The Management Console allows you to control all aspects of your farm. You can make global settings that are implemented farm wide by manipulating the different settings the Farm node offers, or you can make server-specific changes by making the changes directly to that server. In the following sections, we tackle both scenarios.
The Farm node allows you to make changes that will be enforced farm wide to all the servers. To access the farm properties, follow these steps:
1. | Launch the Management Console and log in. |
2. | In the left control pane, right-click the Farm node, which is the first node and is always represented by the name of your farm, and then click Properties. |
In the new window that opens, you can manipulate the different settings that can be applied farm wide (see Figure 6.1). These settings are described in the following sections.
The Connection Limits option allows you to control how many ICA sessions a user is allowed to launch or have open at the same time. You can enable this setting by clicking the check box next to Limit Connections Per User and then enter a value in the Maximum Connections field. You can also choose to enforce this rule to administrators by checking the box next to Enforce Limit on Administrators.
You can also configure this rule to log repeated failed attempts to launch a session by checking the Enable Logging of Over-the-Limit Denials box.
Due to the nature of server-based computing, you always have clients who connect via various communications means. Some may connect from a WAN, whereas others may connect via a modem halfway across the world. In many instances, an ICA session is dropped; however, the Management Console may still report this session as being active. You can configure the ICA Keep-Alive setting to query ICA sessions at regular intervalsfor example, every 60 seconds. In the event that a response is not received within 60 seconds of a query, the server disconnects the user session automatically.
To enable ICA Keep-Alive, check the box next to Enable ICA Keep-Alive and set the Time-out value. The default setting is 60 seconds.
Note
Prior to the release of MPS 3.0, you could configure ICA Keep-Alive only by creating the Registry entry ICAKeepAlive.
The settings you can configure on the ICA Settings window control how the server optimizes the display of graphics for optimal performance. The settings are as follows :
ICA Display This section contains two configurable options: Discard Redundant Graphics Operations and Alternate Caching Method. The Discard Redundant Graphics Operations option strips the image from all the extra data it may contain (such as layers ) and sends just enough information to properly display the graphic. Alternate Caching Method forces the server to use older algorithms that were used with MF 1.8. You can also specify the maximum amount of memory a session can consume for graphics by entering a value in kilobytes in the Maximum Memory to Use for Each Session's Graphics text box.
Degradation Bias This section controls what actions need to be taken when the session's performance becomes unacceptable. You have two options: Degrade Color Depth First or Degrade Resolution First. Degrade Color Depth First means that when the session starts to lag, the server takes the first course of action; in this case, the action is to lower the color depth of the session to boost performance again. The second answer reduces the resolution of the session to boost performance. You also have the option of notifying the user when degradation will occur by checking the Notify User of Session Degradation box.
Auto Client Reconnect This section controls the client auto reconnection to a dropped or disconnected session. You can force the user to reauthenticate to a dropped session for increased security by enabling Require User Authentication, and you can also enable Log Automatic Reconnection Attempts on the server to have some way of tracking these reconnections.
The Information window offers a summary of what is going on in your server farm. It is divided into three sections offering the following information:
Connection Information offers information on current session count, which tells you how many sessions you currently have connected to different servers. It also shows how many Citrix MPS servers are members of this server farm.
Published Resources summarizes and classifies your published resources. It gives you a count of published applications, published desktops, and published content.
Zone Information offers a list of the different zones you have and the Data Collector for every zone.
Note
Previously, the Information window listed the number of licenses in use. With the introduction of MPS 3.0, this information has been moved to the Citrix License Server.
The Interoperability setting should be used only during a migration or an upgrade from MetaFrame 1.8 to MetaFrame Presentation Server. It has a single configurable setting: Work with MetaFrame 1.8 Servers in the Farm. Configuring this setting basically means that the MPS servers also respond to broadcasts by ICA clients. This setting should be temporary and should be disabled after the migration is over to take full advantage of the complete features of the Independent Management Architecture framework.
The License Server window allows you to specify the hostname of the server that has the Citrix License Server software installed on it. That server should obviously also have activated connection licenses. The MPS servers query this server for licenses when they receive incoming ICA connections.
You can also configure the TCP port on which this license server is configured to function. The default is 27000.
MetaFrame Settings can be applied to all MPS servers specifically in a global manner as follows:
Broadcast Response allows you to enable or disable Data Collectors Respond to Client Broadcast Messages and also enable or disable RAS Servers Respond to Client Broadcast Messages. This capability typically is useful in a network with legacy applications where UDP is used to broadcast a message for a list of published applications.
