MetaFrame Presentation Server Administrator s Guide For other guides in this document set, go to the Document Center

(1)

Administrator’s Guide

For other guides in this document set, go to the Document Center

(2)

examples herein are fictitious unless otherwise noted. Other than printing one copy for personal use, no part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc. Copyright © 2001-2004 Citrix Systems, Inc. All rights reserved.

Citrix, ICA (Independent Computing Architecture), MetaFrame, NFuse, and Program Neighborhood are registered trademarks, and MetaFrame XP and SpeedScreen are trademarks of Citrix Systems, Inc. in the United States and other countries.

This product includes software developed by The Apache Software Foundation (http://www.apache.org/). Trademark Acknowledgements

Adobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries.

Apple, LaserWriter, Mac, Macintosh, Mac OS, and Power Mac are registered trademarks or trademarks of Apple Computer Inc.

DB2, Tivoli, and NetView are registered trademarks, and PowerPC is a trademark of International Business Machines Corp. in the U.S. and other countries.

HP OpenView is a trademark of the Hewlett-Packard Company.

Java, Sun, and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Solaris is a registered trademark of Sun Microsystems, Inc. Sun Microsystems, Inc has not tested or approved this product.

Portions of this software are based in part on the work of the Independent JPEG Group.

Macromedia and Flash are trademarks or registered trademarks of Macromedia, Inc. in the United States and/or other countries.

Microsoft, MS-DOS, Windows, Windows Media, Windows Server, Windows NT, Win32, Outlook, ActiveX, Active Directory, and DirectShow are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corp. in the U.S. and other countries.

Novell Directory Services, NDS, and NetWare are registered trademarks of Novell, Inc. in the United States and other countries. Novell Client is a trademark of Novell, Inc.

RealOne is a trademark of RealNetworks, Inc.

SpeechMike is a trademark of Koninklijke Philips Electronics N.V.

Unicenter is a registered trademark of Computer Associates International, Inc. UNIX is a registered trademark of The Open Group.

(3)

Welcome

The MetaFrame Presentation Server suite of products provides integrated management capabilities for system administrators, along with ease of use and productivity enhancements for users who access applications using MetaFrame Presentation Server Clients.

Important Before you install MetaFrame Presentation Server, read the Readme file, located in the Documentation directory of the product CD. For information about new features, see “New Features of MetaFrame Presentation Server” on page 14.

Citrix provides a variety of information resources online, including a complete product documentation library, documentation updates, and technical articles on the Citrix Web site at http://www.citrix.com.

Accessing Documentation

This administrator’s guide is part of the MetaFrame Presentation Server

documentation set. The documentation set includes online guides that correspond to different features of MetaFrame Presentation Server. Online documentation is provided as Adobe Portable Document Format (PDF) files.

Use the Document Center to access the complete set of online guides. The Document Center provides a single point of access to the documentation that enables you to go straight to the section you need. The Document Center includes: • A list of common tasks and a link to each item of documentation.

• A search function that covers all the PDF guides. This is useful when you need to consult a number of different guides.

(14)

Important To view, search, and print the PDF documentation, you need Adobe Acrobat Reader 5.0.5 or later with Search. You can download Adobe Acrobat Reader for free from the Adobe Systems Web site at http://www.adobe.com/. If you prefer to access the guides without using the Document Center, you can navigate to the component PDF files using Windows Explorer. If you prefer to use printed documentation, you can also print each guide from Acrobat Reader. More information about Citrix documentation, and details about how to obtain further information and support, is included in Getting Started with MetaFrame

Presentation Server.

New Features of MetaFrame Presentation Server

The following new features and enhancements are included in this release.

Citrix Document Center

The Citrix Document Center gives you a single point of access to all

Administrator’s Guides for the MetaFrame Access Suite. Browse the Table of Contents for information about a task you want to accomplish and get point-and-click access to all pertinent sections across the guides.

Simplified Licensing for MetaFrame Access Suite

Products

New technology in MetaFrame Access Suite software simplifies managing your licensed products in the following ways:

• You centrally manage and monitor license usage • You can access your licensing data remotely

• You can create reports allowing you to analyze trends in license usage • An electronic backup of all licenses is stored on the Citrix Web site • You can share licenses across farms

(15)

Management Console for MetaFrame Access Suite

MetaFrame Presentation Server extends your ability to manage your MetaFrame deployment by integrating consoles with the Microsoft Management Console (MMC). The Management Console for the MetaFrame Access Suite snaps into the MMC to provide a single, easy to install, and easy to use location for managing your deployment.

Management functionality is provided through a number of snap-in management tools (extensions) that you can select when you install the Access Suite Console or at any time later. Extensions are available to help you:

• View applications, servers, and zones in multiple farms • Manage sessions across multiple farms

• Monitor the performance of your server farms

• Create reports analyzing your MetaFrame Presentation Server deployment • Create a trace for problem analysis

You can also use the Access Suite Console to launch:

• The Management Console for MetaFrame Presentation Server (previously called the Management Console for MetaFrame XP).

• The Web Interface Console (previously called the Web Interface Admin Tool). • The Program Neighborhood Agent Console (previously called the Program

Neighborhood Admin Tool).

• The License Management Console. For more information about the License Management Console, see the MetaFrame Access Suite Licensing Guide.

Enhanced Support for Large Farms

Zone data collectors now monitor server load information for their own zone instead of the entire farm. This behavior reduces traffic among zones when users connect to applications, especially in large farms where zones are connected across high latency links.

