Integrating Novell and Citrix Technology

Download Report

Transcript Integrating Novell and Citrix Technology

Integrating Novell and
Citrix Technology
David Shepherd
Technical Specialist
Novell Consulting
Russel Wilkinson
Enterprise Pre-Sales Consultant
Citrix
Introduction
Introduction
Citrix and Novell
•
•
•
•
•
•
•
•
•
3
Introduction to Citrix Technology
ZENworks® for Desktops 4.01 and its limitations
with Citrix MetaFrame Presentation Server FR3
Deployment of an Integrated Novell and Citrix
Solution
iPrint – site based Printing
Novell and Citrix Web Interface Integration
Nsure™ Identity Manager (DirXML®) and Citrix
Third Party Products
Future Developments
Conclusions
© March 7, 2004 Novell Inc.
Introduction to Citrix Technology
Introduction to Citrix Technology
Anytime
Anywhere
The
On-Demand
Enterprise
any device
5
© March 7, 2004 Novell Inc.
any connection
Citrix
Makes the On-Demand Enterprise Possible
Infrastructure for the on-demand enterprise
6
© March 7, 2004 Novell Inc.
Access Infrastructure
Enables the Use of Enterprise Information
USERS
7
© March 7, 2004 Novell Inc.
Access
Infrastructure
INFORMATION
Access Infrastructure
Manage
8
© March 7, 2004 Novell Inc.
Display
Organize
Protect
USERS
Deliver
Must Have 5 Key Building Blocks to be Complete
INFORMATION
Citrix Access Infrastructure…
Allows IT services to be offered as a computing utility…
On-Demand Enterprise
SAP
MetaFrame
Access
Suite
Siebel
Custom App
Office
Web
Any Device
Any Network
9
© March 7, 2004 Novell Inc.
Secure
Easy
Instant
Any Application
Similar to
Cable Entertainment Providers
On-Demand Entertainment
CNN
HBO
ESPN
TNT
PPV
Any TV
Any Network
10
© March 7, 2004 Novell Inc.
Secure
Easy
Instant
Any Show
Any Program
The Citrix MetaFrame Access Suite is…
…the most complete access infrastructure available
Conferencing
Manager
USERS
MetaFrame
Access
Suite
Password
Manager
Secure Access
Manager
INFORMATION
Presentation
Server
Any Device
Any Network
11
© March 7, 2004 Novell Inc.
Secure
Easy
Instant
Any Application
Citrix MetaFrame Presentation
Server FR3 Features
eDirectory™ Authentication Support
Full eDirectory authentication is available from ….
13
•
Citrix Management Console
•
Program Neighborhood Agent
•
Program Neighborhood
•
Web Interface 2.0
© March 7, 2004 Novell Inc.
CMC Enhancements
Improving the user experience for the Administrators
•
Improved navigation
–
Total counts of objects
–
Quick navigation to an item
–
–
14
“Details” view persists through multiple
CMC sessions
Launch an ICA session to a server desktop from
the CMC
© March 7, 2004 Novell Inc.
CMC Enhancements
Farm Summary screen
ICA Keep-alives setting
New Properties viewer
Support for Sun JRE
1.4
15
© March 7, 2004 Novell Inc.
(cont.)
Citrix Universal Print Driver II
Extending UPD to include color and higher resolution
•
•
16
HP LaserJet 4500 Driver
PCL5c engine including
HPGL/2 support
•
Client-side rasterizer
•
Up to 600 dpi
© March 7, 2004 Novell Inc.
SpeedScreen Browser Acceleration
Improving the user experience when browsing
HTML content.
•
Background image delivery
•
Progressive drawing of JPEG images
•
Responsive scrolling
•
JPEG image recompression
•
17
Supported applications: Internet Explorer,
Outlook and Outlook Express
© March 7, 2004 Novell Inc.
SpeedScreen Browser Acceleration
Transport
Protocol
18
© March 7, 2004 Novell Inc.
