Chapter 14: Client Configuration and Deployment


As discussed throughout this text, server-based computing focuses the vast majority of IT work and expertise on the server environment, and simplifies the client environment to the thinnest form possible. Delivery of on-demand computing requires that the client software install and configuration be instant and invisible to end users. The advances made by both Microsoft and Citrix over the last three years continue the trend of reducing desktop configuration, in many cases to nothing. Chapter 7 detailed the client choices; this chapter, building on Chapter 7, discusses the configuration and installation of the clients.

ICA Client Options for Application Access

Windows Terminal Server with MetaFrame XP accepts connections from the following types of clients:

  • A device running a web browser (I.E. 5.0 or Netscape 3.7 or later)

  • A thin client running ICA or RDP clients

  • A PC running any Windows operating system with an ICA or RDP client installed

  • A PowerPC Macintosh or 68K Macintosh (ICA only) or a Macintosh running OS X with an ICA or RDP client installed

  • A PC running a Linux operating system with a windowing system and an ICA client installed

  • An IBM, HP, or SUN UNIX desktop running a windowing system with an ICA client installed

  • Any number of tablet and handheld devices running Windows CE, Pocket PC, or CE.NET with an RDP or ICA client installed

  • A Java-enabled device (anything from a cell phone to a Linux appliance) running the ICA Java client

The decision as to which of these client types an organization will use is dependant on their current network, client environment, security requirements, and whether or not an organization will be running all or just a few applications from the server-based environment (the Hybrid environment is discussed in Chapter 7). Table 14-1 compares the features of the ICA client option choices.

Table 14-1: MetaFrame XP Feature Release 3 ICA Client Comparison

Win32 7.00

CE WBT 7.00

P'cktPC 7.00

Java (applet only) 7.00

Mac OS X 6.30

Linux X86 7.00

Solaris SPARC 6.30

HP, AIX 6.30

SGI 6.00

Mac OS 6.20

Display + Graphics

16/256 colors

x

x

x

256

x

x

x

x

x

x

16/24-bit color

x

x

x

x

x

x

x

x

x

x

Greater than 1280x1024

x

x

x

x

x

x

x

x

x

x

Memory cache

x

x

x

x

x

x

x

x

x

x

Persistent cache

x

x

x

x

x

x

x

x

x

x

Compression

x

x

x

x

x

x

x

x

x

x

Seamless windows

x( [16])

x

x

x

x

x

Text entry prediction

x

x

x

x

x

x

x

x

x

x

Panning

x

x

x

x

x

x

x

Scaling

x

x

Client Devices

Local files

x

x

x

x

x

x

x

x

x

x

Local printers

x

x

x

x

x

x

x

x

x

x

Printer detect

auto

manual

manual

manual

manual

manual

manual

manual

manual

manual

Universal Printer Driver

x

x

Universal Printer Driver 2

x

x

Serial ports

x

x

x

x ( [3])

x

x

x

x

x

Audio (server to client)

x

x

x

Medium

x

x

x

x

x

Text clipboard

x

x

x

x

x

x

x

x

x

x

RTF clipboard

x

x

x

x

x

x

x

x

x

Graphics clipboard

x

x

x

x

x

x

x

x

x

Middle button emulation

x

x

x ( [11])

x ([11])

x ([11])

x ([11])

Connections

Custom connections

x

x

x

x

x

x

x

x

x

NFuse (ALE)

x

x ( [6])

x ([6])

x

x ( [7])

x

x ( [2])

x ([2])

x ([2])

x ([7])

"Native" PN

x

PN Lite

x

x

PN Agent

x

x

x

TCP/HTTP browsing

x

x

x

x

x

x

x

x

x

x

Disconnect/reconnect

x

x

x

x

x

x

x

x

x

x

Auto client reconnect

x ( [10])

x

x

x

x

x

x

Roaming user reconnectx

x

x

x

x

x

x

Auto client update

x

x

n/a

x

x

x

x

x

x

NDS credentials

x

x

x

x

x

x

x

x

x

Ext. parameter passing

x

x

x

x

x

x

x

x

x

Content publishing

x

x

x

Content redir. client-svr

PN Agt.