In earlier releases, a data collector automatically sent updates about server loads in its zone to the data collectors in other zones. This change in communication is designed to reduce interzone network traffic. Instead of each data collector maintaining load information for all servers in the farm, the data collector maintains load information only for the servers in its own zone. This behavior is especially beneficial in large farms.

(16)

Zone Preference and Failover

A new policy rule enables you to direct user connections to preferred zones and set transparent failover to backup zones when preferred servers are unavailable. When users open applications, the Zone Preference and Failover policy rule directs their connections to the server with the highest zone preference and lightest load. The Zone Preference and Failover rule is available if you are using the Enterprise Edition of MetaFrame Presentation Server. For more information about configuring Zone Preference and Failover in a policy, see “Directing User Connections to Preferred Zones” on page 36.

Extended Policies

You can now create policies to apply connection settings based on server groups, IP addresses, and client names—in addition to users or user groups as in earlier releases. New policy rules give you broader control over bandwidth limits, zone connection preferences, audio options, and printing.

You can use new policy rules to do such things as:

• Direct user connections to a local zone and set failover options to other zones • Route print jobs directly from the server to the printer rather than through the

client device

• Control bandwidth limits for sessions

• Control audio sound quality used by client devices

The examples cited above include only a few of the new capabilities provided with connection policies. You can view other new and enhanced policy rules under the Policies node of the Presentation Server Console.

For more information about policies, see “Creating and Applying Policies” on page 287.

Enhanced Delegated Administration

With Enhanced Delegated Administration, you can restrict an administrator’s permissions to perform certain tasks to select servers and applications. You can, for example, create two separate “session administrator” accounts and give one account permissions to manage user sessions on servers in California, and give the other account permissions to manage user sessions on servers in Maine.

(17)

Digital Dictation Support

MetaFrame Presentation Server now supports client-side microphone input. This allows you to publish dictation software for use in client sessions. Using local microphones, including a number of Philips SpeechMike speech processing devices, users can record dictations with applications running on the server. For example, a user away from the office can establish a client session to record notes using a laptop. Later in the day the user can retrieve the notes for review or transcription from the desktop device back at the office.

Digital dictation support is available with MetaFrame Presentation Server

Advanced and Enterprise Editions. For information about configuring this feature, see, “Configuring Digital Dictation Support” on page 208.

Enhanced Multimedia Support

MetaFrame Presentation Server offers the following major multimedia enhancements.

SpeedScreen Multimedia Acceleration

SpeedScreen Multimedia Acceleration optimizes streaming multimedia playback through published instances of or remote desktop connections to Internet Explorer, Windows Media Player, and RealOne Player. This feature offers significant performance gains in the following areas:

• User Experience. Multimedia playback in ICA sessions is about as smooth as local playback

• Server CPU Utilization. The client device decompresses and renders multimedia content, freeing up server CPU utilization

• Network Bandwidth. Multimedia content is passed over the network in compressed form, reducing bandwidth consumption

Note With SpeedScreen Multimedia Acceleration enabled, RealOne Player’s built-in volume and balance controls do not work within client sessions. Instead, users can adjust volume and balance from the volume controls available from the client system tray.

(18)

SpeedScreen Flash Acceleration

SpeedScreen Flash Acceleration allows you to optimize the way MetaFrame Presentation Server renders and passes Macromedia Flash animations to users. Flash animations are a common component of many Web sites and Web applications.

For more information about configuring SpeedScreen Flash Acceleration, see “Optimizing Macromedia Flash Animations” on page 213.

SpeedScreen Image Acceleration

Using lossy image compression, SpeedScreen Image Acceleration offers you a trade-off between the quality of photographic image files as they appear on client devices and the amount of bandwidth the files consume on their way from server to client. Lossy image compression reduces the size of image files the server sends to the client by removing redundant or extraneous data from the files.

For more information about configuring SpeedScreen Image Acceleration, see “Optimizing Throughput of Image Files” on page 214.

Enhanced User Experience

MetaFrame Presentation Server features a number of enhancements to the way users experience their sessions. As a result, sessions integrate more seamlessly with users’ desktops. Highlights include:

Improved User Logon

The process of connecting to servers and published applications now has a smoother and more consistent look and feel. Users see all connection and logon status information in a sequence of windows, from the time they double-click a published application icon on the client device, through the authentication process, to the moment the published application launches in the session. For more

information about this new feature, see “Controlling User Logon Look and Feel” on page 268.

Session Reliability

(19)

This feature is especially useful for mobile users with wireless connections. If a user with a wireless link enters a road or railroad tunnel and momentarily loses connectivity, the display on the client device freezes until connectivity resumes on the other side of the tunnel. The user continues to access the display during the interruption and can resume interaction with the application when the network connection is restored.

Session Reliability is available and enabled by default with the Enterprise and Advanced Editions of MetaFrame Presentation Server. This feature is supported with Version 8.x or later of the MetaFrame Presentation Server Client for 32-bit Windows. For more information about Session Reliability, see “Leveraging Session Reliability” on page 282.

Workspace Control

Workspace Control enables users to quickly switch between client devices and is especially useful to roaming or mobile users. You now have the ability to configure, and allow users to configure, the following controls on the Program Neighborhood Agent interface or the Web Interface:

• Log on. You can configure user logon behavior to include automatically reconnecting to disconnected sessions only or reconnecting to disconnected and active sessions.

• Disconnect. The new Disconnect command allows users to disconnect from all applications at once.

