XenApp 6.5 for Windows Server 2008 R2

2011 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement

Contents

XenApp 6.5 for Windows Server 2008 R2 XenApp 6.5 for Windows Server 2008 R2 About This Release Known Issues System Requirements Plan Design and Plan Farm Terminology and Concepts Planning a Successful User Experience Farm Hardware Considerations Planning for Applications and Server Loads Assessing Applications for XenApp Compatibility Evaluating Application Delivery Methods Planning for Application Streaming Placing Applications on Servers Determining the Number of XenApp Servers to Deploy Deciding How Many Farms to Deploy Planning Server Functions Planning the XenApp Data Store Database Server Hardware Performance Considerations Replication Considerations Planning for Configuration Logging and IMA Encryption Planning for Data Collectors Designing Zones for a XenApp Deployment Planning for the Web Interface and XML Broker Planning for Accounts and Trust Relationships Recommendations for Active Directory Environments Planning for System Monitoring and Maintenance Planning for UAC

22 23 26 29 34 39 43 47 51 53 54 55 56 59 60 64 65 67 68 70 72 73 74 75 78 80 82 85 86

2

Planning for Shadowing Securing Delivery and Access Planning for Supported Languages and Windows MUI Support Planning for Passthrough Client Authentication Install and Configure Install and Configure Preparing to Install and Configure XenApp Before Installing XenApp Before Configuring XenApp Installing XenApp Using the Wizard-Based Server Role Manager Installing XenApp from the Command Line Configuring XenApp Server Role License Information Configuring XenApp Using the Wizard-based Server Configuration Tool Configuring XenApp from the Command Line Configuration Command Syntax Preparing for XenApp Imaging and Provisioning Removing Roles and Components Data Store Database Reference Microsoft SQL Server Database Oracle Database Migrate XenApp Migration Center Migration Center Interfaces Objects You Can Migrate Requirements and Installation Migrating XenApp Using the Graphical Interface Migrating XenApp Using the Command Line Interface Cmdlet Reference Post-migration Tasks Indirect Migrations and Advanced Cmdlets Manage XenApp 6 for Windows 2008 R2 Management Consoles and Other Tools To start the AppCenter and discover servers To view zones To refresh user data automatically Managing Citrix Administrators

87 88 89 90 91 93 94 95 97 99 101 104 106 110 112 118 123 126 127 130 133 135 137 139 141 144 146 148 154 155 158 160 162 164 165 166 167

3

Delegating Tasks to Custom Administrators Delivering XenApp to Software Services Subscribers To enable Windows 7 look and feel and control desktop customization Working with Citrix Policies Navigating Citrix Policies and Settings Creating Citrix Policies Working with Citrix Policy Templates Creating Policy Templates Importing and Exporting Policy Templates Comparing Policies and Templates Configuring Policy Settings To add settings to a policy Applying Citrix Policies To add filters to a policy Managing Multiple Policies Prioritizing Policies and Creating Exceptions Determining Which Policies Apply to a Connection To simulate connection scenarios with Citrix policies Applying Policies to Access Gateway Connections Enabling Scanners and Other TWAIN Devices Managing Session Environments and Connections Defining User Environments in XenApp Controlling the Appearance of User Logons Controlling Access to Devices and Ports To enable user execute permissions on mapped drives Displaying Local Special Folders in Sessions Configuring Audio for User Sessions To enable or disable audio for published applications To configure bandwidth limits for audio To configure audio compression and output quality To enable support for microphones and speakers To use and set sound quality for digital dictation devices Ensuring Session Continuity for Mobile Workers Maintaining Session Activity Configuring Session Reliability Configuring Automatic Client Reconnection Configuring ICA Keep-Alive 4

169 172 175 177 179 181 183 185 187 189 190 192 193 196 197 198 200 202 203 205 207 209 210 211 212 213 216 217 218 219 220 221 222 224 225 226 228

Session Linger Managing and Monitoring XenApp Sessions Monitoring Session Information Viewing User Sessions Viewing User Sessions with the Shadow Taskbar Enabling Logging for Shadowing Enabling User-to-User Shadowing with Policies Controlling Client Connections in XenApp Preventing Specific Client Connection Types Specifying Connection Limits Limiting Connections to a Server Farm Sharing Sessions and Connections Limiting Application Instances Logging Connection Denial Events Configuring the ICA Listener Preventing User Connections During Farm Maintenance Optimizing User Sessions for XenApp Optimizing Audio and Video Playback Configuring Windows Media Redirection Optimizing Flash Content Optimizing Throughput of Image Files Optimizing Display of Image Files Optimizing Keyboard and Mouse Responsiveness Configuring SpeedScreen Latency Reduction Adjusting SpeedScreen Latency Reduction for an Application To configure latency reduction settings for input fields in an application To create exception entries for non-standard input fields in an application Configuring HDX Broadcast Display Settings Enhancing the User Experience With HDX Configuring HDX MediaStream Flash Redirection Configuring HDX MediaStream Flash Redirection on the Server Configuring HDX MediaStream Flash Redirection on the User Device Configuring Audio Avoiding Echo During Multimedia Conferences With HDX RealTime

229 230 233 234 235 237 238 240 241 242 243 244 246 247 248 249 250 251 253 254 255 256 257 258 259 262 264 266 267 268 270 275 280 284

5

Video Conferencing with HDX RealTime Webcam Video Compression Increasing 2D and 3D Application Scalability and Performance Assigning Priorities to Network Traffic Adding Dynamic Windows Preview Support Configuring Read-Only Access to Mapped Client Drives Securing Server Farms Securing Access to Your Servers Securing the Data Store Securing Client-Server Communications Using SecureICA Enabling SSL/TLS Protocols To configure session data encryption To set a policy for ICA encryption Configuring SSL/TLS Between Servers and Clients Obtaining and Installing Server and Root SSL Certificates Choosing an SSL Certificate Authority Acquiring a Signed SSL Certificate and Password To enable the SSL Relay and select the relay credentials Using the SSL Relay with the Microsoft Internet Information Service (IIS) Configuring the Relay Port and Server Connection Settings To run the SSL Relay on port 443 without using HTTPS Configuring the Ciphersuites Allowed by the SSL Relay Using the Secure Gateway Using the Secure Ticket Authority Securing Network Communications Configuring TCP Ports Using Proxy Servers Configuring Authentication for Workspace Control Using Smart Cards with XenApp Configuring Kerberos Logon Logging Administrative Changes to a XenApp Farm Setting up the Configuration Logging Database Defining Database Permissions for Configuration Logging To configure the connection to the Configuration Logging database To set Configuration Logging properties Clearing Entries from the Configuration Logging Database 6

285 287 288 290 291 292 293 294 296 297 298 299 300 301 303 304 305 306 307 308 310 311 312 313 315 316 317 318 319 321 323 325 327 329 330 331

Encrypting Configuration Logging Data To generate a key and enable IMA encryption on the first server in a farm To load a key on servers that join the farm Managing IMA Encryption XenApp Service Account Privileges Maintaining Server Farms To search for objects in your farm To change a server's desktop settings To limit the number of server connections per user To enable or deny logons to servers Restarting Servers at Scheduled Times Removing and Reinstalling XenApp To rename a XenApp server To move or remove a server Monitoring Server Performance with Health Monitoring & Recovery Using Citrix Performance Monitoring Counters Using Worker Groups for Enhanced Resource Access To create a worker group Creating and Prioritizing Load Balancing Policies Enhancing the Performance of a Remote Group of Servers Using Preferential Load Balancing Resource Allotment Multiple Published Applications in the Same Session Managing CPU Usage Deploying virtual memory optimization Managing Farm Infrastructure Maintaining the Local Host Cache Tuning Local Host Cache Synchronization To configure zones and back-up data collectors Updating Citrix License Server Settings To set the product edition Configuring the Citrix XML Service Port and Trust To manually change the XML Service port to use a port different from IIS after installation To manually configure Citrix XML Service to share the TCP port with IIS Manage Server and Resource Loads

332 334 335 336 337 342 343 344 345 346 347 348 350 351 352 355 357 360 361 362 363 364 367 368 370 373 374 375 376 378 379 380 382 383 384

7

To create a new load evaluator List of Load Management Rules Assigning Load Evaluators to Servers and Applications Scheduling Server Availability Power and Capacity Management About Load Consolidation and Power Management Installing Power and Capacity Management System Requirements for Power and Capacity Management Interactively Installing Components Silently Installing Components Upgrading Administration Components Removing Components Configuring and Using Power and Capacity Management Configuring a Server Profile Configuring Server Properties Setting Global Configuration Values Configuring Sites Adding Virtual Machine Managers Managing the Concentrator Creating Setpoints and Schedules Enabling Load Consolidation and Power Management Understanding XenApp Printing Introduction to Windows Printing Concepts Local and Remote Print Job Spooling XenApp Printing Concepts Overview of Client and Network Printing Pathways Provisioning Printers for Sessions Auto-Creating Client Printers Auto-Creating Network Printers Letting Users Provision Their Own Printers Device or Session-Based Print Settings Device-Based Print Settings Controlling Printing Settings and User Preferences Setting Default Printers Printing and Mobile Workers Optimizing Printing Performance by Routing Managing Printer Drivers

