Glossary

See Application Compatibility Script .

Packages created using the Packager application included as part of Installation Manager.

See also Installation Manager packages .

The process of assigning server farm administrative and management privileges to users or groups from Microsoft Active Directory or Novell Directory Services. Custom privileges can be assigned to different nodes in the Management Console, or the generic Full authority or View-only authority privileges can be assigned. The first administrator created when the farm is created is assigned Full authority privileges.

A user-defined value at which an event, typically a user notification, occurs. Event thresholds can be defined within both the License Management Console and the Resource Manager. Within the License Management Console, thresholds can be set for license usage, subscription advantage date, and license expiration date. Within the Resource Manager, an alert threshold can be defined for change in metric state.

A policy filter state that applies the policy to all objects that meet the filter criteria.

A script used to ensure that legacy Windows -based applications function properly in a MetaFrame environment. Often these applications are designed as single-user applications and don't implicitly provide support for multiple concurrent user sessions. An ACS can be executed when the application is installed and/or whenever the application is launched. Scripts are initiated by the USRLOGON.CMD batch script.

The segregation of an application into a virtual execution environment on a Presentation Server. Within this virtual execution environment, the application is isolated from other applications and components on the server, protecting both the application and other processes in the environment from undesirable interaction.

Isolation is achieved through the virtualization of the file system, Registry and named objects, all of which are key operating system resources.

Server mode that places the Windows server into the multiuser access mode required for running MetaFrame Presentation Server or Terminal Services by itself. The number of concurrent user sessions allowed on the server is limited only by the number of Client Access Licenses available and the limit configured on the server.

When the Terminal Services component is installed on a Windows 2000 Server, you are given the choice to configure either Application Server mode or Remote Administration mode. When the Terminal Services component is installed on a Windows Server 2003 server, it automatically places the server into Application Server mode. The Remote Administration mode is available by default on all Windows Server 2003 servers.

See also Remote Administration mode .

The main configuration file for Program Neighborhood. All connection and client configuration settings for PN are stored in this file, which is copied from the main program folder the first time a user executes the PN and is stored in the Application Data\ICAClient folder of the user's profile. This file can be customized prior to the PN installation to define common settings and configure certain components of the user interface. Prior to installation, the file is called appsrv.src.

See also pn.ini .

A command-line utility that allows you to perform basic published application and application deployment tasks .

Presentation Server policy rule designed to enhance the performance of disk write operations from a MetaFrame server to a client-mapped drive. The asynchronous writes rule is designed for high bandwidth and high latency client/server connections and is not appropriate for users who are not operating in a high latency environment. This rule is new in MPS 4.0.

See also MetaFrame user policy .

See session ticketing .

Automatic attempt to reconnect to the server if a client is disconnected due to a network or device failure.

Automatic update of a client based on settings in the Client Update Database.

An ICA client feature that can be configured to attempt to retrieve the proxy settings from the default web browser for the device.

If the default browser is Internet Explorer and it is configured to automatically detect settings, the Win32 client ignores these settings and attempts a direct connection.

Automatic detection and mapping of client printers in a Presentation Server session.

A report generated by Resource Manager giving an associated cost with a particular resource's usage. Two types of billing reports can be generated. The first is a Cost Center report, typically created to bill a cost center for usage. At least one fee profile and cost center must be defined in Resource Manager before this report can be generated.

The other billing report is a Domain Users report. This report is used to generate resource usage bills to individual users or groups. The generation of this report requires only one fee profile.

See also cost center, fee profile .

SpeedScreen feature that enhances a web browser when running Internet Explorer 5.5 or later.

See Client Access License .

See Citrix Activation System .

See Citrix Connection Configuration .

See digital certificate .

A trusted source that issues digital certificates to requestors. A CA can be a third-party organization, or it can be internal to an organization, employing certificate-generating software such as Microsoft Certificate Services. One advantage of using a third-party organization such as VeriSign is that most operating systems (Windows, Mac, Linux, for example) include root certificates that verify the identity of these organizations and imply a trust relationship in the validity of certificates they issue. Root certificates generated by internal certificate services are not distributed by default, requiring you to ensure these certificates are distributed to the appropriate clients as required.

Citrix's Web application for configuring and downloading the license file for your MetaFrame Access Suite License server. It is accessed through the MyCitrix.com web portal.

Citrix's utility for managing the configuration of ICA and RDP connections on a Presentation Server. It provides certain ICA-specific settings not found in the Terminal Services Configuration utility.

A valid license that must be available for check out on the Access Suite License Server for each concurrent user who logs on to a Presentation Server. This file remains locked for the duration of the user's active connection(s) in the farm. After the user is logged out, the license is returned to the license server, where it is available for use by other users. The appropriate number of connection licenses is downloaded within a license file from the MyCitrix.com web portal.

See Presentation Server client .

Presentation Servers grouped in a logical management unit, all sharing a common database of information called a Data Store.

A service available by default on MetaFrame Presentation Server that allows for the creation of a secure SSL-based communication link between the client and a Presentation Server. SSL Relay can provide secure access to the Citrix XML Service for retrieving server farm information and processing authentication requests . SSL Relay can also be used to establish a secured and authenticated connection with a Presentation Server client or the Secure Gateway for the MetaFrame Access Suite.

A special product license automatically added to the Access Suite License Server after it has been installed. When a Presentation Server first starts, it attempts to contact the License Server to request a valid startup license. Once acquired , the license entitles the Presentation Server to communicate and request Citrix connection licenses whenever a user accesses published content on the server.

A Citrix printer driver that can substitute for the native driver associated with a client printer. The UPD allows support for printers that may not have a driver that can run on Presentation Server or simply to reduce the number of unique drivers that must be installed on the server. A UPD can be substituted only for client-mapped printers. It is not used on the local client, nor is it available as a substitute driver for printer mappings created directly within a Presentation Server session.