• Reconnect. You can configure the Reconnect command to mean reconnecting to disconnected sessions only or reconnecting to disconnected and active sessions.

• Log off. For the Web Interface, you can configure logoff behavior as logging off from the Web Interface and all active sessions together or logging off from the Web Interface only.

(20)

Ability to Hide Disabled Applications

When you disable a published application, you can choose to hide it from lists of published applications. Hiding the application prevents it from appearing in a user’s Start menu, Program Neighborhood application set, application folder, or taskbar while the application is disabled. This option is useful if you need to temporarily disable a published application while you apply updates or address an issue with the data source. By default, a disabled application continues to appear in lists of published applications.

To hide an application from users while it is disabled, select Hide Disabled Application in the properties of a published application.

Dynamic Session Reconfiguration

This feature creates a smoother experience for users who switch between client devices with varying display modes by reconfiguring window appearance appropriately between devices. When reconnecting to a session on a client device with different display modes, users do not need to reconfigure the color depth and resolution. Dynamic session reconfiguration automatically adapts the existing session’s display mode to the reconnecting client device’s display capabilities and mode preference.

Program Neighborhood and Program Neighborhood Agent now identify when local client display settings change and dynamically adjust the session display settings accordingly. For example, if a Tablet PC user changes the tablet’s screen orientation from landscape to portrait, session display settings automatically adjust to the portrait display. If a laptop user undocks the laptop from an external monitor, the session can adjust display settings to the laptop’s monitor settings.

(21)

Enhancements to MetaFrame Presentation Server

Client for 32-bit Windows

MetaFrame Presentation Server Client Packager

The MetaFrame Presentation Server Client Packager is an all-in-one client for users of 32-bit Windows (Windows 95 and later) devices. It wraps the following clients into a single package:

• Program Neighborhood • Program Neighborhood Agent • Web Client

Customize the client packager to deploy and maintain any number and combination of clients network-wide. Based on Windows Installer technology, the client packager lets you install, uninstall, modify, and repair clients as well as perform controlled client upgrades. Place the client packager on a network share for users to download, or deliver it using Microsoft System Management Server or Active Directory Services. An easy-to-use wizard guides you through the configuration step by step.

The client packager, Ica32Pkg.msi, is located in the Icainst\En\Ica32 and ICAWeb\En\Ica32 folders of the Components CD.

Enhanced Security with Pass-Through Authentication (Kerberos

Logon)

Version 8.x of the MetaFrame Presentation Server Clients for 32-bit Windows features enhanced security for pass-through authentication. Rather than sending user passwords over the network, pass-through authentication now leverages Kerberos authentication in combination with Security Support Provider Interface (SSPI) security exchange mechanisms.

For more information, see “Configuring Kerberos Logon” on page 186.

Compatibility with Asian Language Web Servers

In the past, some users of European language versions of MetaFrame Presentation Server Clients (formerly called ICA Clients) could not launch published

(22)

You can now configure the Web Interface to generate ICA files in Unicode, which increases the number of non-European language characters clients recognize. ICA files are text files that contain parameters and instructions for launching published applications.

Extended Unicode Keyboard Support

MetaFrame Presentation Server now supports handwriting and soft keyboard input. Soft keyboards are software-based, onscreen keyboards common in handheld devices such as PDAs running on Windows CE, and Tablet PCs.

Therefore, in addition to the Western language characters available on hardware keyboards, users can input any of over 65,000 non-Western language characters that are defined in Unicode and available on soft keyboards only. This feature also provides support for voice input for users of Windows XP Tablet PC Edition.

Program Neighborhood Agent Enhancements

• Multiple Farm Support. You can now use Program Neighborhood Agent in deployments with more than one farm. When you configure the Web Interface to present users with applications from multiple farms, Program Neighborhood Agent automatically supports that configuration as well. For information about configuring the Web Interface, see the Web Interface Administrator’s Guide. • Support for User Name and Password Input. In earlier versions of Program

Neighborhood Agent, when the Windows operating system running on the server failed to accept a user name or password, the user had to log off and launch a new client session to continue. With the latest version of Program Neighborhood Agent, which ships with MetaFrame Presentation Server 3.0, users can now enter or reenter their Windows credentials within their session from the familiar Windows logon screen.

The Windows server operating system may fail to accept users’ passwords for a number of reasons, including expired passwords and disabled user accounts. • Persistent Desktop Integration. You can now configure Program

Neighborhood Agent so that shortcuts to published applications and content remain in user-specified custom locations between sessions and client restarts. Users can copy or move shortcuts to custom locations on the desktop and the Quick Launch bar of the client device. With earlier versions of the client, shortcuts in custom locations were removed automatically under certain circumstances. With Version 8.x of the client, you can allow shortcuts to remain in user-defined custom locations when a user logs off from a session, refreshes applications, exits the client, or restarts the client device. For information about configuring this feature, see the Clients for 32-bit Windows Administrator’s

(23)

Basic Support for Remote Desktop Connection Software

MetaFrame Presentation Server now provides basic support for Remote Desktop Connection software. Users can access applications and content you publish through the Web Interface using both ICA Client and Remote Desktop Connection software. Due to differences in the Remote Desktop (RDP) and ICA protocols, certain ICA Client features are not available for users of Remote Desktop Connection software. For more information, system requirements, and a list of supported features, see “Using Remote Desktop Web Connection Software” on page 225.