ICA
SpeedScreen Browser Acceleration
ICA Display
Client Drive Mapping
Transport
Protocol
ICA
Client Printer Mapping
Client LPT Port Mapping
Downstream Audio
Background Image Delivery
19
© March 7, 2004 Novell Inc.
New
Channel
Improved Browsing with SpeedScreen
Pre SpeedScreen
20
•
Scrolling up and down was slow and un-responsive
•
Images were rendered multiple times causing delays
•
A slow connection to the server affected performance
© March 7, 2004 Novell Inc.
Improved Browsing with SpeedScreen
With SpeedScreen
•
•
•
•
Scrolling in a web browser is fast and responsive
Raw image data is transferred directly to the
client device
Sizes of images can be reduced, at the expense
of quality
Works with applications that use MSHTL to
handle images:
–
21
IE, Outlook, and Outlook Express
© March 7, 2004 Novell Inc.
Win32 ICA Client Version 7.0
Auto Client Reconnect enhancements
New ActiveX Web Client
•
Thin version
•
Full version
Certificate Revocation List checking
22
© March 7, 2004 Novell Inc.
Citrix Java ICA Client 7.0
Seamless support with Session Sharing
Improved Client Drive Mapping Performance
Improved Client Printer Mapping Performance
Enhanced XML Error messages
Content Redirection (Server-to-client)
Support for INS files - proxy auto-config (PAC)
Updated SSL library for smaller cab file size
23
© March 7, 2004 Novell Inc.
Web Interface
Integrating Project Columbia Features and
Providing Higher Security
•
Multi-Farm Support with Single Set of Credentials
•
Simplified domain login selection
•
FIPS 140 support
•
•
•
24
Multi-Site Support on single web server (For JSP
version only)
JavaScript Proxy Auto Configuration for the Java
ICA Client
Private Certificate Authority support with the Java
ICA Client
© March 7, 2004 Novell Inc.
ZENworks for Desktops 4.01
and its Limitations with Citrix MetaFrame
Presentation Server FR3
ZENworks for Desktops 4.01
and issues with Citrix Metaframe Presentation Server FR3
Good option for Terminal Server only deployments
Issues with Citrix Metaframe Presentation Server
No support for Citrix Load Balancing. Product has its
own load balancing service but not as functional as the
Citrix native service
Limited/No Support for Citrix Secure Gateway. With
V1.0 of CSG relay mode was supported. However V2.0 of
CSG no longer uses relay mode
26
© March 7, 2004 Novell Inc.
Deployment of an Integrated Solution
Novell and Citrix
To go MAD or Not?
Deployment of Active Directory as part of the Citrix Farm
is purely an application related question.
•
•
28
Do the applications presented by the farm require Active
directory (eg. Exchange 2000)?
If not then no requirement exists to deploy Active
Directory since the Farm can be deployed with eDirectory
with no less functionality than an Active Directory based
farm.
© March 7, 2004 Novell Inc.
Aims of the Integrated Solution
Citrix Servers deployed with no AD Forest or NT Domain
User Home Directory/Terminal Server profile on a
NetWare® 6.5 Server
User configuration and administration from
ConsoleOne®/iManager
Policies deployed from ZENworks for Desktops to manage Citrix
Use of iPrint to manage printing on the Citrix Servers
Applications presented through the ZENworks Nal/Myapps front
end with no difference to the user launching thin/thick apps
Full support for Citrix Load Balancing and Secure Gateway
29
© March 7, 2004 Novell Inc.
Software components of the solution
Software required
•
Novell NetWare 6.5
•
Novell Secure Login 3.5
•
Novell ZENworks for Desktops 4.01
•
Microsoft Windows 2000 SP3
•
30
Citrix Metaframe Presentation Server
FR3
•
Citrix Web Interface
•
Citrix Secure Gateway V2.0
© March 7, 2004 Novell Inc.
