2. Overview
Topics covered in the module include:
• Student Introductions
• Facilities
• Course Materials
C P i it• Course Prerequisites
• Course Outline
• Citrix Education
• Course Evaluation and Completion Certificate• Course Evaluation and Completion Certificate
3. Student Introductions
Include the following information in your
introduction:
• Name and companyp y
• Job title
J b ibilit• Job responsibility
• Networking and load balancing experience
• Citrix hardware and software experience
• Class expectations• Class expectations
4. Facilities
• Parking
• Restroom and phone locations
• Class policiesp
• Break and lunch schedules
E i f ti• Emergency information
6. Course Prerequisitesq
Prerequisites include knowledge of the following
t itopics:
• Microsoft Windows Server 2008 with Terminal
S i Mi ft Wi d S 2008Services or Microsoft Windows Server 2008
R2 with Remote Desktop Services
B i k l d f i t lli li ti• Basic knowledge of installing applications
• Basic network security principles
7. Agenda for Day Oneg y
Agenda includes:
M d l 1 I d i d C O iModule 1: Introductions and Course Overview
Module 2: Introducing XenApp
Module 3: Licensing XenApp
Module 4: Installing XenAppModule 4: Installing XenApp
Module 5: Configuring XenApp Administration
8. Agenda for Day Twog y
Agenda includes:
M d l 6 I lli d C fi i W bModule 6:Installing and Configuring Web
Interface
Module 7:Delivering Applications and Content
Module 8: Streaming Application
9. Agenda for Day Threeg y
Agenda includes:
Module 9: Configuring Policies
Module 10:Configuring Load Managementg g g
10. Agenda for Day Fourg y
Agenda includes:
M d l 11 O i i i h U E iModule 11: Optimizing the User Experience
Module 12: Configuring Self-Service
Applications
Module 13: Configuring Printing
11. Agenda for Day Fiveg y
Agenda Includes:
Module 14: Securing XenApp
Module 15: Monitoring XenAppg pp
Module 16: Additional Components
12. Citrix Education
• Citrix Training and Citrix Certifications benefit:
• Organizations• Organizations
• IT professionals
• Key resources include:y
• Instructor-led training (ILT) courses
• eLearning courses
• Exams
• Certification Manager
To obtain detailed information on Citrix training and
tifi ti i it th it i d ti b itcertification, visit the www.citrixeducation.com web site
13. Course Evaluation and Completion Certificatep
Course Evaluation Survey
Is available onlineIs available online
Takes approximately 5 minutes to complete
Provides Citrix with valuable feedback
Course Completion Certificate
Is available to students who complete the course evaluation survey
Can be printed emailed or saved to an HTML fileCan be printed, emailed or saved to an HTML file
16. Overview
At the end of this module, you will be able to:
• Identify the features of XenApp
• Identify the basic architecture of XenApp and the farm
components
• Identify the functionality provided by the Delivery Services
Console
18. XenApp 6 Featurespp
XenApp 6 contains a robust set of features that provide
administrators and users with the best functionality possible
for an end-to-end application delivery solution.
See the www.citrix.com web site for a comprehensive list of
all features.
19. XenApp Architecturepp
Primary XenApp architecture consists of:
• XenApp servers
• Web Interface servers• Web Interface servers
• Data collector
• Data Store database
• License server
• Worker groups
21. Single and Multiple Farm Environmentsg p
In single farm environments:
• All XenApp servers use the same data store
• Servers can be grouped into a single zone or multiple zones• Servers can be grouped into a single zone or multiple zones
• Applications can be load balanced across servers in farm
In multiple farm environments:
• Each farm has its own data storeEach farm has its own data store
• Applications can be load balanced across servers in farm,
but not across multiple farms
22. Data Store
The Data Store database maintains farm data, including:
• Farm configuration information
• Published application configurations• Published application configurations
• Server configurations
• Farm management security
• Printer configurations
• License Server name and port
23. Data Store Updates and the Local Hostp
Cache
The Local Host Cache contains information about:
• All the servers in the farm and their basic information
• All applications published in the farm and their properties
• All Windows network domain trust relationships within the
farm
24. Independent Management Architecturep g
(IMA)
The IMA service:
• Provides a centralized framework used by administrative
tools for XenApptools for XenApp
• Delivers subsystems that collectively provide functionality to
current and future Citrix products
• Runs on all servers with XenApp installed and is enabled by• Runs on all servers with XenApp installed and is enabled by
default during installation
• Communicates through messages sent over TCP port 2512,
b d f lt f t i tiby default, for server-to-server communication
26. Data Collector Election
The data collector maintains dynamic data for servers in the
zone. Therefore, each server must be able to contact the data
collector for the zone.
If the data collector is unavailable, an election occurs and
another server in the zone takes over the role of the data
collector.
27. Zones
A logical group of XenApp servers communicating with a
single data collector is called a zone. Zones are typically
based on subnets.
Sharing data across zones can cause an increase in
bandwidth consumption. As a best practice, keep the number
of zones to a practical minimum. One zone is optimal.
28. Additonal XenApp Componentspp p
XenApp contains additional components to enhance the
functionality of the solution, including the following:
• Load Manager• Load Manager
• Resource Manager (Powered by Citrix EdgeSight)
• Access Gateway VPX
• Citrix XenApp Provider
• Delivery Services Console
• License Administration ConsoleLicense Administration Console
• Citrix Plug-ins
34. Overview
At the end of this module, you will be able to:
• Explain XenApp licensing communications and license
typestypes
• Configure License Administration Console ports and
administrators
• Install the Citrix License Server and import license files into• Install the Citrix License Server and import license files into
the console
• Explain how the license server can be made highly available
35. XenApp Licensingpp g
Licensing Process Overview:
1) Install Licensing components
2) Obtain a license file from www mycitrix com website2) Obtain a license file from www.mycitrix.com website
3) Add the license file to the license server
36. Licensing Communication
An administrator must perform the following tasks for a
g
license server to accept connection and license requests:
• Add a license file to the license serverAdd a license file to the license server
• Configure the farm to use a specific license server
Citrix Confidential - Do Not Distribute
37. License Communication Process
The following steps describe the licensing communication process for
h ki t li f li t d ichecking out a license for a client device:
1. A user connects to Farm A.
2 A server in Farm A requests a license from License Server 12. A server in Farm A requests a license from License Server 1.
3. License Server 1 grants the requests and checks out a license for the
client device.
4. The same users connects to Farm B.
5. A server in Farm B requests a license from License Server 1.
6. License Server 1 grants the requests and uses the existing license for
the client device.
Citrix Confidential - Do Not Distribute
38. License Typesyp
XenApp uses concurrent user licenses, which are licenses
that are not tied to specific users.
When a server requests a license it is reserved for a specificWhen a server requests a license, it is reserved for a specific
client device/user combination. When the user logs off from
the session, the license is returned to the license pool and
made available for another user. Users connecting from
multiple devices will consume multiple licenses.
40. Microsoft Remote Desktop Servicesp
XenApp extends the functionality of Microsoft Remote
Desktop Services (formerly Terminal Services), which is a
presentation virtualization platform for Windows Server.
XenApp 6 leverages Windows Server 2008 R2 security
enhancements and Remote Desktop Services architecture to
add dimensions of flexibility, manageability, security and
Performance.
41. Remote Desktop Licensingp g
Administrators must configure a Remote Desktop Licensing
server in the environment to distribute Remote Desktop
licenses.
To avoid adding the Remote Desktop Licensing
server to each new Remote Desktop Services server that
joins the domain, administrators can configure an Active
Directory group policy to automatically assign the Remote
Desktop Licensing server to each new server that joins theDesktop Licensing server to each new server that joins the
domain.
42. Additional Licensing Considerationsg
Include the following:
• Different connections can consume multiple licenses.
• Most application manufacturers require user licenses for• Most application manufacturers require user licenses for
their products
43. License Administration Console
The License Administration Console is a required, web-based
interface that allows an administrator to maintain the license
server and manage license files for that license server.
The console can be used to perform the following actions:
• Tracking license usage
• Reporting on current license usage
• Configuring license alerts
• Configuring delegated administratorsConfiguring delegated administrators
46. Installing Licensingg g
It is a best practice to install the license server first. If
licensing is installed after XenApp, a policy must be
configured to point to the license server.
