Getting Started
Citrix
®MetaFrame XP
™Application Server for Windows, Version 1.0
Feature Release 3
Technology Preview Release
examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.
Copyright © 2002 Citrix Systems, Inc. All rights reserved.
Citrix, ICA (Independent Computing Architecture), and WinFrame are registered trademarks, and Citrix Solutions Network, MetaFrame, MetaFrame XP, NFuse, Program Neighborhood, and SpeedScreen are trademarks of Citrix Systems, Inc. in the United States and other countries.
RSA Encryption © 1996-1997 RSA Security Inc., All Rights Reserved.
Trademark Acknowledgements
Adobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries.
Apple, LaserWriter, Mac, Macintosh, Mac OS, and Power Mac are registered trademarks or trademarks of Apple Computer Inc.
DB2 is a registered trademark and PowerPC is a trademark of International Business Machines Corp. in the U.S. and other countries.
HP OpenView is a trademark of the Hewlett-Packard Company.
Java, Sun, and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Solaris is a registered trademark of Sun Microsystems, Inc. Sun Microsystems, Inc has not tested or approved this product.
Portions of this software are based in part on the work of the Independent JPEG Group.
Microsoft, MS-DOS, Windows, Windows NT, Win32, Outlook, ActiveX, and Active Directory are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corp. in the U.S. and other countries.
Novell Directory Services, NDS, and NetWare are registered trademarks of Novell, Inc. in the United States and other countries. Novell Client is a trademark of Novell, Inc.
Tivoli and NetView are registered trademarks of International Business Machines Corp. in the U.S. and other countries.
Unicenter is a registered trademark of Computer Associates International, Inc.
UNIX is a registered trademark of The Open Group.
All other trademarks and registered trademarks are the property of their owners.
Contents 3
Contents
Chapter 1 Quick Guide to the Technology Preview Release . . . 7
How to Use this Document . . . 7
What’s New in this Release . . . 8
Finding Out About New Features . . . 8
Using Draft MetaFrame Documentation . . . 9
Providing Feedback About this Guide. . . 9
Obtaining Technical Support for the Technology Preview. . . 10
Support by Email . . . 10
Online Technical support . . . 10
Chapter 2 Getting Started with MetaFrame XP with Feature Release 3 . . . 11
System Requirements. . . 11
System Requirements for MetaFrame XPe with Feature Release 3 . . . 12
Disk and Memory Requirements . . . 12
System Requirements for Network Manager Plug-ins . . . 12
Supported Databases for the MetaFrame XP Data Store . . . 13
Supported Directory Services . . . 14
Installing MetaFrame XP with Feature Release 3. . . 15
Licensing the Technology Preview Release . . . 15
New Features in Feature Release 3 Technology Preview . . . 16
Support for Microsoft Windows .NET Server 2003 . . . 16
Support for SQL Server 2000 Database Engine (MSDE) . . . 16
Enhanced Printing Capabilities . . . 16
SpeedScreen Browser Acceleration . . . 18
Simplified License Activation . . . 19
ICA Program Neighborhood Agent as the Pass-Through Client . . . 19
Citrix Management Console Usability Improvements . . . 19
Resource Manager New Features and Enhancements. . . 20
Improved Billing . . . 20
Apply to Folder Support. . . 20
SMTP Mail Support . . . 20
User-definable Installation . . . 21
Improved Snapshot Report . . . 21
Improved Server Restarting . . . 21
Summary Database Folders and Zones . . . 22
Improved SNMP Traps. . . 22
Alert on Yellow . . . 22
Support for MOM and WMI . . . 23
Citrix MetaFrame XP Management Pack for MOM 2000. . . 23
Citrix MetaFrame XP Provider for Microsoft WMI . . . 23
Chapter 3 New Versions of ICA Clients. . . 25
ICA Win32 Client . . . 25
Custom Window Shapes. . . 25
Minimal Installation ICA Win32 Web Client . . . 25
Auto Client Reconnect Enhancements . . . 26
Dynamic Client Name Support . . . 26
Certificate Revocation Checking . . . 26
Enhanced XML Error Messages . . . 26
ICA Java Client . . . 26
Seamless Support . . . 26
Content Redirection . . . 27
Reconnection to Arbitrary Sized Sessions . . . 27
Support for .Ins Files . . . 27
Enhanced XML Error Messages . . . 27
Smaller SSL Libraries . . . 27
ICA Macintosh Client (Version 6.30 for Mac OS X) . . . 27
Chapter 4 Getting Started with NFuse Classic. . . 29
System Requirements for NFuse Classic Version 1.8. . . 29
New Features in NFuse Classic Version 1.8 . . . 29
Support for Multiple MetaFrame Server Farms . . . 29
Private Certificate Authority . . . 30
SecurID Authentication Support . . . 30
ICA Java Client Session Sharing . . . 31
Security Protocols. . . 31
Auto Proxy . . . 31
WAR File Support . . . 31
Chapter 5 Getting Started with Enterprise Services for NFuse . . . 33
System Requirements for Enterprise Services for NFuse . . . 33
Supported Databases for Enterprise Services for NFuse. . . 33
New Features in Enterprise Services for NFuse Version 1.8 . . . 34
SecurID Authentication Support . . . 34
Contents 5
Authentication Configuration Improvements. . . 35
Enhanced Group Selection . . . 35
Embedded Client Support. . . 35
Primary Credentials . . . 36
Remote ID Management. . . 36
LDAP Failover . . . 36
Farm Refresh Options. . . 36
Chapter 6 Using Citrix Secure Gateway on Windows .NET Servers . . . 37
Installing the STA . . . 37
Step 1: Install IIS Version 6.0 . . . 37
Step 2: Install the STA . . . 38
Step 3: Set Permissions for %systemroot%\Inetpub\scripts. . . 38
Step 4: Add a New Web Services Extension to IIS for the STA . . . 39
Step 5: Modify Directory Security Settings for \inetpub\scripts . . . 40
Installing the Secure Gateway Service . . . 41
Step 1: Install the Secure Gateway Service . . . 42
Step 2: Install Hotfix CSGE110W001 . . . 42
If You Upgrade from Windows 2000 to .NET 2003 Server . . . 42
Installing Certificates on Windows .NET Server . . . 43
C
HAPTER1
Quick Guide to the Technology
Preview Release
Thank you for participating in this technology preview for Citrix MetaFrame XP for Windows with Feature Release 3.
