1. Manuals
  2. Brands
  3. Citrix Manuals
  4. Software
  5. Citrix MetaFrame Application for Windows 1.8
  6. Administrator's manual

Citrix MetaFrame Application for Windows 1.8 Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Administrator's Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Citrix MetaFrame Application for Windows 1.8 and is the answer not in the manual?

Questions and answers

Related Manuals for Citrix Citrix MetaFrame Application for Windows 1.8

Summary of Contents for Citrix Citrix MetaFrame Application for Windows 1.8

  • Page 1 Administrator’s Guide...
  • Page 2 No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc. 1994-1999 Citrix Systems, Inc. All rights reserved.

  • Page 3: Table Of Contents

                                                What is Server-Based Computing? .
  • Page 4                                           Overview .
  • Page 5 ICA Client Update Configuration ........Load Balancing Administration .
  • Page 6 Modules Tab ..........Cache Tab .
  • Page 7 Scopes of Management ......... . . Server Farms Scope .
  • Page 8 Using ICA with Network Firewalls ........ICA Browsing With Network Address Translation .
  • Page 9 Troubleshooting ........... General Guidelines .
  • Page 11 MetaFrame Application Server for Windows is Citrix’s server-based computing solution for Microsoft’s Windows Terminal Server. MetaFrame incorporates Citrix’s Independent Computing Architecture (ICA) protocol and provides a high- performance, cost-effective, and secure way to deploy, manage, and access business-critical applications throughout an enterprise — regardless of client device or network connection.
  • Page 12 Server-based computing relies on three critical components: A multiuser operating system that allows multiple concurrent users to log on and run applications in separate, protected sessions on a single server. A remote presentation services architecture capable of separating the application’s logic from its user interface, so that only keystrokes, mouse clicks, and screen updates travel the network.

  • Page 13: Support For Heterogeneous Computing Environments

    MetaFrame provides: Support for heterogeneous computing environments While Terminal Server supports Windows-based devices and IP-based connections, MetaFrame goes further, providing universal access to Windows- based applications regardless of client hardware, operating platform, network connection, or LAN protocol. As a result, organizations can keep their existing infrastructures while still deploying the most advanced 32-bit Windows-based applications across the enterprise.
  • Page 14 Any client device. Citrix MetaFrame extends the reach of Terminal Server to virtually any client device: 286, 386, 486, and Pentium computers; Windows- based terminals; Network Computers (NCs); wireless devices; ICA-based information appliances; RISC; PowerPC; and X-based devices (available through Citrix and OEM partners). All of this is done without rewriting a single line of code, changing client hardware, or adjusting client system configurations.
  • Page 15 Systems management. MetaFrame provides enterprises with greater manageability and scalability to help lower computing costs and reduce the resources needed to support users and devices. With the optional Citrix Load Balancing Services, you can group multiple MetaFrame servers into a unified server farm.
  • Page 16 Universal information access. From 16- and 32-bit applications to the latest real-time audio and video data, MetaFrame ensures you can connect to the data you need, quickly and easily. It doesn’t matter if the desired information is on a local desktop, replicated database, the primary server, or a replicated server in the farm.

  • Page 17: Conventions

    The following conventional terms, text formats, and symbols are used throughout the printed documentation: Convention Meaning Bold Indicates boxes and buttons, column headings, command-line commands and options, icons, dialog box titles, lists, menu names, tabs, menu commands, and user input. Italic Indicates a placeholder for information or parameters that you must provide.

  • Page 18: Overview

    Your MetaFrame package includes the following printed documentation: The CD liner notes includes an overview of the product, Citrix support information, and instructions for activating your Citrix software licenses. The MetaFrame Administrator’s Guide tells administrators how to install, configure, and maintain MetaFrame servers. The Citrix ICA Client Quick Reference Cards give users step-by-step instructions for using the Citrix ICA Clients to connect to Citrix servers and run published applications.
  • Page 19 Most Terminal Server compatibility guidelines can be applied to Citrix MetaFrame because MetaFrame is designed to run with Terminal Server. For example, MetaFrame supports the deployment of Win32, Win16, DOS, OS/2 1.x (text only), and POSIX applications. The ICA technology included in MetaFrame extends the capabilities of Windows NT and, in some cases, requires additional setup and configuration for best application performance.