Feature Name Changes Since MetaFrame XP

The MetaFrame Access Suite integrates a number of features that were previously separate components. If you are upgrading from an earlier version of MetaFrame Presentation Server, you will notice that Citrix has changed the names of the following features to reflect this integration:

MetaFrame Presentation Server Earlier Releases

Management Console for MetaFrame

Presentation Server Management Console for MetaFrame XP, or Citrix Management Console Web Interface for MetaFrame Presentation Server Web Interface for MetaFrame XP, or NFuse Program Neighborhood Agent Console Program Neighborhood Admin Tool Web Interface Console Web Interface Admin Tool Secure Gateway Secure Gateway for MetaFrame, or

(24)

(25)

Designing Server Farms

Read this chapter to understand how server farms are structured and how you should design farms to provide users with easy access to applications and resources. This chapter discusses the following topics you should consider when designing a farm:

• Overview of server farms. Farms are the central unit through which to organize and manage a MetaFrame Presentation Server environment. • Centralizing or distributing servers. How you organize server location is

largely driven by the location of your users, the location of users’ applications and data, and your network environment. There are advantages to either centralizing servers at one site or distributing them among multiple sites. • Deciding how many farms to deploy. Although most deployments use a single

farm, you can consider deploying separate farms for remote sites or environments with tight firewall security between sites.

• Planning zones in farms. You can use zones to group servers by subnet or location, control communication, enhance performance or discourage bottlenecks between groups of servers within the farm. Servers in a zone can communicate directly with one another.

• Server farm deployment scenarios. You can review and draw from these six common farm configurations when designing your deployment. The scenarios range from a small single-zone farm centralized in one location to a large multi-zone farm with regional sites.

(26)

Overview of Server Farms

Users run their applications on servers that are grouped into server farms. Server farms are groups of servers running MetaFrame Presentation Server that you can manage as a unit, enabling you to configure features and settings for the entire farm rather than configuring each server individually. For example, when you publish the applications or resources you want to make available to users, you do so at the farm level, establishing configuration settings that pertain to all instances of the

application running in the farm. Published applications are the applications that you make available to users to run on servers in the farm.

Servers in a farm share a network connection and a single data store of the farm’s configuration information. Your farm design must include creating a data store and connecting each server in the farm to it. For more information about data stores, see “The Farm Data Store” on page 47.

Two main architectural elements of MetaFrame Presentation Server enable you to establish the on-demand enterprise, where users access published resources easily and with any client device. You should keep these elements, described in the following topics, in mind when designing farms.

Independent Management Architecture (IMA)

Independent Management Architecture (IMA) provides the framework for server communications and is the management foundation for MetaFrame Presentation Server. IMA is a centralized management service comprised of a collection of core subsystems that define and control the execution of products in a server farm. IMA enables servers to be arbitrarily grouped into server farms that do not depend on the physical locations of the servers or whether the servers are on different network subnets.

IMA runs on all servers in the farm. IMA subsystems communicate through messages passed by the IMA Service through default TCP ports 2512 and 2513. The IMA Service runs and is started automatically when a server is started. The IMA Service can be manually started or stopped through the operating system Services utility.

Independent Computing Architecture (ICA)

(27)

The ICA protocol transports an application’s screens from the server it is running on to the user’s client device, and returns the user’s input to the application on the server. As an application runs on a server, MetaFrame Presentation Server

intercepts the application’s display data and uses the ICA protocol to send this data (on standard network protocols) to the client software running on the user’s client device.

When the user types on the keyboard or moves and clicks the mouse, the client software sends this data to the application on the server. ICA requires minimal client workstation capabilities and includes error detection and recovery, encryption, and data compression.

For more information about client software, see “Deploying Client Software to Users” on page 221.

A server farm is a grouping of servers running MetaFrame Presentation Server that you can manage as a unit, similar in principle to a network domain. When designing server farms, you should keep in mind the goal of providing users with the fastest possible application access while achieving the degree of centralized administration and network security that you need.

Centralizing or Distributing Servers

The existing network layout and the location of administrators, users, applications, and data all influence how you should organize servers.

(28)

For enterprises with geographically dispersed sites, there are trade-offs to consider between centralizing servers or scattering them with the applications or data centers. The following table outlines some of these trade-offs.

Servers centralized at one site Servers distributed across multiple sites Advantages:

Centralized server administration and support. Centralized application management.

Advantages:

Enhanced business continuity and redundancy; if one site loses connection, it does not affect all application access. When data is maintained at different sites, placing servers at those sites provides users with local access to the data.

Sites can own and control their own servers.

Disadvantages:

Single point of failure; if the site loses connection, users have no alternative access. Access to data might be slow if an application must traverse a WAN link to the data.

Disadvantages:

If users need access to multiple sites, you may need to coordinate and replicate domains, trusts, user profiles, and data.

Sites may need added local administration and support.

Server-to-server communication crosses the WAN.

(29)

Deciding How Many Farms to Deploy

Before deploying MetaFrame Presentation Server you must decide whether to implement a single farm or multiple farms. This decision is influenced by your individual environment, including such factors as:

• Location and needs of the end users • Geographical layout of the enterprise • Capabilities of the farm’s data store database • Network congestion

• Hardware capability

• Enterprise security policies concerning server communications

There is no exact formula that determines what number of farms is ideal, but there are some general guidelines that can help you make this decision.

Deploying a Single Farm. In general, a single farm meets the needs of most deployments. For very large deployments with, for example, thousands of servers, breaking the environment into multiple farms can increase performance. A significant benefit to deploying a single farm is needing only one data store database. For more information about data stores, see “Choosing a Database for the Data Store” on page 48.

