Presentation basic administration for citrix xen app 6

Basic Administration
f Cit i X A 6for Citrix XenApp 6
Introduction and Course
O iOverview

Overview
Topics covered in the module include:
• Student Introductions
• Facilities
• Course Materials
C P i it• Course Prerequisites
• Course Outline
• Citrix Education
• Course Evaluation and Completion Certificate• Course Evaluation and Completion Certificate

Student Introductions
Include the following information in your
introduction:
• Name and companyp y
• Job title
J b ibilit• Job responsibility
• Networking and load balancing experience
• Citrix hardware and software experience
• Class expectations• Class expectations

Facilities
• Parking
• Restroom and phone locations
• Class policiesp
• Break and lunch schedules
E i f ti• Emergency information

Course Materials
Materials include:
• Name card
• Student workbook
• Exercise manual

Course Prerequisitesq
Prerequisites include knowledge of the following
t itopics:
• Microsoft Windows Server 2008 with Terminal
S i Mi ft Wi d S 2008Services or Microsoft Windows Server 2008
R2 with Remote Desktop Services
B i k l d f i t lli li ti• Basic knowledge of installing applications
• Basic network security principles

Agenda for Day Oneg y
Agenda includes:
M d l 1 I d i d C O iModule 1: Introductions and Course Overview
Module 2: Introducing XenApp
Module 3: Licensing XenApp
Module 4: Installing XenAppModule 4: Installing XenApp
Module 5: Configuring XenApp Administration

Agenda for Day Twog y
Agenda includes:
M d l 6 I lli d C fi i W bModule 6:Installing and Configuring Web
Interface
Module 7:Delivering Applications and Content
Module 8: Streaming Application

Agenda for Day Threeg y
Agenda includes:
Module 9: Configuring Policies
Module 10:Configuring Load Managementg g g

Agenda for Day Fourg y
Agenda includes:
M d l 11 O i i i h U E iModule 11: Optimizing the User Experience
Module 12: Configuring Self-Service
Applications
Module 13: Configuring Printing

Agenda for Day Fiveg y
Agenda Includes:
Module 14: Securing XenApp
Module 15: Monitoring XenAppg pp
Module 16: Additional Components

Citrix Education
• Citrix Training and Citrix Certifications benefit:
• Organizations• Organizations
• IT professionals
• Key resources include:y
• Instructor-led training (ILT) courses
• eLearning courses
• Exams
• Certification Manager
To obtain detailed information on Citrix training and
tifi ti i it th it i d ti b itcertification, visit the www.citrixeducation.com web site

Course Evaluation and Completion Certificatep
Course Evaluation Survey
Is available onlineIs available online
Takes approximately 5 minutes to complete
Provides Citrix with valuable feedback
Course Completion Certificate
Is available to students who complete the course evaluation survey
Can be printed emailed or saved to an HTML fileCan be printed, emailed or saved to an HTML file

Basic Administration for
Cit i X A 6Citrix XenApp 6
Introducing XenApp

Overview
At the end of this module, you will be able to:
• Identify the features of XenApp
• Identify the basic architecture of XenApp and the farm
components
• Identify the functionality provided by the Delivery Services
Console

XenApp 6 Editionspp
XenApp 6 is available in the following editions:
• Advanced
• Enterprise
• Platinum

XenApp 6 Featurespp
XenApp 6 contains a robust set of features that provide
administrators and users with the best functionality possible
for an end-to-end application delivery solution.
See the www.citrix.com web site for a comprehensive list of
all features.

XenApp Architecturepp
Primary XenApp architecture consists of:
• XenApp servers
• Web Interface servers• Web Interface servers
• Data collector
• Data Store database
• License server
• Worker groups

Single and Multiple Farm Environmentsg p
In single farm environments:
• All XenApp servers use the same data store
• Servers can be grouped into a single zone or multiple zones• Servers can be grouped into a single zone or multiple zones
• Applications can be load balanced across servers in farm
In multiple farm environments:
• Each farm has its own data storeEach farm has its own data store
• Applications can be load balanced across servers in farm,
but not across multiple farms

Data Store
The Data Store database maintains farm data, including:
• Farm configuration information
• Published application configurations• Published application configurations
• Server configurations
• Farm management security
• Printer configurations
• License Server name and port

Data Store Updates and the Local Hostp
Cache
The Local Host Cache contains information about:
• All the servers in the farm and their basic information
• All applications published in the farm and their properties
• All Windows network domain trust relationships within the
farm

Independent Management Architecturep g
(IMA)
The IMA service:
• Provides a centralized framework used by administrative
tools for XenApptools for XenApp
• Delivers subsystems that collectively provide functionality to
current and future Citrix products
• Runs on all servers with XenApp installed and is enabled by• Runs on all servers with XenApp installed and is enabled by
default during installation
• Communicates through messages sent over TCP port 2512,
b d f lt f t i tiby default, for server-to-server communication

Data Collector Election
The data collector maintains dynamic data for servers in the
zone. Therefore, each server must be able to contact the data
collector for the zone.
If the data collector is unavailable, an election occurs and
another server in the zone takes over the role of the data
collector.

Zones
A logical group of XenApp servers communicating with a
single data collector is called a zone. Zones are typically
based on subnets.
Sharing data across zones can cause an increase in
bandwidth consumption. As a best practice, keep the number
of zones to a practical minimum. One zone is optimal.

Additonal XenApp Componentspp p
XenApp contains additional components to enhance the
functionality of the solution, including the following:
• Load Manager• Load Manager
• Resource Manager (Powered by Citrix EdgeSight)
• Access Gateway VPX
• Citrix XenApp Provider
• Delivery Services Console
• License Administration ConsoleLicense Administration Console
• Citrix Plug-ins

Practice: XenApp Componentspp p
Complete the practice and discuss theComplete the practice and discuss the
answers as a class.

Review
Complete the review questions andComplete the review questions and
discuss the answers as a class.

Licensing XenApp

Overview
• Explain XenApp licensing communications and license
typestypes
• Configure License Administration Console ports and
administrators
• Install the Citrix License Server and import license files into• Install the Citrix License Server and import license files into
the console
• Explain how the license server can be made highly available

XenApp Licensingpp g
Licensing Process Overview:
1) Install Licensing components
2) Obtain a license file from www mycitrix com website2) Obtain a license file from www.mycitrix.com website
3) Add the license file to the license server

Licensing Communication
An administrator must perform the following tasks for a
g
license server to accept connection and license requests:
• Add a license file to the license serverAdd a license file to the license server
• Configure the farm to use a specific license server
Citrix Confidential - Do Not Distribute

License Communication Process
The following steps describe the licensing communication process for
h ki t li f li t d ichecking out a license for a client device:
1. A user connects to Farm A.
2 A server in Farm A requests a license from License Server 12. A server in Farm A requests a license from License Server 1.
3. License Server 1 grants the requests and checks out a license for the
client device.
4. The same users connects to Farm B.
5. A server in Farm B requests a license from License Server 1.
6. License Server 1 grants the requests and uses the existing license for
the client device.

License Typesyp
XenApp uses concurrent user licenses, which are licenses
that are not tied to specific users.
When a server requests a license it is reserved for a specificWhen a server requests a license, it is reserved for a specific
client device/user combination. When the user logs off from
the session, the license is returned to the license pool and
made available for another user. Users connecting from
multiple devices will consume multiple licenses.

Microsoft Remote Desktop Servicesp
XenApp extends the functionality of Microsoft Remote
Desktop Services (formerly Terminal Services), which is a
presentation virtualization platform for Windows Server.
XenApp 6 leverages Windows Server 2008 R2 security
enhancements and Remote Desktop Services architecture to
add dimensions of flexibility, manageability, security and
Performance.

Remote Desktop Licensingp g
Administrators must configure a Remote Desktop Licensing
server in the environment to distribute Remote Desktop
licenses.
To avoid adding the Remote Desktop Licensing
server to each new Remote Desktop Services server that
joins the domain, administrators can configure an Active
Directory group policy to automatically assign the Remote
Desktop Licensing server to each new server that joins theDesktop Licensing server to each new server that joins the
domain.