386 387 389 391 392 394 396 397 401 403 409 410 411 415 417 419 420 421 423 425 428 429 430 432 434 435 440 442 446 447 448 449 450 453 454 456 457

8

Planning Your Printing Configuration Default Printing Behavior Printing Policy Configuration Printing Security Purchasing Printing Hardware Configuring and Maintaining XenApp Printing Configuring Printer Autocreation Settings Configuring Citrix Universal Printing Configuring Network Printers for Users To add a network printer while configuring the Session printers setting To specify a default printer for a session To edit the printer settings in the sessions policy To configure server local printers Configuring Printers for Mobile Workers Changing Network Print Job Routing Providing Tools for User Provisioning To store users printer properties To synchronize properties from the printer Controlling Printer Driver Automatic Installation Configuring Universal Printer Drivers on Farm Servers Mapping Client Printer Drivers Improving Session Performance by Limiting Printing Bandwidth Displaying Printers Managing Printers Using the Network Printing Pathway Displaying Printers Using the Client Printing Pathway XenApp Server Utilities Reference ALTADDR APP AUDITLOG CHANGE CLIENT CTXKEYTOOL CTXXMLSS DSCHECK DSMAINT ENABLELB ICAPORT IMAPORT 9

459 460 461 462 463 464 465 466 468 469 470 471 472 473 474 475 477 478 479 482 484 486 488 489 490 491 492 494 497 500 504 506 508 510 515 516 518

QUERY FARM QUERY PROCESS QUERY SESSION QUERY TERMSERVER QUERY USER Performance Counters Reference Citrix CPU Utilization Mgmt User Counters Citrix IMA Networking Counters Citrix Licensing Counters Citrix MetaFrame Presentation Server Counters ICA Session Counters Secure Ticket Authority Counters Policy Settings Reference Policy Settings: Quick Reference Table ICA Policy Settings Audio Policy Settings Auto Client Reconnect Policy Settings Bandwidth Policy Settings Desktop UI Policy Settings End User Monitoring Policy Settings File Redirection Policy Settings Flash Redirection Policy Settings Graphics Policy Settings Caching Policy Settings Keep Alive Policy Settings Legacy Server Side Optimizations Policy Settings Multimedia Policy Settings Multi-Stream Connections Policy Settings Port Redirection Policy Settings Printing Policy Settings Client Printers Policy Settings Drivers Policy Settings Universal Printing Policy Settings Security Policy Settings Server Limits Policy Settings Session Limits Policy Settings Session Reliability Policy Settings

520 523 525 527 529 531 532 533 534 535 537 540 541 542 548 550 552 553 558 559 560 565 569 571 572 573 574 576 578 580 582 585 587 590 592 593 595

10

Shadowing Policy Settings Time Zone Control Policy Settings TWAIN Devices Policy Settings USB Devices Policy Settings Visual Display Policy Settings Moving Images Policy Settings Still Images Policy Settings Licensing Policy Settings Power and Capacity Management Policy Settings Server Policy Settings Connection Limits Policy Settings Database Policy Settings Health Monitoring and Recovery Policy Settings Memory Optimization Policy Settings Offline Applications Policy Settings Reboot Behavior Policy Settings Server Session Settings Virtual IP Policy Settings XML Service Policy Settings Publish Publish Publishing in XenApp Evaluating Application Delivery Methods Publishing Resources using the AppCenter To configure servers to publish for multiple users To publish a resource using the Publish Application wizard To select a resource type and delivery method To configure locations of published applications To configure locations of published content To disable command-line validation To pre-launch applications to user devices Publishing Applications for Streaming New Features in This Release System Requirements for Application Streaming Application Streaming Overview Components for Application Streaming Deciding Which Plug-ins to Use for Application Streaming

597 599 600 601 603 604 605 607 608 609 612 613 615 616 619 620 623 624 626 627 629 630 631 634 636 637 639 641 642 643 644 647 649 650 653 655 658

11

Providing Single Sign-on for Streamed Applications Creating Application Profiles Targets Overview Service Pack Level System Drive Letter Operating System Language Inter-Isolation Communication Overview Isolating Services Specifying Trusted Servers for Streamed Services and Profiles Managing Isolation Environment Rules Types of Isolation Environment Rules Restrictions and Limitations for Rules Creating Isolation Environment Rules for a Target To create an isolation environment rule To modify a rule Using Environment Variables to Construct Rules Preparing a Workstation for Profiling Applications Known Limitations for Profiling To install the profiler To disable and enable profile signing To start the profiler Creating a Profile and Its Initial Target To create a profile and target To allow users to update applications To set up inter-isolation communication To select an install option To install multiple applications through Advanced Install To choose an installation program for the application To create a virtual hard disk To support legacy plug-ins To install Internet Explorer plug-ins To include files and folders in a target To include registry settings To install an application in the profile To run an application in the profiler To select applications for listing in the profile 12

660 661 663 665 666 667 668 669 670 673 674 677 678 679 680 681 683 685 686 687 688 689 690 693 694 696 697 698 700 702 703 704 705 706 707 708

To sign a profile Editing Profiles To view profile information To edit the profile name, description, or location To view details about applications in a profile To view File Type Associations set in a profile To check for launch prerequisites To check for prerequisite registry entries To check for prerequisite applications and files To specify pre-launch and post-exit scripts To add a target to a profile To resolve target conflicts To resolve invalid shortcuts To delete a target from a profile To delete a folder from a profile To remove a profile from a linked profile Editing Targets To edit the target name and description To modify the application properties in the target To modify the operating system and language properties of a target To update a target To remove an old version of an updated target Profile Contents on the Server Manifest File Targets Digital Signature Icons Scripts Publishing Streamed Applications To select a streaming delivery method To force a delivery method for streamed applications To provide HTTP or HTTPS delivery method Configuring Offline Access Offline Plug-in 6.5 for Windows New Features in This Release System Requirements for Application Streaming Citrix Offline Plug-in Overview 13

709 710 711 712 713 714 715 716 718 719 720 721 723 724 725 726 727 728 729 731 732 733 734 735 736 737 738 739 740 741 743 745 748 751 752 753 756

Deciding Which Plug-ins to Use for Application Streaming Specifying Trusted Servers for Streamed Services and Profiles Using the Merchandising Server and Citrix Receiver Updater to Deploy the Plug-ins To install the Offline Plug-in To deliver the AppHubWhiteList to user devices To configure the cache size of the Offline Plug-in To deploy the Offline Plug-in using the command-line To configure an .MSI package for the Offline Plug-in using transforms To deploy the Offline Plug-in to user devices through Active Directory To deploy applications to user devices To clear the streamed application cache on user devices To clear merged rules for linked profiles on user devices Configuring Content Redirection To enable content redirection from server to client To configure content redirection from client to server Managing Application Properties To rename a published application To configure locations of servers for published resources To specify locations of applications for streaming To enable an application for offline access To configure user access to applications Granting Access to Explicit or Anonymous Users To configure shortcuts for user devices To configure access controlled by the Access Gateway To associate published applications with file types To update file type associations To configure alternate profiles To pass parameters to published applications To reduce user privileges for a streamed application To configure application limits and importance To configure audio and encryption options for published applications To configure application appearance To disable or enable a published application To delete a published application

757 759 762 763 765 766 767 769 770 771 773 775 776 777 779 780 781 782 783 784 785 787 788 789 790 792 794 795 796 797 798 800 801 802

14

To move a published application to another folder To duplicate published application settings To export published application settings to a file To import published application settings from a file Making Virtual IP Addresses Available to Applications How Virtual IP Addressing Works Binding Applications To determine whether an application needs to use virtual IP addresses To make virtual IP addresses available to applications running in sessions To make a virtual loopback address available to applications running in sessions To supply client IP addresses to published applications on a server VM Hosted Apps System Requirements Plan Install and Set Up Installing and Removing Server Components for VM Hosted Apps To configure a VM hosted apps site To replace the default XenServer SSL certificate Installing and Removing the Virtual Desktop Agent To configure firewalls manually To deploy the Virtual Desktop Agent using Active Directory Group Policy Objects To use Windows XP virtual desktops with Single Sign-on Manage Working With Machine Catalogs and Desktop Groups To create an application desktop group Managing Application Desktop Groups Working With Applications To create an application To modify applications To manage applications sessions Organizing Applications with Folders and Tags Customize Configuring USB Support for VM Hosted Apps Publishing App-V Sequences in XenApp