  • Page 21: Overview

    C H A P T E R This chapter introduces Citrix MetaFrame Application Server for Windows. Topics in this chapter include: Citrix MetaFrame Features The Citrix ICA Clients System Sizing ICA Overview...
  • Page 22 Enterprise scalability. Terminal Server can accommodate up to 60 concurrent users on a single four-processor SMP Pentium server, depending on the application mix. Multiple MetaFrame servers can be combined into a server farm that utilizes load balancing to increase capacity as needed. Extensive connectivity.
  • Page 23 Load balancing support. With load balancing, MetaFrame servers can be logically pooled in a server farm. When a user launches a published application that is configured for load balancing, the load balancing support routes the application to the most lightly loaded server in the farm for execution.
  • Page 24 Program Neighborhood. Program Neighborhood introduces a new metaphor for user application access that replaces Remote Application Manager for the Citrix ICA Win32 Client and delivers access to centrally deployed applications. With the introduction of Program Neighborhood, server-based applications can now be pushed to the Program Neighborhood client, integrated into the local 32-bit Windows desktop, or pushed directly to the client’s Start menu.
  • Page 25 ICA Browser Management. With ICA Browser management, part of the enhancements to Citrix Server Administration, administrators now have the ability to control browser parameters such as backup ICA Browsers, ICA Gateways, and update and refresh intervals. Administrators can also configure which servers always attempt to become the master ICA Browser.
  • Page 26 The Citrix ICA Client for Macintosh. Use this client for 68030/040 and PowerPC-based Apple Macintosh computers. The Citrix ICA Client for UNIX is available in the following versions: Linux RedHat 5.0 and above SCO UnixWare 7 (UnixWare 2.1 and OpenServer 5 with the Binary Compatibility Module from SCO) Hewlett Packard HP-UX 10.20 and above Sun Solaris 2.5.1 and above...
  • Page 27 Low bandwidth requirements. The highly efficient Citrix ICA protocol typically uses a maximum of 20K of bandwidth for each session. Local/Remote transparency. Easy to use, all-purpose remote connectivity over a single remote connection eliminates the user dilemma of having to choose between remote node or remote control for running various applications.
  • Page 28 Seamless Windows support. The Citrix ICA Win32 Client now supports the seamless integration of local and remote applications on the local Windows 95 or Windows NT 4.0 desktop. By simply selecting the Seamless Windows option when configuring a connection to a MetaFrame server, a user no longer needs to access an entire remote desktop to run remote Windows applications.
  • Page 29 MetaFrame supports multiple users on a Windows Terminal Server. A multiuser system requires more system resources than a single-user system. This section contains some system sizing guidelines that can help you decide on a hardware configuration that will support your users with optimal performance. Most companies find that their users can be placed in one of two categories: typical users and power users.
  • Page 30 Some sample configurations and supported user counts (for typical and power users) follow: Memory Typical Power Processor (MB) users users Pentium Pro 200MHz Pentium Pro 200MHz Dual-Processor Pentium Pro 200MHz Besides the system processor and memory, the hard disk is an important factor in system throughput.
  • Page 31 Use the performance monitoring tools supplied with Windows Terminal Server to monitor system performance and the effects of configuration changes on system throughput. The most important measurements for performance monitoring are the percentage of total processor time, memory pages per second , percentage of network utilization, and hard disk I/O rates.
  • Page 32 Client drive mapping allows drive letters on the Citrix server to be redirected to drive letters that exist on the client computer. Client printer mapping allows a printer device on the Citrix server to be redirected to a printer on the client computer. Client COM port mapping allows a COM port on the client computer to be treated as a COM port on the Citrix server.

  • Page 33: Before You Begin

    C H A P T E R This chapter describes how to install Citrix MetaFrame on a Windows Terminal Server computer. Terminal Server must already be installed and configured before MetaFrame is installed. See “System Sizing” in Chapter 1 for hardware and software requirements for Citrix MetaFrame.
  • Page 34 Please make sure you read the following information before installing MetaFrame. You must have Windows NT Server, Terminal Server Edition installed before you can install Citrix MetaFrame. All network protocols (TCP/IP, IPX, NetBIOS) that will be used for ICA connections must already be configured in Terminal Server. See the Windows NT documentation for instructions on configuring network protocols.
  • Page 35 Drive letter Is accessed from the ICA session as: Client Drives: Server Drives: If you do not want the MetaFrame server drive letters to conflict with the client drive letters, the server drive letters can be reassigned to higher drive letters. If the server drives are reassigned, user sessions have the following drive mappings: Drive letter Is accessed from the ICA session as:...
  • Page 36 HKEY_LOCAL_MACHINE\SYSTEM\* HKEY_CLASSES_ROOT\* HKEY_USERS\* The pagefile entry and the following shortcut files are also updated: %SystemRoot%\Profiles\Default User\*.lnk %SystemRoot%\Profiles\Administrator\*.lnk %SystemRoot%\Profiles\All Users\*.lnk The first time a user logs in to the MetaFrame server after you remap drives, references to the old drive letters in the user’s profile are updated. The following versions of MetaFrame and W can be upgraded to RAME...
  • Page 37 Ã To install Citrix MetaFrame 1. Log on to the Windows Terminal Server console as an administrator. 2. Insert the MetaFrame CD in the server’s CD-ROM drive. If your CD-ROM drive supports Autorun, the MetaFrame CD-ROM installation splash screen automatically appears. If the splash screen does not automatically appear, from the Start menu, click Run and type d:\i386\autorun.exe where d is the letter of your CD-ROM drive.
  • Page 38 10. The Network ICA Connections dialog box appears. Select all the network protocols this server will use for ICA connections (TCP/IP, IPX, and NetBIOS). Click Next to continue. By default, ICA connections are created for all protocols already configured in Terminal Server.
  • Page 39 12. If TAPI devices are installed, the Async ICA Connections dialog box appears. Select the devices to configure for dial-in ICA connections. Click Next to continue. 13. If the server drives are not already reassigned (that is, the C drive letter is assigned to a hard drive), the Drive Mapping dialog box appears.
  • Page 40 higher drive letters. Please read the “Drive Mapping and Server Drive Reassignment” section of this chapter and the information displayed in this dialog box carefully before clicking Next. This process is not reversible and should be well understood before continuing. 14.
  • Page 41 2. If you have a multiport async adapter, select a port on which to run auto- detection. MetaFrame Setup auto-detects the modem connected to the specified port. You can configure multiple ports with the same modem type in Step 5 below.
  • Page 42 8. The Modems Properties dialog box appears. To change the configuration of an existing modem, select the modem and click Properties. To add another modem, click Add and repeat Steps 1 through 5. When you are finished, click Close and then click Next in the TAPI Modem Setup dialog box.
  • Page 43 Ã To perform an unattended installation or upgrade 1. Insert the MetaFrame CD-ROM in the CD-ROM drive of the Terminal Server computer, or insert the MetaFrame CD-ROM in a CD-ROM drive accessible over the network. If your CD-ROM drive supports Autorun, the MetaFrame CD-ROM start window automatically appears.

  • Page 44: A Sample Answer File

    Here is a sample answer file that performs the following actions during MetaFrame Setup: Installs two licenses (a base license and a server extension license) Configures ICA connections for the TCP/IP, IPX, and NetBIOS protocols Reassigns the server drive C to drive M...