Additional Licensing Considerationsg
Include the following:
• Different connections can consume multiple licenses.
• Most application manufacturers require user licenses for• Most application manufacturers require user licenses for
their products

License Administration Console
The License Administration Console is a required, web-based
interface that allows an administrator to maintain the license
server and manage license files for that license server.
The console can be used to perform the following actions:
• Tracking license usage
• Reporting on current license usage
• Configuring license alerts
• Configuring delegated administratorsConfiguring delegated administrators

Delegated Administrators in the Licenseg
Administration Console

Installing Licensingg g
It is a best practice to install the license server first. If
licensing is installed after XenApp, a policy must be
configured to point to the license server.
Licensing can exist on a separate server or can share a
server with another component.

Manual Installation and Configurationg

Uninstalling Licensingg g
An administrator may needto uninstall licensing for a variety
of reasons, including moving the component to another
system or renaming the system. Some of the files are not
deleted such as the license filedeleted, such as the license file.
When the license file is moved to a server with a different
name from the current hostname, the license file must be
returned to Citrix and exchanged for a license file that
indicates the new server name.indicates the new server name.

License Server Considerations
Additional considerations include the following:
• XenApp does not need to be on the same system as the
license server.
• For fewer than 200 product servers a shared license serverFor fewer than 200 product servers, a shared license server
is recommended

License File Managementg
License files store the company license information in a plain
text format with authenticated content. Each license file can
store information for one or more licenses; a license server
can store one or more license filescan store one or more license files.
The license file is stored on a license server in the
%PROGRAMFILES%CITRIXLICENSINGMYFILES
directory

Obtaining License Filesg
To obtain a license file, an administrator must log on to the
MyCitrix web site using personalized credentials. To create a
new account, simply click on the New User link and follow the
instructionsinstructions.

Subscription Advantagep g
Citrix products include a one-yearmembership to Subscription
Advantage. This membership provides major releasesminor
releases and product update downloads through the
MyCitrix web siteMyCitrix web site.
The membership includes email notifications concerning the
account and new items available for members. Members can
view, update and obtain benefit information and privileges on
MyCitrix at any time.MyCitrix at any time.

High Availability Considerationsg y
A duplicate license server is one option for creating a backup
license server. The backup license server must duplicate
such essential information as the hostname and the server IP
address This is especially important if the farm or servers areaddress. This is especially important if the farm or servers are
pointing to an IP address instead of the server name to
resolve to the license server.

Additional License Server Processes
Additional License Server processes include:
• Enabling a replacement license server
• Connecting to a different license server• Connecting to a different license server
• Replacing the license server

License Server Clusteringg
Licensing provides administrators with a 30 day recovery
grace period. To ensure high availability of the license server
beyond the 30 day recovery grace period, licensing supports
Microsoft clustering Clustering the license serverMicrosoft clustering. Clustering the license server
provides users with continuous access to applications in
failure situations.
For more information, see Citrix Knowledge Base article
CTX104878.CTX104878.

Review
In this module, you learned:
About XenApp license communications and license types
How to configure the License Administration Console with
ports and administratorsports and administrators
How to install the Citrix License Server and manage license
files
About how the license server can be made highly availableAbout how the license server can be made highly available

Installing XenApp

Overview
• Identify the methods that can be used to install XenApp
• Identify the XenApp hardware and software requirementsIdentify the XenApp hardware and software requirements
• Make installation decisions appropriate for an environment

XenApp Server Role Managerpp g

Unattended Installation and Configuration
Unattended installation can be performed using the following
g
files:
• XENAPPSETUPCONSOLE.EXEXENAPPSETUPCONSOLE.EXE
• XENAPPCONFIGCONSOLE.EXE

Hardware Requirements
Hardware requirements include:
q
• 64-bit CPU
• 512MB RAM (minimum)512MB RAM (minimum)
• 32GB disk space (minimum)
• 6MB to 120MB for Web Interface plus 3 5MB for each site• 6MB to 120MB for Web Interface plus 3.5MB for each site

Software Requirements
• XenApp must be installed on a Windows Server 2008 R2
q
operating system (64-bit)
• XenApp components such as the Delivery Services Console
and Web Interface can be installed on additional operatingand Web Interface can be installed on additional operating
systems

Installation Decisions
Best practices for installation:
• Review configuration options prior to installing the product
• Ensure that the person installing XenApp is a member ofEnsure that the person installing XenApp is a member of
the Administrators group
• Maintain proper licensing

XenApp Configuration Options
During XenApp configuration, administrators select options
pp g p
for XenApp components and features

Which Farm or Zones Will Be Used in the
A farm:
Environment?
• Can be managed as a single entity
• Use a single data store databaseUse a single data store database
• Can balance load among server in the farm
Zones:Zones:
• Are a logical grouping of servers within a farm
A t i ll b d hi l ti• Are typically based on geographic location

Which License Server Will Be Used for the
A License Server:
Server Farm?
• Can be installed before, during or after the XenApp
installation
• Can be installed on a dedicated server or a server that
provides additional functionality

Which Database Engine Will Be Used for the
The following database software can be used for the XenApp
g
Data Store Database?
data store:
• Microsoft SQL Server Express 2005Microsoft SQL Server Express 2005
• Microsoft SQL Server Express 2008
• Microsoft SQL Server 2005• Microsoft SQL Server 2005
• Microsoft SQL Server 2008
O l 11 R2• Oracle 11g R2

Will Shadowing Be Enabled?
Shadowing allows authorized users to view and interact with
g
user sessions
• The default shadowing sessions are recommended for mostThe default shadowing sessions are recommended for most
farms
• If shadowing is prohibited during the XenApp installation, it
cannot be enabled without reinstalling XenApp

On Which Port Will the Citrix XML Service Run?
The Citrix XML Service:
• Communicates the least busy server and names of
published resources
• Uses port 80, by default
• Can share port 80 with IIS
• Can be set to use a port other than port 80

When Will Users Be Added to the Local Remote
Users can be added before or after XenApp installation.
Desktop Users Group?
Options include:
• Add the authenticated usersAdd the authenticated users
• Add the list of users from the Users group
• Add anonymous users• Add anonymous users

Which Pass-through Client Will Be Used in the
The pass-through client:
g
Environment?
• Gives users of older, less feature-rich clients access to the
features of the Citrix online plug-in
• Allows users to access their published applications through
a XenApp Services site

Will Pass-through Authentication Be Used in
Pass-through authentication:
g
the Environment?
• Authenticates a user to XenApp using the credentials used
to log on to Windows
• Can be enabled during installation
• Requires the plug-in to be reinstalled on a server, if pass-
fthrough authentication is enabled after the XenApp
installation

Will Information in the Data Store and
Configuration Logging Databases Be Protected
with IMA Encryption?
IMA encryption:
• Can encrypt the credentials of the data store andCan encrypt the credentials of the data store and
configuration logging databases
• Must be enabled on all XenApp servers if it will be used
• Can be enabled using the CTXKEYTOOL command

Web Interface Installation Decisions
Decisions include:
• Where will the Web Interface components be installed?
• Will the Citrix plug-ins be copied to the server?Will the Citrix plug ins be copied to the server?