803 804 805 806 807 808 809 810 811 812 813 815 818 819 822 823 825 828 830 832 833 834 835 836 838 839 840 842 844 846 848 849 850 854

15

XenApp Connector for Configuration Manager 2007 System Requirements for XenApp Connector for Configuration Manager 2007 Install and Set Up XenApp Connector Uninstalling XenApp Connector Enabling Power and Capacity Management for XenApp Connector Deploying Applications to XenApp Servers and Publishing Applications with XenApp Connector To publish applications with XenApp Connector for Configuration Manager 2007 Deploying WSUS Updates to XenApp Servers with XenApp Connector Viewing and Maintaining Log Files Enterprise Management Enterprise Management Management Pack for System Center Operations Manager 2007 System Requirements for the Management Pack To install the Management Pack Management Pack Post-Installation Tasks Uninstalling the Management Pack Security Considerations for the Management Pack Troubleshooting Query Errors in Operations Manager Citrix Managed Objects Included in the Management Pack Citrix Views Included in the Management Pack To view state monitors and processing rules Viewing XenApp Alert and Event Information Viewing XenApp Deployment State Information Viewing Citrix Presentation Server Topology Diagrams To reconfigure security settings on zone data collectors Viewing XenApp Performance Information Viewing License Server Information Configuring and Enabling Site-specific Monitors To open the AppCenter from the Operations Manager Console Installation Manager Requirements and Installation Using the Installation Manager Console Using Installation Manager PowerShell Cmdlets Installation Manager Messages Reference Managing Providers and WMI

858 859 861 865 866 868 871 873 874 876 877 879 881 882 883 884 885 886 887 888 889 890 891 892 896 897 898 899 901 902 904 907 911 917 923

16

XenApp Provider Overview Licensing Provider Overview Installing the XenApp Provider Installing the Licensing Provider Starting the Provider Services Security Considerations Uninstalling the Providers WMI Schema XenApp Provider WMI Schema (Part 1 of 3) XenApp Provider WMI Schema (Part 2 of 3) XenApp Provider WMI Schema (Part 3 of 3) Citrix Licensing Provider WMI Schema Optimize WAN Access Provision Secure Enterprise Network Secure Gateway Citrix XenApp Components That Work with Secure Gateway Secure Gateway Features System Requirements for Secure Gateway Certificate Requirements Planning a Secure Gateway Deployment Deploying the Secure Gateway in a Single-Hop DMZ Running the Web Interface behind the Secure Gateway in the Demilitarized Zone Locking Down Internet Information Services Running the Web Interface Parallel with the Secure Gateway Setting Up the Web Interface and the Secure Gateway in a Single-Hop Demilitarized Zone Deploying the Secure Gateway in a Double-Hop DMZ Setting Up the Secure Gateway and the Secure Gateway Proxy in a Double-Hop DMZ Publishing the Web Address for the Secure Gateway in a Double-Hop Demilitarized Zone Setting Up and Testing a Server Farm Installing the Secure Ticket Authority Testing Your Deployment Installing and Configuring the Secure Gateway and Secure Gateway Proxy Upgrading Secure Gateway or Secure Gateway Proxy

924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 945 947 949 950 952 954 955 956 957 960 961 962 963 964 965 966

17

Using Firewall Software with the Secure Gateway or Secure Gateway Proxy Installing the Secure Gateway or Secure Gateway Proxy To install the Secure Gateway or Secure Gateway Proxy Configuring the Secure Gateway or Secure Gateway Proxy To start the configuration wizard manually To select a configuration level (Secure Gateway) To select a configuration level (Secure Gateway Proxy) Task Summary for Secure Gateway, Advanced or Standard Configuration Task Summary for Secure Gateway Proxy, Advanced or Standard Configuration To select a server certificate To configure secure protocol settings To configure inbound client connections To configure outbound connections To configure an access control list for outbound connections To configure servers running the Secure Gateway Proxy To add the Secure Ticket Authority details To configure connection parameters To configure logging exclusions To add the Web Interface server details To configure the logging parameters To complete the configuration To stop the Secure Gateway/Secure Gateway Proxy service To uninstall the Secure Gateway Managing the Secure Gateway Viewing Session and Connection Information with the Secure Gateway Console Viewing Secure Gateway Performance Statistics To view the Secure Gateway performance statistics Performance Counters Available for the Secure Gateway Generating the Secure Gateway Diagnostics Report Viewing the Secure Gateway Events Viewing the Secure Gateway Access Logs Secure Gateway Configuration Wizard Secure Gateway Optimization and Security Guidelines Configuring Firewalls for the Secure Gateway

967 968 969 970 971 972 973 974 975 976 977 978 979 980 982 983 984 985 986 987 988 989 990 991 992 994 995 996 1000 1001 1003 1004 1005 1006

18

Ensuring High Availability of the Secure Gateway Load Balancing Multiple Secure Gateway Servers Load Balancing an Array of the Secure Gateway Proxy

1007 1009 1010

Certificate Requirements for Load Balancing Secure Gateway 1011 Servers Using Load Balancers and SSL Accelerator Cards with Secure Gateway Servers 1012

Coordinating Keep-Alive Values Between the Secure Gateway and 1013 Citrix XenApp Setting Connection Keep-Alive Values and the Secure Gateway Improving Security (Recommendations) Preventing Indexing by Search Engines Troubleshooting the Secure Gateway To check your certificates Client Connections Launched from IP Addresses in the Logging Exclusions List Fail Load Balancers Do Not Report Active Client Sessions if Connections Are Idle Performance Issues with Transferring Files Between a User Device and a Citrix XenApp Server Gateway Client Connections Fail When Using Windows XP Service Pack 2 Failed Client Connections to the Secure Gateway Result in Duplicate Entries in the Secure Gateway Log Placing the Secure Gateway Behind a Reverse Web Proxy Causes an SSL Error 4 Run the Secure Gateway Parallel to the Reverse Web Proxy Use a Network Address Translator Instead of a Reverse Web Proxy Digital Certificates and the Secure Gateway Understanding Cryptography Types of Cryptography Combining Public Key and Secret Key Cryptography Understanding Digital Certificates and Certificate Authorities Certificate Chains Certificate Revocation Lists Deciding Where to Obtain Certificates Obtaining and Installing Server Certificates Obtaining and Installing Root Certificates Support for Wildcard Certificates with the Secure Gateway Secure Application Access Monitor 1014 1015 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1036 1038 1039 1041 1043 1044 1045 1046

19

Record Record System Requirements for SmartAuditor Example Usage Scenarios Getting Started with SmartAuditor Planning Your Deployment Security Recommendations Installing Certificates Scalability Considerations Important Deployment Notes Pre-Installation Checklist To install SmartAuditor Automating Installations To configure SmartAuditor to play and record sessions Granting Access Rights to Users Creating and Activating Recording Policies Using System Policies Creating Custom Recording Policies To create a new policy To modify a policy To delete a policy To activate a policy Understanding Rollover Behavior To disable or enable recording To configure the connection to the SmartAuditor Server Creating Notification Messages Enabling Custom Event Recording To enable or disable live session playback To enable or disable playback protection To enable and disable digital signing To specify where recordings are stored Specifying File Size for Recordings Viewing Recordings To launch the SmartAuditor Player To open and play recordings To search for recorded sessions To play recorded sessions

1047 1048 1051 1054 1055 1057 1060 1061 1062 1065 1066 1067 1069 1070 1072 1073 1074 1075 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1091 1092 1093 1094 1096 1098

20

To use events and bookmarks To change the playback display To display or hide window elements To cache recorded session files To change SmartAuditor Servers Troubleshooting SmartAuditor Verifying Component Connections Testing IIS Connectivity Troubleshooting Certificate Issues SmartAuditor Agent Cannot Connect SmartAuditor Server Cannot Connect to the SmartAuditor Database Sessions are not Recording Searching for Recordings in the Player Fails Troubleshooting MSMQ Unable to View Live Session Playback To change your communication protocol Reference: Managing Your Database Records Single Sign-on Automate

1101 1104 1106 1107 1109 1110 1111 1113 1115 1116 1117 1118 1119 1120 1121 1122 1124 1126 1127

21

XenApp 6.5 for Windows Server 2008 R2

About This Release Known Issues for XenApp 6.5 System Requirements for XenApp 6.5

Publishing Resources Enhancing the User Experience With HDX Delivering XenApp to Software Services Subscribers (Windows Desktop Experience Integration) Power and Capacity Management Profile Management Licensing Your Product Web Interface Receiver (Updater) for Windows Receiver (Updater) for Macintosh

Issues Fixed for XenApp 6.5 Installing and Configuring XenApp 6.5 XenApp Migration Center Designing a XenApp Deployment Receiver For Windows Self-service Plug-in

Other XenApp FeaturesCitrix XenApp includes additional features in each edition to help enhance the user application virtualization experience. This table includes links to the product documentation located in Citrix eDocs or in the Citrix Knowledge Center describing these features.