Licensing can exist on a separate server or can share a
server with another component.
48. Uninstalling Licensingg g
An administrator may needto uninstall licensing for a variety
of reasons, including moving the component to another
system or renaming the system. Some of the files are not
deleted such as the license filedeleted, such as the license file.
When the license file is moved to a server with a different
name from the current hostname, the license file must be
returned to Citrix and exchanged for a license file that
indicates the new server name.indicates the new server name.
49. License Server Considerations
Additional considerations include the following:
• XenApp does not need to be on the same system as the
license server.
• For fewer than 200 product servers a shared license serverFor fewer than 200 product servers, a shared license server
is recommended
50. License File Managementg
License files store the company license information in a plain
text format with authenticated content. Each license file can
store information for one or more licenses; a license server
can store one or more license filescan store one or more license files.
The license file is stored on a license server in the
%PROGRAMFILES%CITRIXLICENSINGMYFILES
directory
51. Obtaining License Filesg
To obtain a license file, an administrator must log on to the
MyCitrix web site using personalized credentials. To create a
new account, simply click on the New User link and follow the
instructionsinstructions.
52. Subscription Advantagep g
Citrix products include a one-yearmembership to Subscription
Advantage. This membership provides major releasesminor
releases and product update downloads through the
MyCitrix web siteMyCitrix web site.
The membership includes email notifications concerning the
account and new items available for members. Members can
view, update and obtain benefit information and privileges on
MyCitrix at any time.MyCitrix at any time.
53. High Availability Considerationsg y
A duplicate license server is one option for creating a backup
license server. The backup license server must duplicate
such essential information as the hostname and the server IP
address This is especially important if the farm or servers areaddress. This is especially important if the farm or servers are
pointing to an IP address instead of the server name to
resolve to the license server.
54. Additional License Server Processes
Additional License Server processes include:
• Enabling a replacement license server
• Connecting to a different license server• Connecting to a different license server
• Replacing the license server
55. License Server Clusteringg
Licensing provides administrators with a 30 day recovery
grace period. To ensure high availability of the license server
beyond the 30 day recovery grace period, licensing supports
Microsoft clustering Clustering the license serverMicrosoft clustering. Clustering the license server
provides users with continuous access to applications in
failure situations.
For more information, see Citrix Knowledge Base article
CTX104878.CTX104878.
56. Review
In this module, you learned:
About XenApp license communications and license types
How to configure the License Administration Console with
ports and administratorsports and administrators
How to install the Citrix License Server and manage license
files
About how the license server can be made highly availableAbout how the license server can be made highly available
59. Overview
At the end of this module, you will be able to:
• Identify the methods that can be used to install XenApp
• Identify the XenApp hardware and software requirementsIdentify the XenApp hardware and software requirements
• Make installation decisions appropriate for an environment
Citrix Confidential - Do Not Distribute
61. Unattended Installation and Configuration
Unattended installation can be performed using the following
g
files:
• XENAPPSETUPCONSOLE.EXEXENAPPSETUPCONSOLE.EXE
• XENAPPCONFIGCONSOLE.EXE
Citrix Confidential - Do Not Distribute
62. Hardware Requirements
Hardware requirements include:
q
• 64-bit CPU
• 512MB RAM (minimum)512MB RAM (minimum)
• 32GB disk space (minimum)
• 6MB to 120MB for Web Interface plus 3 5MB for each site• 6MB to 120MB for Web Interface plus 3.5MB for each site
Citrix Confidential - Do Not Distribute
63. Software Requirements
• XenApp must be installed on a Windows Server 2008 R2
q
operating system (64-bit)
• XenApp components such as the Delivery Services Console
and Web Interface can be installed on additional operatingand Web Interface can be installed on additional operating
systems
Citrix Confidential - Do Not Distribute
64. Installation Decisions
Best practices for installation:
• Review configuration options prior to installing the product
• Ensure that the person installing XenApp is a member ofEnsure that the person installing XenApp is a member of
the Administrators group
• Maintain proper licensing
Citrix Confidential - Do Not Distribute
65. XenApp Configuration Options
During XenApp configuration, administrators select options
pp g p
for XenApp components and features
Citrix Confidential - Do Not Distribute
66. Which Farm or Zones Will Be Used in the
A farm:
Environment?
• Can be managed as a single entity
• Use a single data store databaseUse a single data store database
• Can balance load among server in the farm
Zones:Zones:
• Are a logical grouping of servers within a farm
A t i ll b d hi l ti• Are typically based on geographic location
Citrix Confidential - Do Not Distribute
67. Which License Server Will Be Used for the
A License Server:
Server Farm?
• Can be installed before, during or after the XenApp
installation
• Can be installed on a dedicated server or a server that
provides additional functionality
Citrix Confidential - Do Not Distribute
68. Which Database Engine Will Be Used for the
The following database software can be used for the XenApp
g
Data Store Database?
data store:
• Microsoft SQL Server Express 2005Microsoft SQL Server Express 2005
• Microsoft SQL Server Express 2008
• Microsoft SQL Server 2005• Microsoft SQL Server 2005
• Microsoft SQL Server 2008
O l 11 R2• Oracle 11g R2
Citrix Confidential - Do Not Distribute
69. Will Shadowing Be Enabled?
Shadowing allows authorized users to view and interact with
g
user sessions
• The default shadowing sessions are recommended for mostThe default shadowing sessions are recommended for most
farms
• If shadowing is prohibited during the XenApp installation, it
cannot be enabled without reinstalling XenApp
Citrix Confidential - Do Not Distribute
70. On Which Port Will the Citrix XML Service Run?
The Citrix XML Service:
• Communicates the least busy server and names of
published resources
• Uses port 80, by default
• Can share port 80 with IIS
• Can be set to use a port other than port 80
Citrix Confidential - Do Not Distribute
71. When Will Users Be Added to the Local Remote
Users can be added before or after XenApp installation.
Desktop Users Group?
Options include:
• Add the authenticated usersAdd the authenticated users
• Add the list of users from the Users group
• Add anonymous users• Add anonymous users
Citrix Confidential - Do Not Distribute
72. Which Pass-through Client Will Be Used in the
The pass-through client:
g
Environment?
• Gives users of older, less feature-rich clients access to the
features of the Citrix online plug-in
• Allows users to access their published applications through
a XenApp Services site
Citrix Confidential - Do Not Distribute
73. Will Pass-through Authentication Be Used in
Pass-through authentication:
g
the Environment?
• Authenticates a user to XenApp using the credentials used
to log on to Windows
• Can be enabled during installation
• Requires the plug-in to be reinstalled on a server, if pass-
fthrough authentication is enabled after the XenApp
installation
Citrix Confidential - Do Not Distribute
74. Will Information in the Data Store and
Configuration Logging Databases Be Protected
with IMA Encryption?
IMA encryption:
• Can encrypt the credentials of the data store andCan encrypt the credentials of the data store and
configuration logging databases
• Must be enabled on all XenApp servers if it will be used
• Can be enabled using the CTXKEYTOOL command
Citrix Confidential - Do Not Distribute
75. Web Interface Installation Decisions
Decisions include:
• Where will the Web Interface components be installed?
• Will the Citrix plug-ins be copied to the server?Will the Citrix plug ins be copied to the server?
Citrix Confidential - Do Not Distribute
76. Review
Complete the review questions and then go over the answers
as a class.
Citrix Confidential - Do Not Distribute
79. By the end of this module, given an environment containing
XenApp, you will be able to:
• Add and configure worker groups.
• Add and configure administrative accounts and
permissions.
• Identify the components required for configuration logging.
• Log administrative changes made to a XenApp farm
environment.
Citrix Confidential - Do Not Distribute
Overview
81. Worker groups:
• Can be used to identify the group of servers that will host an
application
• Can ease the task of publishing resources
Citrix Confidential - Do Not Distribute
Publishing Applications to Worker Groups
82. Worker group preference lists:
• Identify which worker group has priority
• Are required in order for users to be redirected to servers in
a worker group
Citrix Confidential - Do Not Distribute
Prioritizing Worker Groups
83. Worker groups:
• Can be used as a filter with Citrix policies
• Ease the application of policies to specific servers
Citrix Confidential - Do Not Distribute
Filtering Policies to Worker Groups
84. XenApp Administrators:
• Require an account to administer XenApp
• Are assigned a privilege level which determines their
permissions
• Should each be provided with an individual administrator
account
Citrix Confidential - Do Not Distribute
Administrator Privilege Levels
85. Considerations include:
• Administrators with restricted privileges cannot connect to
XenApp sessions unless the license server has a valid
XenApp license file
• Groups and individual users can be granted administrator
permissions
• An administrator whose account is disabled will still be able
to log on to the Delivery Services Console if a group to
which the administrator belongs is granted permissions to it
• An administrator account can be deleted from the farm by
right-clicking the administrator name and clicking Delete
Citrix Confidential - Do Not Distribute
Creating Administrator Accounts
88. Example:
A new junior administrator account is created and disabled
while the administrator is away for three weeks of training.