manual

manual

manual

manual

manual

manual

manual

Content redir. svr-client

x

x

x

x

x

CDE integration (UNIX)

x

x

Speed browse

x

x

x

x

Packaging

Web-install version

x

x

Componentized

x ( [1])

x

x

x

ActiveX/Plug-in/applet

x( [15])

applet

Client object (ICO)

x

Signed packages

x

x

Security

Basic encryption

x

x

x

x

x

x

x

x

x

x

128-bit encryption

x

x

x

x

x

x

x

x

x

x

SOCKS 4 and 5

x

x

x

x

x

x

x

x

x

x

SSL (inc DNS resolution)

x

x

x

x

x

x

x

x

x

TLS

x

x

x

x

x

x

x

x

Auto Proxy Discovery

x

n/a

n/a

x

x

x

x

x

Secure Proxy

x

x

x

x

x

x

x

x

NTLM Proxy Authentication

x

x

x

Smart Card

x

x

x

x

x

International

Time Zone support

x

x

x

x

x

x

x

x

International keyboards

x

x

x

x

x

x

x

x

x

x

Fr, Ger, Sp versions

x

x

x ( [12])

x ( [4])

x ([4])

x ( [5])

Japanese version

x

x

x

x

x ([12])

x ([12])

x ([12])

x

Unicode Keyboard Support

x

x

SDKs

OEM SDK

x

x

x

x

VC SDK

x

x

x

x ( [13])

x ([13])

x ([13])

8 Medium only, and limited sound quality due to EPOC OS constraints

9 Applet mode only

14 Just adds parameters to "InitialProgram" string, doesn't use Control VC

[16]Win32 7.0 client has support for .NET "rounded" corners.

[3]Windows and Solaris only, using third-party software

[11]Provided by local UNIX OS, where necessary

[6]Requires Internet and Pocket Explorer fixes from MS

[7]Automated MIME registration for IE

[2]Not with Netscape 6

[10]Not when embedded in web page, since Auto Reconnect is not supported by ICA Client Object

[1]A white paper is available explaining how to remove modules from the Win32 web client.

[15]The download-and-run zero-install ActiveX control will be updated for version 7.0. There will be a full version and a minimal version.

[12]Linux x86 Fr, Sp versions at 6.0 functionality

[4]Fr, Ger, Sp versions of Solaris/Sparc, HP-UX and AIX clients at 3.0 functionality.

[5]Fr, Sp versions of SCO, SGI, Sol x86, SunOS, and Tru64 clients have less than 3.0 level functionality. Ger version at 3.0 functionality.

[13]Available by request, comes with minimal documentation

Our case study company CME has approximately 1500 users on the five-building campus network, and another 1500 users at remote locations throughout the world, and it supports over 600 traveling and home users. The local users have historically received a new PC every five years. In order to reduce ongoing PC costs, CME has decided to provide all applications to users utilizing server-based computing. With all applications provided through SBC, a majority of users will be able to use a thin client. Since the lease on 600 of these PCs is up this year, CME has decided to replace the PCs with thin clients, creating a mix of thin clients and PCs throughout the organization. As discussed in Chapter 7, purchasing thin clients rather than PCs creates significant savings (CME will save $600,000 on the first set of thin clients compared with buying PCs).

The thin clients that CME has chosen are Linux-based thin clients, with a basic ICA and RDP client, and no web browser. Additionally, these thin clients have a remote management tool that pushes the latest ICA client and ICA client configurations directly to the thin client upon boot.

Thus, for the first 600 users, the client configuration is now set. For the other 2400 users though, the client options need to be analyzed and a decision made on which ones to run where. The remaining sections of this chapter will complete this analysis and provide answers to the client choices.

The Push or Pull Client Debate

Although the device choice to run the ICA client is nearly limitless, the way in which we provide visibility of the applications to these devices is limited to four choices:

  • MetaFrame Web Interface client

  • MetaFrame Program Neighborhood and Program Neighborhood Agent client

  • A Microsoft Terminal Server Advanced Client web interface client

  • A manually configured ICA or RDP client connection

The first three of these choices are "push based," meaning they provide a user with the icon, configuration, client software, and updates to the client software without the user having to understand the configuration, perform it, or step through an installation. The last choice requires that a user (or administrator) perform an installation, configure the client software, and then configure a connection. In this chapter, we will focus on these four methods of client deployment and what is required for the client-side configuration. The server-side configurations, security configurations, and customization are discussed at length in Chapter 16.

All the latest Citrix ICA clients are available from Citrix's web site (www.citrix.com/downloads). There are three types of Citrix ICA Win32 client software: Program Neighborhood, Program Neighborhood Agent, and Web Client. And three varieties of client software packages: an executable (ica32.exe), a cab file (wfica.cab), and a Microsoft Installer Package (ica32.msi). All three packages have identical contents.

In order to make sense of these choices and reduce the complexity to answer the simple question of which client to use at what times, we will focus our attention back on our reference case study company, CME Corporation. CME has a very wide assortment of client devices, network configurations, application requirements, and end-user skill sets.