How to Use this Document
Use this document to find information about:
• The new components and features that are included in the technology preview release of MetaFrame XP with Feature Release 3.
• How to access new features for evaluation during the technology preview. • How to use this documentation and access email and online support for this
technology preview release. To go straight to details about technical support, see “Obtaining Technical Support for the Technology Preview” on page 10.
This document explains how to access and start to use the new features in MetaFrame XP with Feature Release 3. The document also includes details of which items may vary from Feature Release 2 (for example, system requirements) and should be your primary resource for getting started with the MetaFrame XP with Feature Release 3 technology preview release.
What’s New in this Release
The technology preview for Citrix MetaFrame XP for Windows with Feature Release 3 includes a full release of Citrix MetaFrame XP and all components. The following software components are new or updated for Feature Release 3:
Available from the MetaFrame XP Server CD:
MetaFrame XP with Feature Release 3
(all MetaFrame XP family levels; both Windows 2000 Server and Windows .NET 2003 Server versions; including Service Pack 3 for MetaFrame XP)
Available from the MetaFrame Components CD:
Citrix ICA Clients 7.0 for Win32 and Java Citrix ICA Client 6.30 for Mac OS X NFuse Classic 1.8
Enterprise Services for NFuse 1.8
Citrix Secure Gateway 1.1 for Solaris and Windows
MetaFrame XP Management Pack for Microsoft Operations Manager 2000 (installed with MetaFrame XPe)
Finding Out About New Features
This document provides an overview of the new features in the technology preview release, and is intended to get you started using MetaFrame XP with Feature Release 3 for evaluation and testing.
To learn: See:
About the new features in MetaFrame XP with Feature Release 3, and how to install and configure the technology preview release.
The chapter “Getting Started with MetaFrame XP with Feature Release 3” on page 11 of this document.
How to access and configure new features in
NFuse Classic 1.8. The chapter “Getting Started with NFuse Classic” on page 29 of this document.
How to configure new features in ICA Clients
7.0 for Windows 32 and Java. The chapter “New Versions of ICA Clients” on page 25 of this document. How to access and configure new features in
Chapter 1 Quick Guide to the Technology Preview Release 9
Using Draft MetaFrame Documentation
Full documentation for Feature Release 3 is available in draft form only for the technology preview. This information has not been tested and verified. Some Feature Release 3 features may not yet be fully documented and some documents may not have been updated since Feature Release 2. Some online Help in the software may include Feature Release 3 information in draft form. This information has not been tested and verified.
Citrix recommends that you use this Getting Started guide as your primary documentation resource for learning about and accessing new features in the technology preview release, and unless otherwise specified, use the remainder of the supporting documentation set for conceptual information and for details about features included in MetaFrame XP with Feature Release 2 or earlier.
The MetaFrame documentation is available from the Docs directory of the MetaFrame XP CD and various Docs directories on the Components CD.
Providing Feedback About this Guide
We strive to provide accurate, clear, complete, and usable documentation for Citrix products. If you have any comments, corrections, or suggestions for improving our documentation, we want to hear from you.
You can send e-mail to the documentation authors at [email protected]. Please include “MetaFrame XP with Feature Release 3 Technology Preview” in your message.
How to configure Citrix Secure Gateway 1.1 for Windows to run on the Microsoft Windows .NET Server platform.
The chapter “Using Citrix Secure Gateway on Windows .NET Servers” on page 37 of this document.
About the ICA Client 6.30 for Mac OS X. The chapter “New Versions of ICA Clients” on page 25 of this document.
And,
The Client Administrator’s Guide for the Macintosh OS X client version 6.30, on the MetaFrame XP Component s CD. About the MetaFrame XP Management Pack
for Microsoft Operations Manager 2000. The chapter “Getting Started with MetaFrame XP with Feature Release 3” on page 11 of this document.
Obtaining Technical Support for the Technology Preview
During your evaluation of this product, we invite you to provide feedback, ask questions, and report problems by email or the online message boards.
Support by Email
During your evaluation of this product, we invite you to provide feedback, ask questions, and report problems by email at:
We will attempt to respond to all questions within 48-72 hours.
Online Technical support
C
HAPTER2
Getting Started with MetaFrame XP
with Feature Release 3
You can deploy this technology preview release of Feature Release 3 as a complete installation of MetaFrame XP only; upgrades from previous releases of MetaFrame are not supported. Upgrading from previous versions of Citrix Secure Gateway, NFuse Classic, or Enterprises Services for NFuse is not supported.
Feature Release 3 includes all of the functionality and fixes previously released with Feature Release 2 and Service Pack 2. Citrix recommends that you pilot the technology preview release in server farms made up of servers running MetaFrame XP Feature Release 2 or Service Pack 2.
Important Do not install this technology preview release in production environments. Use this release for testing purposes only.
System Requirements
MetaFrame XP with Feature Release 3 can be run only on the following operating systems:
• Microsoft Windows 2000 Server • Windows 2000 Advanced Server • Windows 2000 Datacenter Server
• Windows .NET Server 2003 (Release Candidate 1)
System Requirements for MetaFrame XPe with Feature
Release 3
Windows 2000 Server and Advanced Server. Microsoft recommends a 166MHz or faster Pentium-compatible processor, 256MB of RAM, and a 2GB hard drive with at least 1GB of free space.
Windows 2000 Datacenter Server. Microsoft recommends an eight-way or greater array of Pentium III Xeon processors, 256MB of RAM, and a 2GB hard drive with at least 1GB of free space.