Citrix Confidential - Do Not Distribute
Disabling an Administrator Account Example
90. Folders:
• Can be created for applications and servers
• Improve the organization and ease of finding objects
• Improve browsing performance of the Delivery Services
Console
• Allow a more granular administration configuration
Citrix Confidential - Do Not Distribute
Configuring Folder Permissions
92. Use your knowledge of folders and permissions to provide the
answers to the scenarios located in the book.
Citrix Confidential - Do Not Distribute
Practice: Delegating Administration
93. Configuration logging:
• Allows administrators to track administrative changes
• Determines who performed the change, when the change
was made and provides details about whether the change
was successful or not
• Can provide configuration log reports
Citrix Confidential - Do Not Distribute
Configuration Logging
94. The Configuration Logging database:
• Logs all changes made to the farm using the Delivery
Services Console, command line utilities and custom tools
• Can use either a Microsoft SQL Server or Oracle database
• Can be protected with IMA encryption
Citrix Confidential - Do Not Distribute
Creating the Configuration Logging Database
96. Configuration Logging settings include:
• Log administrative tasks to Configuration Logging database
• Allow changes to the farm when logging database is
disconnected
• Require administrators to enter database credentials before
clearing the log
Citrix Confidential - Do Not Distribute
Enabling Configuration Logging
97. In this module, you learned:
• How to add and configure worker groups
• How to add and configure administrative accounts and
permissions
• About the components required for configuration logging
• How to log administrative changes made to a XenApp farm
environment
Citrix Confidential - Do Not Distribute
Review
98.
99. Basic Administration
f Cit i X A 6for Citrix XenApp 6
Installing and Configuring the
W b I t fWeb Interface
100. Overview
By the end of this module, given an environment containing
XenApp, you will be able to:
• Describe the Web Interface communication process
• Install and configure the Web Interface
• Create and configure XenApp Web and XenApp Services sites
• Configure client delivery and customizations
• Configure explicit, pass-through and smart card authentication
• Configure secure access settings for the Web Interface
• Configure the Web Interface to communicate with XenApp farms
• Remove a Web Interface site
Citrix Confidential - Do Not Distribute
101. Web Interface Communications
The following ports are used for communication with the Web
Interface:
• 80: This port is used by plug-ins using the TCP+HTTP80: This port is used by plug ins using the TCP HTTP
protocol to communicate with servers. This port must be
opened on firewalls for inbound packets from plug-ins to
locate serverslocate servers
• 443: This port is used by Citrix SSL Relay to secure
communications between the Web Interface web server and
the farm
Citrix Confidential - Do Not Distribute
103. Web Interface Installation
For security and performance, the Web Interface should not
be installed on a XenApp server. Client devices accessing
XenApp Web sites must have a web browser and supportedXenApp Web sites must have a web browser and supported
plug-in to connect to the Web Interface sit
Citrix Confidential - Do Not Distribute
105. Site Creation
Administrators can create two types of Web Interface sites:
• XenApp Web site - allows users to access remote
applications, virtualized applications and content using a
web browserweb browser
• XenApp Services site - allows users to access remote
applications,virtualized applications and content using aapplications,virtualized applications and content using a
Citrix online plug-in
Citrix Confidential - Do Not Distribute
106. Creating a Web Interface Siteg
Citrix Confidential - Do Not Distribute
108. XenApp Web Site Configuration Options
During the configuration of a XenApp Web site, the
pp g p
administrator must specify:
• The farm name, XML servers, XML service port andThe farm name, XML servers, XML service port and
transport type to use for the site
• Authentication settings and domain restrictions, if any
• The logon screen appearance
• The published resource types to be provided by the sitep yp p y
Citrix Confidential - Do Not Distribute
109. XenApp Web Site Authentication Settingspp g
Citrix Confidential - Do Not Distribute
110. Active Directory Federation Services
Users can also access published applications using Active
y
Directory Federation Services (ADFS). ADFS extends the
existing Active Directory infrastructure to provide access toexisting Active Directory infrastructure to provide access to
resources offered by trusted partners across the Internet.
Citrix Confidential - Do Not Distribute
111. Logon Screen Appearance
The administrators can set the logon screens to:
g pp
• Minimal: displays only the logon fields
• Full: displays the header area, navigation bar, logon fields,Full: displays the header area, navigation bar, logon fields,
along with the Preferences and Messages tabs
Citrix Confidential - Do Not Distribute
114. CONFIG.XML File
An administrator can also configure a XenApp Web and
XenApp Services site by editing the CONFIG.XML file.
Citrix Confidential - Do Not Distribute
115. Web Interface Site Modification
Administrators can modify a Web Interface site by using one
of the following methods:
• The Web Interface configuration file, which allows
administrators to modify the Web Interface parametersadministrators to modify the Web Interface parameters
directly in the WEBINTERFACE.CONF file stored on the
local web server
• Citrix Web Interface Management console, which allows
administrators to modify the settings stored in the local
configuration fileconfiguration file
Citrix Confidential - Do Not Distribute
116. Modifying the Web Interface Configuration Filey g g
Citrix Confidential - Do Not Distribute
117. Using the Web Interface Management Consoleg g
Citrix Confidential - Do Not Distribute
122. Session Preferences
Administrators can configure many session
preferences, including the following:
• Whether kiosk mode is enabled or disabledWhether kiosk mode is enabled or disabled
• Whether the Preferences button in the Web Interface site
is displayed to users
• The length of time a user session can be inactive before
the session is logged off
• Whether browser bookmarks can be used to access
resources
Citrix Confidential - Do Not Distribute
124. Session Options
An administrator can configure the following session options
p
for a XenApp Services site:
• Window sizeWindow size
• Font smoothing
• Color and sound quality• Color and sound quality
• Key combinations
S i l f ld di ti• Special folder redirection
• Workspace control
Citrix Confidential - Do Not Distribute
127. Workspace Control
The workspace control feature allows users to disconnect and
p
reconnect to sessions as they move between different client
devices. For example, in a health care environment, asdevices. For example, in a health care environment, as
doctors move around the hospital, they may require access to
the same sessions from different locations Using workspacethe same sessions from different locations. Using workspace
control, the doctors are able to quickly reconnect to
li ti iapplication sessions.
Citrix Confidential - Do Not Distribute
128. Workspace Control Functionality
Workspace control:
p y
• Only reconnects users to existing sessions on XenApp
servers. If a session is logged off, workspace control cannot
reconnect to itreconnect to it
• Cannot reconnect anonymous users to applications after
they disconnectthey disconnect
• Prompts smart card users for their PINs for each
reconnected session if pass-through authentication with
smart cards is enabled
• Requires that the Web Interface site be set to override the
client name setting in the Manage Session Preferences taskclient name setting in the Manage Session Preferences task
Citrix Confidential - Do Not Distribute
129. Workspace Control Configuration Options
Workspace Control configuration options include:
p g p
• Automatically reconnect to sessions when users log in
• Enable the Reconnect buttonEnable the Reconnect button
• Logoff
Citrix Confidential - Do Not Distribute
132. Citrix Plug-ins and Web Interface
Access to resources through a Web Interface site requires
g
that a client device has a supported web browser and a
plug-in. A plug-in can be installed on the local client device orplug in. A plug in can be installed on the local client device or
embedded within the web browser used by the Web Interface
site In addition the Web Interface site can be used to deploysite. In addition, the Web Interface site can be used to deploy
the required plug-in.