Architecture
of the Demonstration System
31
Citrix Metaframe PS FR3
Citrix Web Interface Server
Windows 2000 Server SP3
Novell iPrint Agent
ZENworks 4.01 MA
Windows 2000 Server SP3
Novell Client 4.9
ZENworks Middle Tier Server
Citrix Secure Gateway v2.0
Citrix Secure Ticketing Agent
NetWare 6.5 Server
Client System
Runs the directory and provides authentication
Holds the users home directory and profile
Runs the network printers via iPrint
Runs the server portion of Secure Login 3.5
Windows NT (XP/2000)
Secure Login 3.5 Client
Novell Client 4.9
© March 7, 2004 Novell Inc.
Installation of the Terminal Server
Installation Order
32
1
Installation of operating system (Windows 2000 SP3)
2
Installation of the Novell Client™ (4.9 SP1A)
3
Installation of the iPrint Agent
4
Installation of the ZENworks Desktops Management Agent
5
Installation of Citrix Metaframe Presentation Server FR3
6
Application of outstanding service packs
© March 7, 2004 Novell Inc.
Installation of the Operating System
Microsoft Windows 2000 SP3 plus hotfixes
•
Issues with SP4 due to performance
•
Apply SP3 plus hotfixes
•
Install server as Workgroup Server
•
•
•
•
33
Install Terminal Server option plus Licensing Server
(If first server in farm)
Only install required protocols, do not use IPX unless
required
Upgrade Web Browser to Internet Explorer 6.0 plus
latest security patches
Configure DNS resolution
© March 7, 2004 Novell Inc.
Installation of the Novell Client
Novell Client
•
•
•
•
•
•
•
•
•
34
4.90 Service Pack 1 A plus hotfixes
Change user install/execute command
before
installation
DO NOT INSTALL THE NETIDENTITY AGENT
Disable NMAS™ Authentication
Contextless Login – works reliably with SP1a
Change the default location profile – turn off saves
Disable unused name resolution methods
Enter a static configuration for the SLP DA
See www.ithowto.com/novell/clientspeed.htm for
additional config options
© March 7, 2004 Novell Inc.
Installation
of Citrix Metaframe Presentation Server FR3
Metaframe Installation
The install detects the Novell Client and makes the
following registry changes:
•
HKLM\Software\Microsoft\WindowsNT\Current\Version\WinLogon
•
Value=GinaDLL
•
HKLM\Software\Microsoft\WindowsNT\Current\Version\WinLogon
•
Value=CTXGINA.DLL Type=REG_SZ Data=NWGINA.DLL
Type=REG_SZ
Data=CTXGINA.DLL
Adds a Citrix GINA to the Server to enhance the information that
Citrix Metaframe can send to the Novell Client
35
© March 7, 2004 Novell Inc.
Installation of Citrix Metaframe FR3
(cont.)
Novell Client can be installed after Metaframe
but manual registry changes are required
36
© March 7, 2004 Novell Inc.
Citrix Metaframe
Presentation Server Configuration
37
© March 7, 2004 Novell Inc.
Installation
of the ZENworks Desktop Management Agent
Functionality Required
•
•
•
38
Application of MS Group Policies held in eDirectory
Dynamic Local User to allow management of users without
Active Directory or NT4 Domain
The application of a policy to set the Terminal Server
home and profile directories as locations in the NetWare
File System
© March 7, 2004 Novell Inc.
Installation of the Management Agent
(cont.)
DO NOT install the Remote Management option
39
© March 7, 2004 Novell Inc.
Installation of the iPrint Agent
iPrint Agent Considerations
•
Run CHANGE USER /INSTALL before install
•
Use the latest available code (NIPP.exe)
•
Run CHANGE USER /execute after install
•
Configure all printers as user printers for Citrix Servers
iPrint Issues on a Citrix Server
40
•
ICAPTURE command does not work
•
No automatic auto-update of the iPrint Agent
© March 7, 2004 Novell Inc.