  • Page 45: What Is Citrix Licensing

    C H A P T E R This chapter explains Citrix licensing. Topics in this chapter include: What is Citrix Licensing? The Citrix Licensing Program Getting an Activation Code Citrix licensing is separate from Microsoft licensing. There are two types of Citrix licenses: Base licenses.
  • Page 46 To activate a Citrix license you use three numbers: serial number The number on your CD case that you enter during setup. license number The serial number appended with a code that makes it unique to this server. activation code A number that validates and enables a Citrix license.
  • Page 47 In addition, if you are using the ICA Win16 or Win32 clients from MetaFrame 1.0 or earlier, all sessions must use the same network protocol (TCP/IP, IPX, NetBIOS). Citrix servers exhaust all local (un-pooled) user counts before giving out pooled user counts. A user assigned a local user count uses a second user count when starting a second session on a different Citrix server.
  • Page 48 Ã To start Citrix Licensing Click the Start button. Point to Programs. Point to MetaFrame Tools. Click Citrix Licensing. The Citrix Licensing utility appears, displaying all licenses currently installed on your MetaFrame server. Each license has an icon to its left that describes the license. The icons are: Icon Description The license is a base license.
  • Page 49 Ã To add a license serial number 1. On the License menu, click Add. The Enter License Serial Number dialog box appears. 2. Type the serial number exactly as it appears on the serial number sticker on the CD case. Click OK. If you enter the serial number incorrectly, an error message appears.
  • Page 50 Once a disk-based license is applied, it cannot be removed and installed again. 5. A message box appears containing important information about the license. Read the information in this box carefully and click OK when done. 6. The new license number, with an 8-character code appended, now appears in the license list.
  • Page 51 3. On the License menu, select Activate License. The Activate License dialog box appears: 4. Enter your activation code and click OK. You can print the license number of unactivated licenses. This is useful for archival purposes or to help with license activation. Ã...
  • Page 52 Ã To change the number of user counts pooled across Citrix servers 1. Select the license to adjust. 2. From the License menu, click Change Pool Count. The License dialog box appears: 3. Adjust the pooled user license count for this license. Ã...

  • Page 53: Metaframe Administrative Tools

    C H A P T E R This chapter describes the Citrix MetaFrame extensions to Windows Terminal Server that allow for configuration and administration of the enhanced ICA features. Topics in this chapter include: The MetaFrame Administrative Tools Managing ICA Connections Managing and Monitoring MetaFrame Home Directories and Profile Paths...

  • Page 54: Citrix License Activation Wizard

    This section explains the MetaFrame tools used for administration and the extensions to Terminal Server utilities added by MetaFrame Setup. Ã To start MetaFrame tools from the Start menu 1. Click Start, point to Programs, point to MetaFrame Tools. 2. Click the name of the tool. You can also use the ICA Administrator Toolbar to quickly access common MetaFrame tools.

  • Page 55: Citrix Server Administration

    Use Citrix Licensing to: Add and remove Citrix base and server extension licenses Activate installed licenses Pool user licenses across servers Restrict user licenses to a single server For more information on using the Citrix Licensing utility, see Chapter 3, “Citrix Licensing.”...

  • Page 56: Ica Client Update Configuration

    Your end-users can use ICA Client Printer Configuration to: Create and connect to ICA Client printers. Create print queues for ICA Clients that do not support native print queues, such as the ICA DOS Client. For more information on using ICA Client Printer Configuration, see the ICA Client Administrator’s Guides for the clients you plan to deploy.

  • Page 57: Published Application Manager

    Use Published Application Manager to configure and manage server farms and published applications. You can: Publish applications, videos, and server desktops Create template HTML and ICA files for ICA Web Clients Create a farm of Citrix servers Add a server to a farm Change the farm to which a server belongs For more information on using Published Application Manager see Chapter 5, “Publishing Applications.”...

  • Page 58: Configuring Client Device Mapping

    For more information on configuring per-user settings, see the User Manager for Domains online help. For more information on configuring per-client settings, see the Citrix ICA Client Administrator’s Guides for the clients you plan to deploy. The per-connection settings specified in Citrix Connection Configuration take precedence over per-user or per-client settings.
  • Page 59 Use the following procedure to add Network ICA connections; for example, if you install an additional protocol such as IPX. Ã To create a network ICA connection 1. Run Citrix Connection Configuration. 2. On the Connection menu, click New. The New Connection dialog box appears: 3.
  • Page 60 You cannot configure a modem or serial port as both a RAS service port and a connection port. You cannot configure a serial null modem cable connection using the Dial-Up Networking Serial Cable between 2 PCs option. You must configure the connection directly from Citrix Connection Configuration.
  • Page 61 This section provides information on configuration options specific to ICA connections. For information on other connection options, see the Citrix Connection Configuration online help. ICA network, asynchronous modem, and asynchronous serial null modem cable connections each have different configuration options available. You can modify the configuration of a new network or asynchronous connection in the New Connection dialog box.
  • Page 62 The Device Connect On, Baud, Set Defaults, Advanced, and Test options are only present for direct (null modem cable) serial connections. The options for Async Transport Configuration include: Option Description Device The serial port associated with the connection. Device Connect on Specifies the signal used to determine when the connection is established and ready for user logon.
  • Page 63 Click Advanced in Async Transport Configuration to access the Advanced Async Configuration dialog box. Use this dialog box to configure the following options: Option Description Flow Control Specifies the type of flow control to use for the connection. Hardware Specifies the hardware signals that indicate the receive buffer is full. Flow Control Software Flow Specifies the characters that stop and start data transmission.
  • Page 64 The options on the Advanced Connection Settings dialog box in Citrix Connection Configuration provide additional control over security and performance on ICA connections. The Advanced Connection Settings options for Terminal Server connections apply to Citrix ICA connections. For more information about advanced options, see the Citrix Connection Configuration online help.
  • Page 65 You can specify the minimum level of encryption for the ICA connection. The default level is Basic. Strong encryption using the RC5 algorithm is available with Citrix SecureICA Services. SecureICA Services enables RSA RC5 encryption with 40-, 56-, or 128-bit minimum session keys. If the Citrix server is configured to allow RC5 56-bit connections, the Citrix ICA Client can connect with RC5 56- or 128-bit encryption.
  • Page 66 The Client Audio Quality options are: High. This setting is only recommended for connections where bandwidth is plentiful and sound quality is important. This setting allows clients to play a sound file at its native data rate. Sounds at the highest quality level require about 1.3Mbps of bandwidth to play clearly.