Desktop Director Provisioning Services Service Monitoring (EdgeSight) Single Sign-on Branch optimization powered by Citrix Branch Repeater SmartAccess powered by Citrix Access Gateway Doc Finder

VM Hosted Apps XenApp Connector for Configuration Manager 2007 R2 Smart Auditor Load testing services Secure Gateway XenVault Workflow Studio orchestration

22

About Citrix XenApp 6.5 for Windows Server2008 R2This release includes several new features and enhancements to Citrix XenApp.

23

XenApp 6.5 for Windows Server 2008 R2

What's Newq

Server Platform Support The XenApp software can be installed on the following platforms. For all system requirements, see System Requirements.q

Microsoft Windows Server 2008 R2

q

q Microsoft Windows Server 20008 R2 Service Pack 1 Windows Desktop Experience Integration

Installed by default when installing the XenApp server role, this feature provides a Windows 7 look and feel including desktop customization. PowerShell script options enable administrators to control desktop and environment defaults while allowing end users to customize their desktops. When installed and enabled, this feature also removes the Windows Server Manager Console from the XenApp server's toolbar and relocates the Citrix XenApp administrative tools such as the AppCenter to the Start menu's Administrative Tools\Citrix folder. See Delivering XenApp to Software Services Subscribers for more information.q

Citrix AppCenter The AppCenter provides a streamlined interface for performing management functions. From the AppCenter, you can manage components administered through other Citrix products, such as Citrix Secure Access and Citrix Single Sign-On. For Citrix XenApp, you can configure and monitor servers, server farms, published resources, and sessions.

q

Session Pre-launch, Session Linger, and Fast Reconnect This collection of features improves the user experience by eliminating delays when launching and maintaining sessions. By using configurable Session Pre-launch policy settings, a session is started automatically when a user logs on to the farm. By implementing Session Linger policy settings, sessions remain alive for a configurable period before termination, rather than terminating when users close applications. Fast Reconnect, built into XenApp and requiring no configuration, helps minimize delays when users reconnect to existing sessions.

q

Citrix HDX Enhancements XenApp includes the latest HDX enhancements:q

HDX MediaStream Flash Redirection Audio Settings Multimedia Conferencing with HDX RealTime Increased 2D and 3D Application Scalability and Performance Assigning Priorities to Network Traffic

q

q

q

q

24

XenApp 6.5 for Windows Server 2008 R2q

Dynamic Windows Preview Support

q

Migration Center with Graphical User Interface With the choice of using a PowerShell cmdlet command line or graphical user interface, XenApp administrators can import application, folder, server configuration, and other XenApp object types from farms running previous versions of XenApp into XenApp 6.5 farms. See XenApp Migration Center for requirement and installation information.

q

Improved Performance for Pooled Desktops Application launch time in pooled desktop environments is improved through the use of virtual hard disks. Using the Streaming Profiler, virtual hard disks can be created when profiling an application. When the application is launched for the first time, the virtual hard disk is mounted and all the profile contents are copied to the virtual hard disk. For all subsequent launches, the application is launched from the virtual hard disk, resulting in a speedier launch.

q

Printing Optimization XenApp printing features include improved print session performance, lower bandwidth required for printing, and improved user experience when printing to redirected client printers. Universal Printing policy settings enable the administrator to control print quality, spooling, and optimization defaults. See the printing topics in the Manage node of this documentation for more information.

25

About Citrix XenApp 6.5 for Windows Server2008 R2This release includes several new features and enhancements to Citrix XenApp.

26

About This Release

What's Newq

Server Platform Support The XenApp software can be installed on the following platforms. For all system requirements, see System Requirements.q

Microsoft Windows Server 2008 R2

q

q Microsoft Windows Server 20008 R2 Service Pack 1 Windows Desktop Experience Integration

Installed by default when installing the XenApp server role, this feature provides a Windows 7 look and feel including desktop customization. PowerShell script options enable administrators to control desktop and environment defaults while allowing end users to customize their desktops. When installed and enabled, this feature also removes the Windows Server Manager Console from the XenApp server's toolbar and relocates the Citrix XenApp administrative tools such as the AppCenter to the Start menu's Administrative Tools\Citrix folder. See Delivering XenApp to Software Services Subscribers for more information.q

Citrix AppCenter The AppCenter provides a streamlined interface for performing management functions. From the AppCenter, you can manage components administered through other Citrix products, such as Citrix Secure Access and Citrix Single Sign-On. For Citrix XenApp, you can configure and monitor servers, server farms, published resources, and sessions.

q

Session Pre-launch, Session Linger, and Fast Reconnect This collection of features improves the user experience by eliminating delays when launching and maintaining sessions. By using configurable Session Pre-launch policy settings, a session is started automatically when a user logs on to the farm. By implementing Session Linger policy settings, sessions remain alive for a configurable period before termination, rather than terminating when users close applications. Fast Reconnect, built into XenApp and requiring no configuration, helps minimize delays when users reconnect to existing sessions.

q

Citrix HDX Enhancements XenApp includes the latest HDX enhancements:q

HDX MediaStream Flash Redirection Audio Settings Multimedia Conferencing with HDX RealTime Increased 2D and 3D Application Scalability and Performance Assigning Priorities to Network Traffic

q

q

q

q

27

About This Releaseq

Dynamic Windows Preview Support

q

Migration Center with Graphical User Interface With the choice of using a PowerShell cmdlet command line or graphical user interface, XenApp administrators can import application, folder, server configuration, and other XenApp object types from farms running previous versions of XenApp into XenApp 6.5 farms. See XenApp Migration Center for requirement and installation information.

q

Improved Performance for Pooled Desktops Application launch time in pooled desktop environments is improved through the use of virtual hard disks. Using the Streaming Profiler, virtual hard disks can be created when profiling an application. When the application is launched for the first time, the virtual hard disk is mounted and all the profile contents are copied to the virtual hard disk. For all subsequent launches, the application is launched from the virtual hard disk, resulting in a speedier launch.

q

Printing Optimization XenApp printing features include improved print session performance, lower bandwidth required for printing, and improved user experience when printing to redirected client printers. Universal Printing policy settings enable the administrator to control print quality, spooling, and optimization defaults. See the printing topics in the Manage node of this documentation for more information.

28

Known Issues for XenApp 6.5 for Windows Server 2008 R2Readme Version: 1.0

Contentsq

Installation Issues SmartAuditor Issues Application Streaming Issues Single Sign-on Issues Other Known Issues

q

q

q

q

29

Known Issues

Installation Issuesq

The Provisioning Services Target Device software resets your network connection during install. As a result, you may see user interface crashes or other failures if you select this component to install from a network location. Citrix recommends that you install the Provisioning Services Target Device software using one of the following methods [#229881]:q

Install from a local DVD image or ISO Copy the installation media locally before performing the installation Select Manually Install Components from the Autorun menu

q

q

q

q Install with a command-line installation If you are installing the Configuration Manager Console Extension component of the XenApp Connector for Configuration Manager 2007 on a computer that has a remote Configuration Manager console installed, this warning might display: Configuration Manager Console Extension is selected, but ConfigMgr 2007 R2 or higher is not installed. Install will continue, but the console extension feature will not be operable without ConfigMgr. If the installed Configuration Manager console is from Microsoft System Center Configuration Manager 2007 R2 or R3, ignore this warning and continue installing the Configuration Manager Console Extension. The Configuration Manager Console Extension operates normally after installation. [#0034277]

q

After installing the Windows Desktop Experience Integration role through the XenApp Server Role Manager on a computer running a non-English operating system and configuring the CtxStartMenuTaskbarUser Group Policy Object (GPO), the PowerShell and Server Manager icons are not removed from the Taskbar as expected. Additionally, the Internet Explorer and Windows Media Player icons are not added to the Taskbar. This occurs because the script Enable-CtxDesktopExperienceUser.ps1 does not run correctly on non-English operating systems. To resolve this issue, download the updated Enable-CtxDesktopExperienceUser.ps1 script from CTX130208 in the Citrix Knowledge Center and replace the script on the XenApp server. [#261892]

SmartAuditor Issuesq

The SmartAuditor Player might fail to correctly display sessions launched with Citrix Receiver for Windows 3.0, instead showing a black screen in the Player window. To prevent this, disable the gradient fill feature on the XenApp server hosting the sessions by creating this DWORD registry on the server and setting its value to 1: HKLM\SOFTWARE\Citrix\Ica\Thinwire\DisableGdiPlusSupport. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. Sessions recorded after this change is made display correctly. [#254644]