Client Time Zones allows you to enable or disable Use Client's Local Time. By enabling this feature, you allow the ICA client to broadcast its time to the server, and as such, any files the user creates are time-stamped with the user's local time as if he or she was creating this file locally on his or her machine. The second option is Disable Local Time Estimation. This option allows an administrator to disable local time estimation for the client; thus, any files the user creates are time-stamped with the server's time. Local time estimation is used in older clients where time could not be broadcasted; it uses the server's time in coordination with the user's time zone to estimate the local time where the user is working.
Enable XML Service DNS Address Resolution allows you to enable or disable XML service DNS address resolution. For users to be able to take advantage of this, they must be using ICA client version 6.20.98 or higher.
Novell Directory Services Preferred Tree allows you to specify a preferred tree for Novell Directory Services. Before you can configure a Novell Directory Services Preferred Tree, the Intranetware client should be installed on the MPS server.
Enable Content Redirection from Server to Client allows you to enable or disable content redirection from the server to the client. For example, if you publish an HTML page, when the user clicks on the published content, it is launched via the Internet Explorer browser on his or her local machine rather than on the server.
Enable Remote Connections to the Console is valid only with Windows Server 2003 servers. If enabled, it gives you the option to right-click a server in the Servers node and launch a session directly to the server's console.
Session Reliability is a cool new feature introduced with MPS 3.0. It allows you to maintain a session even after you lose connectivity to the server in the event of a signal loss or an IP failure. Sometimes when you're working, all of a sudden your PC or mobile device may lose its signal or IP connectivity. With session reliability enabled, the session freezes for a period of time that you can preconfigure; the default is 180 seconds. After 180 seconds, or the interval you have specified, if the signal or IP connectivity is not restored, the session is dropped.
Session Reliability is enabled by default; you can set the time in seconds for how long it should remain active. To do this, enter the correct value in the Seconds to Keep Sessions Active field. MPS servers will listen on TCP port 2598 for attempts to restore a dropped connection.
Note
Changes you make to the Session Reliability section take effect only after all the servers in the farm have been restarted.
The SNMP window allows you to configure how MetaFrame servers in your farm communicate notifications back to the SNMP Manager. The settings configured in this window have a farm-wide effect, which means they are enforced on every server. You can, however, override these settings on a server-by-server basis if you like. For more information on how to override the Simple Network Management Protocol (SNMP) settings on an individual server, check out the section "The Servers Node" later in this chapter.
To enable SNMP, you will, of course, need to install that component on your Windows machine by going to Add/Remove Windows Components in Add or Remove Programs from the Control Panel. You can add that component under the Management and Monitoring Tools. After it is installed, you can check the box next to Enable SNMP Agent on All Servers. When this feature is enabled, the following options in the Session Traps section are made available:
Session Logon sends a trap notification every time a user logs on to a session.
Session Logoff sends a trap notification every time a user logs off.
Session Disconnect sends a trap notification every time a user's session is disconnected or if a user disconnects.
Session Threshold Exceeded sends a trap notification when the session's threshold is exceeded. The session threshold is configured in the Session Limit Per Server text box.
Session Limit Per Server allows you to specify the setting that should trigger a trap notification message. For example, if you enter 100 in the text box, as soon as the session count on a server reaches 100, a trap notification is sent out.
SpeedScreen Browser Acceleration is the newest addition to the SpeedScreen technology family; it improves the performance of published applications that have GIF and JPEG images embedded in HTML pages. Examples of such applications include Microsoft Outlook, Microsoft Outlook Express, and Microsoft Internet Explorer 5.5 or later.
To take advantage of this technology, enable it by clicking the check box next to Enable SpeedScreen Browser Acceleration. After you enable this option, you can then enable another option that further allows you to tweak how much compression you want to apply. The higher the compression, the more bandwidth improvement is noticeable. Higher compression, however, means sacrificing image quality. Compression settings are Low, Medium, and High.
The Enterprise Edition of MetaFrame can take advantage of another option that you can enable by checking the box next to Determine When to Compress. This option allows the Enterprise Edition MPS server to determine when to compress based on bandwidth availability and image size .
SpeedScreen Flash Acceleration is another new addition to the SpeedScreen technology family that improves the performance of Flash animations within an ICA session. The Flash Player would have to be installed on every MPS server that will play Flash animations. To enable this feature, you must click the check box next to Enable Macromedia Flash Player.