  • Page 67: Citrix Connection Configuration

    During a session, users can use ICA Printer Configuration to map client devices not automatically mapped at logon. For more information on using the ICA Printer Configuration utility, see the Citrix ICA Client Administrator’s Guides for the clients you plan to deploy. Client device mapping options are specified in the Client Settings dialog box in Citrix Connection Configuration.
  • Page 68 By default, the drives on the client system are automatically mapped to drive letters on the MetaFrame server during logon. The server tries to match the client drives to the client drive letters; for example, the client’s first floppy disk drive to A, the second floppy disk drive to B, the first hard drive partition to C, etc.

  • Page 69: Client Printer Mapping

    4. Repeat Step 3 for each subsequent partition. Assign drive letters sequentially in the same order they were originally assigned. If a CD-ROM drive is present, it should be sequentially last in the drive letter list. 5. On the Partition menu, click Commit Changes Now. This saves the changes and reboots the system.

  • Page 70: Citrix Server Administration

    Client COM port mapping allows a remote application running on the Citrix server to access devices attached to COM ports on the client computer. Client COM ports are not automatically mapped to server ports at logon, but can be mapped manually using the net use or change client commands. See Appendix A, “MetaFrame Command Reference,”...

  • Page 71: The Citrix Server Administration Window

    The Citrix Server Administration window has two panes. The left pane displays Citrix servers, domains, Terminal Servers, sessions, and published applications. The right pane has several tabs that you can use to display information about the objects selected in the left pane. The tabs displayed in the right pane change depending on the type of selected object;...

  • Page 72: Servers Tab

    Click the Published Applications tab to switch the left pane to the published applications view. This view shows the published applications on the network. Click the Video Servers tab to switch the left pane to the video servers view. This view shows Citrix video servers on the network.

  • Page 73: Applications Tab

    The Applications tab is available when Published Applications is selected in the published applications pane. The Applications tab displays information about applications published on the network. The Users tab shows information about currently logged on users. Clicking a server in the left pane shows all users with sessions on that server. Clicking a domain shows users with sessions on all servers.

  • Page 74: Modules Tab

    When a session is selected in the left pane, information on the user, session, and client is displayed. When a published application is selected in the left pane, information on the published application is displayed. The Modules tab displays the files in use by the Citrix ICA Client when a session is selected.

  • Page 75: Disconnecting A Session

    Use the Citrix Server Administration utility to manage the users, sessions, and processes on a Citrix server or Terminal Server. You can connect and disconnect sessions, shadow ICA sessions, reset sessions in case of error, manage processes, and send messages to users on your server or on other servers on the network. To disconnect a session, click Disconnect on the Action menu.
  • Page 76 In Title, enter the text for the title of the message dialog box. In Message, enter the text of the message. Click OK to send the message. The message appears on the user’s screen: Multiple lines can be entered in either box by using CTRL+ENTER to move to a new line in the edit box.
  • Page 77 The shadowing session must be capable of supporting the video resolution used by the shadowed session. If the shadowing session does not support the required video resolution, the operation fails. You cannot shadow the system console from another session. You cannot use Citrix Server Administration to shadow other sessions from the system console.
  • Page 78 You can forcefully end a user’s session by selecting the user in the Users tab and clicking Logoff on the Action menu. If you select multiple users, each user is logged off. Logging off users without giving them a chance to close their applications can result in data loss.
  • Page 79 Select the Save Settings on Exit check box to save your current settings when Citrix Server Administration closes. At startup, Citrix Server Administration connects only to the server from which it is running. If you want Citrix Server Administration to reconnect to all the servers you were connected to previously, select the Remember Server Connections check box.
  • Page 80 The ICA Browser maintains data on Citrix servers and published applications. Separate data is maintained for each network transport (TCP/IP, IPX, and NetBIOS). The ICA Browser consists of a master browser, member browsers, and client systems. The ICA Browser uses directed packets to communicate with other ICA Browser services running on Citrix servers.
  • Page 81 The ICA Browser system elects a master browser under the following conditions: The current master browser does not respond to another ICA Browser The current master browser does not respond to an ICA client A Citrix server is started Two master browsers are detected on the same network subnet A set of election criteria is used to choose a master browser.
  • Page 82 Citrix ICA Clients must locate the master browser to get the address of a server or published application. The Citrix ICA Client can locate the master browser by sending out broadcast packets, or, if the address of a Citrix server is specified in the Citrix ICA Client or in an ICA file, the ICA Client locates the master browser by sending directed packets to the specified address.
  • Page 83 For ICA Gateways to function on IPX networks, routers must be configured to route raw IPX packets. For more information on the ICA Browser service, see “Understanding the ICA Browser Service” earlier in this chapter. If you have W and Terminal Server servers in the same domain, the RAME Terminal Server profile path box references the same data as the W RAME...
  • Page 85 C H A P T E R This chapter describes application publishing. Topics in this chapter include: An introduction to application publishing, Program Neighborhood, and server farms Configuring Server Farms Viewing Servers and Published Applications Publishing Applications Maintaining Published Applications Published applications: Give ICA Client users easy access to applications running on Citrix servers Increase your control over application deployment...
  • Page 86 When you publish applications, user access to those applications is greatly simplified in three areas: Addressing. Instead of connecting to a Citrix server by its IP address or server name, ICA Client users can connect to a specific application by whatever name you give it.
  • Page 87 Start the ICA Client on the client device; get an IP address or server name of a Citrix server from an administrator or from the server browsing service provided in ICA Clients; start the ICA Client’s connection wizard, specify the address and configure connection options such as encryption, window size, and color, double-click the connection object;...
  • Page 88 When you publish applications, you get greater administrative control over application deployment with: Selected user access. You publish applications for specific users and user groups. By definition, an application you publish for a specific user group is unavailable to other groups. Enabled and disabled application access.
  • Page 89 To the ICA Client user, a published application is an application that appears very similar to an application running locally on the client device. The way the user starts the application depends upon the ICA Client in use on the client device. Program After starting Program Neighborhood, these users find a list of Neighborhood...
  • Page 90 The master ICA Browser selects one of the servers based on load and returns the address of that server to the ICA Client. You can tune how load balancing support calculates server load for each server in a load balancing server farm using the Load Balancing Administration utility. For instructions on balancing application load, see Chapter 6, “Advanced Topics.”...