Windows .NET Server 2003 (Release Candidate 1). Microsoft recommends a
550MHz or faster Pentium-compatible processor, 256MB of RAM, and a 2GB hard drive with at least 1.5GB of free space.
Disk and Memory Requirements
In addition to the Windows operating system requirements for your server, use the following guidelines for MetaFrame XP:
• 250MB on the hard drive for installing the MetaFrame XPe family level • 150MB on the hard drive for installing all ICA Client software
System Requirements for Network Manager Plug-ins
You can use the Network Manager plug-in on the following platforms and with the following management consoles:
• Tivoli NetView 6.0 for Windows NT (with Service Pack 5 or higher) or Windows 2000 (with Service Pack 1 or higher).
Network Manager does not support any form of multi-tier management, such as the Tivoli Mid-Level Manager. You cannot use Network Manager with the Java administration console for Tivoli NetView. If Tivoli NetView is deployed in client-server mode, you cannot install the Network Manager plug-in on the NetView client.
Chapter 2 Getting Started with MetaFrame XP with Feature Release 3 13
• CA Unicenter TNG 2.4.2 for Windows NT (with Service Pack 5 or higher) or Windows 2000 (with Service Pack 1 or higher), using either the 2D or 3D WorldView.
• CA Unicenter TND 3.1 for Windows NT (with Service Pack 5 or higher) or Windows 2000 (with Service Pack 1 or higher), using either the 2D or 3D WorldView.
The Agent Common Services and Windows NT Enterprise Manager must be installed, and the Security Management (secadmin) and trap daemon (catrapd) agents must be active. The Distributed State Machine (DSM), Enterprise Manager, and WorldView can be installed on separate computers.
Supported Databases for the MetaFrame XP Data Store
The following database products and versions are supported to host the MetaFrame XP server farm data store.
• Microsoft Access and SQL Server 2000 Desktop Engine (MSDE), which are suitable for all small and many medium-sized environments
• Microsoft SQL Server, Oracle, and IBM DB2, which are suitable for any size environment and are especially recommended for all large and enterprise environments
SQL Server 2000 Desktop Engine (MSDE)
To use the MSDE database engine to host the MetaFrame XP server farm’s data store, select the MSDE option when you run MetaFrame Setup.
When you select the MSDE option during MetaFrame Setup, the setup program installs the MSDE database engine and creates a named instance called
“CITRIX_METAFRAME” in which the database information is stored locally. If you already installed MetaFrame XP with Feature Release 3 and you want to use the MSDE database engine to host the server farm’s data store, or you want to migrate the data store to use MSDE, you can install the engine using the Windows Installer package included on the MetaFrame CD. Run MSDE for MetaFrame.MSI, available on the MetaFrame CD in the MSDE for MetaFrame directory. You can then run the dsmaint command to migrate your database to MSDE.
Microsoft Access
Microsoft SQL Server
• Microsoft SQL Server 7
• Microsoft SQL Server 7 with Service Pack 2 or Service Pack 3 • Microsoft SQL Server 2000
• Microsoft SQL Server 2000 with Service Pack 2
Oracle
• Oracle 7, Version 7.3.4 for Windows NT • Oracle 8, Version 8.0.6 for Windows NT
• Oracle8i, Version 8.1.5, 8.1.6 or 8.1.7 for Windows NT and 8.1.6 for Solaris • Oracle9i, Enterprise Edition and Release 2 for Windows NT
Install the Oracle Net8 client version 8.1.5.5 or later and ODBC drivers provided by Oracle on each MetaFrame XP server that will directly access the database server. The MetaFrame farm’s data store is stored as an object (schema) assigned to a user. You do not need a separate database for each data store; create a separate tablespace for each farm’s data store.
IBM DB2
IBM DB2 Universal Database Enterprise Edition Version 7.2 with FixPak 5 or later for Windows 2000
Install the IBM DB2 Run-Time Client and apply FixPak 5 or later on each MetaFrame XP server that will directly access the database server. If you have multiple MetaFrame XP farms, create a separate database/tablespace for each farm’s data store.
Supported Directory Services
You can use MetaFrame XP with Feature Release 3 with the following directory services:
Chapter 2 Getting Started with MetaFrame XP with Feature Release 3 15
Installing MetaFrame XP with Feature Release 3
You can deploy this technology preview of Feature Release 3 as a complete installation of MetaFrame XP only; upgrades from previous releases of MetaFrame are not supported. Upgrading from previous versions of Citrix Secure Gateway, NFuse Classic, or Enterprises Services for NFuse is not supported.
Important Windows Installer Version 1.1 is installed by default with Windows 2000. You must install Windows Installer Version 2.0 or later on the server before you install MetaFrame XP. Unrecoverable errors have been encountered when attempting to install MetaFrame XP on a server running Windows Installer Version 1.1. These errors may require you to reinstall the server operating system.
You can download the latest version of Windows Installer from the Microsoft Web site at http://www.microsoft.com. Version 2.0 of Windows Installer is included on the MetaFrame XP CD in the directory \Support\MSI20.
To begin MetaFrame XP with Feature Release 3 Setup
1. Exit all applications.
2. Insert the MetaFrame XP CD-ROM into the CD-ROM drive. If your CD-ROM drive supports Autorun, the MetaFrame XP splash screen appears.
3. Click Install or Update MetaFrame.
4. Click MetaFrame XP Feature Release 3 to install MetaFrame XP and Feature Release 3.
5. Click MetaFrame XP Service Pack 3 to install Service Pack 3 only.
When MetaFrame XP Setup begins, a series of information pages and dialog boxes ask you to select options and configure MetaFrame XP. Click Next to continue after you complete each entry. If you want to return to a previous page to make changes, click Back. If you click Cancel, Setup stops without finishing.
Licensing the Technology Preview Release
Please read the End User License Agreement before installing and licensing this software. The technology preview release includes a 90-day evaluation license. The evaluation copy of Enterprise Services for NFuse included in the technology preview will cease to operate on the 15th of April, 2003.