MetaFrame Web Interface Clients

When applications (or full desktops) are published through MetaFrame Web Interface, users access them via a web browser. This method is very easy for end users, as they only have to know a URL address (or have it bookmarked or linked to) to connect and run a MetaFrame Published application. Users only see the applications that have been published to them by the administrator (using the Citrix Management Console and users and groups from Active Directory, Novell NDS, or Novell eDir). No client configuration is required by the end user. Web Interface supports Macintosh, UNIX, and Windows client types, as well as Netscape Navigator and Windows Explorer web browsers. Figure 14-1 shows a typical MetaFrame Web Interface access site.

click to expand
Figure 14-1: The MetaFrame Web Interface site

Our case study organization, CME, has over 400 home-based and traveling users who need remote access support, and must also support up to 200 concurrent remote users from all departments who need to work from home on nights and weekends. About 300 of these remote users are road-warrior sales people, and company executives. The home users have a large variety of client and operating system configurations, including Macintosh, Windows 98, Windows 2000, and Windows XP machines. All the remote users need access to Outlook e-mail and their Microsoft Office applications and files. In addition to these applications, the sales group needs access to their Customer Relationship Management software package, Microsoft CRM, and the executives need access to their financial reporting and analysis tools (Microsoft Excel spreadsheets, FRx, and Crystal Reports applications, with links to the SQL server accounting databases). In Chapter 17, we will discuss the network configuration to support and secure these users, but for the purposes of this chapter, we will discuss what client they should use and how to deploy it in the simplest, lowest-cost model, with the smallest amount of ongoing support. For these CME users, we recommend using the MetaFrame Web Interface client.

Configuring the MetaFrame Web Client for Silent User Installation

To configure the ICA Win32 Web Client for silent user installation:

  1. Extract the ICA client files from ica32t.exe using your preferred compression utility. This installer package is located in the following directory (substitute language with the language of the ICA client software) of the Components CD-ROM included in the MetaFrame XP media pack: Icaweb\language\ica32. Languages to choose from include

    • En (English)

    • Fr (French)

    • De (German)

    • Ja (Japanese)

    • Es (Spanish)

  2. Locate and open the Ctxsetup.ini file in any text editor.

  3. To suppress the initial user prompt, locate the InitialPrompt parameter. Change the value of the setting from 1 to 0.

  4. To suppress the Citrix License Agreement dialog box, locate the DisplayLicenseDlg parameter. Change the value of the setting from 1 to 0.

  5. Save the file and exit the text editor.

  6. Repackage the client files for distribution to your users and install the ICA Win32 Web Client. The ICA Win32 Web Client self-extracting executable, ica32t.exe, is located in the directory (substitute language with the language of the ICA client software) of the Components CD-ROM included in your MetaFrame XP media pack: Icaweb\language\ica32.

Installing the ICA Win32 Web Client

To Install the ICA Win32 Web Client:

  1. Run ica32t.exe.

  2. The initial prompt informs you the Citrix ICA Win32 Web Client is about to be installed. Click Yes to continue setup.

  3. The Citrix License Agreement appears. Click Yes to accept the agreement.

  4. A window appears stating Setup is copying files to the client device. The default file location for the ICA Win32 Web Client is Program Files\Citrix\icaweb32.

  5. Citrix ICA Web Client notifies you once the install completes successfully. Click OK to clear the message.

  6. If you are running Netscape Navigator, you must restart the browser.

Deploying the MetaFrame Web Interface Client

MetaFrame Web Interface provides users with four choices of client software that will be pushed to the user. The administrator can either force the use of a given client software choice, or leave it to the user to choose which one to use.

  • The universal Win32 web client This client software is identical to the Program Neighborhood Win32 client except that it does not include the Program Neighborhood files and does not install an icon on the desktop or in the Start menu. The full Web Client is available as a self-extracting executable and as a .cab file. At approximately 1.8MB in size, this package is significantly smaller than the other ICA Win32 clients. The smaller size allows users to more quickly download and install the client software. You can configure the ICA Win32 Web Client for silent user installation. There is also a minimal installation choice for this client that has a significantly smaller footprint (about 1.01MB) and thus takes about half the time to download. Table 14-2 shows the feature differences between the minimal and regular Win32 web client installation.