  • Page 91: Connecting Citrix Servers Across Network Subnets

    Common administrator’s rights. The individuals responsible for administration of a farm should have administrative rights over each server in the farm. When you log into a Citrix server console or ICA session and run Published Application Manager, you administer applications under the context of your current Windows NT user name.
  • Page 92 Two domains, named A and B Domains A and B have a one-way trust relationship in which domain A trusts B. The trust intersection of these two domains is B. You can configure published applications for all user accounts on domain B. Note that a server that is a member of a Windows NT workgroup can never belong to a multiple server farm because there is no trust intersection between a...
  • Page 93 You can configure your server farms in multiple ways depending upon your needs and the existing structure of your network. The following diagrams illustrate some of the ways you can arrange Citrix servers in server farms. The farm depicted above contains either a single server in a Windows NT domain or a single server in a Windows NT workgroup.
  • Page 94 A farm containing a single server that is a member of a Windows NT domain can expand to contain additional servers: The farm depicted above contains multiple servers from a single Windows NT domain. The user account base for this farm is simple: when you publish an application in this farm, you can grant access to any desired domain user or user group.
  • Page 95 Server farms can include multiple domains as long as a common base of user accounts exists between the domains. In the example above, the trust relationship between Domain 1 and Domain 2 determines the user account base. Each domain can contain a single or multiple servers. As with a farm containing multiple servers from a single domain, a multiple domain farm cannot include workgroup servers and cannot include user accounts local to each server in the base of user accounts.
  • Page 96 You do not have to create separate server farms to deliver different applications to different user groups in the common account base. Although each application you publish is published in the server farm, each user in the common account base sees only the applications he or she is authorized to use. Multiple farms do not have to include multiple domains;...
  • Page 97 If you do not add your servers to a Citrix server farm, Published Application Manager functions in the Windows NT domains scope of management. In this scope, the applications you publish do not support Program Neighborhood features. The Windows NT domains scope exists for backward compatibility and interoperability with existing W 1.7 and MetaFrame 1.0 installations.
  • Page 98 Use the Server Farm Application Migration wizard after placing a server with an existing base of published applications into a farm for the first time or after upgrading a pre-MetaFrame 1.8 server containing previously published applications to MetaFrame 1.8. The server (or servers, in the case of a load balanced application) containing the published application(s) you want to migrate must already be a member of a farm before you can migrate its published applications.
  • Page 99 Ã To change farm membership 1. Make sure you are in the server farm management scope. (From the View menu, click Select Scope. In the dialog box that appears, click the Within a Citrix server farm radio button and then select the farm of which the server is a member in the Select a Citrix server farm pull-down list.) 2.
  • Page 100 The Select Scope menu option lets you switch between Published Application Manager’s two scopes of management: Citrix server farms and Windows NT domains. Ã To select a scope of management 1. From the View menu, click Select Scope. The Select Management Scope dialog box appears.
  • Page 101 The main window’s titlebar displays the currently selected server or servers. In this case, All Servers indicates that the current view displays all applications configured on all servers in the OLDB Farm. If you are using the server farm scope of management to view a selected server in a farm, the application list includes only those applications published on that server: In this case, the applications configured on OLDB Farm’s server Bolivar2 are...
  • Page 102 Published Application Manager includes a filtering utility that lets you narrow your view of applications based upon certain specifiable criteria including server capabilities, supported encryption levels, and operating system type of the servers hosting the applications. The criteria displayed above can be selected individually or in combination to produce a filtered server list.
  • Page 103 Ã To filter servers 1. From the View menu, click Select Server. 2. In the Select Citrix Server dialog box, click Filter Servers By. The Filter Servers By dialog box appears. Select the criterion, or criteria, by which you want to filter your servers. For example, if you select Load Balancing and SecureICA (North American), the applications displayed are those running on servers with SecureICA Services North American version and Load Balancing Services installed.
  • Page 104 If an application published on the Citrix server can be accessed by guest-level users, the application can be configured (using Published Application Manager) to allow access by anonymous users. When a user starts an anonymous application, the Citrix server does not require an explicit user name and password to log the user onto the server, but selects a user from a pool of anonymous users who are not currently logged on.
  • Page 105 5. In the User menu, click Copy. 6. Enter a unique name in Username and click Add. Though not a requirement, it is best to use names of the form Anonxxx, following the pattern of the existing anonymous users. (You can use any name as long as the user is part of the Anonymous group.) 7.

  • Page 106: User Access

    In addition to using standard Windows NT security features and practices, access to Citrix servers can be restricted in several ways: All users on a specific connection type can be restricted to running published applications only. By allowing users to access predefined applications only, you can prevent unauthorized users from obtaining access to the Windows desktop or a command prompt.

  • Page 107: Server Farms

    Ã To publish an application in a server farm In order to publish an application in a server farm, the server or server which is to host the application must be a member of a farm. Make sure the server is a member of a farm before attempting to publish the application.

  • Page 108: Standard Applications

    Before publishing a video, you must encode the video using the Citrix VideoFrame Encoder and then copy the video (.avi) file to a VideoFrame server. Ã To publish a video 1. Use the standard application publishing wizard to publish a video. (From the Application menu, click New.) If you are viewing more than one server when you start the wizard, you are asked to select a default server for the video.

  • Page 109: Load Balanced Applications

    You can type a UNC name or network drive and full path or click Browse to locate the file server that contains your IMS script and package. In the Choose Application dialog box that appears, select IMS Scripts from the Files of type list box and then locate and select your script.

