MF/XP-FR1 (Nile)

(1)

MF/XP-FR1 (Nile)

Bruce Huber – Lead Systems Engineer

6/15/2001 Version 1.04

This work is an unpublished work and contains confidential, proprietary, and trade secret information of Citrix. Access to this work is restricted to Citrix employees who have a need to know to perform tasks within the scope of their assignments, or to authorized organizations under Non-disclosure. Any use or exploitation of this work without

authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer

This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Citrix makes no representations or warranties with respect to the contents of this document, and specifically

disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Citrix, reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify

any person or entity of such revisions or changes.

(2)

2

Citrix Confidential Features

New Capabilities

• Program Neighborhood Agent • Auto Client Reconnect

• NDS Support

• Content Publishing • DNS name resolution • NFuse 1.6

• Citrix Web Console

Security

• SSL Support for ICA

• Cookie Encryption in NFuse 1.6 • Secure Logout in NFuse 1.6

Performance & Usability • Client Printer Mapping • Thinwire

• MetaPrint

• MSI package for Win32 client

XP-FR1 (Nile) – XPs/a/e

Enterprise Management & Deployment (XPe only) • ICA Session Monitoring

• Enhanced Application Packaging and Delivery • Package Management

• Server Filtering • Reboot Control

• CA Unicenter TNG Plug-in

(3)

3

Citrix Confidential

3

Nile Pre-Release: Deliverables

Items Provided to Customers

• MF XP FR1 CD – Alpha Version

• Includes Evaluation License

• NFuse 1.6 CD – Alpha Version

• ICA Client CD – Alpha Version

• Nile Pre-Release Questionnaire in electronic format

• Latest Documentation and Readmes in electronic format

(4)

4

Citrix Confidential

4

Nile Pre-Release: Pre-Requisites

Pre-Requisites

• MF XP 1.0

• Be prepared with Evaluation copy if customer is not

already on XP.

• SSL

• Private/Public Certificates provided by a Certificate

Authority.

• Program Neighborhood Agent requires NFuse 1.6

• Citrix Web Console written in ASP 3.0

• Requires IIS 5.0 running on Win2k (will not work on

(5)

5

Citrix Confidential

5

Nile Pre-Release: Before You Start

Read the following

• Sp1-fr1_readme.txt, contains:

• Last-minute doc changes

• Details on how to setup/configure SSL and NDS

• Caveats/known issues for each feature.

• Fr1sp1_guide.pdf contains info on SOME of the Nile

features (this doc is not complete)

• Ignore all references to the “RAM Limit” feature in

both the Docs and the CMC. This feature will be removed prior to RTM.

(6)

6

Citrix Confidential

6

Program Neighborhood Agent

(7)

7

Citrix Confidential

Program Neighborhood Agent

Feature Summary

• Win32 only

• Alternative to Program Neighborhood • Applet lives in System tray

• Places app icons in system tray, start menu & desktop • XML based (Uses NFuse 1.6+ service)

• No client-side config required • Single farm access

• Single application set ONLY • No Custom Connections

(8)

8

Citrix Confidential

8

Program Neighborhood Agent

Client UIs

NFuse Web Server

Can also use Pass-through authentication

Apps show up in Programs\Published Applications

(9)

9

Program Neighborhood Agent

Client Configuration Control

• Items in Client Properties can be disabled by

Administrator

• Controlled via config.xml file on Web server

• Default location c:\Inetpub\wwwroot\Citrix\

(10)

10

Program Neighborhood Agent

Configuration

• Installed from Client CD

“ICAWeb” Folder

• Point to NFuse Web Server

(just provide server name during MSI install)

• CMC has new App Properties

settings

• These settings would

place the App icon under the user’s Start Menu->Programs\Citrix

(11)

11

Citrix Confidential

Auto Client Reconnect (ACR)

Feature Summary

• Does not reduce frequency of disconnects

• Auto-triggered when client detects network drop • Always reconnects to original session

• Host will forcibly disconnect if necessary

• If host detects drop - session disconnects normally • Configurable time window for a client ACR • Multiple ACR attempts are made

(12)

12

Citrix Confidential

Auto Client Reconnect (ACR)

Feature Summary

• User does not have to login when ACR is successful • Credentials stored in a server side table

• Encrypted RAM table

• Client gets key to credentials in a cookie • Cookie is one-time and transient

• Sent over ICA connection

(13)

13

ACR – Config – Host

(14)

14

Citrix Confidential

ACR – Config - Host

Feature Summary

• Configurable at farm level and server level

• Enable / Disable at host via CMC [ICA Settings]

(15)

15

ACR – Config - Client

Feature Summary

• Enable / Disable (manually) at client via INI file settings

• [WFClient] section

• TransportReconnectEnabled=0 to disable. Default = 1 (enabled).

• TransportReconnectDelay=n (in seconds) to configure how long to wait before reconnecting. Default = 30. • TransportReconnectRetries=n to configure how many

ACR attempts to make before failing. Default = 3.

(16)

16

ACR – Config – ACRCFG.EXE

Feature Summary

• Use ACRCFG /? for help.