    Table 14-2: Feature Comparison of the ICA Win32 Web Client and ICA Win32 Web Client Minimal Installation

    Feature

    ICA Win32 Web Client

    Minimal Installation

    User-to-user shadowing

    X

    Smart card support

    X

    X

    Content redirection

    X

    Enhanced content publishing support

    X

    X

    Roaming User Reconnect

    X

    Support for SSL/TLS encryption of ICA session data

    X

    X

    Support for Web Interface for MetaFrame XP, NFuse Classic, and the Web Interface Extension for MetaFrame XPe

    X

    X

    Support for MetaFrame Secure Gateway

    X

    X

    Enhanced Internet proxy support

    X

    Auto Client Reconnect

    X

    X

    Novel Directory Services support

    X

    Extended parameter passing

    X

    Seamless windows

    X

    Client device mapping

    X

    Client drive mapping

    X

    X

    Client printer mapping

    X

    X

    Sound support

    X

    TCP/IP + HTTP server location

    X

    X

    Wheel mouse support

    X

    Multiple monitor support

    X

    Panning and scaling

    X

    Per-user time-zone support

    X

    Windows Clipboard integration

    X

    Low bandwidth requirements

    X

    X

    SpeedScreen latency reduction

    X

    Disk caching and data compression

    X

  • The Java ICA client The Java ICA client was updated significantly with Feature Release 3 to include more features and run faster. The Java client enhancements include

    • Support for SSL communication

    • Unpackaged code, which allows the administrator to select which features to not install, allowing administrators to potentially decrease the download time

    • New connection center that supports multiple published application processing

    • Seamless application look and feel

    • Improved screen rendering (cuts down on screen flashing)

  • The Java client is the smallest and most non-obtrusive of the ICA clients, intended for use on machines that are heavily locked down or that don't allow software installation (such as a Kiosk). The ICA Java client will run on any operating system that has a Java Virtual Machine (JVM) installed. The Java client is not as speed-optimized as the other ICA clients for high latency or highly graphical environments, so although it is much improved, it is still generally relegated to situations where it is the only choice that will work.

  • The Macintosh client Citrix has ICA client software for both the older Macintosh clients (MAC OS) and the latest MAC OS X operating systems.

  • The UNIX ICA client UNIX users who connect to the MetaFrame Web Interface site must use the appropriate UNIX ICA or Java client. Administrators may configure MetaFrame Web Interface to automatically detect and download the appropriate UNIX client.

Since most of CME's remote users are on Windows laptops and home PCs, we recommend that CME configure Web Interface to detect and push to the users the appropriate ICA client (or ICA client update) for their machine. In order to support users from hotels, trade shows, and airport Kiosks, we recommend that CME allow users to customize their Web Interface login session to select the Java client and only those modules required to improve load speeds. We will use the full installation of the Win32 Web Client (ica32t) in order to take advantage of the additional features and performance.

The Web Interface client does not require any user or client-side configuration for CME users. There is a fair amount of server-side configuration and optimization for Web Interface though, which will be covered step by step in Chapter 16. ICA client-side optimization settings are covered later in this chapter.

A larger question should be raised at this point—why not use this client for all 3000 users at CME? Although the Web Interface client is simple and sufficiently powerful for use throughout the organization, for cases where the client machine type is fully known and controlled, there are some advantages to fully integrating the Program Neighborhood Agent client discussed next—for instance, it needs fewer clicks from the user since it doesn't require opening a web browser and going to a URL—meanwhile, it allows for more user configuration. A more obvious point for thin-client users though is that, as discussed in Chapter 7, many thin clients do not have a web browser.

Microsoft Terminal Server Advanced Client

Terminal Server Advanced Client (TSAC) was released in October of 2000 and as of this writing is essentially unchanged. TSAC is a Win32-based ActiveX control (COM object) that can be used to run Terminal Services sessions within Microsoft Internet Explorer 4.0 and later. This tool is similar in form and function to MetaFrame Web Interface, but TSAC only supports Win32-based clients running Internet Explorer. Additionally, TSAC is limited to one application or server connection per URL. Figure 14-2 shows a basic TSAC site.

click to expand
Figure 14-2: A Terminal Server Advanced Client site

The TSAC web package is downloadable from Microsoft's web site at www.microsoft.com/windows2000/server/evaluation/news/bulletins/tsac.asp and includes the downloadable ActiveX control and sample web pages that can be used as a starting point for delivering Terminal Server applications through Internet Explorer. Developers can also use the TSAC to develop client-side applications that interact with applications running on a Terminal Server. TSAC is a great tool for smaller organizations, or for smaller deployments of one or Two applications where MetaFrame XP is not being used, since it is the only RDP client that does not require desktop setup, configuration, and manual updates.

Although the RDP clients have improved dramatically over the last three years, they are still missing some critical features necessary for enterprise deployments. Chapter 3 went into more detail, but as a quick example, here are several reasons why our case study, CME Corp, will be using the ICA client rather than the RDP client:

  • ICA supports non-Windows machines with full-featured, full-color client connections. Since CME has over 400 UNIX, Linux, and Mac machines, this support is critical.