  • Page 110: Videos

    After you publish an application, you can later change its properties. Common reasons to change a published application’s settings include when you want to: Rename the published application. This modification changes the name under which ICA Client users access the application. Change the list of users allowed to run the application.
  • Page 111 Deleting a published application removes all published application configuration information from each server in the published application’s list of configured servers. When you delete a published application, the application referenced by the published application is no longer available to ICA Client users under the published application name (although it may be available as another published application or from a Citrix server desktop session).
  • Page 113 C H A P T E R This chapter discusses advanced MetaFrame system administration topics. Topics discussed include: Understanding MetaFrame Load Balancing MetaFrame Security Tools Using ICA with Network Firewalls General Tips and Troubleshooting...

  • Page 114: Publishing Applications

    Load balancing allows an application to be published for execution on any of several Citrix servers in a server farm. When a published application or desktop session configured for multiple servers is launched from a Citrix ICA Client, load balancing selects which server will run the application or desktop session based on server load.
  • Page 115 To reconnect to disconnected load balanced sessions, the following criteria must be met: The user must disconnect gracefully from the server; for example, by clicking Disconnect from the Start menu. The user must reconnect from the same Citrix ICA Client computer (using the same client name).
  • Page 116 Ã To adjust basic load balancing settings Click a Citrix server in the server list pane. The Basic load balance settings tab for the selected server appears in the right pane: Ã To balance two or more servers in a Load Balancing farm 1.
  • Page 117 Ã To adjust advanced load balance parameters 1. Click on the servername in the left panel and then click the Advanced tab. 2. Set the importance factor for each load balancing parameter. 3. Click Save. 4. Repeat for each server in the farm. Use Load Balancing Administration to adjust six factors that influence the calculation of the overall server load.
  • Page 118 Pagefile Usage. The ratio of the current pagefile size to the allowed minimum free space left in the pagefile. Swap Activity. The number of times per second the pagefile is accessed. Processor Usage. The percent of time the processor is busy. Memory Load.
  • Page 119 The maximum number of users the system can support. The maximum number of users the system can support is the smaller of: The number of ICA connections per protocol. By default, the number of ICA connections for each protocol is unlimited on MetaFrame servers and two on W servers.
  • Page 120 Click the Advanced tab to adjust the importance of advanced factors when calculating overall system load. The Importance factor for each parameter can be adjusted independently of any others. In addition to the security issues common to Microsoft Windows NT Server, Windows Terminal Server has additional security issues related to remote control;...
  • Page 121 The Aclcheck utility is used to display file and directory permissions that give excessive access to users and groups The Aclcheck utility can be used to verify the security of the MetaFrame server. See Appendix A, “MetaFrame Command Reference” for more information on using Aclcheck. See the Windows Terminal Server documentation for information on using the Security Configuration utility.
  • Page 122 Network firewalls can allow or block packets based on the destination address and port. If you are using ICA through a network firewall, use the information provided in this section to configure the firewall. 1. The Citrix ICA Client sends a packet to port 1494 on the Citrix server requesting a response to a randomly selected port above 1023.
  • Page 123 Some firewalls use IP address translation to convert private (Intranet) IP addresses into public (Internet) IP addresses. Public IP addresses are called “external” addresses because they are external to the firewall, whereas private IP addresses are said to be “internal” addresses. Hosts on the internal network have one set of addresses that is translated to another set when passing through the firewall.
  • Page 124 In addition to specifying the alternate address on the Citrix server, the ICA Client must be configured to request the alternate address when contacting the master ICA Browser. For information on configuring ICA Clients to request the alternate address, see the Citrix ICA Client Administrator’s Guides for the clients you plan to deploy.
  • Page 125 A P P E N D I X This appendix describes the MetaFrame command line utilities. The commands listed in this appendix are: aclcheck (Security Audit Utility) aclset (Set Default Security ACLs) altaddr (Specify Alternate Server IP Address) app (Application Execution Shell) auditlog (Generate Logon/Logoff Reports) change client (Change ICA Client Device Mapping Settings) cltprint (Set the Number of Client Printer Pipes)
  • Page 126 This command is identical to query acl. Aclcheck performs a file security audit on the specified directory or drive letter. Aclcheck reports file accesses allowed by accounts other than Administrator, Administrators, or SYSTEM. Aclcheck can also generate a report of registry keys that have Delete, Write, Add, Link, Change Permissions, or Take Ownership permissions for non-administrator users.
  • Page 127 If no arguments are specified, aclcheck checks all local drives and then checks the HKEY_LOCAL_MACHINE portion of the system registry. Any files or registry keys that non-administrator users can write to are reported in the following format: Aclcheck also audits the MetaFrame execute list (created and maintained by the Application Security utility) to verify that no executable files in the execute list are writable by users.
  • Page 128 Aclset automatically secures all files and directories on all hard drives. Aclset secures all files, directories, and drives. After the file systems are secured, use the Security Configuration utility and other tools to selectively enable user access to files and directories. This method makes sure that there are no file system security leaks.
  • Page 129 Altaddr is used to query and set the alternate (external) IP address that a MetaFrame server returns to clients who request it. The alternate address is an external address used by Citrix ICA Clients outside a firewall. altaddr [/server:servername] [/set alternateaddress] [/v] altaddr [/server:servername] [/set adapteraddress alternateaddress] [/v] altaddr [/server:servername] [/delete] [/v] altaddr [/server:servername] [/delete adapteraddress] [/v]...