(30)

The following table compares how single and multiple farm deployments relate to a few of the important factors you must consider when planning the MetaFrame Presentation Server environment:

Farm Element Single Farm Multiple Farms

Data Store The farm has one data store. Each farm must have a data store.

Data Store

Replication Citrix recommends that you replicate the data store to remote sites when using one farm in a WAN environment.

If each remote site is a farm with its own data store, there is no need for data store replication.

Load Balancing You can load balance an application

across the farm. You cannot load balance an application across servers in different farms.

Firewall Traversal If the farm spans multiple sites, firewall ports must be open for server-to-server communication.

Site-based farms eliminate the need to open firewall ports for server-to-server communication.

Server-to-server

Communication Data store information is synchronized with member servers through notifications and queries. When a farm has multiple zones, data collectors are used to communicate dynamic information such as logons and application use across the farm

Multiple farms may improve performance over a single farm when server-to-server traffic crosses a WAN link or when the farm is very large.

Multiple farms do not span an Internet WAN connection, so server-to-server traffic cannot be intercepted.

Administration and

Support Centralizing administration and support may be easier for a single farm. You can decentralize administration and support if you want sites to have control and ownership.

Management

Consoles You can monitor and configure the farm from a single management Console and need to log on to only one farm to do so.

You can monitor and configure multiple farms from the Access Suite Console. Communicating with multiple farms from the Console requires logging on to multiple servers.

(31)

Configuring Zones and Data Collectors

You can use zones to enhance a farm's performance and organization. A zone is a grouping of servers that share a common zone data collector. A zone data collector is a server that manages dynamic information about the servers in the zone. Each farm has at least one zone.

By default, all servers in a farm that are on the same network subnet belong to the same zone. Use Zones in the left pane of a farm’s Properties page to view the servers that belong to each zone. To change the membership of a server from one zone to another, select the server from the list of servers in the zone and move it to another zone.

Important If you change a server’s zone membership (move the server to another zone), incorrect information can appear in the Presentation Server Console until the server sends updates to the zone data collector. To ensure data synchronization, restart a server after you move it to another zone.

Zones are designed to enhance the performance of a farm by allowing

geographically related servers to be grouped together, whether they are connected to the same network subnet or not.

• If all the servers in a farm are in one location, you can configure the farm with a single zone without causing slower performance or making the farm more difficult to manage.

• If you manage an enterprise farm with servers in different geographic regions, you can create zones based on the location of the servers. This can improve performance and allow you to more efficiently manage the farm.

Zone Data Collectors

Zone data collectors are communication gateways between zones in farms that have more than one zone. Zone data collectors communicate information used by MetaFrame Presentation Server to list available applications for users and, when users open an application, to locate the most appropriate server on which to run the application.

(32)

This diagram shows a server farm with two zones connected by a WAN link. Only the zone data collector in each zone communicates over the WAN link. Individual servers communicate over LANs and primarily with their zone data collector.

When resolving a user’s application request to the least-loaded server in the farm, a zone data collector queries the other zone data collectors for the information it needs to identify the server with the lightest load.

Only zone data collectors send messages between zones, reducing communication traffic in the farm because every server does not need to communicate with every other server. If you have a large or geographically diverse farm, you may be able to enhance performance by organizing servers into zones.

Note Beginning with MetaFrame Presentation Server 3.0, zone data collectors no longer automatically send updates about server loads in their zone to other zone data collectors. This change in communication is designed to reduce network traffic between zones.

Zone data collectors no longer maintain load information for all servers in the farm, as they did in earlier releases. The zone data collector now maintains load

information only for the servers in its own zone. This behavior is especially beneficial in large farms.

If network traffic becomes congested from a large number of queries between zone data collectors, you can configure zone data collectors to share server load

(33)

Tip To reduce network traffic in large farms with multiple zones, Citrix recommends that you use the Zone Preference and Failover policy rule to direct users’ requests for applications to preferred zones within the farm. For more information about Zone Preference and Failover, see “Directing User Connections to Preferred Zones” on page 36.

Citrix recommends that you maintain all servers in a farm at the most recent release level of MetaFrame Presentation Server. If you find that you need to run different release levels of MetaFrame Presentation Server in your server farm on a temporary basis, configure a server running the latest release as the zone’s data collector.

Sizing Zones

You should design zones to enhance farm performance when enumerating or opening applications for users. The number of servers you can place in one zone depends largely on the hardware of the zone data collector and the amount of farm activity. Factors that can influence zone size include:

• How many users connect to the farm • How many users log on simultaneously

• How long the average user stays logged on to a session (a single daily session or repeated short sessions)

• How many published applications are load-balanced between servers You should routinely monitor the CPU and memory usage on the zone data collector to ensure that it is not being overloaded with requests, especially after adding new applications or additional users to the farm.

For most deployments, a zone should be limited to a group of servers that are located in a single data center and connected by low latency links.

Tip Citrix recommends that you maintain as few zones as possible while still being able to complete application enumeration requests and resolutions in a timely manner. Creating too many zones can decrease performance in a farm, resulting in high network bandwidth consumption and decreased performance of the zone data collectors.

(34)

Tip To find out if a zone data collector is overloaded, you can monitor the server for the number of work items that are ready for execution. As a zone data collector becomes overloaded, work items on the server begin to pile up and stand in queue for execution. You can check the Work Item Queue Ready Count counter from the Citrix MetaFrame performance object in Windows Performance Monitor. If this counter rises above zero for a steady length of time, you should be concerned about the load on the data collector. For more information about monitoring performance, see “Monitoring Performance of Sessions and Servers” on page 299.