Citrix Confidential - Do Not Distribute
133. Plug-in Deployment Options
The following plug-ins can me deployed to users from the
g p y p
Web Interface site:
• Native plug-inNative plug in
• Client for Java
• Remote Desktop Connection• Remote Desktop Connection
Citrix Confidential - Do Not Distribute
134. Automatically Detecting Plug-ins
If the plug-ins are copied to the server during the installation
y g g
of the Web Interface or later, then a Web Interface site on that
server can be configured to automatically detect and deployserver can be configured to automatically detect and deploy
the native plug-in to users running a supported web browser
Citrix Confidential - Do Not Distribute
135. Client Detection
The Client Detection option can be configured to check client
devices during the logon to the XenApp Web site to
determine if an appropriate plug-in is installed.determine if an appropriate plug in is installed.
If a plug in is not detected or a more appropriate plug in isIf a plug-in is not detected or a more appropriate plug-in is
available, an installation caption can be displayed on the Web
I t f Th i t ll ti ti idInterface screen. The installation caption provides an easy
method for users to download and install the required plug-in
software.
Citrix Confidential - Do Not Distribute
139. Client for Java
The Client for Java is a cross-platform compatible applet and
can be deployed using a XenApp Web site and any Java-
compatible web browser.compatible web browser.
An administrator can choose to deploy the Client for Java inAn administrator can choose to deploy the Client for Java in
low-bandwidth networks for greater security or in situations in
hi h th t i t ll ti f l i ft i ithwhich the permanent installation of plug-in software is neither
desired nor permitted.
Citrix Confidential - Do Not Distribute
140. Additional Packages to Include with Client for
Several packages can be included with the Client for Java.
g
Java
the size of the Client for Java download to memory is
determined by the packages included in the download. Thedetermined by the packages included in the download. The
fewer packages selected, the smaller the download.
Citrix Confidential - Do Not Distribute
143. Authentication Options
The following authentication options are available for XenApp
p
Web and XenApp Services sites:
• ExplicitExplicit
• Pass-through
• Pass through with smart card• Pass-through with smart card
• Smart card
A• Anonymous
Citrix Confidential - Do Not Distribute
144. Generic RADIUS Support
The Web Interface supports two-factor authentication using
pp
Generic RADIUS
Citrix Confidential - Do Not Distribute
145. Explicit Authentication
When explicit authentication is implemented, users
p
authenticate by specifying a user name, password and
domain.domain.
Citrix Confidential - Do Not Distribute
149. Two-Factor Authentication Configuration
The followingtwo-factor authentication methods are available:
g
• RSA SecurID
• SafeWordSafeWord
• RADIUS
Citrix Confidential - Do Not Distribute
153. Pass-through Authentication
Pass-through authentication allows users to authenticate to a
g
Web Interface site using the credentials provided during
logon to the client device. Users do not need to re-enter theirlogon to the client device. Users do not need to re enter their
credentials in the Web Interface logon page; their application
set is automatically displayedset is automatically displayed.
Citrix Confidential - Do Not Distribute
155. Smart Card Authentication
Users can authenticate to the Web Interface by inserting a
smart card into a smart card reader attached to the client
device. Smart card authentication can be configured for usedevice. Smart card authentication can be configured for use
in two ways: smart card only or pass-through with smart card.
Citrix Confidential - Do Not Distribute
156. Configuring Pass-through Authentication with
An administrator can use the Group Policy Management
g g g
Smart Cards
Console and the ICACLIENT.ADM file to configure plug-ins to
use pass-though or pass-through with smart carduse pass though or pass through with smart card
authentication by configuring the Local user name and
password settingpassword setting.
Citrix Confidential - Do Not Distribute
157. Citrix XML Service Trust Relationships
In order for the Web Interface to authenticate users, there
p
must be a trust relationship between the Web Interface server
and the XenApp servers. If pass-through or smart cardand the XenApp servers. If pass through or smart card
authentication methods are not used in the environment, a
Citrix XML Service trust relationship is not necessaryCitrix XML Service trust relationship is not necessary.
Citrix Confidential - Do Not Distribute
160. Secure Access Configuration
If a company is using Access Gateway or a firewall in a
g
deployment containing XenApp, an administrator can
configure a Web Interface site to include the appropriateconfigure a Web Interface site to include the appropriate
security settings.
Citrix Confidential - Do Not Distribute
164. Client-side Proxy Settings
Proxy servers are used to control access into and out of a
y g
network and act as an intermediary between the client
devices and the XenApp servers. Web Interface sites allowdevices and the XenApp servers. Web Interface sites allow
an administrator to configure whether or not users
communicate with XenApp servers through a client sidecommunicate with XenApp servers through a client-side
proxy server.
Citrix Confidential - Do Not Distribute
166. Server Configuration
An administrator can configure XenApp Web and XenApp
g
Services sites to communicate with one or more farms. An
administrator can add and edit farm names, specify the orderadministrator can add and edit farm names, specify the order
in which the farms are used for load balancing, and configure
communication settings and ticketing settingscommunication settings and ticketing settings
Citrix Confidential - Do Not Distribute
171. Specifying the XML Communication Port
The Web Interface communicates with the Citrix XML
p y g
Service. The port number used by the Citrix XML Service is
specified during the installation of XenApp. By default, thatspecified during the installation of XenApp. By default, that
port number is TCP/IP port 80. If Citrix XML Service is
configured to port share with IIS then the administrator mustconfigured to port share with IIS, then the administrator must
ensure that all servers in the farm have the Citrix XML
S i fi d t th tService configured to use the same port.
Citrix Confidential - Do Not Distribute
174. Troubleshooting Web Interface Issues
Reference the Citrix Knowledge Base (support.citrix.com) for
g
articles about troubleshooting and issues with Web Interface.
Citrix Confidential - Do Not Distribute
175. Review
Complete the review questions and go over the answers as a
class.
Citrix Confidential - Do Not Distribute
178. Overview
At the end of this module, you will be able to:
• Publish applications, content and server desktops for users
• Identify the components of VM hosted appsIdentify the components of VM hosted apps
• Identify advanced published resource settings
• Organize published resources for users• Organize published resources for users
• Disable and hide published resources
179. Publishing Resourcesg
• The two phases of publishing resources are:
• Basic
Name, type of resource, servers hosting, users who will access, yp , g,
• Advanced
File type association, application limits, CPU priority, encryptionFile type association, application limits, CPU priority, encryption
181. VM Hosted Appspp
VM hosted apps:
• Use Citrix XenDesktop technology to deliver applications
• Do not provide access to the desktopsp p
• Are hosted on a separate farm from XenApp
• Can share a Web Interface site with XenApp• Can share a Web Interface site with XenApp
184. Advanced Published Resource Settingsg
During the Advanced phase of the resource publishing
process, the administrator can:
• Allow published resource used with Citrix Access GatewayAllow published resource used with Citrix Access Gateway
• Associate file types
• Specify the application limits and CPU priority level• Specify the application limits and CPU priority level
• Control audio, encryption and printer initialization
C fi th bli h d• Configure the published resource appearance
187. Published Resource Configurationg
An administrator can use the Delivery Services Console to
view the following published resource-related information:
• General informationGeneral information
• Alerts
• Servers• Servers
• Configured users
C t d• Connected users
• Settings
189. Troubleshooting Application Deliveryg pp y
Issues
An administrator may encounter the following application
delivery issues:
• Client-to-server content redirection opens the publishedClient to server content redirection opens the published
application but does not open the local content
• File types for a published application do not appear in the
S CDelivery Services Console
• Users cannot find their application after it launches
• The Delivery Services Console fails to enumerate users or
sessions when specific Mac clients connect to XenApp
Servers
190. Review
At the end of this module, you will be able to:
• Publish applications, content and server desktops for users
• Identify the components of VM hosted appsIdentify the components of VM hosted apps
• Identify advanced published resource settings
• Organize published resources for users• Organize published resources for users
• Disable and hide published resources
193. Overview
At the end of this module, given an environment containing
X A ill b bl tXenApp, you will be able to:
• Identify the components required for application streaming
D ib th i ti th t t k l d i li ti• Describe the communications that take place during application
streaming
• Install the offline plug-in on a client device
• Configure applications for streaming to servers and the desktops• Configure applications for streaming to servers and the desktops
of Windows client devices
• Configure linked profiles for inter-isolation communication
• Publish a streaming profilePublish a streaming profile
• Configure XenApp Web and XenApp Services sites to stream
applications
• Configure offline access settingsg g
194. Application Streamingpp g
Application streaming includes the following capabilities:
• Local system resource usage
• Central application updates
• Isolation environmentsIsolation environments
• Windows Services isolation
• Inter-Isolation communication
• Application caching
D l d t i• Dual-mode streaming
• Offline access
• Support for Citrix Receiver
• Extended App-V integrationExtended App V integration
• Differential synchronization of updated profiles
• HTTP and HTTPS protocol support
• Backward compatibility
198. Streaming App-V Packagesg pp g
Administrators can manage and publish App-V applications
using the Delivery Services Console, allowing them to support
existing infrastructures based on App‐V.