The smallest of the Win32 clients. The Web client is available in two types. One is the full Win32 Web client, which is also the default client deployed to all Win32 users connecting to the Web Interface without already having a local client. The other Web client, commonly referred to as the minimal Web client, has a number of components stripped out in order to make it the minimal size possible for download and execution.

The service responsible for providing server farm information to various requesting systems, such as the Presentation Server clients or the Web Interface for Presentation Server. Unlike the legacy ICA Browser, this service transmits information using TCP, not UDP. The default port for the XML Service is port 80.

The individual user license that is required to connect to a computer system. Both Citrix Presentation Server and Microsoft Terminal Server require their own unique client access licenses in order for users to be legally able to connect to a server. Citrix supports concurrent user licensing, allowing you to purchase only the licenses required for the maximum number of users on the server at any one time. Microsoft, on the other hand, requires per-user or per-device licenses. This means that a license is required for every user or device that will connect to a Terminal Server, regardless of how many of them are connecting concurrently. Terminal Server CALs are required even when you are running Presentation Server.

See also Citrix connection license .

A Presentation Server feature that allows access to the local client device from within the MetaFrame session. The supported devices include drives , printers, COM ports, audio (client-to-server and server-to-client), and the Clipboard. MPS 4.0 also includes support for client-side TWAIN devices such as scanners and Microsoft- powered PDA devices connected to a client via USB and supporting ActiveSync synchronization software.

Any printer that is locally accessible from the client device. This includes printers physically attached to the client; network-based printers accessible through a printer share or alternate means such as TCP/IP port; and virtual printers such as Adobe Acrobat, email, or fax printers.

See also local printer, network printer .

A settings page in the Web Interface console. Settings are configured on this page when you have remote clients that have local proxy servers between themselves and your server. Through these settings, you are able to define whether client connections to the Presentation Servers must go through those client-side proxy servers. By defining these settings on the Web Interface, you can manipulate their ICA client settings, ensuring that they can successfully connect to the Presentation Server.

A database that can be configured centrally among a number of Presentation Servers or can be maintained separately on each one. This database contains client installation images that can be pushed out to the client when it detects a newer version of the product for installation. An ICA client must already exist on the client machine to perform an automatic update. The Client Update Database is a client update tool. It cannot be used to configure deployment of a Presentation Server client to new client devices.

The companion CD-ROM available as part of the Presentation Server installation package. The Components CD contains installation sources for a number of nonPresentation Server products such as Presentation Server client installation files, Secure Gateway installation components, MetaFrame Conferencing Manager, and the Document Center. As part of the Web Interface installation, the Components CD is one option from which to retrieve the client installation images.

A feature that supports accessing content similar to accessing published applications. Published content can include any type of file such as a document, web link, or media file.

Integrated support available only through PN Agent; it requires the Enterprise or Advanced Edition of Presentation Server. It allows local file associations to open applications published in the farm.

See also extended parameter passing .

Server-based file association that can open applications running locally on the client device. For example, a web link could be opened using a local Internet Explorer instead of the browser on the server.

Individual users or groups defined within Resource Manager to group resource usage and generate cost center billing reports.

See also billing report, fee profile .

A Presentation Server 4.0 farmwide or per-server setting intended to improve the server's ability to manage CPU resources. By modifying the normal priority scheduling for processes in the system, Citrix is able to reduce both the frequency of application processing spikes and the resources reserved for coping with these spikes.

This feature is available only in the Enterprise Edition of MPS 4.0. To enable or disable it, simply check the option in the Memory/CPU Utilization Management property for the server farm node or the node of an individual server.

See also memory optimization .

A configuration in which two distinct server farms both share licenses from one common MetaFrame Access Suite License server.

A component of Resource Manager that is responsible for collecting summary data information from all Presentation Servers, including the farm metric server, and writing this information to the Summary database.

See also farm metric server, Summary database .

See zone data collector .

The central ODBC-compliant database for a server farm where persistent farm information such as published applications and printer information is maintained. The supported database management systems are Microsoft Access, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server, Oracle, and IBM DB2.

A subnetwork situated between a trusted internal network and an untrusted external network such as the Internet. This subnetwork is usually located between an external and an internal firewall, but it can also be located off a single external network. Servers are placed into this DMZ and can be accessed by clients on the untrusted network. This zone is created with the intention of segregating these servers so that if one is compromised, it does not allow unconstrained access to the internal network.

See also double-hop DMZ, single-hop DMZ .

A policy filter state that does not apply the policy to all objects that meet the filter criteria.

An electronic document that is presented by users or computers to verify they are who they say they are. The certificate can also contain a public encryption key that is then used to send encrypted messages back to the certificate presenter. Digital certificates are issued by trusted sources known as certificate authorities (CAs).

A setup that provides additional security by requiring traffic from the Internet to pass through two DMZs before accessing systems on the internal network. Servers placed in the first stage have no direct access into the internal network but are configured to have limited access to specific machines within the second DMZ. Only systems in the second DMZ are configured with access to servers on the internal network.

See also demilitarized zone, single-hop DMZ .

A Presentation Server feature that enables you to configure the farm to allow or restrict specific printer drivers from being installed on servers in the farm. By default, all printer drivers are permitted. This setting affects only client-mapped printers. It has no effect on the mapping of network printers from within Presentation Server.

See printer driver auto-replication .

See printer driver mapping .

The ability of a user to resize a desktop session dynamically. For example, user can change a 1024x768 session to 1280x1024 on the fly. The size can also be reduced if desired. Desktop contents are adjusted as required to fit within the new display size.

The capability to associate a local file type with a published application. This requires configuration on both the client and server to function properly. This feature provides functionality equivalent to client/server content redirection, a feature available only with PN Agent.