New Features in Feature Release 3 Technology Preview
This technology preview release of MetaFrame XP with Feature Release 3 includes the following new features and enhancements.
Support for Microsoft Windows .NET Server 2003
All family levels of MetaFrame XP with Feature Release 3 - MetaFrame XPe, MetaFrame XPa, and MetaFrame XPs - run on Microsoft’s latest version of the Windows server operating system.
All MetaFrame XP components - NFuse Classic, Enterprise Services for NFuse, and Citrix Secure Gateway - run on Windows .NET Server 2003.
Important When using the technology preview release of MetaFrame XP with Feature Release 3 on Windows .NET servers, you must add the Everyone identifier to the Remote Desktop Users group. If you do not add the Everyone identifier on MetaFrame XP servers running on Windows .NET, only administrators are able to connect.
You can add the Everyone identifier to the Remote Desktop Users group using Computer Management. Complete this task after you install MetaFrame XP with Feature Release 3 on the Windows .NET server.
Support for SQL Server 2000 Database Engine (MSDE)
You can use SQL Server 2000 Desktop Engine (MSDE) to host the MetaFrame XP server farm’s data store. MSDE is suitable for use in small MetaFrame farms. To use the MSDE database engine to host the MetaFrame XP server farm’s data store, select the MSDE option when you run MetaFrame Setup.
Enhanced Printing Capabilities
MetaFrame XP with Feature Release 3 includes the following enhancements to printing.
• Color and high-resolution printing with the Universal Print Driver. Users printing with the Universal Print Driver can now print to color and high-resolution printers (up to 600 dots per inch). This feature can be used only with Version 7.0 of the ICA Win32 Client.
Chapter 2 Getting Started with MetaFrame XP with Feature Release 3 17
Enabling Automatic Installation of Print Drivers
Carry out the following tasks to enable automatic installation of allowed print drivers for auto-created client and network printers.
To enable automatic installation of allowed print drivers
1. In Citrix Management Console, right-click Printer Management and select
Properties.
2. On the Properties dialog box, click Drivers in the left pane.
3. To automatically install print drivers for auto-created network printers, select
Automatically install native drivers for auto-created client and network printers.
Enabling the Feature Release 3 Universal Print Driver
When you use the Citrix Universal Print Driver, the new printing capabilities introduced in Feature Release 3 are not automatically enabled. To enable Feature Release 3 Universal Print Driver functionality, you must modify an entry in the registry value “Driver List” on the MetaFrame XP with Feature Release 3 server. The updated Universal Print Driver included in this technology preview release is alpha-quality software. This feature has undergone limited testing and should only be used for testing and evaluation purposes.
To enable Feature Release 3 Universal Print Driver functionality
1. Verify that the Universal Print Driver is enabled.
• In Citrix Management Console, right-click Printer Management and select
Properties.
• On the Properties dialog box, click Drivers in the left pane and select the appropriate option in the Printer Drivers group box.
2. Run regedit at a command prompt.
CAUTION Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it. If you are running Windows NT, make sure you also update your Emergency Repair Disk.
3. Locate the registry value “Driver List” in:
4. Add the entry “;PCL5c” to the end of the list of drivers. Be sure to add the semi-colon in front of the entry.
5. Exit regedit.
SpeedScreen Browser Acceleration
SpeedScreen Browser Acceleration introduces major performance improvements for users connecting to applications that embed JPEG and GIF images within MSHTML pages. Supported applications are Internet Explorer (Version 5.5 or later), Microsoft Outlook, and Outlook Express published on a MetaFrame XP server.
Note Users must be running Version 7.0 of the ICA Win32 Client to realize the SpeedScreen Browser Acceleration improvements.
SpeedScreen Browser Acceleration requires less bandwidth and allows users running the supported applications to interact with the browser while graphically-rich pages or large images are being downloaded. When the SpeedScreen Browser Acceleration feature is enabled, the user’s browsing experience is improved by the following functionality:
• Background image delivery. Users can now click Back and Stop while images are being downloaded from Web sites.
• Progressive drawing. JPEG images begin to appear in the browser before they are completely downloaded, allowing users to interact with them without having to wait until they are completely downloaded.
• Responsive scrolling. Users can now scroll Web pages before any image content is served. Images continue to be downloaded while users interact with the browser.
• JPEG image recompression. You can select the amount of lossy compression to be applied to JPEG images. When you apply compression, JPEG images are downloaded more quickly on low-bandwidth connections such as dial-up, wireless, or satellite.
You can enable SpeedScreen Browser Acceleration for individual MetaFrame servers or for an entire MetaFrame XP server farm.
To enable SpeedScreen Browser Acceleration
1. In Citrix Management Console, right-click a server or server farm and select
Properties.
Chapter 2 Getting Started with MetaFrame XP with Feature Release 3 19
Simplified License Activation
Run the mlicense command line utility to add and activate multiple electronic licenses in your server farm. Type mlicense at a command prompt. Detailed instructions are displayed onscreen.
ICA Program Neighborhood Agent as the Pass-Through Client
You can choose to install the ICA Program Neighborhood Agent on the MetaFrame server during MetaFrame Setup. You can allow users to connect to the server desktop and use the functionality of the Program Neighborhood Agent.
To enable Pass-Through Authentication (passing the user’s Windows credentials) in the Program Neighborhood Agent, set the logon mode to Pass-through
authentication.
If you install NFuse Classic and the Program Neighborhood Agent on the
MetaFrame server, the Program Neighborhood Agent automatically connects to the instance of NFuse Classic installed on the MetaFrame server.
Citrix Management Console Usability Improvements
Citrix Management Console includes the following usability improvements. • Improved navigation. In lists of users and groups, you can navigate to items by
typing the first few letters of the user or group name. The total count of items in a list is displayed in the console’s task bar. If you change the view in the console to Details, this view remains until you close the console or change to another view.