Review
Complete the review questions and then go over the answers
as a class.

for Citrix XenApp 6
Configuring XenApp
Administration

By the end of this module, given an environment containing
XenApp, you will be able to:
• Add and configure worker groups.
• Add and configure administrative accounts and
permissions.
• Identify the components required for configuration logging.
• Log administrative changes made to a XenApp farm
environment.
Overview

Worker Groups

Worker groups:
• Can be used to identify the group of servers that will host an
application
• Can ease the task of publishing resources
Publishing Applications to Worker Groups

Worker group preference lists:
• Identify which worker group has priority
• Are required in order for users to be redirected to servers in
a worker group
Prioritizing Worker Groups

Worker groups:
• Can be used as a filter with Citrix policies
• Ease the application of policies to specific servers
Filtering Policies to Worker Groups

XenApp Administrators:
• Require an account to administer XenApp
• Are assigned a privilege level which determines their
permissions
• Should each be provided with an individual administrator
account
Administrator Privilege Levels

Considerations include:
• Administrators with restricted privileges cannot connect to
XenApp sessions unless the license server has a valid
XenApp license file
• Groups and individual users can be granted administrator
permissions
• An administrator whose account is disabled will still be able
to log on to the Delivery Services Console if a group to
which the administrator belongs is granted permissions to it
• An administrator account can be deleted from the farm by
right-clicking the administrator name and clicking Delete
Creating Administrator Accounts

Administrator Account Selection

Adminstrator Account Creation Settings

Example:
A new junior administrator account is created and disabled
while the administrator is away for three weeks of training.
Disabling an Administrator Account Example

Configuring Administrator Permissions

Folders:
• Can be created for applications and servers
• Improve the organization and ease of finding objects
• Improve browsing performance of the Delivery Services
Console
• Allow a more granular administration configuration
Configuring Folder Permissions

Delegating Administration

Use your knowledge of folders and permissions to provide the
answers to the scenarios located in the book.
Practice: Delegating Administration

Configuration logging:
• Allows administrators to track administrative changes
• Determines who performed the change, when the change
was made and provides details about whether the change
was successful or not
• Can provide configuration log reports
Configuration Logging

The Configuration Logging database:
• Logs all changes made to the farm using the Delivery
Services Console, command line utilities and custom tools
• Can use either a Microsoft SQL Server or Oracle database
• Can be protected with IMA encryption
Creating the Configuration Logging Database

Configuration Logging Database Settings

Configuration Logging settings include:
• Log administrative tasks to Configuration Logging database
• Allow changes to the farm when logging database is
disconnected
• Require administrators to enter database credentials before
clearing the log
Enabling Configuration Logging

• How to add and configure worker groups
• How to add and configure administrative accounts and
permissions
• About the components required for configuration logging
• How to log administrative changes made to a XenApp farm
environment
Review

Installing and Configuring the
W b I t fWeb Interface

Overview
• Describe the Web Interface communication process
• Install and configure the Web Interface
• Create and configure XenApp Web and XenApp Services sites
• Configure client delivery and customizations
• Configure explicit, pass-through and smart card authentication
• Configure secure access settings for the Web Interface
• Configure the Web Interface to communicate with XenApp farms
• Remove a Web Interface site

Web Interface Communications
The following ports are used for communication with the Web
Interface:
• 80: This port is used by plug-ins using the TCP+HTTP80: This port is used by plug ins using the TCP HTTP
protocol to communicate with servers. This port must be
opened on firewalls for inbound packets from plug-ins to
locate serverslocate servers
• 443: This port is used by Citrix SSL Relay to secure
communications between the Web Interface web server and
the farm

Web Interface Communication Process

Web Interface Installation
For security and performance, the Web Interface should not
be installed on a XenApp server. Client devices accessing
XenApp Web sites must have a web browser and supportedXenApp Web sites must have a web browser and supported
plug-in to connect to the Web Interface sit

Installing Web Interfaceg

Site Creation
Administrators can create two types of Web Interface sites:
• XenApp Web site - allows users to access remote
applications, virtualized applications and content using a
web browserweb browser
• XenApp Services site - allows users to access remote
applications,virtualized applications and content using aapplications,virtualized applications and content using a
Citrix online plug-in

Creating a Web Interface Siteg

Site Creation Considerations

XenApp Web Site Configuration Options
During the configuration of a XenApp Web site, the
pp g p
administrator must specify:
• The farm name, XML servers, XML service port andThe farm name, XML servers, XML service port and
transport type to use for the site
• Authentication settings and domain restrictions, if any
• The logon screen appearance
• The published resource types to be provided by the sitep yp p y

XenApp Web Site Authentication Settingspp g

Active Directory Federation Services
Users can also access published applications using Active
y
Directory Federation Services (ADFS). ADFS extends the
existing Active Directory infrastructure to provide access toexisting Active Directory infrastructure to provide access to
resources offered by trusted partners across the Internet.

Logon Screen Appearance
The administrators can set the logon screens to:
g pp
• Minimal: displays only the logon fields
• Full: displays the header area, navigation bar, logon fields,Full: displays the header area, navigation bar, logon fields,
along with the Preferences and Messages tabs

Published Resource Typesyp

XenApp Services Site Configurationpp g

CONFIG.XML File
An administrator can also configure a XenApp Web and
XenApp Services site by editing the CONFIG.XML file.

Web Interface Site Modification
Administrators can modify a Web Interface site by using one
of the following methods:
• The Web Interface configuration file, which allows
administrators to modify the Web Interface parametersadministrators to modify the Web Interface parameters
directly in the WEBINTERFACE.CONF file stored on the
local web server
• Citrix Web Interface Management console, which allows
administrators to modify the settings stored in the local
configuration fileconfiguration file

Modifying the Web Interface Configuration Filey g g

Using the Web Interface Management Consoleg g

Specifying Citrix Plug-in Backup URLsp y g g p

Site Appearancepp

Site Customization Optionsp

Practice: Site Customization
Complete the practice and then review the answers as a
class.

Session Preferences
Administrators can configure many session
preferences, including the following:
• Whether kiosk mode is enabled or disabledWhether kiosk mode is enabled or disabled
• Whether the Preferences button in the Web Interface site
is displayed to users
• The length of time a user session can be inactive before
the session is logged off
• Whether browser bookmarks can be used to access
resources

Configuring Session Preferencesg g

Session Options
An administrator can configure the following session options
p
for a XenApp Services site:
• Window sizeWindow size
• Font smoothing
• Color and sound quality• Color and sound quality
• Key combinations
S i l f ld di ti• Special folder redirection
• Workspace control

Configuring Session Optionsg g p

User Optionsp

Workspace Control
The workspace control feature allows users to disconnect and
p
reconnect to sessions as they move between different client
devices. For example, in a health care environment, asdevices. For example, in a health care environment, as
doctors move around the hospital, they may require access to
the same sessions from different locations Using workspacethe same sessions from different locations. Using workspace
control, the doctors are able to quickly reconnect to
li ti iapplication sessions.

Workspace Control Functionality
Workspace control:
p y
• Only reconnects users to existing sessions on XenApp
servers. If a session is logged off, workspace control cannot
reconnect to itreconnect to it
• Cannot reconnect anonymous users to applications after
they disconnectthey disconnect
• Prompts smart card users for their PINs for each
reconnected session if pass-through authentication with
smart cards is enabled
• Requires that the Web Interface site be set to override the
client name setting in the Manage Session Preferences taskclient name setting in the Manage Session Preferences task

Workspace Control Configuration Options
Workspace Control configuration options include:
p g p
• Automatically reconnect to sessions when users log in
• Enable the Reconnect buttonEnable the Reconnect button
• Logoff

Workspace Control User Customizationp

Configuring Workspace Controlg g p

Citrix Plug-ins and Web Interface
Access to resources through a Web Interface site requires
g
that a client device has a supported web browser and a
plug-in. A plug-in can be installed on the local client device orplug in. A plug in can be installed on the local client device or
embedded within the web browser used by the Web Interface
site In addition the Web Interface site can be used to deploysite. In addition, the Web Interface site can be used to deploy
the required plug-in.

Plug-in Deployment Options
The following plug-ins can me deployed to users from the
g p y p
Web Interface site:
• Native plug-inNative plug in
• Client for Java
• Remote Desktop Connection• Remote Desktop Connection

Automatically Detecting Plug-ins
If the plug-ins are copied to the server during the installation
y g g
of the Web Interface or later, then a Web Interface site on that
server can be configured to automatically detect and deployserver can be configured to automatically detect and deploy
the native plug-in to users running a supported web browser

Client Detection
The Client Detection option can be configured to check client
devices during the logon to the XenApp Web site to
determine if an appropriate plug-in is installed.determine if an appropriate plug in is installed.
If a plug in is not detected or a more appropriate plug in isIf a plug-in is not detected or a more appropriate plug-in is
available, an installation caption can be displayed on the Web
I t f Th i t ll ti ti idInterface screen. The installation caption provides an easy
method for users to download and install the required plug-in
software.