See also content redirection (client-to-server) .

By default, the first server upon which Resource Manager is installed in a server farm. The farm metric server is responsible for gathering metric information from other Presentation Servers, interpreting the results, and raising alerts if necessary.

A report that contains a cross-reference of rates to charge for resource usage. It associates a cost with resource usage and is used by Resource Manager when generating a billing report. Multiple fee profiles can be defined and used to calculate resource usage costs.

See also billing report .

See SpeedScreen Flash Acceleration .

A consolidated installation bundle in which all three Win32 clients are available. This Ica32Pkg.msi package can also be used to create customized installations containing only the desired Win32 clients.

A type of dial-in connection that allows clients to directly dial in to a MetaFrame Presentation Server without the additional overhead or configuration requirements of Microsoft's Remote Access Services (RAS). Direct dial-in requires that one or more modems be directly connected to a Presentation Server and properly configured for dial-in access. Asynchronous connections are configurable only on Windows 2000 Terminal Servers. Windows Server 2003and hence Presentation Serverdoes not support asynchronous client connections.

The process of discovering Presentation Servers or published content in a server farm. The Citrix XML Service provides HTTP-based browsing services via port 80 by default on all Presentation Servers. Legacy ICA browsing support is provided for MetaFrame 1.8 users via directed UDP or broadcast UDP connections on port 1604. Directed UDP browsing is supported by default in Presentation Server, but UDP broadcast listening is not enabled by default. The Broadcast Response setting must be enabled in the Management Console before this functionality is enabled.

See also Interoperability mode .

A service that manages legacy ICA browsing support via UDP on port 1604. In MetaFrame 1.8, this was an actual Windows service called ICA Browser. Now, the IMA Service provides integrated support by listening on port 1604.

A utility available only on Windows 2000 Server systems that allows you to create client installation diskettes for the Win32, Win16, DOS, and Web clients.

A wizard provided with Presentation Server that allows you to install or update the ICA client images on a MetaFrame server and in the Client Update Database, as well as install or update the ICA Pass-Through client. The ICA Client Distribution Wizard is automatically run during Presentation Server installation.

Legacy MetaFrame tool used to manually map client printers from within a MetaFrame session. This tool can still be used to map any available client printers, but it was created primarily to allow DOS and Windows CE clients to map printers because they could not automatically be created. The tool is no longer required for DOS or Windows CE clients. The desired client printer mappings can be defined within the farm and automatically applied when the DOS or WinCE clients connect.

A utility used to manage the Client Update Database.

See ICA asynchronous connection .

Citrix's native encryption support for the ICA protocol, also known as SecureICA. ICA traffic can be secured using different key strengths up to 128-bit. Encrypting ICA traffic makes it more difficult for someone to intercept and view session transmissions. ICA encryption does not provide server authentication, making it susceptible to man-in-the-middle attacks. Citrix does not recommend the use of ICA encryption for securing communications over an insecure network (Internet). Instead, Citrix recommends that you use the SSL support provided with the Presentation Server clients and the SSL Relay service. This provides strong encryption as well as the server authentication features not found in the ICA protocol.

A plain-text file (usually with an .ica extension), containing information on a published application. The file contents, organized in Windows INI file format, can be loaded and interpreted by Presentation Server clients. ICA files are passed by the Web Interface to a client session, allowing the client to parse the file and extract the necessary information to establish the connection with the specified server, running the specified application.

A property of the server farm that configures the servers in the farm to periodically send packets to the client to verify that the connection is still active. If the client fails to respond, the server places the client into the disconnect state. This property is commonly used when clients lose their connection to the server, but their session remains in the active state and does not disconnect properly.

Either the Program Neighborhood or Program Neighborhood Agent client, which can be installed on a server and used to provide users of non-Windows client devices with access to run PN or PN Agent as a published application. This allows them to take advantage of the features of these clients regardless of their local device's operating system or configuration.

A technique that allows remote viewing or controlling of another user's ICA server session; it is referred to as remote control when describing a similar technique using the Microsoft RDP. Depending on the server configuration, the shadower can either passively view the shadowed user's session or can interact with mouse and keyboard input. Shadowing is a powerful support and training tool because it provides an administrator with the ability to interact with another user regardless of physical location. Leveraging the functionality of the ICA protocol ensures that the overhead of shadowing is minimal, allowing the user to operate normally while the administrator assists in the issue at hand. Shadowing is also commonly used to provide remote training and coaching for users.

A special type of ICA file containing substitution tags instead of hard-coded connection settings. These tags are replaced with the appropriate values by the Web Interface when generating a custom ICA file. The default template file used with the Web Interface is called template.ica.

See also ICA file .

A simple management toolbar that appears, by default, down the right side of the desktop for any administrator who logs on to a Presentation Server. It provides a means of quickly launching the commonly used Citrix utilities. The toolbar can be customized or disabled if desired.

See Independent Management Architecture .

A SpeedScreen feature by which images are compressed before being sent to the client.

Citrix's Presentation Services protocol that allows a client to establish a session with a MetaFrame server and access server-based applications and content as if they were available locally on the client. ICA is platform independent, allowing access to a Presentation Server from almost any client platform. The functionality supported via the ICA protocol is extensible by way of virtual channels. A single ICA protocol packet is broken down into seven components, six of which are optional based on the data being transmitted. The seven components are

• Frame Head (optional)

• Reliable (optional)

• Encryption (optional)

• Compression (optional)

• Command

• Command Data (optional)

• Frame Tail (optional)

The management architecture foundation for the Presentation Server farm but also the name of the associated protocol that is employed for the server-to-server management communications. The ability to centrally manage any number of Presentation Servers, regardless of their location, is made possible by IMA. The IMA protocol is UDP-based, communicating from server to server via port 2512. Connections from the Management Console for Presentation Server are serviced on port 2513.