If users experience delays when their available applications are being enumerated or when they open an application, or if reports are being generated slowly, the zone data collector may be becoming overwhelmed. Consider taking the following actions to reduce the load on the zone data collector:

• Divide the current zone into two zones

• Increase the CPU power of the zone data collector

• Dedicate the zone data collector to handling zone information and users’ requests for applications, but not running published applications

If you are installing MetaFrame Presentation Server on servers that reside on multiple subnets in the same zone, do not use the default zone name presented to you during MetaFrame Presentation Server Setup, because the default zone name is based on the subnet of the server joining the farm. If you did not change the zone name when you installed MetaFrame, you can change it in the farm’s Properties dialog box using the Presentation Server Console.

Configuring Data Collectors for Large Zones

If you are using large zones that have more than 512 servers, you should ensure the following on the data collector or any servers that may be elected as the data collector:

• The server should be a dual-processor, latest-generation server. • You need to add the registry key entry MaxHostAddressCacheEntries. To configure a zone for more than 512 servers

1. Add the following entry to the registry

(35)

CAUTION Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before making changes to it.

2. Set the value of MaxHostAddressCacheEntries to a number greater than the number of servers you are planning to put in the zone but no higher than necessary, because MetaFrame Presentation Server uses this number for memory management.

Note Increasing the value of MaxHostAddressCacheEntries higher than necessary can negatively impact performance. Increasing this value does not improve data collector performance.

3. Restart the IMA Service on the server.

Configuring the Election of Zone Data Collectors

A zone elects, or selects, a zone data collector if a new server joins the zone or if the current data collector becomes unavailable. A zone data collector becomes unavailable if the server hosting it goes down or is disconnected from the network, or if you move the server to another zone.

Zones elect a new zone data collector using a preference ranking of the servers in the zone. You can set this preference ranking using Zones in the left pane of a farm’s Properties page.

The preference levels, in order from highest to lowest preference, are: Most Preferred

Preferred

Default Preference Not Preferred

When the zone elects a new data collector, it tries to select a server from the Most Preferred level. If no servers are available at this level, the zone selects a server from the Preferred level, and so on.

The first server added to a zone is set to Most Preferred and becomes the zone’s initial data collector. All other servers are set to Default Preference.

(36)

To designate a specific server as the zone data collector, set the election preference for the server to Most Preferred and set all other servers in the zone at a lower election preference. Assign servers that you do not want to become the zone data collector to Not Preferred.

If a zone spans multiple sites and the network link goes down between the sites, each site elects a zone data collector. The zone data collector does not need a connection to the farm data store to function. This allows user connections to continue to work during the interruption. When the network connection is restored, the zone resolves back to having one elected data collector.

When a new zone data collector is elected, it gathers fresh data from the servers in the zone. Zone data collectors do not copy or back up data to or from other servers; they gather and provide only dynamic information about servers in the zone.

Dedicating a Server as Zone Data Collector

In large farms and enterprise networks with high client traffic, you can reduce the possibility of data collector performance issues by using dedicated data collectors. You can do this by setting up data collectors on servers that run MetaFrame Presentation Server but do not host applications. When you publish applications, do not include the data collector among the servers to run the applications.

In general, if users experience slow connection times due to high CPU utilization on the data collector, consider dedicating a server to act solely as the zone data collector.

Directing User Connections to Preferred Zones

If your users connect through the Web Interface or the Program Neighborhood Agent, you can configure policies in MetaFrame Presentation Server to transparently direct users to launch applications in preferred zones. The Zone Preference and Failover policy rule enables you to set preferred zones and establish failover to other zones when the preferred servers are unavailable. Citrix

recommends using this feature in farms with multiple zones dispersed

geographically. Routing users to connect to servers in their own zone can reduce traffic across high latency connections.

(37)

Setting Connection Order for Zones

MetaFrame Presentation Server directs user connections to zones according to the

connection order assigned to each zone in the Zone Preference and Failover policy

rule. The connection order levels, in order of preference, are:

• Primary Group. Use for zones to which you want connections directed first. • Backup Group. Use for zones to which you want connections directed if the

application is not available in zones assigned as the Primary Group. There are ten levels of backup groups, from 1 to 10. Backup Group 1 has highest preference among the backup groups.

• No Preference. Use for zones that users are directed to after Backup Group 10. • Do Not Connect. Use for zones to which you do not want users to connect. You can set connection order preferences only in the Zone Preference and Failover rule of a policy.

Configuring the Zone Preference and Failover Rule

To configure the Zone Preference and Failover rule for a policy, select the policy in the tree view of the Presentation Server Console and open the Connections folder under User Workspace. Select the Zone Preference and Failover rule, enable it, and assign a connection order to each zone.

When a user launches an application, the zone data collector first queries the zones in the user’s Primary Group to locate the server in that group with the smallest load. If the application isn’t available in the Primary Group zones, the data collector then queries the zones in Backup Group 1 and so on, following the connection order you set.

For example, if you have users who open applications in a farm that spans zones in Vancouver, Seattle, and Hong Kong, you can create a policy for users at each site. Set the Zone Preference and Failover rule on each user group’s policy to connect to their local zone and set one of the remote sites as Backup Group 1 and the other remote site as Backup Group 2. For the Vancouver user group, assign the

(38)

Tip To ensure the most efficient use of network traffic between zone data collectors, do not place zones at the same connection order if they have a high latency link between them. The data collector queries all zones in the same connection order simultaneously. Assign a different connection order to zones at each remote site.