Configuring Client Detectiong g

Fallback Behavior

Citrix Offline Plug-ing

Client for Java
The Client for Java is a cross-platform compatible applet and
can be deployed using a XenApp Web site and any Java-
compatible web browser.compatible web browser.
An administrator can choose to deploy the Client for Java inAn administrator can choose to deploy the Client for Java in
low-bandwidth networks for greater security or in situations in
hi h th t i t ll ti f l i ft i ithwhich the permanent installation of plug-in software is neither
desired nor permitted.

Additional Packages to Include with Client for
Several packages can be included with the Client for Java.
g
Java
the size of the Client for Java download to memory is
determined by the packages included in the download. Thedetermined by the packages included in the download. The
fewer packages selected, the smaller the download.

Configuring the Client for Javag g

Authentication Configurationg

Authentication Options
The following authentication options are available for XenApp
p
Web and XenApp Services sites:
• ExplicitExplicit
• Pass-through
• Pass through with smart card• Pass-through with smart card
• Smart card
A• Anonymous

Generic RADIUS Support
The Web Interface supports two-factor authentication using
pp
Generic RADIUS

Explicit Authentication
When explicit authentication is implemented, users
p
authenticate by specifying a user name, password and
domain.domain.

Domain Restriction Configurationg

Windows or NIS (UNIX) Authentication( )
Configuration

Novell Directory Services Configurationy g

Two-Factor Authentication Configuration
The followingtwo-factor authentication methods are available:
g
• RSA SecurID
• SafeWordSafeWord
• RADIUS

Password Settings Configurationg g

Account Self-Service Configurationg

Configuring Explicit Authenticationg g p

Pass-through Authentication
Pass-through authentication allows users to authenticate to a
g
Web Interface site using the credentials provided during
logon to the client device. Users do not need to re-enter theirlogon to the client device. Users do not need to re enter their
credentials in the Web Interface logon page; their application
set is automatically displayedset is automatically displayed.

Configuring Pass-through Authenticationg g g

Smart Card Authentication
Users can authenticate to the Web Interface by inserting a
smart card into a smart card reader attached to the client
device. Smart card authentication can be configured for usedevice. Smart card authentication can be configured for use
in two ways: smart card only or pass-through with smart card.

Configuring Pass-through Authentication with
An administrator can use the Group Policy Management
g g g
Smart Cards
Console and the ICACLIENT.ADM file to configure plug-ins to
use pass-though or pass-through with smart carduse pass though or pass through with smart card
authentication by configuring the Local user name and
password settingpassword setting.

Citrix XML Service Trust Relationships
In order for the Web Interface to authenticate users, there
p
must be a trust relationship between the Web Interface server
and the XenApp servers. If pass-through or smart cardand the XenApp servers. If pass through or smart card
authentication methods are not used in the environment, a
Citrix XML Service trust relationship is not necessaryCitrix XML Service trust relationship is not necessary.

Enabling Trust Relationshipsg p

Practice: Authentication Configuration
Complete the practice and review the answers as a class.
g

Secure Access Configuration
If a company is using Access Gateway or a firewall in a
g
deployment containing XenApp, an administrator can
configure a Web Interface site to include the appropriateconfigure a Web Interface site to include the appropriate
security settings.

Access Methods

Network Address Translation

Network Address Translation Access Typesyp

Client-side Proxy Settings
Proxy servers are used to control access into and out of a
y g
network and act as an intermediary between the client
devices and the XenApp servers. Web Interface sites allowdevices and the XenApp servers. Web Interface sites allow
an administrator to configure whether or not users
communicate with XenApp servers through a client sidecommunicate with XenApp servers through a client-side
proxy server.

Configuring Client-side Proxy Settingsg g y g

Server Configuration
An administrator can configure XenApp Web and XenApp
g
Services sites to communicate with one or more farms. An
administrator can add and edit farm names, specify the orderadministrator can add and edit farm names, specify the order
in which the farms are used for load balancing, and configure
communication settings and ticketing settingscommunication settings and ticketing settings

Configuring Multiple Server Farmsg g p

Adding Farmsg

Configuring Load Balancingg g g

Enabling Fault Toleranceg

Specifying the XML Communication Port
The Web Interface communicates with the Citrix XML
p y g
Service. The port number used by the Citrix XML Service is
specified during the installation of XenApp. By default, thatspecified during the installation of XenApp. By default, that
port number is TCP/IP port 80. If Citrix XML Service is
configured to port share with IIS then the administrator mustconfigured to port share with IIS, then the administrator must
ensure that all servers in the farm have the Citrix XML
S i fi d t th tService configured to use the same port.

Ticket Expiration Settingsp g

Web Interface Site Removal

Troubleshooting Web Interface Issues
Reference the Citrix Knowledge Base (support.citrix.com) for
g
articles about troubleshooting and issues with Web Interface.

Review
Complete the review questions and go over the answers as a
class.

Delivering Applications and
C t tContent

Overview
• Publish applications, content and server desktops for users
• Identify the components of VM hosted appsIdentify the components of VM hosted apps
• Identify advanced published resource settings
• Organize published resources for users• Organize published resources for users
• Disable and hide published resources

Publishing Resourcesg
• The two phases of publishing resources are:
• Basic
Name, type of resource, servers hosting, users who will access, yp , g,
• Advanced
File type association, application limits, CPU priority, encryptionFile type association, application limits, CPU priority, encryption

VM Hosted Appspp
VM hosted apps:
• Use Citrix XenDesktop technology to deliver applications
• Do not provide access to the desktopsp p
• Are hosted on a separate farm from XenApp
• Can share a Web Interface site with XenApp• Can share a Web Interface site with XenApp

Components of VM Hosted Appsp pp

Organizing Published Resources for Usersg g

Advanced Published Resource Settingsg
During the Advanced phase of the resource publishing
process, the administrator can:
• Allow published resource used with Citrix Access GatewayAllow published resource used with Citrix Access Gateway
• Associate file types
• Specify the application limits and CPU priority level• Specify the application limits and CPU priority level
• Control audio, encryption and printer initialization
C fi th bli h d• Configure the published resource appearance

Client-to-Server Content Redirection

Server-to-Client Content Redirection

Published Resource Configurationg
An administrator can use the Delivery Services Console to
view the following published resource-related information:
• General informationGeneral information
• Alerts
• Servers• Servers
• Configured users
C t d• Connected users
• Settings

Disabling or Hiding a Published Resourceg g

Troubleshooting Application Deliveryg pp y
Issues
An administrator may encounter the following application
delivery issues:
• Client-to-server content redirection opens the publishedClient to server content redirection opens the published
application but does not open the local content
• File types for a published application do not appear in the
S CDelivery Services Console
• Users cannot find their application after it launches
• The Delivery Services Console fails to enumerate users or
sessions when specific Mac clients connect to XenApp
Servers

Review
• Publish applications, content and server desktops for users
• Identify the components of VM hosted appsIdentify the components of VM hosted apps
• Identify advanced published resource settings
• Organize published resources for users• Organize published resources for users
• Disable and hide published resources

Basic Administration for
Cit i X A 6Citrix XenApp 6
Streaming Applications

Overview
At the end of this module, given an environment containing
X A ill b bl tXenApp, you will be able to:
• Identify the components required for application streaming
D ib th i ti th t t k l d i li ti• Describe the communications that take place during application
streaming
• Install the offline plug-in on a client device
• Configure applications for streaming to servers and the desktops• Configure applications for streaming to servers and the desktops
of Windows client devices
• Configure linked profiles for inter-isolation communication
• Publish a streaming profilePublish a streaming profile
• Configure XenApp Web and XenApp Services sites to stream
applications
• Configure offline access settingsg g

Application Streamingpp g
Application streaming includes the following capabilities:
• Local system resource usage
• Central application updates
• Isolation environmentsIsolation environments
• Windows Services isolation
• Inter-Isolation communication
• Application caching
D l d t i• Dual-mode streaming
• Offline access
• Support for Citrix Receiver
• Extended App-V integrationExtended App V integration
• Differential synchronization of updated profiles
• HTTP and HTTPS protocol support
• Backward compatibility

Application Streaming Componentspp g p

Application Streaming Communicationpp g
Process

Streaming App-V Packagesg pp g
Administrators can manage and publish App-V applications
using the Delivery Services Console, allowing them to support
existing infrastructures based on App‐V.
Therefore, applications already sequenced with App‐V do not
need to be converted to or profiled as Citrix streaming profile
packages.