  • ICA supports enterprise application load balancing rather than just the round-robin approach utilized by RDP. This feature is critical when supporting thousands of users across nearly 100 servers.

  • ICA is a non-streaming protocol. When compared with the streaming nature of RDP, ICA will support 30 to 50 percent more users on a given WAN link. Since CME has many WAN links worldwide, optimal use of these expensive links is critical.

  • The MetaFrame Web Interface and integration with Secure Gateway provide a powerful secured access method without firewall reconfiguration or port opening. This solution is not available with RDP. The RDP solution requires opening ports on the firewall. The RDP web deployment solution is only useful with a very limited number of applications, since a user can only see one application from each URL.

MetaFrame Program Neighborhood Agent Client

With MetaFrame Feature Release 1, Citrix introduced a new Win32 client choice called Program Neighborhood Agent (PN Agent). PN Agent is a Windows 32 Desktop client that utilizes a Web Interface Server for its configuration. For local PCs, this ICA client provides a best-of-both-worlds solution, including a robust set of desktop integrated features, yet requires little to no client-side configuration.

PN Agent supports Client-to-Server Content Redirection, which utilizes the MetaFrame Web Interface Server to recognize applications and automatically update a user's MIME type associations to call ICA applications rather than local applications. For example, if a user clicks on a Microsoft Word File in Windows Explorer, the Microsoft Word Published Application from the MetaFrame XP farm will be called rather than a local copy of Microsoft Word. When a user disconnects from the MetaFrame XP farm, the MIME types are returned to their original associations.

Program Neighborhood Agent employs a simplified user interface (compared with the Full PN client), which removes complexity and features. For example, because all connection information is pushed down from a Web Interface site, the Program Neighborhood Agent does not require (or allow) a user to specify a farm to connect to, or to create a custom ICA connection.

Program Neighborhood Agent is a separate Win32 client downloadable from the Citrix web site, and is only available for Windows 32-bit clients. It is installed using the ica32a.exe or ica32a.msi files.

Program Neighborhood Agent icons can be accessed from icons placed directly on the user's Windows desktop, Start menu, or System Tray by the user, or done remotely by the administrator.

Of the 1200 local campus users at CME who won't be receiving a new thin client, about 900 are on Windows-based machines (the other 300 are on Macintosh and UNIX/Linux PCs). The Program Neighborhood Agent client makes an excellent client choice for these 900 users.

An example of how a MetaFrame-based Microsoft Great Plains installation appears to a user running from a Windows 2000 client with Program Neighborhood Agent installed is shown here. Notice that it looks identical to the user, as if it was installed locally.

click to expand

Installing the ICA Win32 Program Neighborhood Agent

The ICA Win32 PN Agent can be installed using one of the following packages:

  • ica32a.msi A Windows Installer package for use with Windows 2000 Active Directory Services or Microsoft Systems Management Server; approximately 1.9MB in size

  • ica32a.exe A self-extracting executable; approximately 2.75MB in size

Installing the ICA Win32 Program Neighborhood Agent with the Windows Installer Package The PN Agent Windows Installer package (ica32a.msi) can be distributed with Microsoft Systems Management Server or Windows 2000 Active Directory Services. This package is located in one of the directories (substitute language with the language of the ICA client software) of the Components CD-ROM included in your MetaFrame XP media pack:

  • Icaweb\language\ica32

  • Icainst\language\ica32\pnagent

Note

To install the ICA client software using the Windows Installer package, the Windows Installer Service must be installed on the client device. This service is present by default on Windows 2000 and Windows XP systems. To install ICA clients on client devices running earlier versions of the Windows operating system, you must use the self-extracting executable or install the Windows Installer 2.0 Redistributable for Windows, available at www.microsoft.com.

Since our case study, CME, has over 900 local campus PCs and another 1500 PCs at remote campus locations to install the PN Agent Client on, it is obvious that an automated choice for this installation is required. Since CME will be using Web Interface to provide the configuration information for the PN Agent client, CME will leverage Web Interface to also distribute this client software to all 2400 users.

Configuring the Windows Installer Package for Silent User Installation The PN Agent Windows Installer package can be configured for "silent" user installation to ensure users don't see the installation options or attempt to interrupt or make the wrong installation option choices. Windows Installer informs the user when the client software is successfully installed. The user must clear the Windows Installer message box.

To configure the Program Neighborhood Agent Windows Installer package for silent user installation:

  1. At a command prompt, type msiexec /I MSI_Package /qn+ [Key=Value] where MSI_Package is the name of the installer package.