Configuration
of ZENworks for Desktops 4.01 Policies
The following ZENworks Policies need to be configured
as part of the User Policy Package:
Dynamic Local User Policy
iPrint Policy
Windows Group Policy
Windows Terminal Server Policy
41
© March 7, 2004 Novell Inc.
Dynamic Local User Policy
42
© March 7, 2004 Novell Inc.
iPrint Policy
43
© March 7, 2004 Novell Inc.
iPrint Policy Issues
Sometimes does not apply consistently
IPRNTCMD from the login script or APP object
44
© March 7, 2004 Novell Inc.
Windows Group Policy
45
© March 7, 2004 Novell Inc.
Windows Group Policy...
46
© March 7, 2004 Novell Inc.
Window Terminal Server Policy
47
© March 7, 2004 Novell Inc.
Windows Terminal Server Policy ...
48
© March 7, 2004 Novell Inc.
Assignment of Policy Packages
ZENworks for Desktops 4.01 allows the assignment of
policies by the authenticated operating system. Different
policies supported for the following OS types:
•
Windows 98
•
Windows 2000
•
Windows 2000 Server
•
Windows XP
•
Windows 2000 Terminal Services
Allows a user to have one policy package for client access
and one for Citrix Access
49
© March 7, 2004 Novell Inc.
iPrint
Site based Printing
Location Dependant Printer Assignment
As a user authenticates to the Citrix Server a printer
relevant to the users current location is deployed.
•
•
•
51
This printer is configured as the users default printer until
the user authenticates from another site. Site in the
context of this section is a range of IP Addresses within a
companies infrastructure either internal or external.
This process purely occurs within the Citrix Session.
This printer is transparently removed when the user
changes site.
© March 7, 2004 Novell Inc.
Location Dependant Printer Assignment
Capabilities
iPrint can allow printers to be deployed by the client
devices IP Address.
This allows a local printer to follow a user around from
site to site.
•
Printer is assigned within the Citrix Session.
•
iPrint deploys the driver to the Citrix Server.
•
No changes to the Client Device
•
Process is completely transparent to the user.
•
52
Printer is assigned by comparing the client devices IP
Address to see if it belongs to a particular sites subnet.
© March 7, 2004 Novell Inc.
How the Printer Is Delivered?
Runs from the Novell Login Script.
map ins s1:=sys:public
if <SESSIONNAME> <>"" THEN
#prnselect.cmd
#wscript c:\icaclientinfo\readreg.vbs
END
pause
Exit
53
© March 7, 2004 Novell Inc.
How the Login Script Works
Only runs when authenticating through a Citrix Session by the
use of the %SESSIONNAME% env variable.
•
•
PRNSELECT.CMD – Removes the previous site printer and then
uses ICACLIENTINFO util to set env variable to client devices IP
Address. The batch file then runs the SEVICA utility that reads
the client IP Address and compares it to a table and sets an
enviroment variable in accordance with the subnet that the
client IP Address belongs to.
READREG.VBS – Reads the enviroment variable from the registery
and executes the IPRNTCMD command with the correct
parameters to setup the printer for the session.
If no match is found then the env variable is set to NOTFOUND
and no printer assignment is done.
54
© March 7, 2004 Novell Inc.
Novell and Citrix
Web Interface Integration
ZENworks for Desktops 4.01
and Web Interface Integration
How to launch a thin client application from the
Nal/Myapps front end
•
•
•
Configuration of Web Interface
Configuration of ZENworks for Desktops
Application Objects
ASP Pages to Allow Application Launch
–
Two additional ASP pages on the Web Interface Server
–
Secure Login and script to provide SSO
–
56
ZENworks Application objects configuration to launch Citrix
Published APPS
© March 7, 2004 Novell Inc.
Configuration of Web Interface
57
© March 7, 2004 Novell Inc.