Citrix Offline Plug-ing
To access a streamed application, one of the following
combinations must be available:
• Citrix offline plug-in and Citrix online plug-in• Citrix offline plug-in and Citrix online plug-in
• Citrix offline plug-in with a web browser

Citrix Streaming Profilerg
The Profiler is an independent application that allows an
administrator to prepare Windows applications, web
applications, browser plug-ins, files, folders and registry
settings for streamingsettings for streaming.
The only software applications other than the Citrix Streaming
Profiler that should be installed on the Profiler system are the
operating system software and utilities.

Installing the Citrix Streaming Profilerg g
The profiling system run-time environment should be as close
to the environment of the client device as possible.
For example:For example:
• If applications are streamed to a XenApp server, the profiler
system should also be a XenApp server
If li ti t d t b th 32 d 64 bit• If applications are streamed to both 32- and 64-bit
operating system client devices, there should be two
separate profiling systems
• If standard programs, such as antivirus software, are part of
the company image, they should be installed on the profiling
system

Target Optionsg p
The target is selected from the profile based on a variety of
criteria:
• Operating System• Operating System
• Service Pack Level
• System Drive Letter
• Operating System Language

Inter-Isolation Communication
Configuration
There are two types of inter-isolation communication
configurations:
• Associated• Associated
• Dependent

Profile Properties: Applicationsp pp

Profile Properties: File Typesp yp

Known Limits for Profiling Applicationsg pp
Some applications cannot be profiled, including:
• Applications that contain drivers, such as Adobe Acrobat
ProfessionalProfessional
• Microsoft Internet Explorer
• 64-bit applications
Mi ft D t A C t (MDAC)• Microsoft Data Access Components (MDAC)
• .NET Framework

Upgrading an Application in a Targetpg g pp g

Application Delivery Methodspp y
The following delivery methods are available:
• Accessed from a server
• Streamed if possible otherwise accessed from a server• Streamed if possible, otherwise accessed from a server
• Streamed to client

The Web Delivery Methody
To use the web delivery method, an administrator must:
• Profile the application and save it to a file share
• Configure a virtual directory on the web server• Configure a virtual directory on the web server
• Create a virtual web site that points to the file share
containing the profile
P bli h th fil d li ti• Publish the profiled application

Streaming to Serversg
An administrator can stream an application to a server by
completing the following tasks:
• Create an application profile on a Windows Server 2008 R2
operating systemoperating system
• Ensure that a XenApp Web or XenApp Services site is
configured (Online or Dual mode)
• Ensure that the application is not installed on the XenApp• Ensure that the application is not installed on the XenApp
server
• Publish the application to stream to a XenApp server

Specifying an Alternate Profile for ap y g
Published Application

Enabling the Least-Privileged Userg g
Account

Configuring Sites for Streamingg g g
Applications

Troubleshooting Streaming Issuesg g
Common streaming issues include:
• Applications do not stream
• Applications do not have full functionality
• Applications do not automatically update from vendor web• Applications do not automatically update from vendor web
sites
• Streamed applications do not recognize each other
A li ti t il bl ffli• Applications are not available offline

Configuring Policies

Overview
At the end of this module you will be able to:
• Identify the types of Citrix policies that can be created
• Identify the methods for creating policiesIdentify the methods for creating policies
• Create and configure policies
• Apply policies using filters• Apply policies using filters
• Use policy modeling tools

Group Policy Integrationp y g
Citrix policies are:
• Configured within Group Policy Objects (GPOs)
• Linked to Active Directory domains, organizational unitsLinked to Active Directory domains, organizational units
(OUs) and sites

Policy Evaluationy
Policies are evaluated when one of the following occurs:
• A user logs on
• The server is rebootedThe server is rebooted
• The policy refresh interval is reached
• A policy update is forced• A policy update is forced

Policy Processing and Precendencey g

Policy Rules: Computer Policiesy p

Policy Filteringy g
Policies can be:
• Unfiltered
• FilteredFiltered
• Worker Groups
• User and user groupsUser and user groups
• Client device name
• Client IP address range• Client IP address range
• Access control

Policy Modeling and Troubleshootingy g g
The Citrix Group Policy Modeling wizard can simulate a user
connection in order to test the policy settings.
Administrators can specify conditions for the simulation, suchAdministrators can specify conditions for the simulation, such
as:
• Domain controller• Domain controller
• Users
Cit i li filt• Citrix policy filters
• Slow network connection

Review
• Identify the types of Citrix policies that can be created
• Identify the methods for creating policiesIdentify the methods for creating policies
• Create and configure policies
• Apply policies using filters• Apply policies using filters
• Use policy modeling tools

Configuring Load Management

Overview
• Describe the load balancing process
• Identify load calculation rulesIdentify load calculation rules
• Create and assign custom load evaluators
• Assign CPU resource preference to servers and users• Assign CPU resource preference to servers and users
• Configure session connection failover by creating new load
balancing policiesg p

Load Manager
Load Manager offers the following benefits to enterprises:
g
• Maximizes system efficiency
• Provides pre-defined load evaluatorsProvides pre defined load evaluators
• Provides the ability to create custom load evaluators

Load Balancing
Load Manager balances server load across the farm by:
g
• Using load evaluator rules to calculate server load
• Identifying which server is least-loadedIdentifying which server is least loaded
• Directing client connections to the least loaded server

Load Calculation
Load evaluators consist of rules that determine how load is
calculated.
Rules:
• Can query specific conditions and performance metrics for• Can query specific conditions and performance metrics for
servers and published applications
• Have a unique set of parameters for specifying thresholdsq p p y g
• Can exist together in a single load evaluator

Load Calculations
Load evaluators can be classified in the following categories:
• Moving average
• Moving average compared to high thresholdMoving average compared to high threshold
• Incremental
• Boolean• Boolean

Load Evaluator Configuration: Defaultg
Load Evaluator

Load Evaluator Configuration: Advancedg
Load Evaluator

Creating Custom Load Evaluatorsg

Assigning Load Evaluators to Servers andg g
Applications

Load Balancing Policiesg
The decision behind which server is most appropriate is often
based on business needs or technical limitations, such as:
Directing users to a backup serverDirecting users to a backup server
Directing specific users to dedicated servers
Reducing WAN traffic and improving user experienceReducing WAN traffic and improving user experience

Creating Load Balancing Policiesg g

Force Application Streamingpp g

Troubleshooting Load Management Issuesg g
Common self-service application issues include:
• Load management is not working correctly
• Load evaluator is showing full capacity, but server shouldLoad evaluator is showing full capacity, but server should
still be able to accept additional connections

Review
• Describe the load balancing process
• Identify load calculation rulesIdentify load calculation rules
• Create and assign custom load evaluators
• Assign CPU resource preference to servers and users• Assign CPU resource preference to servers and users
• Configure session connection failover by creating new load
balancing policiesg p

for Citrix XenApp 6
Optimizing the User
Experience

• Describe the different session optimization display settings
• Describe the different XenApp HDX settings
• Identify the Profile management components
• Install and configure Profile management
Overview

Session performance can be optimized by configuring:
• Display settings
• HDX technologies
• Profile management
Optimizing Session Performance

Enabling Display Settings

HDX Broadcast Session Reliability allows a user to continue
to view, but not interact with, a published resource on the
screen of the client device when the connection to the server
is temporarily interrupted.
HDX Broadcast Session Reliability

Enabling HDX Broadcast Session Reliability

Considerations include:
• Keeping the time a session remains active to a minimum
while waiting for connectivity to resume
• Optimizing port 2598 for ICA traffic
HDX Broadcast Session Reliability
Considerations