Collectively, any applications or other software components to be deployed within Installation Manager. Installation Manager supports three types of package formats: Microsoft Windows Installer packages (MSI), Microsoft Windows Installer patch files (MSP), and ADF packages. ADF packages are created using the Packager application provided with Presentation Server, Enterprise Edition. Packages can contain installation recordings, unattended installations, as well as individual folders or files.

Mode of operation that provides backward compatibility with MetaFrame 1.8, allowing for the transparent introduction of new Presentation Servers into an existing 1.8 server farm. It is also referred to as mixed mode . Interoperability mode is not supported in MPS 4.0. If this support is required for migration from a MetaFrame 1.8 environment, MPS 3.0 is required.

Alternate method of user authentication that does not send the user's password across the network. Kerberos is an industry-standard network authentication system that allows machines communicating over networks to prove their identity to each other. Kerberos authentication requires that both the server and the clients belong to the same or trusted Windows 2000 or 2003 domains. Version 8.x or higher of the Win32 MPS client supports the use of Kerberos authentication.

See Local Host Cache .

A web-based application that must be installed and run on the same server as the MASL component. It provides a GUI front end to manage licenses in the farm.

A period of time in which the MetaFrame server farm will allow user connections even without the availability of an Access Suite License Server before user access is suspended . If a MetaFrame server loses connectivity to a license server due to a license server failure, network issues or some other problem, the MetaFrame server immediately begins operating in a fail-over mode, which has a separate grace period of operation before the license server must once again be available. The time frame for the "fail-over" grace period is 30 days. For the fail-over grace period to be valid, the license server must have a valid license file installed. A license server with no valid license file does not allow a MetaFrame server to function in " fail-over " mode.

See also start-up grace period .

A set of rules that define how the load for a server is calculated by the Load Manager. The calculated value is used to determine the least-loaded server available in a farm for a given published application.

A utility available in the Advanced and Enterprise Editions that allows published applications to be load-balanced across multiple Presentation Servers. When users connect to a published application, they are directed by the Load Manager to the least-loaded server.

A special access database in which a subset of the Data Store is maintained on each server in the farm. This cache exists to provide Presentation Servers with quick access to Data Store information, as well as redundancy of Data Store information in the event that the server hosting the Data Store is unavailable. By default, the LHC can be found in %ProgramFiles%\Citrix\Independent Management Architecture\IMALHC.MDB.

When changes are made to the Data Store, each Presentation Server in the farm is notified of the change, which in turn causes it to refresh its Local Host Cache.

Presentation Servers also periodically query the Data Store for changes and update their Local Host Cache if required. The default query interval is 30 minutes, but this period can be adjusted by modifying the Registry on each server.

A printer that is directly connected to any MetaFrame server within a server farm. Directly connected can mean one of two things: Either the printer is physically connected to a MetaFrame server through an LPT or USB port, or a logical printer port has been configured that directs the print job to the remote queue for that printer. A TCP/IP printer port is one of the most common configurations, but third-party ports such as Lexmark or HP JetDirect can also be defined.

See also client printer, network printer .

The main management tool for Presentation Server server farms.

The different nodes within the Management Console that provide access to server farm management and configuration features. The available nodes are

• Applications

• MetaFrame Administrators

• Installation Manager

• Isolation Environments (MPS 4.0 only)

• Load Evaluators

• Policies

• Printer Management

• Resource Manager

• Servers

A Presentation Server 4.0 farmwide or per-server setting intended to reduce the overall virtual memory usage on a server by optimizing the load order of the DLLs for an application. Proper DLL load optimization can greatly reduce the amount of memory required to run an application, freeing up server resources and improving server stability and performance.

The optimization of virtual memory is scheduled through the Memory Optimization properties for the farm or an individual server. Citrix recommends that optimization tasks be performed when user load on the server is low. When enabled, memory optimization is performed daily at 3 a.m. by default. Applications that are adversely affected by the optimization can be explicitly excluded from this process.

Memory optimization is available only in the Enterprise Edition of MPS 4.0.

See also CPU utilization management .

Citrix's integrated licensing infrastructure that relies on a central server that performs all license management for the various Access Suite products. This server is responsible for storing and issuing licenses when requested . Unlike earlier versions of MetaFrame that required the entry of license and activation codes directly within the Management Console, a license file is downloaded and stored directly on the license server. The information contained within this file is used by the license server to determine characteristics such as the types of licenses and the quantity available for use.

The three different Presentation Server categories available. They are Standard Edition, Advanced Edition, and Enterprise Edition.

See Citrix universal printer driver .

A policy that allows an administrator to apply certain MetaFrame server settings to users based on their connection criteria and, hence, tailor the computing experience differently for different users. MetaFrame user policies are managed under the Policies node located in the Management Console for MetaFrame Presentation Server.

See also management nodes .

Performance-measuring units based on the operating system's performance counters; they are used by Resource Manager to determine a resource's current load. Thresholds in Resource Manager are set to trigger when a certain metric value is met or exceeded.

See also alert threshold .

Configuration setting for published applications that sets the minimum encryption level setting that must be defined on the client to be able to launch the application. By enforcing a minimum encryption level, you control what type of ICA encryption is being used. This setting does not affect the use of SSL for client connections.

See Interoperability mode .

Packages based on the Microsoft Windows Installer Service. They can be deployed using Installation Manager. Installation Manager cannot create MSI packages.

See also Installation Manager packages .

Patch packages based on the Microsoft Windows Installer Service. They can be deployed using Installation Manager but, like MSI files, cannot be created with Installation Manager.

See also Installation Manager packages .

See SpeedScreen Multimedia Acceleration .