• Summary of server farm information. Aggregate information about a server farm is displayed on a farm summary page. In Citrix Management Console, right-click the server farm and select Properties. Click Information in the left pane.
• ICA Keep-Alive settings. You can now set intervals for ICA Keep-Alives for your entire MetaFrame server farm or for select servers. Right-click your farm or a server in the farm and select Properties. Click ICA Keep-Alive in the left pane.
• Launch an ICA desktop session to the MetaFrame server. You can launch an ICA session from within Citrix Management Console. Right-click the server to which you want to connect and select Launch ICA Desktop Session.
• Support for Sun Java Runtime Environment Version 1.4.1. Citrix
Resource Manager New Features and Enhancements
Resource Manager includes the following new features and enhancements. Resource Manager is included with MetaFrame XPe.
Improved Billing
Set fee groups, currency profiles, and billing profiles. You can save, edit, and create different fee groups and apply them to different cost centers at configurable times of the day. You can also apply multiple currencies.
You can create a custom Citrix administrator account that allows access to billing only. Use the delegated administration feature of MetaFrame to configure the custom account.
To use the new billing interface, you must create at least one billing profile.
To create a billing profile
1. In Citrix Management Console, click Resource Manager.
2. On the Billing tab, click Fee Profiles and then click New in the Fee Profiles
dialog box.
3. Use the New Fee Profile wizard to create the profile.
4. When you are done, click Finish. The new profile is available when you create billing reports.
Apply to Folder Support
When making changes to metric settings or application settings across servers, you can apply to a folder structure, previously defined in the Citrix Management Console. Selecting servers is now much more intuitive.
You can apply changes to: • A single server • An entire folder • Groups of folders
Use the new check boxes to select multiple servers. Selecting the check box next to a folder selects all of the servers in the folder.
SMTP Mail Support
Chapter 2 Getting Started with MetaFrame XP with Feature Release 3 21
To configure Resource Manager to use SMTP
1. In Citrix Management Console, right-click Resource Manager and select
Properties.
2. On the Properties dialog box, select Use SMTP to send email alerts.
User-definable Installation
You can specify where the local Resource Manager database is installed during Setup. You can set up the storage elements of the local database.
Improved Snapshot Report
More problem solving information is now displayed in the snapshot report. The report shows the processes using more than 5% of the processor or memory and shows highest resource usage by user.
To create a snapshot report
1. In Citrix Management Console, click Resource Manager. 2. On the Reports tab, click Server Snapshot.
3. Select the server for which you want to generate the report. 4. Enter the date and time you want the report to be generated. 5. Click Generate.
Improved Server Restarting
You can prevent users from logging on for a period of time before the server restarts.
To prevent users from logging on before the server restarts
1. In Citrix Management Console, right-click the server you want to restart and click Properties.
2. In the server Properties dialog box, click Reboot Schedule and then click
Reboot Options.
3. Select the time interval during which you want to prevent users from logging on from the Disable Logons list.
Report Printing
Print reports that you generate in Resource Manager, including billing reports. You can apply scaling options to fit wide reports onto a single sheet of paper.
To print a report
1. In Citrix Management Console, generate the report you want to print. 2. In the report dialog box, select Print Displayed Report from the File menu.
Summary Database Folders and Zones
You can produce Summary Database reports on groups of servers that you previously defined using the Citrix Management Console. You can monitor and assess the performance of the server groups, allowing new hardware requirements to be addressed.
Improved SNMP Traps
The single “trapAlert” SNMP trap for Resource Manager has been replaced with the following five new traps:
• trapServerDown - The Resource Manager server is down
• trapMetrictoGreen - The metric on the Resource Manager server has changed to green status
• trapMetricGreenToYellow - The metric on the Resource Manager server has changed from green status to yellow status
• trapMetricRedtoYellow - The metric on the Resource Manager server has changed from red status to yellow status
• trapMetricToRed - The metric on the Resource Manager server has changed to red status
If you previously created management console scripts that use the old trap, you must update them to use one or more of the new traps.
Alert on Yellow
You can configure Resource Manager to raise an alert when a yellow threshold is crossed, allowing you to proactively fix problems before they arise.
To configure alerts
1. In Citrix Management Console, select the server for which you want to configure alerts and then click the Resource Manager tab.
Chapter 2 Getting Started with MetaFrame XP with Feature Release 3 23
3. On the Server Metrics Properties dialog box, click the Alerts configuration
tab. You can configure Email, SMS, or SNMP alerts to be sent on: • Transition up to yellow
• Transition down to yellow • Transition up to red • Transition down to green
Support for MOM and WMI
MetaFrame XPe includes support for the management technology that integrates the monitoring of Citrix MetaFrame XPe servers and server farms into Microsoft Operations Manager (MOM) 2000, the latest network and server management tool from Microsoft.
The Citrix MetaFrame XP Management Pack for MOM, in conjunction with the Citrix MetaFrame XP Provider for Microsoft Windows Management
Instrumentation (WMI), an agent installed on each MetaFrame XP server, allows you to monitor the health and performance of MetaFrame XP servers and underlying Microsoft Windows servers using the MOM environment.
Citrix MetaFrame XP Management Pack for MOM 2000
The Citrix MetaFrame XP Management Pack is a plug-in for MOM that you can use to monitor the health and availability of MetaFrame XPe servers and server farms. MOM provides real-time event and performance monitoring and includes an extensive knowledge base, with links to Citrix Knowledge Base articles and other sources of information.
Citrix MetaFrame XP Provider for Microsoft WMI
Windows Management Instrumentation (WMI) is the standard management infrastructure included as part of Microsoft Windows 2000 and Windows XP. The Citrix MetaFrame XP Provider for WMI supplies the information about MetaFrame XPe servers and server farms that is displayed in the Citrix MetaFrame XP Management Pack for MOM.
C
HAPTER3
New Versions of ICA Clients
MetaFrame XP with Feature Release 3 includes the ICA Clients. You can find ICA Client setup files and documentation on the MetaFrame Components CD.