HDX RealTime

Enabling HDX RealTime

Design considerations include:
• Only one multimedia conferencing device is supported in a
XenApp session
• OCS increases the CPU cycles on the XenApp server
• Branch Repeater cannot be used to compress audio and
video traffic
• ICA Pass-through connections are not supported
• The Client audio redirection policy rule must be enabled to
allow for audio input through a microphone
Understanding HDX RealTime Design
Considerations

HDX Plug-n-Play

Enabling HDX Plug-n-Play

Design considerations include:
• Many USB devices will not function properly in low-
bandwidth or high-latency networks
• ICA Pass-through connections are not supported
Understanding HDX Plug-n-Play Design
Considerations

HDX MediaStream Multimedia Acceleration optimizes
multimedia playback by delivering it to the client in a
compressed form, which reduces bandwidth consumption.
HDX MediaStream Multimedia Acceleration

Benefits include:
• Multimedia playback in a XenApp session plays as
smoothly as a local playback
• Minimized server CPU utilization
• Decreased network bandwidth
HDX MediaStream Multimedia Acceleration
Benefits

Enabling HDX MediaStream Multimedia
Acceleration

HDX MediaStream for Flash:
• Optimizes the way a server renders and passes Adobe
Flash animations to client devices
• Forces the Flash Player to start in a low-quality mode
HDX MediaStream for Flash

Enabling HDX MediaStream for Flash

SpeedScreen Latency Reduction optimizes the experience
for a user connecting over a high-latency network by:
• Changing the appearance of the mouse pointer from idle to
busy after a user clicks a link
• Allowing the plug-in to use fonts on the client device to
display text as the user types and the plug-in is awaiting the
redrawn screen from the server
SpeedScreen Latency Reduction

Enabling SpeedScreen Latency Reduction

HDX 3D Image Acceleration uses a lossy compression
scheme to reduce the size of images by removing redundant
data, which reduces the amount of bandwidth needed to
transfer the file.
HDX 3D Image Acceleration

Enabling HDX 3D Image Acceleration

HDX 3D Progressive Display

Enabling HDX 3D Progressive Display

Match the session optimization technology listed in the book
with the issue that each would best resolve.
Practice: Determing the Session Optimization
Technology

A user profile consists of the following elements:
• A registry hive
• A set of profile folders stored in the file system
User Profiles

Profile types include:
• Local user profiles
• Roaming user profiles
• Mandatory user profiles
• Temporary user profiles
Differentiating User Profile Types

Folder redirection:
• Provides administrators the ability to modify the target
location of folders found within the user profile
• Reduces the size of the user profile and decreases user
logon times
• Is transparent to users
Redirecting User Data

Citrix Profile management:
• Allows administrators to select specific parts of a profile to
be saved at logon and logoff
• Provides a method of saving personalized user profile
settings while decreasing the size of user profiles
Managing User Profiles

Enabling Profile Management

Understanding the Profile Management Logon
Process

Users can experience the following issues during a session:
• Users are unable to utilize a USB device during a session
• Users are unable to utilize multimedia-rich applications
during a session
• Users are unable to view Adobe Flash animations during a
session
• Users are not assigned the proper profile after logging on to
the client device
Troubleshooting User Experience Issues

• About the different session optimization display settings.
• About the different XenApp HDX settings.
• How to identify the Profile management components.
• How to install and configure Profile management.
Review

for Citrix XenApp 6
Configuring Self-Service
Applications

• Explain the role of Citrix Receiver
• Identify the plug-ins managed by Citrix Receiver
• Install Citrix Receiver for Windows
• Explain the role of Citrix Dazzle
• Identify the components of Citrix Merchandising Server
• Explain the Citrix online plug-in architecture and
communication
Overview

Citrix Receiver

Citrix Receiver for Windows has the following system
requirements:
• .NET Framework version 2.0 or later
• Internet Explorer 7.x, Internet Explorer 8.x, Firefox version
2.x or 3.x
• A compatible Windows operating system
Citrix Receiver for Windows

Citrix Receiver for Macintosh has the following system
requirements:
• One of the following operating system versions:
• Mac OSX 10.5, 32-bit or 64-bit (Intel only)
• Mac OSX 10.6, 32-bit or 64-bit
Citrix Receiver for Macintosh

Citrix Merchandising Server

Citrix Merchandising Server Architecture

Citrix Dazzle

Citrix Dazzle Communication Process

Plug-ins

Administrators can use one of the following options to deliver
plug-ins:
• Citrix Receiver and Merchandising Server
• Web Interface
• Active Directory
• Electronic Software Distribution
• Manual Installation
Plug-in Delivery

Citrix Online Plug-in for Windows

The online plug-in can be installed on client devices that meet
the following requirements:
• Operating System compatibility
• Browser compatibility
• VGA or SVGA video adapter with color monitor
• Windows-compatible sound card for sound support
(optional)
• A working network or Internet connection to servers
System Requirements

Types of online plug-ins include:
• Citrix online plug-in
• Filename: CITRIXONLINEPLUGINFULL.EXE
• Citrix online plug-in Web
• Filename: CITRIXONLINEPLUGINWEB.EXE
Installation Considerations

The Citrix online plug-in for Macintosh allows users to access
published resources from a familiar Macintosh desktop
environment.
Citrix Online Plug-in for Mac

Citrix online plug-in for Mac can be installed on client devices
that meet the following requirements:
• Mac OS X, Version 10.4 and above
• At least 256MB of RAM
• 29MB of free disk space
System Requirements

Citrix online plug-in for Mac installation packages:
• CITRIX_ONLINE_PLUGIN.DMG
• CITRIX_ONLINE_PLUGIN_WEB.DMG

The Client for Java is a Java applet that provides access to
applications running in a farm from any client device with a
standard web browser.
Client for Java

The Client for Java can run on client devices that meet the
following requirements:
• A web browser with Java 2, Standard Edition Version 1.4.x
or 1.5.x, configured to accept signed Java applets
• Network access to the web server that stores the client files
System Requirements

The following resources are required to deploy the Client for
Java:
• A copy of the client package
• A means of decompressing and unpacking the .ZIP or
.TAR.GZ package
• Administrator access to a web server
Deployment Considerations

The Citrix Receiver for Linux provides users with access to
resources published on XenApp servers.
Citrix Receiver for Linux

Systems running the Receiver for Linux must meet the
following requirements:
• Linux kernel version 2.6.18 or above, with glibc 2.3.4 or
above, libcap1 or libcap2 and udev support
• OpenMotif 2.3.1 (optional)
• 6MB of free disk space for the installed client and up to
13MB if the installation package will be expanded on the
disk
• 256 color video display or higher
System Requirements

Administrators should consider the following points when
installing the Receiver for Linux:
• USB support is enabled only if an administrator is logged on
as a privileged user when installing and configuring the
Receiver for Linux.
• Installations performed by non-privileged users will enable
users to access published resources on the server using the
Web Interface through one of the supported browsers.
• During installation, administrators will have the option of
specifying that GStreamer is enabled for multimedia
acceleration.

The following issues can appear in a XenApp environment:
• Merchandising Server cannot sync with Active Directory
• Merchandising Server stops allowing connections to the
Merchandising Server Administrative Console
• The Citrix Receiver icon does not appear in the notification
area after installation
Troubleshooting Self-Service Application
Issues

• About the role of Citrix Receiver
• How to identify the plug-ins managed by Citrix Receiver
• How to install Citrix Receiver for Windows
• About the role of Citrix Dazzle
• How to identify the components of Citrix Merchandising
Server
• About the Citrix online plug-in architecture and
communication
Review

Configuring Printing

Overview
By the end of this module you will be able to:y y
• Identify key printing concepts and terms
Id tif th th d th t b d t i i i t• Identify the methods that can be used to provision printers
• Identify the printing pathways and recognize when each
should be used
• Recognize the different universal printing options available
• Implement workspace control and proximity printing
• Configure printing bandwidth restrictions• Configure printing bandwidth restrictions

Printing Conceptsg p
When a user clicks Print in a session, XenApp:, pp
• Determines which printers to provide to the user
R t th ' i ti f• Restores the user's printing preferences
• Determines which printer is the default for the session

Demonstration: Local and Network
Printing
Watch as the instructor demonstrates how printing worksp g
when print jobs are directed to a printer connected locally to a
li t d i d h i t t dclient device or server and when printers are connected
across a network to a network print server.