Selecting this check box, in turn , unlocks the option Optimize Flash Animations. Enabling Optimize Flash Animations, by clicking the check box next to it, allows you to then configure the optimization by either selecting Optimize Flash Animation for Restricted Bandwidth Connections or Optimize Flash Animations for All Connections.
SpeedScreen Multimedia Acceleration improves the quality of streaming audio or video within an ICA session. The technology is developed in a very intelligent manner so as not to put strain on the server's CPU but rather lets the client's CPU take on the CPU utilization by rendering the stream.
To enable this technology, click the check box next to Enable SpeedScreen Multimedia Acceleration. You then have the option of tweaking the buffering settings by selecting one of two options in the Network Buffering section. You either can choose to select Use the Default Buffer of 5 Seconds, which is the recommended choice, or you can manually select the buffer settings by choosing the Custom Buffer Time settings and then setting it accordingly .
Zones are used to create a perimeter within which servers located in the same location can communicate. Servers should be divided into zones based on their geographical location to control the amount of inter-server communication and optimize performance. Zones are usually created by default based on servers' subnet memberships. However, in the event that servers belong to different subnets on the same network, you should create one zone, and you should make all the servers within a defined perimeter members of that zone. If, for example, you have two locations in the Chicago area that have MetaFrame servers, one downtown and one in Skokie, you should then have two zones, one to group the downtown servers and the other to group the Skokie servers.
From within the Zones window, you can complete the following tasks (see Figure 6.2):
New Zone allows you to create a new zone.
Remove Zone allows you to remove an existing zone. Before you can remove an existing zone, however, you have to make sure that no servers are members of that zone.
Rename Zone allows you to rename an existing zone.
Move Servers allows you to move server memberships between zones.
Set Election Preference allows you to specify the election criteria by which the zone Data Collector is chosen. You can set a server to have the Most Preferred setting, which means that this server will always be chosen as the Data Collector. Alternatively, you can set the preference to Preferred, which means this server is a favorite to win a Data Collector election. The third option is Default Preference, which basically means that this server may participate in the Data Collector election, and the last setting is Not Preferred, which means this server should never be elected as a zone Data Collector unless all the other servers with Most Preferred, Preferred, and Default Preference are unavailable.
You also can enable the following two settings by checking the box next to each:
Only Zone Data Collectors Enumerate Program Neighborhood When you check this box, you instruct the servers in the farm not to respond to client queries for published applications. You limit this role to the zone Data Collector by instructing it to respond to client queries or broadcasts for published applications.
Share Load Information Across Zones When you check this box, you instruct the Data Collectors in every zone to share load information about their zone with each other.
The MetaFrame Administrators node allows you to add, remove, or edit a MetaFrame administrator. With MPS 3.0, you can now further customize an administrator's access rights based on a role that you create for him or her. For example, if your farm spans different geographical areas with servers in different cities, you can group your server in folders and then give MetaFrame administrators access to just that folder.
To add a MetaFrame administrator, right-click the MetaFrame Administrators node in the left control pane and click Add MetaFrame Administrator. Now browse your directory structure, locate the administrator account you want to add, click Add, and then click Next to proceed. The next screen allows you to provide information about the way alerts should be sent to this administrator; your options are Email, SMS Number, and SMS Gateway. Fill out the information accordingly and click Next to continue.
You are then presented with the following three options to choose from:
View Only allows the administrator to browse the entire farm but does not give him or her the ability to make any changes.
Full Administration grants the user account full administrative privileges over the farm.
Custom allows you to tweak the permissions the user account gets. You have the option to limit permission on applications, servers, the nodes the user account can make changes to, and so on (see Figure 6.3).
The last option on this window is Disable MetaFrame Administrator Account(s). This option creates the account with permissions you select but disables the account until such time when you are ready to allow the administrator to use it; at this point, you need to enable it.
All user session management is administered via the Management Console. You can view user session information, interact with users, and provide any and all technical assistance needed. There are two ways to find, view, and interact with users in the Management Console. You can use either the Applications node or Servers node. The options in both scenarios are the same; the only difference is your preferred method on sorting the users and interacting with them.
If you use the Applications node to find users, all you have to do is expand that node, select the application the user is using, and then find the user in the right control pane. If you use the Servers node, all you have to do is expand that node and then select the server the user is connected to. You can also choose to remain at the top of the node, which means highlighting the actual Servers node, viewing all the users connected to all the servers, and interacting with them that way.