The technology preview release of Feature Release 3 includes Version 7.0 of the ICA Win32 Client and the ICA Java Client, and the latest supported releases of the remaining ICA Clients. This release also includes Version 6.30 of the ICA
Macintosh Client, developed specifically for the Mac OS X operating system.
ICA Win32 Client
The technology preview release of Version 7.0 of the ICA Win32 Client includes the following new features and enhancements.
Custom Window Shapes
The ICA Win32 Client now supports custom window shapes. This improvement provides the appearance of rounded corners in seamless application windows to integrate more cleanly into Windows XP-themed desktops, such as the default Luna theme.
Minimal Installation ICA Win32 Web Client
Core ICA Win32 Client functionality is available in an ActiveX control. The ActiveX control is packaged into a .Cab file (wficac.cab) and can be used with Internet Explorer 5.0 and higher. Use this client in situations where a smaller download is required, and where options such as audio or COM port mapping are not required.
Auto Client Reconnect Enhancements
The Auto Client Reconnect feature has been improved for the ICA Win32 Clients. If network problems cause a user’s session to be disconnected, the client attempts to reconnect indefinitely, unless the reconnection process is cancelled by the user.
Dynamic Client Name Support
The ICA Win32 Clients now support dynamic client names. By default, the client name is set to the machine name when the client software is installed, and is updated if the machine name changes.
Certificate Revocation Checking
When connecting to a MetaFrame XP server using SSL or TLS, the ICA Win32 Clients check whether or not the server’s certificate has been revoked.
Enhanced XML Error Messages
Messages are improved to provide better information for diagnostic troubleshooting.
ICA Java Client
The technology preview release of Version 7.0 of the ICA Java Client includes the following new features and enhancements.
Seamless Support
Includes support for seamless windows, session sharing, and the Connection Center utility. If you are running the Java client from NFuse 1.8, select the “Seamless windows” option from the NFuse Classic GUI.
If you are not using NFuse Classic, edit the HTML page as follows: • To enable seamless, set the following applet parameter:
<param name=“TWIMode” value=“on”>
• To configure Connection Center, specify a different applet class: code=com.citrix.ConnectionCenter
instead of:
Chapter 3 New Versions of ICA Clients 27
If you are using the component archives, specify the JICA-seamless archive, and the JICA-conncenter archive in the list of archives. When using the JICAEng archive the seamless and Connection Center functionalities are included.
Content Redirection
The ICA Java Client supports redirecting the opening of content from server to client.
Reconnection to Arbitrary Sized Sessions
Users can reconnect to sessions of a size different from the fixed size applet panel. When the reconnected session is smaller than the applet panel, the session is centered within the applet panel. When the reconnected session is larger than the applet panel, the session is displayed in a separate window and the applet panel contains only explanatory text.
Support for .Ins Files
Ins files are similar to .Ini files and are scanned for proxy auto-configuration (PAC) file entries.
Enhanced XML Error Messages
Messages are improved to provide better information for diagnostic troubleshooting.
Smaller SSL Libraries
The smaller SSL libraries in the Java Client reduce download time.
ICA Macintosh Client (Version 6.30 for Mac OS X)
Version 6.30 of the ICA Macintosh Client is an ICA Client developed specifically for the Mac OS X operating system, providing native connectivity to MetaFrame servers for Macintosh users. It adheres to the new Aqua user interface features and behaviors to offer a user experience consistent with other applications running on Mac OS X.
C
HAPTER4
Getting Started with NFuse Classic
MetaFrame XP with Feature Release 3 includes NFuse Classic Version 1.8. You can install NFuse Classic on the MetaFrame XP server during MetaFrame Setup, or you can install NFuse Classic on a separate Web server. NFuse Classic Setup files and more detailed documentation are included on the MetaFrame Components CD in the NFuse directory.
System Requirements for NFuse Classic Version 1.8
You can use NFuse Classic on the following platforms and Web servers: • Internet Information Services 6.0 on Windows .NET Server 2003
• Internet Information Services 5.0 on Windows 2000 Server with Service Pack 3 • Apache Tomcat 4.0.5 (Redhat Linux 7.3, Solaris 8)
New Features in NFuse Classic Version 1.8
The technology preview of NFuse Classic Version 1.8 includes the following new features and enhancements.
Support for Multiple MetaFrame Server Farms
To configure support for multiple MetaFrame server farms
1. In the NFuse Classic Admin tool, click Manage Farms to open the new Manage MetaFrame Farms page and create multiple MetaFrame farms. 2. Select a farm from the list in the Server Settings menu.
3. Configure each farm on the MetaFrame Servers page.
Private Certificate Authority
This feature allows you to use a private Certificate Authority with the ICA Java Client.
To configure the ICA Java Client to use a private Certificate Authority
1. In the NFuse Classic Admin tool, go to the ICA Client deployment page. 2. Select Use private Certificate Authority from the Java Client Settings menu.
SecurID Authentication Support
SecurID can now be used as an authentication method in NFuse Classic. To enable SecurID authentication, select the Use RSA SecurID option on the Authentication page in the NFuse Classic Admin tool. From this page, you can also allow users to change their passwords, or specify that passwords are changed on expiration. When logging on to NFuse Classic using SecurID authentication, users enter a Personal Identification Number (PIN) followed by the SecurID tokencode (the number displayed on the SecurID token).
To use SecurID, two .dll files must be present on the NFuse Classic server.
To copy the .dll files to the NFuse Classic server
1. On the ACE/Server, locate the sdmsg.dll and aceclnt.dll files in the \winnt\system32 directory.
2. Copy these files to the \ProgramFiles\Citrix\NFuse\SecurID directory on the NFuse Classic server.
3. From this folder, run the following command: regsvr32 “C:Program Files\Citrix\NFuse\SecurID\NFuseSecurID.dll”
Chapter 4 Getting Started with NFuse Classic 31
ICA Java Client Session Sharing
NFuse Classic users can take advantage of the new session sharing functionality of the ICA Java Client.