The following keys can be set:

  • PROGRAM_FOLDER_NAME=<Start Menu Program Folder Name>, where <Start Menu Program Folder Name> is the name of the Programs folder on the Start menu containing the shortcut to the Program Neighborhood Agent software. The default value is Citrix Program Neighborhood Agent. This function is not supported during client upgrades.

  • ENABLE_DYNAMIC_CLIENT_NAME={Yes | No}. To enable dynamic client name support during silent installation, the value of the property ENABLE_DYNAMIC_CLIENT_NAME in the installer file must be Yes. To disable dynamic client name support, set this property to No.

  • CLIENT_ALLOW_DOWNGRADE={Yes | No}. By default, this property is set to No. This prevents an installation of an earlier version of the client.

  • ENABLE_SSON={Yes | No}. The default value is No. If you enable the SSON (Passthrough authentication) property, set the ALLOW_REBOOT property to No to avoid automatic rebooting of the client system.

  • SERVER_LOCATION=<Server_URL>. The default value is PNAgent. Enter the URL of the Web Interface that hosts the configuration file. The format must be in the format http://<servername> or https://<servername>.

    Note

    The Program Neighborhood Agent appends the default path and file name of the configuration file to the server URL. If you change the default location of the configuration file, you must enter the entire new path in the SERVER_LOCATION key.

  • ALLOW_REBOOT={Yes | No}. The default value is Yes.

  • DEFAULT_NDSCONTEXT=<Context1 [,...]>. Include this parameter to set a default context for Novell Directory Services (NDS). If you are including more than one context, place the entire value in quotation marks and separate the contexts by a comma. The following are examples of correct parameters:

     DEFAULT_NDSCONTEXT=Context1 DEFAULT_NDSCONTEXT="Context1,Context2" 

    The following represents an incorrect parameter:

     DEFAULT_NDSCONTEXT=Context1,Context2 

Central Configuration of the Program Neighborhood Agent Client

The advantage of PN Agent over the other ICA clients (other than the web client) is that it is configured centrally via the Program Neighborhood Agent Admin tool (which changes an XML file on the Web Interface server) rather than via configuration files on the local devices.

To access the Program Neighborhood Agent Admin tool, connect to http://servername/Citrix/PNAgentAdmin/ with an administrator account on the server running MetaFrame Web Interface.

The custom options for all users running the Program Neighborhood Agent on a network are defined in a configuration file stored on the server running the MetaFrame Web Interface. The client reads the configuration data from the server when a user launches the PN Agent, and updates at specified intervals. This allows the client to dynamically display the options the administrator wants the users to see based on the data received. The settings configured using the Admin tool affect all users who read from this configuration file.

A default configuration file, config.xml, is installed with default settings and is ready for use without modification in most network environments. However, this file can be edited, or multiple configuration files created, using the Program Neighborhood Agent Admin tool. This allows an administrator to add or remove a particular option for users quickly and to easily manage and control users' displays from a single location.

The config.xml file is placed in the \Inetpub\wwwroot\Citrix\PNAgent directory on the Web Interface server during the installation process. New and backup configuration files created using the PN Agent Admin tool are stored in the same folder as the default configuration file. The data configuration files serve two purposes:

  • To point clients to the servers that run users' published resources

  • To control the properties on users' local desktops, thereby defining what tabs and options users can customize

A configuration file controls the range of parameters that appear as options in the user's Properties dialog box. Users can choose from available options to set preferences for their ICA sessions, including logon mode, screen size, audio quality, and the locations of links to published resources.

Multiple configuration files can be created to fill all of an organization's needs using the Program Neighborhood Agent Admin tool. After creating a configuration file and saving it on the server running the new Web Interface, users will need to be given the new server URL that points to the new file.

Note

SSL/TLS-secured communications between the client, server, Web Interface, and smart card logon are not enabled by default. These features can be activated in the Server Settings section of the Program Neighborhood Agent Admin tool. In addition, SSL must be enabled on the MetaFrame server to utilize SSL/TLS-secured communications.

As discussed at length in Chapter 10, it is important to test all enterprise-wide applications in the test environment prior to full deployment. The PN Agent deployment should be tested by installing a copy of the client on a single client device, then on five devices (preferably with different Windows operating systems and environments). The test installations will allow a full evaluation of the default settings and determine whether or not adjustments are required to fit your particular network needs. Comparing between the configuration file and the client, you can monitor the effects of your changes on the client behavior.

Caution

The settings in the configuration file are global, thus affecting all users connecting to that instance of the file. The Program Neighborhood Agent Admin tool automatically creates a backup file (with the extension .bak) when a configuration file is loaded into the tool.

