Web Connectivity to the MetaFrame Server Farm

Web Connectivity to the MetaFrame Server Farm

Conceptually, the behavior of the Web Interface remains unchanged from MPS 3.0, but Citrix has introduced a number of new features that change how the Web Interface and the Program Neighborhood Agent are managed. The following list is a summary of the new web features in MPS 4.0. Where noted, we provide more detailed information on the specific feature:

  • Web Server Requirements The web server requirements outlined in Chapter 14 still apply with one addition. Prior to installing the Web Interface, you must first install the Access Suite Console. The installation MSI for this application can be found on the MPS 4.0 installation CD-ROM in the \Administration\Access Suite Console folder. After all of the prerequisites have been met, the Web Interface can be installed.

  • Web Interface Installation The installation process has changed since MPS 3.0. Multiple different languages are now supported (German, English, Spanish, French, and Japanese). The installation now prompts only for the location of the client installation files. You are no longer prompted for any MetaFrame server information. All farm- related configuration is now done after the installation has completed.

  • The Web Interface, Program Neighborhood Agent, and the MetaFrame Access Suite Consoles Management of the Web Interface and the Program Neighborhood Agent are no longer performed through their respective web-based consoles. They are now managed from within the Access Suite Console. We look at the features and functionality of the console later in this chapter.

  • Remote Configuration Remote Configuration allows the Web Interface configuration file (WebInterface.conf) and/or the PN Agent configuration file (config.xml) to be stored in the farm's Data Store instead of locally on the web server if desired. We discuss Remote Configuration in more detail shortly.

  • Multiple Site Support Multiple Presentation Server, PN Agent, and Conference Manager sites can co-exist on the same Web Interface server. The Access Suite Console makes it easy to manage all of the required tasks for these sites.

  • Web Interface Site Grouping Sites from multiple Web Interface servers can be logically grouped and managed as a single entity, all sharing the same common Web Interface configuration file. When this file is updated within the Access Suite Console, all load-balanced sites in the group are automatically updated.

  • Web Interface Customization Wizard The general appearance of the Web Interface can easily be modified without requiring any Web coding. A simple wizard allows you to change a number of site features such as text, logos, colors, and icons. We discuss this feature further when we review the new management features of the Web Interface.

  • UNIX Web Interface Support for RSA SecurID and Secure Computing SafeWord for Citrix Both two-factor authentication configurations are supported via the RADIUS authentication protocol in UNIX. The Web Interface on Windows continues to provide native support for these products.

  • Novell NDS Authentication Support NDS authentication is now supported directly via LDAP and no longer requires the Novell client to be installed on the Web Interface server. NDS authentication is not available within the UNIX Web Interface.

  • Improved Error Reporting from the Citrix XML Service The Citrix XML Service on an MPS 4.0 server now returns the IMA error code to the Web Interface instead of the generic "Unspecified error" reported in previous versions of MPS.

  • template.ica Replacement The template.ica file, which was used in previous versions of the Web Interface to generate specific ICA files for published application access, has been replaced in the MPS 4.0 Web Interface. Now, the specific ICA file sent to the client is generated completely from within the Web Interface Java classes. If the default output file must be modified, special ICA override files can be created. The Web Interface reads these files as it generates the ICA file for the published application. When a site is generated, the override files can be found in the <site root>/conf folder, the same location as the Web Interface configuration files.

  • End- User Changes In addition to the changes that have been introduced to the Web Interface on the server-side, some improvements have also been made to the user interface and how the WI interacts with the user. The user-specific features are

    • Multiple Language Support The Web Interface provides built-in support for displaying information in any one of five languages (English, German, Spanish, French, or Japanese). The WI attempts to detect the web browser's locale and display the appropriate language. You can also select the desired language from within the interface.

    • Bandwidth Tuning The Web Interface now allows users to provide bandwidth information during logon, which in turn allows the WI to provide the appropriate tuning settings within the generated ICA file for the client.

    • User Interface Configuration Settings Users now can customize different aspects of the Web Interface display. An administrator controls the configurable areas through the Access Suite Management Console.

    • Java Client Fallback Support The Java client can now be configured to act as an automatic fallback client if a user connects to the Web Interface without having the proper Win32 client installed. With no Win32 client detected , the WI automatically delivers the Java client as a substitute.

  • Secure Gateway Modifications MPS 4.0 introduces some modifications to the Secure Gateway configuration. See the "Secure Gateway Configuration in an MPS 4.0 Environment" section for more information.