From the NFuse Classic Settings page, select the Seamless option for the window size. This option provides seamless window support, which allows users to resize and minimize the application window, and to drag and drop objects between the published application and applications running locally on the client device.
Security Protocols
When you install NFuse Classic, you can select either SSL (Secure Sockets Layer)/ TLS (Transport Layer Security), or Microsoft’s Schannel security protocols. SChannel uses FIPS 140 validated cryptography, a standard required by some organizations. For more information about FIPS 140 validation, see the NIST (National Institute of Standards and Technology) Web site at http://csrc.nist.gov/ cryptval/.
Auto Proxy
The proxy auto-detection feature in the ICA Win32 and ICA Java Clients is now available in NFuse Classic. This option instructs the ICA Win32 and ICA Java Clients to detect and use the client browser’s proxy settings.
To configure proxy auto-detection
1. In the NFuse Classic Admin tool, go to the Client-Side Firewall page. 2. Select Auto from the Default SOCKS proxy setting options.
WAR File Support
C
HAPTER5
Getting Started with Enterprise
Services for NFuse
MetaFrame XP with Feature Release 3 includes Enterprise Services for NFuse Version 1.8. Enterprise Services for NFuse Setup files and more detailed documentation are included on the MetaFrame Components CD in the EnterpriseServicesNFuse directory.
System Requirements for Enterprise Services for NFuse
You can use Enterprise Services for NFuse on the following platforms and Web servers:
• Internet Information Services 6.0 on Windows .NET Server 2003
• Internet Information Services 5.0 on Windows 2000 Server with Service Pack 3
Note The Enterprise Services for NFuse Web Server must be a member server in a domain.
Supported Databases for Enterprise Services for NFuse
The following database products and versions are supported to host the Enterprise Services for NFuse database.
• Microsoft SQL Server 7 or SQL Server 2000 • Oracle 8i or 9i
New Features in Enterprise Services for NFuse Version 1.8
The technology preview release of Enterprise Services for NFuse Version 1.8 includes the following new features and enhancements.
SecurID Authentication Support
You can configure Enterprise Services for NFuse for SecurID authentication. If enabled, users must log on using their credentials (user name, password and domain) plus their SecurID passcode. Each user’s SecurID passcode comprises a PIN (Personal Identification Number) followed by the tokencode (the number displayed on the SecurID token).
You can enable SecurID authentication as the default authentication option for NFuse Classic servers or for individual NFuse Classic servers (see “Authentication Configuration Improvements” below for further details). At the Authentication settings page you can either configure the default option or configure the settings for an individual server. To enable SecurID authentication, select the Use RSA SecurID option.
Oracle Database Support
You can use an Oracle database (Version 8i or 9i) with Enterprise Services for NFuse Version 1.8. You must specify the Oracle database details during installation and initial configuration. The Enterprise Services for NFuse Administrator’s Guide
explains how to install Enterprise Services for NFuse using a Microsoft SQL database. You follow a similar installation procedure when using an Oracle database. You must complete three dialogs related to your Oracle database. The details required are summarized below:
Note The Oracle client tools must be installed on the Enterprise Services for NFuse server.
• Enter the database server and server port details. You must also enter the database administrator credentials.
• Enter the instance name and the schema name. You must also enter the details for the Enterprise Services for NFuse account to be used by Enterprise Services for NFuse to write to the database. This account is created for you during installation.
Chapter 5 Getting Started with Enterprise Services for NFuse 35
Authentication Configuration Improvements
You can now define the method of authentication to be used for each NFuse Classic Web server. This improvement allows you to define different authentication methods for different NFuse Classic Web servers, as required. For example, mobile users may use one NFuse Classic server, where an authentication method such as SecurID may be required. LAN users may use a different NFuse Classic server, where you may prefer to require users to log on explicitly.
The authentication options are set using the Authentication settings pages. To set the default authentication options that apply when you add NFuse Classic servers, select the Set default settings option. To set specific authentication options for individual NFuse Classic servers, select the Make special settings for an NFuse Classic server option.
Enhanced Group Selection
Group selection options have been improved. This enhancement makes it easier to locate and define groups. You can now view groups and search for groups within a particular domain. The enhancement is relevant when defining the Administrator group during initial configuration, when you need to change the Administrator group at the Global settings page, and when defining settings for groups at the Group settings page.
Embedded Client Support
Enterprise Services for NFuse now supports embedded clients. You can deploy embedded clients for users who do not have or do not require a local ICA Client. These users can launch applications within their browser and use an embedded client for the duration of the session. The following embedded ICA Clients are available:
• ICA Win32 Client. Active X (for Microsoft Internet Explorer only) or Netscape plug-in client (for Netscape only)
Primary Credentials
Users enter their “primary” credentials when logging on to Enterprise Services for NFuse. In previous releases of Enterprise Services for NFuse, the primary
credentials were stored in the database, together with secondary credentials (the credentials used when accessing remote farms). In this release, the primary credentials are not stored in the database.
Remote ID Management
Enterprise Services for NFuse allows users to access applications hosted by farms in remote domains. This is implemented using either automatic or manual mapping of credentials as described in the Enterprise Services for NFuse Administrator’s Guide. If manual mapping is enabled, users require an account in the remote domain. In this release, users can manage their passwords for remote domains using the Change Password option at the NFuse Classic User IDs page.
LDAP Failover
Management and communication with Microsoft Active Directory Services (ADS) domain controllers is improved. In earlier releases, Enterprise Services for NFuse was configured to communicate with a single ADS domain controller. In this release, Enterprise Services for NFuse is capable of communicating with all domain controllers within the domain. The connection is monitored using the Lightweight Directory Access Protocol (LDAP). Enterprise Services for NFuse automatically switches to an alternate domain controller if there are communication problems. To configure Enterprise Services for NFuse within an ADS domain, you must set the ADS domain name (for example, “domain.mycompany.com”) when
configuring the account authority options using the first time setup screens.