30

Known Issuesq

The SmartAuditor Player might fail to play sessions launched with the Citrix Online Plug-in for Windows 12.1 or Citrix Receiver for Windows 3.0. To play these sessions, edit this text in the SmAudPlayer.exe.config file: . To view sessions launched with Online Plug-in for Windows 12.1, change 12.00.9999 to 12.99.9999. To view sessions launched with Receiver for Windows 3.0, change 12.00.9999 to 13.00.9999. [#254795, #255780] If SmartAuditor Administration components are installed on a XenApp server, the Citrix AppCenter console might not be able to complete discovery on the server. To resolve this issue, run: %SystemDrive%\Program Files (x86)\Citrix\System32\mfreg.exe /regserver.[#260133]

q

Application Streaming IssuesIssues for streaming Microsoft Office applications:q

Profiling Microsoft Office 2010 SP1 is not supported in this release. For best practices for streaming Office 2010 applications, see http://support.citrix.com/article/CTX124565 in the Citrix Knowledge Center.

q

Although the fonts for Office 2010 applications do not load during profiling, the fonts load correctly when the applications are launched on the user device. [#262124] While profiling Microsoft Office 2010 applications, the option to Enable User Updates fails if the applications are published to stream to client desktops. To prevent this issue, do not use that profiling option for Office 2010 applications. [#259362] When using the RadeCache flushall command, you might receive an Access Denied error for Microsoft Office applications that are streamed to server. If this occurs, restart the server and run the flushall command again. [#262465]

q

q

q

When profiling Office 2010 on Windows 7 using the streaming profiler, if the operating system fails with a blue screen, the profiling workstation is probably missing Windows updates and a Microsoft Hotfix. To fix the issue, update the profiling workstation with the latest Windows updates and install the Microsoft Hotfix located at http://support.microsoft.com/kb/2359223/en-US. [#248727] Streamed Office Project 2007 has the following known issues:q

q

Creating Visual Reports in Project 2007 is not supported when users stream Project to their desktops, even when Excel 2007 is also streamed. [#223304]

Running Office Web Components in Project 2007 is not supported on Windows 7 operating systems. [#223553] There are no workarounds for these issues.q

Third-party known issues for application streaming:q

This release does not support streaming IBM Personal Communications 4.2 or IBM ClearQuest. [#259830]

31

Known Issuesq

This release does not support streaming to clients through Web Interface on the following browsers: [#262650, 257135]q

Microsoft Internet Explorer 9

Mozilla Firefox 4.0 Other known issues for application streaming:q q

Launching the streamed application SAP 7.20 or earlier versions on a non-English platform displays the user interface in English. In addition, the language drop-down located at File > Options > General > Language is blank. As a workaround, install the SAP application in the profile, and after installation, open the command prompt inside the Profiler. Navigate to the Lang folder (C:\Program Files\SAP\FrontEnd\SAPgui\Lang\) and copy all the files to location C:\Lang\. [#260029]

q

After creating the first target, you cannot modify the "Enable User Updates" setting for the profile. The setting that you select for the first target applies to all other targets that you add to this profile, even if you manually select a different setting for subsequent targets. [#252225] The Load Balancing policy fails to prevent a fallback option for delivery of an application published for dual-mode streaming (streamed if possible, otherwise stream accessed from a server). The Load Balancing policy is supposed to be able to override the dual mode and force one or the other delivery method, disallowing the other, for the specified groups of users. In this release, the policy fails to prevent the fallback option, and the application will be delivered as specified in the publishing process. There is no workaround for this issue. [#258537]

q

q

An application that is streamed to the server cannot support more than one extra parameter when there is a space character in one of the parameters. While profiling, if you add an extra parameter that has spaces, only one parameter is supported. If there are no spaces in the parameter, multiple parameters are supported. [#262752] The AppHubWhiteList is sometimes deleted when you update the Offline Plug-in. After updating the plug-in, verify that the AppHubWhiteList is still included with the plug-in, and if missing, add it manually. [#262709]

q

Single Sign-on Issuesq

Features that require the Single Sign-on Service might fail if the Single Sign-on Plug-in 5.0 is installed on user devices that do not have the Visual C++ 8.0 runtime library installed. To prevent this, ensure that the Visual C++ 8.0 runtime library is installed on the user device before installing the Single Sign-on Plug-in. [#261051] On user devices that are running double-byte character language operating systems and have the Single Sign-on Plug-in 5.0 installed, Input Method Editor (IME) might fail against the question-based authentication dialog boxes for self-service password reset and self-service account unlock. To allow users to use account self-service from these user devices, ensure that their answers to security questions are in languages that do not require IME. [#262856]

q

32

Known Issues

Other Known Issuesq

XenApp servers might stop responding when multiple users are making frequent connections to the servers. Installing Service Pack 1 for Windows Server 2008 R2 or Microsoft Hotfix Windows.1-KB2383928-x64 on the server prevents this from occurring. See Microsoft Knowledge Base article #2383928 for more information. [#254069] Adobe Flash content playback is poor when using server-side content fetching over a slow WAN connection. This may result in response failures for the Flash window or Web browser and extremely long buffer times and pauses. To avoid this issue, use server-rendered Flash delivery for user devices using WAN connections. [#261879] When using Secure Gateway in an environment where data is encrypted using SSL protocol, SSL-secured sessions might disconnect unexpectedly, reporting an SSL Library Error 45. [#259611] When publishing content to a XenApp server, the access control settings appear differently depending on whether you view them with the AppCenter console or with the XenApp command Get-XAApplication. For example, while the AppCenter might correctly display default settings, the XenApp command Get-XAApplication might display that no Access Gateway connections are allowed. This issue affects only the display of these settings; users can access the published content normally. To ensure a consistent display of access control settings, use the XenApp SDK to configure and publish content applications. [#261283]

q

q

q

q

Published applications might fail to launch, displaying a black window in place of the application window, if system memory is low. This condition is indicated by this system event log message, with picadd as its source: "The Citrix Thinwire driver stopped because it cannot allocate the required memory. You may need to manually disconnect and restart any existing sessions." [#261647]

33

System Requirements for XenApp 6.5System requirements for the XenApp server role and the Citrix AppCenter are described below. System requirements for other XenApp features, components, and related technologies are described in their respective system requirements documentation; that includes receivers, plug-ins and agents, Web Interface, Single Sign-on, Service Monitoring, EdgeSight, SmartAuditor, Application Session Recording, Provisioning Services, and Power and Capacity Management. To ensure the availability of XenApp 6.5 features and correct operation:q

Use the Citrix License Server Version 11.9 (minimum). Install the most recent version of any receivers, plug-ins, and agents you use. At the time of its release, XenApp 6.5 was tested with Receiver for Windows 3.0 (with plug-in 13.0). The Citrix Online Plug-in (Web and Full) 12.1 was also tested and can be used, but some XenApp 6.5 features will not be available.

q

You must be in the Administrators group to install and configure the XenApp server role. Elevating your privilege to local administrator through User Account Control is not a substitute for Administrators group membership. Important:q

Do not install XenApp on a domain controller. Citrix does not support installing XenApp on a domain controller. Do not join servers running this XenApp version to a deployment with servers running previous XenApp versions (including early release and Technical Preview versions). You must use the AppCenter from the 6.5 media to manage the XenApp 6.5 farm. Citrix does not support using a console from a previous XenApp release to manage XenApp 6.5 farms. (However, you can use the AppCenter from the XenApp 6.5 media to manage a XenApp 6.0 farm.) See Installing and Configuring XenApp for additional guidance, including tasks to complete before installing and configuring XenApp.

q

q

q

Deploying PrerequisitesDuring a wizard-based installation, the XenApp Server Role Manager (using the Server Role Installer) automatically installs XenApp prerequisites, as noted below. For command-line installations, you must install the prerequisite software and Windows roles before installing XenApp (except as noted). You can deploy prerequisites with PowerShell cmdlets, the Microsoft ServerManagerCmd.exe command, or the Microsoft Deployment Image Servicing and Management (DISM) tool.

34

System Requirements If installation of a required Windows role or other software requires a restart (reboot), restart the server before starting the XenApp server role installation.

XenApp Server RoleSupported operating systems: Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (Enterprise, Standard, Datacenter, and Foundation). Most servers running the supported operating systems meet the hardware requirements for XenApp with ample processing power to host user sessions accessing the published resources. However, additional research may be needed to determine if current hardware meets the requirements.q

CPU:q

64-bit architecture with Intel Pentium Xeon family with Intel Extended Memory 64 Technology AMD Opteron family AMD Athlon 64 family

q

q

q

q

Compatible processor Memory: 512MB RAM (minimum)q

q

Disk space: 32GB (minimum)

The XenApp Server Role Manager deploys the following software (except as noted), if it is not already installed:q

.NET Framework 3.5 SP1 (this is a prerequisite for the XenApp Server Role Manager; it is deployed automatically when you choose to add the XenApp server role from the Autorun menu) Windows Server Remote Desktop Services role (if you do not have this prerequisite installed, the Server Role Manager installs it and enables the RDP client connection option; you will be asked to restart the server and resume the installation when you log on again) Windows Application Server role Microsoft Visual C++ 2005 SP1 Redistributable (x64) Microsoft Visual C++ 2008 SP1 Redistributable (x64)

q

q

q

q

When you install the XenApp server role, XML and Internet Integration Service (IIS) integration is an optional component. When this component is installed, the Citrix XML Service and IIS share a port (default = 80). When this component is not installed, the Citrix XML Service defaults to standalone mode with its own port settings. You can change the port during or after XenApp configuration. The Server Role Installer checks for installed IIS role services and whether the component is selected or specified. For complete information, see Before Installing XenApp. The IIS role services are listed below.