The technology developed by Citrix to allow multiple users to simultaneously share resources and run applications on a central server. Each user operates in a session isolated from other sessions on the server. Microsoft has licensed the MultiWin technology from Citrix and incorporated it into Windows to produce Terminal Services.

Citrix's customer Web portal where you manage subscription advantage membership and license activations, as well as download media and access support options. With your subscription advantage membership, you receive access to a wide variety of features in your personal MyCitrix portal.

A process that allows computer systems on private networks to access resources on the Internet without requiring a public Internet address. With NAT, networks can use one set of "internal" addresses for their computers and have the return address of packets originating from those internal machines automatically changed to a valid external address when they pass onto the Internet. Return packets are automatically changed so that their destination points back to the appropriate internal system. This address translation process is transparently managed on an external router or firewall without any configuration required on the client.

Any printer that is connected to a print server and shared on a Windows network. This type of printer is accessible directly within a Presentation Server session just as it would be from a local Windows desktop. If a network printer is mapped on a local client device, from a MetaFrame session, it is considered to be a client printer, not a network printer. Only when a shared network printer is mapped from within a MetaFrame session is it considered a network printer.

See also client printer, local printer .

A standard Windows network drive share on the network where Installation Manager packages are stored and retrieved for distribution.

A Presentation Server in the farm assigned the role of configuring and deploying application packages via Installation Manager, a component of the Management Console. The Presentation Server does not have to be dedicated hardware.

The role assigned to a Presentation Server chosen as the source for ADF package creation. ADF packages are created using the Citrix Packager application and deployed using Installation Manager. Citrix recommends that a server with a configuration identical to other production servers but with no (or very limited) user sessions be dedicated as the Package Server for Installation Manager.

The action of scrolling around the desktop view to see different portions at one time when the Presentation Server window size is larger than the actual client desktop size.

See also scaling .

The use of local user credentials to automatically authenticate and access resources on the server.

See ICA Pass-Through client .

The companion file to appsrv.ini for Program Neighborhood. This file contains the properties for all defined application sets in the client. A copy resides in the same location as appsrv.ini for each user who has run PN. Prior to installation, this file is called pn.src.

See also appsrv.ini .

See Program Neighborhood .

See Program Neighborhood Agent .

Criteria created to enforce one or more policies on a set of users, client devices, and/or servers. Filters can be created on any combination of client IP address, client name, username or group name, and Presentation Server name.

Priority rankings given to MetaFrame policies, starting at 1, the highest, and lowering in priority as the value increases . The closer the priority number to 1, the higher the ranking compared to other policies. If two policies define the same policy rule, the policy with the higher ranking takes precedence.

A directive that dictates the configuration of a specific setting within a MetaFrame policy. A MetaFrame policy is made up of one or more rules. A rule can be in one of three states: not configured, disabled, or enabled. When the same rule is defined in more than one policy, an order of precedence is applied to determine the final state of the rule.

See also policy priorities .

A package that you define as being the default from which Installation Manager retrieves the source files for a publish application deployment. An application can reside within multiple packages. When deploying an application via application publishing, you should define a preferred package for that application so that Installation Manager knows from what package to draw the application during the installation.

Any device capable of establishing a client session with a Presentation Server. The device must understand the Citrix ICA protocol. Currently, Citrix maintains a mixture of names for clients on different platforms. For example, Win32 clients are now called Clients for Presentation Server, whereas Linux clients are still called ICA Clients for Linux. Regardless of the name, they are both considered Presentation Server clients.

Process by which printer drivers (files and associated Registry keys) for a given platform are automatically copied to all servers in the farm. You access printer driver auto-replication by right-clicking on the Drivers node under Printer Management in the Management Console for MetaFrame Presentation Server. Printers listed for a given platform are automatically replicated from the given source to all other servers running the same platform in the farm. Drivers from a Windows Server 2003 server will not replicate to a Windows 2000 Server and vice versa.

A cross-reference mapping between a client printer driver name and the corresponding server printer driver name. Because Presentation Server matches client printer drivers to server printer drivers based on the driver name, if the client and server names do not match then a mapping cannot take place. By creating a printer driver mapping, you provide Presentation Server with a means of associating the client printer driver with a server driver, ensuring the client printer connection is created. This problem is most common with legacy clients such as Windows 95. You can also use printer driver mappings to substitute a more generic and stable driver for one that may be known to have issues in Presentation Server.

One of the three Win32 clients. Program Neighborhood is considered to be the "full" Presentation Server client. It provides support for accessing application sets within individual farms and presenting the corresponding icons based on the credentials provided by the end user. PN also allows you to create individual connection shortcuts to published applications or specific server names. PN is recommended only for power users or administrators because this client does not provide centralized management capabilities. Once it is deployed, if changes must be made to the configuration, they must be made on the desktop, either from within the PN GUI or by directly manipulating the user's personal configuration files. The two main configuration files for PN are appsrv.ini and pn.ini.

One of two Win32 clients that reads configuration information from a central location and is managed through a web-based management console on the Web Interface. PN Agent is managed using the Program Neighborhood Management Console. It has a very small footprint on the client desktop, appearing only as an icon in the System Tray. The options that can be configured locally are dictated by settings defined in the PN Agent Management Console. Icons for application set information retrieved by PN Agent can be displayed in a number of different locations including the client's desktop, the Start menu and within the System Tray icon.

The Web-based management console for the Program Neighborhood Agent client. The PN Agent Console is included as part of the Web Interface and is accessed with the following URL: <Web Server>/Citrix/PNAgentAdmin.

One of two modes of operation available when the Terminal Services component is installed on a Windows 2000 Server; the other is Application Server mode. When Windows 2000 Server is configured to run in Remote Administration mode, it allows a maximum of two concurrent Remote Desktop Protocol connections to the server. They are considered administration connections and do not require any additional licenses. When operating in Remote Administration mode, the server does not attempt to contact a Terminal Services Licensing service.