Farm Refresh Options
In this release, you have greater control over the refresh options for farms. You can set default refresh times for all farms, force a manual refresh for individual farms, set specific refresh options on a per-farm basis, and refresh all farms. These options are available on the following pages:
• The default farm refresh period is set at the Global settings page where you can set the required Cache Refresh details (days, hours, and minutes).
• When you add a farm you can choose whether or not the farm should use the default cache refresh setting or you can define specific Cache refresh options for the farm. You can also change the cache refresh option for existing farms. • To update all farms, select the Refresh all Farms option at the Farms Summary
C
HAPTER6
Using Citrix Secure Gateway on
Windows .NET Servers
The technology preview release of MetaFrame XP with Feature Release 3 includes Citrix Secure Gateway Version 1.1. Citrix Secure Gateway Setup files and more detailed documentation are included on the MetaFrame Components CD in the CitrixSecureGateway directory.
Installing the STA
To install and run the Secure Ticket Authority (STA) included in the Feature Release 3 technology preview release on Windows .NET 2003 servers, perform the following steps. Each step in the process is explained in detail below.
1. Install Internet Information Services (IIS) Version 6.0 2. Install the Secure Ticket Authority
3. Set appropriate permissions for %systemroot%\Inetpub\scripts 4. Add a new Web services extension to IIS for the STA
5. Modify directory security settings for \inetpub\scripts
Note The above steps are applicable only if you are installing the STA on Windows .NET Server 2003. For information about installing the STA on Windows 2000, see the Citrix Secure Gateway for Windows Administrator’s Guide.
Step 1: Install IIS Version 6.0
Step 2: Install the STA
Run CSG_STA.msi, located in the \CitrixSecureGateway\Windows directory on the MetaFrame Components CD.
Step 3: Set Permissions for %systemroot%\Inetpub\scripts
Complete the following tasks to set the necessary permissions for the %systemroot%\Inetpub directory.
1. Use Windows Explorer to browse to the %systemroot%\Inetpub directory. 2. Right-click the \scripts directory and select Properties.
Chapter 6 Using Citrix Secure Gateway on Windows .NET Servers 39
5. In the Edit Alias dialog box, create an alias called “scripts.”
6. Under Access permissions, select Read.
7. Under Application permissions, select Scripts and click OK. 8. Click OK to exit the Properties dialog box.
Step 4: Add a New Web Services Extension to IIS for the STA
Complete the following tasks to add a new Web services extension to IIS. 1. On the Windows desktop, right-click My Computer and select Manage. 2. In the Microsoft Management Console (MMC), select Services and
Applications.
4. Under IIS, right-click Web Service Extensions and select Add a new Web service extension.
5. Enter “CSG STA” as the Extension name. 6. Under Required files, click Add.
7. In the Add file dialog box, click Browse and point to
%systemroot%\Inetpub\scripts. Select ctxsta.dll and click OK.
8. Select Set extension status to Allowed.
9. Click OK to exit the New Web Service Extension dialog box.
Step 5: Modify Directory Security Settings for \inetpub\scripts
Complete the following steps to modify the security settings for the \inetpubs\scripts directory.
1. On the Windows desktop, right-click My Computer and select Manage. 2. In the Microsoft Management Console (MMC), select Services and
Applications.
Chapter 6 Using Citrix Secure Gateway on Windows .NET Servers 41
4. Select Web Sites under the IIS node and expand the Default Web Site node. 5. Right-click the Scripts folder and select Properties.
6. Select the Directory Security tab.
7. In the Authentication and Access Control section, click Edit.
8. In the Authentication Methods dialog box, ensure that Anonymous Access is selected. Click OK.
9. Click OK to exit the Properties dialog box. 10. Close the MMC.
Installing the Secure Gateway Service
Follow the steps below to install the Secure Gateway Service on a Windows .NET 2003 server.
1. Install the Secure Gateway Service.
2. Install Hotfix CSGE110W001 for the Secure Gateway Service.
This hotfix fixes the issue of users experiencing published application launch failure indicated by the error message “The Citrix SSL Server you have selected is not accepting connections.”
Step 1: Install the Secure Gateway Service
Run CSG_GWY.msi, located in the \CitrixSecureGateway\Windows directory on the MetaFrame Components CD.
Step 2: Install Hotfix CSGE110W001
1. Run CSGE110W001.msp located in the \CitrixSecureGateway\Windows directory on the MetaFrame Components CD.
Important This hotfix can be applied only on servers running Secure Gateway Service, Version 1.1.0.
2. Follow the remaining prompts until installation is complete.
If You Upgrade from Windows 2000 to .NET 2003 Server
The World Wide Web Publishing Service is disabled by default on Windows .NET servers.
If you upgrade your server from Windows 2000 to Windows .NET 2003, currently at Release Candidate 1, you must enable the World Wide Web Publishing Service before installing the STA.
To enable the World Wide Web Publishing Service
1. On the Windows desktop, right-click My Computer and select Manage. 2. In the Microsoft Management Console (MMC), select Services.
Chapter 6 Using Citrix Secure Gateway on Windows .NET Servers 43
4. In the General tab, set Startup type to Automatic.
5. Click Apply and then click OK.
6. In the Services pane, right-click World Wide Web Publishing Service and select Start.
7. Close the MMC.
Installing Certificates on Windows .NET Server
Certificate handling has been improved in Windows .NET 2003. Certificate handling for a .NET server must be done through IIS.
To install a server certificate on a Windows .NET 2003 server
1. Generate the certificate request using IIS 6.0.
2. Save the certificate file (.cer) sent to you by the Certificate Authority to the local machine.
3. Complete certificate installation using tools provided in IIS 6.0.
Important Considerations when Using a Secure Web Server
On a secure Web server, IIS does not start if port 443 is being used by another application. You can work around this by configuring your Web server to use a port other than 443 for secure communications. If you are not using a secure Web server, this is not an issue.