Managing the Web Interface with the Access Suite Console

Unlike the Web Interface in MPS 3.0, which was useable immediately after installation, the 4.0 Web Interface requires that you first create a site with the Access Suite Console (ASC). The first time you launch the ASC, it prompts you to discover the available products and components . This includes both the Web Interface and any associated Presentation Servers. Whereas the Presentation Server choice is optional, you must select the Web Interface option. After discovery has completed, you can select the Web Interface module (see Figure 16.5) and then select the Create Site task to begin creation of the first site.

Figure 16.5. You must create a new Web Interface site before you can begin to use the Web Interface.

During the setup, you are given the choice of creating one of three site types:

  • MetaFrame Presentation Server This site allows users to access the Presentation Server farm through the Web Interface.

  • Program Neighborhood Agent Services This site allows the PN Agent client to connect and retrieve the config.xml file.

  • Conferencing Manager Guest Attendee This site allows guest users to log in to Conference Manager.

You are then able to choose whether to make this the default page for the IIS site. You are also asked to choose either a local or central configuration file. Details on Remote Configuration are discussed in the next section of this chapter.

During the installation, you are prompted to provide both a reference name for the farm and the name of at least one Presentation Server within that farm that you want to make accessible through the Web Interface. After the site has been created, it appears as an object underneath the Web Interface icon in the Access Suite Console. When it is selected, you see the list of both the common and other tasks for the Presentation Server Web Interface site.

Quickly viewing the list of tasks, you will see that many of them are similar to those found within the Web Interface for MPS 3.0 (see Chapter 14.) The interface and location of the settings have changed, but the most of the options that can be configured in the environment have not changed much at all. This list summarizes the tasks and their purpose:

  • Manage Server Farms This task opens a dialog box that combines the settings found under Manage Farms and MetaFrame Servers in the MPS 3.0 Web Interface Console. From here, you can add multiple server farms to the WI and assign the order in which applications are queried and change password attempts are processed .

    For each server farm, you also define the servers that the WI can contact to query application information. If load balancing is disabled, the order in which the servers are listed determines the failover order. Failed servers are bypassed for 60 minutes, a setting that you can edit. The transport type used to contact the XML service also remains the same. You still have three choices: HTTP, HTTPS, and SSL Relay.

    The ICA Authentication Ticket setting found under the Authentication tab in MPS 3.0 has been moved here. Ticketing is enabled by default and still has a time to live (TTL) value of 200 seconds.

    An Advanced button on this dialog box provides you with access to enable or disable the pooling of socket connections between the WI site and the XML service. Enabled by default, this option helps to improve performance but in rare circumstances may cause instability. Disabling this option improves stability but reduces performance. XML socket time and retry options can also be modified from here. Citrix does not recommend changing these default values. Socket pooling should be disabled when the WI is contacting one or more MetaFrame Presentation Server for UNIX servers.

  • Configure Authentication Method The single Authentication setting in the WI for MPS 3.0 has been replaced with the Configure Authentication Methods Wizard. The Authentication methods are as follows :

    • Anonymous This setting is unchanged from 3.0.

    • Smart Card Smart Card authentication is now supported with MetaFrame Presentation Server for UNIX; otherwise , it is unchanged from MPS 3.0.

    • Pass-through This setting was called Single Sign-On in MPS 3.0. It now has the option to enable Kerberos authentication.

    • Pass-through with Smart Card Pass-through authentication support is also now available with Smart Cards.

    • Explicit As in MPS 3.0, you can enable two-factor authentication with either RSA SecurID or SafeWord. You can select Windows (or NIS on UNIX) or Novell NDS authentication on the next screen in the wizard. Domain and UPN customization options are available when you choose Windows. Similarly, context restrictions and contextless authentication options are available when you choose NDS.

  • Customize Appearance for Users This new feature to MPS 4.0 allows an administrator to quickly and easily customize the appearance of the Web Interface without having to do any scripting or custom Web development. Figure 16.6 shows the main customization dialog box. Four buttons allow you to customize various components of the WI:

    Figure 16.6. MPS 4.0 allows you to easily customize the appearance of the Web Interface.

    • Overall Layout Changes the overall layout of the Web page. Your choices are Auto, Compact, or Full Display; the default is Auto. Users can modify the overall layout, but this setting is not enabled by default.

    • Branding Enables or disables display of headers or footers for the site. You can also change the general branding color from the default of red, specify a header and logo image source location, and make the corporate logo a hyperlink.