Regardless of your preferred method of finding the users, after you locate them, you can interact with them by right-clicking a user or users. The following options are then presented to you (see Figure 6.4):
Connect This extremely useful option allows you, as an administrator, to connect a user's disconnected session. For example, if the user becomes disconnected from the server for any reason and his session remains in disconnect mode, you can connect to it, save the user's unfinished work, and log him off gracefully, thus saving hours of work.
Disconnect This option can also be very useful. If you find a user who has been idle for two hours, for example, you may choose to place her session in disconnect mode to free up valuable server resources that would then be available to active users on that server.
Send Message More often than not, you may need to communicate a message to your users. For example, if you see the server is running low on resources or a security vulnerability needs immediate attention, you can send your users a message asking them to save their work and log off.
Shadow This is probably the most important and most sought-after feature. It allows you to control a user's session remotely for any number of reasonsmost importantly, technical support or training.
Reset This action item resets a user's session. It kicks the user off the server immediately, so it should be used properly.
Status This useful troubleshooting option allows you to query the user's session and ensure that it is still communicating and exchanging packets.
Logoff Selected Session This option allows you to log off a user's session. The difference between logging off a user's session and resetting it is that this option logs off the user session in a graceful manner rather than just kicking the user off immediately.
Session Information This option gives you vital information about the session, such as the Session Processes, Session Information, Client Modules, and Client Cache.
Sort Table This option allows you to sort the method by which information is displayed, for example, username first, server the user is logged into second, logon time, and so on.
Filter Table This option allows you to filter for certain fields. You can use this option when you have server names that begin with DLM, for example; you can set the filter so that it displays just these servers.
The Servers node allows you to administer and/or configure servers in the farm on an individual basis. It also allows you to organize the servers into folders for easier navigation and administration. In addition, the Servers node allows you to override farm-wide settings that were enabled on the Farm node. An example is the SNMP settings.
To get to the properties of a server, right-click it and select Properties. You are then presented with a window that allows you to make changes to that server only. You can select SNMP and uncheck the check box next to Use Farm Settings. Then you can enter manual information for that server.
From the Properties window of a server, you have the following options:
Hotfixes displays a list of Citrix and Microsoft hotfixes. It also shows you who installed the hotfix and on which date.
ICA Keep-Alive was discussed in the section on the farm. You can override the farm settings here and apply server-specific settings.
ICA Printer Bandwidth allows you to control the amount of network bandwidth available for printing via this server. The options are Unlimited and Limited. When selecting the latter, you can set the amount of bandwidth that can be used in kilobytes by entering a value in the box labeled Bandwidth to Use (Kbps).
ICA Settings were covered in the farm node section. You may choose to override the farm-wide settings and configure different settings for servers on an individual basis.
Information displays information specific to this server such as the operating system it is running, the network it is configured on, MetaFrame version, ICA port, and so on.
License Server allows you to override the farm settings specified for license server and configure the server manually to point to a specific license server. It also allows you to specify the port on which it should connect.
MetaFrame Settings allows you to configure settings specific to this MPS server. You can choose Create Browser Listener on UDP Network, which allows this MPS server to respond to ICA client broadcasts on UDP networks. You can also enable Server Responds to Client Broadcast Messages, which responds to ICA client broadcast messages. This option is supported only in Native mode. You can control whether a server accepts ICA sessions by enabling or disabling Enable Logons to This Server. You can also choose to log the use of the shadowing capabilities by enabling or disabling Enable Shadow Logging on This Server. You can change the port for the Citrix XML service by modifying the value of the TCP/IP Port text box. The Enable Content Redirection from Server to Client option was discussed in the section on farm node settings; here, you have the option of overriding the farm node settings. In Remote Console Connections, you can choose to use farm settings, or you can override them and select Enable Remote Connections to the Console; this feature works only with Windows Server 2003.
Published Applications displays information about applications published on this server.
SNMP was covered in the section on farm node properties. You may override the farm settings and specify server-specific settings.
SpeedScreen Browser Acceleration was discussed in the section on farm node settings. You may override those settings here and specify server-specific settings.
SpeedScreen Flash Acceleration was discussed in the section on farm node settings. You may override those settings here and specify server-specific settings.
Workspace Control , also known as "follow-me roaming," is a new feature introduced with Web Interface 3.0. It basically allows a user to disconnect, reconnect, or log off one or all of his or her published applications. This feature is very useful for users who move around from device to device and want to quickly reconnect to their published applications. You can disconnect on one ICA device and then go to the next one and reconnect to all your disconnected applications. To enable this feature, select Trust Requests Sent to the XML Service.