA file specific for that application. The ICA file contains all of the information required for the client to establish a connection to the specified published application.
The Web Interface does not maintain a list of hard-coded ICA files for each published application. Instead, it has access to a template ICA file, which contains special fields called substitution tags . The special Java classes in the Web Interface replace these substitution tags with information specific to the application before passing it to the client.
| | 2. | The Citrix XML Service is contacted in the appropriate server farm to retrieve the connection information for the least-busy server that publishes the requested application. A session ticket is then retrieved from this MetaFrame server for the user's application request.
| | 3. | The application, server address, and session ticket information are then passed by the XML Service back to the Web Interface.
| | 4. | The Web Interface does not maintain a list of hard-coded ICA files for each published application. Instead, it has access to a template ICA file, which contains special fields called substitution tags . The special Java classes in the Web Interface replace these substitution tags with information specific to the application before passing it to the client. The Web Interface completes the replacement of the substitution tags in the template.ica file with the information received by the XML Service. This file is then passed back to the client's web browser.
| | 5. | The web browser then passes the ICA file to the Presentation Server client, typically through a file association, and the PS client then uses the information within the ICA file to launch the actual MetaFrame published application connection.
| Alert Having the opportunity to perform some hands-on work and launch applications via the Web Interface will help in understanding these steps. You should clearly understand the steps involved when a user initiates a connection with the Web Interface, logs on to the environment, and selects a valid application hyperlink.
Listing 14.1 demonstrates a small portion of a typical template.ica file. This file, along with guest and wide area network templates, can be found on the Web Interface server in the Citrix\MetaFrame\conf folder under the Web root. Listing 14.1. Portion of the Default template.ica File [Encoding] InputEncoding=[NFuse_Template_Encoding] [WFClient] Version=2 ClientName=[NFuse_ClientName] [NFuse_TransportReconnect] RemoveICAFile=yes [NFuse_ProxySettings] ProxyTimeout=30000 [NFuse_COMPortMappingSetting] [NFuse_ClientPrintingSetting] [ApplicationServers] [NFuse_AppName]= [[NFuse_AppName]] Address=[NFuse_AppServerAddress] InitialProgram=#[NFuse_AppName] LongCommandLine=[NFuse_AppCommandLine] DesiredColor=[NFuse_WindowColors] Launcher=WI TransportDriver=TCP/IP WinStationDriver=ICA 3.0 [NFuse_ClientLogon] [NFuse_ProxySettings] ProxyTimeout=30000
All entries in the file that have the prefix NFuse_ and are contained within the square brackets [] represent the substitution tags. In the following sections, we discuss the configuration of the Web Interface and how many of these settings can influence the way the ICA file is generated for the client. |