35

System Requirementsq

Web Server (IIS) > Common HTTP Features > Default Document (selecting this automatically selects Web Server (IIS) > Management Tools > Management Console, which is not required or checked for XenApp installation) Web Server (IIS) > Application Development > ASP.NET (selecting this automatically selects Web Server (IIS) > Application Development > .NET Extensibility; although not checked for XenApp installation, ASP.NET requires .NET Extensibility) Web Server (IIS) > Application Development > ISAPI Extensions Web Server (IIS) > Application Development > ISAPI Filters Web Server (IIS) > Security > Windows Authentication Web Server (IIS) > Security > Request Filtering Web Server (IIS) > Management Tools > IIS 6 Management Compatibility (includes IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility, IIS 6 Scripting Tools, and IIS 6 Management Console)

q

q

q

q

q

q

If you plan to use Philips SpeechMike devices with XenApp, you may need to install drivers on the servers hosting sessions that record audio before installing XenApp. For more information, see Citrix information on the Philips web site.

AppCenterXenApp Management includes the AppCenter. By default, the AppCenter is installed on the same server where you install the XenApp server role; however, you can install and run the AppCenter on a separate computer. To install the AppCenter on a workstation, from the XenApp Autorun menu, select Manually Install Components > Common Components > Management Consoles. Supported operating systems:q

Windows Server 2008 R2, 64-bit edition, SP1 Windows Server 2008 R2, 64-bit edition Windows Server 2008 Enterprise, 32-bit edition, SP2 Windows Server 2003 R2, 32-bit and 64-bit editions Windows Server 2003, 32-bit and 64-bit editions, SP2 Windows 7 Enterprise, 32-bit and 64-bit editions, SP1 Windows Vista Enterprise, 32-bit and 64-bit editions, SP2 Windows XP Professional, 32-bit edition, SP3 Windows XP Professional, 64-bit edition, SP2

q

q

q

q

q

q

q

q

Requirements:

36

System Requirementsq

Disk space: 25MB Microsoft Management Console (MMC):q

q

For Windows Vista, Windows 7, Windows Server 2008 R2, and Windows Server 2008 R2 SP1: MMC 3.0 (installed by default)

For other supported Windows operating systems: MMC 2.0 or 3.0 The XenApp Server Role Manager deploys the following software, if it is not already installed:q q

Microsoft .NET Framework 3.5 SP1 Microsoft Windows Installer (MSI) 3.0 Microsoft Windows Group Policy Management Console Microsoft Visual C++ 2005 SP1 Redistributable (x64) Microsoft Visual C++ 2008 SP1 Redistributable (x64) Microsoft Visual C++ 2008 SP1 Redistributable Microsoft Visual C++ 2005 SP1 Redistributable Microsoft Primary Interoperability Assemblies 2005

q

q

q

q

q

q

q

If you install the AppCenter on a computer that previously contained the Microsoft Group Policy Management Console (GPMC) and a Citrix Delivery Services Console earlier than the version delivered with XenApp 6.0, you may also need to uninstall and reinstall the Citrix XenApp Group Policy Management Experience (x64) program in order to use the GPMC to configure Citrix policies.

Data Store DatabaseThe following databases are supported for the XenApp data store:q

Microsoft SQL Server 2008 Express R2 Microsoft SQL Server 2008 Express SP3 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 SP2 Microsoft SQL Server 2005 SP4 Oracle 11g R2 32-bit Enterprise Edition

q

q

q

q

q

Microsoft SQL Server 2008 Express can be deployed for you by the XenApp Server Configuration Tool when creating a XenApp farm.

37

System Requirements For information about the latest supported database versions, see CTX114501. For information about requirements, see Data Store Database Reference.

38

Design and PlanXenApp is the central software component of the Citrix Windows Application Delivery Infrastructure. The goals of XenApp and the Citrix Windows Application Delivery Infrastructure are to deliver on-demand applications to both physical and virtual desktops, and to determine and provide the best method of delivery. XenApp offers three methods for delivering applications to user devices, servers, and virtual desktops:q

Server-side application virtualization: applications run inside the Data Center. XenApp presents each application interface on the user device, and relays user actions from the device, such as keystrokes and mouse actions, back to the application. Client-side application virtualization: XenApp streams applications on demand to the user device from the Data Center and runs the application on the user device. VM hosted application virtualization: problematic applications or those requiring specific operating systems run inside a desktop on the Data Center. XenApp presents each application interface on the user device and relays user actions from the device, such as keystrokes and mouse actions, back to the application.

q

q

To provide these types of application delivery, you have many choices of deployment designs and XenApp features, which you can tailor for your users' needs. A typical process for planning a XenApp farm includes: 1. Becoming familiar with XenApp and XenApp Setup by creating a small, one-server or two-server test farm. 2. Deciding which applications to deliver to users. 3. Determining how you want to deliver applications - this includes testing and evaluating the applications and peripheral requirements. 4. Determining application to application communication, where to install the applications on XenApp servers, and which applications can be collocated. 5. Determining the number of servers you need for applications. 6. Determining the total number of servers you need for your farm and evaluating hardware requirements. 7. Creating the network infrastructure design. 8. Defining the installation processes. 9. Creating and testing a pre-production pilot farm based on your farm design. 10. Releasing the farm into production. To help you understand how a XenApp deployment delivers applications so you can complete planning tasks, consider the following diagram.

39

Plan

A XenApp deployment consists of three deployment groups: user device (represented in this diagram by Citrix Receiver), Access Infrastructure, and Virtualization Infrastructure.q

On the left of this diagram is Citrix Receiver, which represents the set of devices on which you can install client software. Citrix Receiver manages the client software that enables your users to interact with virtualized applications. When designing a XenApp deployment, you consider how your users work, their devices, and their locations. Access Infrastructure represents secure entry points deployed within your DMZ and provide access to resources published on XenApp servers. When designing a XenApp deployment, you provide secure access points for the different types of users in your organization. Virtualization Infrastructure represents a series of servers that control and monitor application environments. When designing a XenApp deployment, you consider how applications are deployed based on your user types and their devices, the number of servers you need, and which features you want to enable in order to provide the support, monitoring, and management your organization requires.

q

q

The following diagram shows the access infrastructure in greater detail.

40

Plan In this access infrastructure diagram:q

Citrix Receiver runs the applications. Onsite users within your corporate firewall interact directly with the XenApp Web and Services Site. Remote-site users access applications through sites replicated by Citrix Branch Repeater. Off-site users access applications though secure access, such as Access Gateway. The Merchandising Server makes available self-service applications to your users through Citrix Dazzle. The XML Service relays requests and information between the Access Infrastructure and the Virtualization Infrastructure.

q

q

q

q

q

The following diagram shows the virtualization infrastructure in greater detail.

In this virtualization infrastructure diagram:q

The XML service relays information and requests. Based on Active Directory profiles and policies, the XenApp servers invoke the correct application delivery type for the user. The XenApp servers provide server-side application virtualization and session management. Session and deployment configuration information are stored in data collectors and a central data store represented by the deployment data store. The App Hub provides Streamed Application Profiles, which are client-side virtualization applications housed in your enterprise storage. The VM Hosted Apps server isolates problematic applications inside a seamless desktop, which, depending on the user profile, can be virtualized on the user device or on the server. The desktop images are provisioned through Provisioning Server. Session and

q

q

q

41

Plan server configuration information are stored in the enterprise database.q

Provisioning Services delivers desktops to servers, which are stored as desktop images in your enterprise database. SmartAuditor provides session monitoring. Recorded sessions are stored in your enterprise storage and configuration information is stored in the deployment data store. Service Monitoring enables you to test server loads so you can estimate how many servers you need for your deployment and to monitor those servers once they are deployed. Power and Capacity Management enables you to reduce power consumption and manage server capacity by dynamically scaling the number of online servers. Single Sign-on provides password management for virtualized applications. Passwords are stored in the account authority.

q

q

q

q

42

Farm Terminology and Concepts

TerminologyThe XenApp planning documentation uses the following terminology: Multi-user environment An environment where applications are published on servers for use by multiple users simultaneously. Production farm A farm that is in regular use and accessed by users. Design validation farm A farm that is set up in a laboratory environment, typically as the design or blueprint for the production farm. Pilot farm A preproduction pilot farm used to test a farm design before deploying the farm across the organization. A true pilot is based on access by select users, and then adding users until all users access the farm for their everyday needs.