  • Page 130 App is a script interpreter for secure application execution. App lets you write execution scripts that copy standardized .ini files containing default settings to user directories before starting the application and that perform application-related cleanup after the application terminates. The script commands are described below.
  • Page 131 execute Executes the program specified by the path command using the working directory specified by the workdir command. path executablepath Sets the program to be executed by executablepath. workdir directory Sets the default working directory to the path specified by directory. The following script file runs the Solitaire card game, Sol.exe: The following script file runs the program Fubar.exe.
  • Page 132 The auditlog utility generates reports of logon/logoff activity for a MetaFrame server based on the Windows NT Server security Event Log. To use auditlog, logon/logoff accounting must be enabled. Report output can be redirected to a file. auditlog [username | session] [/eventlog:filename] [/before:mm/dd/yy] [/after:mm/dd/yy] [[/write:filename] | [/detail | /time] [/all]] auditlog...
  • Page 133 /write:filename Specifies the name of an output file. Creates a comma-delimited file that can be imported into an application such as a spreadsheet to produce custom reports or statistics. It generates a report of logon/logoff activity for each user, displaying logon/logoff times and total time logged on. If filename exists, the data is appended to the file.
  • Page 134 Change client changes the current ICA Client device mapping settings. change client [/view | /flush | /current] change client [{/default | [/default_drives] | [/default_printers]} [/ascending]] [/noremap] [/persistent] [/force_prt_todef] [/delete host_device] [host_device client_device] [/?] host_device Specifies the name to be given to a mapped client device. client_device Specifies the name of a device on the client to be mapped to host_device.
  • Page 135 /noremap If /noremap is specified, client drives that conflict with MetaFrame drives are not mapped. /persistent Saves the current client drive mappings in the user’s profile. /force_prt_todef Sets the default printer for the MetaFrame client session to the default printer on the client’s Windows desktop.
  • Page 136 The /default option maps the drives and printers on the client PC to mapped drives and printers on the MetaFrame server. The A and B drives are always mapped to A and B on the MetaFrame server. Hard drives are mapped to their corresponding drive letters if those drive letters are available on the MetaFrame server.
  • Page 137 Sets the number of printer pipes to the client print spooler. cltprint [/q] [/pipes:nn] [/?] Displays the current number of printer pipes. /pipes:nn Sets the specified number of printer pipes. This number must be between 10 and 63. /? (help) Displays the syntax for the utility and information about the utility’s options.
  • Page 138 Configures the TCP/IP port number used by the ICA protocol on the MetaFrame server. icaport {/query | /port:nnn | /reset} [/?] /query Queries the current setting. /port:nnn Changes the TCP/IP port number. /reset Resets the TCP/IP port number to 1494, which is the default. /? (help) Displays the syntax for the utility and information about the utility’s options.
  • Page 139 To set the TCP/IP port number to 5000: To reset the port number to 1494: Only administrators can run icaport.
  • Page 140 Use ndspsvr to enable or disable a preferred server for NDS logons. ndspsvr {/query | /enable:fileservername | /disable} [/?] /query Queries the current setting. /enable:fileservername Enables the preferred server. /disable Disables the preferred server. /? (help) Displays the syntax for the utility and information about the utility’s options. By default, MetaFrame uses the first NetWare directory server listed in the bindery of the preferred NetWare server (or the first NetWare server to respond to a Query Nearest Server broadcast) for NDS logons.
  • Page 141 This command is identical to aclcheck. It performs a file security audit on the specified directory or drive letter. Query acl reports file accesses allowed by accounts other than Administrator, Administrators, or SYSTEM. Query acl can also generate a report of registry keys that have Delete, Write, Add, Link, Change Permissions, or Take Ownership permissions for non-administrator users.
  • Page 142 If no arguments are specified, query acl checks all local drives and then checks the HKEY_LOCAL_MACHINE portion of the system registry. Any files or registry keys that non-administrator users can write to are reported in the following format: Query acl also audits the MetaFrame execute list (created and maintained by the Application Security utility) to verify that no executable files in the execute list are writable by users.
  • Page 143 Query license displays information about Citrix licenses. query license [/server:servername | /all] [/?] /server:servername The Citrix server to be queried. The default is the current Citrix server. /all Displays information about all licenses on the network. /? (help) Displays the syntax for the utility and information about the utility’s options. Query license displays information about the Citrix licenses currently installed on the server.
  • Page 144 Query server displays information about the available Citrix servers on the network. query server [servername] [/ping] [/count:n] [/size:n] query server [servername] [/stats | /reset | /load | /addr] query server [/tcp] [/ipx] [/netbios] [/tcpserver:x] [/ipxserver:x] [/netbiosserver:x] [/license | /app | /gateway | /serial | /disc | /serverfarm | /video] [/continue] [/?] servername The name of a Citrix server.
  • Page 145 /gateway Displays configured gateway addresses. /serial Displays license serial numbers. /disc Displays disconnected session data. /serverfarm Displays server farm names and server load. /video Displays VideoFrame servers. /ping Pings selected server. /count:n Number of times to ping (default: 5). /size:n Size of ping buffers (default: 256 bytes).
  • Page 146 Query server uses the ICA Browser to display data about the Citrix servers present on a network. Query server with no parameters is the same as query server /tcp /ipx /netbios. On a server with two network cards, the query server command only enumerates servers on one card’s subnet at a time.
  • Page 147 A P P E N D I X Citrix DirectICA for MetaFrame adds support for multi-VGA adapters to Citrix MetaFrame Application Server for Windows. A multi-VGA adapter (also called a multiconsole adapter) is a hardware device that contains several VGA video adapters with additional support hardware.
  • Page 148 See the “System Sizing” section in Chapter 1 for general MetaFrame hardware requirements. DirectICA has been tested with the following multi-VGA products: Maxspeed SGX MaxStation and PCI MaxStation adapters and optional Maxspeed MaxRack bus expansion system and appropriate cabling and MaxStation base units Stone Microsystems MultiVideo VGA System ISA adapter with 512K or 1MB modules and appropriate cabling and junction boxes...