Therefore, applications already sequenced with App‐V do not
need to be converted to or profiled as Citrix streaming profile
packages.
199. Citrix Offline Plug-ing
To access a streamed application, one of the following
combinations must be available:
• Citrix offline plug-in and Citrix online plug-in• Citrix offline plug-in and Citrix online plug-in
• Citrix offline plug-in with a web browser
200. Citrix Streaming Profilerg
The Profiler is an independent application that allows an
administrator to prepare Windows applications, web
applications, browser plug-ins, files, folders and registry
settings for streamingsettings for streaming.
The only software applications other than the Citrix Streaming
Profiler that should be installed on the Profiler system are the
operating system software and utilities.
201. Installing the Citrix Streaming Profilerg g
The profiling system run-time environment should be as close
to the environment of the client device as possible.
For example:For example:
• If applications are streamed to a XenApp server, the profiler
system should also be a XenApp server
If li ti t d t b th 32 d 64 bit• If applications are streamed to both 32- and 64-bit
operating system client devices, there should be two
separate profiling systems
• If standard programs, such as antivirus software, are part of
the company image, they should be installed on the profiling
system
203. Target Optionsg p
The target is selected from the profile based on a variety of
criteria:
• Operating System• Operating System
• Service Pack Level
• System Drive Letter
• Operating System Language
207. Known Limits for Profiling Applicationsg pp
Some applications cannot be profiled, including:
• Applications that contain drivers, such as Adobe Acrobat
ProfessionalProfessional
• Microsoft Internet Explorer
• 64-bit applications
Mi ft D t A C t (MDAC)• Microsoft Data Access Components (MDAC)
• .NET Framework
209. Application Delivery Methodspp y
The following delivery methods are available:
• Accessed from a server
• Streamed if possible otherwise accessed from a server• Streamed if possible, otherwise accessed from a server
• Streamed to client
210. The Web Delivery Methody
To use the web delivery method, an administrator must:
• Profile the application and save it to a file share
• Configure a virtual directory on the web server• Configure a virtual directory on the web server
• Create a virtual web site that points to the file share
containing the profile
P bli h th fil d li ti• Publish the profiled application
211. Streaming to Serversg
An administrator can stream an application to a server by
completing the following tasks:
• Create an application profile on a Windows Server 2008 R2
operating systemoperating system
• Ensure that a XenApp Web or XenApp Services site is
configured (Online or Dual mode)
• Ensure that the application is not installed on the XenApp• Ensure that the application is not installed on the XenApp
server
• Publish the application to stream to a XenApp server
218. Troubleshooting Streaming Issuesg g
Common streaming issues include:
• Applications do not stream
• Applications do not have full functionality
• Applications do not automatically update from vendor web• Applications do not automatically update from vendor web
sites
• Streamed applications do not recognize each other
A li ti t il bl ffli• Applications are not available offline
219. Review
Complete the review questions andComplete the review questions and
discuss the answers as a class.
222. Overview
At the end of this module you will be able to:
• Identify the types of Citrix policies that can be created
• Identify the methods for creating policiesIdentify the methods for creating policies
• Create and configure policies
• Apply policies using filters• Apply policies using filters
• Use policy modeling tools
223. Group Policy Integrationp y g
Citrix policies are:
• Configured within Group Policy Objects (GPOs)
• Linked to Active Directory domains, organizational unitsLinked to Active Directory domains, organizational units
(OUs) and sites
227. Policy Evaluationy
Policies are evaluated when one of the following occurs:
• A user logs on
• The server is rebootedThe server is rebooted
• The policy refresh interval is reached
• A policy update is forced• A policy update is forced
232. Policy Filteringy g
Policies can be:
• Unfiltered
• FilteredFiltered
• Worker Groups
• User and user groupsUser and user groups
• Client device name
• Client IP address range• Client IP address range
• Access control
233. Policy Modeling and Troubleshootingy g g
The Citrix Group Policy Modeling wizard can simulate a user
connection in order to test the policy settings.
Administrators can specify conditions for the simulation, suchAdministrators can specify conditions for the simulation, such
as:
• Domain controller• Domain controller
• Users
Cit i li filt• Citrix policy filters
• Slow network connection
234. Review
At the end of this module you will be able to:
• Identify the types of Citrix policies that can be created
• Identify the methods for creating policiesIdentify the methods for creating policies
• Create and configure policies
• Apply policies using filters• Apply policies using filters
• Use policy modeling tools
237. Overview
At the end of this module you will be able to:
• Describe the load balancing process
• Identify load calculation rulesIdentify load calculation rules
• Create and assign custom load evaluators
• Assign CPU resource preference to servers and users• Assign CPU resource preference to servers and users
• Configure session connection failover by creating new load
balancing policiesg p
Citrix Confidential - Do Not Distribute
238. Load Manager
Load Manager offers the following benefits to enterprises:
g
• Maximizes system efficiency
• Provides pre-defined load evaluatorsProvides pre defined load evaluators
• Provides the ability to create custom load evaluators
Citrix Confidential - Do Not Distribute
239. Load Balancing
Load Manager balances server load across the farm by:
g
• Using load evaluator rules to calculate server load
• Identifying which server is least-loadedIdentifying which server is least loaded
• Directing client connections to the least loaded server
Citrix Confidential - Do Not Distribute
240. Load Calculation
Load evaluators consist of rules that determine how load is
calculated.
Rules:
• Can query specific conditions and performance metrics for• Can query specific conditions and performance metrics for
servers and published applications
• Have a unique set of parameters for specifying thresholdsq p p y g
• Can exist together in a single load evaluator
Citrix Confidential - Do Not Distribute
241. Load Calculations
Load evaluators can be classified in the following categories:
• Moving average
• Moving average compared to high thresholdMoving average compared to high threshold
• Incremental
• Boolean• Boolean
Citrix Confidential - Do Not Distribute
246. Load Balancing Policiesg
The decision behind which server is most appropriate is often
based on business needs or technical limitations, such as:
Directing users to a backup serverDirecting users to a backup server
Directing specific users to dedicated servers
Reducing WAN traffic and improving user experienceReducing WAN traffic and improving user experience
250. Troubleshooting Load Management Issuesg g
Common self-service application issues include:
• Load management is not working correctly
• Load evaluator is showing full capacity, but server shouldLoad evaluator is showing full capacity, but server should
still be able to accept additional connections
251. Review
At the end of this module you will be able to:
• Describe the load balancing process
• Identify load calculation rulesIdentify load calculation rules
• Create and assign custom load evaluators
• Assign CPU resource preference to servers and users• Assign CPU resource preference to servers and users
• Configure session connection failover by creating new load
balancing policiesg p
Citrix Confidential - Do Not Distribute
254. By the end of this module, given an environment containing
XenApp, you will be able to:
• Describe the different session optimization display settings
• Describe the different XenApp HDX settings
• Identify the Profile management components
• Install and configure Profile management
Citrix Confidential - Do Not Distribute
Overview
255. Session performance can be optimized by configuring:
• Display settings
• HDX technologies
• Profile management
Citrix Confidential - Do Not Distribute
Optimizing Session Performance
257. HDX Broadcast Session Reliability allows a user to continue
to view, but not interact with, a published resource on the
screen of the client device when the connection to the server
is temporarily interrupted.