If you do not enable Zone Preference and Failover, users are directed by default to the server in the farm with the lightest load, even if that server is in another zone across a WAN link.

To use Zone Preference and Failover in an environment with servers running earlier releases of MetaFrame Presentation Server:

• Make sure that the zone data collector is a server running MetaFrame Presentation Server 3.0 or later.

• Run the Citrix XML Service on servers with MetaFrame Presentation Server 3.0 or later.

• Make sure that the Web Interface is configured to communicate with the servers in the farm that are running MetaFrame Presentation Server 3.0.

(39)

Server Farm Deployment Scenarios

Read the following sections for information about common server farm infrastructures and recommendations from Citrix for each one. The findings presented for these scenarios are based on results from extensive testing in Citrix labs.

Small Farm – Central Location

This scenario describes a simple single farm environment where all servers reside in one location and are configured as follows:

Servers 1-100

Zone(s) 1

Physical Sites 1

Data Store Microsoft Access, MSDE, Microsoft SQL Server, IBM DB2, or Oracle

Connectivity 10 Mbps or higher (LAN)

(40)

Citrix recommends the following for small farms in a central location: • Dedicate a data collector for zones with more than 50 servers

• If using Access or MSDE for the farm’s data store, you can consider using the same server to act as the data collector and also host the data store

Large Farm – Central Location

This scenario describes a larger, but only slightly more complex, single farm environment where all servers reside in one location and are configured as follows:

Servers 100+

Zone(s) 1 zone per 300+ servers

Data Store Microsoft SQL Server, Oracle, or IBM DB2

(41)

This diagram shows a large farm in a central location. The farm contains a data store and four zones. Each zone consists of a data collector and multiple farm member servers.

Citrix recommends the following for large farms in a central location: • Dedicate a data collector for zones with more than 50 servers.

• With extremely large farms, using replicated Microsoft SQL Server databases, replicated Oracle databases or Oracle RAC can improve performance and prevent a bottleneck at the data store. If replication is used with IBM DB2 databases, you must configure it for read-only and all changes must be made on the master database.

• Do not exceed 25 zones in a single farm.

(42)

Small Farm – Distributed Sites

This scenario describes a small single farm environment where servers reside in a few locations as follows:

Servers 1-100 (evenly distributed at a few physical locations)

Zone(s) 1-4

Physical Sites 2-4

Connectivity 512Kbps or higher to a central site or between all locations

This diagram shows a small farm with distributed server locations. The farm consists of a single zone distributed across four locations. Location 1 includes the data store, data collector, and multiple farm member servers. Each of the other locations contain farm member servers.

Citrix recommends the following for small farms in distributed sites:

• Use a single zone if all distributed sites have a connection to a central site and the frequency of users connecting is limited.

(43)

• Restart servers only when WAN links are at low utilization.

• If the majority of the servers in the farm reside at one location and the remote sites have very few servers, use a single zone.

Small Farm – Remote Sites

This scenario describes a small single farm environment where small groups of 2-5 servers are distributed in multiple locations.

Servers 1-100 (2-5 at each site to support local use)

Zone(s) 1

Physical Sites 2+

Connectivity 128Kbps or higher to a central site

This diagram shows a single zone with remote sites and a central office. The data store and data collector are located at the central office.

Citrix recommends the following in for small farms with remote sites: • Provide a central site with a dedicated connection to each remote site.

(44)

Large Farm – Multiple Data Centers

This scenario describes a large single farm environment where all servers reside in large data centers as specified in the following configuration:

Servers 200+

Zone(s) 2-4

Data Store Microsoft SQL Server or Oracle (replicated to speed server boot time and minimize WAN queries)

Connectivity High speed (T1 or higher)

This diagram shows a farm with two data centers, each with its own zone. Zone 1 contains the data store master, a data collector, and multiple farm member servers. Zone 2 contains a data store replica, a data collector, and multiple farm member servers. Citrix recommends the following for large farms with multiple data centers: • Tune database replication intervals to reduce WAN utilization. Be aware that

changes made at the central site can take a few minutes to disseminate to replicas.

(45)

Large Farm – Regional Sites

This scenario describes a large single farm environment where servers reside both in regional sites and small remote sites.

Servers 200+ (smaller sites connect to closest regional site)

Zone(s) 1 per regional site

Physical Sites 2+

Data Store Microsoft SQL Server or Oracle (replicated to each regional site)

Connectivity High speed (T1 or higher) between all regional sites 128Kpbs or higher between regional and smaller sites

(46)

Citrix recommends the following for large farms with regional sites:

• Consider using Virtual Private Network (VPN) technology for remote sites. • Consider centralizing servers at one site and have users connect from clients at

remote sites so that communication between servers doesn’t cross a WAN link, allowing the ICA protocol to enhance performance for users across the WAN. • Tune database replication intervals to reduce WAN utilization. Be aware that

changes made at the central site can take a few minutes to disseminate to replicas.

(47)

The Farm Data Store

The data store provides a repository of persistent information about the farm that each server can reference, including the following:

• Farm configuration information • Published application configurations • Server configurations

• MetaFrame administrator accounts • Printer configurations

• Trust relationships

CAUTION Ensure that the data store is properly backed up on a regular basis. If the data store database is lost, you must recreate the farm. You cannot recreate the data store from an existing farm.