  • Page 149 This section contains separate installation procedures for the Maxspeed and Stone Microsystems adapters. You can install as many multi-VGA adapters as your system can contain, but they must all be from the same manufacturer. Ã To install the Maxspeed MaxStation adapter Before installing, decide which base address to use with your multi-VGA adapter.
  • Page 150 Ã To install DirectICA 1. Log on to the MetaFrame server as an administrator. 2. Insert the MetaFrame CD-ROM. 3. Click the Start button and then click Run. Type d:\drctica\setup.exe where d: is the letter of the CD-ROM drive. 4. The installation wizard guides you through the setup process. 5.
  • Page 151 Ã To uninstall DirectICA 1. Make sure all users are logged off from DirectICA stations. 2. Log on using the local “Administrator” account. 3. Click the Start button, point to Settings, and then click Control Panel. 4. Double-click Add/Remove Programs to display the Add/Remove Programs dialog box.
  • Page 152 3. On the Connection menu, click New. The New Connection dialog box appears. 4. Enter a name for this connection in the Name box. 5. In the Type list, click Citrix DirectICA. 6. If desired, enter a comment in the Comment box. 7.
  • Page 153 The DTR (Data Terminal Ready) and DSR (Data Set Ready) modem signals are not supported The RI (Ring Indicator) modem signal is not supported; most applications use CD (Carrier Detect) instead Some applications can only access COM1 or COM2. In this case, you can reassign this port using the change port command;...
  • Page 154 This section contains information to help you diagnose and solve common problems encountered with DirectICA. Contact your hardware manufacturer for help with hardware problems. Check the messages that appear during the “blue screen” phase of system startup for error messages relating to the multi-VGA adapter. Check the Event Viewer for error messages.
  • Page 155 If the DirectICA stations display a logon screen but the mice and keyboards do not work, a base address conflict is the likely cause. Compare the base address used by the multi-VGA adapter with the address ranges used by other devices on the server to see if there is a conflict.
  • Page 157 A P P E N D I X You do not normally need to override the default values for ICA Browser registry entries. However, for some systems you can adjust individual parameters to suit your particular needs. Ã To edit the registry 1.
  • Page 158 AckTimeout REG_DWORD 0 - 0xffffffff seconds (5 = default) Specifies the interval a browser waits for an ACK after sending a master browser update. If no ACK is received, the browser resends the update. The browser retries AckRetries times before forcing a browser election. AgeDatabaseTime REG_DWORD 0 - 0xffffffff seconds (300 = default)
  • Page 159 GatewayIpx REG_MULTI_SZ Citrix server addresses To set up an IPX gateway the remote IPX address (network:node) of a Citrix server must be specified in this list. When a master browser receives an update from a browser, it forwards the data to all configured gateways on the same network protocol.
  • Page 160 LogMask REG_DWORD 0 - 0xffffffff (0 = default) Specifies a bit mask for logging debug information. After changing this value, stop and start the ICA Browser to start logging to the file %systemRoot%\Ibrowser.log. The bit mask values are: Bit Mask Description 0x00000001 browser initialization...
  • Page 161 RefreshDelay REG_DWORD 0 - 0xffffffff seconds (30 = default) Specifies the delay after a client connects or disconnects from the Citrix server before a master browser update is sent. This delay should be large enough to let the system “settle” before sending the master browser update. SendRetries REG_DWORD 0 - 0xffffffff...
  • Page 162 Weighting Factor Limit Description BalanceICA Connections Configured ICA Number of free ICA connections connections BalanceUserLicenses BalanceMaxUserLicenses Number of free user licenses BalancePageFile BalanceMinPageFile Size of remaining page file BalancePageFaults BalanceMaxPageFaults Number of page faults BalanceMemoryLoad Memory load level BalanceProcessorBusy Processor load BalanceBias REG_DWORD 0 - 0xffffffff (0 = default)
  • Page 163 BalancePageFaults REG_DWORD 0 - 1000 (100 = default) Specifies the page fault weighting factor. Each of the weighting factors is divided by the sum of the weighting factors to arrive at ratios that are used to compute the system load level. The page fault load is calculated by dividing number of page faults by BalanceMaxPageFaults and multiplying by the page file ratio.
  • Page 164 BalanceICAConnections REG_DWORD 0 - 1000 (10 = default) Specifies the ICA connection weighting factor. Each of the weighting factors is divided by the sum of the weighting factors to arrive at ratios that are used to compute the system load level. The ICA connection load is calculated by dividing the number of free ICA connections by the number of configured ICA connections and multiplying by the ICA connection ratio.
  • Page 165 procedures Citrix IMS applications 88 introduction 83 load balanced 89 16-bit versus 32-bit applications 10 standard applications 86 videos 88 Program Neighborhood 66 scopes of management ACLCHECK (Security Audit Utility) 106 introduction 70 ACLSET (Set Default Security ACLs) 108 NT domains scope 77 using to secure the file system 100 server farms scope 70 activating a license 30...
  • Page 166 Configure TCP/IP port number (ICAPORT) 118 configuring CHANGE CLIENT (Change ICA Client Device Mapping ICA Browsers 59 ICA gateways 59 Settings) 114 Change ICA Client Device Mapping Settings (CHANGE VideoFrame 59 configuring a modem 20 CLIENT) 114 Citrix licensing Configuring DirectICA 131 see licensing 25 changing the video settings 132 Citrix Licensing program 27...

  • Page 167: Reconnecting To Load Balanced Sessions

    configuring a modem 20 installation 17 home directories, Terminal Server and W unattended setup 22 RAME upgrading 16 How to Use this Guide xvi ICA Browser 60 licensing 25, 31 activating a license 30 configuring 59 ICA Browser service 60 adding a license 28 registry entries 137 adjusting the pooled user count 32...
  • Page 168 MetaFrame features procedures enterprise-scale management tools xiv Citrix IMS applications 88 heterogeneous computing environments xiii introduction 83 ICA Client features 6 load balanced 89 ICA Client platforms 5 standard applications 86 seamless desktop integration xv videos 88 modem callback, configuring 41 Program Neighborhood 66 modems scopes of management...

  • Page 169: Tuning Load Balancing

    sample answer file 24 TCP/IP port number scopes of management configuring (ICAPORT) 118 introduction 70 terminating processes 58 NT domains scope 77 Troubleshooting server farms scope 70 BIOS setup 134 trust relationships 71 general guidelines 134 security installation problems 134 MetaFrame security tools 100 IRQ conflicts 135 using ACLSET to secure the file system 100...

Table of Contents