Citrix Confidential - Do Not Distribute
HDX Broadcast Session Reliability
259. Considerations include:
• Keeping the time a session remains active to a minimum
while waiting for connectivity to resume
• Optimizing port 2598 for ICA traffic
Citrix Confidential - Do Not Distribute
HDX Broadcast Session Reliability
Considerations
262. Design considerations include:
• Only one multimedia conferencing device is supported in a
XenApp session
• OCS increases the CPU cycles on the XenApp server
• Branch Repeater cannot be used to compress audio and
video traffic
• ICA Pass-through connections are not supported
• The Client audio redirection policy rule must be enabled to
allow for audio input through a microphone
Citrix Confidential - Do Not Distribute
Understanding HDX RealTime Design
Considerations
265. Design considerations include:
• Many USB devices will not function properly in low-
bandwidth or high-latency networks
• ICA Pass-through connections are not supported
Citrix Confidential - Do Not Distribute
Understanding HDX Plug-n-Play Design
Considerations
266. HDX MediaStream Multimedia Acceleration optimizes
multimedia playback by delivering it to the client in a
compressed form, which reduces bandwidth consumption.
Citrix Confidential - Do Not Distribute
HDX MediaStream Multimedia Acceleration
267. Benefits include:
• Multimedia playback in a XenApp session plays as
smoothly as a local playback
• Minimized server CPU utilization
• Decreased network bandwidth
Citrix Confidential - Do Not Distribute
HDX MediaStream Multimedia Acceleration
Benefits
269. HDX MediaStream for Flash:
• Optimizes the way a server renders and passes Adobe
Flash animations to client devices
• Forces the Flash Player to start in a low-quality mode
Citrix Confidential - Do Not Distribute
HDX MediaStream for Flash
271. SpeedScreen Latency Reduction optimizes the experience
for a user connecting over a high-latency network by:
• Changing the appearance of the mouse pointer from idle to
busy after a user clicks a link
• Allowing the plug-in to use fonts on the client device to
display text as the user types and the plug-in is awaiting the
redrawn screen from the server
Citrix Confidential - Do Not Distribute
SpeedScreen Latency Reduction
273. HDX 3D Image Acceleration uses a lossy compression
scheme to reduce the size of images by removing redundant
data, which reduces the amount of bandwidth needed to
transfer the file.
Citrix Confidential - Do Not Distribute
HDX 3D Image Acceleration
274. Enabling HDX 3D Image Acceleration
Citrix Confidential - Do Not Distribute
276. Enabling HDX 3D Progressive Display
Citrix Confidential - Do Not Distribute
277. Match the session optimization technology listed in the book
with the issue that each would best resolve.
Citrix Confidential - Do Not Distribute
Practice: Determing the Session Optimization
Technology
278. A user profile consists of the following elements:
• A registry hive
• A set of profile folders stored in the file system
Citrix Confidential - Do Not Distribute
User Profiles
279. Profile types include:
• Local user profiles
• Roaming user profiles
• Mandatory user profiles
• Temporary user profiles
Citrix Confidential - Do Not Distribute
Differentiating User Profile Types
280. Folder redirection:
• Provides administrators the ability to modify the target
location of folders found within the user profile
• Reduces the size of the user profile and decreases user
logon times
• Is transparent to users
Citrix Confidential - Do Not Distribute
Redirecting User Data
281. Citrix Profile management:
• Allows administrators to select specific parts of a profile to
be saved at logon and logoff
• Provides a method of saving personalized user profile
settings while decreasing the size of user profiles
Citrix Confidential - Do Not Distribute
Managing User Profiles
284. Users can experience the following issues during a session:
• Users are unable to utilize a USB device during a session
• Users are unable to utilize multimedia-rich applications
during a session
• Users are unable to view Adobe Flash animations during a
session
• Users are not assigned the proper profile after logging on to
the client device
Citrix Confidential - Do Not Distribute
Troubleshooting User Experience Issues
285. In this module, you learned:
• About the different session optimization display settings.
• About the different XenApp HDX settings.
• How to identify the Profile management components.
• How to install and configure Profile management.
Citrix Confidential - Do Not Distribute
Review
288. At the end of this module, you will be able to:
• Explain the role of Citrix Receiver
• Identify the plug-ins managed by Citrix Receiver
• Install Citrix Receiver for Windows
• Explain the role of Citrix Dazzle
• Identify the components of Citrix Merchandising Server
• Explain the Citrix online plug-in architecture and
communication
Citrix Confidential - Do Not Distribute
Overview
290. Citrix Receiver for Windows has the following system
requirements:
• .NET Framework version 2.0 or later
• Internet Explorer 7.x, Internet Explorer 8.x, Firefox version
2.x or 3.x
• A compatible Windows operating system
Citrix Confidential - Do Not Distribute
Citrix Receiver for Windows
291. Citrix Receiver for Macintosh has the following system
requirements:
• One of the following operating system versions:
• Mac OSX 10.5, 32-bit or 64-bit (Intel only)
• Mac OSX 10.6, 32-bit or 64-bit
Citrix Confidential - Do Not Distribute
Citrix Receiver for Macintosh
297. Administrators can use one of the following options to deliver
plug-ins:
• Citrix Receiver and Merchandising Server
• Web Interface
• Active Directory
• Electronic Software Distribution
• Manual Installation
Citrix Confidential - Do Not Distribute
Plug-in Delivery
299. The online plug-in can be installed on client devices that meet
the following requirements:
• Operating System compatibility
• Browser compatibility
• VGA or SVGA video adapter with color monitor
• Windows-compatible sound card for sound support
(optional)
• A working network or Internet connection to servers
Citrix Confidential - Do Not Distribute
System Requirements
300. Types of online plug-ins include:
• Citrix online plug-in
• Filename: CITRIXONLINEPLUGINFULL.EXE
• Citrix online plug-in Web
• Filename: CITRIXONLINEPLUGINWEB.EXE
Citrix Confidential - Do Not Distribute
Installation Considerations
301. The Citrix online plug-in for Macintosh allows users to access
published resources from a familiar Macintosh desktop
environment.
Citrix Confidential - Do Not Distribute
Citrix Online Plug-in for Mac
302. Citrix online plug-in for Mac can be installed on client devices
that meet the following requirements:
• Mac OS X, Version 10.4 and above
• At least 256MB of RAM
• 29MB of free disk space
• A working network or Internet connection to servers
Citrix Confidential - Do Not Distribute
System Requirements
303. Citrix online plug-in for Mac installation packages:
• CITRIX_ONLINE_PLUGIN.DMG
• CITRIX_ONLINE_PLUGIN_WEB.DMG
Citrix Confidential - Do Not Distribute
Installation Considerations
304. The Client for Java is a Java applet that provides access to
applications running in a farm from any client device with a
standard web browser.
Citrix Confidential - Do Not Distribute
Client for Java
305. The Client for Java can run on client devices that meet the
following requirements:
• A web browser with Java 2, Standard Edition Version 1.4.x
or 1.5.x, configured to accept signed Java applets
• Network access to the web server that stores the client files
Citrix Confidential - Do Not Distribute
System Requirements
306. The following resources are required to deploy the Client for
Java:
• A copy of the client package
• A means of decompressing and unpacking the .ZIP or
.TAR.GZ package
• Administrator access to a web server
Citrix Confidential - Do Not Distribute
Deployment Considerations
307. The Citrix Receiver for Linux provides users with access to
resources published on XenApp servers.
Citrix Confidential - Do Not Distribute
Citrix Receiver for Linux
308. Systems running the Receiver for Linux must meet the
following requirements:
• Linux kernel version 2.6.18 or above, with glibc 2.3.4 or
above, libcap1 or libcap2 and udev support
• OpenMotif 2.3.1 (optional)
• 6MB of free disk space for the installed client and up to
13MB if the installation package will be expanded on the
disk
• 256 color video display or higher
• A working network or Internet connection to servers
Citrix Confidential - Do Not Distribute
System Requirements
309. Administrators should consider the following points when
installing the Receiver for Linux:
• USB support is enabled only if an administrator is logged on
as a privileged user when installing and configuring the
Receiver for Linux.
• Installations performed by non-privileged users will enable
users to access published resources on the server using the
Web Interface through one of the supported browsers.
• During installation, administrators will have the option of
specifying that GStreamer is enabled for multimedia
acceleration.