When servers in a farm come online, they query the data store for configuration information.

Viewing Data Store Information

(48)

CAUTION Do not directly edit any data in the data store database with utilities or tools provided by any product other than the MetaFrame Access Suite. For example, do not use IBM DB2, Microsoft SQL Server, or Oracle utilities to edit the data store. Doing so corrupts the data store database and destabilizes the farm.

Choosing a Database for the Data Store

Before installing MetaFrame Presentation Server, you must decide which database to use for your farm’s data store. You can use the following database software for the farm data store:

• Microsoft Access. Access is a lightweight database that is included with Windows server operating systems. The Access database is created on the first server in a new farm. It is most appropriate for small to mid-sized farms. • Microsoft SQL Server 2000 Desktop Engine (MSDE). MSDE is a database

engine based on Microsoft SQL Server core technology. The MSDE database is created on the first server in a new farm. It is most appropriate for small to medium-sized farms and can be administered using standard Microsoft SQL Server tools.

• Microsoft SQL Server. SQL Server is a true client/server database that offers robust and scalable support for multiple-server data access. It is suited for use in farms of any size.

• Oracle. Oracle is a true client/server database that offers robust and scalable support for multiple-server data access. It is suited for use in farms of any size. • IBM DB2. DB2 is a true client/server database that offers robust and scalable

support for multiple-server data access. It is suited for use in farms of any size. When using Microsoft Access, the data store database is created when you install MetaFrame Presentation Server. When using MSDE, you first install MSDE and then create an MSDE instance. Then you run MetaFrame Presentation Server Setup. The database is stored on the first server in the farm.

When using Microsoft SQL Server, Oracle, or IBM DB2, the database is on a server dedicated to running the database product. This dedicated server must be set up prior to creating the farm because you will need to configure an ODBC connection to it. Servers running MetaFrame Presentation Server must also have the

(49)

CAUTION Do not install MetaFrame Presentation Server on the Microsoft SQL, Oracle, or IBM DB2 database server. See your database product’s documentation for specific hardware requirements for the database server.

You should consider many factors before deciding which database product to use for the data store, including but not limited to:

• The number of servers you currently plan to have in the farm and whether you plan to expand that number

• Whether you have a database administrator on staff with the expertise to configure and manage a data store running on SQL Server, Oracle, or DB2 • Whether you foresee the enterprise expanding, and therefore expanding the

number and type of published applications

• Whether the database can sustain an increase in the number of users and connections

• Whether a server has the appropriate hardware configuration to also run an Access or MSDE database or whether you require that the database be located on a server that is not also running MetaFrame Presentation Server

• Any database maintenance requirements you may have, such as backup, redundancy, and replication

Important Microsoft SQL, Oracle, and IBM DB2 servers require significant expertise to install and maintain. If you do not have expertise with these products, attempting to use them in a production environment is not recommended. See the documentation included with your database product for important details such as performance tuning and database backup procedures.

MetaFrame Presentation Server Administrator s Guide For other guides in this document set, go to the Document Center

Administrator’s Guide

For other guides in this document set, go to the Document Center

Contents

Chapter 1

Welcome

Chapter 2

Designing Server Farms

Chapter 3

The Farm Data Store

Chapter 4

Planning for Deployment

Chapter 5

Installing and Upgrading to MetaFrame Presentation Server

Chapter 6

Managing Servers and Farms

Chapter 7

Securing Your Farms

Chapter 9

Deploying Client Software to Users

Chapter 10

Making Information Available to Users

Chapter 11

Managing Users and Sessions

Chapter 12

Managing Printers for Clients

Welcome

Accessing Documentation

New Features of MetaFrame Presentation Server

Citrix Document Center

Simplified Licensing for MetaFrame Access Suite

Products

Management Console for MetaFrame Access Suite

Enhanced Support for Large Farms

Zone Preference and Failover

Extended Policies

Enhanced Delegated Administration

Digital Dictation Support

Enhanced Multimedia Support

SpeedScreen Multimedia Acceleration

SpeedScreen Flash Acceleration

SpeedScreen Image Acceleration

Enhanced User Experience

Improved User Logon

Session Reliability

Workspace Control

Ability to Hide Disabled Applications

Dynamic Session Reconfiguration

Enhancements to MetaFrame Presentation Server

Client for 32-bit Windows

MetaFrame Presentation Server Client Packager

Enhanced Security with Pass-Through Authentication (Kerberos

Logon)

Compatibility with Asian Language Web Servers

Extended Unicode Keyboard Support

Program Neighborhood Agent Enhancements

Basic Support for Remote Desktop Connection Software

Feature Name Changes Since MetaFrame XP

Designing Server Farms

Overview of Server Farms

Independent Management Architecture (IMA)

Independent Computing Architecture (ICA)

Centralizing or Distributing Servers

Deciding How Many Farms to Deploy

Configuring Zones and Data Collectors

Zone Data Collectors

Sizing Zones

Configuring Data Collectors for Large Zones

Configuring the Election of Zone Data Collectors

Dedicating a Server as Zone Data Collector

Directing User Connections to Preferred Zones

Setting Connection Order for Zones

Configuring the Zone Preference and Failover Rule

Server Farm Deployment Scenarios

Small Farm – Central Location

Large Farm – Central Location

Small Farm – Distributed Sites

Small Farm – Remote Sites

Large Farm – Multiple Data Centers

Large Farm – Regional Sites