• You can configure servers other than the one you’re working on

• Hidden switches:

• /DURATION controls the window for how long a

client may make an ACR attempt after the host detects a bad network drop

• /Q /ALL shows the hidden DURATION value in addition to the other stuff

(17)

17

Citrix Confidential

Application and Session Logon using NDS credentials

• NFuse, Program Neighborhood Agent, Program

Neighborhood, ALE and Custom Connections

17

(18)

18

NDS Support

Feature Summary

• We don’t store anything in the NDS tree • Only tested with Novell client 4.8

• REG settings required if install Novell client after MF • Enable by setting NDS Preferred Tree in CMC

• Can see NDS print queues

• For Pass-through authentication to work • Zenworks 3.0 on NDS server

• Novell client on MF server • Novell client on workstation

(19)

19

Citrix Confidential

19

NDS Support

Setup

• Perform Setup steps outlined

in Readme

• Enter Tree Name in CMC

Farm Properties Tab

• Publish to NDS Users in

(20)

20

NDS Support

Setup

• Publish to NDS

(21)

21

NDS Support

NDS Login Support for

• Program Neighborhood

• NFuse

• Program Neighborhood Agent (future: not yet

integrated)

Client Side:

• Client will Browse Tree for User’s contexts

• NetWare Client needs to be on machine for this

to Work

(22)

22

Content Publishing

(23)

23

Citrix Confidential

23

Content Publishing

Publish non-MetaFrame Media/Files

• Publish Files, Media Streams, URLs to NFuse or PN

Users

• Allows Administrators to Manage/Assign Content in

a similar manner as Published Applications

• Leverages Third-Party Players installed on Client

device

• Does not send content data via ICA

• Accessible via NFuse, Program Neighborhood Agent

or PN

• Done by using the App Publishing Wizard

(24)

24

Citrix Confidential

Content Publishing

Feature Summary

• Content = applications, files, urls, etc.

• Workstation app accesses data directly (no filecopy) • Published through Program Neighborhood interface

• Win32 and Program Neighborhood Agent clients can access

• Java and Win16 can use NFuse to access

• Max # of published content entries in farm ≈ 1000 • Content is published with same security as MF apps

(25)

25

Citrix Confidential

25

DNS Name Resolution

Setup

• CMC Farm Properties

• Checking this box means

that the server will return a DNS address unless asked not to

• Default is off (the server will

(26)

26

DNS Name Resolution

Feature Summary

• Server name resolution – (4 types) •IPV4

•IPV4-port •DNS

•DNS-port

• Protocols that can utilize •TCP/IP + HTTP

•XML Browsing •SSL

(27)

27

DNS Name Resolution

Feature Summary

• Server - default = OFF

• Server setting overrides clients if their DNS = OFF • NFuse - default = OFF

• PN client - default = ON

• To set server name resolution type for Client side: • APPSRV.INI file

• Set XMLAddressResolutionType • NFuse – TEMPLATE.ICA file

(28)

28

Citrix Confidential

28

(29)

29

(30)

30

(31)

31

(32)

32

NFuse 1.6

Feature Summary

• Message center gives useful error messages • New NFUSE.CONF file

• Allows for handling of multi-byte languages

• Properties file states location of NFUSE.CONF file • Manually edited file

• New Server Name Resolution Type set in here • Cookie Encryption

(33)

33

Citrix Confidential

33

(34)

34

Citrix Web Console

Feature Summary

• Login sequence:

• First hit an IIS login

(35)

35

Citrix Web Console

Feature Summary

• Uses new DCOM wrapper for IMA

• Leverages MFCOM SDK on MF server

• Must have a MF server that is also an IIS5 webserver • (Win2K only)

• Final release will support running on separate Web Server

• No Load Balanced access

• Must hit named server (because of ASP interface)

(36)

36

Citrix Confidential

Citrix Web Console

Feature Summary

• Virtual Directory on Web server under: Citrix\ WebConsole

• Scripts used in the tool are found here

• Look under IIS Manager WebConsole Virtual Directory Properties for more details

• Logon as Citrix Administrator

• Shows Sessions, Apps, Servers, etc. • Does not show Printers, etc.

• Does NOT allow farm, server or app config • DOES allow SESSION LOGOFF, etc.

(37)

37

Citrix Confidential

Citrix Web Console

Feature Summary

• New server service

• MetaFrame COM Services

• (should be set to start automatically) • DCOMCNFG utility

• Runs automatically during FR-1 install

• Custom configs service security to EVERYONE • IMA verifies security on backend

(38)

38

Citrix Web Console

Feature Summary

• IIS Services (property settings for WEB Console ONLY) • [Authentication] – Basic

• [Configuration] – App Debugging • (turn ON if you need to debug)

• [Custom Errors] – 500.100 HTTP Error

• We replace this with our own script file for handling ASP errors

• [Application Protection]

• Default to Low (IIS process)

• Least chance for access violations • Medium (Pooled)

(39)

39

SSL Support for ICA

Client Side

• Can set application set

properties to use “SSL + HTTPS” for SSL

• Can also do this with Custom

Connections

• Connection Center includes

(40)

40

SSL Support for ICA

Application Property

• This check box is a

“suggestion” only

• If checked, NFuse and

PN connections will be configured to use SSL.