Printing Securityg y
To increase client printing security, access to the clientp g y,
printers is restricted to:
Th t th t th Cit i P i t M S i i• The account that the Citrix Print Manager Service runs in
• Processes running in the SYSTEM account
• Processes running in the user's session

Default Printing Behaviorg
The default XenApp printing behavior includes:pp p g
• All printers on the client device are created automatically
Th li t d i l ll i t j b d t l ll• The client devices spool all print jobs queued to locally-
attached printers
• Processes running in the user's session
• XenApp uses the native Windows version of the printer
driver

Printer Auto-Creation
XenApp can auto-create:pp
• Locally attached printers, including locally-defined network
printersp
• Network printers
• Citrix Universal Printer

Controlling Client Printer Auto-Creationg

Practice: Printing Definitionsg
Match the printing policy rules in the table to the correctp g p y
terms.

Printing Pathwaysg y
In XenApp, print jobs can take two different printing pathways:pp, p j p g p y
• Network printing pathway
Cli t i ti th• Client printing pathway

Network Printing Pathwayg y
The network printing pathway refers to print jobs that arep g p y p j
routed from the XenApp server hosting the user's session to a
i t d th l d i tprint server and then spooled on a print server.

Configuring a Server Local Printerg g

Disabling the Network Printing Pathwayg g y

Client Printing Pathwayg y
The client printing pathway refers to print jobs that are routedp g p y p j
over the ICA protocol through the client device to the printer
d l d th h th l i t th li t d iand spooled through the plug-in to the client device.
The printer must be connected directly to the client device
through either a UNC path or physically through cablethrough either a UNC path or physically through cable.

Client Printers on the Network

Printing Pathway Demonstrationg y
Watch as the instructor demonstrates how print jobs arep j
routed when a user prints from a published application to a
l l i t d h li i d t di t i t j blocal printer and when a policy is used to direct a print job
from the published application to a network printer.

Printer Drivers
Printer drivers:
• Enable the operating system and applications to create
device-ready print data streams for specific print devicesy p p p
• Vary among manufacturers and models
• Vary in functionality in a multi-user environment

Printer Driver Typesyp
XenApp supports the following types of printer drivers:pp pp g yp p
• Native printer drivers
OEM i t d i• OEM printer drivers
• Citrix Universal printer drivers

Automatic Installation: In-Box Printer
Drivers

Automatic Installation: Printer Driver
Mapping and Compatibility

Practice: Printer Drivers
Provide the correct response for each question.p q

Citrix Universal Printingg
There are several different universal printing solutions. Anp g
administrator can configure a:
Cit i U i l P i t D i (EMF b d)• Citrix Universal Printer Driver (EMF-based)
• Citrix XPS Universal Printer Driver
• Citrix Universal Printer with a Citrix Universal Printer Driver

Enhanced MetaFile Format
The EMF format:
• Reduces the size of some print jobs
All j b t i t f t• Allows jobs to print faster
• Allows users to set printer properties and preview
documents before printing
• Reduces server load by saving bandwidth and CPU
processing

Configuring Citrix Universal Printing:g g g
Universal Driver Priority

Universal Printing

Universal Printing Preview Preference

Auto-Create Generic Universal Printer

Administrator-Assigned Network Printersg
Factors for when and how to configure network printersg p
include:
U i t• User requirements
• Client devices
• Network printer availability

Editing Network Printer Settingsg g

Specifying the Default Printerp y g

Workspace Control and Proximity Printingp y g

Configuring Proximity Printingg g y g

Printing Preferencesg
When users modify printing settings, the settings are stored iny p g g , g
the following locations:
O th li t d i• On the client device
• In a document
• On the server

Printing Preference Hierarchyg y
XenApp searches for printing preferences in the followingpp p g p g
order:
R t i d tti ( tti h d d i th i )• Retained settings (settings changed during the session)
• Changes to the printer settings for the printers on the client
device
• Printer settings stored on the server

Printing Propertiesg p
Printing properties are a combination of:g p p
• Printing preferences
P i ti d i tti• Printing device settings

Configuring Printer Property Retentiong g p y

Troubleshooting Printing Issuesg g
An administrator may encounter the following printing issues:y g p g
• Printers do not auto-create
P i t j b bl d f il t i t• Print jobs are garbled or fail to print
• Network printers are not available in the session
• Session appears to hang at startup when users are
disconnected from network

Review
By the end of this module you will be able to:y y
• Identify key printing concepts and terms
Id tif th th d th t b d t i i i t• Identify the methods that can be used to provision printers
• Identify the printing pathways and recognize when each
should be used
• Recognize the different universal printing options available
• Implement workspace control and proximity printing
• Configure printing bandwidth restrictions• Configure printing bandwidth restrictions

for Citrix XenApp 6
Securing XenApp

By the end of this module, you will be able to:
• Identify the components of a comprehensive XenApp
security solution
• Describe the SSL Relay communication flow
• Secure XenApp communications using SSL Relay
• Describe the benefits of using Citrix Access Gateway in a
XenApp environment
• Secure application access using Access Gateway
• Avoid or resolve common security configuration missteps
with simple solutions
Overview

Administrators can incorporate the following security
measures for XenApp servers:
• SecureICA
• SSL Relay
• Citrix Access Gateway
XenApp Security Solutions

SecureICA

Citrix SSL Relay:
• Encrypts traffic between Web Interface and the Citrix XML
Service
• Encrypts traffic between client devices and XenApp servers
• Authenticates XenApp servers
• Requires SSL certificates on XenApp servers and client
devices
Citrix SSL Relay

SSL Relay Communication

An administrator can use the following procedure to configure
SSL Relay:
1. Install a unique server certificate for each XenApp server.
2. Install a root certificate on each client device and Web
Interface server.
3. Configure the relay credentials, connections and
ciphersuites.
4. Restart the XenApp servers.
5. Configure the web servers running the Web Interface .
6. Configure the client devices.
Configuring SSL Relay

Access Gateway provides the following benefits:
• A secure and scalable device
• SmartAccess technology, which allows administrators to
control access based on user and endpoint device
characteristics
• Secure remote access to hosted applications and desktops
from the Internet
Access Gateway

The two Access Gateway deployment scenarios are:
• Access Gateway and the Web Interface in the DMZ
• Access Gateway in the DMZ and Web Interface in the
internal network
Access Gateway Deployment Scenarios

Access Gateway Communications (1 of 2)

Access Gateway Communications (2 of 2)

Digital certificates:
• SSL certificates verify the identity of systems in an SSL
connection
• Certificate authorities (CAs) issue certificates
• Server certificates confirm the identity of a server before a
client transmits data to it
• Root certificates confirm the authenticity of the CA signature
on the server certificates
Digital Certificates

Certificate requirements:
• Web Interface - Root certificate
• Citrix XML Service on XenApp servers - Server certificate
Access Gateway Certificate Requirements

Access Gateway Certificate Requirements

ICA proxy allows Access Gateway to secure access to hosted
applications with the following benefits:
• A hardened appliance in the DMZ
• Browser-only access to published resources
• Granular access control with secure application access
• Traffic optimization, compression and SSL offload
• Support for Citrix Receiver
Securing Access to Hosted Applications

ICA proxy mode is enabled in the Access Gateway
Administration Tool.
Enabling ICA Proxy Mode

SmartAccess:
• Enables access control to XenApp applications based on
Access Gateway policy expressions
• Passes the Access Gateway policy name to XenApp
• Lets XenApp determine the available applications based on
the policy settings
SmartAccess

Match the security solutions listed in the book with the
appropriate scenario in the table. Each solution is used at
least once.
Practice: Security Solutions