On a Windows Server 2003 server, Remote Administration mode is available by default. You are not required to install the Terminal Services component. The only thing required to enable Remote Administration mode is to enable Remote Desktop access from under the properties of My Computer.

See also Application Server mode .

Microsoft's equivalent of Citrix's ICA protocol. RDP allows clients to establish a session on a Terminal Server and access server-based applications. Currently, RDP provides only a subset of the functionality available with the ICA protocol. Features such as seamless windows are not yet available. RDP is not a platform-dependent protocol, but Microsoft provides clients only for Windows 32-bit desktops and Apple Macintosh OS X. Some third-party and open source clients do exist for Unix- and Linux-based desktops.

An ActiveX client from Microsoft that uses the Microsoft RDP protocol instead of Citrix's ICA protocol to connect to a Terminal Server. Presentation Server provides basic support for the Remote Desktop Web Connection via the Web Interface, but most features that would be available to an ICA client are not available with this client.

A system management tool available through the Access Suite Console that provides extended reporting capabilities for Resource Manager.

The final set of policy rules applied to a given IP address, client name, user, user group, or server. It is determined by providing all the necessary information so that the final policy rule set can be determined.

See Workspace Control .

A special digital certificate used in conjunction with the certificate issued by a certificate authority (CA). By comparing the information in the root certificate with the data in the server certificate, the client can electronically verify the signature in the certificate. Assuming that the client trusts the root certificate, it can trust the information in the server certificate to be accurate.

Shrinking a larger client session window to fit within a smaller client device desktop size.

A feature that allows a published application to appear as if it is running locally on the client's desktop.

A component of the MetaFrame Access Suite that provides the capability to secure access to Presentation Server and Secure Access Manager. Acting as single point of entry into the secured network, Secure Gateway minimizes the attack surface of the environment while ensuring that all the necessary Presentation Server functionality is available to users, regardless of where they are connecting from. Secure Gateway employs SSL to ensure data integrity and security.

An MMC snap-in that allows basic management of the Secure Gateway. This tool is installed locally on the Secure Gateway server.

The Secure Gateway component employed in a double-hop DMZ to act as a conduit of data transmissions between the Secure Gateway and the secure internal network.

See also demilitarized zone, double-hop DMZ, single-hop DMZ .

See ICA encryption .

Nonproprietary industry-standard security architectures that provide server authentication, data encryption, and message integrity. TLS is a standardized version of SSL, renamed by the Internet Engineering Taskforce (IETF), which is responsible for developing an open-standard version of SSL. TLS 1.0 and SSL 3.0 have very few technical differences, hence the reason for the common use of SSL/TLS in combination.

A component of the Secure Gateway for the MetaFrame Access Suite that is responsible for issuing session tickets, which are used by the Secure Gateway to securely launch published applications on a given Presentation Server. The STA deployed with MPS 3.0 requires a server running IIS and must be manually installed. The STA deployed with MPS 4.0 no longer requires IIS and is now an integrated component of the Presentation Server installation.

An executable that, when launched, automatically initiates the installation of a Win32 Presentation Server client. A self-extracting executable installation is available for each of the Win32 clients. The executable names are ica32.exe for the Program Neighborhood client, ica32t.exe for the full Web client, and ica32a.exe for the Program Neighborhood Agent.

See digital certificate .

Changing the server driver letter(s) from the standard C:, D:, and so on, to any alternate drive letter sequence that you desire prior to installing Presentation Server by using a utility on the installation CD-ROM. For example, you could remap drives C: and D: on a server to be X: and Y:. Then, for example, when booting up the server, you would go into the folder X:\Windows\System32 to access the core Windows executables.

Server drive remapping is provided to allow you to select server drive letters that will not conflict with client-drive mappings. When attempting to map a user's client drives, Presentation Server first tries to map C: to C:, D: to D:, and so on. If these drive letters are in use on the server, Presentation Server uses alternate drives starting at V: and works backward. Often this type of alternate mapping can be confusing to users, particularly when running seamless published applications that allow for drive access.

See Citrix server farm .

Subfolders created under the Servers node in the Management Console for Presentation Server. They are typically created to allow the assignment of privileges based on specific server groupings.

The Presentation Server client property that dictates how the client performs ICA browsing. The configuration of the Server Location dictates the network protocol and method (HTTP, TCP or UDP) of browsing employed. Server Location settings for the Web, PN Agent, and Java clients are actually managed by the Web Interface, which is responsible for retrieving the desired application and server information. None of these clients directly query the Citrix XML or ICA Browser services.

See also ICA browsing .

A MetaFrame policy within which network printers can be configured to automatically map within a user's session. Session Printers is a policy new to MPS 4.0. It provides an alternative way of assigning network printers to users without requiring logon scripts.

Session Printers in MPS 4.0 replaces the network printer auto-creation feature found in MPS 3.0, which was accessed by right-clicking on a printer in the Printers node. This auto-creation option does not exist in MPS 4.0.

A Presentation Server feature that attempts to hide brief server disconnects by showing an hourglass mouse pointer and the current session window until the connection is reestablished and the user is automatically logged back on to the session. The user will notice that the system has become unresponsive but will not be aware that connectivity was actually lost unless access to the server is not restored.

See ICA shadowing .

A feature employed by the Web Interface and Secure Gateway to enhance authentication security. Instead of passing user credentials (ID and password) between servers and clients, a session ticket is issued to the client during application launching, which in turn is presented when requested to validate the user's right to access the application. Once used, a ticket expires and is no longer valid. It will also expire if not used within a certain time period.

See ICA shadowing .