About InfrastructuresXenApp farms have two types of infrastructures:q

The virtualization infrastructure consists of the XenApp servers that deliver virtualized applications and VM hosted Applications, and XenApp servers that support sessions and administration, such as the data store, data collector, Citrix XML Broker, Citrix License Server, Configuration Logging database (optional), Load Testing Services database (optional), and Service Monitoring components. Access infrastructure consists of server roles such as the Web Interface, Secure Gateway (optional), and Access Gateway (optional) that provide access administration.

q

In small deployments, you can group one or more server functions together. In large deployments, you provide services on one or more dedicated servers. Factors other than size can affect how you group server functions. Security concerns, virtualized servers, and user load play a part in determining which functions can be collocated.

43

Design and Plan Typically, in larger farms, you segregate session and administrative functions onto distinct servers. For small farms, you might have one server hosting infrastructure functions and multiple servers hosting published applications. Small farms that require redundancy might have one or two servers hosting session and administrative functions. For example, in a small farm, the data store might be configured on the same server as the data collector and the XML Broker and, perhaps also the Citrix License Server and the Web Interface. Medium and large farms might group similar functions. For example, the XML Broker might be grouped with the data collector. In some larger deployments, each infrastructure service would likely have one or more dedicated servers. In large farms, the Citrix License Server and the Web Interface are typically hosted on separate servers.

About Virtualization InfrastructureThe virtualization infrastructure, which is the center of a XenApp deployment, concerns the following concepts: Application enumeration Application enumeration is when Citrix client software lists virtualized applications available on the XenApp servers. The client software transmits data to locate servers on the network and retrieves information about the published applications. For example, during enumeration, Citrix Receiver communicates through the Citrix XML Service with the XenApp server to determine applications available for that user. Application publishing To deliver an application to your users, whether virtualized on the desktop or the server, use the AppCenter to publish the application. Citrix Licensing A Citrix License Server is required for all XenApp deployments. Install the license server on either a shared or stand-alone server, depending on your farms size. After you install the license server, download the appropriate license files and add these to the license server. Data Store The data store is the database where servers store farm static information, such as configuration information about published applications, users, printers, and servers. Each server farm has a single data store. Data Collector A data collector is a server that hosts an in-memory database that maintains dynamic information about the servers in the zone, such as server loads, session status, published applications, users connected, and license usage. Data collectors receive incremental data updates and queries from servers within the zone. Data collectors relay information to all other data collectors in the farm.

44

Design and Plan By default, the data collector is configured on the first server when you create the farm, and all other servers configured with the controller server mode have equal rights to become the data collector if the data collector fails. When the zones data collector fails, a data collector election occurs and another server takes over the data collector functionality. Farms determine the data collector based on the election preferences set for a server. Applications are typically not published on the data collector. Zones A zone is a grouping of XenApp servers that communicate with a common data collector. In large farms with multiple zones, each zone has a server designated as its data collector. Data collectors in farms with more than one zone function as communication gateways with the other zone data collectors. The data collector maintains all load and session information for the servers in its zone. All farms have at least one zone, even small ones. The fewest number of zones should be implemented, with one being optimal. Multiple zones are necessary only in large farms that span WANs. Streaming Profiles You can deliver applications to users by either virtualizing them on the desktop (streaming) or by virtualizing them on the server (hosting). If you are virtualizing applications on the desktop, either streaming to the client or server, create a streaming profile server in your environment. To virtualize applications on the desktop, you create profiles of the application and then store the profile on a file or Web server. The profile consists of the manifest file (.profile), which is an XML file that defines the profile, as well as the target files, a hash key file, the icons repository (Icondata.bin), and a scripts folder for pre-launch and post-exit scripts. Web Interface The Web Interface is a required component in any environment where users access their applications using either Receiver or a Web browser. Install the Web Interface on a stand-alone computer; however, where resources are limited, the Web Interface is sometimes collocated with other functions. XenApp Web and XenApp Services Sites XenApp Web and XenApp Services sites (formerly known as Access Platform and Program Neighborhood Agent Services sites, respectively) provide an interface to the server farm from the client device. When a user authenticates to a XenApp Web or XenApp Services site, either directly or through Receiver or the Access Gateway, the site:q

Forwards the users credentials to the Citrix XML Service Receives the set of applications available to that user by means of the XML Service

q

Displays the available applications to the user either through a Web page or by placing shortcuts directly on the users computer Citrix XML Service and the Citrix XML Brokerq

The Citrix XML Broker functions as an intermediary between the other servers in the farm and the Web Interface. When a user authenticates to the Web Interface, the XML Broker: 45

Design and Planq

Receives the users credentials from the Web Interface and queries the server farm for a list of published applications that the user has permission to access. The XML Broker retrieves this application set from the Independent Management Architecture (IMA) system and returns it to the Web Interface. Upon receiving the users request to launch an application, the broker locates the servers in the farm that host this application and identifies which of these is the optimal server to service this connection based on several factors. The XML Broker returns the address of this server to the Web Interface.

q

The XML Broker is a function of the Citrix XML Service. By default, the XML Service is installed on every server during XenApp installation. However, only the XML Service on the server specified in the Web Interface functions as the broker. (The XML Service on other farm servers is still running but is not used for servicing end-user connections.) In a small farm, the XML Broker is typically designated on a server dedicated to several infrastructure functions. In a large farm, the XML Broker might be configured on one or more dedicated servers. The XML Broker is sometimes referred to as a Citrix XML Server or the Citrix XML Service. For clarity, the term XML Broker is used to refer to when the XML Service functions as the intermediary between the Web Interface and the IMA service, regardless of whether it is hosted on a dedicated server or collocated with other functions.

46

Farm Terminology and Concepts

TerminologyThe XenApp planning documentation uses the following terminology: Multi-user environment An environment where applications are published on servers for use by multiple users simultaneously. Production farm A farm that is in regular use and accessed by users. Design validation farm A farm that is set up in a laboratory environment, typically as the design or blueprint for the production farm. Pilot farm A preproduction pilot farm used to test a farm design before deploying the farm across the organization. A true pilot is based on access by select users, and then adding users until all users access the farm for their everyday needs.

About InfrastructuresXenApp farms have two types of infrastructures:q

The virtualization infrastructure consists of the XenApp servers that deliver virtualized applications and VM hosted Applications, and XenApp servers that support sessions and administration, such as the data store, data collector, Citrix XML Broker, Citrix License Server, Configuration Logging database (optional), Load Testing Services database (optional), and Service Monitoring components. Access infrastructure consists of server roles such as the Web Interface, Secure Gateway (optional), and Access Gateway (optional) that provide access administration.

q

In small deployments, you can group one or more server functions together. In large deployments, you provide services on one or more dedicated servers. Factors other than size can affect how you group server functions. Security concerns, virtualized servers, and user load play a part in determining which functions can be collocated.

47

Farm Terminology and Concepts Typically, in larger farms, you segregate session and administrative functions onto distinct servers. For small farms, you might have one server hosting infrastructure functions and multiple servers hosting published applications. Small farms that require redundancy might have one or two servers hosting session and administrative functions. For example, in a small farm, the data store might be configured on the same server as the data collector and the XML Broker and, perhaps also the Citrix License Server and the Web Interface. Medium and large farms might group similar functions. For example, the XML Broker might be grouped with the data collector. In some larger deployments, each infrastructure service would likely have one or more dedicated servers. In large farms, the Citrix License Server and the Web Interface are typically hosted on separate servers.

About Virtualization InfrastructureThe virtualization infrastructure, which is the center of a XenApp deployment, concerns the following concepts: Application enumeration Application enumeration is when Citrix client software lists virtualized applications available on the XenApp servers. The client software transmits data to locate servers on the network and retrieves information about the published applications. For example, during enumeration, Citrix Receiver communicates through the Citrix XML Service with the XenApp server to determine applications available for that user. Application publishing To deliver an application to your users, whether virtualized on the desktop or the server, use the AppCenter to publish the application. Citrix Licensing A Citrix License Server is required for all XenApp deployments. Install the license server on either a shared or stand-alone server, depending on your farms size. After you install the license server, download the appropriate license files and add these to the license server. Data Store The data store is the database where servers store farm static information, such as configuration information about published applications, users, printers, and servers. Each server farm has a single data store. Data Collector A data collector is a server that hosts an in-memory database that maintains dynamic information about the servers in the zone, such as server loads, session status, published applications, users connected, and license usage. Data collectors receive incremental data updates and queries from servers within the zone. Data collectors relay information to all other data collectors in the farm.