ZENworks for Desktops
Configuration of Application Objects
Create a Template ZENworks Application Object
•
Allows the easy creation of other applications
Create an Application Object based on the template
•
Object configured with a Web URL
–
–
–
58
http:\\nfuse-srv.nwcon.com\examples\login_test.asp
?app=%app%
%app% refers to an app macro set to the name of the
Citrix Published APP. This macro is set on an APP by
APP basis
The URL launches one of the two ASP custom pages
© March 7, 2004 Novell Inc.
Configuration of Secure Login
Secure Login Script auto fills the asp form with the users
desktop credentials when the form appears. The form is
presented by the LOGIN_TEST.asp page called by the
application
Secure Login Script
–
Type ?sysuser #1
–
Type ?syspassword #2
–
Click #1
The LOGIN_TEST.asp closes automatically when the form is
filled
59
© March 7, 2004 Novell Inc.
Configuration of Launch_1.asp Page
Secure Login fills the LOGIN_TEST.asp page form and
submits the form
LAUNCH_1.asp page is called with the following
parameters:
Username
Password
Citrix Published Application Name
Page renders the ICA file and returns it to the browser
Browse launches the app referred to by the ICA file
60
© March 7, 2004 Novell Inc.
Capabilities
Full Support for Citrix Secure Gateway V2
Full Support for Citrix Load Balancing
Allows the launching of a Citrix Published app from a
NAL/MYAPPS interface
User launches the app from one interface and does not need to
know whether app is 'thin' or 'fat'
Allows failover of local apps to thin client if the local app fails
to launch
Does not interfere change the admin utilities of either the Citrix
or Novell environments
Management and Configuration of 'User' Printers via iPrint
61
© March 7, 2004 Novell Inc.
Nsure Identity Manager 2
(DirXML) and Citrix
General Issues
Corporate NDS®/eDirectory Implementations and
Citrix
Newer versions of the directory required for integration
with Citrix Metaframe XP. Corporate Trees may be older
versions with few windows available to upgrade the
infrastructure
Tree Structures tend to be heavily hierarchical with
geographically dispersed sites and possible low
WAN bandwidth
Citrix Farms tend to be based at one geographical
location
No capability to apply different ZENworks for Desktops
Policies and applications dependent on a user accessing
the Citrix Farm from the Internet than the internal LAN
63
© March 7, 2004 Novell Inc.
Citrix Tree
synced to the Corporate Tree via Identity Manager
DirXML Link Between Trees
Corp
Tree
Andover
Newcastle
Citrix
Tree
Woolsbridge
External
Resources
IS
User 1
User 2
Printer
Server
Corporate Tree
64
© March 7, 2004 Novell Inc.
User 1
User 2
User 3
Citrix Tree
Capabilities of the Solution
Corporate Tree can be an older version of the
Novell Directory
All user information including passwords is
synchronized by Identity Manager
Citrix Tree is based at one location and can be
managed separately to the Corporate Tree
Only one port required to be open (SSL) between
Corp and the Citrix Tree
iPrint in the Citrix Tree can be pointed at printers
currently connected to the Corp Tree via LPR/LPD
Hierarchical structure in the Corp Tree can be
mapped to a flatter structure in the Citrix Tree
65
Users can still map drives to the Corp Tree
© March 7, 2004 Novell Inc.
Using Nsure Identity Manager 2
within a Single Tree
Allows the use of 'EXTERNAL' and 'INTERNAL' Organization
objects
•
O=INTERNAL represents the hierarchical Corporate Tree. Users
access the Citrix Farm from a Citrix Client install on their
desktop. ZENworks for Desktops 4.01 policies and APPS
represent the internal enviroment.
•
O=EXTERNAL represents a flat container for external access
from the INTERNET via Citrix Web Interface. Policies and Apps
represent tighter security due to the insecure nature of the
access. The O=EXTERNAL container contains copies of user
objects from the O=INTERNAL section of the Tree but the
policies enforce a tighter security level.