Citrix Confidential - Do Not Distribute
Installation Considerations
310. The following issues can appear in a XenApp environment:
• Merchandising Server cannot sync with Active Directory
• Merchandising Server stops allowing connections to the
Merchandising Server Administrative Console
• The Citrix Receiver icon does not appear in the notification
area after installation
Citrix Confidential - Do Not Distribute
Troubleshooting Self-Service Application
Issues
311. In this module, you learned:
• About the role of Citrix Receiver
• How to identify the plug-ins managed by Citrix Receiver
• How to install Citrix Receiver for Windows
• About the role of Citrix Dazzle
• How to identify the components of Citrix Merchandising
Server
• About the Citrix online plug-in architecture and
communication
Citrix Confidential - Do Not Distribute
Review
314. Overview
By the end of this module you will be able to:y y
• Identify key printing concepts and terms
Id tif th th d th t b d t i i i t• Identify the methods that can be used to provision printers
• Identify the printing pathways and recognize when each
should be used
• Recognize the different universal printing options available
• Implement workspace control and proximity printing
• Configure printing bandwidth restrictions• Configure printing bandwidth restrictions
315. Printing Conceptsg p
When a user clicks Print in a session, XenApp:, pp
• Determines which printers to provide to the user
R t th ' i ti f• Restores the user's printing preferences
• Determines which printer is the default for the session
317. Demonstration: Local and Network
Printing
Watch as the instructor demonstrates how printing worksp g
when print jobs are directed to a printer connected locally to a
li t d i d h i t t dclient device or server and when printers are connected
across a network to a network print server.
318. Printing Securityg y
To increase client printing security, access to the clientp g y,
printers is restricted to:
Th t th t th Cit i P i t M S i i• The account that the Citrix Print Manager Service runs in
• Processes running in the SYSTEM account
• Processes running in the user's session
319. Default Printing Behaviorg
The default XenApp printing behavior includes:pp p g
• All printers on the client device are created automatically
Th li t d i l ll i t j b d t l ll• The client devices spool all print jobs queued to locally-
attached printers
• Processes running in the user's session
• XenApp uses the native Windows version of the printer
driver
325. Printing Pathwaysg y
In XenApp, print jobs can take two different printing pathways:pp, p j p g p y
• Network printing pathway
Cli t i ti th• Client printing pathway
326. Network Printing Pathwayg y
The network printing pathway refers to print jobs that arep g p y p j
routed from the XenApp server hosting the user's session to a
i t d th l d i tprint server and then spooled on a print server.
330. Client Printing Pathwayg y
The client printing pathway refers to print jobs that are routedp g p y p j
over the ICA protocol through the client device to the printer
d l d th h th l i t th li t d iand spooled through the plug-in to the client device.
The printer must be connected directly to the client device
through either a UNC path or physically through cablethrough either a UNC path or physically through cable.
333. Printing Pathway Demonstrationg y
Watch as the instructor demonstrates how print jobs arep j
routed when a user prints from a published application to a
l l i t d h li i d t di t i t j blocal printer and when a policy is used to direct a print job
from the published application to a network printer.
334. Printer Drivers
Printer drivers:
• Enable the operating system and applications to create
device-ready print data streams for specific print devicesy p p p
• Vary among manufacturers and models
• Vary in functionality in a multi-user environment
335. Printer Driver Typesyp
XenApp supports the following types of printer drivers:pp pp g yp p
• Native printer drivers
OEM i t d i• OEM printer drivers
• Citrix Universal printer drivers
340. Citrix Universal Printingg
There are several different universal printing solutions. Anp g
administrator can configure a:
Cit i U i l P i t D i (EMF b d)• Citrix Universal Printer Driver (EMF-based)
• Citrix XPS Universal Printer Driver
• Citrix Universal Printer with a Citrix Universal Printer Driver
341. Enhanced MetaFile Format
The EMF format:
• Reduces the size of some print jobs
All j b t i t f t• Allows jobs to print faster
• Allows users to set printer properties and preview
documents before printing
• Reduces server load by saving bandwidth and CPU
processing
354. Printing Preferencesg
When users modify printing settings, the settings are stored iny p g g , g
the following locations:
O th li t d i• On the client device
• In a document
• On the server
355. Printing Preference Hierarchyg y
XenApp searches for printing preferences in the followingpp p g p g
order:
R t i d tti ( tti h d d i th i )• Retained settings (settings changed during the session)
• Changes to the printer settings for the printers on the client
device
• Printer settings stored on the server
356. Printing Propertiesg p
Printing properties are a combination of:g p p
• Printing preferences
P i ti d i tti• Printing device settings
359. Troubleshooting Printing Issuesg g
An administrator may encounter the following printing issues:y g p g
• Printers do not auto-create
P i t j b bl d f il t i t• Print jobs are garbled or fail to print
• Network printers are not available in the session
• Session appears to hang at startup when users are
disconnected from network
360. Review
By the end of this module you will be able to:y y
• Identify key printing concepts and terms
Id tif th th d th t b d t i i i t• Identify the methods that can be used to provision printers
• Identify the printing pathways and recognize when each
should be used
• Recognize the different universal printing options available
• Implement workspace control and proximity printing
• Configure printing bandwidth restrictions• Configure printing bandwidth restrictions
363. By the end of this module, you will be able to:
• Identify the components of a comprehensive XenApp
security solution
• Describe the SSL Relay communication flow
• Secure XenApp communications using SSL Relay
• Describe the benefits of using Citrix Access Gateway in a
XenApp environment
• Secure application access using Access Gateway
• Avoid or resolve common security configuration missteps
with simple solutions
Citrix Confidential - Do Not Distribute
Overview
364. Administrators can incorporate the following security
measures for XenApp servers:
• SecureICA
• SSL Relay
• Citrix Access Gateway
Citrix Confidential - Do Not Distribute
XenApp Security Solutions
366. Citrix SSL Relay:
• Encrypts traffic between Web Interface and the Citrix XML
Service
• Encrypts traffic between client devices and XenApp servers
• Authenticates XenApp servers
• Requires SSL certificates on XenApp servers and client
devices
Citrix Confidential - Do Not Distribute
Citrix SSL Relay
368. An administrator can use the following procedure to configure
SSL Relay:
1. Install a unique server certificate for each XenApp server.
2. Install a root certificate on each client device and Web
Interface server.
3. Configure the relay credentials, connections and
ciphersuites.
4. Restart the XenApp servers.
5. Configure the web servers running the Web Interface .
6. Configure the client devices.
Citrix Confidential - Do Not Distribute
Configuring SSL Relay
369. Access Gateway provides the following benefits:
• A secure and scalable device
• SmartAccess technology, which allows administrators to
control access based on user and endpoint device
characteristics
• Secure remote access to hosted applications and desktops
from the Internet
Citrix Confidential - Do Not Distribute
Access Gateway
370. The two Access Gateway deployment scenarios are:
• Access Gateway and the Web Interface in the DMZ
• Access Gateway in the DMZ and Web Interface in the
internal network
Citrix Confidential - Do Not Distribute
Access Gateway Deployment Scenarios
373. Digital certificates:
• SSL certificates verify the identity of systems in an SSL
connection
• Certificate authorities (CAs) issue certificates
• Server certificates confirm the identity of a server before a
client transmits data to it
• Root certificates confirm the authenticity of the CA signature
on the server certificates
Citrix Confidential - Do Not Distribute
Digital Certificates
374. Certificate requirements:
• Web Interface - Root certificate
• Citrix XML Service on XenApp servers - Server certificate
Citrix Confidential - Do Not Distribute
Access Gateway Certificate Requirements
376. ICA proxy allows Access Gateway to secure access to hosted
applications with the following benefits:
• A hardened appliance in the DMZ
• Browser-only access to published resources
• Granular access control with secure application access
• Traffic optimization, compression and SSL offload
• Support for Citrix Receiver
Citrix Confidential - Do Not Distribute
Securing Access to Hosted Applications
377. ICA proxy mode is enabled in the Access Gateway
Administration Tool.
Citrix Confidential - Do Not Distribute
Enabling ICA Proxy Mode
378. SmartAccess:
• Enables access control to XenApp applications based on
Access Gateway policy expressions
• Passes the Access Gateway policy name to XenApp
• Lets XenApp determine the available applications based on
the policy settings
Citrix Confidential - Do Not Distribute
SmartAccess
379. Match the security solutions listed in the book with the
appropriate scenario in the table. Each solution is used at
least once.