48

Farm Terminology and Concepts By default, the data collector is configured on the first server when you create the farm, and all other servers configured with the controller server mode have equal rights to become the data collector if the data collector fails. When the zones data collector fails, a data collector election occurs and another server takes over the data collector functionality. Farms determine the data collector based on the election preferences set for a server. Applications are typically not published on the data collector. Zones A zone is a grouping of XenApp servers that communicate with a common data collector. In large farms with multiple zones, each zone has a server designated as its data collector. Data collectors in farms with more than one zone function as communication gateways with the other zone data collectors. The data collector maintains all load and session information for the servers in its zone. All farms have at least one zone, even small ones. The fewest number of zones should be implemented, with one being optimal. Multiple zones are necessary only in large farms that span WANs. Streaming Profiles You can deliver applications to users by either virtualizing them on the desktop (streaming) or by virtualizing them on the server (hosting). If you are virtualizing applications on the desktop, either streaming to the client or server, create a streaming profile server in your environment. To virtualize applications on the desktop, you create profiles of the application and then store the profile on a file or Web server. The profile consists of the manifest file (.profile), which is an XML file that defines the profile, as well as the target files, a hash key file, the icons repository (Icondata.bin), and a scripts folder for pre-launch and post-exit scripts. Web Interface The Web Interface is a required component in any environment where users access their applications using either Receiver or a Web browser. Install the Web Interface on a stand-alone computer; however, where resources are limited, the Web Interface is sometimes collocated with other functions. XenApp Web and XenApp Services Sites XenApp Web and XenApp Services sites (formerly known as Access Platform and Program Neighborhood Agent Services sites, respectively) provide an interface to the server farm from the client device. When a user authenticates to a XenApp Web or XenApp Services site, either directly or through Receiver or the Access Gateway, the site:q

Forwards the users credentials to the Citrix XML Service Receives the set of applications available to that user by means of the XML Service

q

Displays the available applications to the user either through a Web page or by placing shortcuts directly on the users computer Citrix XML Service and the Citrix XML Brokerq

The Citrix XML Broker functions as an intermediary between the other servers in the farm and the Web Interface. When a user authenticates to the Web Interface, the XML Broker: 49

Farm Terminology and Conceptsq

Receives the users credentials from the Web Interface and queries the server farm for a list of published applications that the user has permission to access. The XML Broker retrieves this application set from the Independent Management Architecture (IMA) system and returns it to the Web Interface. Upon receiving the users request to launch an application, the broker locates the servers in the farm that host this application and identifies which of these is the optimal server to service this connection based on several factors. The XML Broker returns the address of this server to the Web Interface.

q

The XML Broker is a function of the Citrix XML Service. By default, the XML Service is installed on every server during XenApp installation. However, only the XML Service on the server specified in the Web Interface functions as the broker. (The XML Service on other farm servers is still running but is not used for servicing end-user connections.) In a small farm, the XML Broker is typically designated on a server dedicated to several infrastructure functions. In a large farm, the XML Broker might be configured on one or more dedicated servers. The XML Broker is sometimes referred to as a Citrix XML Server or the Citrix XML Service. For clarity, the term XML Broker is used to refer to when the XML Service functions as the intermediary between the Web Interface and the IMA service, regardless of whether it is hosted on a dedicated server or collocated with other functions.

50

Planning a Successful User ExperienceTwo key factors impact your users' satisfaction when working in a multi-user environment: how quickly sessions start, and how easily users can print.

Session Start-up TimesCertain factors can cause sessions to start slower than necessary.q

Printer autocreation policy settings - Consider limiting the number of printers that are autocreated if session start time is a factor. Network activities occurring independently of sessions - Operations such as logging on to Active Directory, querying Lightweight Directory Access Protocol (LDAP) directory servers, loading user profiles, executing logon scripts, mapping network drives, and writing environment variables to the registry, can affect session start times. Also, connection speed and programs in the Startup items within the session, such as virus scanners, can affect start times. Roaming profile size and location - When a user logs onto a session where Microsoft roaming profiles and home folders are enabled, the roaming profile contents and access to that folder are mapped during logon, which uses additional resources. In some cases, this can consume significant amounts of the CPU usage. Consider using home folders with redirected personal folders to mitigate this problem. Whether the data collector has sufficient resources to make load balancing decisions efficiently - In environments with collocated infrastructure servers, Citrix suggests hosting the Citrix XML Broker on the data collector to avoid delays. License server location - For WANs with multiple zones, where the license server is in relation to the zone.

q

q

q

q

Printing ConfigurationYour printing configuration directly affects how long sessions take to start and the traffic on your network. Planning your printing configuration includes determining the printing pathway to use, how to provision printers in sessions, and how to maintain printer drivers. Consider these recommendations:q

Use Citrix Universal printer drivers and the Universal Printer whenever possible. This results in fewer drivers and less troubleshooting. Disable the automatic installation of printer drivers, which is the default setting. Adjust printer bandwidth using XenApp policy rules, if appropriate.

q

q

51

Planning a Successful User Experienceq

If printing across a WAN, use the XenApp Print job routing policy rule to route print jobs through the client device. Test new printers with the Stress Printers utility, which is described in the Citrix Knowledge Center.

q

Choose printers that are tested with multiuser environments. Printers must be PCL or PS compatible and not host-based. The printing manufacturer determines whether printers work in a XenApp environment, not Citrix.

52

Farm Hardware ConsiderationsThe number of users a XenApp server can support depends on several factors, including:q

The servers hardware specifications The applications deployed (CPU and memory requirements) The amount of user input being processed by the applications The maximum desired resource usage on the server (for example, 90% CPU usage or 80% memory usage)

q

q

q

General recommendations for selecting and configuring farm hardware include:q

RAID - In multiprocessor configurations, Citrix recommends a RAID (Redundant Array of Independent Disks) setup. XenApp supports hardware and software RAID. Reducing hard disk failure - Hard disks are the most common form of hardware failure. You can reduce the likelihood of hardware failure with a RAID 1 (mirroring) and RAID 5 (striped set with distributed parity) configuration. If RAID is not an option, a fast Serial Attached SCSI (SAS) or a Small Computer System Interface (SCSI) Ultra-320 drive is recommended. Disk speed - Faster hard disks are inherently more responsive and might eliminate or curtail disk bottlenecks. Number of controllers - For quad or eight-way servers, Citrix recommends installing at least two controllers: one for the operating system and another to store applications and temporary files. Isolate the operating system as much as possible, with no applications installed on its controller. This principle also applies in small farms. If possible (assuming a multicore or multiprocessor system), install the operating system on a separate hard drive from XenApp and the applications. This prevents input/output bottlenecks when the operating system needs to access the CPU. Distribute hard drive access load as evenly as possible across the controllers. Dual-processor (dual-core) deployments combine overall efficiency and a lower total cost of ownership. However, once a system has a dual-core processor, implementing additional processors does not necessarily provide proportionate performance increases. Server scalability does not increase linearly with the number of processors: scalability gains level off between eight to sixteen CPU cores.

q

q

q

q

Hard disk partitions - Partition and hard-disk size depend on the number of users connecting to the XenApp server and the applications on the server. Because each users Remote Desktop Services profile is loaded on the server, consider that large numbers of user profiles can use gigabytes of disk space on the server. You must have enough disk space for these profiles on the server.

53

Planning for Applications and Server LoadsBefore you can determine how many servers you need in your farm and on which servers to install applications, decide which applications you want to deliver and how you want to deliver them. Consider these factors when defining your farms hardware and operating system configuration:q

Can I run the applications? Citrix recommends testing non-Vista-compliant applications before you publish them on your farm. Some non-Vista-compliant applications run using the Application Compatibility feature. How many users do I anticipate will want to connect to each application during peak and off-peak hours? Do I need to allocate servers for load balancing? Will users be accessing certain applications frequently? Do I want to publish all of these applications on the same server to facilitate session sharing and reduce the number of connections to a server? If you want to use session sharing, you might also want users to run applications in seamless windows. Will my organization need to provide proof of regulatory compliance for certain applications? Will any applications undergo a security audit? If you intend to use SmartAuditor to record sessions on these servers, install the SmartAuditor agent on these servers. In addition, make sure the servers have sufficient system resources to ensure adequate performance. Will any of my applications be graphically intensive? If so, consider using the XenApp SpeedScreen, Memory Utilization Management, or CPU Utilization Management features as well as more robust hardware for sessions hosted on these servers.

q

q

q

q

54

Assessing Applications for XenApp CompatibilityEnsure applications are compatible with the server operating system and are multiuser compatible. Application compatibility drives the application delivery method (for example, accessed from the server, streamed to server, or streamed to client desktops). Evaluate whether or not applications are compatible with multiuser environments and, if so, the application servers scalability. Before testing applications for compatibility, investigate how the application works with Remote Desktop Services or XenApp. Remote Desktop Services-compliant and Windows Logo certified applications experience few, if any, issues compared with noncompliant applications. Initial application compatibility testing typically involves publishing