    • Application Windows Dictates how the application icons are displayed for an authenticated user. The configurable options are background color and image, text color for the title bar, and the number of icons per row that are displayed. By default, the user can configure these settings.

    • Welcome Area Allows you to create a welcome area for the environment. The default and additional language messages can be in English, French, Japanese, French, or German.

  • Manage Secure Client Access Within this task, you define the appropriate security settings for your Web Interface environment. The four options listed here are equivalent to the similarly named settings in the MPS 3.0 Web Interface environment:

    • Edit DMZ Settings Here, you specify how the IP address of the MetaFrame server is presented to the end user. The options provided here are the same as those found in MPS 3.0 but have been organized to provide a more intuitive interface. The default option is still Direct, meaning that the client receives the real IP address of the MetaFrame server, and it is able to successfully connect to that address. You define the appropriate rules for each of the different networks from which users can connect to the environment. The order in which these rules are set dictates the order in which they are processed. For each of the access methods, there is also an equivalent Secure Gateway option that is defined when users are accessing the environment through the Secure Gateway.

    • Edit Secure Gateway Settings When users access the Web Interface via the Secure Gateway, you provide the SG information on this screen. The FQDN to the Secure Gateway is defined here. Session reliability can be enabled, an option not available with MPS 3.0. One or more Secure Ticket Authorities are added here. Remember that the STA component is now integrated into the XML Service in MPS 4.0. Load-balancing and failover rules mimic those for the server farm and servers. STA servers now maintain their own failover time intervals.

      Alert

      Session reliability support via the Secure Gateway is an important difference between the MPS 3.0 and MPS 4.0 Web Interfaces.


    • Edit Address Translations Any address translation mappings are defined here for any defined client routes, Secure Gateway routes, or both. Multiple mapping entries can be maintained if desired. This consolidates the translation mappings that were managed independently in MPS 3.0.

    • Display Settings These settings provide a visual display of the configured client access methods defined in the Edit DMZ Settings section. Unused settings appear grayed out.

  • Manage Client Deployment This task launches the Client Deployment Wizard, which allows you to configure options similar to those found in the Client Deployment settings page in the MPS 3.0 Web Interface. The first screen prompts you to select the clients that will be available for installation. Local Client, Native Embedded Client, and Client for Java are enabled by default. Embedded Remote Desktop Connection is disabled by default.

    The second dialog box contains settings that enable the automatic update of the Web client, whether the installation caption is displayed, and whether Unicode is supported. To support Unicode, you must select Support Version 8 or Later of the Clients. One new option on this screen is the ability to automatically fall back to the Java client if a native or embedded client is not detected. This can simplify user access when a local client is not available for use.

    In the next dialog box, you can make any desired changes to the default Web client CAB file used for installation.

    You then choose the Java packages that will be deployed with the client on the Client for Java dialog box. The fewer packages you select, the smaller the client download. Choose only those packages that are relevant to your environment. The packages available here are the same as those in the MPS 3.0 Web Interface, including the option to include a private root certificate with the Java package.

  • Edit Client-side Proxy When a proxy server is employed on the client side of the Web Interface, you can define settings here that dictate whether the Presentation Server client must communicate through the proxy server when connecting to a MetaFrame server. These options are the same as those found in the MPS 3.0 Web Interface console.

  • Manage Client Connection Settings Figure 16.7 shows the dialog box containing the client connection settings you can modify. These options have all been discussed either in the appropriate chapters of the book or earlier in this chapter when they pertain to MPS 4.0. For example, we reviewed the new client PDA device access and Windows key combination support earlier in this chapter. Most of these options have to do with whether a user has access to customize areas of the interface. One of the new options, Kiosk Mode, prevents users from saving any of their personal customizations.

    Figure 16.7. By default, users have access to modify some of the their personal Web Interface properties.

  • Manage Workspace Control This task gives you access to configure the Workspace Control features for Web Interface users. All of the common settings related to Workspace Control are modified here. The requirements and usage of Workspace Control have not been modified since MPS 3.0.

  • Control Diagnostic Logging Here, you can configure both diagnostic logging options for the Web Interface as well as customize the URL used for error callback.

  • Local Site Tasks Here, you manage general settings for the Web Interface site. You can modify the source of the configuration file for the site and modify the IIS hosting options, where you could specify the default page for the IIS site. You can also repair and uninstall a site.

  • Import and Export Configuration This task enables you to export the configuration from one server and import it into another.