66
© March 7, 2004 Novell Inc.
Capabilities of the Solution
Nsure Identity Manager syncronises user
objects from the INTERNAL section of the
tree to the EXTERNAL section of the same Tree.
•
•
•
•
67
Users managed within the INTERNAL container
Only users that meet preset conditions are copied to
the EXTERNAL container. (eg. Group Membership)
Web Interface is configured just to look at the
EXTERNAL Container and downwards
Web Interface not available from inside the
Company Firewall
© March 7, 2004 Novell Inc.
Citrix, Novell and Linux
Citrix MetaFrame Presentation Server
and SUSE Linux
69
© March 7, 2004 Novell Inc.
Linux Desktops and Citrix
Citrix MetaFrame Presentation Server Supports
most Linux flavours as a client.
•
•
•
•
70
Web Interface supports Mozilla and Netscape on Linux
Citrix supports both a Linux native client and a Java Client
deployed from the Web Browser.
Allows the deployment of WIN32 apps from a Linux
enviroment.
Allows the deployment of WIN32 apps that have not yet
been ported to a Linux Platform.
© March 7, 2004 Novell Inc.
Demonstration
Third Party Products
Third Party Products
Centralis
AXE 2.0 ZENworks Application Processing Tool
Q3 2003
AXE 2.0 Citrix Pack
Q2 2004
Synapp
73
IMA-eDir DirXML based synch
© March 7, 2004 Novell Inc.
Beta
Centralis AXE 2.0 Citrix Pack
Key Features
Simplify
•
Take application snAppShots reliably on Citrix MetaFrame servers
Clean the snAppShot, removing the many unnecessary entries
•
Separate out the user portion for a separate install if required
•
Standardize
•
Populate the Citrix published app with information from the AXE
application object, including title, command line etc.
•
Automatically fill in your Citrix published app preferences from global
settings, including Color Depth, Windows Size and Encryption Level
Centralize
74
•
Automatically assign user rights to the Citrix published app from the AXE
application object or allocate them from eDirectory or Domain
•
Allow the administrator to use either the application executable or a NAL
command line to launch the application
•
Create or update both the ZENworks application object and the Citrix
published application in a single operation
© March 7, 2004 Novell Inc.
Centralis AXE 2.0 Citrix Pack
75
© March 7, 2004 Novell Inc.
Centralis Contact Information
Web site
www.centralis.co.uk
Software
www.centralis.co.uk/download
76
© March 7, 2004 Novell Inc.
Demonstration
Future Developments
Future Developments
ZENworks 6.5 Desktop Management
The next version of ZENworks for Desktops
iChain®
Using iChain as a secure proxy for ICA traffic
79
© March 7, 2004 Novell Inc.
In Conclusion
Conclusion
Citrix and Novell when properly integrated provide
a rich, manageable and scalable solution beyond
the capabilities that either environment can
provide in isolation.
81
© March 7, 2004 Novell Inc.
Any Questions?
Contact Information
[email protected]
[email protected]
Useful Links
Citrix Integration Methodology:
www.novell.com/coolsolutions/features/a_citrix_methodology.html
Novell Client Documentation:
www.ithowto.com/novell/clientspeed.htm
Citrix Web Interface Documentation
Citrix Consulting Novell Integration Paper
www.thinplanet.net
www.thethin.net
82
© March 7, 2004 Novell Inc.
General Disclaimer
This document is not to be construed as a promise by any participating company to
develop, deliver, or market a product. Novell, Inc., makes no representations or
warranties with respect to the contents of this document, and specifically disclaims any
express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this document and to make changes to its
content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered
trademarks of Novell, Inc. in the United States and other countries. All third-party
trademarks are the property of their respective owners.
No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior
written consent of Novell, Inc. Any use or exploitation of this work without authorization
could subject the perpetrator to criminal and civil liability.