Configuring Farmwide Settings The Program Neighborhood Agent Admin tool is divided into several sections, allowing control and definition of different aspects of the user experience. These sections include

  • Client Tab Control

  • Server Settings

  • Logon Methods

  • Application Display

  • Application Refresh

  • Session Options

Administrators can define whether users see any tabs in the Properties dialog box of the Program Neighborhood Agent, and also what options they can and cannot customize. Each tab, and the settings that can be customized, are detailed next.

By default, users can access the Program Neighborhood Agent Properties dialog box from the Windows System Tray. Administrators may choose to hide or display tabs in the Client Tab Control section of the Program Neighborhood Agent Admin tool, including the Server, Application Display, Application Refresh, and Session Options tabs.

Note

Changing these parameters directly affects the contents of the Properties dialog box for all users affected by the configuration file you are modifying. If you remove a tab from the Client view, users cannot customize any options on that tab.

Enabling and Disabling User-Customizable Options This section contains an overview of the options available in the Properties dialog box. The instructions are presented in the order of the tabs on which each option appears.

  • Server Tab Options The Server tab options can be modified using the Program Neighborhood Agent Admin tool, located on the options pages for Server Settings and Logon Methods.

  • Server Settings This allows you to configure server connection and configuration refresh settings. Other options allow you to define when users are redirected to a different server—at connection time or at a scheduled client refresh. Enable SSL/TLS communication here as well, changing URLs to use the HTTPS protocol automatically.

  • Logon Methods Providing a choice of multiple logon modes may be necessary in environments where multiple users employ the same client device but use different logon modes. This allows you to determine what logon methods are available to users, to force a default logon method, and to allow a user to save his password. The definable logon methods include Anonymous, Smart card, Smart card with Passthrough authentication, User prompt, and Passthrough authentication. If multiple logon methods are selected, users can choose their preferred logon method from a drop-down list. NDS credentials from the specified tree can be required from users who are prompted for a logon or who select Passthrough authentication. If you do not want users to have access to any of these options, use the Client Tab Control section of the Program Neighborhood Agent Admin tool to hide the Server tab altogether. You can show or hide the tab at any time.

    Note

    By default, users who are prompted for credentials can save their password. To disable this function, clear the Allow user to save password check box in the Logon Methods section of the Program Neighborhood Agent Admin tool. If you did not enable the Passthrough authentication feature when you first installed the Program Neighborhood Agent, you must reinstall the client software before you can use the Passthrough authentication logon mode.

  • Application Display Tab Options The options available on the Application Display tab let users place links to published resources in various locations of the client device, including the Windows desktop, the Start menu, the Windows System Tray, and any combination thereof. Using the Application Display options in the Program Neighborhood Agent Admin tool, you can define which settings users are allowed to customize. The client queries the configuration file at connection time to validate each user preference against its controlling element in the file. If you do not want users to have access to any of these options, you can use the Client Tab Control section of the Program Neighborhood Agent Admin tool to hide the Application Display tab altogether. You can show or hide the tab at any time.

  • Session Options Tab Options The options available on the Session Options tab let users set preferences for the window size, color depth, and sound quality of ICA sessions. Using the Session Options section of the Program Neighborhood Agent Admin tool, you can define what settings are available to the user. Users can choose each available option from a list. The preferences users set for color depth and sound quality affect the amount of bandwidth the ICA session consumes. To limit bandwidth consumption, you can force the server default for some or all of the options on this tab. Forcing the server default removes all settings for the corresponding option, other than Default, from the interface. The settings configured on the Web Interface server apply. If you do not want users to have access to any of these options, you can use the Client Tab Control section of the Program Neighborhood Agent Admin tool to hide the Session Options tab altogether. You can show or hide the tab at any time.

  • Application Refresh Tab Options The options available on the Application Refresh tab let users customize the rate at which the ICA client queries the Web Interface server to obtain an up-to-date list of their published resources. The Application Refresh tab is hidden from the Properties dialog box by default. If you want to give users control over the refresh rate, you need to enable the tab first. Enabling the Application Refresh tab makes all options on it user-customizable, unless you modify each option in the Application Refresh section of the PN Agent Admin tool.

Customizing the ICA Win32 Program Neighborhood Agent This section presents general information about customizing user preferences on the client device running the Program Neighborhood Agent. To customize user preferences for the Program Neighborhood Agent:

  1. In the Windows System Tray, right-click the Program Neighborhood Agent icon and choose Properties from the menu that appears.

  2. Select the Session Options tab.

  3. Make the desired configuration changes.

  4. Click OK to save your changes.

For more detailed information, see the online Help for the Program Neighborhood Agent.

Configuring the Server URL The Program Neighborhood Agent client requires input of the URL pointing to a configuration file (config.xml is the default configuration file) on the server running MetaFrame Web Interface.