A Citrix administration tool installed with Presentation Server that allows an administrator to simultaneously manage the shadowing of multiple different users.

A typical demilitarized zone (DMZ) situated between two firewalls.

See also demilitarized zone, double-hop DMZ .

A feature of MPS 4.0 allowing a user to log on and off Presentation Server simply by inserting or removing a smart card from a properly configured terminal. Inserting the card automatically initiates the logon to the farm and retrieval of the user's applications. Removing the card automatically logs the user off the farm.

The collective set of technologies Citrix developed to improve the responsiveness and speed of published content access, particularly over low-bandwidth/high-latency communication links. The following SpeedScreen enhancements are available:

• SpeedScreen Browser Acceleration

• SpeedScreen Flash Acceleration

• SpeedScreen Image Acceleration

• SpeedScreen Latency Reduction

• SpeedScreen Multimedia Acceleration

SpeedScreen technology that provides two features specifically designed to improve the responsiveness of graphically rich web pages and email. SBA provides performance improvements only in published versions of Internet Explorer, Microsoft Outlook, and Microsoft Outlook Express. Other web browsers and email clients cannot take advantage of SBA. This is an important point to note, as people often assume, particularly with the image compression feature, that it affects all browser or application versions on the server. SBA provides two enhancements. The first allows the user to scroll the pages and access the Back and Stop buttons while any images download in the background. The second allows for the compression of JPEG images, sacrificing image quality for a faster load of the image through the reduction in size of the image being transmitted to the client. Image compression introduces a minor increase in load on both the server and client.

SpeedScreen Browser Acceleration is enabled by default for the entire farm.

SpeedScreen technology that improves Flash rendering by forcing it to operate in low-quality mode by default. When Macromedia Flash animation is rendered on the server, image quality is processed in high quality by default. This results in large bandwidth consumption and poor animation quality on the client. While SpeedScreen Flash Acceleration reduces the quality of the animation, it also reduces both bandwidth and processing requirements to display that animation.

SpeedScreen Flash Acceleration is enabled by default for the entire farm.

SpeedScreen technology that employs a special compression technique known as lossy compression to reduce image file size, resulting in a smaller amount of bandwidth traversing the wire to be rendered on the client. The SpeedScreen Image Acceleration compression technique is so named because redundant or unnecessary information is removed from the image as part of the compression process. The resulting image does not retain the exact same quality as the original, but in most cases the differences are so small that they are not readily noticeable. The processing of large image files on a Presentation Server itself negatively affects the client by consuming large amounts of bandwidth.

Unlike SpeedScreen Browser Acceleration, which affects images available only through Internet Explorer, Microsoft Outlook, or Outlook Express, SpeedScreen Image Acceleration is available to all images on the server that might be displayed. SpeedScreen Image Acceleration is enabled by default but can be managed via MetaFrame policies to more granularly control who has access to what level of image quality if desired.

SpeedScreen technology made up of two features, mouse-click feedback and local text echo, both of which are designed to improve the perceived responsiveness of the server to the client. Mouse-click feedback, enabled by default, changes the mouse pointer from an arrow to busy (usually the hourglass) immediately after the user clicks on a link. The user interprets this as the server processing the request, which in turn reduces the user's tendency to repeatedly click the link when it doesn't appear to immediately respond.

When enabled, local text echo uses local client fonts to immediately display text as the user enters it, while simultaneously sending the information to the server where it is processed, updated on the remote display, and transmitted back to the client. Local text echo is intended to eliminate the delay of text entry and visual response. Local text echo does not work under all circumstances. Applications that use nonstandard text controls or employ non-Windows API calls to update text information do not function properly with local text echo.

SpeedScreen technology used specifically to define the thresholds at which MetaFrame's SpeedScreen latency reduction features are automatically enabled or disabled. In addition to these thresholds, you can also set the default behavior for text echoing and mouse-click feedback on a per-server basis.

SpeedScreen technology that can stream multimedia content (audio and video) directly to the client, where it is then decompressed and rendered locally. Traditionally, multimedia content was rendered on the server and then transmitted to the client in the uncompressed format, consuming extra bandwidth on the network and processing on the server. To achieve this, the following requirements must be met:

• Multimedia playback is supported only through published instances of Internet Explorer, Windows Media Player, or RealOne Player.

• Only media files compressed using algorithms adhering to Microsoft's DirectShow standard can be optimized using SMA.

• The client must have software installed that can process the multimedia stream being sent. If this software is not present, the audio/video stream cannot be processed.

SpeedScreen Multimedia Acceleration is enabled farmwide by default.

See Secure Sockets Layer (SSL)/Transport Layer Security (TLS) .

See Citrix SSL Relay .

See Secure Ticket Authority .

Period in which a license server operates until a license file has been downloaded and applied. During this grace period, the MASL server issues a maximum of two Client Access Licenses to nonadministrators. These licenses allow access to the MetaFrame server for a maximum of 96 hours (four days). After that, the users cannot log on until a valid product license file is downloaded and installed on the license server. This 96- hour grace period does not apply to an administrator, who is granted access to the product indefinitely.

See also license server failure grace period .

An optional component of Resource Manager that is housed on either a Microsoft SQL Server or Oracle server and maintains all historical data gathered by the Presentation Servers and the farm metric servers. A Summary database is required if you want to run reports on any historical performance data for the farm or generate billing reports.

Any Presentation Server within a farm chosen to receive packages deployed via Installation Manager.

See ICA template file .

The Microsoft licensing required for users connecting to a server running MetaFrame Presentation Server. Even though users may not be connecting using the Microsoft Remote Desktop Connection client, you are still required to purchase the appropriate number of Terminal Services Client Access Licenses (TSCALs). A CAL is required for a user to be able to log on to a server and access Terminal Services resources. The only exception occurs when the server is running in the standard mode, also known as Remote Administration. When the server is operating in this mode, two connection licenses are automatically included with Windows. Specific TSCALs are not required to perform the remote administration tasks on the server.