• Can be bypassed by

(41)

41

SSL Support for ICA

Feature Summary

• Win32 client

• Requires IE5 128-bit secure on workstation • We leverage MS S-Channel SSL support • We also use it to store our Public SSL key

• Other tier-1 clients (Java, Linux, etc.)

(42)

43

SSL Support for ICA

Read the Readme!!!

• The Readme contains the data you need to set up

SSL Relay on MF server and SSL on client

• It also contains the caveats associated with SSL for

this release

• SSL Relay is configured on MF server

• Will not work with NFuse and MF on same server

(43)

44

Citrix Confidential

Client Printer Mapping

Feature Summary

• Enhancement increases the speed of the job getting to the Printer

• Network connections with >100ms latency • _{Two to Four times faster}

(44)

45

Citrix Universal Print Driver

New Printer Properties Dialog for CMC Printer Management Node

• For Auto-created Printers

Uses Settings in Citrix Connection Configuration Tool

Universal Print Driver Setting:

(45)

46

Citrix Universal Print Driver

Feature Summary

• Allows printing to unknown client printer

• Must be capable of accepting a bitmap image • Win32 Client ONLY for now

• Additional PCL DLL installed on workstation • Uses PCL-4 language

• 300 DPI max

• Monochrome only

• Limited set of printer forms

• Extended the ICA Virtual Channel Protocol • Requires new FR-1 Client AND Server

(46)

47

Citrix Confidential

47

Citrix Universal Print Driver

Client Side

• Auto-creation of User Printer occurs with session

• If CMC Setting says to use Both (“Universal” and

Native Print Driver)

• User will have both “printers” to choose from

• If CMC Setting says “Universal Driver Only”

• User will only get Universal Print Driver

• Non-PCL capable Printer users can see a substantial

reduction in print times

Flow of Data is:

• PCL job rendered on Server and sent to Client

• Client DLL converts PCL data to bitmaps and sends to

(47)

48

CMC Facelifts and Improvements

New License Summary Tab

Number of Servers with this type of License Number of Base Product Connection Licenses of this Type (XPe)

(48)

49

CMC Facelifts and Improvements

More Information in Details View of Servers Node

(49)

50

CMC Facelifts and Improvements

Better Organized and More Detailed Server Information Under Server Properties

New Default for this Dialog

Citrix-specific Information

(50)

51

Connection Control

Log over-the-limit denials to Event Viewer

Max number of connections per user

Enforce limit on Administrators

(51)

52

Connection Control

Max instances of this App for the Farm

Limit to once instance per user

Control CPU Priority for this App

Application Properties for Application Limits and CPU Priority Level (XPa

Customers Only)

(52)

53

Connection Control & CPU Prioritization

Feature Summary

• Tracks MF Published Apps – NOT .EXE’s

• Desktop access, and the same .EXE published multiple times under different names, would interfere in

attempting to use this feature for license enforcement • Limits Per User:

• Limit # of sessions

• Limit to a Single Instance of Pub App “XXX” • Limits Per farm:

• Limit # of Pub App “XXX” instances • CPU Constraints on Pub Apps

(53)

54

Citrix Confidential

54

Items Not Covered in Pre-release

• The following Slides cover features that are in Nile but are not part of this Pre-release Trial.

• These are all XPe features. The SLC team is running a separate Beta for the IM and NM enhancements.

• We are not including the ICA Session Monitoring

(54)

55

Citrix Confidential

ICA Session Monitoring

Feature Summary

• Added ICA protocol counters to PerfMon interface

• Available for use with any app that is capable of using the PerfMon API

• Session level

(55)

56

IM - Server Filtering

• Server Lists are intelligently filtered based on the job the user is doing

• During IM operations, the list is filtered to include

only servers that have IM installed on them

• When scheduling an install, the target server list is

filtered based on the package’s target operating system

• Benefit

• Makes target selection much easier, more

(56)

57

Citrix Confidential

57

IM - Package Management

• CMC user interface for grouping IM packages

• Functions are provided to add, modify and remove

folders

• Folders can contain multiple packages

• The same package can be presented in several

different folders

• Benefit

• Speeds use and reuse of packages, especially when

(57)

58

Citrix Confidential

58

IM - Reboot Control

• Enhanced user control over server reboot

• Admin can force a system reboot, even if one was

not recorded during package creation

• Customizable message to users about pending

reboot

• Control frequency and length of warning period • Selectable for each scheduled IM job

• Benefit

• Provides administrators with a powerful and

flexible vehicle for ensuring that reboot is

(58)

59

Citrix Confidential

59

CA Unicenter TNG Plug-in

• Adds support for CA Unicenter TNG

• Provides stretchable dialogs to CA as well as HP and Tivoli plug-ins

• Adds ability to launch multiple sub-dialogs in each plug-in

• Supports the existing MetaFrame XPe SNMP MIB for backward compatibility

• Benefit

• Provides CA users with the ability to administer

(59)

60

Citrix Confidential

Contact Info

(60)