Should the Web Interface server address need to be changed, the PN Agent client will also have to be updated with the new address. To change the URL of the Web Interface server from the PN Agent Client:

  1. In the Windows System Tray, right-click the Program Neighborhood Agent icon and choose Properties from the menu that appears.

  2. The Server tab displays the currently configured URL. Click Change and enter the server URL as directed in the dialog box that appears. Enter the URL in the format http://<servername>, or https://<servername>, to encrypt the configuration data using SSL.

  3. Click Update to apply the change and return to the Server tab, or click Cancel to cancel the operation.

  4. Click OK to close the Properties dialog box.

To delete memorized server URLs:

  1. In the Windows System Tray, right-click the Program Neighborhood Agent icon and choose Properties from the menu that appears.

  2. Select the Server tab.

  3. Click Change.

  4. Click the down arrow to view the entire list of memorized server URLs.

  5. Right-click the URL to be deleted and select Delete from the menu that appears.

  6. Click Update.

  7. Click OK.

MetaFrame Program Neighborhood Client

The big brother to the Program Neighborhood Agent client is the Win32 Program Neighborhood (PN) client, which provides users access to server farms, application sets, and published applications. The primary benefit of Program Neighborhood over the Web client or the PN Agent client is that the user has a nearly infinite number of settings that can be changed to customize the client. The disadvantage is that it is more complex, must be configured at the client (rather than through the Web Interface server), and does not automatically change the MIME types on the client. Similar to PN Agent, PN allows an administrator to push the ICA application icons and configurations (that a user has been granted permission to) to the end-users' desktops (and Start menu) as soon as they start the Citrix PN client.

Program Neighborhood icons can be accessed from the PN client, or the icons can be placed directly on the user's Windows desktop or Start menu by the user, or be done remotely by the administrator.

Program Neighborhood with some custom ICA connection folders is shown next.

click to expand

Program Neighborhood vs. Program Neighborhood Agent

Because the configuration options must be configured (either remotely or locally) via the configuration files of Program Neighborhood, rather than centrally via the Web Interface server, Program Neighborhood is more client-configuration intensive. There are a few instances in which the Full Program Neighborhood Client should be used rather than PN Agent:

  • When there is no Web Interface server in the environment

  • When the users require detailed configuration of the client

  • In disparate user environments, where each user has very different client settings requirements, thus making the central administration and configuration of the client software of little value

In our case study, CME, none of these instances exist, so CME will use the PN Agent client for all LAN campus PC users.

UNIX and Linux ICA Clients

Table 14-1 shows how the UNIX and Linux ICA clients stack up to the Win32 ICA clients. The Linux 7.0 client is comparable in its features and speed to the Win32 clients. The only significant missing feature of the Linux 7.0 client is the Program Neighborhood feature set, which isn't applicable to Linux. The UNIX clients remain one version behind the Linux and Win32 clients, but are still mature, fast, and feature-rich.

Although the normal deployment methods used in a Windows environment are not applicable (for instance, Active Directory, SMS, and so on), a MetaFrame Web Interface site can still be utilized to deploy the UNIX/Linux ICA client. Another option is a centrally run, and stored, script. Many UNIX and Linux environments utilize centrally stored and executed scripts for most applications in the environment, and the ICA client will deploy effectively using this method.

Our case study, CME, has 200 local and remote UNIX desktops used by engineers for Computer Aided Design and Manufacturing, as well as 100 Linux desktops utilized by the software development teams. CME utilizes both a MetaFrame Web Interface site and several c-shell scripts stored on the main file server, pathed from the UNIX and Linux machines, to run a full desktop published application. The published desktop provides Microsoft Office applications, Microsoft Outlook, MathCAD, and other PC-based engineering and mathematical applications to the engineers and developers.

Macintosh Clients

ICA and RDP clients are available for Macintosh OS X users, both of which are fast and full-featured. For users running older Macintoshes, the ICA client is the only choice available, although it is a full revision behind the Win32, Linux, and Mac OS X clients. The legacy Mac client is supported for both PowerPC and 68K versions. The ICA Macintosh clients come in .HQX and .DMG (for OS X) formats. The configuration is very similar to the Win32 configuration (without the Program Neighborhood features). As Table 14-1 showed, features such as local drive and printer mapping are fully supported on the Macintosh ICA clients.




Citrix Metaframe Access Suite for Windows Server 2003(c) The Official Guide
Citrix Access Suite 4 for Windows Server 2003: The Official Guide, Third Edition
ISBN: 0072262893
EAN: 2147483647
Year: 2003
Pages: 158

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net