Terminal Services Licensing requires a server running the TS Licensing service. This service is managed using the Terminal Services Licensing Manager.

A SpeedScreen latency reduction feature that provides the user with instant feedback to text entry regardless of whether the data transmission from the server is complete.

See session ticketing .

A feature that allows the local time zone of the client device to be detected and used to display the appropriate local time for the user on the server. This feature allows users from different time zones to simultaneously log on to the same server and see an accurate representation of their local time. Limited support exists for detecting the time on legacy clients.

See Secure Sockets Layer (SSL)/Transport Layer Security (TLS) .

An image acquisition device (scanner, camera, and so on) that adheres to the public standard for application and image acquisition device interaction called TWAIN. MPS 4.0 includes support for accessing TWAIN-compliant devices connected to a client from within a Presentation Server session. The TWAIN Working Group is available at www.twain.org.

See Citrix universal printer driver .

A Windows Active Directory username in the familiar email address format username@domain . Windows 2000 Server and Windows Server 2003 support the entry of usernames in this format.

Legacy batch script used to launch application compatibility scripts and provide root drive support, a process required with Windows NT 4.0, Terminal Services Edition, to overcome the NT4 inability to map directly to a user's home share folder.

A bidirectional connection that can be used to exchange data between a Presentation Server and an ICA client. The ICA protocol supports these special extensions. Virtual channels allow for the expansion of functionality of the client by Citrix or third-party vendors . A number of ICA-supported functions such as Clipboard or client printer mapping leverage different virtual channels to transmit information between the client and server.

A per-session option within MPS 4.0, allowing an application to operate with its own IP address instead of depending on the IP address of the MetaFrame server. This setting is intended to assist in running applications on a Presentation Server that depend on having a unique IP address and/or a specific hard-coded local TCP port number in order to function properly.

The virtual IP address feature is enabled farmwide or on a per-server basis. Specific executables are then flagged as requiring the virtual IP address option.

See also virtual loopback address .

A per-session option within MPS 4.0, allowing each session to access its own loopback address. The loopback address is the TCP/IP address 127.0.0.1, also commonly referred to as localhost . The virtual loopback address setting is required only when an application has a hard-coded reference to the localhost address and a specific hard-coded TCP port number. Applications that use dynamic port addressing with the localhost address do not require a virtual loopback address.

The virtual loopback address option can be defined for the entire farm or on a per-server basis. Specific executables are then flagged as requiring the virtual loopback address option.

See also virtual IP address .

A utility that provides users with access to their published applications and content directly from a web browser. Clicking an application link creates a connection to the Presentation Server publishing the desired application.

The Web Interface configuration file, which contains all the settings that drive the Web Interface's functionality. The Web Interface Console provides a web-based front end to the contents of this file. When changes are directly made to this file, you must stop and restart the web server to apply the changes.

An extension to the Windows MetaFiles Format, the EMF format is the format used by the Windows spooler to store and process print jobs. An EMF-formatted print job is smaller than the raw print job, reducing the network bandwidth requirements when sent across the network.

Citrix's latest Universal Printer Driver (UPD) that ships with MPS 4.0 uses this format to transfer print jobs from server to client, speeding up the processing of client printing when compared to previous versions of MetaFrame.

A feature that enables users to quickly disconnect or log off all applications or to reconnect to all applications. It facilitates moving quickly between client devices and gaining access to all their applications when they log on. When this feature is configured, users can immediately pull up all their applications, even if they are active in another location. Workspace Control is available only when users access applications through the Web Interface (including with the PN Agent client).

A plain-text file found in the %ProgramFiles%\Citrix\System32 folder on all Presentation Servers. It contains a copy of the printer driver mapping information found in the farm's Data Store.

See also printer driver mapping .

A logical grouping of Presentation Servers. Typically, these servers are geographically close to each other, but this is not a strict requirement. All servers within the same zone communicate with a single server in the zone elected to be the zone data collector. When a farm contains multiple zones, only the zone data collectors (ZDCs) communicate with each other, reducing the amount of intra-zone communications and enhancing performance.

Unlike earlier versions of MetaFrame, starting with MPS 3.0, load information is not automatically shared between zones. Each ZDC maintains the load information for only its own zone. When a user attempts to connect to a published application, the ZDC in each zone is consulted to determine what server in the farm is publishing the application and currently has the least load. This can result in users crossing a WAN link to access a published application instead of accessing a local server.

Zone preference and fail-over rules are managed through MetaFrame policies, allowing you to define default and failover zones for users. This way, users access a published application in the zone " closest " to them, even if the load is higher in that zone compared to another zone. Zone preference and fail-over support are available only when users are connecting to the farm using the Web Interface or the Program Neighborhood Agent client.

A single Presentation Server responsible for keeping zone-specific information gathered from all the Presentation Servers within the same zone. Information that changes frequently is maintained in the ZDC, such as server user load and active and disconnected sessions. A Presentation Server in each zone is chosen to become the zone data collector through an election. Each server can be assigned an election priority, which influences the likelihood that it will be elected the data collector for a zone.

A policy rule allowing you to define both default and failover zones where users access published content. Through the definition of one or more Presentation Server policies, you can define preferred zones where users will attempt to launch applications. This allows for the establishing of preferred and failover zones, and is recommended by Citrix when you are deploying a farm with multiple zones located in geographically dispersed areas. For a user to benefit from zone preference and failover settings, the user must access published content through the Web Interface or the Program Neighborhood Agent. When you are editing the properties for a policy, you can find the zone preference and failover policy rule under User Workspace Connections.