Managing the Program Neighborhood Agent with the Access Suite Console

To create Program Neighborhood Agent configuration sites, choose the option Create Site and then select Program Neighborhood Agent Services. During the creation, you are requested to provide a server farm as well as at least one MetaFrame server within that farm. After these sites are created, you can create a new configuration file at the PN Agent site level or manage global options such as the server farms or client-side proxy settings.

When you select a specific configuration file, you then have access to configure the common features for the PN Agent environment. Many of these features are similar to those options already discussed for the Web Interface for Presentation Server, and much of this information is the same as that found within the old PN Agent Management Console. The available tasks for the PN Agent are

  • Configure Authentication Methods Allows you to define the default authentication for the PN Agent clients. This task is almost identical to the Web Interface settings, with the exception of two-phase authentication.

  • Change Session Options Opens a dialog box with three tabs. Here, you specify the desired session sizes, client resources (including color depth, Windows key combinations, and audio options), and the Workspace Control settings.

  • Manage Application Shortcuts Provides access to all of the shortcut-related settings for the PN Agent. This includes shortcut creation on the desktop, the Start menu, and the notification area on the system tray. You also can access the shortcut removals option here, allowing you to dictate how shortcuts are deleted from the client device.

  • Manage Server Settings Allows you to specify that SSL is to be used for client-to-site communications, whether the user can customize the server URL where the XML configuration file is read, and how the configuration is read from the file.

  • Manage Application Refresh Specifies how often the application list for an authenticated user is retrieved from all configured farms. These settings are unchanged from MPS 3.0.

  • Duplicate Client Configuration Duplicates the current configuration XML file, creating it with the same name with an x appended, where x is an integer that is incremented as necessary. For example, the file config.xml would be duplicated , and the new file would be called config_1.xml.

  • Export Client Configuration Allows you to export the file to whatever location you want and with whatever name you want.

Remote Configuration

The Web Interface now supports a feature called Remote Configuration. This feature allows the Web Interface for Presentation Server configuration file (WebInterface.conf) and/or the PN Agent configuration file (config.xml) to be stored in the farm's Data Store instead of locally on the Web Interface server. When configured to use a remote configuration file, the Web Interface retrieves the desired file from the Data Store (via an XML proxy called the Configuration Proxy, hosted either by IIS or the XML Service) when it starts up.

The Configuration Proxy communicates with a DCOM application called the Configuration Manager that is always installed with Presentation Server 4.0 but is activated only when it receives a request from a Web Interface server. The Access Suite Console loads a special .NET assembly to communicate with the Configuration Proxy. This assembly is called the Configuration Object Library (COL). To access the Configuration Proxy, the administrator running the Access Suite Console must be delegated a Presentation Server administrator with the access Log On to the Web Interface Console. With these permissions, the Configuration Manager can be successfully started on the Presentation Server, initiating the required communications to store and retrieve the remote configuration information.

Alert

Only a server running MetaFrame Presentation Server 4.0 can act as a Web Interface Configuration Server.


Because Remote Configuration requires access privileges on the Presentation Server, you cannot use Remote Configuration on a Web Interface server configured in a workgroup or standalone server outside a Windows domain. This effectively limits the Remote Configuration feature to only those Web Interface environments that run the web servers as part of a domain that can interact with Presentation Servers in the same (or another) domain.

Secure Gateway Configuration in an MPS 4.0 Environment

As we mentioned earlier, two of the major changes to the Secure Gateway with the latest Web Interface are

  • Integration of the Secure Ticket Authority (STA) feature into the Citrix XML Service in MPS 4.0

  • Support for Session Reliability in conjunction with the 9.x client and the latest Web Interface

Aside from these features, the Secure Gateway discussion in the "Securing Server Access with the Secure Gateway" section of Chapter 14 remains unchanged. Diagrams showing the STA can now have that component rolled up and into the production Presentation Servers, or running on its own MPS 4.0 server that is not simultaneously processing user logons . References to the STA installation can be omitted, but other components are installed in the same order and have the same installation process.

Modifications to the Web Interface to support the Secure Gateway are now done through the Access Suite Console. See the earlier section on the Access Suite Console and the Web Interface Console for details on the Secure Gatewayrelated settings and where they are located.



Citrix CCA MetaFrame Presentation Server 3. 0 and 4. 0 Exam CramT (Exams 223 and 256)
Citrix CCA MetaFrame Presentation Server 3. 0 and 4. 0 Exam CramT (Exams 223 and 256)
ISBN: N/A
EAN: N/A
Year: 2003
Pages: 199

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net