SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004 Windows Remote Access Solutions Citrix – VPN/PPTP – Allows access to a full Windows desktop and/or various applications Provides encrypted.
Download ReportTranscript SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004 Windows Remote Access Solutions Citrix – VPN/PPTP – Allows access to a full Windows desktop and/or various applications Provides encrypted.
SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004 Windows Remote Access Solutions Citrix – VPN/PPTP – Allows access to a full Windows desktop and/or various applications Provides encrypted tunnel between remote system and SLAC internal network Remote Desktop Protocol – Unencrypted access to Windows XP system Requires use of VPN before using RDP File Access Citrix provides access to all internal resources to which you have permissions VPN access available to central Windows file servers No longer allowing access to Windows file sharing to desktops via VPN E-mail Microsoft Outlook access available via several mechanisms – – Citrix (full thick client access) Outlook Web Access (OWA), new version coming with Exchange 2003 migration this summer – Old version https://www-mail.slac.stanford.edu New version coming soon VPN and use of Outlook thick client Citrix XPe April 2004 - Finished rollout of Citrix XPe farm – – – Farm running Windows 2000 with Citrix XPe Support for Windows Systems and Linux (private build to support Secure ICA over SSL) 900+ accounts May 2004 - Shutdown Citrix Metraframe 1.8 farm – Farm ran Windows NT TSE with Citrix Metaframe 1.8 Secured Communication Protocols 128-bit SSL encryption. – – Citrix SSL Relay Service. – Initial communication between Web Portal servers (Citrix MetaFrame NFuse) & client. Subsequent communication between Application servers (Citrix MetaFrame Presentation server) & client. Server-to-server communication. Citrix Secure ICA - RSA RC5 128-bit encryption. – – ICA session between Application servers & client. Enforceable to client as minimum requirement. Redundancy within Citrix Servers 2 Citrix NFuse Web Portal servers. – – http://slaccitrix1.slac.stanford.edu http://slaccitrix2.slac.stanford.edu 2 Independent Management Architecture (IMA) Citrix Control servers. N+2 Citrix Presentation servers in excess of peak capacity in Silo-1 (General Apps). N+2 Citrix Presentation servers in excess of peak capacity in Silo-2 (Restricted Apps). 2 Silo’s Silo 1 – The purpose of the Silo1 servers is to provide access to the common set of applications to all SLAC Citrix users. Silo 2 – The purpose of Silo2 is to provide metered access to applications with certain licensing restrictions. For example: Certain applications are only licensed to be run by members of certain SLAC departments. Other applications are only licensed to be executed by a limited number of concurrent users. Server Configuration Web Portal Servers – Citrix SSL Relay – – – – – – – – – – The data collectors manage server farm dynamic data and client enumeration/resolution. MetaFrame XP server farm administrator permissions Citrix MetaFrame XP product licenses MetaFrame server configuration settings Published application configuration settings Application load balancing configuration settings Printer management information settings MetaFrame XP server farm policies MetaFrame Resource Manager configuration settings Citrix Installation Manager settings MS SQL Server – The Citrix SSL Relay is a service that runs on the MetaFrame XP servers and secures communications between the Web portal servers, the IMA servers, the MetaFrame XP application servers and ICA client PCs. IMA Servers (Data Collectors) – The Web servers host the Web Interface for Citrix MetaFrame XP. The Web interface consists of Java objects and Web server-side scripts that reside on the web servers. Data store for IMA servers WTS Licensing Server – The WTS Licensing service on the AD domain controllers is responsible for providing WTS licensing tokens for WTS clients (including ICA client PCs). SLAC Citrix XP Server Farm MetaFrame XP Application Servers Border Router ... ... 4 1 2 3 slacwtsxp01 slacwtsxp02 slacwtsxp03 10 slacwtsxp15 User Home Directories & Roaming Profile Storage ZWINSANs ICA Client 3 Web Browser 2 TS Licensing Server AD DCs 1 NFuse Web Server wtsxpportal1 C l i e n t PC 3 2 IMA Server slacwtsima01 2 1 IMA Data Store SQL Server MSSQL1 2 NFuse Web Server wtsxpportal2 Internet IMA Server slacwtsima02 SLAC LAN Updated 11/26/03 SLAC WTS XP Server Farm -- Two-Silo, Two-Tier Model Silo-2: Restricted & Metered Applications Silo-1: User Desktop Sessions and Common Applications Silo1 Staging Server SLACWTSXP01 Access controlles seamless apps only, No desktops published from Silo2 One load-balanced published desktop for all SLAC WTS users SLACWTSXP02 SLACWTSXP03 SLACWTSXP04 SLACWTSXP05 SLACWTSXP06 SLACWTSXP07 SLACWTSXP08 SLACWTSXP09 Silo1production image: S1_Vn Silo2 Release Candidate image: S2Vn+1 Silo1 Release Candidate image: S1Vn+1 Web Portal WTSXPPORTAL1 WTSXPPORTAL2 Separate images for rapid recovery Farm Control Servers SLACWTSIMA01 SLACWTSIMA02 Separate images for rapid recovery SLACWTSXP10 SLACWTSXP11 SLACWTSXP12 Silo2 production image: S2_Vn SQL 2000 Database Server MSSQL1 WTS XP Server Farm Data Store Database Updated: 11-21-03 CITRIX DEMO