To enable Web Interface to work with Access Gateway, Web
Interface needs to know:
• The access method
• The FQDN of the Access Gateway
• The URLs of the Secure ticket Authority
Web Interface Configuration

Web Interface can be configured for the following access
methods:
• Gateway direct
• Gateway alternate
• Gateway translated
Access Methods

A client route:
• Specifies the access method to be used by client devices
• Is distinct from IP routing
• Allows control of access method for different types of
devices
Client Routes

The following Access Gateway settings can be configured:
• FQDN
• Port
• Enable session reliability
• Secure Ticket Authorities URLs
• Load Balancing
• Bypass failed servers for
Access Gateway Settings

An administrator can configure Web Interface for Access
Gateway connections by:
• Entering the IP address and netmask of the client network
• Selecting an access method
• Identifying the FQDN of the Access Gateway
• Identifying the port number of the Access Gateway virtual
server
• Adding the URLs of the Secure Ticket Authorities
Configuring Web Interface for Access Gateway
Connections

Security configuration best practices include:
• Always install the latest version of Citrix plug-ins.
• Use IP addresses rather than FQDNs to connect to the
Secure Ticket Authority.
• Secure connections between Access Gateway and other
services (such as LDAP and Web Interface) with SSL.
• Deploy Access Gateway in the DMZ and Web Interface in
the secure network.
• Ensure the management interface for Access Gateway and
XenApp are not routable from a public network and are
protected by host- and network-based firewalls.
Security Configuration Best Practices

The following issues can appear in a XenApp environment
configured with Access Gateway:
• The client cannot connect to Access Gateway
• IPv6 connections fail
• Access Gateway cannot connect to the Secure Ticket
Authority
• Users are not able to log in to Access Gateway
• A user is not able to log in to Access Gateway
• User gets a "Resource no longer available" error
Troubleshooting Access Gateway with XenApp

• How to identify the components of a comprehensive
XenApp security solution
• About the SSL Relay communication flow
• How to secure XenApp communications using SSL Relay
• About the benefits of using Citrix Access Gateway in a
XenApp environment
• How to secure application access using Access Gateway
• How to avoid or resolve common security configuration
missteps with simple solutions
Review

Overview
• Track the usage of XenApp licenses at a point in time and
over timeover time.
• Isolate ongoing issues in a XenApp environment to assist
with troubleshooting.
• Track the history of issues in a XenApp environment• Track the history of issues in a XenApp environment.
• Automate complex workflows.
• Access XenApp information using PowerShell and other
command-line tools.

Health Monitoring and Recoveryg y
Health monitoring and recovery:
• Verifies specified XenApp services
• Sends and alert or takes an action when the verification fails• Sends and alert or takes an action when the verification fails
• Is implemented as XenApp policies

EdgeSight Monitoringg g g
• License usage
• XenApp server performance and availability
• Published application performance and availability

EdgeSight Componentsg g p
A Citrix EdgeSight environment consists of the following
components:
• EdgeSight web console• EdgeSight web console
• EdgeSight agents
• EdgeSight server
• Web Component
• Microsoft SQL Server Database
• Microsoft SQL Server Reporting Services
Citrix License Server• Citrix License Server
• SMTP server
• SNMP server

License Usage Monitoringg g
• License usage is tracked by EdgeSight
• Both current and historical information is available

Configuring License Alertsg g
1. Navigate to Configure > Company Configuration > Alerts >
Rules.
2. Create a new alert rule XenApp Error Alerts > License
Server Connection Failure.
3. Create an optional alert action.

Viewing current license usage informationg g
1. Navigate to Track Usage > License Usage Summary tab
in the EdgeSight console.
2. Select a Product groups or Individual product and click
Go.

Viewing historical license informationg
1. Navigate to Track Usage > License Usage Trending in the
EdgeSight console.
2. Select Product groups or Individual product and click Go.
3 Select applicable timeframes using the Zoom button3. Select applicable timeframes using the Zoom button.
4. Click the magnifying glass icon to next to a product to
isolate trends.

Workflow Studio Overview
• Workflow
• Job
• Activity Library

Workflow Studio Architecture
• Management Console/Designer
• Designer Runtime
• Runtime Engine

Workflow Automation Use Cases
• Power Management
• User Provisioning
• Dynamic Resource Allocation
• Disaster Recovery• Disaster Recovery
• Product Automation
• Scheduled Restarts
• vDisk Image Updates
• Fault Recovery

Accessing the Server Farm usingg g
PowerShell
1. Open a PowerShell window from the Start menu.
2. Add the XenApp PowerShell snap-in:
3. Execute a XenApp PowerShell cmdlet.

Accessing the Server Farm usingg g
Commands
altaddr dscheck
app
auditlog
change
dsmaint
enablelb
icaportchange
ctxkeytool
ctxxmlss
icaport
imaport
query

Review
Complete the review questions and then go over them as a
class.

for Citrix XenApp 6
Additional Components

By the end of this module, you should be able to:
• Identify the purpose and key components of SmartAuditor
• Identify the purpose and key components of Single sign-on
• Identify the purpose and key components of EasyCall voice
services
• Identify the purpose and key components of Branch
optimization
• Identify the purpose and key components of Provisioning
Services
• Identify the purpose and key components of XenServer
Overview

SmartAuditor allows an organization to record the on-screen
activity of any user's session, over any type of connection,
from any server running XenApp.
SmartAuditor

The main components of SmartAuditor include:
• SmartAuditor Database
• SmartAuditor Server
• SmartAuditor Policy Console
• SmartAuditor Agent
• SmartAuditor Player
SmartAuditor Components

The SmartAuditor recording process:
1. A user launches a published application running on
XenApp
2. The SmartAuditor Agent queries the SmartAuditor Server
3. The SmartAuditor Server tells the SmartAuditor Agent if
the user should be recorded
4. The SmartAuditor Agent records the session
5. The SmartAuditor Server stores the session metadata to
the database and the session recording to disk
Session Recording Process

Single sign-on provides password security and single sign-on
access to:
• Windows, web, and terminal emulator applications running
in the XenApp environment
• Applications running on the client device
Single Sign-on

The main components of Single sign-on include:
• Central Store
• Delivery Services Console
• Single sign-on plug-in
• Single sign-on service (optional)
Single Sign-on Components

Single sign-on process:
• The Single sign-on plug-in is installed on the client device
• A users attempts to access an application that requires
authentication
• The plug-in detects the application request for
authentication
• The plug-in locates the correct credentials and submits
them to the application
• The local and central stores are synchronized
Single Sign-on Process

EasyCall voice services integrates with the existing telephone
system and corporate directory and enables a user to call any
phone number displayed in published, streamed, or installed
applications without dialing the number.
EasyCall Voice Services

The main components of EasyCall include:
• EasyCall Gateway
• Communications plug-in
• EasyCall Web Services APIs
EasyCall Components

EasyCall allows each user to create profiles for work, home
and mobile phones. These profiles are used by the EasyCall
Gateway to contact the user when a call is placed.
EasyCall Process

Citrix Branch Optimization is a WAN optimization solution that
provides a LAN-like desktop and application experience to
branch and mobile users.
Branch Optimization

Branch Repeater Components

The Branch Optimization solution can be easily deployed
because it is transparent to both the application and the
network.
Branch Optimization Process for the Plug-in

Provisioning Services

Provisioning Services Components

Power and Capacity Management:
• Dynamically scales the number of online virtualized XenApp
servers
• Records utilization and capacity levels
Power and Capacity Management

Power Management controls the power on and power off
operations for the servers in a workload or farm.
Power Management

Load consolidation saves power and reduces costs by
combining sessions onto fewer servers.
Load Consolidation

The main components of Power and Capacity Management
include:
• Agent
• Concentrator
• Database
• Reporting
• Management Console
Power and Capacity Management Components

Presentation basic administration for citrix xen app 6

Presentation basic administration for citrix xen app 6

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Presentation basic administration for citrix xen app 6

Semelhante a Presentation basic administration for citrix xen app 6 (20)

Mais de xKinAnx

Mais de xKinAnx (20)

Último

Último (20)

Presentation basic administration for citrix xen app 6