Citrix Confidential - Do Not Distribute
Practice: Security Solutions
380. To enable Web Interface to work with Access Gateway, Web
Interface needs to know:
• The access method
• The FQDN of the Access Gateway
• The URLs of the Secure ticket Authority
Citrix Confidential - Do Not Distribute
Web Interface Configuration
381. Web Interface can be configured for the following access
methods:
• Gateway direct
• Gateway alternate
• Gateway translated
Citrix Confidential - Do Not Distribute
Access Methods
382. A client route:
• Specifies the access method to be used by client devices
• Is distinct from IP routing
• Allows control of access method for different types of
devices
Citrix Confidential - Do Not Distribute
Client Routes
383. The following Access Gateway settings can be configured:
• FQDN
• Port
• Enable session reliability
• Secure Ticket Authorities URLs
• Load Balancing
• Bypass failed servers for
Citrix Confidential - Do Not Distribute
Access Gateway Settings
384. An administrator can configure Web Interface for Access
Gateway connections by:
• Entering the IP address and netmask of the client network
• Selecting an access method
• Identifying the FQDN of the Access Gateway
• Identifying the port number of the Access Gateway virtual
server
• Adding the URLs of the Secure Ticket Authorities
Citrix Confidential - Do Not Distribute
Configuring Web Interface for Access Gateway
Connections
385. Security configuration best practices include:
• Always install the latest version of Citrix plug-ins.
• Use IP addresses rather than FQDNs to connect to the
Secure Ticket Authority.
• Secure connections between Access Gateway and other
services (such as LDAP and Web Interface) with SSL.
• Deploy Access Gateway in the DMZ and Web Interface in
the secure network.
• Ensure the management interface for Access Gateway and
XenApp are not routable from a public network and are
protected by host- and network-based firewalls.
Citrix Confidential - Do Not Distribute
Security Configuration Best Practices
386. The following issues can appear in a XenApp environment
configured with Access Gateway:
• The client cannot connect to Access Gateway
• IPv6 connections fail
• Access Gateway cannot connect to the Secure Ticket
Authority
• Users are not able to log in to Access Gateway
• A user is not able to log in to Access Gateway
• User gets a "Resource no longer available" error
Citrix Confidential - Do Not Distribute
Troubleshooting Access Gateway with XenApp
387. In this module, you learned:
• How to identify the components of a comprehensive
XenApp security solution
• About the SSL Relay communication flow
• How to secure XenApp communications using SSL Relay
• About the benefits of using Citrix Access Gateway in a
XenApp environment
• How to secure application access using Access Gateway
• How to avoid or resolve common security configuration
missteps with simple solutions
Citrix Confidential - Do Not Distribute
Review
390. Overview
At the end of this module, you will be able to:
• Track the usage of XenApp licenses at a point in time and
over timeover time.
• Isolate ongoing issues in a XenApp environment to assist
with troubleshooting.
• Track the history of issues in a XenApp environment• Track the history of issues in a XenApp environment.
• Automate complex workflows.
• Access XenApp information using PowerShell and other
command-line tools.
391. Health Monitoring and Recoveryg y
Health monitoring and recovery:
• Verifies specified XenApp services
• Sends and alert or takes an action when the verification fails• Sends and alert or takes an action when the verification fails
• Is implemented as XenApp policies
392. EdgeSight Monitoringg g g
• License usage
• XenApp server performance and availability
• Published application performance and availability
393. EdgeSight Componentsg g p
A Citrix EdgeSight environment consists of the following
components:
• EdgeSight web console• EdgeSight web console
• EdgeSight agents
• EdgeSight server
• Web Component
• Microsoft SQL Server Database
• Microsoft SQL Server Reporting Services
Citrix License Server• Citrix License Server
• SMTP server
• SNMP server
395. License Usage Monitoringg g
• License usage is tracked by EdgeSight
• Both current and historical information is available
396. Configuring License Alertsg g
1. Navigate to Configure > Company Configuration > Alerts >
Rules.
2. Create a new alert rule XenApp Error Alerts > License
Server Connection Failure.
3. Create an optional alert action.
397. Viewing current license usage informationg g
1. Navigate to Track Usage > License Usage Summary tab
in the EdgeSight console.
2. Select a Product groups or Individual product and click
Go.
398. Viewing historical license informationg
1. Navigate to Track Usage > License Usage Trending in the
EdgeSight console.
2. Select Product groups or Individual product and click Go.
3 Select applicable timeframes using the Zoom button3. Select applicable timeframes using the Zoom button.
4. Click the magnifying glass icon to next to a product to
isolate trends.
402. Accessing the Server Farm usingg g
PowerShell
1. Open a PowerShell window from the Start menu.
2. Add the XenApp PowerShell snap-in:
3. Execute a XenApp PowerShell cmdlet.
403. Accessing the Server Farm usingg g
Commands
altaddr dscheck
app
auditlog
change
dsmaint
enablelb
icaportchange
ctxkeytool
ctxxmlss
icaport
imaport
query
407. By the end of this module, you should be able to:
• Identify the purpose and key components of SmartAuditor
• Identify the purpose and key components of Single sign-on
• Identify the purpose and key components of EasyCall voice
services
• Identify the purpose and key components of Branch
optimization
• Identify the purpose and key components of Provisioning
Services
• Identify the purpose and key components of XenServer
Citrix Confidential - Do Not Distribute
Overview
408. SmartAuditor allows an organization to record the on-screen
activity of any user's session, over any type of connection,
from any server running XenApp.
Citrix Confidential - Do Not Distribute
SmartAuditor
409. The main components of SmartAuditor include:
• SmartAuditor Database
• SmartAuditor Server
• SmartAuditor Policy Console
• SmartAuditor Agent
• SmartAuditor Player
Citrix Confidential - Do Not Distribute
SmartAuditor Components
410. The SmartAuditor recording process:
1. A user launches a published application running on
XenApp
2. The SmartAuditor Agent queries the SmartAuditor Server
3. The SmartAuditor Server tells the SmartAuditor Agent if
the user should be recorded
4. The SmartAuditor Agent records the session
5. The SmartAuditor Server stores the session metadata to
the database and the session recording to disk
Citrix Confidential - Do Not Distribute
Session Recording Process
411. Single sign-on provides password security and single sign-on
access to:
• Windows, web, and terminal emulator applications running
in the XenApp environment
• Applications running on the client device
Citrix Confidential - Do Not Distribute
Single Sign-on
412. The main components of Single sign-on include:
• Central Store
• Delivery Services Console
• Single sign-on plug-in
• Single sign-on service (optional)
Citrix Confidential - Do Not Distribute
Single Sign-on Components
413. Single sign-on process:
• The Single sign-on plug-in is installed on the client device
• A users attempts to access an application that requires
authentication
• The plug-in detects the application request for
authentication
• The plug-in locates the correct credentials and submits
them to the application
• The local and central stores are synchronized
Citrix Confidential - Do Not Distribute
Single Sign-on Process
414. EasyCall voice services integrates with the existing telephone
system and corporate directory and enables a user to call any
phone number displayed in published, streamed, or installed
applications without dialing the number.
Citrix Confidential - Do Not Distribute
EasyCall Voice Services
415. The main components of EasyCall include:
• EasyCall Gateway
• Communications plug-in
• EasyCall Web Services APIs
Citrix Confidential - Do Not Distribute
EasyCall Components
416. EasyCall allows each user to create profiles for work, home
and mobile phones. These profiles are used by the EasyCall
Gateway to contact the user when a call is placed.
Citrix Confidential - Do Not Distribute
EasyCall Process
417. Citrix Branch Optimization is a WAN optimization solution that
provides a LAN-like desktop and application experience to
branch and mobile users.
Citrix Confidential - Do Not Distribute
Branch Optimization
419. The Branch Optimization solution can be easily deployed
because it is transparent to both the application and the
network.
Citrix Confidential - Do Not Distribute
Branch Optimization Process for the Plug-in
422. Power and Capacity Management:
• Dynamically scales the number of online virtualized XenApp
servers
• Records utilization and capacity levels
Citrix Confidential - Do Not Distribute
Power and Capacity Management
423. Power Management controls the power on and power off
operations for the servers in a workload or farm.
Citrix Confidential - Do Not Distribute
Power Management
424. Load consolidation saves power and reduces costs by
combining sessions onto fewer servers.
Citrix Confidential - Do Not Distribute
Load Consolidation
425. The main components of Power and Capacity Management
include:
• Agent
• Concentrator
• Database
• Reporting
• Management Console
Citrix Confidential - Do Not Distribute
Power and Capacity Management Components